Custom Robo GX/Notes

From Data Crystal
Jump to navigation Jump to search

Chip tiny.png The following article is a Notes Page for Custom Robo GX.

Passwords

In LadyP's laboratory there's a a password system which gives the player items or triggers other responses if the player enters one of the hardcoded passwords. Entering a password starts the corresponding "LaboPass" script.

Here is a list of password strings and the offsets at which they're stored. Note that they are encrypted.

ROM     Script          Password
30F740  LaboPassNo0000  ゆきのキョジン
30F720  LaboPassNo0010  ジゴクのごうか
30F700  LaboPassNo0020  アクマのトイキ
30F6E0  LaboPassNo0030  ヒミツのがん
30F6C0  LaboPassNo0040  かくされたぼむ
30F69C  LaboPassNo0050  オソルベキぽっど
30F67C  LaboPassNo0060  チャンプのガン
30F658  LaboPassNo0070  X−レイください
30F638  LaboPassNo0080  チケットKR2
30F61C  No script       DUMMY
30F5FC  LaboPassNo0100  カスタムロボ
30F5D8  LaboPassNo0110  カスタムロボV2
30F5B4  LaboPassNo0120  カスタムロボV3
30F590  LaboPassNo0130  カスタムロボGX
30F578  LaboPassNo0140  ノイズ
30F558  LaboPassNo0150  にんてんどう
30F53C  LaboPassNo0160  レディP
30F520  LaboPassNo0170  すきです
30F504  LaboPassNo0180  ロボはかせ
30F4E8  LaboPassNo0190  ピータロウ
30F4CC  LaboPassNo0200  こんにちは
30F4B0  LaboPassNo0210  こんばんは
30F494  LaboPassNo0220  さようなら
30F478  LaboPassNo0230  ありがとう

Scripting

Much of the game's events are programmed with an interpreted bytecode scripting language. The interpreter is stack-based and has several stacks:

Name Contains Data location Size variable
int stack 32-bit integer values 0x200CC80 0x200ccc0
string stack pointers to shift-jis encoded strings 0x200E930 0x200e950
callstack call return addresses and temporary storage of variable values 0x0200CCC4 0x200cdc4

In addition to the stacks scripts can also access arrays of integer variables, string variables and flags(packed 2-bit values) by ID.

Name Address Amount of them
int variables 0x200C5C0 0x160
string vars 0x200cc00 0x20
flags 0x200cb40 0x300

There are a total of 0x118 script commands. Commands with IDs larger than 0xff are encoded as two big-endian bytes, while 0xff and smaller are just a single byte.

Command bytes can also be followed by a 1, 2, 3 or 4 byte little-endian parameter number depending on the command. There's also the message command 0x99 which is followed by a null terminated dialog string.

The 3 byte parameter is used for relative addresses, it refers to address (address_of_parameter + 3 + value_of_parameter) and the value can also be negative.

Check out the disassembly for the entire script and documentation of commands.


String Encryption

A few of the game's strings are encrypted. Encryption seems to be mainly used for strings that are compared to input given by the player.

Strings are encrypted by XORing each 2 byte character with 0x7e3f and adding a 0xFF marker byte at the start. The game treats strings as encrypted only if they start with the byte 0xFF, so it's possible to replace encrypted strings with regular unencrypted shift-jis encoded strings.

The decryption routine is at 0x800a630. Here is a python version of it:

from operator import xor

def decrypt_str(data : bytes):
    assert(data[0] == 0xff)
    i = 1
    decrypted = []
    while data[i] != 0:
        decrypted.append(xor(data[i], 0x3f))
        decrypted.append(xor(data[i+1], 0x7e))
        i += 2
    return bytes(decrypted)