Saves 0031-0032: Taking Inventory, part 1

Offset 0x004B changed from 03 to 04. That’s probably the quantity of fortune wire Kite has. The question at the moment is whether fortune wire is always stored at that offset or whether it’s tied to some other value that marks it as fortune wire.

Offset 0x687E changed from FF to 00. Not sure what that’s about.

Offset 0x749C changed from E8 to DE. Now, the one after that is 03, and 0x03E8 is 1000 in decimal, and 0x03DE is 990. I’d say I’ve found where money is stored. I’m guessing it’s a 32-bit value, too, but it may not be—or maybe there’s a maximum enforced elsewhere. For now, though, I’m going with it.

Now, as for that mysterious 0x687E… I did accidentally speak to a person running around town. Didn’t actually hit ‘talk’ or ‘trade’, but I did open up that menu. Maybe it’s tracking who I’ve spoken to? Easy way to test that. Load save 0030, buy some fortune wire without talking to anyone, save again: save 0032.

And… oh dear. Lots of changes in the region I guessed to be stats and/or inventory. I’ll be ignoring those, for now. 0x687E is indeed still FF in the new save, so I’m going to tentatively assume I was right about that one.

So, I was going to test out what the money limit was, but when I made a modification, the game told me the save file was corrupt. After some careful checking, I’m thinking that there’s a checksum somewhere.

…and I just wasted an hour that I didn’t have to waste. There is indeed a checksum. There’s a file BASLUS-20267DOTHACK in the save directory on the memory card, which I believed to contain the checksum. I was right about this. However, I was wrong about exactly what the checksum was. In these files, I found four bytes changing from save to save. I naturally assumed I was looking at a 32-bit checksum. However, it didn’t seem to be a simple accumulator-based checksum, nor a CRC-32. So, I now suspected it was either a custom checksum (why?) or they were only performing the sum on part of the file. This was looking like a big undertaking.

After a while, I noticed that when I was playing around with that file, modifying what I thought to be the checksum, I was getting weird behavior. Particularly, I noticed that the clock for how long the save had been played was different.

Ah-ha!

Two of those bytes were actually from the clock. It’s only a 16-bit checksum—a simple accumulator. Now that I know it, I can calculate the appropriate checksum for my modified file and insert it.

That’ll have to wait for next time, though. I’ve had quite enough save file hacking for one night.

Written by Tracy Poff on Mon 02 September 2013.