A Moogle  🏳️‍🌈 💻 🎮 🎶 🇸🇪

In retrospect, knowing what I know about the trade code algorithm, it was destined to fail - but their hearts were in the right place. They also had a subforum for trying to crack the code programmatically, but the knowledge base was just not there.

Posts in the subforum included gems like "My big brother knows QBASIC, maybe he can help?" Again, in retrospect, it makes sense. Most of these people were kids in their early teens or even younger. I therefore decided to strike out on my own.

The first bit of useful info that I knew was that, being a port of an N64 game, the entire game was resident in RAM at all times. It never accessed the disc except on boot-up. Thus my goal became to get a dump of RAM from a running GameCube.

This was easier than one might expect, as I had a copy of Phantasy Star Online and a Broadband Adapter, so running trojan code was relatively easy. Legendary Gameshark hacker "Parasyte" came through in a clinch, and whipped up a quick utility to dump the full RAM space.

My next port of call was the @dolphin_emu folks - yes, it was in development even then. One of their senior devs, Costis, was kind enough to whip me up a custom build that let me load this RAM image, disassemble code, and manually set register contents.

The last key to the puzzle was Nintendo themselves, as they left the linker .map file on the disc when it was authored. I therefore had the address of every function in the game, and, well, those "mMpswd" functions sure look like "password", don't they?

This kicked off a 2-3 month period where I did little other than go to university, take my courses, get home, and work on painstakingly translating every function, instruction by instruction, into pseudo-C code.

After having every function reversed, I converted it into proper C. It required a good bit of debugging - fortunately, I had Dolphin to check my results against on a per-function basis - but at the end of it all, I was able to generate arbitrary trade codes.