Keep in mind that this dude just spent all this time doing what is essentially the same shit a game shark/game genie cartridge does, just to teach us about reverse engineering. Mad respect.
I did the same thing as a kid with Prince of Persia 2. I printed out saved games files on a dot matrix printer using Norton Commander. Was able to find where levels, time, level and player spirits could be changed. I was only years later I learnt that Norton Commander Hex-Editor had a diff function so I did not need to do it manually. Think was one of the first steps to me now working in IT and IT Security.
what? thats a very standard technique that you apply to using a hex editor anyways. also, its not about how much memory the game has, its missing a battery rather. totally different concept.
I tried this game on Game Genie and it always stuck on a black screen after the code screen, even if no codes were entered. I think it’s one of those games with extra security because Nintendo didn’t like Game Genie, and eventually GameShark on N64 if you’re familiar with how it permanently makes DK64 cartridges a pain to play.
I remember, as a kid, we played this game to death. We even got the special credits that happen if you collect all 70 Red Gems scattered throughout the game (10 per stage), which MUST be done in a single session because they aren't encoded into your level password.
You got lucky here, as most games that used passwords did not, in fact, keep a list of valid passwords. Instead, the passwords were actually directly related to flags such as boss kills, items you owned, and where in the game you were. The easiest example of this I can think if is Faxandu (and Metroid) where you're effectively programming the ram with your desired weapons, magic, armor, usable items, starting gold, exp level (which is what actually determined your starting gold), and starting location. AFIAK, most games actually did it that way, instead of the way Aladdin seems to have gone, and many of them had a checksum as part of the password, and that in and of itself was what determined if the password was valid.
Ever seen how people speedrun Earthbound? Their position in the level and combination of movement inputs will determine what RNG table is called (I'm butchering the terminology) so you can use your inputs to produce predictable glitches.
I'd say it's not quite luck. The short nature of the passwords and the fact that the password for the next level always seems to be the same suggests a table.
I remember when i was kid i would do that on Road Rash, i think the third one, from Mega-Drive, and it would change the amount of money i had, or something like this. So i would keep changing it in hopes for the better, lol...
@@darpmosh6601I can't remember 2, but I know 3 did as they had a grid with red dots and I actually cracked that on paper. Luckily it was a very basic pattern.
It wasn't that they didn't have a lot of space to save your save game (though technically a true statement, when they did); it was that the save games were stored in battery backed-up RAM in the cartridge. It was far cheaper to exclude the battery and RAM leaving just the game ROM in the cart.
This applies to console games. But there were also PC games that had this kind of store the level progress in the form of a password that you could write down. One example is Historyline: 1914-1918. If I'm not mistaken, Lemmings was also such a game where you could unlock or jump to further levels by entering passwords.
@@OpenGL4ever Mainly because hard drives were a luxury at the time and likely was running the game on a floppy disk, and kinda don't want to modify your game disk just to store saves.
@@davidmcgill1000 When these two games were released hard-drives were already common on PCs. And another possibility was to just use extra floppies as savegame disk. Many games used the latter option.
Yeah. The funny thing is, if this game had a save file that corresponded to its password system, the save file would literally only need to be 3 bits in size (there are only 8 possible stages you can start from). But you are right, just having the battery was the general bottleneck for games of this era. This game’s extremely simple save state certainly didn’t justify the extra cost.
It was literally the game that I’d play if I just wanted to beat a fun game really quick, and I am/was far from an elite gamer, like I think it took me two years to beat Zelda: LttP. I was born in 87 so maybe I was a little older?
@@6maniac6metal6 You're a year younger than I, and my brother has 3 years on me. Goes to show how easy the game is. LttP was a little cryptic for me in some parts so it makes sense. Not everyone had the right issue of Nintendo Power to figure it all out. 😄
Great for you, gratulations! But in all that time since then ... you and your brother(just joking) didn't learn what ANECDOTAL EVIDENCE is and what it is worth? Naaaah, I don't believe that. In fact because of that, I have no reason to believe anything you said:P
If you had difficulty with the SNES Aladdin, all I can say is, be prepared for the Genesis version. It's 10 times harder. That one will take a lot more hacking. No passwords or progress saving there. Getting to the end without a game over is required.
Very cool! :) For anyone who wants more like this there's an excellent mini-series from Double Fine productions where Brandon Dillon hacks Zelda 1 from the NES and writes his custom ROM image back to a modified cartridge so they can play his mod on original hardware. The first video in the 4-part series is called: "Devs Play" S01E04 - Legend of Zelda (Part 1: Explorer's Club)
In school years I played around games memory patching. Which leads me to an engineering position later in life. Unfortunately every time you do this game doesn’t feel fun anymore. There many ways to hack a game, adding items in level editor, patching saves, patching textures, so on. The coolest one I did was Mac program for Baldurs Gate 2 which reads the screen and throwing dices during character creation.
I'm pretty sure it's easier and faster to beat the game with infinite lives and apples than it is to reverse engineer the password system to levelskip to the end
Reminds me of the French TAS I did on Family Feud for the SNES. The answers are stored in memory as string and sorted by most popular to less popular (except for fast money). The strings also contains capital letters and lowercase. When you answer, the game will look only for the order of the capital letters and, if your answer has the correct order, you can pretty answer something stupid and it will work.
Just download an emulator with a debugger. Load the rom and pause it mid game, open the debugger, search for the value, edit it and resume play. Not to be a dick but anybody has been able to do this for over 20 years and a super simple Google search would have shown you how.
Ohh, man. You've just brought back memories. I had Aladdin on Sega Genesis and the level where you're escaping the collapsing cave on the magic carpet comes to mind. Glad somebody else is talking about old Aladdin video games, despite your troubles lol
Cool! This is so much easier/faster using an emulator! i did something similar in the late 90's on a playstation 1, but, on bare metal. My brother was obsessed with the new southpark rally game, and wanted to unlock everything, there were no "cheat codes" available at the time; the "cheat codes" were memory address:value pairs. I used an action replay card to connect the psx to a PC running a remote debugger. It was a bit time-consuming to have to reboot the game off the CD every time it crashed, but I got there in the end. Process: unlocked one car new track and did a save game. Reboot the playstation, took memory dump before and after the previous saved game loaded, checked the diffs and found the memory locations and values. A bit of fuzzing and unlocked everything :-).
Fun SNES Aladdin fact: The Dragon View team seems to have used some of the same development hardware used on Aladdin, because you can find some of Abu's sprites inside the Dragon View ROM in the same location ($053B60) they appear in the Aladdin ROM.
Man, that takes me back to my teenage years, hacking infinite lives or invulnerability into games on my C=64. That really honed my skills at debugging other people's code.
Man, I vividly remember getting my butt kicked by this game constantly when I was a kid. I'd spend hours trying to beat it, and as far as I recall, I eventually returned the cartridge to my friend (we used to swap SNES games a lot back in the day). Watching you kick the game's ass like you did... it's just gorgeous.
done this like around 30 years ago.. lmao.. and the Aladdin was one of the easiest game to hack ..good times also other games like, duke nukem, Cyberia, Full throttle, Phatasmagoria..etc... omg such a good times I remembered here :D thanks for this vid.!!
This video has taught me something very important: my sense of fairness outweighs my intellectual curiosity, thus despite being a software engineer, my solution to the Aladdin conundrum would've always been to get good and beat the game fairly instead of busting out Cheat Engine at al.
I have several of these game hacking videos and what you see me do is actually change the code where I overwrite the byte(s) that subtract lives or change it into adding 1 (which you can still die) or do a complete hack hook; Which I had to do in getting to the kill screen of pacman video.
Definitely had trouble with this game as a kid, but I was able to beat it normally a few years ago. The hitboxes for grabbing ledges etc are kinda janky but once you get used to them it’s doable. Lion king though… that game is still as impossible as ever lol.
I am a Software Developer and a Ethical Hacker in my hobbies, I LOVE SO HARD when you make videos like that. Hacking is way cooler. I doubt AIs take over that field
Man, I can't remember how often I speedran this game as an 10 year old. I only had 3 SNES games. Aladdin, Yoshi's Island, and Mario Paint. I also had Mega Man X for about a day until my dad saw that it involves me shooting people with a gun, so he returned it to the store. So, endless Aladdin and Yoshi's Island speedruns it was! Thanks for the interesting video that also induced a bunch of nostalgia! Also: I literally never realized what the pass code screen was! I always started from the beginning and had to play until the end! Thanks to you I finally realized what this weird screen was supposed to do. LOL
I ran through this doing no damage runs at like 6. I used to do a Lion king, Aladdin into all SMB games in a row as a kid. Was it amazingly fast and good? no but easily beatable.
Can you please show the process of this? Like how you got to edit memory for an emulated game (im assuming its emulated). And I can only assume the mem addresses were constant so you didnt need to do any pointer maps or anything like modern games require ( due to OS paging etc ). If possible, could you show in depth videos on how to hack more modern games (non multiplayer titles) cos I really want to get better at it but i only ever get as far as finding a value in current memory and then changing it and then losing the address when the game reloads (cant find the pointer offset)
Old games is what got me interested in hacking. First of all - learning BASIC on my C64 to make my own game, then some time later - translating NES games. That's basically all about editing the game's program in hex editor (and sometimes also CHR data to implement Polish letters) and finding right patterns - NES games did not use ASCII or any known encoding standards, so virtually every other game could have its alphabet tiles located in different places of CHR-ROM). Later, I've started occasionally tampering with NES memory (like you here - making cheats and converting them to GG codes, editing levels or making games do stupid things :)) and learning 6502 assembly and electronics. When I started to play around with Forensics CTF tasks on various sites, the similarity between them and NES game hacking made learning new tools and methods super intuitive.
Reminds me of the game genie. Exactly how I used to find the infinite lives and ammo numbers. It allowed for searching for number in the hex after each death or weapon use. Great vid!!
Used this techinique a lot like a decade ago but then I got into software where you can't just simply modify memory directly from outside so I had to change the actual code e.g. in this case changing the actual rom to never subtract any hearts instead of just setting the value from outside.
I wish I had this kind of info when I was a kid. Companies made third party tools for Nintendo and I remember GameShark was one of the most popular ones for Pokemon on the GBC/GBA. Good times
I had a lot of fun using the gameshark pro. The "debugger" was built into it, but if you instead connected it to your PC with a parallel port you could use provided software and it allowed you to do tons of crazy stuff. Not only run the cheat engine but you could take screenshot, backup and restore save data, and even dump ROM. (you could also update the GS firmware and save/restore your codes list). Nobody liked me because I could lock and unlock doors in multiplayer with controller combinations in Goldeneye, and there was a comprehensive guide that explained how make those.
This is a great video! Although I've played the same game on Sega Mega and on PC, but it's a bit different. First level almost looks equivalent, but the last one is definitely not against the big snake. It's probably a different game. Awesome video! Thanks.
I grew up playing Aladdin on the SNES and the only level that truly gave me any trouble was the escape from the Cave of Wonders, those lava waves are brutal, but I did overcome it in the end. What I *THOUIGHT* the video was about was hacking Aladdin on the Genesis to end the insanity because that game is bullshit hard from cover to cover
I went and learned the game and beat it legit. Seeing someone hack a game to win doesn't impress me anymore. Seeing someone beat a game legit impresses me now.
I couldn't for the life of me figure out how you were losing to Jafar and then I realized, "he isn't using the towel" and/or "he doesn't have the towel?", or maybe it's a sheet? Aladdin uses it in the movie as a parachute in the one jump ahead song IIRC, and in the game it's a permanent upgrade you get in level 1 or 2. You only have one chance to get it, but once you have it, this becomes literally the easiest game on the SNES. It let's you hold R (maybe L? I can't remember, it's been years man), but it let's you hold a shoulder button to hover in the air for a bit. Makes the platforming infinitely easier, and the Jafar battle a breeze. Give it a try, your inner child will thank you. ✌️
If there's an inventory upgrade, I would expect that it would need to be reflected in the password. Yet he found the passwords in a table. I wonder how the game keeps track of whether you got it. Or do you always get it after a certain level?
Back in the day, my gameshark on gameboy had an option to create cheats yourself which involved starting the game, changing only the value you wanted to edit (ex throw an apple, gain a life, etc) and then pressing a button on the gameshark. I assume this attempted to inspect memory to see what changed and try to tell you the address. Pretty neat.
This is one of the better hacking videos. Now if you could show how to cross refrence values, set breakpoints when an address is accessed, and how to nop the instructions which allow death you can obtain true immortality.
Back in those days, we had true hackers and super wildcard or profighter units. Those hackers made intros where you could have infinite lives, apples, choose your level directly ingame on your snes, no need for a computer and emulator
I also do the same kind of cheats with ps4, editing the memory values, the easy stuff were infinite money as your just going to search it from memory. Doing infinite lives can be easy or hard to do, if iy relies on value sure easy stuff but if its not you basically have to do assembly and basically disable a instruction responsible for increasing/decreasing life.
This is pretty much how the old game genie worked back in the day. You would scan memory for values, then change the value in game to deduct which your looking for
Yeah the search was wild. Doing it on the Gameboy was so much fun. It's fun when you realize the codes were usually just a combination of the memory address and the value. If you set the value, it'd lock the value. If you set then cleared it, it would set the value and return it to writeable status.
I remember doing this with an emulator back in high school. Taught my other classmates who played on it during class too. While they apply simple hacks like infinite health and ammo, I was like "that's small time now" and doing things like infinite stun timer that made me intangible to enemies and invulnerable to instant death spikes in Mega Man X, and always fully charged which lets me fire off charged weapons instantly dealing massive DPS. Fun times! Now I work in the game industry.
I really like to see this kind of hacks. Of course your not gaming related are also interesting, but the (single player) gaming hack is somehow more relaxing to watch than a real life threat.
Awesome video! Been doing the same thing with an old sega rpg Buck Rogers Countdown to Doomsday, found the level select code and was super pumped to find a test level left in by the devs where you can choose what types of enemies to fight and with what equipment etc
That last boss looks super easy. I used to play this game, but never played it much. I really liked the Lion King on either SNES or Genesis, I forget, but I think they're different games but not sure. I liked the one most people considered better though, I remember that.
I'm guessing for infinite lives you could set a watchpoint for a write on the memory location that contains the apples, then when triggered, follow the code back to where it subtracts one and patch that out with nop or alternatively patch the code so it always writes a non zero value to that memory location so the apples never decrease.
@1:26 you're searching for 0x10 which is 16 not 10 in decimal. Are you showing it for demo purposes only? Or does the game actually show hexadecimal values of apples?
Wow. I am very impressed by the quality of this video! Thanks a lot for your efforts. I am a newbie programmer, and I definitely appreciate your logic. Alright, I'm off to watch your other videos! 😊
I haven't played that game in a long time, though my version was for the Genesis. I would definitely like to see you do a series on making a game for an old system like the NES or SNES. Even though I was a Genesis kid I think the 6502 would be a lot easier to program for than the m68k.
I might be remembering it wrong as a kid but I thought SNES Alladin wasn't that hard I thought I beat it using only like 1 or 2 continues ( I was probably 7 or 8), but SNES Lion King that game is fuckin brutal.
I just recently bought one of those little Chinese handhelds and it includes this game, I had one go and thought ‘Narp’, what were they thinking to make it so insanely tough?
1:03 Saying 10 (decimal) and then showing 10 (hexadecimal) really, really grinds my gears. I like your channel, please don't do that. I **know** you know the difference and so do your viewers.
I remember that as part of one of the megaman games(Maybe 3?) where there was a grid where you placed red dots, I actually reverse engineered it by writing down the passwords and what it corresponded to and found there was a pattern, and if I remember right there /was/ a checksum type thing, luckily it was a very basic one. I could do stuff like give myself all the weapons and max E-tanks. It was probably one of the easiest passwords to crack, more complicated ones probably encrypt the values somehow so there's no obvious pattern. When it comes to memory editing, The old style games were so much easier to hack, most of the values had static addresses so once you found them they'd always be in the same spot, with modern games with dynamic memory allocation the addresses can move all over the place, even mid game, and then you have to try to find the pointers to them that could be a dozen levels deep, it makes it exponentially harder to make something that works consistently, I think that's why a lot of hacks for modern games involve hacking the game code directly instead of the values. Because game code moves around significantly less often(though not never). It basically works by first finding the right value at least temporarily, then monitoring which bit of code modifies/accesses that memory address, then injecting new code that either records the correct base address that can be used as an offset for other cheat entries or injecting code to modify the value directly. I've only had limited experience doing that It does have the advantage that it makes the game itself help you, while locking a memory value basically has the cheating program run on a timer and just keeps resetting the value over and over again rapidly. There's also a few games that are aware of memory hacking and game genie type stuff and do a basic encryption of the memory values and sometimes have a checksum so they can't be cheated so easily. I know pokemon games had this past the first couple gens, maybe the ones in the GBA era?. I think it was an xor bitmask with a checksum, it was annoying. I got past it a little, but not reliably, because the bitmask was different from game to game maybe based on trainer id or something, I basically had to figure it out and decrypt/encrypt manually, there was probably an easier way. It kind of took the fun out of figuring it out. I used to also figure out how to hack saved games which sometimes works better and sometimes i'ts easier to hack the memory. Though later games sometimes use either encryption or compression(which often has the same effect as encryption if you don't have access to the decompression code). It was really annoying the ones that used Seeded RNG based bitmasks, so you needed to know the RNG Algorithm and the seed number to decrypt it. I only had luck cracking that /once/ as I recognized the software was written in VB6 and I just happened to /have/ VB6 and they used the built-in random function, then I had to figure out the beginning of the bitmask and then I ran a simple program to brute force the seed number by just running through every possible number until it spat out the right sequence. I got incredibly lucky they didn't decide to go even more overboard, and they used a fixed seed number and not one that was different every time.
If the goal is to p0wn Jafar, you should have hacked his health to 1 by tracking the reduction of his health after hitting him.
Jafar has two boss fights. Human Jafar's health is at $7E0B6C. Snake Jafar uses $7E0C0C
@@InsaneFirebat When the boss talks shit to you so instead of his IP address, you name his health address 💀😂
Keep in mind that this dude just spent all this time doing what is essentially the same shit a game shark/game genie cartridge does, just to teach us about reverse engineering. Mad respect.
and cheat engine for windows :D
I did the same thing as a kid with Prince of Persia 2. I printed out saved games files on a dot matrix printer using Norton Commander. Was able to find where levels, time, level and player spirits could be changed.
I was only years later I learnt that Norton Commander Hex-Editor had a diff function so I did not need to do it manually.
Think was one of the first steps to me now working in IT and IT Security.
what? thats a very standard technique that you apply to using a hex editor anyways. also, its not about how much memory the game has, its missing a battery rather. totally different concept.
My thoughts exactly xD
I tried this game on Game Genie and it always stuck on a black screen after the code screen, even if no codes were entered. I think it’s one of those games with extra security because Nintendo didn’t like Game Genie, and eventually GameShark on N64 if you’re familiar with how it permanently makes DK64 cartridges a pain to play.
I remember, as a kid, we played this game to death. We even got the special credits that happen if you collect all 70 Red Gems scattered throughout the game (10 per stage), which MUST be done in a single session because they aren't encoded into your level password.
cuz the password dont encode anything
Man, that sucks.
Though memory limitations were a real thing in those days.
You got lucky here, as most games that used passwords did not, in fact, keep a list of valid passwords. Instead, the passwords were actually directly related to flags such as boss kills, items you owned, and where in the game you were. The easiest example of this I can think if is Faxandu (and Metroid) where you're effectively programming the ram with your desired weapons, magic, armor, usable items, starting gold, exp level (which is what actually determined your starting gold), and starting location. AFIAK, most games actually did it that way, instead of the way Aladdin seems to have gone, and many of them had a checksum as part of the password, and that in and of itself was what determined if the password was valid.
Exactly. I was wonder that as well. Which brings up the question: Did Mega Man 2 work that way as well?
Ever seen how people speedrun Earthbound? Their position in the level and combination of movement inputs will determine what RNG table is called (I'm butchering the terminology) so you can use your inputs to produce predictable glitches.
I'd say it's not quite luck. The short nature of the passwords and the fact that the password for the next level always seems to be the same suggests a table.
I remember when i was kid i would do that on Road Rash, i think the third one, from Mega-Drive, and it would change the amount of money i had, or something like this. So i would keep changing it in hopes for the better, lol...
@@darpmosh6601I can't remember 2, but I know 3 did as they had a grid with red dots and I actually cracked that on paper. Luckily it was a very basic pattern.
Doesn't the '0x10' mean 16 in decimal? It even says so in the debugger. Shouldn't it have been 0x0A?
I was looking for this comment (1min30 into the video), unless it's encoded in BCD
Yeah, LLL isn't the best resource
No. Hex goes like this: 01 02 03 04 … 09 where 09 hex = 9 int 0A is 10, 0A- 0F = 10-15 as seen bc FF is 255, (15*15). So 10 hex is 16
@@speedrunme1943 what's the no for? that's exactly what they said
@@SadKris 😂😂😂😂😂😂
It wasn't that they didn't have a lot of space to save your save game (though technically a true statement, when they did); it was that the save games were stored in battery backed-up RAM in the cartridge. It was far cheaper to exclude the battery and RAM leaving just the game ROM in the cart.
This applies to console games. But there were also PC games that had this kind of store the level progress in the form of a password that you could write down.
One example is Historyline: 1914-1918. If I'm not mistaken, Lemmings was also such a game where you could unlock or jump to further levels by entering passwords.
@@OpenGL4ever Mainly because hard drives were a luxury at the time and likely was running the game on a floppy disk, and kinda don't want to modify your game disk just to store saves.
@@davidmcgill1000 When these two games were released hard-drives were already common on PCs. And another possibility was to just use extra floppies as savegame disk. Many games used the latter option.
Yeah. The funny thing is, if this game had a save file that corresponded to its password system, the save file would literally only need to be 3 bits in size (there are only 8 possible stages you can start from).
But you are right, just having the battery was the general bottleneck for games of this era. This game’s extremely simple save state certainly didn’t justify the extra cost.
This brings so many memories. As a kid I never went past the second level , I was 5
Game was SO hard
@@LowLevelTV I had the genisis version it had a code to skip levels
Why do people suck at this game? It's not hard at all.
Nothing delights Jafar more than knowing you had to cheat to beat him
This was one of the fastest games that my brother and I beat. I'm a little baffled that you never beat this
It was literally the game that I’d play if I just wanted to beat a fun game really quick, and I am/was far from an elite gamer, like I think it took me two years to beat Zelda: LttP. I was born in 87 so maybe I was a little older?
@@6maniac6metal6 You're a year younger than I, and my brother has 3 years on me. Goes to show how easy the game is. LttP was a little cryptic for me in some parts so it makes sense. Not everyone had the right issue of Nintendo Power to figure it all out. 😄
Great for you, gratulations!
But in all that time since then ... you and your brother(just joking) didn't learn what ANECDOTAL EVIDENCE is and what it is worth?
Naaaah, I don't believe that. In fact because of that, I have no reason to believe anything you said:P
@@dieSpinnt Hey, any reason for not believing someone is good enough. It's your right :D
Man's just found out how to use Cheat Engine
lol that's what I was thinking
This was super interesting to watch as a fan of these old games. Great video fam!
YO! sup man thanks for watching :)
I have a lot of these old skool game hacking videos
wait so you are telling me that you never, NEVER could beat aladdin from SNES? really? i actually could pass it like for ever
If you had difficulty with the SNES Aladdin, all I can say is, be prepared for the Genesis version. It's 10 times harder. That one will take a lot more hacking. No passwords or progress saving there. Getting to the end without a game over is required.
Very cool! :)
For anyone who wants more like this there's an excellent mini-series from Double Fine productions where Brandon Dillon hacks Zelda 1 from the NES and writes his custom ROM image back to a modified cartridge so they can play his mod on original hardware. The first video in the 4-part series is called: "Devs Play" S01E04 - Legend of Zelda (Part 1: Explorer's Club)
In school years I played around games memory patching. Which leads me to an engineering position later in life. Unfortunately every time you do this game doesn’t feel fun anymore. There many ways to hack a game, adding items in level editor, patching saves, patching textures, so on. The coolest one I did was Mac program for Baldurs Gate 2 which reads the screen and throwing dices during character creation.
I'm pretty sure it's easier and faster to beat the game with infinite lives and apples than it is to reverse engineer the password system to levelskip to the end
Reminds me of the French TAS I did on Family Feud for the SNES. The answers are stored in memory as string and sorted by most popular to less popular (except for fast money). The strings also contains capital letters and lowercase. When you answer, the game will look only for the order of the capital letters and, if your answer has the correct order, you can pretty answer something stupid and it will work.
Oh hey, I did the English TAS of that!
A reverse engineering tutorial using the tools you use for this video, would be awesome. Not necessary to be a snes game but something to begin with.
Agreed!
Definitely agreed! :)
Yep, I would love to see how you see the binary streaming while playing the game.
@@makerbit3970 I'm pretty sure he's using a tool called Cheat Engine
Just download an emulator with a debugger. Load the rom and pause it mid game, open the debugger, search for the value, edit it and resume play. Not to be a dick but anybody has been able to do this for over 20 years and a super simple Google search would have shown you how.
Ohh, man. You've just brought back memories. I had Aladdin on Sega Genesis and the level where you're escaping the collapsing cave on the magic carpet comes to mind. Glad somebody else is talking about old Aladdin video games, despite your troubles lol
Cool! This is so much easier/faster using an emulator! i did something similar in the late 90's on a playstation 1, but, on bare metal. My brother was obsessed with the new southpark rally game, and wanted to unlock everything, there were no "cheat codes" available at the time; the "cheat codes" were memory address:value pairs. I used an action replay card to connect the psx to a PC running a remote debugger. It was a bit time-consuming to have to reboot the game off the CD every time it crashed, but I got there in the end. Process: unlocked one car new track and did a save game. Reboot the playstation, took memory dump before and after the previous saved game loaded, checked the diffs and found the memory locations and values. A bit of fuzzing and unlocked everything :-).
Game hacking is one of the best learning resources, Ty for uploading content!!!
4:46 he said: "🤓☝️"
Fun SNES Aladdin fact: The Dragon View team seems to have used some of the same development hardware used on Aladdin, because you can find some of Abu's sprites inside the Dragon View ROM in the same location ($053B60) they appear in the Aladdin ROM.
0:55 Isn´t that basicly what the Action Replay modules did back in the 16-bit era?
"Hacker": 0x10 - 1 == 0x9
Me: Huh?
does the game use BCD maybe?
7:21 "How many lifes do you have? Jesus!" - the guy who literally cheated to have infinite lifes hahahaha
Man, that takes me back to my teenage years, hacking infinite lives or invulnerability into games on my C=64. That really honed my skills at debugging other people's code.
Man, I vividly remember getting my butt kicked by this game constantly when I was a kid. I'd spend hours trying to beat it, and as far as I recall, I eventually returned the cartridge to my friend (we used to swap SNES games a lot back in the day). Watching you kick the game's ass like you did... it's just gorgeous.
done this like around 30 years ago.. lmao.. and the Aladdin was one of the easiest game to hack ..good times also other games like, duke nukem, Cyberia, Full throttle, Phatasmagoria..etc... omg such a good times I remembered here :D thanks for this vid.!!
infinite apples, Time warp (to last stage), and immortal. You have used your three wishes. Pray that you do not regret these decisions.
Glad to find this channel, you are hilarious and explain your thoughts well, thank you for creating!
Thanks for watching!
This video has taught me something very important: my sense of fairness outweighs my intellectual curiosity, thus despite being a software engineer, my solution to the Aladdin conundrum would've always been to get good and beat the game fairly instead of busting out Cheat Engine at al.
I have several of these game hacking videos and what you see me do is actually change the code where I overwrite the byte(s) that subtract lives or change it into adding 1 (which you can still die) or do a complete hack hook; Which I had to do in getting to the kill screen of pacman video.
Definitely had trouble with this game as a kid, but I was able to beat it normally a few years ago. The hitboxes for grabbing ledges etc are kinda janky but once you get used to them it’s doable. Lion king though… that game is still as impossible as ever lol.
next video
I am a Software Developer and a Ethical Hacker in my hobbies, I LOVE SO HARD when you make videos like that. Hacking is way cooler. I doubt AIs take over that field
Man, I can't remember how often I speedran this game as an 10 year old. I only had 3 SNES games. Aladdin, Yoshi's Island, and Mario Paint. I also had Mega Man X for about a day until my dad saw that it involves me shooting people with a gun, so he returned it to the store. So, endless Aladdin and Yoshi's Island speedruns it was! Thanks for the interesting video that also induced a bunch of nostalgia!
Also: I literally never realized what the pass code screen was! I always started from the beginning and had to play until the end! Thanks to you I finally realized what this weird screen was supposed to do. LOL
I ran through this doing no damage runs at like 6.
I used to do a Lion king, Aladdin into all SMB games in a row as a kid.
Was it amazingly fast and good? no but easily beatable.
this was one of my favorite games growing up too. I couldn't beat it either. 🍻to you beating it mate.
Can you please show the process of this? Like how you got to edit memory for an emulated game (im assuming its emulated). And I can only assume the mem addresses were constant so you didnt need to do any pointer maps or anything like modern games require ( due to OS paging etc ). If possible, could you show in depth videos on how to hack more modern games (non multiplayer titles) cos I really want to get better at it but i only ever get as far as finding a value in current memory and then changing it and then losing the address when the game reloads (cant find the pointer offset)
He has a link to his twitch channel in the description which has the full 2 hour version of SNES hacking.
That's so good! Thanks for that. I also watched the baby monitor videos
Old games is what got me interested in hacking. First of all - learning BASIC on my C64 to make my own game, then some time later - translating NES games. That's basically all about editing the game's program in hex editor (and sometimes also CHR data to implement Polish letters) and finding right patterns - NES games did not use ASCII or any known encoding standards, so virtually every other game could have its alphabet tiles located in different places of CHR-ROM). Later, I've started occasionally tampering with NES memory (like you here - making cheats and converting them to GG codes, editing levels or making games do stupid things :)) and learning 6502 assembly and electronics.
When I started to play around with Forensics CTF tasks on various sites, the similarity between them and NES game hacking made learning new tools and methods super intuitive.
Hahaha the last hack should have been YOU flying with Jazmin, not Aladdin.
Reminds me of the game genie. Exactly how I used to find the infinite lives and ammo numbers. It allowed for searching for number in the hex after each death or weapon use. Great vid!!
Used this techinique a lot like a decade ago but then I got into software where you can't just simply modify memory directly from outside so I had to change the actual code e.g. in this case changing the actual rom to never subtract any hearts instead of just setting the value from outside.
I wish I had this kind of info when I was a kid. Companies made third party tools for Nintendo and I remember GameShark was one of the most popular ones for Pokemon on the GBC/GBA.
Good times
I had a lot of fun using the gameshark pro. The "debugger" was built into it, but if you instead connected it to your PC with a parallel port you could use provided software and it allowed you to do tons of crazy stuff. Not only run the cheat engine but you could take screenshot, backup and restore save data, and even dump ROM. (you could also update the GS firmware and save/restore your codes list).
Nobody liked me because I could lock and unlock doors in multiplayer with controller combinations in Goldeneye, and there was a comprehensive guide that explained how make those.
This is a great video! Although I've played the same game on Sega Mega and on PC, but it's a bit different. First level almost looks equivalent, but the last one is definitely not against the big snake.
It's probably a different game.
Awesome video! Thanks.
they were made by different companies. the snes was made by Capcom whereas the other versions were made by Virgin
Genuinely good explanations & visualisations for a topic scary to many people! A wonderful introduction to get hooked on this technical stuff!
I grew up playing Aladdin on the SNES and the only level that truly gave me any trouble was the escape from the Cave of Wonders, those lava waves are brutal, but I did overcome it in the end. What I *THOUIGHT* the video was about was hacking Aladdin on the Genesis to end the insanity because that game is bullshit hard from cover to cover
This was one of the first games I ever beat. The carpet ride through the Cave of Wonders was so stressful it gave me hives no bs.
I went and learned the game and beat it legit.
Seeing someone hack a game to win doesn't impress me anymore.
Seeing someone beat a game legit impresses me now.
I couldn't for the life of me figure out how you were losing to Jafar and then I realized, "he isn't using the towel" and/or "he doesn't have the towel?", or maybe it's a sheet? Aladdin uses it in the movie as a parachute in the one jump ahead song IIRC, and in the game it's a permanent upgrade you get in level 1 or 2. You only have one chance to get it, but once you have it, this becomes literally the easiest game on the SNES. It let's you hold R (maybe L? I can't remember, it's been years man), but it let's you hold a shoulder button to hover in the air for a bit. Makes the platforming infinitely easier, and the Jafar battle a breeze. Give it a try, your inner child will thank you. ✌️
What about for the Genesis version? I've never found the towel and never gotten past level two because this game was so hard.
If there's an inventory upgrade, I would expect that it would need to be reflected in the password. Yet he found the passwords in a table. I wonder how the game keeps track of whether you got it.
Or do you always get it after a certain level?
Back in the day, my gameshark on gameboy had an option to create cheats yourself which involved starting the game, changing only the value you wanted to edit (ex throw an apple, gain a life, etc) and then pressing a button on the gameshark. I assume this attempted to inspect memory to see what changed and try to tell you the address. Pretty neat.
This is one of the better hacking videos.
Now if you could show how to cross refrence values, set breakpoints when an address is accessed, and how to nop the instructions which allow death you can obtain true immortality.
lol, REALLY!? Me and my brother got Aladdin and we beat the game in the first 2 hours - I remember being massively disappointed. 😅
I remember seeing some kids finishing this game, they were revered like gods on Earth.
Back in those days, we had true hackers and super wildcard or profighter units. Those hackers made intros where you could have infinite lives, apples, choose your level directly ingame on your snes, no need for a computer and emulator
Veni, vedi, feeli... Awesome! Childhood memories reloaded. I never made it further than the point where you fly away from the lava.
I also do the same kind of cheats with ps4, editing the memory values, the easy stuff were infinite money as your just going to search it from memory. Doing infinite lives can be easy or hard to do, if iy relies on value sure easy stuff but if its not you basically have to do assembly and basically disable a instruction responsible for increasing/decreasing life.
This is pretty much how the old game genie worked back in the day. You would scan memory for values, then change the value in game to deduct which your looking for
Yeah the search was wild. Doing it on the Gameboy was so much fun. It's fun when you realize the codes were usually just a combination of the memory address and the value. If you set the value, it'd lock the value. If you set then cleared it, it would set the value and return it to writeable status.
7:43 all you have to do is sit back, relax, and... inject yourself into the cheesy ending.
I remember doing this with an emulator back in high school. Taught my other classmates who played on it during class too. While they apply simple hacks like infinite health and ammo, I was like "that's small time now" and doing things like infinite stun timer that made me intangible to enemies and invulnerable to instant death spikes in Mega Man X, and always fully charged which lets me fire off charged weapons instantly dealing massive DPS. Fun times! Now I work in the game industry.
Wow
What tools and software did you use for emulation and hacking and live hacking?
I really like to see this kind of hacks. Of course your not gaming related are also interesting, but the (single player) gaming hack is somehow more relaxing to watch than a real life threat.
"Did u find the milk yet?" nice one
Awesome video! Been doing the same thing with an old sega rpg Buck Rogers Countdown to Doomsday, found the level select code and was super pumped to find a test level left in by the devs where you can choose what types of enemies to fight and with what equipment etc
If you put in the password and hit enter, what told the system you pressed start?
That looks like a 16-bit int for the hearts in LSB which would make that 64k hearts...but I might be mistaken.
We used to play with ArtMoney application in order to mess with application memory in RF when I was a kid.
I followed this exact process as a 10 year old using game shark. I had no idea little me was a hacker.
This takes me back to my childhood. The memory hacking, not the game.
wow you have learned programming to reach this day ! gloriously finishing aladdin . job well done XD
I'll have you know I beat Aladdin and Lion King as a kid.
Tried on a sim a few years back, didn't even beat 4 stages even with saves.
That last boss looks super easy. I used to play this game, but never played it much. I really liked the Lion King on either SNES or Genesis, I forget, but I think they're different games but not sure. I liked the one most people considered better though, I remember that.
I'm guessing for infinite lives you could set a watchpoint for a write on the memory location that contains the apples, then when triggered, follow the code back to where it subtracts one and patch that out with nop or alternatively patch the code so it always writes a non zero value to that memory location so the apples never decrease.
Seems complicated. Lets just write ten to the address every frame instead.
@@henke37Not complicated, I mod a ton of games like that. It also has the benefit of being able to edit the memory at startup
@@henke37 But wouldn't you need to perform the search every time the game starts?
@1:26 you're searching for 0x10 which is 16 not 10 in decimal. Are you showing it for demo purposes only? Or does the game actually show hexadecimal values of apples?
It’s showing the hexadecimal value as decimal, I do not know why lol
An interesting effect, I hacked snes Batman and robin, when you set life to zero the enemies just don't attack you.
That bit at 2:00 had my sides in stitches
It is very easy to hack all games if you have an Amiga 500 game console and Action Replay MK-III cartridge 😊 Good old times !!
Classic
Hey please make a video on the tools and setup you used for this video. And how to get started with hacking NES games.
This is great explanation...hope to see more videos on using such toools
you said it underflowed 1 byte to FF(255) but the video showed 2 bytes underflowing to FF FF (65535)
Wow. I am very impressed by the quality of this video! Thanks a lot for your efforts. I am a newbie programmer, and I definitely appreciate your logic. Alright, I'm off to watch your other videos! 😊
You're very welcome!
That's how I started as well, by hex-editing games in the 90s. Fun times!
Great video! One other idea instead of giving you 0/255 hearts is to remove the subtraction command that will cause you to lose lifes when hit :)
I haven't played that game in a long time, though my version was for the Genesis. I would definitely like to see you do a series on making a game for an old system like the NES or SNES. Even though I was a Genesis kid I think the 6502 would be a lot easier to program for than the m68k.
Would it not be possible to reverse the deduction of hearts when hit, thus making Alladin gain HP on getting hit?
Now this is the kind of stuff i love watching
The fact that you didn't do any ASM hacking made me die a little inside.
I might be remembering it wrong as a kid but I thought SNES Alladin wasn't that hard I thought I beat it using only like 1 or 2 continues ( I was probably 7 or 8), but SNES Lion King that game is fuckin brutal.
I just used snes mini and its save state functionality and rewind
Well done!
I just recently bought one of those little Chinese handhelds and it includes this game, I had one go and thought ‘Narp’, what were they thinking to make it so insanely tough?
This reminds me of using a GAME Genie for Sega Genesis. They had a tool for creating your own codes that used a similar system
I actually owned this game as a kid. I remember beaten it start to finish dozens of times.
How did you find the apple value by searching 0x10(16) which turned into 9 lol
1:03 Saying 10 (decimal) and then showing 10 (hexadecimal) really, really grinds my gears. I like your channel, please don't do that. I **know** you know the difference and so do your viewers.
So many ‘Trainers’ for games in the 80s and 90s have the same graphics glitch 😂
I remember that as part of one of the megaman games(Maybe 3?) where there was a grid where you placed red dots, I actually reverse engineered it by writing down the passwords and what it corresponded to and found there was a pattern, and if I remember right there /was/ a checksum type thing, luckily it was a very basic one. I could do stuff like give myself all the weapons and max E-tanks. It was probably one of the easiest passwords to crack, more complicated ones probably encrypt the values somehow so there's no obvious pattern.
When it comes to memory editing, The old style games were so much easier to hack, most of the values had static addresses so once you found them they'd always be in the same spot, with modern games with dynamic memory allocation the addresses can move all over the place, even mid game, and then you have to try to find the pointers to them that could be a dozen levels deep, it makes it exponentially harder to make something that works consistently, I think that's why a lot of hacks for modern games involve hacking the game code directly instead of the values. Because game code moves around significantly less often(though not never). It basically works by first finding the right value at least temporarily, then monitoring which bit of code modifies/accesses that memory address, then injecting new code that either records the correct base address that can be used as an offset for other cheat entries or injecting code to modify the value directly. I've only had limited experience doing that It does have the advantage that it makes the game itself help you, while locking a memory value basically has the cheating program run on a timer and just keeps resetting the value over and over again rapidly.
There's also a few games that are aware of memory hacking and game genie type stuff and do a basic encryption of the memory values and sometimes have a checksum so they can't be cheated so easily. I know pokemon games had this past the first couple gens, maybe the ones in the GBA era?. I think it was an xor bitmask with a checksum, it was annoying. I got past it a little, but not reliably, because the bitmask was different from game to game maybe based on trainer id or something, I basically had to figure it out and decrypt/encrypt manually, there was probably an easier way. It kind of took the fun out of figuring it out.
I used to also figure out how to hack saved games which sometimes works better and sometimes i'ts easier to hack the memory. Though later games sometimes use either encryption or compression(which often has the same effect as encryption if you don't have access to the decompression code). It was really annoying the ones that used Seeded RNG based bitmasks, so you needed to know the RNG Algorithm and the seed number to decrypt it. I only had luck cracking that /once/ as I recognized the software was written in VB6 and I just happened to /have/ VB6 and they used the built-in random function, then I had to figure out the beginning of the bitmask and then I ran a simple program to brute force the seed number by just running through every possible number until it spat out the right sequence. I got incredibly lucky they didn't decide to go even more overboard, and they used a fixed seed number and not one that was different every time.
this was cool actually, im a dev but have never done reverse engineering, reverse compilation, or any low level hacking. I found it pretty educational
I killed jahfar when I was a kid but I don't know how to code so I guess it evens out.