User:Blaziken257/3DS Virtual Console changes

3DS Virtual Console changes

Some 3DS Virtual Console changes for Game Boy (Color) games that I own. I'm just putting my notes down here, so it is disorganized at the moment.

This was made possible by the spider exploit and dumping the memory; GB ROMs can be found starting at offset 0x28002C4 in the memory dump. This no longer works as of 9.5.0-23. However...

Braindump can be used to accomplish the same thing, and it works on 9.0 and above (including 10.1!).

All Virtual Console games appear to be based on the latest revision of each game (for example, v1.2 for Super Mario Land 2, v1.1 for Donkey Kong Land III, etc.). This is evidenced by the fact that global checksums in the game's header are unchanged.

Finally, my 3DS is American, and therefore, all of these ROM dumps are as well. These changes may or may not apply to other regions! (They probably do, seeing that this thread has some European dumps, which match the American ones where applicable.)

To do: The invalid FC opcodes are applied by the emulator based on the patch, and so show up when the game is dumped from RAM. These seem to communicate with the emulator. Find what they do. Dump the Virtual Console ROMs for Pokémon Red/Blue/Yellow once they are released on Feb. 27. (Try to cover multiple languages, if possible!) Include NES games — currently, this list only includes GB and GBC games.

Donkey Kong Land

Identical!

Donkey Kong Land 2

Patch: 3DS .patch

5:46B7: and a,0F -> and a,1F
5:46B9: cp a,0B  -> cp a,1B

Effect: Toned down flashing in Glimmer's Galleon

5:46DC: and a,0F -> and a,1F
5:46DE: cp a,0B  -> cp a,15

Effect: Toned down flashing in Lava Lagoon and Clapper's Cavern

Donkey Kong Land III

Identical to English v1.1!

Donkey Kong (Game Boy)

Patch: 3DS .patch

To do: Work on this. Apparently, after finishing a world and being asked to save, when the game transitions from one world to another, the blinking has a blur effect on the 3DS Virtual Console version. This blur seems to be an emulator effect, not a change to the ROM itself, so it won't show up on real hardware. Look more into this, and look for other changes.

Super Mario Land 2

Patch: 3DS .patch

F:605F: ld (A27E),a -> nop nop nop
F:6066: ld (A280),a -> nop nop nop

Effect: Toned down lightning strikes in entrance to Wario's Castle

Metroid II

Patch: 3DS .patch

5:412A: cp a,10 -> cp a,0C

Effect on title screen (Python implementation):

frame = 0xFFFF #0xD066 in RAM, little-endian
while frame > 0:
    bg_pal = 0x93 #Black palette -- register 0xFF47
    if (frame & 0x302) == 0x2:
        #Bitfield: 0bxxxxxx00xxxxxx1x
        if system == "Game Boy" and (frame & 0x3ff) < 0x10:
            bg_pal = 0x90 #Flashing white palette -- register 0xFF47
        elif system == "3DS" and (frame & 0x3ff) < 0x0c:
            bg_pal = 0x90 #Flashing white palette -- register 0xFF47
    set_bg_pal(bg_pal) #Write to register 0xFF47
    #Game Boy: Background will flash with frame values: 0x2, 0x3, 0x6, 0x7, 0xa, 0xb, 0x402, 0x403, etc.
    #3DS:      Background will flash with frame values: 0x2, 0x3, 0x6, 0x7, 0x402, 0x403, etc.
    frame -= 1

Summary: Toned down flashing on title screen so that only 3 flashes (instead of 4) occur per 1024 frames

Mole Mania

Patch: 3DS .patch

To do: Find what these changes do.

GB:

RO14:5D5C 04               inc  b
RO14:5D5D 1E 08            ld   e,08
RO14:5D5F 09               add  hl,bc
RO14:5D60 0C               inc  c
RO14:5D61 04               inc  b
RO14:5D62 18 00            jr   5D64

3DS:

RO14:5D5C 04               inc  b
RO14:5D5D 1E 08            ld   e,08
RO14:5D5F 1D               dec  e
RO14:5D60 0C               inc  c
RO14:5D61 1D               dec  e
RO14:5D62 18 1D            jr   5D81

Effect: ???

GB:

RO14:5D85 04               inc  b
RO14:5D86 1E 06            ld   e,06
RO14:5D88 6F               ld   l,a
RO14:5D89 0A               ld   a,(bc)
RO14:5D8A BF               cp   a
RO14:5D8B 10 FF            <corrupted stop>

3DS:

RO14:5D85 04               inc  b
RO14:5D86 1E 06            ld   e,06
RO14:5D88 1D               dec  e
RO14:5D89 0A               ld   a,(bc)
RO14:5D8A 1D               dec  e
RO14:5D8B 10 FF            <corrupted stop>

Effect: ???

No idea what either of these changes are for. While I set execute breakpoints for all of these locations, the breakpoints have yet to be hit at all as of the third level. Maybe this is data and not code...? Perhaps I should set read breakpoints here instead.

Wario Land: Super Mario Land 3

Patch: 3DS .patch

GB:

ROM8:642A FA E2 A7         ld   a,(A7E2)
ROM8:642D CB 6F            bit  5,a      ; Left
ROM8:642F 20 0C            jr   nz,643D
ROM8:6431 CB 77            bit  6,a      ; Up
ROM8:6433 20 0C            jr   nz,6441
ROM8:6435 CB 7F            bit  7,a      ; Down
ROM8:6437 20 0C            jr   nz,6445
ROM8:6439 3E 00            ld   a,00
ROM8:643B 18 0A            jr   6447
ROM8:643D 3E 01            ld   a,01
ROM8:643F 18 06            jr   6447
ROM8:6441 3E 02            ld   a,02
ROM8:6443 18 02            jr   6447
ROM8:6445 3E 03            ld   a,03
ROM8:6447 CD 99 5F         call 5F99     ; L=01, U=02, D=03, else=00
ROM8:644A C9               ret

3DS:

ROM8:642A FA E2 A7         ld   a,(A7E2)
ROM8:642D CB 67            bit  4,a      ; Right
ROM8:642F 20 0C            jr   nz,643D
ROM8:6431 CB 6F            bit  5,a      ; Left
ROM8:6433 20 0C            jr   nz,6441
ROM8:6435 CB 77            bit  6,a      ; Up
ROM8:6437 20 0C            jr   nz,6445
ROM8:6439 3E 03            ld   a,03
ROM8:643B 18 0A            jr   6447
ROM8:643D 3E 00            ld   a,00
ROM8:643F 18 06            jr   6447
ROM8:6441 3E 01            ld   a,01
ROM8:6443 18 02            jr   6447
ROM8:6445 3E 02            ld   a,02
ROM8:6447 CD 99 5F         call 5F99     ; R=00, L=01, U=02, else=03
ROM8:644A C9               ret  

Effect: This appears to fix the level skip glitch.

Wario Land II

Appears to be identical to the original GBC version.

Wario Land 3

Several changes, some of which have yet to be uncovered! Most of them appear to be color palettes within cutscenes.

To do: Finish this!

Patches: 3DS .patch, IPS, BPS

13:504C: db 10 -> db 08
13:506D: db E0,7F,FF -> db AA,6A,EF
13:5075: db 9F,0D -> db D7,04

Effect: ???

21:484A: dw 7FFF -> dw 39CE
21:4850: dw 7FFF -> dw 39CE
21:4858: dw 7FFF -> dw 39CE
21:4860: dw 7FFF -> dw 39CE
21:4864: dw 7FFF -> dw 39CE
21:486A: dw 7FFF -> dw 39CE

Effect: These color palette changes affect some cutscenes:

• The cutscene after getting the red chest in The Peaceful Village and the green chest in The Grasslands (where The Frigid Sea opens up). [1]
• The cutscene after getting the gray chest in The Steep Canyon (where the screen shows The Frigid Sea).
• The cutscene where The West Crater and The Colossal Hole become accessible
• This may possibly affect other cutscenes as well?

21:698D: dw 7FFF,7FFF -> dw 2D6B,2D6B
21:6995: dw 7FFF -> dw 2D6B
21:699F: dw 7FFF -> dw 2D6B
21:69A5: dw 39CE,7FFF -> dw 2D6B,2D6B
21:69AD: dw 39CE -> dw 2D6B
21:69B5: dw 7FFF -> dw 2D6B
21:69BD: dw 7FFF -> dw 2D6B
21:69C5: dw 7FFF,7FFF,39CE -> dw 2D6B,2D6B,2D6B

Effect: These color palette changes affect some cutscenes:

• The cutscene after getting the red chest in Out of the Woods (where The Pool of Rain and A Town in Chaos become accessible) has altered color palettes when flashing (while it is raining). [2]
• The cutscene after getting the gray chests in Bank of the Wild River and The Tidal Coast (where The Steep Canyon becomes accessible) has altered color palettes when flashing (from lighting strikes). [3] (This is likely the reason why these color palettes were changed in the first place, as this can help reduce the risk of seizures. The other affected cutscenes are likely just a side effect of changing this cutscene.)
• This may possibly affect other cutscenes as well?

2D:67C7: ld a,22 -> FC (Invalid opcode?)
2D:6836: ld a,0A -> FC (Invalid opcode?)

Effect: Unknown, causes the game to crash on real hardware and emulators such as BGB. It is unclear as to why these are changed in the first place -- maybe the 3DS does something unique with these?

This is executed repeatedly during the cutscene after getting the gray chests in Bank of the Wild River and The Tidal Coast (where The Steep Canyon becomes accessible). This may be executed during other cutscenes as well?

2D:69A6: ld a,9C -> ld a,4A
2D:69A9: ld a,73 -> ld a,29

Effect: This is the color palette (739C/294A) that is used for some cutscenes:

• The cutscene after getting the gray chests in Bank of the Wild River and The Tidal Coast (where The Steep Canyon becomes accessible): Most of the screen during lightning strikes had this color change. (This is likely the reason why this color was changed in the first place, as this can help reduce the risk of seizures. The other affected cutscenes are likely just a side effect of changing this cutscene.)
• The cutscene where The West Crater and The Colossal Hole become accessible: only used briefly

Super Mario Bros. Deluxe

Patch: 3DS .patch

0:120D: ld a,30 -> FC (Invalid opcode)
0:1211: ret -> FC (Invalid opcode)

This is executed all throughout the game. Since 0x30 is written to the joypad register here, this is possibly the reason why pressing the A button when attempting to print anything has absolutely no effect on the 3DS (not even an Error 02 message shows up).

0:3D68: ld a,01 -> FC (Invalid opcode)
0:3D6C: ret -> FC (Invalid opcode)

Executed before and during the title screen, but after the "Super Mario Bros. Since 1985" screen, and in several other instances as well. This is normally used for HDMA transfers. It is unknown why this was changed in the 3DS version.

Fortune Telling text changes

31:6622: db D3 -> db C5
31:6624: db DD,DA,F2,1D,E2,EC,1D,F2,E8,EE,EB,1D -> db EB,ED,EE,E7,DE,1D,E2,EC,1D,E1,E2,DD
31:6631: db DA,F2 -> db DE,E7
31:6646: db ED,E8 -> db E2,E7
31:6649: db F0,E2,E7,1D,ED,E1,DE,1D,EB,DA,DC,DE,1D,1D,1D -> db DB,EB,E2,DC,E4,EC,1D,EE,E7,DB,EB,E8,E4,DE,E7

Today is your day 
to win the race   

Fortune is hidden 
in bricks unbroken

31:66B2: db D5,E2,DC,ED,E8,EB,F2,1D,E2 -> db C5,DE,DE,E5,E2,E7,E0,EC,1D
31:66BC: db 1D,F2,E8,EE,EB,EC -> db E1,DA,EB,DE,DD,1D
31:66D6: db E2,E7,1D,ED,E1,DE,1D,DC,E8,E6,E2,E7,E0,1D,EB,DA,DC,DE -> db F0,E2,E5,E5,1D,DB,DE,1D,EE,E7,DD,DE,EB,EC,ED,E8,E8,DD

Victory is yours  
in the coming race

Feelings shared   
will be understood

31:6862: db D3,EB,DA,DD,DE,1D,E1,E2,E0,E1 -> db C5,E8,EB,ED,EE,E7,DE,1D,E2,EC
31:686D: db EC,DC,E8,E8 -> db E1,E2,DD,DD
31:6872: db EC -> db E7
31:6886: db ED,E8 -> db E2,E7
31:6889: db EC,DE,ED,1D,E7,DE,F0,1D,E0,E8,DA,E5,EC,1D,1D -> db DB,EB,E2,DC,E4,EC,1D,EE,E7,DB,EB,E8,E4,DE,E7

Trade high scores 
to set new goals  

Fortune is hidden 
in bricks unbroken

31:6E4A: db 1D,C0,1D,D5,D2,1D,CC,E8,DD,DE,1D,EF,E2,DC,ED,E8,EB,F2 -> db D2,ED,E8,E6,E9,E2,E7,E0,1D,E8,E7,1D,EC,E9,E2,E4,DE,EC
31:6E6E: db 1D,E2,EC,1D,E7,E8 -> db E5,DE,DA,DD,EC,1D
31:6E75: db 1D,F2,E8,EE -> db E8,1D,EC,E8
31:6E7A: db 1D,DF,DA,ED -> db DE,1D,DF,DE
31:6E7F: db 1D -> db ED

 A VS Mode victory
 is not your fate 

Stomping on spikes
leads to sore feet

31:750A: db D5,E2,DC,ED,E8,EB,F2,1D,E2,E7 -> db C2,E1,DA,E7,E0,DE,1D,E8,E5,DD
31:7515: db DA,1D,EB,DA,DC,DE -> db E1,DA,DB,E2,ED,EC 
31:752E: db E6,DA,F2,1D,F0,DA,EC,E1,1D,E9,DA,E2,E7,1D,DA,F0,DA,F2 -> db D8,E2,DE,E5,DD,1D,E7,DE,F0,1D,EC,EE,DC,DC,DE,EC,EC,1D

Victory in a race 
may wash pain away

Change old habits 
Yield new success 

The Legend of Zelda: Link's Awakening DX

3DS .patch

Invalid FC opcodes (freezes on BGB)

To do: Work more on this.