A script to extract SNESticle from Fight Night Round 2

Overview

fn22snesticle.py

A script for producing a SNESticle ISO from a Fight Night Round 2 ISO and any SNES ROM.

Background

Fight Night Round 2 is a boxing game by Electronic Arts. The Gamecube version of which includes the SNES game Super Punch-Out!!, playable through SNES emulation. Data mining has shown that the DVD contains the strings "SNESticle" and "Copyright (c) 1997-2004 Icer Addis", suggesting that this emulator is in fact SNESticle, the much anticipated but never released follow-up to NESticle.

This script extracts SNESticle from a Fight Night Round 2 ISO (US version) and produces a new ISO containing just SNESticle and a SNES ROM (Super Punch-Out!! or a SNES ROM of your choice). It also patches the joypad emulation to fix some issues and create a more logical button layout.

Requirements

fn22snesticle.py requires Python 3. Using custom banners requires the pillow (PIL) module, but this is strictly optional.

Usage

There are quite a few options but most have sensible defaults, just check the help screen:

./fn22snesticle.py --help

The simplest invocation would look something like this:

./fn22snesticle.py fightnight2.iso superpunchout.iso

This will take SNESticle and the Super Punch-Out!! ROM directly from fightnight2.iso and use them to produce the Gamecube ISO superpunchout.iso.

More interestingly, you can use the --rom option to include a different SNES ROM:

./fn22snesticle.py --rom smw.sfc fightnight2.iso smw.iso

This will produce an ISO containing SNESticle and the ROM smw.sfc (whatever that might mean).

It's generally a good idea to also provide the full name of the SNES game using the --game-name option:

./fn22snesticle.py --rom smw.sfc --game-name "Swell Plumber Place" fightnight2.iso smw.iso

It will be written to multiple fields inside the ISO that can be picked up by your loader. It will also be used to generate the banner image that shows up next to the game in most loaders. If no game name is provided, the ROM filename will be used instead.

If you don't like the generated banners, you can provide your own, using the --banner option:

./fn22snesticle.py fightnight2.iso superpunchout.iso --banner mybanner.png

The image file should be 96 by 32 pixels. Most common image formats are supported, but something non-lossy, like png, is strongly recommended. The pillow (PIL) module is required in order for this to work.

Game IDs

There is generally no need to care about the game id option, just leave it out and hope for the best. But if you are curious, or if you think the game id is causing problems for the script or for your loader, read on.

A game ID is a 6 digit code present on every Gamecube ISO, its structure is the following:

  • A single letter identifying the console type (typically G for Gamecube).
  • Two letters (or digits) identifying the game itself.
  • One letter identifying the region of the game.
  • Two digits (or letters) identifying the publisher.

Fight Night Round 2 (the US version) has game ID GEYE69, where 69 is the publisher code for Electronic Arts, the E before that is for US region, the initial G is for Gamecube and EY is just the unique identifier for Fight Night 2 (unique among Gamecube games published by Electronic Arts in the US that is).

Some loaders will exhibit strange behaviour unless every available ISO has a unique game ID, therefore fn22snesticle.py will try to generate a unique ID for every successfully created ISO. The format used is "ZxxE69". E69 still means Electronic Arts and US, but to avoid collisions with existing games the first letter is set to Z. xx is a two character alphanumeric string, essentially a base 36 number that starts at 00 and increments by one for each generated ISO. So after 09 comes 0A and after 0Z comes 10. After ZZ (or 1296 generated ISOs) it prints a warning and wraps back to 00. The most recently used code is written to a file called .fn22snesticle in your home directory. If the file is deleted, game IDs start over at Z00E69.

You can also freely choose your own game ID using the --game-id option. This will not affect the .fn22snesticle file.

a2bnr.py

A banner is a 96x32 bitmap plus a couple of text strings describing the game. It shows up in the Gamecube OS, as well as in loaders like Swiss and in emulators like Dolphin. a2bnr.py is a Python module that is used by fn22snesticle.py to create a Gamecube banner file from a png, but a2bnr.py can also be used as a stand-alone program to create a new banner from an image file or to modify an existing banner file. A typical invocation would look like this:

./a2bnr.py --image myimage.png mybanner.bnr

This will convert myimage.png to the banner format and write it to mybanner.bnr. If mybanner.bnr already exists, this will only overwrite the bitmap portion of the file, leaving the text strings intact. Similarly, it is possible to replace just (a subset of) the text strings in an existing banner file:

./a2bnr.py --game-name "My game" --developer "I made this" someoldbanner.bnr

This will overwrite the game name and developer fields of someoldbanner.bnr without touching the bitmap or the other text strings.

When creating a new bnr file, the --image option is required but everything else is optional. a2bnr.py will accept any image format that pillow can understand.

SNESticle considerations

Joypad emulation

SNESticle maps the Gamecube buttons to SNES buttons in a very literal way, ie A on the Gamecube controller becomes A on the SNES controller. This works for Super Punch-Out but is useless for most games, so the script patches the code to map buttons based on physical location instead:

GC button SNES button
A B
B Y
X A
Y X
Start Start
Z Select

Compatibility etc

At the time of writing, little is known about the features or accuracy of SNESticle. It happily accept standard SNES ROMS with or without the header (ie SMC or SFC files) and it runs a lot of games with no trouble. It does not seem to support external chips like the DSP or Super FX.

Further reading

More information on this project can be found at https://dataswamp.org/~josk/snesticle/

You might also like...
A python script to bypass 403-forbidden.
A python script to bypass 403-forbidden.

4nought3 A python script to bypass 403-forbidden. It covers methods like Host-Header Injections, Changing HTTP Requests Methods and URL-Injections. Us

Small python script to look for common vulnerabilities on SMTP server.
Small python script to look for common vulnerabilities on SMTP server.

BrokenSMTP BrokenSMTP is a python3 BugBounty/Pentesting tool to look for common vulnerabilities on SMTP server. Supported Vulnerability : Spoofing - T

IDA Python Script for anti ollvm

IDA Python Script for anti ollvm

This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature

rpckiller This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature and with that you can further try to escalate

the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability
the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability

CVE-2021-22005-metasploit the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability pr

 Subdomain enumeration,Web scraping and finding usernames automation script written in python
Subdomain enumeration,Web scraping and finding usernames automation script written in python

Subdomain enumeration,Web scraping and finding usernames automation script written in python

A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye

MotionEye/MotionEyeOS Authenticated RCE A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye. You need administrator crede

A script based on sqlmap that uses sql injection vulnerabilities to traverse the existence of a file

A script based on sqlmap that uses sql injection vulnerabilities to traverse the existence o

the metasploit script(POC) about CVE-2021-36260
the metasploit script(POC) about CVE-2021-36260

CVE-2021-36260-metasploit the metasploit script(POC) about CVE-2021-36260. A command injection vulnerability in the web server of some Hikvision produ

Comments
  • sns4q

    sns4q

    The development page surmises the Super Punch Out filename is derived from "SNES for cube." However, it's actually a reference to the game's product code, which is SNS-4Q. The 0 is the ROM revision, as seen here: https://snescentral.com/pcb.php?id=0680&num=0&side=front 471 is Nintendo's internal version number as confirmed by the gigaleak lot check docs -- which also confirms that this was a ROM from Nintendo's archives.

    opened by MegaByte 1
  • Reinsertion into source

    Reinsertion into source

    Given today's published news regarding 2-player support in Super Punch-Out, would it be possible to have your multi-player support additions to be reinserted into the source ROM?

    opened by chmcarro 15
Owner
Johannes Holmberg
Johannes Holmberg
A tool to extract the IdP cert from vCenter backups and log in as Administrator

vCenter SAML Login Tool A tool to extract the Identity Provider (IdP) cert from vCenter backups and log in as Administrator Background Commonly, durin

Horizon 3 AI Inc 343 Dec 31, 2022
Python library to remotely extract credentials on a set of hosts.

Python library to remotely extract credentials on a set of hosts.

Pixis 1.5k Dec 31, 2022
A simple Burp Suite extension to extract datas from source code

DataExtractor A simple Burp Suite extension to extract datas from source code. Features in scope parsing file extensions to ignore files exclusion bas

Gwendal Le Coguic 86 Dec 31, 2022
orfipy is a tool written in python/cython to extract ORFs in an extremely and fast and flexible manner

Introduction orfipy is a tool written in python/cython to extract ORFs in an extremely and fast and flexible manner. Other popular ORF searching tools

Urminder Singh 34 Nov 21, 2022
A burp-suite plugin that extract all parameter names from in-scope requests

ParamsExtractor A burp-suite plugin that extract all parameters name from in-scope requests. You can run the plugin while you are working on the targe

null 29 Nov 9, 2022
an impacket-dependent script exploiting CVE-2019-1040

dcpwn an impacket-dependent script exploiting CVE-2019-1040, with code partly borrowed from those security researchers that I'd like to say thanks to.

QAX A-Team 71 Nov 30, 2022
Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.

?? Recon ?? The step of recognizing a target in both Bug Bounties and Pentest can be very time-consuming. Thinking about it, I decided to create my ow

Dirso 171 Dec 31, 2022
Script for automatic dump and brute-force passwords using Volatility Framework

Volatility-auto-hashdump Script for automatic dump and brute-force passwords using Volatility Framework

whoamins 11 Apr 11, 2022
A small Python Script To get all levels of subdomains from a list

getlevels A small Python Script To get all levels of subdomains Easily get 1st level, 2nd level, 3rd level, 4th level .... nth level subdomains Usag

null 9 Feb 15, 2022
A python script to turn Ubuntu Desktop in a one stop security platform. The InfoSec Fortress installs the packages,tools, and resources to make Ubuntu 20.04 capable of both offensive and defensive security work.

infosec-fortress A python script to turn Ubuntu Desktop into a strong DFIR/RE System with some teeth (Purple Team Ops)! This is intended to create a s

James 41 Dec 30, 2022