Games that use unofficial opcodes

This is an archive of a topic from NESdev BBS, taken in mid-October 2019 before a server upgrade.
View original topic
Games that use unofficial opcodes
by on (#145571)
I've noticed a few other games seem to use unofficial opcodes other than the ones mentioned here:

http://wiki.nesdev.com/w/index.php/Tricky-to-emulate_games
http://wiki.nesdev.com/w/index.php/CPU_unofficial_opcodes#Games_using_unofficial_opcodes

Dynowarz uses $DA and $FA (one byte NOPs) - you can see this happen on the first level when your dino throws his fist.
F-117A Stealth Fighter uses $89 (two byte NOP) - you can see this happen when your stealth fighter first takes off and gets to the top of the screen before switching to the interior cockpit view
Infiltrator also uses $89 (two byte NOP) - on the title screen

We should probably update the wiki page(s) to mention these other usages of unofficial opcodes.

Are there more that anyone is aware of? I suspect Rollergames uses $03...but I'm still investigating that one...
Re: Games that use unofficial opcodes
by on (#145576)
isosceles wrote:
Dynowarz uses $DA and $FA (one byte NOPs) - you can see this happen on the first level when your dino throws his fist.

Confirmed on Nintendulator:
Code:
Invalid opcode $DA (NOP) encountered at $E56D
Invalid opcode $FA (NOP) encountered at $E57D

(Note that "throws his fist" literally means that the fist goes flying, so have to pick up a powerup for that to happen.)

isosceles wrote:
F-117A Stealth Fighter uses $89 (two byte NOP) - you can see this happen when your stealth fighter first takes off and gets to the top of the screen before switching to the interior cockpit view

Also confirmed:
Code:
Invalid opcode $89 (NOP) encountered at $B702
Invalid opcode $89 (NOP) encountered at $B753
Invalid opcode $89 (NOP) encountered at $B9AA

isosceles wrote:
Infiltrator also uses $89 (two byte NOP) - on the title screen

And this one also:
Code:
Invalid opcode $89 (NOP) encountered at $8939

(Seems to be in sound code, and funnily enough it's also in sync with the "tick tick tick" sound being played.)
Re: Games that use unofficial opcodes
by on (#145581)
isosceles wrote:
We should probably update the wiki page(s) to mention these other usages of unofficial opcodes.

So what's stopping you? Did you make an account on the wiki? If so, do you need us to grant you edit access? (Tepples or I can do this no problem, just drop one of us a PM with your Wiki username and we'll make it happen).

The wiki is a collaborate effort -- in other words, this post here on the forum is totally cool and appreciated, but you effectively could have done the same thing by editing the wiki in the first place. "We should probably update it" implies that for some reason you can't or won't, so let's work together to make sure you can and will!
Re: Games that use unofficial opcodes
by on (#145585)
It'd be also interesting to see if the usage of those unofficial opcodes is the result of a program flow bug that miraculously didn't make the game crash (so the developers never fixed it), or if it is really the result of using them on purpose.
I really see no advantage in using unofficial multi-bytes nop as opposed to real nops.
Re: Games that use unofficial opcodes
by on (#145586)
...or a bad dump.
Re: Games that use unofficial opcodes
by on (#145587)
$89 can be the result of a mistaken BIT in code originally intended for a TurboGrafx, Lynx, or Super NES. The 65C02 interprets $89 as BIT #ii, which sets the Z flag based on A & ii. The 6502 interprets it as a 2-byte NOP, which is exactly the same except flags aren't affected.

Bregalad wrote:
I really see no advantage in using unofficial multi-bytes nop as opposed to real nops.

Do any of these games use the 2-byte NOP as a clockslide? Besides, now that flash memory has replaced mask ROM, 2-byte NOPs are useful for making each copy identifiably unique.
Re: Games that use unofficial opcodes
by on (#145590)
tepples wrote:

Heh, interesting way to play with the opcodes.
Re: Games that use unofficial opcodes
by on (#145661)
It appears Rollergames uses $03 (SLO), at $C7EE - this happens almost immediately upon the start of the first level, and periodically thereafter.
Re: Games that use unofficial opcodes
by on (#145662)
...and The Simpsons: Bart vs The World uses $0B (ANC) at $F126. You can see this happen on the China boat level, when Bart throws his ball.
Re: Games that use unofficial opcodes
by on (#145665)
Couldn't reproduce either one of those.
Re: Games that use unofficial opcodes
by on (#145666)
Noting here: now that you (isosceles) have wiki edit access, please be careful in adding entries for these games. If folks can reproduce + verify the behaviour, then thumbs up, but don't be hasty with your additions. We don't want to send emulator authors on wild goose chases if we can avoid it.
Re: Games that use unofficial opcodes
by on (#145675)
tepples wrote:
Do any of these games use the 2-byte NOP as a clockslide?

This was my first thought, either that or for doing cycle-exact timing of hardware accesses without needlessly messing with the CPU state (I know I have used otherwise inefficient opcodes in the past because they happen to give me the perfect timing for the hardware).
Re: Games that use unofficial opcodes
by on (#145679)
thefox wrote:
Couldn't reproduce either one of those.


Oops - my apologies - Turns out I had bad dumps of both Rollergames and Bart Vs. The World. There is no unofficial opcode use in either. :oops:
Re: Games that use unofficial opcodes
by on (#145683)
isosceles wrote:
thefox wrote:
Couldn't reproduce either one of those.


Oops - my apologies - Turns out I had bad dumps of both Rollergames and Bart Vs. The World. There is no unofficial opcode use in either. :oops:


That's what I had warned... and ignored.
Re: Games that use unofficial opcodes
by on (#145716)
The first three games mentioned in the thread are unlikely to be bad dumps. When I made my first post I verified their CRC32 against those from bootgod's NES cart database. At least one of the games had been dumped twice by different people. I'm not sure what's the likelihood that some of the dumps I have originate from bootgod. In any case, I believe bootgod has been fairly careful about getting the dumps right on his site.
Re: Games that use unofficial opcodes
by on (#147409)
The Action 52 games "Alfredo" and "Jigsaw" both crash because they have $7C (3 byte NOP) at $AE96. Emulating as a 3 byte NOP causes both to go into an infinite loop, and the games never load. Simply bypassing the opcode (and subsequent unofficial opcodes) allows the games to boot up ok.
Re: Games that use unofficial opcodes
by on (#147410)
isosceles wrote:
The Action 52 games "Alfredo" and "Jigsaw" both crash because they have $7C (3 byte NOP) at $AE96. Emulating as a 3 byte NOP causes both to go into an infinite loop, and the games never load. Simply bypassing the opcode (and subsequent unofficial opcodes) allows the games to boot up ok.


I vaguely recall the AVGN reporting that a few of the Action 52 games failed to start on a real NES.
Re: Games that use unofficial opcodes
by on (#147412)
I vaguely recall the AVGN reporting that a few of the Action 52 games suck.
Re: Games that use unofficial opcodes
by on (#147446)
Espozo wrote:
I vaguely recall the AVGN reporting that a few of the Action 52 games suck.


I do not recall the AVGN reporting an Action 52 game that did not suck.
Re: Games that use unofficial opcodes
by on (#147454)
That Action 52 thing is a bug, it's supposed to be $4C. See here for original post: viewtopic.php?f=2&t=8357&start=15
Re: Games that use unofficial opcodes
by on (#147456)
isosceles wrote:
The Action 52 games "Alfredo" and "Jigsaw" both crash because they have $7C (3 byte NOP) at $AE96. Emulating as a 3 byte NOP causes both to go into an infinite loop, and the games never load. Simply bypassing the opcode (and subsequent unofficial opcodes) allows the games to boot up ok.


What does "bypassing" an opcode mean? Do you mean treating it as a 1-byte NOP instead?

Though, if we are making a suggestion about how to run these games correctly, I think an IPS patch would be a much better way to help than to recommend modifying an emulator around the game's bugs.
Re: Games that use unofficial opcodes
by on (#147473)
rainwarrior wrote:

What does "bypassing" an opcode mean? Do you mean treating it as a 1-byte NOP instead?



Yes.
Re: Games that use unofficial opcodes
by on (#147528)
rainwarrior wrote:
Though, if we are making a suggestion about how to run these games correctly, I think an IPS patch would be a much better way to help than to recommend modifying an emulator around the game's bugs.
That is correct I agree, use an external patch. (Same things can also be done for working with improper headers)
Re: Games that use unofficial opcodes
by on (#149553)
Ninja JaJaMaru-kun uses $04 (NOP). This happens when you touch an enemy.
Re: Games that use unofficial opcodes
by on (#157077)
Chester Field uses implied NOP $1A at $C97A (when you jump).
Re: Games that use unofficial opcodes
by on (#157194)
I noticed that Sachen's Dancing Blocks uses SLO abs ($0F) as a three-byte NOP. It looks like they're just there to confuse a disassembler—most of the instances are in the copy detection code.