Rare Witch Roundtable Podcast
Go Back   The Rare Witch Project Forums > Gaming > Rare & Playtonic > Banjo Theories & Stop 'n' Swop

Banjo Theories & Stop 'n' Swop SNS? Bottle's Revenge? Share your thoughts on the mysteries of the Banjo series and discuss the new Stop 'n' Swop features in Nuts and Bolts and the XBLA games

 
 
Thread Tools
  #1  
Old 24th April 2008, 03:20 AM
runehero123's Avatar
runehero123 runehero123 is offline
DJ Jamjars
 
Join Date: Jan 2007
Location: Look behind you...
Total Awards: 1
INFECTED - B1K1 
SNS the truly true way.

Recently I posted evidence that you were given the sandcastle code's in Banjo-Tooie, used them in BK to open secret area's and collect items, then Cold-Swap(while power off) back to Banjo-Tooie to recieve the secret item's in your inventory. I then posted that the only way this could be wrong is if any flag-data set by banjo-Tooie was somehow calculated together with the SNS data in EEPROM. You can read about that here:

http://www.rarewitchproject.com/foru...ad.php?t=15609

Note: I only have shark-food island raised here.

Anyways, I have found what seems to confirm 100% that any data written to the sandcastle code on startup come's directly from EEPROM(save-chip on cart) without any additional calculations being done.

Let's start with the evidence found in the Assembly code that write's to the SNS Address.

Code:
8026Fc04 LWR T9, 0x0007(T6) `Loads sns value from 8026CFC8 BEQ R0, R0, 0x8026CFE0

80285da8. The opcode before this 8026FC00 LWL T9, 0x004(t6) also loads from this address.

8026FC08 SW T9, 0x004(T7) `Stores the sns value to address 0x8027BC2C

8026FC3C LBU T4, 0x002c(T4) `Loads the SNS VAlue from address 0x8027BC2C to register T4

8026FC40 SB T4, 0x0000(T5) `Stores the SNS value to sns address 0x80283400
If you don't understand Assembly language, then allow me to explain it clear and simple. This is all you need to know: "The SNS Variable is initially written to 8026FC05 in RAM(Random Access Memory)"

Okay good, so we have our SNS Variable sitting in memory at 8026FC05. But let's see what happens before it was written to that spot in memory...

http://i177.photobucket.com/albums/w...123/SnsAsm.jpg

So look at the command that the arrow is pointing to. This is the last command called before the SNS value is written to the SNS Address. Now if you don't understand ASM that command is telling the system to store the value in T9(0x1fc007c0) to address T0+0x4(0xA4800004).

Now, 0xA4800004 sure isn't an address in RAM. I believe it is an address in the tiny SPMEM. Anyway's the point here is that apparently the SNS Value doesn't appear to be loaded from RAM. If that's the case, then it has to be loaded directly from EEPROM -> 0x8026CFC8 in RAM. Leaving little question of any Flag data being calculated with that value.

However if Subdrag, Icemario, or Coolboyman had a quick look(just to be safe) that would be great.

Evidence 2:

If you try to change the initial value written to the SNS Address, the code will revert to 0 meaning that you wouldn't have any of the areas unlocked or items collected.

This tells me two things. One, that there is some sort of Checksum which means that if the SNS Value being written to RAM isn't the same as the data in EEPROM, then the N64 flags that data as corrupt and clears it from RAM and EEPROM. Two, it would probably be impossible for flag data to combine with EEPROM because it would fail the checksum by having the new data differ from the data found in EEPROM.

Evidence 3:

Finally, I have figured out where SNS data is stored to in the EEPROM file.

First, take a look at this picture:

http://i177.photobucket.com/albums/w.../SnsEEprom.jpg

The addresses I'm showing here can be found in the EEPROM file (.sav in nemu). I'm showing two different instances here, the top image show's SNS data with Sharkfood Island Raised, and bottom shows both sharkfood island raised and pink sns egg collected.

The green value is our SNS variable and it appears the same as it does in RAM. More importantly, in the red is our check-sum values. Again, the SNS Value will need to match the Check-sum values or the check-sum will fail and all SNS data will be deleted.

Also, I can confirm that the flag data set by Banjo-Kazooie(starts at 0x803fff00 in ram) uses the same type of check-sum value technique. That way, Banjo-Tooie wouldn't use any corrupt flag data on startup.

So there you have it, I'm pretty much confirming it as 99.9% fact that Stop N Swop was only a One-way swap process. Now Rare just needs to admit it .

Here is how it truly worked:

1)Obtain sandcastle codes in BT
2)Enter Code in BK, open secret area
3)Collect secret Item
4)Cold-swap with Banjo-Tooie which would utilize BK flag data.
5)Have item's in inventory.

If I'm correct, then we should finally have all the info we need to successfully re-create our own version of Stop-N-Swop. The only problem is, we would need some type of re-writable N64 cartridge to store a patched version of Banjo-Tooie on. I don't know a great deal of rom-hacking but if someone can make a four-player ocarina of time patch, then it's possible for someone to patch Banjo-Tooie to read and utilize flag data set by Banjo-Kazooie, I'm just not sure how possible


  #2  
Old 24th April 2008, 03:33 AM
Hylian1's Avatar
Hylian1 Hylian1 is offline
Jolly Rodger
 
Join Date: Mar 2004
Location: Los Angeles, CA
Total Awards: 1
RWP Note Medal 
But is there enough SNS code left in Banjo-Tooie for it to pick up the items from B-K?
__________________
"If nostalgia precipitates actions to return to a fabled, rosy-painted time, then it is an empty thing, doomed to produce nothing but frustration"- Drizzt Do'Urden


  #3  
Old 24th April 2008, 03:39 AM
runehero123's Avatar
runehero123 runehero123 is offline
DJ Jamjars
 
Join Date: Jan 2007
Location: Look behind you...
Total Awards: 1
INFECTED - B1K1 
Quote:
Originally Posted by Hylian1
But is there enough SNS code left in Banjo-Tooie for it to pick up the items from B-K?
There is none as far as I'm aware. However, when I have the time I'll mess around with ASM in BT and see if I can get it to read data from the "Flag area" to put the Egg's and key in your inventory. Not that you could actually swap data from BK-BT unless Nemu or PJ64 could emulate Cold-Swapping.


  #4  
Old 24th April 2008, 03:41 AM
jumbo mumbo's Avatar
jumbo mumbo jumbo mumbo is offline
Brash Breegull
 
Join Date: Apr 2006
Location: I have no idea
Total Awards: 2
INFECTED - B1K1 Thread Starter 
...

could someone dumb down what he said for me so I can understand it better?

I somehow managed to read the whole thing and am really confused. Something about just swapping from BK to BT and not vice versa, but that's all I could understand.


  #5  
Old 24th April 2008, 04:03 AM
runehero123's Avatar
runehero123 runehero123 is offline
DJ Jamjars
 
Join Date: Jan 2007
Location: Look behind you...
Total Awards: 1
INFECTED - B1K1 
There is no chance that "Flag data"(see Rare's data sharing patent) could be written to the SNS address(this is the code you use to have all sns items) without data in the EEPROM (this is the save chip on your n64 cart. Everytime you save your game data is written here, don't confuse with memory card.) overwriting it.

Last edited by runehero123; 24th April 2008 at 04:09 AM.


  #6  
Old 24th April 2008, 04:08 AM
dmoss's Avatar
dmoss dmoss is offline
Friendliest Member ('07 -'08)
 
Join Date: Feb 2005
Location: Missouri
Total Awards: 9
RWP Note Medal Thread Starter RWP Bash Day 11 Participation Award RWP Bash Day 10 Participation Award RWP Bash Day 9 Participation Award 
...nice job, runehero!
__________________
[dee]


  #7  
Old 24th April 2008, 04:17 AM
jumbo mumbo's Avatar
jumbo mumbo jumbo mumbo is offline
Brash Breegull
 
Join Date: Apr 2006
Location: I have no idea
Total Awards: 2
INFECTED - B1K1 Thread Starter 
Quote:
Originally Posted by runehero123 View Post
There is no chance that "Flag data"(see Rare's data sharing patent) could be written to the SNS address(this is the code you use to have all sns items) without data in the EEPROM (this is the save chip on your n64 cart. Everytime you save your game data is written here, don't confuse with memory card.) overwriting it.
Oh ok I think I get it now.


  #8  
Old 24th April 2008, 04:21 AM
runehero123's Avatar
runehero123 runehero123 is offline
DJ Jamjars
 
Join Date: Jan 2007
Location: Look behind you...
Total Awards: 1
INFECTED - B1K1 
Quote:
Originally Posted by Dmoss
...nice job, runehero!
Thanks .

and it's all backed up in patent.

Quote:
Originally Posted by Rare Patent
In accordance with yet other further aspects of the invention, the first program alternatively contains instructions that when executed by the processor specifically identifies information for sharing with the second program and provides a code that is associated with this identified information to a user of the first program via a display coupled to the control unit. In this instance, the code is provided instead of storing the identified information to the memory. In this regard, the second program alternatively contains instructions that when executed by the processor ask the user to provide a code, if any, and then utilize the information associated with the code in the implementation of the second program.
Banjo Tooie gives you the sandcastle codes.

Quote:
Originally Posted by Rare Patent
Upon retrieval of the identified information, another test is made to determine the validity of the retrieved information at a step 28. Primarily, the second program is checking to specifically determine that the data is of the correct type; that it is whole and complete within itself; that there is no corruption in whole or in part; and that the data is suitable for use by and is acceptable to the second program. This validity test can be accomplished by conventional error checking techniques which could, for example, include checking data. Even further, extra data can be incorporated alongside or within the data to be transferred. This extra data can be calculated by a program from the data to be transferred. In this regard, the calculation method used could be a simple addition of all of the data, or it could be a more complicated algorithm which generates what is conventionally understood to be an error checking code like a checksum.
As I mentioned, this error checking code exist's within EEPROM and Banjo-Kazooie's flag data

Quote:
Originally Posted by Rare Patent
It will also be appreciated by those skilled in the art and others that more than one checksum may be needed to confirm the validity, integrity and acceptability of the data.
This seems to be the case for EEPROM data. There are two Checksum addresses as I mentioned above.


  #9  
Old 24th April 2008, 05:36 AM
Klungo's Avatar
Klungo Klungo is offline
Bunnycomb
 
Join Date: Jan 2005
Location: United States
Cold swapping uses the memory pak, right?


  #10  
Old 24th April 2008, 07:54 AM
Some_wierdGuy's Avatar
Some_wierdGuy Some_wierdGuy is offline
Bunnycomb
 
Join Date: Feb 2008
no, cold swap is have BK in, turn off N64, take BK out and put BT in, turn back on

as oppose to a hot swap, which is have BK in, leave N64 on and take BK out, and but BT in

so hot swap means swap carts while on, cold means swap carts while off
__________________
I reject your reality and substitute my own
-Adam Savage, Mythbusters


  #11  
Old 24th April 2008, 09:24 AM
Articerile's Avatar
Articerile Articerile is offline
Formerly Avarice
 
Join Date: Feb 2007
Location: Portsmouth
Total Awards: 16
Mystery Three Mystery Two Mystery One INFECTED - B2K1 Bashful 
Surely in order to do that you just need some overwritable ROM for it? And i'm pretty sure it's fairly easy to get hold of, since people use it all the time for custom computers and such.

But would it be the same spec as the N64? I'm not sure, i've never ripped open any of my carts to look inside, since all my N64 games are good.

If I can find a cheap cruddy N64 game i'll probably have a look.
__________________
Wait. No I wasn't. I was never Avarice.


  #12  
Old 24th April 2008, 10:01 AM
BanjoPL's Avatar
BanjoPL BanjoPL is offline
Missing Hero
 
Join Date: Apr 2006
Location: Jolly's
Total Awards: 2
You're Appreciated! INFECTED - B1K1 
GREAT WORK!

I have question.
When and where we would cold swapping?
Just after collecting SNS item or in area that exist in BT too like Banjo House,Spiral Mountain or entrance in Grunty's Lair?

Quote:
Originally Posted by slaphappy View Post

In my mind, one final question remains, though. Did Rare actually have enough time to remove the SNS code from BT? There was the infamous statement from the Rare employee claiming the connection between the games was still there. Rare claims he was misquoted. Maybe, maybe not. The clean up effort appears to have been a little sloppy. Blackeye still has the Pink Egg portraits all around him. Remnants of Bottles Revenge remain. The Base Egg being left in the NTSC version of Tooie.

So, I am holding on to the final remaining glimmer of hope. Assuming SNS does still exist, one would need a pre-1999 N64, the NTSC version of BK, and the NTSC version BT to find it. If this, however unlikely, is true, it creates a tough position for Rare. Is SNS still there? No, well yes, well kind of. I wouldn't comment on the subject either. I also wouldn't have taunted everyone with the chalkboard in GbtG either, but hey, Rare will be Rare.

---
Gregg Mayles said that he is very close to true.
For me(based on slaphappy's theory and Gregg's response) it looks like that small part of SNS still exist and can activate Bottles' Revenge in Banjo-Tooie.
I have pre-1999 Nintendo 64 so Stop 'N' Swop would be possible on my system.I will test some ideas...

Last edited by BanjoPL; 24th April 2008 at 01:16 PM.


  #13  
Old 24th April 2008, 05:59 PM
glitchman's Avatar
glitchman glitchman is offline
Brash Breegull
 
Join Date: Feb 2007
Location: fungus forest
Total Awards: 1
Random Award 
Quote:
Originally Posted by BanjoPL View Post
I have pre-1999 Nintendo 64 so Stop 'N' Swop would be possible on my system.I will test some ideas...
i also have a pre-1999 N64, alas i live in britain
__________________
"Like is like a box of chocolates. You never know what you'll get."
Really? Honestly, what idiot gets a box of chocolates, and doesn't know what's gonna be inside?


  #14  
Old 25th April 2008, 03:11 PM
yamibakuragod's Avatar
yamibakuragod yamibakuragod is offline
Grunty's Reject
 
Join Date: Sep 2005
Location: The New World
Quote:
Originally Posted by BanjoPL View Post
Rune think that cheato pages would give you sandcastle codes in BT.
I have another idea.Maybe characters would tell you codes:

Madame Grunty-Cyan Egg
Captain Blackeye-Pink Egg and Red Egg
Gobi-Blue Egg and Yellow Egg ?
Loggo-Green Egg
Boggy-Ice Key
why must you spam every one of these types of theories with yet another idea of what the eggs equaled. No one cares. All you ever do is come up with some random set of things the eggs equal. This isn't about what the got or who you received them from, it's about how SNS physically work. Seriously stop with this garbage, it's spam and no one cares, please make your own topic next time rather then derail someone elses.


  #15  
Old 25th April 2008, 03:19 PM
BanjoPL's Avatar
BanjoPL BanjoPL is offline
Missing Hero
 
Join Date: Apr 2006
Location: Jolly's
Total Awards: 2
You're Appreciated! INFECTED - B1K1 
Sorry...my mistake.Bad post was removed...
Rune said that he will test some BT's stuffs so i hope so that he will back with great news.

Last edited by BanjoPL; 25th April 2008 at 03:26 PM.


 

Tags
sns


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT. The time now is 08:15 PM.


Forums powered by vBulletin® Copyright © Jelsoft Enterprises Ltd.
Website © 2000-∞ The RWP