AlaskaLinuxUser's Scratchpad

Commit thy works unto the LORD, and thy thoughts shall be established. - Proverbs 16:3

Continued hacking with a hex editor

20260314.jpg

Since I finally beat the game, I decided to look a little deeper at hex editing the saved games of Phantasy Star for the SEGA Master System. While I am generally not a big fan of cheat codes and game hacking, I just kept looking at this hex data and started seeing a pattern. And once I saw it, I couldn't "un-see" it. For editing the saved RAM file, you can use any hex editor, but in my case I used Ghex on Ubuntu Linux, which has a nice GUI. Previously, I had used hexedit from the command line, which worked rather well, but made things like copy/paste a little more tedious.

As I mentioned last time, because I had already read a guide on save state hacking[1] for this game, I sort of had a good idea of what to look for. However, that saved state hack was for the saved state of the game with the MekaW emulator, not the actual saved backup RAM from the game. E.g., it is the RAM in use for the game, with register addresses that map to the running game, and not to the saved RAM of the cartridge. I also read some other guides, but they were for the newer SEGA Genesis version and also didn't apply. However, like I mentioned last post, I found a tool written in Go [2] which did have this helpful line:

// A Phantasy Star 1 save file consists of five saved games.
// A header of size 0x200 exists at position 0x100 in the save file.
// Assuming saved game indexes ("GameIndex") numbered 0 through 4, each saved
// game can be found in the file at location `0x500 + 0x400 * gamenum`.
// In other words, saved games start at index 0x500 and are each of size 0x400.
// Each saved game consists of four packed 16-byte PlayerRecord structures,
// representing Alis, Myau, Odin, and Noah. At offset 0xC0 in each saved game,
// there is a 32-byte array of inventory items. At offset 0xE0 in the saved
// game, a two-byte value can be found representing the number of meseta
// followed by a one-byte value representing the number of inventory items.

As I mentioned last time: If you use a hex editor like hexedit or ghex (terminal and gui, respectively), you will find that the first game save starts at 0x500, goes for 400, then the second game save starts at 0x900, goes for 400, and so on. And, a saved game looks like this:

00000500: 01cc 1c1a 5518 cc1c 6ee0 0e16 2000 0502  ....U...n... ...
00000510: 01ca 31e9 4d18 ca31 6eb6 0a14 1d00 0403  ..1.M..1n.......
00000520: 01bb 00cc 4e19 bb00 5cbd 0d17 1f00 0000  ....N...\.......
00000530: 01a8 4b8e 4516 a84b 4ab9 0418 1e00 0505  ..K.E..KJ.......
00000540: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000550: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000560: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000570: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000580: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000590: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000005a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000005b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000005c0: 3334 352d 3832 2639 2122 3b0f 2330 313e  345-82&9!";.#01>
000005d0: 2525 2525 2525 2525 0000 0000 0000 0000  %%%%%%%%........
000005e0: 423f 1800 0000 0000 0000 0000 0000 0000  B?..............
000005f0: 0300 0000 0000 0000 0000 0000 0000 0000  ................
00000600: ff01 0102 0700 01ff 0101 ff00 0000 0000  ................
00000610: 00ff 0000 0000 0000 ff00 0000 0000 0000  ................
00000620: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000630: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000640: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000650: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000660: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000670: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000680: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000690: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000006a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000006b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000006c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000006d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000006e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000006f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000700: ffff 00ff ffff ff00 0000 0000 0000 0000  ................
00000710: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000720: 0000 0000 ff00 0000 0000 0000 0000 0000  ................
00000730: 00ff 0000 ff00 0000 0000 0000 0000 0000  ................
00000740: ff00 00ff 0000 0000 0000 00ff 0000 0000  ................
00000750: 0000 00ff 0000 ff00 0000 0000 0000 0000  ................
00000760: 0000 00ff 00ff ffff ff00 0000 00ff 00ff  ................
00000770: ff00 ff00 0000 ffff ffff ff00 0000 0000  ................
00000780: 00ff 0000 0000 0000 0000 00ff 0000 ff00  ................
00000790: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000007a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000007b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000007c0: ffff 0000 00ff 0000 0000 00ff ff00 ff00  ................
000007d0: 0000 0000 0000 0000 ff00 0000 0000 0000  ................
000007e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000007f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000800: 00e0 0500 0050 0100 0404 0200 de00 0000  .....P..........
00000810: 0050 01e0 0500 0d03 0000 0000 0000 0000  .P..............
00000820: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000830: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000840: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000850: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000860: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000870: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000880: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000890: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000008a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000008b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000008c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000008d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000008e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000008f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................

And what I noticed, based on the notes above, was these lines:

00000500: 01cc 1c1a 5518 cc1c 6ee0 0e16 2000 0502  ....U...n... ...
00000510: 01ca 31e9 4d18 ca31 6eb6 0a14 1d00 0403  ..1.M..1n.......
00000520: 01bb 00cc 4e19 bb00 5cbd 0d17 1f00 0000  ....N...\.......
00000530: 01a8 4b8e 4516 a84b 4ab9 0418 1e00 0505  ..K.E..KJ.......

These lines are the four main characters. Which I believe breaks down like this:

HADDRESS: AABB CCDD EEFF GGHH IIJJ KKLL MMNN OOPP
00000500: 01cc 1c1a 5518 cc1c 6ee0 0e16 2000 0502  ....U...n... ...
AA = Have character, e.g., you don't start the game with Odin, but this becomes 01 when you find him.
BB = MAX HP, maximum health points
CC = MAX MP, maximum magic points
DD = UNKNOWN, I originally thought level, but it doesn't quite line up.
EEFF = Experience points. The total accumulated experience points of the character.
GG = Current health points (HP)
HH = Current magic points (MP)
II = Attack power
JJ = Defense power
KK = Equiped Weapon
LL = Equiped Armor
MM = Equiped Shield
NN = Unknown
OOPP = Some sort of table reference for what magic spells are learned and available.

What I gleaned from other sites is that when a battle happens, at the beginning, or at the end, when the game adjusts the experience, then it calculates everything against what it should be. E.g., is your experience up, then you level up, and if you level up, your attack/defense/HP/MP should change, etc. What that means for you as an editor, it is easier to adjust the experience points, let the character get leveled up in a battle, and then it will automatically apply the rest, like what magic you have, etc.

Unless, of course, you are trying to have more than the original maximums that were available.

I'd have to do some trial and error for NN and DD. There are flags that are set if your character is "tied up" in a battle and needs to break free. This can carry over from battle to battle in a way that I don't fully understand as a game dynamic, but does seem to happen from time to time, because you can leave one battle tied up, get in another battle shortly after and still be tied up. I will be honest, I don't understand how "rope" works or if this even applies here. There is also a point in the game where Myau changes form from a cat to a pegasus-like creature, and perhaps this is used here?

As we discussed last time, the inventory of your 24 items is fairly simple:

000005c0: 3334 352d 3832 2639 2122 3b0f 2330 313e  345-82&9!";.#01>
000005d0: 2525 2525 2525 2525 0000 0000 0000 0000  %%%%%%%%........

Of which I just borrow from Czechnmymail[1]:

---Items---
00 = nothing
01 =  Wood cane
02 = Short sword
03 = Iron sword
04 = Wand            *Noah's best weapon*
05 = Iron Fang
06 = Iron axe
07 = Titanium sword
08 = Ceramic sword
09 = Needle gun
0A = Silver Fang     *Myau's best weapon*
0B = Heat gun
0C = Light Sabre
0D = Laser gun
0E = Laconia sword   *Alis' best weapon*
0F = Laconia Axe     *Odin's best weapon*
10 = Leather Armor
11 = White mantle
12 = Light Suit
13 = Iron Armor
14 = Thick Fur       *Myau's best armor*
15 = Zirconia Armor
16 = Diamond Armor   *Alis' best armor*
17 = Laconia Armor   *Odin's best Armor*
18 = Frade Mantle    *Noah's best armor*
19 = Leather Shield
1A = Bronze Shield
1B = Iron Shield
1C = Ceramic Shield
1D = Gloves          *Myau's best shield*
1E = Laser Shield    *Noah's best shield*
1F = Mirror Shield   *Odin's best shield*
20 = Laconia Shield  *Alis' best shield*
21 = Landrover
22 = Hovercraft
23 = Ice digger
24 = Cola
25 = Burger
26 = Flute
27 = Flash
28 = Escaper
29 = Transfer
2A = Magic Hat
2B = Alsulin
2C = Polymeteral
2D = Dungeon Key
2E = Sphere
2F = Eclipse Torch
30 = Aero Prism
31 = Nuts
32 = Hapsby the Robot
33 = Road Pass
34 = Passport
35 = Compass
36 = Cake
37 = Letter
38 = Laconia Pot
39 = Magic Lamp
3A = Amber Eye
3B = Gas Shield
3C = Crystal
3D = M System
3E = Miracle Key
3F - FF = Debug

The money line was a bit odd:

000005e0: 423f 1800 0000 0000 0000 0000 0000 0000  B?..............

Because the hex to decimal conversion of 423f is 16959, but in the game I had 16194, which is 3f42. So I believe you need to do it out of order to get the correct result. Or just make it FFFF, and you have so much money it doesn't matter.

While I am not 100% sure, these lines seem to be your location. E.g., which planet, town, village, dungeon, and position within it.

00000600: ff01 0102 0700 01ff 0101 ff00 0000 0000  ................
00000610: 00ff 0000 0000 0000 ff00 0000 0000 0000  ................

And finally, these lines seem to be switches. They are high or low. Either on or off. FF being high/on, and 00 being low/off. I believe these are the switches for in game logic such as: did you talk to the guy in the dungeon who told you the soothsayer's name so that when you talk to the soothsayer, he asks you the right questions, or when you have freed the professor from his prison cell, so now when you talk to his apprentice he agrees to help you... etc.

00000700: ffff 00ff ffff ff00 0000 0000 0000 0000  ................
00000710: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000720: 0000 0000 ff00 0000 0000 0000 0000 0000  ................
00000730: 00ff 0000 ff00 0000 0000 0000 0000 0000  ................
00000740: ff00 00ff 0000 0000 0000 00ff 0000 0000  ................
00000750: 0000 00ff 0000 ff00 0000 0000 0000 0000  ................
00000760: 0000 00ff 00ff ffff ff00 0000 00ff 00ff  ................
00000770: ff00 ff00 0000 ffff ffff ff00 0000 0000  ................
00000780: 00ff 0000 0000 0000 0000 00ff 0000 ff00  ................
00000790: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000007a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000007b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000007c0: ffff 0000 00ff 0000 0000 00ff ff00 ff00  ................
000007d0: 0000 0000 0000 0000 ff00 0000 0000 0000  ................
000007e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................

So that is my best guess and somewhat verified with some trial and error. I am 99% positive on the characters stats and equipment, 100% positive on the inventory items, and while I am pretty positive about the rest, I don't know how to actually use them.

I don't know if this will help anybody, but, there it is.

Linux - keep it simple.

[1] https://gamefaqs.gamespot.com/sms/588116-phantasy-star/faqs/24768 [2] https://github.com/mpontillo/psedit/blob/master/savefile.go