How to make cheat modes for Konami MSX roms

This is a pretty strange subject to put on these pages, but hey, it might interest someone. It is written for assembly-coders, preferably with a bit of hacking experience =)

A useful tool

I suppose this has become a bit obsolete, what with all these MSX-emulators that are now in fashion. But it's still the best tool for hacking/debugging on a real MSX.

It's... a memory extension with a switch. Yeps. On/off. I forgot which line the switch is supposed to be on, but ask this on the MSX-newsgroup and probably someone can tell you. How does it work? Well, when you put the switch "off", and boot the computer, it cannot find the memory extension and boots from normal ram. Now run your program, or the program you want to hack. Flick the switch to "on". Now wait until the program is in the phase you want to examine, (or just wait till your buggy program hangs,) and reset your computer!!

What happens is this: on booting, your computer now finds RAM first in your memory extension, thereby completely ignoring the contents of the computer-ram. When you now run "wbass" or something, selecting the slots correctly shows you all ram, including the high system area (.. such as stack pointer areas, fd9a/fd9f vector usage) exactly as it was when you resetted the computer! It's a really good trick. (Credits for this method should go to Emiel Hensen, who was Dr.Venom in Sigma. Way back, this.)

Trick #1: Unlimited money/score with Konami roms

They always do it the same way. For ease of printing, money is most often stored in BCD format (coders should recognize this). Well, if the counter becomes bigger than 10.000, the score is set to 09999h or something. So look out for 099h codes in the roms, and disassemble the stuff near it. Most of the time there is a "RET NC" code just before it. All you have to do is to remove that opcode, e.g. by putting a zero ("NOP") there, and the first coin you collect gives you maximal money!

Trick #2: Invincibility

This is a more difficult one. I discovered it when it was still a sport to hack the music out of games.

1. Hack the music or sound effects.

They always (erm except firebird and metal gear) start at 06000h or something, and there's three standard entries. (6000/6003/6006, sometimes 6009) to control the music players. There's one that gets called each interrupt, one initialises the routines, and another starts music/sound effect "A". Or use someone else's hack. But you have to know which sound corresponds to which number.

2. Find out which sound number corresponds to "being hit" in the game.

If step 2 was succesful, this is easy.

3. Find the address of the routine that plays this sound.

Usually, there is a long list in the 04000-05fffh block (block 0 in the rom) which looks like "ld a,12; jr address; ld a,15; jr address; ...." andsoforth. At the address mentioned is a jump to the music player. Find the address where it says: "ld a,being_hit; jr adress" and write it down.

4. Hack!

Let "wbass" search for calls to that address. Usually, you find a bit of code that looks like this:

  ld a,(adr)
  ...
  ret nz
  ...
  call "being_hit_sound"
  ...
  ...

Change the "ret nz" to a "ret" and you can do whatever you want! This method works really fine. Yeps.

Trick #3: Rom combination tricks

This one is really obvious. Konami uses the bios to read bytes from other slots, you can easily search for these calls. Then they compare the first four bytes at 04010h or something with a table, because all konami roms have identifying codes. If you change these detection routines it is easy to make the game think that it has detected all possible combinations!

And that's all folks! Questions via E-mail are welcome.