Tweet
Super Mario 64 Hacking Data
By Dudaw
* Polygon removal and replacement (0x09 / 11)
* Sound editing (0x07)
* Scaling modifiers (0x32)
* Color editors
* Background Swaps (0x0A)
* Terrain functions
* Region Modifiers (Text side - NSM[x])
* Model Bank Swaps (0x0C, etc)
* Conjoining
* Music Hacking
* Inserting Music
* Finding New Behaviors
* Gameshark & ROM Editing Differences
Colors -
Colors can be found in polygon banks near the start of the data. Always starts with 0xFF?
Sounds-
To edit sounds, you need to download the program "Srip" from my file cabinet. Note- The program is not mine.
Now drag an N64 ROM into the program and it will rip the sounds to your "Owner" folder. If you don't know where to find that, remember that old slogan? "Google is your friend". I mean you should have basic skill of where to find certain directories. Anyway, sounds from the game are in that folder now as .wav files.
Go through these files with Microsoft sound recorder and listen for the sounds you want to change. If you don't have that tool as a default on Windows XP / Vista, you can also get that from the file cabinet.
Okay, now to the fun part. Remember that there was a text file also saved to your "Owner" folder called "Control.H"? If not, go there and open it up. All sounds you just ripped should have a filename of a 2-byte hexadecimal value. Copy the last four digits of the sound file name that you want to edit and in the CONTROL H file, click " Edit > Find".
Now paste those digits in and "Search Next" until you come across the sound data. One part should be "Nsound", another should be "Wavetable". There are also some other things here but we won't need them now. To replace one sound with another sound, go to the wavetable offset and copy the data from one sound to the one being edited. Then after that, also replace the "Nsound" data. Tada! A sound is now replaced! To change the speed of a sound, go to the Nsound data again in it's offset (hex). Now there should be data underneath "3x xx xx xx xx"
Ex. 3F 00 00, etc, etc.
3F FF FF FF etc = really fast
3E 00 00 00 etc = really slow
Tada! Speed now changed!
I'll be uploading the offsets for each sound soon.
Scaling and Sizes -
You can find this in Script Dumps from Toad's Tool in behaviors section.
Ex. A rotating hexadecimal platform behavior has [2D] 00 00 00
2D can be changed to the scaling bank 2D to 32 and can look something like this: [32] 00 00 [FF] = largest scale with solidity.
Some objects do have the 0x32 loader, so just this can be modified.
Backgrounds -
Terrain layout must match the background also. Simply swap the address data from Toad's Tool in 0x0A section.
Terrain Functions -
Tile type has been found:
001 = Solid + grass
000 = Courses solidity & grass
002 = Snow
003 = Sand
004 = Solid + boardwalk
005 = Soft solid, mid-solid, hard solid
006 = Slippery (Slide)
Other terrain functions coming soon!
Region Modifier -
NTSC version = NSME
PAL version = NSMP
Data can be found at the header of a ROM file and modified to the specified region.
NSMP = Slower for European TV's
NSME = Default speed for NTSC and AU region
Conjoining -
Two behaviors conjoined by clustering parts of behaviors.
Ex.
Thwomps Behavior:
0021A98C / 13000B8C [ 00 09 00 00 ] <- Start Behavior
0021A990 / 13000B90 [ 2A 00 00 00 05 00 B9 2C ] Action line 1
0021A998 / 13000B98 [ 11 01 00 49 ] <- Object Instruction
0021A99C / 13000B9C [ 1E 00 00 00 ] <- Display (Not always needed)
0021A9A0 / 13000BA0 [ 0D 07 00 01 ] <- Display
0021A9A4 / 13000BA4 [ 2D 00 00 00 ] <- Display (Not always needed)
0021A9A8 / 13000BA8 [ 32 00 00 44 ] <- Thwomp Size
0021A9AC / 13000BAC [ 0E 45 0F A0 ] <- Display
0021A9B0 / 13000BB0 [ 08 00 00 00 ] <- Split section (Not for editing)
0021A9B4 / 13000BB4 [ 0C 00 00 00 80 2A D3 4C ] <- Action Line 2
0021A9BC / 13000BBC [ 0C 00 00 00 80 38 39 CC ] <- Action Line 3
+
Parts of Box (SECRET!)
- Only parts of the box where added to this behavior. Things like 0x2D, or 0x1E were removed as display modifiers.
With the full Thwomp behavior and important parts of the box behavior2, we have Thwimp! Doing the same thing with other behaviors can be deadly.
Make sure you know what you are doing. Hack Seen in this video.
Music Hacking
- All level music in order depending on location
7B3E10 Level End
7B4080 SMB Title Screen
7B60C0 OverWorld Theme
7B74D0 Inside Castle
7B7E90 Dire, Dire, Docks
7B9140 Lethal Laval land
7B9AE0 Bowser Primary Battle
7BA840 Snow Theme
7BC810 Athletic (Slide, Koopa Race, etc..)
7BE520 Boo's Haunt
7BFB50 Piranha Plant Lullaby
7C00D0 Hazy Maze Cave
7C13F0 Star select
7C1480 Wing cap
7C20C0 Metal cap
7C2BA0 Bowser Message
7C2DD0 Bowser course
7C4060 Star Collected
7C4170 Ghost Merry-Go-Round
7C47F0 Koopa's Defeat
7C48C0 Star Appears
7C4B50 Boss fight
7C58C0 Collected Key
7C6260 Never-ending Staircase
7C7020 Final Kuppa
7CA810 Credits
7CA8F0 Toad's Message
7CA9C0 Peach Message
7CAB70 Intro Castle Sequence
7CB260 After Grabbing Star
7CBA70 End Music
7CC1D0 File Select
7CC4E0 Lakitu
Music banks are some of the largest banks in the game. When you go to these addresses, the first thing you see are the controllers of the songs. What these do is control how a song goes. Things like background themes and music sound effects. If you get down to the basics, you'll find the juicy part right in the middle, where you can edit music just like you would with a regular instrument (found in a different section). Here's what Frauber (Messiaen) found in his music hacks:
# || C | C# | D | D# | E | F | F# | G | G# | A | A# | B
x-1 || 1B | 1C | 1D | 1E | 1F | 20 | 21 | 22 | 23 | 24 | 25 | 26
x || 27 | 28 | 29 | 2A | 2B | 2C | 2D | 2E | 2F | 30 | 31 | 32
x+1 || 33 | 34 | 35 | 36 | 37 | 38 | 39 | 3A | 3B | 3C | 3D | 3E
When this table is used, here is the format:
{58} 85 [22] (18) # eight-note G
{} = Velocity
= Not really sure, but something like ticks before NoteOff.
[] = Pitch (normal table)
() = Duration (18 = eight-note, 30 = quarter-note, 60 = half-note, 20 = triplets, all simple proportions) [delta-tick?]
This alternate note table is also used. It's basically the same plus 80 (hex), so it sets some kind of flag:
Octave|| Note Numbers
# || C | C# | D | D# | E | F | F# | G | G# | A | A# | B
x-1 || 9B | 9C | 9D | 9E | 9F | A0 | A1 | A2 | A3 | A4 | A5 | A6
x || A7 | A8 | A9 | AA | AB | AC | AD | AE | AF | B0 | B1 | B2
x+1 || B3 | B4 | B5 | B6 | B7 | B8 | B9 | BA | BB | BC | BD | BE
When this alternate table is used, we have 3 bytes instead of 4. "Duration" is omitted (it uses the last parameter supplied). Excerpt:
{64} 40 [24] (60) # half-note A (normal pitch table)
{5C} C8 [26] (20) # triplet B
{64} *40* ~AC~ triplet F # Begins alternate, 3 byte format. Duration = 20 (last one)
{5E} *88* ~AC~ triplet F
{62} *90* ~AC~ triplet F
{5C} *50* ~AB~ triplet E
{5E} *60* ~A9~ triplet D
{64} *58* [27] (80) C
And here is one VERY important thing, the *JUMP* command, which is also used for Loops!
[FC] [1B EE]
[00] = Jump
[01, 02] = Jumps to offset 0x1BEE, counting from the beginning of the sequence.
The "FF" character to indicate when to jump back. Here is one loop example using this command:
FC 1B EE # Jump to 0x1BEE (0x00 = 7B4080,start of track). Return when ch = FF.
FC 1B F9 # Jump to 0x1BF9
FC 1B EE # Again (Manual Loop)
FC 1B F9
FC 1B EE # Again (Manual Loop)
FC 1B F9
You can now use Frauber's MML to M64 tool found in the link below. This tool makes it more simple to import your own custom MIDI's!
Music Inserting
With this type of hacking, it makes it easier to swap music between two N64 games! Download Frauber's Sequence Insert tool below:
http://sites.google.com/site/messiae...uence-inserter
This is a DOS command tool and is used to import .m64 music files into a Mario 64 ROM.
So first, you must open your command tool by going to "Start > Run > cmd". Now your command prompt will open. type in cd then the directory of Frauber's tool, followed by a "/".
Now you are in the directory and you will get a dialog from the tool telling you the usage. Now take an extended Mario 64 ROM and put it in the folder for the insert tool.
Rename the ROM to "mario.z64". Resume to the insert tool. Type in "insert_seq <NAME> mario.z64 <TRACK>. Replace <NAME> with: a sequence that ends with .m64.
Replace <TRACK> with the track you are editing (a list of tracks is on the homepage of Frauber). Now you're all set! Load the ROM and hear that song!
To Insert a Song Fom Another Game
N64 games' music data can be found if you know what you're doing. For now, you have to manually do it in hex in order to swap ANY music to ANY game. Same goes for Wii games, etc...
You have to find out the notes and velocity of that song, etc. and place them into Mario 64.
To Insert a Song From WaveRacer Or Mario Kart 64
To do this, download Frauber's "Sequence Rip" tool. Follow instructions and load it like you did with Sequence insert. Now you will unpack sequence files from the game right to the folder!
All you do now is rename them to .m64 and load them into "Sequence insert". Now it will replace the songs! Have fun.
Finding New Behaviors
Behaviors are some of the more simple things in the game. As you know, behaviors alter what an object does, how it reacts. The behaviors consist of two different parts. The first part is the behavior script, which contains all the data that makes up a behavior. You can find this in Toad's Tool 64 Script Dumps Section. See "Conjoining" above to understand how these parts work.
The other part is a split up, organized list in the game (depending on level). This is a behavior command, as I like to call it, which brings up behaviors in levels. By editing these values, you will not only edit a behavior for one object, but all objects that share this behavior.
These parts look like this: 1300xxxx
The last four digits (two bytes) of this string represent the behavior used. Let's use the Goomba behavior as an example. The script offset for this behavior is 0021E52C.
Now to get the behavior command, just add 219E00 hex to the script offset. 0021E52C + 219E00 = 472C, which is equal to 1300472C. This technique will come in handy when you know the script offset, but not the command value. So if I found another script next to another, but it wasn't labeled in Toad's Tool, I can enter the the behavior ID that I found from the command to use it on an object.
In this case, I would enter the Goomba behavior (472C).
These same values can even be used for Gameshark.
* Polygon removal and replacement (0x09 / 11)
* Sound editing (0x07)
* Scaling modifiers (0x32)
* Color editors
* Background Swaps (0x0A)
* Terrain functions
* Region Modifiers (Text side - NSM[x])
* Model Bank Swaps (0x0C, etc)
* Conjoining
* Music Hacking
* Inserting Music
* Finding New Behaviors
* Gameshark & ROM Editing Differences
Colors -
Colors can be found in polygon banks near the start of the data. Always starts with 0xFF?
Sounds-
To edit sounds, you need to download the program "Srip" from my file cabinet. Note- The program is not mine.
Now drag an N64 ROM into the program and it will rip the sounds to your "Owner" folder. If you don't know where to find that, remember that old slogan? "Google is your friend". I mean you should have basic skill of where to find certain directories. Anyway, sounds from the game are in that folder now as .wav files.
Go through these files with Microsoft sound recorder and listen for the sounds you want to change. If you don't have that tool as a default on Windows XP / Vista, you can also get that from the file cabinet.
Okay, now to the fun part. Remember that there was a text file also saved to your "Owner" folder called "Control.H"? If not, go there and open it up. All sounds you just ripped should have a filename of a 2-byte hexadecimal value. Copy the last four digits of the sound file name that you want to edit and in the CONTROL H file, click " Edit > Find".
Now paste those digits in and "Search Next" until you come across the sound data. One part should be "Nsound", another should be "Wavetable". There are also some other things here but we won't need them now. To replace one sound with another sound, go to the wavetable offset and copy the data from one sound to the one being edited. Then after that, also replace the "Nsound" data. Tada! A sound is now replaced! To change the speed of a sound, go to the Nsound data again in it's offset (hex). Now there should be data underneath "3x xx xx xx xx"
Ex. 3F 00 00, etc, etc.
3F FF FF FF etc = really fast
3E 00 00 00 etc = really slow
Tada! Speed now changed!
I'll be uploading the offsets for each sound soon.
Scaling and Sizes -
You can find this in Script Dumps from Toad's Tool in behaviors section.
Ex. A rotating hexadecimal platform behavior has [2D] 00 00 00
2D can be changed to the scaling bank 2D to 32 and can look something like this: [32] 00 00 [FF] = largest scale with solidity.
Some objects do have the 0x32 loader, so just this can be modified.
Backgrounds -
Terrain layout must match the background also. Simply swap the address data from Toad's Tool in 0x0A section.
Terrain Functions -
Tile type has been found:
001 = Solid + grass
000 = Courses solidity & grass
002 = Snow
003 = Sand
004 = Solid + boardwalk
005 = Soft solid, mid-solid, hard solid
006 = Slippery (Slide)
Other terrain functions coming soon!
Region Modifier -
NTSC version = NSME
PAL version = NSMP
Data can be found at the header of a ROM file and modified to the specified region.
NSMP = Slower for European TV's
NSME = Default speed for NTSC and AU region
Conjoining -
Two behaviors conjoined by clustering parts of behaviors.
Ex.
Thwomps Behavior:
0021A98C / 13000B8C [ 00 09 00 00 ] <- Start Behavior
0021A990 / 13000B90 [ 2A 00 00 00 05 00 B9 2C ] Action line 1
0021A998 / 13000B98 [ 11 01 00 49 ] <- Object Instruction
0021A99C / 13000B9C [ 1E 00 00 00 ] <- Display (Not always needed)
0021A9A0 / 13000BA0 [ 0D 07 00 01 ] <- Display
0021A9A4 / 13000BA4 [ 2D 00 00 00 ] <- Display (Not always needed)
0021A9A8 / 13000BA8 [ 32 00 00 44 ] <- Thwomp Size
0021A9AC / 13000BAC [ 0E 45 0F A0 ] <- Display
0021A9B0 / 13000BB0 [ 08 00 00 00 ] <- Split section (Not for editing)
0021A9B4 / 13000BB4 [ 0C 00 00 00 80 2A D3 4C ] <- Action Line 2
0021A9BC / 13000BBC [ 0C 00 00 00 80 38 39 CC ] <- Action Line 3
+
Parts of Box (SECRET!)
- Only parts of the box where added to this behavior. Things like 0x2D, or 0x1E were removed as display modifiers.
With the full Thwomp behavior and important parts of the box behavior2, we have Thwimp! Doing the same thing with other behaviors can be deadly.
Make sure you know what you are doing. Hack Seen in this video.
Music Hacking
- All level music in order depending on location
7B3E10 Level End
7B4080 SMB Title Screen
7B60C0 OverWorld Theme
7B74D0 Inside Castle
7B7E90 Dire, Dire, Docks
7B9140 Lethal Laval land
7B9AE0 Bowser Primary Battle
7BA840 Snow Theme
7BC810 Athletic (Slide, Koopa Race, etc..)
7BE520 Boo's Haunt
7BFB50 Piranha Plant Lullaby
7C00D0 Hazy Maze Cave
7C13F0 Star select
7C1480 Wing cap
7C20C0 Metal cap
7C2BA0 Bowser Message
7C2DD0 Bowser course
7C4060 Star Collected
7C4170 Ghost Merry-Go-Round
7C47F0 Koopa's Defeat
7C48C0 Star Appears
7C4B50 Boss fight
7C58C0 Collected Key
7C6260 Never-ending Staircase
7C7020 Final Kuppa
7CA810 Credits
7CA8F0 Toad's Message
7CA9C0 Peach Message
7CAB70 Intro Castle Sequence
7CB260 After Grabbing Star
7CBA70 End Music
7CC1D0 File Select
7CC4E0 Lakitu
Music banks are some of the largest banks in the game. When you go to these addresses, the first thing you see are the controllers of the songs. What these do is control how a song goes. Things like background themes and music sound effects. If you get down to the basics, you'll find the juicy part right in the middle, where you can edit music just like you would with a regular instrument (found in a different section). Here's what Frauber (Messiaen) found in his music hacks:
# || C | C# | D | D# | E | F | F# | G | G# | A | A# | B
x-1 || 1B | 1C | 1D | 1E | 1F | 20 | 21 | 22 | 23 | 24 | 25 | 26
x || 27 | 28 | 29 | 2A | 2B | 2C | 2D | 2E | 2F | 30 | 31 | 32
x+1 || 33 | 34 | 35 | 36 | 37 | 38 | 39 | 3A | 3B | 3C | 3D | 3E
When this table is used, here is the format:
{58} 85 [22] (18) # eight-note G
{} = Velocity
= Not really sure, but something like ticks before NoteOff.
[] = Pitch (normal table)
() = Duration (18 = eight-note, 30 = quarter-note, 60 = half-note, 20 = triplets, all simple proportions) [delta-tick?]
This alternate note table is also used. It's basically the same plus 80 (hex), so it sets some kind of flag:
Octave|| Note Numbers
# || C | C# | D | D# | E | F | F# | G | G# | A | A# | B
x-1 || 9B | 9C | 9D | 9E | 9F | A0 | A1 | A2 | A3 | A4 | A5 | A6
x || A7 | A8 | A9 | AA | AB | AC | AD | AE | AF | B0 | B1 | B2
x+1 || B3 | B4 | B5 | B6 | B7 | B8 | B9 | BA | BB | BC | BD | BE
When this alternate table is used, we have 3 bytes instead of 4. "Duration" is omitted (it uses the last parameter supplied). Excerpt:
{64} 40 [24] (60) # half-note A (normal pitch table)
{5C} C8 [26] (20) # triplet B
{64} *40* ~AC~ triplet F # Begins alternate, 3 byte format. Duration = 20 (last one)
{5E} *88* ~AC~ triplet F
{62} *90* ~AC~ triplet F
{5C} *50* ~AB~ triplet E
{5E} *60* ~A9~ triplet D
{64} *58* [27] (80) C
And here is one VERY important thing, the *JUMP* command, which is also used for Loops!
[FC] [1B EE]
[00] = Jump
[01, 02] = Jumps to offset 0x1BEE, counting from the beginning of the sequence.
The "FF" character to indicate when to jump back. Here is one loop example using this command:
FC 1B EE # Jump to 0x1BEE (0x00 = 7B4080,start of track). Return when ch = FF.
FC 1B F9 # Jump to 0x1BF9
FC 1B EE # Again (Manual Loop)
FC 1B F9
FC 1B EE # Again (Manual Loop)
FC 1B F9
You can now use Frauber's MML to M64 tool found in the link below. This tool makes it more simple to import your own custom MIDI's!
Music Inserting
With this type of hacking, it makes it easier to swap music between two N64 games! Download Frauber's Sequence Insert tool below:
http://sites.google.com/site/messiae...uence-inserter
This is a DOS command tool and is used to import .m64 music files into a Mario 64 ROM.
So first, you must open your command tool by going to "Start > Run > cmd". Now your command prompt will open. type in cd then the directory of Frauber's tool, followed by a "/".
Now you are in the directory and you will get a dialog from the tool telling you the usage. Now take an extended Mario 64 ROM and put it in the folder for the insert tool.
Rename the ROM to "mario.z64". Resume to the insert tool. Type in "insert_seq <NAME> mario.z64 <TRACK>. Replace <NAME> with: a sequence that ends with .m64.
Replace <TRACK> with the track you are editing (a list of tracks is on the homepage of Frauber). Now you're all set! Load the ROM and hear that song!
To Insert a Song Fom Another Game
N64 games' music data can be found if you know what you're doing. For now, you have to manually do it in hex in order to swap ANY music to ANY game. Same goes for Wii games, etc...
You have to find out the notes and velocity of that song, etc. and place them into Mario 64.
To Insert a Song From WaveRacer Or Mario Kart 64
To do this, download Frauber's "Sequence Rip" tool. Follow instructions and load it like you did with Sequence insert. Now you will unpack sequence files from the game right to the folder!
All you do now is rename them to .m64 and load them into "Sequence insert". Now it will replace the songs! Have fun.
Finding New Behaviors
Behaviors are some of the more simple things in the game. As you know, behaviors alter what an object does, how it reacts. The behaviors consist of two different parts. The first part is the behavior script, which contains all the data that makes up a behavior. You can find this in Toad's Tool 64 Script Dumps Section. See "Conjoining" above to understand how these parts work.
The other part is a split up, organized list in the game (depending on level). This is a behavior command, as I like to call it, which brings up behaviors in levels. By editing these values, you will not only edit a behavior for one object, but all objects that share this behavior.
These parts look like this: 1300xxxx
The last four digits (two bytes) of this string represent the behavior used. Let's use the Goomba behavior as an example. The script offset for this behavior is 0021E52C.
Now to get the behavior command, just add 219E00 hex to the script offset. 0021E52C + 219E00 = 472C, which is equal to 1300472C. This technique will come in handy when you know the script offset, but not the command value. So if I found another script next to another, but it wasn't labeled in Toad's Tool, I can enter the the behavior ID that I found from the command to use it on an object.
In this case, I would enter the Goomba behavior (472C).
These same values can even be used for Gameshark.