Kicking off a true reverse engineering effort

[city41]

I have started to truly reverse engineer SMA4. So far Smaghetti has done "black box" reverse engineering which is basically "change a byte, play the game, try to figure out what happened". That has gotten us really far, I'd estimate Smaghetti has about 80% of the game extracted and available for levels.

But this approach is not really paying off anymore. A good example is the camera system, we've been able to figure out just enough of it for a decent camera, but that's about it. Wrap around rooms, compatibility, bosses, meta sprites and objects, etc all are proving very difficult and even impossible to figure out with the black box approach.

This new effort's goal is to fully decompile the game back into C. A very lofty goal. Even if that goal is never hit, along the way this effort should allow learning a lot about the game, and allow Smaghetti to truly become a full editor. If this goal is achieved, then wow we could do some really cool things 🤞

first steps

Identify all resource blocks in the ROM

Graphic tiles, audio, level definitions all take up space in the ROM and if we can identify where they are, then we can ignore those bytes when reverse engineering the code.

Compressed tiles take up 1/8th of the rom (1/2 of a megabyte), and all of their offsets/sizes are already known (as seen in https://smaghetti.com/tools/tiles). Uncompressed graphics look to be about 1/4 of a meg. Their offsets and sizes are more fuzzy, because uncompressed tiles are just kinda thrown into the ROM willy nilly.

Audio data is totally unknown at this point.

Level definitions are totally unknown at this point. But I am working on that right now. I am adding support for hex-tree to parse the built in levels.

Add a parse() method to all Smaghetti entities

Today Smaghetti entities only go in one direction, they can generate bytes needed for the game, but can not parse game bytes. I am adding parse() method to Entity that will allow that. This is a ton of work as there's over 300 entities. But with this in place, entities will be able to look at the bytes in a stream and say "yup that is a firebar of length 4 going counterclockwise" for example.

This will allow saving Smaghetti levels in the game's binary format, which will be really awesome. It will also allow loading Nintendo's levels into Smaghetti.

I am working on this right now as well.

Reverse engineer the code in tools like Ghidra and Radare2

There's lots of good info out there on how to use these tools and techniques for reverse engineering GBA games, such as code coverage techniques.

I plan to create a Ghidra loader for SMA4 that identifies all of the standard GBA entry points and registers (using GhidraGBA as the starting point). But also add in all the resources (graphics, audio, level definitions).

Then from there, start slowly figuring the game out.

[city41]

kick things off with some initial findings on level 1-1.

The objects start at 1408d6
Sprites start at 157811

With those two offsets, I have hextree loading 1-1 in a very raw and hacked in way

and as you can see, hextree got the objects very wrong. But some are correct, and all sprites are correct. But since I am adding parsing to smaghetti entities, eventually hextree will parse everything perfectly.