|
SNS the truly true way.
Recently I posted evidence that you were given the sandcastle code's in Banjo-Tooie, used them in BK to open secret area's and collect items, then Cold-Swap(while power off) back to Banjo-Tooie to recieve the secret item's in your inventory. I then posted that the only way this could be wrong is if any flag-data set by banjo-Tooie was somehow calculated together with the SNS data in EEPROM. You can read about that here:
http://www.rarewitchproject.com/foru...ad.php?t=15609 Note: I only have shark-food island raised here. Anyways, I have found what seems to confirm 100% that any data written to the sandcastle code on startup come's directly from EEPROM(save-chip on cart) without any additional calculations being done. Let's start with the evidence found in the Assembly code that write's to the SNS Address. Code:
8026Fc04 LWR T9, 0x0007(T6) `Loads sns value from 8026CFC8 BEQ R0, R0, 0x8026CFE0Okay good, so we have our SNS Variable sitting in memory at 8026FC05. But let's see what happens before it was written to that spot in memory... http://i177.photobucket.com/albums/w...123/SnsAsm.jpg So look at the command that the arrow is pointing to. This is the last command called before the SNS value is written to the SNS Address. Now if you don't understand ASM that command is telling the system to store the value in T9(0x1fc007c0) to address T0+0x4(0xA4800004). Now, 0xA4800004 sure isn't an address in RAM. I believe it is an address in the tiny SPMEM. Anyway's the point here is that apparently the SNS Value doesn't appear to be loaded from RAM. If that's the case, then it has to be loaded directly from EEPROM -> 0x8026CFC8 in RAM. Leaving little question of any Flag data being calculated with that value. However if Subdrag, Icemario, or Coolboyman had a quick look(just to be safe) that would be great. Evidence 2: If you try to change the initial value written to the SNS Address, the code will revert to 0 meaning that you wouldn't have any of the areas unlocked or items collected. This tells me two things. One, that there is some sort of Checksum which means that if the SNS Value being written to RAM isn't the same as the data in EEPROM, then the N64 flags that data as corrupt and clears it from RAM and EEPROM. Two, it would probably be impossible for flag data to combine with EEPROM because it would fail the checksum by having the new data differ from the data found in EEPROM. Evidence 3: Finally, I have figured out where SNS data is stored to in the EEPROM file. First, take a look at this picture: http://i177.photobucket.com/albums/w.../SnsEEprom.jpg The addresses I'm showing here can be found in the EEPROM file (.sav in nemu). I'm showing two different instances here, the top image show's SNS data with Sharkfood Island Raised, and bottom shows both sharkfood island raised and pink sns egg collected. The green value is our SNS variable and it appears the same as it does in RAM. More importantly, in the red is our check-sum values. Again, the SNS Value will need to match the Check-sum values or the check-sum will fail and all SNS data will be deleted. Also, I can confirm that the flag data set by Banjo-Kazooie(starts at 0x803fff00 in ram) uses the same type of check-sum value technique. That way, Banjo-Tooie wouldn't use any corrupt flag data on startup. So there you have it, I'm pretty much confirming it as 99.9% fact that Stop N Swop was only a One-way swap process. Now Rare just needs to admit it :p . Here is how it truly worked: 1)Obtain sandcastle codes in BT 2)Enter Code in BK, open secret area 3)Collect secret Item 4)Cold-swap with Banjo-Tooie which would utilize BK flag data. 5)Have item's in inventory. If I'm correct, then we should finally have all the info we need to successfully re-create our own version of Stop-N-Swop. The only problem is, we would need some type of re-writable N64 cartridge to store a patched version of Banjo-Tooie on. I don't know a great deal of rom-hacking but if someone can make a four-player ocarina of time patch, then it's possible for someone to patch Banjo-Tooie to read and utilize flag data set by Banjo-Kazooie, I'm just not sure how possible :p |
But is there enough SNS code left in Banjo-Tooie for it to pick up the items from B-K?
|
Quote:
|
...
could someone dumb down what he said for me so I can understand it better? I somehow managed to read the whole thing and am really confused. Something about just swapping from BK to BT and not vice versa, but that's all I could understand. |
There is no chance that "Flag data"(see Rare's data sharing patent) could be written to the SNS address(this is the code you use to have all sns items) without data in the EEPROM (this is the save chip on your n64 cart. Everytime you save your game data is written here, don't confuse with memory card.) overwriting it.
|
...nice job, runehero! ^_^
|
Quote:
|
Quote:
and it's all backed up in patent. Quote:
Quote:
Quote:
|
Cold swapping uses the memory pak, right?
|
no, cold swap is have BK in, turn off N64, take BK out and put BT in, turn back on
as oppose to a hot swap, which is have BK in, leave N64 on and take BK out, and but BT in so hot swap means swap carts while on, cold means swap carts while off |
Surely in order to do that you just need some overwritable ROM for it? And i'm pretty sure it's fairly easy to get hold of, since people use it all the time for custom computers and such.
But would it be the same spec as the N64? I'm not sure, i've never ripped open any of my carts to look inside, since all my N64 games are good. If I can find a cheap cruddy N64 game i'll probably have a look. |
GREAT WORK!
I have question. When and where we would cold swapping? Just after collecting SNS item or in area that exist in BT too like Banjo House,Spiral Mountain or entrance in Grunty's Lair? Quote:
For me(based on slaphappy's theory and Gregg's response) it looks like that small part of SNS still exist and can activate Bottles' Revenge in Banjo-Tooie. I have pre-1999 Nintendo 64 so Stop 'N' Swop would be possible on my system.I will test some ideas... |
Quote:
|
Quote:
|
Sorry...my mistake.Bad post was removed...
Rune said that he will test some BT's stuffs so i hope so that he will back with great news. |
... anyway, this seems very logical and legit to me. Well done once again. Obviously Stop N Swop wasn't going to be as complicated as everyone thought.
P.S. Love the title. "Truty true" hahaha |
yeah that makes sense. good job rune
|
Good work :).
What else do I need to say? |
Congrats, this sounds quite possible. Good job. :cool:
|
I normally wouldn't have bumped this, but Rune put this in an index page.
This is an interesting idea with excellent research and findings. It immediately raised a question in my mind though, one oddity about BK that would tend to favor memory swopping bidirectionally as opposed to a one way swop. Why does entering a code in BK put the open secret area in all 3 game saves? If the one way swop is as you described, there is no reason to do that. To enter a code, you are already in a specific game save, so just save the info to that specific save. On the other hand, if the info was transferred via memory that is set in BT, and it was recognized on the start of BK execution, it would make sense to store it in all game saves. There is no way to know which game save the player will select, so it must be exposed in all three, which is what we see was implemented. |
So this is the discovery?
Absolutely awesome work. Is there any known purpose of the eggs and key in Banjo Kazooie? I mean, what it could have unlocked in the previous game? Or did it load something in Banjo Tooie? And it just makes you laugh at people who thought Stop 'n' Swop was really complicated ;) And i also have a pre 1999 Nintendo 64. I really wish i could wipe the Stop 'n' Swop items off of my Banjo Kazooie cart though. |
Quote:
|
1 Attachment(s)
Quote:
The prizes in BT would probably be global as well, meaning you could use Dragon Kazooie in every file. Now, there is a small chance I could be wrong. As I've said in my discovery, it's not possible for BK to read any flag data to BT AFTER the data from EEPROM overwrites the Sandcastle Address. However, there is a slight chance that BK reads the flag data from BT first, writes the data to EEPROM, and then stores the data back to RAM. <Read Flag Data> <Save new data to EEPROM> <Store new SNS data in RAM> The question is however, where would BK read that flag information from? I've done a break-point read on all the addresses where BK sets flag data for BT to access. However, none of them are read on boot-up. Now, let's get to Dragons Quote: Quote:
What I have actually done is to track all activity from Banjo-Kazooie to the Mempak using an input plugin that I modified. Now I could see which Addresses the game was Reading from in the Mempak. Basically, what I got is that it was checking for Game Note data(a.k.a Game save files)(see attachment below). Why? That's what I'm trying to find out through ASM. It also seems to do this before reading(SNS) data from the EEPROM. Which makes it a possibility that BK is indeed looking for a file containing SNS data in the Mempak(don't get your hopes up just yet, Goldeneye also accesses the Mempak on boot-up). The cool thing is, Address 8026CFA8 in the pic below is the address which causes Reads/Writes to the Mempak to occur. Pretty close to the address which loads the SNS data from EEPROM. http://i177.photobucket.com/albums/w...123/SnsAsm.jpg Look at the data that the registers at those commands are loading: 0xA4800000 = Mempak 0xA4800004 = EEprom ^This is probably going to be difficult trying to figure out what BK wants to load (if anything) from Game Save/Note data in the Mempak. The address where Read/Writes to the Mempak occur in the ASM is a good place for me to start though... Sorry if some people didn't understand what I just said, it's hacking/programming talk. |
Quote:
...I'm looking at you, slaphappy... Sorry rune, i got confused with dates ;) Can't wait for your next discovery. This one is interesting still :) |
Quote:
|
Quote:
|
bump. please continue!
|
you no need to bump the topics
well only two question 1.-this is real or is a joke? 2.-how i know if my N64 is from 1998,1997 or 1996 |
Quote:
Lets bash his grammar! Its 'You don't need to bump the topics.' and 'I have two questions 1. Is this real or is it a joke? and 2. How do i know if my N64 is from 1997, 1998, or 1999?' Anyways, nice job rune! What will you get into next? |
Quote:
|
Quote:
|
Quote:
|
Sorry guys, been busy working on stuff for the future BK level editor. Haven't had time to get back into researching the mempak stuff yet.
If anything new comes up, I'd let you guys know. ;) |
Please learn how to use apostrophes.
|
Quote:
I've wanted a level editor for so long! |
Quote:
How else are these people meant to learn? |
Quote:
|
That is a valid point.
Let's all flame BanjoLover50! |
Quote:
BanjoLover50 sucks! Never flamed before... |
Quote:
Quote:
"code's in Banjo-Tooie" - Not a possessive noun. "open secret area's" - Same problem "on startup come's directly" - Not a contracted verb. "Anyway's the point" - Not a possessive, plural, or contraction. "show's SNS" - same as above. |
| All times are GMT. The time now is 09:59 AM. |
Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2024, vBulletin Solutions, Inc.