Last week I found a tool that can be used to edit the graphics of SNES ROMs. However, it is still unclear how to get the exact hexadecimal address of each sprite. To find an answer, I try to reverse-engineer MarI/O and take a look on how the sprite addresses were determined there. More precisely, I will try to find the ‚Key‘ sprite, that has the position 0x80 in the pointer table. I am certain that this key will unlock the next door to the spritelist.
In this blog, I will explain the differences between HiROM and LoROM SNES cartridges and I will go over some more tools used for hacking ROMs, specifically Super Mario World.
The first question I asked when I approached the task of finding the key was:
Can I find the key in YY-CHR?
As shown in Figure 1, the program fails to identify the sprites of Super Mario World. Not a single graphic is recognizable throughout the whole pointer table.
Even trying to change the format and pattern did not help.
Maybe it’s the tool’s fault. So I tried the tool „Tile Editor“, which is a similar graphics editing tool that serves the same purpose as YY-CHR.
The results were sadly identical, as shown in Figure 2.
This leads to an important question:
Why does it work in Super Metroid, then?
The answer lies in the cartridges of the games.
There are two main types of SNES cartridges, the SNES community refers to them as LoROM and HiROM cartridges.
( https://en.wikibooks.org/wiki/Super_NES_Programming/SNES_memory_map )
The main difference between LoROM and HiROM is their way of handling memory (or, more precisely, memory mapping). Just a single byte in the ROM header indicates whether it is a LoROM or a HiROM cartridge – and that is basically it; the SNES may read the data more efficiently when the byte is set to HiROM, leading to lower file sizes.
The topic is very technical and going into it further would be too much. However, it is important to know that Super Mario World qualifies as a HiROM game while Super Metroid qualifies as LoROM. This might be the main reason why YY-CHR behaves the way it does.
How is it possible to edit Super Mario World Graphics, then?
This is where Lunar Magic joins the frey. Lunar magic is probably the best tool created for Super Mario World. It is a level editor created by FuSoYa that was the only tool in this field for 18 years. (cf. https://fusoya.eludevisibility.org/lm/)
Most importantly, it offers a very useful feature – adding sprites directly into the level. It just took a few seconds to find what I looked for, as shown in Figure 3.
So finding the key this way kinda does not count because the solution cannot be applied to Super Metroid. Lunar Magic only works for Super Mario World after all, unfortunately. However, hope is not yet lost – there is another useful feature: Extracting the graphics of the ROM, as shown in Figure 4.
The extracted graphic files can be opened by YY-CHR, as shown in Figure 5. The colors may seem off; the reason for that is because the colors depend on palettes. This only serves editing purposes though and thus is not important for this project. Another problem is that the graphics are actually split up into 52 smaller files. After looking thourgh some of them, I found the key, as shown in Figure 6.
… Later I found that I made a mistake; there is an option that does not split up the graphics, as shown in Figure 7.
The key can also be found faster, as shown in Figure 8.
The key has been found, again. This time, there is a problem, however. The key is supposed to have the address 0x80, which is not the case here (or at least it is not clear). This seems like a dead end to me though, so I will leave it for now.
In conclusion, the key search might have been a red herring; it would have been too easy i suppose. Super Mario World and Super Metroid are even more different from each other than I thought, since even their cartridges work differently. To find the right hex addresses in Super Metroid, I need to find a LoROM hacking tool.
