Puffweet dot com

RSS

Contact

Category: kungfu_re

  • RE’ing Kung Fu for NES, Part 2

    Just slowly plugging along. I’ve been alternating between trying to understand snippets of code in Ghidra, looking at memory changes at runtime in Mesen, changing them to see what they do, and tracing execution paths in the debugger.

    That’s probably the cycle I’ll be doing all the way through.

    I can’t debug through Ghidra but it’s got extensive commenting/renaming features. Mesen’s debugger has a few label creation/renaming features but it’s a more limited. I don’t seem to be able to add comments, which would’ve been nice. The debugging features are pretty great, though.

    One thing I haven’t seen in Mesen is a feature to track whether certain values went up or down between breaks. It only marks values that have been written to. It would help pinpoint memory values that go down, like health bars or time counters.

    So far in memory I’ve identified some various timers, the random number generator, player lives and progression, joystick/oam/ppu register copies. I’ve also found update functions for what I guess are the different “modes”, like the title screen and game play, with each mode having multiple functions, which are maybe sub-modes. Haven’t gone too deeply into it yet. Identified a few simple utility get/set/clear functions for memory and PPU.

    I realized I could look at Game Genie codes to help figure out certain values. There aren’t that many codes out there but it did identify a few things.

    Moved the project file to the cloud to at least have some semblance of backup and version control. I’ll have to figure out how I want to store this in GitHub or something.

  • RE’ing Kung Fu for NES

    On a whim I decided to look into reverse engineering Kung Fu, a launch title for the NES released in 1985. I was surprised there wasn’t a lot available online already.

    Ever since RE’ing Downland I was thinking about my next RE project. I wanted something I could complete in a reasonable amount of time with a reasonable amount of effort. I have huge ambitious dreams of RE’ing all my favorite games, but I have no time or patience for anything big.

    The Kung Fu ROM is 40 kilobytes, 8kb of program and 32kb of graphics rom. I think that’s pretty much what I can realistically tackle.
    (Correction: It’s actually 32kb of program ROM and 8k of graphics ROM. The people responsible have been sacked.)

    I did find a YouTube video series by DandyLo about KungFu’s inner workings, including one about how it handles collisions.

    One thing I’ve already found that surprised me is that the main player character is made out of background tiles, not sprites. If the game already uses sprite 0 to do the split screen, I wonder how it scrolls the middle part of the screen to move the player around.

    I got a Ghidra project up and started the preliminary investigation. I’m also using Mesen and its debugging features. I’m not very far in. I’m at the point where it sets up RAM, the PPU, and namespaces and then goes into an infinite loop. After that I guess it handles everything through the vblank handler.

    I’ve barely gotten off the ground but I’ll want to post up the work somewhere. I don’t actually know if I can post Ghidra projects on Github. At the very least I’ll post a disassembly listing.

    I plan to interleave this work with other projects. I still have maybe a few more Downland Unearthed articles in me, and I’ll want to eventually tackle scrolling of really large areas in SMS Rally. The idea is that instead of intensely concentrating on just one project (and potentially burning out, again) switching between different ones will keep my interest and energy up. We’ll see!