Under the microscope: Small Soldiers (PlayStation)
Reverse-engineering the passcode system for a PlayStation game
What happens when you enter symbols into the Password screen of Small Soldiers, the 1998 PlayStation game from Dreamworks Interactive?
Each button you press causes a value to be written to the buffer at 800717b0. X writes a value of 0x00, Square writes a value of 0x01, Circle writes a value of 0x02, and Triangle writes a value of 0x03.
Once you’ve pressed eight buttons, the function at 8005cd28 reads the password buffer. The first thing that function does is pack the button symbol values into a 32-bit field. The logic looks like this pseudo-Python:
After that, it extracts four values from the bit field: one represents a starting level, another represents a difficulty setting, a third represents how much ammunition will be available, and a fourth represents a checksum.
The starting level, difficulty setting, and ammunition values are added together and compared to the checksum. If they match, and if the values are valid (starting level below 14, difficulty below 3, ammunition below 7), the password is valid.
This is somewhat tamper-resistant, but it’s not military-grade cryptography. Let’s make a function that can generate valid passwords, shall we?
Generating all the level passwords
This function will turn a starting level, difficulty setting, and ammunition value into a valid passcode:
The ammunition value is made up of three bits. Each one determines whether you start with a full complement of shots for a particular weapon. According to the manual, the weapon types are called Rebound, Star Bolt, and Big Blast.
The cheat sites (e.g., GameFAQs, IGN) have various passwords listed for this game. But they all seem to be for the Normal difficulty level, and so aren’t comprehensive. I ran the function above in a loop to generate the full set of level passwords:
It’s nice to have every level password, but wouldn’t it be better to only need a single password?
The special passwords
There’s a second function that reads the password buffer. It compares your entry to a list of static values starting at 80071720.
Three of these activate well-known effects – these have been on cheat sites for ages:
Medal of Honor movie: Triangle, Triangle, X, Circle, Circle, Circle, Square, X
Invulnerability: Circle, Circle, Triangle, Triangle, Circle, X, Square, X
All weapons: Triangle, Triangle, Circle, Circle, Circle, X, Square, X
However, there are two more in the list that don’t seem to be documented online:
Unknown 1: Triangle, Circle, Triangle, Circle, X, Circle, X, Square
Unknown 2: Square, Square, X, X, Triangle, Triangle, Triangle, X
The first of these plays the staff credits movie:
If you enter the second one, nothing happens. Or does it? The post-entry logic look like this:
That is, the value at 800717c0 increments the first time you enter the code. If you enter it again, the value at 800717bd gets set, and…
…a cheat screen appears! This one allows you to select your starting level directly. It also allows you to toggle the Invulnerability and Weapons cheats from the passcodes above.
Outro
The full script that I used to generate the level passwords is available on GitHub.
Thanks for reading. Rings of Saturn will return soon with more explorations of retro game reverse engineering. Check out the archive in the meantime!
