Various Free Play hacks

HudsonArcade said:
Except that membrane switches on flex cables going to some sort of connector is exactly what's in many LCD monitors.... Hell, the ones on aliexpress are even adhesive backed to stick to the front of a game.

This is not something that needed to be specially engineered for this application.
Click to expand...

I know exactly what Mark is referring to and he's right. And there is one that looks like the one used for the easycoinup.

However, the intent of this thread was to share free play hacks, in reference to hacking, or getting unauthorized access to data with a computer (so says Google's dictionary). Mechanical solutions are various but fairly trivial (as gamefixer pointed out, "its a switch"), and need not be discussed further. And the "Free" in the topic refers to not having to pay money to play the game, NOT the monetary value of the free play hack itself, so don't get bent out of shape if someone doesn't want to hand out theirs for free. May need a new "Free Free Play Hacks" thread for that.

So if we could please return to the topic at hand...
 
mjenison said:
I know exactly what Mark is referring to and he's right. And there is one that looks like the one used for the easycoinup.

However, the intent of this thread was to share free play hacks, in reference to hacking, or getting unauthorized access to data with a computer (so says Google's dictionary). Mechanical solutions are various but fairly trivial (as gamefixer pointed out, "its a switch"), and need not be discussed further. And the "Free" in the topic refers to not having to pay money to play the game, NOT the monetary value of the free play hack itself, so don't get bent out of shape if someone doesn't want to hand out theirs for free. May need a new "Free Free Play Hacks" thread for that.

So if we could please return to the topic at hand...
Click to expand...

Well put!

3456789
 
30FathomDave said:
Edit: I posted something that wasn't very nice (though I stand by its accuracy), and having thought better of it, removed it in a showing of my ability to reason on a human level.
Click to expand...

Repped. You, sir, are on another level. :)
 
Last edited:
Back on topic, my freeplay ROMhack is now even more customized... :D

I can never sell this game, now. :rolleyes:

attachment.php
 

Attachments

  • 544556674.jpg
    544556674.jpg
    428.9 KB · Views: 299
Okay, back to reality here. I redid my Kickman hack to have attract mode. During attract mode, simply press 1P or 2P start and it'll start the game.

I know there's a Kickman w/ attract mode hack on the MARS site, but i had problems with it, where I got lots of flickery vertical lines through the screen. I thought I had a board problem, but I swapped the original ROMs back in, and they went away (and also tried a 2nd boardset and had the same issues)... and I reburned the original ROM files on the same EPROMs I used for the hack and they still worked. So I figured it must have been the hack.

Anyway, my new hack files are attached. This needs 3 ROMs... they're originally 2532s, or you can restrap the board for 2732s and reburn all the program ROMs. I've been playing it a bunch this weekend and everything seems good... but let me know if you have any problems with it.

DogP
 

Attachments

  • kickman_fp.zip
    8.6 KB · Views: 29
DogP, you are amazing. Is there a how-to video tutorial somewhere explaining the basics of how to do this type of codejacking? My Bubble Bobble needs a freeplay w/attract...




DogP said:
Okay, back to reality here. I redid my Kickman hack to have attract mode. During attract mode, simply press 1P or 2P start and it'll start the game.

I know there's a Kickman w/ attract mode hack on the MARS site, but i had problems with it, where I got lots of flickery vertical lines through the screen. I thought I had a board problem, but I swapped the original ROMs back in, and they went away (and also tried a 2nd boardset and had the same issues)... and I reburned the original ROM files on the same EPROMs I used for the hack and they still worked. So I figured it must have been the hack.

Anyway, my new hack files are attached. This needs 3 ROMs... they're originally 2532s, or you can restrap the board for 2732s and reburn all the program ROMs. I've been playing it a bunch this weekend and everything seems good... but let me know if you have any problems with it.

DogP
Click to expand...
 
TSB said:
DogP, you are amazing. Is there a how-to video tutorial somewhere explaining the basics of how to do this type of codejacking? My Bubble Bobble needs a freeplay w/attract...
Click to expand...
I believe brzezicki posted a video a while back walking through a Frogger hack: https://forums.arcade-museum.com/showthread.php?t=361335 .

IMO, the first thing is to learn the basics of the MAME debugger. Things like watchpoints, breakpoints, cheats, and reading the disassembly.

Then you need to break down the problem into small steps. If you add coins, does attract mode still run? If so, find where credits are read, and instead of reading the value, just load a constant value.

To find the credits memory location, use the cheat function of MAME and the memory editor window. You'll need to figure out what the opcodes are... luckily for simple hacks, the new code is smaller than the original code, so you can usually just NOP any extra code, and manually figure out what bytes to put in for "ld a,$02" for example.

If attract mode doesn't run with coins, what I usually do is change the code to read the start button(s) instead of coin switch(es), so pressing the start button will add credits... then I change the code that waits for start to be pressed to immediately start (and clear the credits). Then you usually need to tweak it so it only adds credits if it's in attract mode... that way if you press start during the game, it doesn't load up credits. Again, using the MAME cheat function, you can usually find a memory location that is different between attract and game mode.

Things like start and credit switch addresses/bit positions are usually clear from the MAME source code.

That's the gist of it... I'd guess brzezicki's stuff probably goes into much better detail.

DogP
 
Did you have to learn any Z80 assembly to do that? :confused:
 
jawhn said:
Did you have to learn any Z80 assembly to do that? :confused:
Click to expand...
Yeah, for even the simplest hack, you sorta need to at least understand a little bit about assembly, and know how to convert an opcode into binary (for example, by looking at a table like: http://z80-heaven.wikidot.com/opcode-reference-chart ). Of course some games are Z80, some are 6502, etc.

An example of a very simple hack, where it still runs attract mode with credits.... so you just need to force the game to think there's credits:
Using the cheat function of the MAME debugger, you determine that credits are stored at address $7005 (hexadecimal address). You set a watchpoint at $7005, and there's only one piece of code that reads it. It says:
...
ld a, ($7005)
cp $00
jr nz, $1008
...

In that case, the "ld a, ($7005)" is loading the register 'a' with the data from address $7005. The "cp $00" compares the value in register 'a' with 0, and "jr nz, $1008" causes the code to execute some code at $1008 if the value is non-zero (in this example, if there's credits).

So, the only thing we need to do is change "ld a, ($7005)" to "ld a, $02" to always put a value of 2 in register 'a'... then the rest of the code will think that 2 was read from address $7005, making it think that there's 2 credits.

If you look at the bytes of each instruction (to the right of the disassembly in the MAME debugger), you'll find that "ld a, ($7005)" is 3 bytes: 3A 05 70 (note that the upper and lower bytes of $7005 are swapped).

The code you want to replace that with ("ld a, $02") is only 2 bytes: 3E 02. You look this up from the opcode chart referenced above... or you can look through the rest of the disassembly from MAME and find code similar to what you're trying to do, and copy it.

So, you open the ROM file in a hex editor, go to the offset of the original instruction, and replace 3A with 3E, and 05 with 02. The original code still has one additional byte (70), which you need to get rid of, or the CPU will try to execute it as an instruction, and do something wrong. So, you replace it with a "nop" (no operation), which makes the CPU simply do nothing. It is 1 byte (00), so replace 70 with 00.

Then run your new code in MAME and test your new free play hack!


In some cases, the game will have a ROM check at startup, so you'll have to update a checksum value somewhere in the ROM to make it pass. Sometimes it's easy to find the checksum value, which you can replace with the new value... other times it's easier to find a memory location that's unused and replace it with a byte that makes the checksum match the original checksum.

In the case of a simple 8-bit checksum, it just adds each individual byte, and the checksum is the least significant 8 bits of the sum. So, the checksum of $01 and $05 would be $06... and the checksum of $D5 and $59 would be $2E (the actual sum is $12E). Most hex editors will compute the checksum of a file for you.

DogP
 
Wow oh wow, that's way more complicated than I thought it would be. That's cool as hell, though.

Yeah, I tend to rep DogP whenever possible...
 
jawhn said:
Wow oh wow, that's way more complicated than I thought it would be. That's cool as hell, though.
Click to expand...

Keep in mind that he's just explaining a "very simple hack". Adding freeplay with attract mode can get far more involved than that, particularly if you want to retain coinage settings (i.e. keep DIP switch settings intact). My last freeplay took several hours of research just to determine the best approach. Writing and testing new routines took a couple more hours.
 
So, for Bubble Bobble, I'd have to set a watchpoint for the credits to find what code reads it.
Look for attract mode after the cp $00, and the 'wait for player start button' after cp $01.
Find what watches the coin switch & writes to credit during attract mode,
and change that to: 1)watch for player1 switch & 2)jump to the code that was after the cp $01...

essentially?


edit: or look into changing the "2 coins 1 play" settings to be free play...

mattosborn said:
Keep in mind that he's just explaining a "very simple hack". Adding freeplay with attract mode can get far more involved than that, particularly if you want to retain coinage settings (i.e. keep DIP switch settings intact). My last freeplay took several hours of research just to determine the best approach. Writing and testing new routines took a couple more hours.
Click to expand...
 

Attachments

  • Screen Shot 2018-05-03 at 1.01.20 PM.png
    Screen Shot 2018-05-03 at 1.01.20 PM.png
    350.8 KB · Views: 18
Last edited:
You must log in or register to reply here.

Similar threads

VectorCollector
Show me your colored (non-black) t-molding :)
2 3 4
Replies
60
Views
2K
Phetishboy
Phetishboy
ArcadeKid_Ma
Atari Logo Joystick Rebuild Kits
Replies
10
Views
681
bakerhillpins
Free Play rom hacks (for Scramble)?
Replies
10
Views
1K
philmurr
philmurr
Griffin
Show us your seating area in your arcade
2
Replies
28
Views
2K
Griffin
Griffin
Humdinger
Show us your vintage arcade hobby pics!
Replies
6
Views
440
CameronMcC
CameronMcC
Back
Top Bottom