An exploration into Gameboy Advance ROM hacking

ROM hacking is the process of modifying a ROM image (usually of a video game) to alter the game’s graphics, dialogue, levels, gameplay, and/or other elements.

Double Fine recently released an episode of “Devs Play” where Brandon goes about hacking the ROM of the first Legend of Zelda for NES. I thought it was really interesting and it inspired me to start poking around one of my favorite games, Fire Emblem: The Sacred Stones for the Gameboy Advance.

To start off, I loaded up a copy of the game in VisualBoyAdvance, a GBA emulator. Note: I had to run VBA through Wine because the Mac version of VBA doesn’t have the features we need to look into the emulated GBA’s memory.

I started up a new game and skipped past the opening cutscenes into the first level of the game where Eirika and Seth are fleeing to Frelia. Normally, the first level is a tutorial level that forces you to make certain choices. If we set the difficulty to “Hard”, the game won’t try and teach us how to play so we can move our characters, attack, and use items freely.

Before we start changing things, we need to figure out what variables we want to mess around with and where they exist in memory. As Brandon did in his video, we want to change a single variable and then try and find its location in memory. In Fire Emblem, the only variables that really change over the course of a battle are a unit’s current hitpoints and the durability of its items. We start the first level with an injured Seth with 13/30 HP and an item called a “vulnerary” that restores some HP. This seems like a good place to start. Before we use the item, we want to go to Cheats->Create.

This new window allows us to search through memory addresses by comparing the values at those addresses either to their previous value or a specific value. Previous being the value they had when you last opened the window — pretty shitty UX, I know. So, let’s hit the “Start” button and select “Specific Value”, “Equal to”, “Unsigned”, and enter 13 (Seth’s current HP) into the box at the bottom. Hit “Search” and you should see a whole bunch of memory addresses and their values show up. One of these addresses is where Seth’s current HP is stored.

An important thing to understand about this search window is that each time you search, it only runs the search on the results of the previous search. If you want to start from scratch, you have to click “Start” again. Make sure “Update values” is checked and click OK to return back to the game. Now, we’re going to use the vulnerary on Seth which should bring him up to 23 HP. Now we can re-open the search window and search for 23, bringing our massive list of possibilities down to two addresses: 0x0202BE5F and 0x0203A4FF.

Now what we want to go to Tools->Memory Viewer. This allows us to see what exactly is in memory. Let’s go to the first address and see what’s there. Type in the first address (in hex, so as it’s written in the Search window) into the box at the top and hit GO. Unsurprisingly, we find the value 0x17 which when converted to decimal becomes 23.

Now, to test if this actually is the HP variable, let’s change it. Click on the value and change it to something else like 03. Now, click back on the game!

When you click back on the game, we should see Seth’s HP update to 3! Success! If it doesn’t, move the cursor off of Seth and then back on to him so that the game redraws his HP. (When the game redraws the screen, it will read the value at the address again.)

But, what about the other address? To make sure that this other address isn’t the real variable, we have to go to it and try changing it as well. If you go to 0x203A4FF and change it’s value, you’ll see it doesn’t have an effect on the game. I’m personally not sure what this variable is.

Now we know how to change Seth’s current HP. But what about all his other stats?

These stats change only change either when you level up or by using a special (and usually rare) item. When you level up, all your stats change at once but we also don’t want to wait until we get one of the rare stat boosting items. What can we do? In his video, Brandon discovers that all of the inventory items in Legend of Zelda are stored right next to each other.

Let’s imagine we’re the programmers of Fire Emblem and we have all these stats. How would we store them? We’d make a struct or an object to hold them!

Something like this:

So let’s try exploring what changing the nearby addresses will do. Let’s change the value at address 0x0202BE60 to 03 as well. Go back to the game and hit left and then right to redraw the screen.

Success! We’ve changed Seth’s strength variable. Now we can continue this trial and error process to figure out the addresses of the rest of his stats. I spent about 15 minutes trying out different addresses and came up with the following results:

But what about Eirika? In Fire Emblem, you can have quite a few characters in a given battle. Let’s assume everything is stored as an array of characters. If this is the case, then Eirika’s data should be right before or right after Seth’s. Let’s see if we can find Eirika’s data based on her stats. She has 16 max HP, 16 current HP, 4 Str, 8 Skill, and 9 Spd. For Seth, all of these stats were stored next to each other. So, let’s try and find the pattern 0x10 0x10 0x04 0x08 0x09 in memory. Unfortunately, the memory viewer doesn’t have a Ctrl-F function, so we’ll just have to look by hand.

There it is! If you try messing around with the data, you’ll see that the data is stored in the exact same format as Seth’s, just like we thought.

As you go further into the game, we can see that these addresses aren’t necessarily reserved for Seth or Eirika. In Fire Emblem, you can choose which characters you will take into a battle. There’s no need to load character data into memory if you aren’t going to use it, right?