From Kodewerx
Jump to: navigation, search

RLM is a program designed to "unprotect" Super Mario World ROM hacks that were "protected" with the Lunar Magic level editor. RLM stands for "Recover Lunar Magic". Also seen in the source code, "Rape Lunar Magic" was once considered.

Version History

v1.3 (12-26-09):

  • Fixed yet another last-known-problem with (what I believe is) "Super ExGFX".
  • Support for drag-n-drop (see "Using RLM").
  • Readme cleanup.

v1.2 (04-18-05):

  • Fixed the last known problem with OverWorld decryption.

v1.1 (01-16-05):

  • Fixed a problem with OverWorld decryption.
  • Changed copyright years from 2003-2004 to 2003-2005.
  • Added a version number define to make version changes easier.

v1.0 (01-13-05):

  • Initial release!

Lunar Magic Protection

The protection scheme used by Lunar Magic is simple albeit effective against inexperienced hackers. When protecting a hack, the editor will write a few bytes into the SMC header as well as the SNES ROM header which it uses to signal to itself that the ROM is protected. Reversing these changes is enough to bypass the "Lunar Magic cannot open this ROM" message, but you will run into trouble when you open the edited stages.

Almost everything that Lunar Magic edits will be encrypted with a simple XOR operation, when a hack is protected; unedited stages and objects will remain in their original, unencrypted state.

The first thing encrypted is the stage pointers. To anyone looking in a hex editor, they appear to point to invalid stage data (because they do). Decrypting these pointers shows you were to find the valid "RATS" headers, as well as encrypted stage data. At this point, decrypting the stage data is enough to open the hack in Lunar Magic. However, the ROM will not work on an SNES or an emulator, due to an assembly hack in place which will try to decrypt the already-decrypted stage data. Reverting the assembly hack will make the ROM playable.

Other edited objects in the ROM are also encrypted in a similar manner. The overworld is a particularly big example. I believe the "ExGFX" are also encrypted.

RLM Specifics

RLM contains code which allows it to handle LoROM and ExHiROM SNES ROMs in the SMC format. The main decryption loop, decryptLunar(), is a very simplified Super Mario World stage data parser. Most data blocks in this stage format are 3 bytes, but some are 4 or 5 bytes. RLM has to understand this concept (at the very least) in order to decrypt the stage data properly; Only the first two bytes of each block are encrypted.


RLM is available under the terms of the GNU General Public License. You can download the zip/gz/bz2 compressed source code from github or if you have git, clone the source code repository with the following command:

git clone https://github.com/parasyte/rlm.git


$ ./rlm
RLM (Recover Lunar Magic) - v1.3
Copyright 2003-2009 Parasyte (parasyte@kodewerx.org)

Usage: ./rlm <in-file.smc> [out-file.smc]

Where <in-file.smc> is the name of the protected Super Mario World ROM, and [out-file.smc] is the file name that you want RLM to create with the unprotected data. Note that [out-file.smc] is optional; if not specified, it will create a new file with the extension of the input file name changed to ".unlocked.smc". For example, "in-file.smc" becomes "in-file.unlocked.smc".