GoldenEye 007 Nintendo 64 Community, GoldenEye X, Nintendo 64 Games Discussion

[Gahr]

I would be curious to know about that.

Yes, I understand things have moved forward and from a modding perspective the GS was somewhat restricted, but I do like the fact that it's possible to mod my actual game cartridge instead of having to rely on emulator or flashcart.

I noticed some levels readme say "Load: Stack (Press A 3 times at Nintendo logo)"

Does that mean that pushing "A" when Goldeneye starts will trigger the custom level boot sequence directly ?

[zoinkity]

Wreck wrote:

I could be misremembering, but didn't the D0/D1 codes use up slightly more space in RAM than 80/81 for GameShark?

You're right about that. Normal codes are 4 OPs, conditionals 5 OPs, 10 for GS button. Here's how they break down:

Code:

80/81    3C1A****   LUI   K0,****    375A****   ORI   K0,K0,****    241B****   ADDIU   K1,R0,****    A35B0000 / A75B0000   SB/SH   K1,0000 (K0) 88/89    3C1ABE*0   LUI   K0,BE00 + rdram    375A0000   ORI   K0,K0,0000    875B0000   LH   K1,0000 (K0)    0000000F   SYNC    337B0400   ANDI   K1,K1,0400    17600004   BNE   K1,R0,+4    3C1A****   LUI   K0,****    375A****   ORI   K0,K0,****    241B****   ADDIU   K1,R0,****    A35B0000 / A75B0000   SB/SH   K1,0000 (K0) D*    3C1A****   LUI   K0,****    375A****   ORI   K0,K0,****    835A0000 / 875A0000   LB/LH   K0,0000 (K0)    241B****   ADDIU   K1,R0,****    135B0004 / 175B0004   BEQ/BNE   K0,K1,+4

[rant]Frankly never understood why they didn't use the pocket of memory for the GS hook and expand it to put a code interpreter. Could get eight for the price of three. The code search "active codes" list uses one, lets you add ~30 bonus codes on the side if need be, plus the F* types at boot.[/rant]


So ~170 is the limit on the XPlorer? That's doable for a lot of stages actually. Some of the original cheat lists itemized what everything was, could include just the mandatory things (spawns, basic weapons, then objects until you're out of room).

No idea the button pressing thing. Maybe a "don't let the intro run or it will crash" thing?

[Gahr]

Ok, I will try a couple more levels but now that I've identified this limit I've managed to confirm it with a couple levels. These are the ones I managed to load sucessfully:
Dam
Control
Runway

You are right Zoinkity I have lists which are split by type (stage load, glass, doors, flag token, respawn points)

I have an issue with Facility, I cannot use the code for 2/3/4player which is shorter but using "50" repeater codes because the Xplorer doesn't support them, but the other codes (which are specific to a fixed number of player, so less flexible) I've found are a tad too long and the only way I managed to load the level is to remove the weapons and armor part. I've noticed there' a huge part of the code which is "Glass", assuming it spawns glass inside the level, I tried removing it to cut some space but Facility wouln't boot without this " Glass" part. So I'm kinda stuck on that one, I don't know if you guys could have a look. i can share the exact code.

[Gahr]

These are the codes giving me trouble:

The codes which are short enough, but using "50" so can't use them:


Facility Backzone
Hacked By - Wreck
Emulator Tested - Yes
Console Tested - Yes
Players - 2, 3, or 4
Level Load - Choose Facility from the level menu

Screenshots:


Codes:

"Facility BZ Pt 1" .off
8102A932 0000
81063BF0 8009
81063BF2 E360
D102B522 0002
81063BF2 3860
D102B522 0003
81063BF2 0DE0
D102B522 0004
81063BF0 8008
811F2DEA 008B
811F2DF6 0043
811F2E02 0125
811F2E0E 00CC
811F2E1A 0134
811F2E26 0127
811F2E32 0048
811F2E3E 011C
811EFBB6 274F
811EFC3E 2750
811EFCF2 0117
811EFDA6 00A3
811EFE2E 009D
811EFEE2 00A4
811EFF96 00DA
811F001E 00DB
811F00D2 00DF
811F0186 0130
811F020E 008D
811F02C2 012E
811F0376 0111
811F03FE 2740
811F04B2 2741
811F0566 00A0
811F05EE 009E
811F06A2 009F
811F0756 00F1
811F07DE 274A
811F0892 274C
811F0946 0131
811F09CE 008E
811F0A82 0132
811F0B36 00A1
811F0BBE 0119
811EFB2E 0061
801F1045 00A0
801F1145 00A0
801F1245 00A0
801F1345 00A0
801F1047 0075
801F1147 0076
801F1247 0077
801F1347 0078
801F10E7 0001
801F11E7 0001
801F12E7 0001
801F13E7 0001
801F1348 0060
"Facility BZ Pt 2" .off
801F1F47 0085
801F2047 0086
801F1747 0071
801F2247 0072
801F2347 0074
801F2447 006B
801F2547 006C
801F2647 0079
801F2747 0083
801F2847 0084
801F17D9 0000
801F24DF 0001
801F28DF 0000
50000894 0000
801F2943 002A
50000694 0001
801F2947 008A
50000294 0001
801F2CBF 007D
50000894 0000
801F2949 0000
50000894 0000
801F294D 0000
50000480 0000
801F1543 002A
50000480 0000
801F1545 0068
50000280 0001
811F1546 277F
50000280 0001
811F1646 2791
50000480 0000
811F1548 0000
50000480 0000
811F154A 0062
801F15C0 0001
811F15CE 0000
801F16C0 0001
811F16CE 0000
D11F1634 0000
811F1634 03E8
D11F1734 0000
811F1734 03E8
"Facility BZ Pt 3" .off
50000A80 0000
811F1840 0280
50000A80 0000
801F1843 0024
50000A80 0000
801F1845 0075
50000A80 0001
811F1846 2710
50000A80 0000
811F1848 0002
50000A80 0000
811F184A 1001
50000A80 0000
811F184E 0100
811F1934 03E8
811F1A34 03E8
811F1B34 03E8
811F1C34 03E8
811F1D34 03E8
D0024337 0007
80024337 001F

So instead I tried those for Facility:

"4 Player Facility" .off

"Respawn Point".off
811EBA54 45E3
811EBA58 43D8
811EBA5C C5A7
811EBA7C 801C
811EBA7E BC74
811EA664 45E4
811EA668 C383
811EA66C 4495
811EA68C 801D
811EA68E 2A74
811ECDC0 45AD
811ECDC4 C380
811ECDC8 4440
811ECDE8 801D
811ECDEA 3984
811EA218 45D1
811EA21C 4307
811EA220 C4FF
811EA240 801C
811EA242 C94C
811EBC38 45CD
811EBC3C C383
811EBC40 43F5
811EBC60 801C
811EBC62 F5DC
811EA950 45C2
811EA954 435C
811EA958 C597
811EA978 801C
811EA97A BF74
811EA740 4608
811EA744 4307
811EA748 43D1
811EA768 801C
811EA76A EB0C
811EBE1C 4606
811EBE20 4321
811EBE24 449D
811EBE44 801D
811EBE46 20EC
"Glass Part 1".off
801F2947 008A
801F29DB 008B
801F2A6F 008C
801F2B03 008D
801F2B97 008E
801F2C2B 008F
801F2CBF 007D
801F2D53 007E
801F2943 002A
801F29D7 002A
801F2A6B 002A
801F2AFF 002A
801F2B93 002A
801F2C27 002A
801F2CBB 002A
801F2D4F 002A
801F2949 0000
801F29DD 0000
801F2A71 0000
801F2B05 0000
801F2B99 0000
801F2C2D 0000
801F2CC1 0000
801F2D55 0000
801F294D 0000
801F29E1 0000
801F2A75 0000
801F2B09 0000
801F2B9D 0000
801F2C31 0000
801F2CC5 0000
801F2D59 0000
801F0C43 002A
801F0C45 0068
811F0C46 277F
811F0C48 1000
811F0C4A 0262
811F0CC2 0190
801F0CC5 0000
811F0CC6 0258
811F0CC8 0000
811F0CCC FFFF
811F0CCE FFFF
811F0CD2 0000
801F0CD5 0000
801F0CDB 0000
811F0CE2 0000
801F0CE7 0000
"Glass Part 2".off
801F0D43 002A
801F0D45 0068
811F0D46 2780
811F0D48 1000
811F0D4A 0262
811F0DC2 0190
801F0DC5 0000
811F0DC6 0258
811F0DC8 0000
811F0DCC FFFF
811F0DCE FFFF
811F0DD2 0000
801F0DD5 0000
801F0DDB 0000
811F0DE2 0000
801F0E43 002A
801F0E45 0068
811F0E46 2791
811F0E48 1000
811F0E4A 0262
811F0EC2 0190
801F0EC5 0000
811F0EC6 0258
811F0EC8 0000
811F0ECC FFFF
811F0ECE FFFF
811F0ED2 0000
801F0ED5 0000
801F0EDB 0000
811F0EE2 0000
801F0EE7 0000
801F0F43 002A
801F0F45 0068
811F0F46 2792
811F0F48 1000
811F0F4A 0262
811F0FC2 0190
801F0FC5 0000
811F0FC6 0258
811F0FC8 0000
811F0FCC FFFF
811F0FCE FFFF
811F0FD2 0000
801F0FD5 0000
801F0FDB 0000
811F0FE2 0000
801F0FE7 0000

"Doors".off
801F1045 00A0
801F1145 00A0
801F1245 00A0
801F1345 00A0
801F1047 0075
801F1147 0076
801F1247 0077
801F1347 0078
801F10E7 0001
801F11E7 0001
801F12E7 0001
801F13E7 0001
801F1747 0071
801F2247 0072
801F2347 0074
801F2447 006C
801F2547 0079
801F2647 0083
801F1445 009E
801F1447 0061
801F2747 0084
801F17D9 0000
801F1947 0085
801F1A47 0086

"Weapon Placements".off
811EFBB6 2743
811EFC3E 0114
811EFCF2 0115
811EFDA6 00A3
811EFE2E 009D
811EFEE2 00A4
811EFF96 00DA
811F001E 00DB
811F00D2 00DF
811F0186 0130
811F020E 008D
811F02C2 012E
811F0376 0111
811F03FE 2740
811F04B2 2741
811F0566 00A0
811F05EE 009E
811F06A2 009F
811F0756 274F
811F07DE 2750
811F0892 0117
811F0946 0131
811F09CE 008E
811F0A82 0132
"Armour Placements".off
811F0B36 00A1
811F0BBE 0119
"Flag Placement".off
811EFB2E 0061
"Unlock/Lock Doors".off
801F14DF 0001
801F28DF 0000
"bz Music (optional)".off
D0024337 0007
80024337 001F
"=========================="
.end

Those last ones I managed to get running, but the "Glass" ones are too long and I have to cut the weapon placement one. Any idea to get this code shorter, either the glass or any other part ? Ideally I would like to tuck at the end the "enable all players" so I can play at 2/3/4 and not only 4 players.

I have a similar issue, I've tried a bunch of codes from MultiplayerX and he spawns object but make use of "50XXXXXX" codes, is it feasible to replace those parts with standard 80/81 codes ? From what I understand using 50 codes is a shortcut to making a number of 80/81 codes.

[Gahr]

Ok, now I'm not too sure about the "50" repeater codes.
According to this source, which was what I based my claim these weren't supported by the Xplorer, I assumed they only work on GS because they aren't listed among the XP supported code types: https://doc.kodewerx.org/hacking_n64.html#xp_code_types

But then tonight I 'm reading again this and I notice that Kai listed "50" codes as supported by the Xplorer 1.067 only (which is the latest firmware, and the one I am using): https://web.archive.org/web/20190111215851/http://www.kai666.com/n64_code_types.htm

So I'm not sure anymore. I think that guy was pretty much the expert on the Xplorer so if he listed them as supported, they must be. But then, I don't know why every code I've tried on the Xplorer, which is below 170 codes and with "50" codes in it, failed.

[zoinkity]

Either they aren't supported or they're producing too many codes. On a GameShark they're expanded, they don't create a loop.

The formula for them is:

Code:

5000nnaa 00dd (n)umber change in (a)ddress change in (d)ata

Remember this is all hexadecimal math, so A is 10, B is 11, etc.
A code like this one:

Code:

50000A80 0000 811F1848 0002

-produces 10 (0xA) codes. (Or I think it does. Dang, need to find the DASM to see if it counts 0 as 1. Anyway...) The address part increases 0x80, and the value stays the same. The end result (unless I miscounted) is:

Code:

811F1848 0002 811F18C8 0002 811F1948 0002 811F19C8 0002 811F1A48 0002 811F1AC8 0002 811F1B48 0002 811F1BC8 0002 811F1C48 0002 811F1CC8 0002

Now an example where the data value increases as well. This increments the address by 0x80, the value by 1.

Code:

50000280 0001 811F1646 2791

-(probably) expands to:

Code:

811F1646 2791 811F16C6 2792

Haha, great you linked the EnHacklopedia! Couldn't remember its name, was trying to find a copy to refer you to it.

The F0/F1 types listed aren't very useful in GoldenEye, but they let you write a certain amount of data before the ROM is run. The important thing is they aren't counted into the codelist! Unlike normal codes they aren't constant but they are free and completely unappreciated. Used them a lot in the past for fileservers, hacking the GameShark runtime, dumping photopi cards, and playing the OoT MQ disk on a retail drive.

In the GS section they mention the CC000000 0000 enabler. This is designed to hook 64DD games! Reason being 800001A0 is where a copy of the disk header is kept so they need to jump out to patch the handler. I've used it few times now, like with the OoT disk patch above. If we ever got drives Datel was ready.

Bit interested in the device now. If I ever get some time, will try disassembling its runtime and see what it really supports.

[zoinkity]

Sorry for the double-post, but this is a completely different theme.
Exactly what are these devices? If you open up the firmware there's greetz from the old dextrose/#n64dev crowd here:

Quote:

Hello to 0x4e494c, tika64, _rip_, AzMaEl, _Demo_ du sud, LaC, KS & Rene_, Act0r and his twin Hartec, Blackbag & Dextrose, and other blokes from #n64dev Developed entirely under Linux with mips-sgi-irix5 cross gcc 2.8.1, and custom makerom tool The people at FCD are WHB, PJH, DN, MW, IN, RM, SPGM, and SK Check http://www.x-plorer.co.uk for the latest news

It sort of seemed like a reverse-engineered GameShark (which was a reverse-engineered Partner64) but didn't know about this scener connection at all. It's incredibly compact compared to the multiple compressed files in a GS. Wondering exactly how this firmware operates.

Curious why there's a copy of PAL GE's ROM header at 0x3F400 too.

[edit]
In some ways this is both more clever and more limited than a GameShark. What's interesting is they scan IPL3 for the permanent loop that triggers when the checksum is bad, replace it, then scan for the jump to the boot vector and replace that. It then runs some code that sets the watch, exception handler, etc. and fixes the changes to IPL3.
One oddity is it removes the watch after a given number of attempts to write the exception vector. The default is 1, and it would need to be 2 to hook 64DD expansion games.
There's a minor amount of obfuscation at BF43F2EC surrounding the detected size of ram, boot vector, etc.

Reflashing/upgrading using a second device is a feature! It checks the version of each one and tells you which is more current, then gives the option to flash one with the other.

Not doubting the LaC connection now. There's some similarity to the unused(?) trainer code in his bootloader. Minimum it was used as reference.

Among the more hilarious things is how this thing copies its runtime in. It uses a BGEZAL to the copier, and the copier uses RA as the base address to copy from when sticking this all intp SP mem. Mind you it actually sets the sizes by subtracting hard pointers, but it's just that extra level of pointless obfuscation that really lets you know it's a scener production.
So yeah, reeeealy hoping a story about this pops up one day.

[edit edit]
Last thing today (probably). All those compressed files starting at 0x1AE60? Those are RNC1 with stripped headers. 1AE60 is an 84x78 c16 image of a triangle with name "Blaze" on it.
Didn't even need to look at the algo for that one. Name one other codec if a header that's 18 bytes long, compressed and decompressed size, and proper data checksums.

[Gahr]

Thank you for the explanation regarding what these 50 codes actually do. Most likely like you said it must create a list too long for the Xplorer to handle. It's a shame there is this limit, it's just a tad too low for what I aim to do. Edit: By the way if you have a code to test the exact limit Zoinkity, I would happily use it

I have a question, is it safe for me to remove the 50 codes from the multiplayer codes to check if it loads without them?

I did not know that the Xplorer was a reverse-engineered GS, I know it was only made available in Europe (UK and Germany really) by Blaze. This company still exists today, it's called Evercade.

It's funny to think the firmware was a product of the hacking scene back in the days. I've read on several places these are more stable than a GS. Also, I'm using an old win98 PC with parallel port to hook the Xplorer to it and the process of updating the codelist, inserting it inside the firmware and reflashing the firmware is like 30seconds in total. Thankfully, because I'm doing it over and over to tinker with these very long codes.

I've got a list of levels I can consistently load now, a couple from you Zoinkity, I think Streets was you? I'd have to double check.

Anyhow, I've identified also that the issue with the old Facility BZ codes was really the weapons and armor placement ones, regardless of the size of the code, the Xplorer just won't accept these for some reason (black screen either after legal screen or when trying to launch the level from the multiplayer screen). My only workaround so far is to grant all players All weapons and infinite ammo. With these the level loads. Oh and if I put the glass codes on, the level loads but for some player areas remain fully dark, like some textures won't load. I've noticed this inside Statue Park multi too.

[zoinkity]

Removing or expanding the 50s probably would work. Sometimes you get a random object that causes problems if it's in the middle of nowhere but don't remember it happening that often. Want to say the 2710 placements were pickier. Sorry, it's been far too many years.
If there are notes on this they're handwritten, not sure where they might be.


Ah yes, blackouts. Probably the reason why Statue was cut as a MP stage and why some like Depot & Silo never made the cut at all. Rooms won't load, though you can walk around them normally. Sometimes they'll pop back in depending how players move.

The reason for this is available memory. There isn't enough memory to load the new room(s) until one of the older rooms stops being visible. Hmm... Nowadays we could (probably) fix that, but the codes would all need to be changed as a result.


It doesn't take more than a few minutes with this thing to see why and how it's more stable than a GameShark. A big one is that the trainer stores all 64 bits of each register, not just 32. That's a known cause of sporadic errors on a GS/AR when code gen is on.

Its code isn't a piecemeal mess either. The GS was modified over and over leaving unused functions, spurious conditions that no longer applied, unused data, and frankly it wasn't the best written thing in the first place. Xplorer is very concise, if sometimes pointlessly obfuscated.

One of those pointless pieces of obfuscation is in the other used compression type. It has four different commands for unpacking data, but which bytes those commands use are written in the header--obfuscated. You XOR with the string "Hugh" to get the actual assigned bytes.
Like this:

Code:

def decode(src):   # Skip the filesize, just do the data.   out = bytearray()   if src[0:6] == b'COMP02':     # Just an i1 image unpacker.     j = int.from_bytes(src[6:10], 'little')     for i in range(j >> 3):       v, k = src[10 + i], 0x80       while k:         out.append(bool(v & k))         k >>= 1   else:     # Decode the cmds.     q = [src[i] ^ b"Wayne Hugh"[i] for i in range(6, 10)]     j = int.from_bytes(src[10:14], 'big')     p = 14     while len(out) < j:       if src[p] in q:         v = q.index(src[p])         if v == 0:           v = src[p+2]           for _ in range(src[p+1]):  out.append(v)           p += 3         elif v == 1:           v = src[p+2:p+4]           for _ in range(src[p+1]):  out.extend(v)           p += 4         elif v == 2:           v = src[p+3]           for _ in range(src[p+1]):             out.append(v & 0xFF)             v += src[p+2]           p += 4         elif v == 3:           v = (src[p+3] << 8) + src[p+2]           for _ in range(src[p+1]):  out.append(out[-v])           p += 4       else:         out.append(src[p])         p += 1   return bytes(out)

There's your random documentation dump for the day.

PC comms are really, reeealy handy.
The GS/AR are picky about the protocol used and can be awfully slow. In fact, even on a win98 comms could lock up when you reinit it. It wasn't known at the time you only need to free/reinit before certain operations, otherwise you can do a bunch of individual writes or reads all day long without any risk of disconnect. It also never verified the checksum it kept during the whole process... Wonder what would be involved in getting Citadel, the facemapper, Neon64, etc. working with it...


On the lookout now for details on where it stores codes and how many it ultimately supports.
To expand on the EnHacklopedia, there are several different 20- code types. In the most recent English BIOS, the same function (80008370) unpacks 2* and 3F code types.
[edit]Turns out you can only use one 2* code. It's applied when creating the hook.

Code:

21 stores a byte normally 22 stores a halfword 24 stores a halfword value as a word 29 stores a byte to an uncached address (A0000000 instead of 80000000) 2A the same for HWs 2C the same for words

There's two different 3FFFFF** code types too, but not sure the details. They save a value used elsewhere, would need further DASM to figure it out. There's an FF & FE type though.

Last edited by zoinkity on Fri Mar 07, 2025 2:03 am; edited 3 times in total

[Gahr]

Interesting! I'm sure you will find details nobody knows yet about this by looking at its code.

Ah, the random object would explain it then because I have relatively short codes (less than 100) that simply refuse to let the game boot, or it boots but then when launching the level on the multiplayer screen gives me a black screen. Caverns Backzone 1.0 gives me that, Archive Backzone if I try to put in the windows / shelves part of the code, Facility backzone with apparently the weapons/armour parts. I've tested many combinations, for the codes split into sections (access level, load stage, respawn points). I see the respawn part as always mandatory and I never mess with these parts.

I've tried only putting one 50 code, to see if its presence would prevent the level to load. Archive Backzone did load, however I couldn't tell the code had any effect. It was supposed to spawn bookshelves but I scoured the whole level and didn't spot any. I tried putting 2 "50" codes instead, and at that point the level would not load. I was still way below my assumed limit of 170 codes, even if it unpacked.

[zoinkity]

Hmm... There's a chance too that 50 is a different code type on the Xplorer.
Really curious why the limit is so low considering how much more efficient their runtime is.

Completely forgot about this. The game only crashed when the music stops playing.
If you still hear music the stage is just taking a really, really long time to load. Dam was bad about that, like nearly a minute. Frigate too. It remains black until the stage starts.

Yes, respawns are pretty important. In some cases it won't crash the game, but you spawn out in the middle of nowhere. (You can actually walk back into the stage if you're lucky enough to choose the right direction.)

Trying to think of what was fatal... If a position was set to a room that doesn't exist, that was bad. There was something about ending the 2710 list early too, probably because those need to be valid? (I'll find all the reference papers the day after they aren't needed anymore.)

[Gahr]

Haha yeah you always find the stuff you want when you stop looking for it.

That is a very interesting advice about the music still playing, thank you! And I actually do most my testing with a very low sound so I couldn't tell when it was the case or not. I will have to retest everything. I tried waiting a bit before reseting, but clearly not a full minute, maybe 20/30s maximum.

Yes there is the issue with 50 codes, which I think is the biggest one, but I have exemples of old lists without 50 codes, below 170 lines, that are just not working. Something I did not check is, for codes that black screen at the intro, deactivate them temporarily and only activate them at the multiplayer screen. I think Wreck mentionned something like that in old posts.

Edit : as for the 170 codes limit, this is a purely empirical observation from the codes I've tested. Maybe your exploration of the firmware code will prove I am wrong. I actually hope so. It's just that lists that are over 170/175 codes trigger a very specific behavior: the game doesn't boot, it brings the Code Generator/In game trainer in view immediately when powering the console on, for some reason. Staying underneath that limit never triggers this.

[Gahr]

I finally managed to get Archive backzone to load yesterday, with shelves ! It really seems like these 50 codes aren't really supported, because I replaced the 50 codes for the shelves for older ones, also for the shelves, but using standard 80/81 codes, and it loaded!

I can also confirm that at 175 codes the game wouldn't boot, I removed 1 code and it booted at 174 codes.

Last edited by Gahr on Tue Mar 04, 2025 11:10 pm; edited 1 time in total

[zoinkity]

Can verify the normal maximum limit for codes with the trainer enabled is 170. More precisely it's 510 opcodes (0x7F8 bytes): 0x800 allocated, but 8 for the return jump. Normal codes expand to 3 opcodes (0xC bytes), so if you use funky ones the total available will go down. Writing more starts to copy into the code used to run the trainer which is why you had the strange thing with the menu automatically appearing and all.
Why they did that is a big mystery. There's more than enough room for a lot more.

It also supports a maximum of 40 "Test Codes", what Datel called "active cheat codes". These are ones you can create via the search feature. They also directly ripped the list of strings for shortening cheat names from the GS/AR, like "Infinite ", "Player", etc. It's identical.


It's a little convoluted how the trainer's code list works, want to give it a bit more time to avoid making any mistakes here. The jumps at the end of the list for normal codes on & off are movable. In fact, the defaults may never be used.

[edit: details]
The 3FFFFFFE code is used to move the list. Its value is the lowest 16bits of a jump; OR with 081D4000/08000000 to make the final pointer.

The 3FFFFFFF code sets the number of times the Watch can trigger, meaning the number of times it will fix the general exception handler when it gets written to. If you set it to zero it will reset it to one. What's an actual use for this... Would need this set to two or more to escalate a hook for a 64DD expansion game.


What's this stuff about plugins anyway? Any mention of that in the manual?

It's biggest convenience feature has to be the way you don't need to cart swap to boot games with funky CICs. Considering this firmware isn't bootable, there must be a bootstrap providing the multiboot feature at the touch of a button. Might not be checksums come to think of it.
0x100 is the list of "keycodes", but in this case they're checksums followed by the IPL3 seed value. 3F is the seed shared by the mario, star fox, and lylat wars CICs, but all three have different IPLs.
The button register is mapped to B0710000 and each press increments it +0x10.
The device has a pretty low limit for codelists though at only 0xE000. It also lacks the ability to copy whole lists to and from Controller Paks. It's strange. In some ways an improvement, in others nerfed.

There's a lot of things that convert or test codes, but haven't found the part where it makes up the list itself yet. Irregardless how you enter them, internally they're reformatted into Xplorer codes. There's a bunch of ranges that are used too: 00, 30, 50, 70, 80, 90, B0, D0, F0.

Last edited by zoinkity on Fri Mar 07, 2025 2:37 am; edited 1 time in total

[Gahr]

Hmm very interesting, thanks for looking at that. Do you think there would be a way to bypass the 170 code limit ? You say there is room for more. Without breaking anything of course.

Otherwise I think I will just work lists to be under that.

Also I think I noticed it didn't change anything if I was using the trainer or not, I could still have 170 codes processed, or at least 140ish because I know I booted levels without the trainer being activited.