Super Tilt Bro. for NES

[RogerBidon | 145]

Super Tilt Bro. 2.0-rc2: The first release candidate

Release candidate?

Yes, that's what it means: this version could be the one in the carts. It all depends on you: find bugs and I'll have to release another version before production begins

More seriously, it will suffer some intense testing, so there will probably will be other release candidate versions. Anyway, this version should give you a good idea of what will be on the cart Day 1. (Don't forget to pre-order the game if you like it )

I couldn't dream of a best 100th post than announcing that!

What's new in the game?

Redesigned mode selection menu

The Arcade mode becomes the Story mode, and gets the screen space it deserves. Also, the support page is replaced by the social page: no more donation QR codes, links to social networks are more useful to find players.

Sinbad

Sinbad's side-tilt is entirely reworked. He now spins his scimitar while charging the enemy. It changes how the move can be used, it is no more a brainless ring out move, but can drag the opponent across the entire stage and is a great combo starter.

Also, up-special has now a bit more scaling knock back to ease getting a ring out with it and mitigate the loss of side-tilt for this.

Pepper

Pepper up-special now goes toward the stage's center by default. It should avoid flying to the blast line inadvertently.

[a3quit4s | 4,149]

I’m not trying to be a hater cause I dig the game and pre-ordered it but

Topic created: 4 years ago

…this could be the version that you get!

Shit or get off the pot

Edited January 17 by a3quit4s

[RogerBidon | 145]

The guy wants to play the old version

Actually this topic is more than four years old. It is just the date of an earth-shaking event

The game was not originally meant to be comercially viable, and it was a long stretch to go from amateur work to something I am OK to know you spend some of your hard earned cash on.

I must admit it took longer than expected sorry for that.

Also this topic should get more technical higlights and less release notes. It was my original goal. But I cannot afford to be even part time on the game-dev anymore so, writing deep articles was set aside and my little dev time is now devoted to make the game as great as possible. That means this topic is dominated by release notes, and my "interesting topics to write about" list is growing. Again sorry. I have to deliver carts one days but no obligation to write interesting content that I love and know you enjoy. If release notes bother you, do not hesitate to tell it clearly, I'll only use this topic for big announcements and technical highlights.

[Khromak | 791]

I think there may be a language barrier here but the message was: You've been working on this game for 4 years already, at some point you have to release the game. It will never be perfect and you could work on it for the rest of your life and still have new features you want to add, bugs you want to fix, or balance changes you want to make.

Just release something. Don't let "perfect" become the enemy of "great", as the phrase goes.

That's not necessarily my opinion, though I find myself agreeing with the sentiment, but I wanted to hopefully help clarify the statement. I don't think people are that stressed about how many or what types of updates they get from you, most people (especially in this community) want the physical thing produced so they can play it.

[DefaultGen | 5,537]

This game rules, thanks for never stopping  All this work is going into by far the best fighting game on NES.

[a3quit4s | 4,149]

Yeah no I dig the updates but I feel like I should be buying Super Tilt Bros 2 at this point lmao

[multiboot | 23]

I can't wait to play this on NES!

My WiFi is ready

[RogerBidon | 145]

Super Tilt Bro. 2.0-rc3: Sinbad's patch

Physical release news

If this patch comes close from the last, the reason has to do with the physical release. The cartridge's hardware is in stabilization phase, which means APIs for the game should not change much anymore, even while some implementation details are still being finalized. This is the perfect time to begin to test upgrade and reset to factory in real conditions. And, for it to be really real, we need at least two official versions of the game that run on the same version of the mapper, this new version allows just that.

In other news, we designed the manual and the box. Adding to the digital comic book and OST that were already ready that mean we have everything needed in this department.

Things are getting real

What's new in the game?

New cutscene

The story mode was lacking an ending cutscene. When you beat the boss, you were just given the score screen without even knowing if Sinbad got his cake.

This is fixed!
(Sorry, no screenshot, you will have to beat the game to know )

Sinbad balance

Sinbad's new side-tilt came with a fair share of balance issues and bugs. Strange behaviors on wind boxes, moving platforms and player two are now fixed. As for the balance, the end lag can now only be cut by jump moves, so Sinbad has to follow with aerial attacks to combo and the last hitbox connects more consistently as the multi-hit hitboxes, even if weak, throw the opponent with a terrible downward angle.

Edited February 1 by RogerBidon

[RogerBidon | 145]

Super Tilt Bro. 2.0-rc4: Buff the outsiders!

Progress on the physical release

Last months, the focus has been set on the physical release. We are a bit late on schedule, and I am sorry for that. We really wanted to get the perfect cart as the risk with new technologies is to sell a defective or brittle product. There is a lot of stuff going on a physical release aside from the WiFi-enabled NES board, I'll try to cover all fronts here.

About the board itself. We finally froze its design, including the PCB layout, the components on it, and the FPGA programming. That means we are now using prototypes strictly equivalent to the production cartridge, or at least we can list the differences, which is better to get progress that the ever-evolving cart we had until now. It also means we can, and have, ordered the needed PCBs to make production cartridges.

The game itself is in a state were we publish incremental improvements. It is ready, and working on the prototypes, and we don't want to break that. At the same time, balance and polish can always be improved, and Super Tilt Bro. is a living game: it is updated regularly and will be for the foreseeable future.

Finally, the packaging. The cover art and manual are ready, and we also got a sample to ensure print quality was good. That's a good thing done, that means we can, and have, ordered the packaging elements. Digital reward like the OST and the comic book are also ready.

To summarize, everything is ready and has been ordered. We should receive all elements by the end of April, letting us do the last checks and begin to assemble, flash, and ship the games to Kickstarter backers, honor pre-orders, and finally release the game.

As a side note: Thank you very much for Kickstarting and pre-ordering the game. It may not be obvious seeing Super Tilt Bro. coming to completion, but the project would really have been jeopardized should it not have been backed. I myself reduced my work to part-time for two years developing the game, and Broke Studio has great upfront costs ordering thousands of cartridges materials. Super Tilt Bro. may not have been a thing, and would certainly not be near that magnitude without you. Thank you.

What's new in the game?

Story mode

The final score board has been improved. The time is now displayed in white which is way more legible than black on brown, and the medal name has been added.

Oh, and, did you notice? The timer now goes above 10 minutes, you can take your time!

Finally, targets in break-the-target stages now have larger hurtboxes. This is the end of raging because you missed it by one pixel. You can now rage because you missed it by three pixels!

VGSage

VGSage has been slightly buffed. First is his down-air which now has a stronger hitbox at the end. The new hitbox throws your opponent just far enough to let you continuing your combo with an advantage.

Also, the side-special now takes less time to charge. Without being a fast move, it can now take your rival by surprise, making it a good niche option.

Pepper

As with VGSage, Pepper got her share of buff. Like VGSage's side-special, Pepper's down-air startup time has been lowered to make the move more often useful.

Finally, Pepper's side-special has more scaling knockback than before. That's especially true when she hit from max range. This is actually a big buff since when your opponent is weakened, finishing a combo with a side-special can now score you a ring-out.

Fixes

Pressing start during an online game no more cause terrible glitches. The reason was while the client refused to pause an online game, the server actually paused. Causing weird desynchronization and a game seemingly stuck.

[multiboot | 23]

Don't sleep on the discord, too. It has channels dedicated to matchmaking, monthly championship tournaments, tech discussion and general talk.

People already play a lot with the ROM but if you're not already doing that, the Discord is gonna be useful when you get your cart

https://discord.com/invite/VefZSWMj

Edited April 3 by multiboot

[RogerBidon | 145]

Super Tilt Bro. 2.0: The one!

How is production going?

We have almost all the needed elements to start the production. That's why we drop the "Release candidate" status, baring any big surprise this version should end being in the cartridges. Everything has been tested and is working on the final version of the hardware, Saturday we will test it in real conditions during the monthly tournament happening on Super Tilt Bro.'s Discord server.

Technical highlights

I love technical highlights. I was really a pleasure to write it and see your reactions. Some completely flopped, others were cited by peoples I am astonished to even blip on their radar, and I regret none of them. They disappeared when I had to stop living on glory (and savings,) you know day jobs take time so I had to cut things to keep progressing on the game. That said, I really want to bring them back. I use what little time I have to write a next entry about cryptography, a rare matter on the NES but a key concept on the internet. So, stay tuned I guess, I may come one day!

What's new in the game?

Polished Wi-Fi menus

Menus now stay reactive when your Wi-Fi connection is poor. No more waiting for a message that can never come. Also, the Wi-Fi connection screen is more intuitive than ever.

Story mode updated

The ending cutscene's screenshake is fixed (did you notice it was broken?) And the secret medal time has been reduced, you now need to beat the story in less than one minute and fifteen seconds to get it. The second secret medal time is unchanged, nobody still reached it.

Kiki

Kiki got new color swap options, matching skin concepts from the Super Tilt Bro.'s community.

Sinbad

Sinbad longest-to-describe attack, the aerial neutral special attack, has reduced damages. It went from eight damages dealt by hit to three. It was a long time artifact, before we notice the attack was technically a multi-hit, racking damages way to hard.

New music

Not yet in the game, but Tuï stroke again with this variant of the main theme!

 

Edited May 8 by RogerBidon

[RogerBidon | 145]

Technical highlight: Modern cryptography on the NES

Super Tilt Bro. is an online game. You can even make an account to be placed on the official ranking, to do that you simply enter your login/password and... the technical trouble begins!

Nice little credentials that need to be protected with 8-bit power!

We are on 2024, hackers do not operate on Commodore 64 anymore, the game will face today's threats. In this article we will go into the depths of the cyber-war by introducing how your passwords are typically protected, and the choices made for Super Tilt Bro. Spoiler, SHA-256 is at the heart of all that, and its implementation on the 6502 CPU will be discussed.

Protecting your password

There are a lot of ways to protect passwords. The minimum expected nowadays is that the password never transits unencrypted on the network, and is not stored on the server. A typical website will only send it over HTTPS, which is an encrypted protocol, and store a salted hash on the server. The salted hash is black magic: when you send your password the server can verify it is the good one by comparing it to the hash, but with just the hash no one can compute your password back. Ultimately your password is protected against a hacker that sees you internet connection thanks to HTTPS, also, a hacker gaining access to the server doesn't get your password thanks to salted hashes.

This is how tiny websites protect your data. Big ones can use more complex schemes.

This is cool, now we have an 8-bit CPU and two kilobytes of RAM, can we do all this? Yes, and no. HTTPS in itself is pretty CPU intensive, and very convoluted as it evolved over 30 years supporting multiple generations of encryption schemes. It would be a terrible fit with our beloved entertainment system. Modern hash algorithms are designed with 32-bit CPUs in mind but are very compact, definitely doable.

Anyway, before choosing a technical solution we need to understand what we want to protect, and against whom. There is no ultimate security, one need to choose our fights. Preventing a player connecting to another's account is the first consideration but knowing that Super Tilt Bro. is a small game with a wholesome community, basic security for that should be good enough. Note that the community can change over time, and anti account stealing measures must have a way to evolve if necessary. The second and most important point is to protect player passwords against theft. People reuse passwords, it is bad but a fact. If a hacker with access to a 2024 computer watches your internet connection or gain access to the server, they should not be able to find your password. You may lose more than your gaming account especially if you use your credit card number as a password (I know you do it!)

OK, account-stealing and more importantly password-stealing are our priorities. Considering that players will not go as far as eavesdropping each other's internet or hack the server to steal accounts, the most important part is the salted hash part. Making the password secret to a hacker seeing only the salted hash, even with access to modern computational power. To achieve this level of protection, the game computes itself the hash of the password, salted by the login and sends that salted hash to the server once to obtain a login token. The password itself never leaves the NES. The login token is a simple number that can be placed in any message and identifies the logged session, avoiding sending the salted hash in every message, and simplifying server-side authentication. The hash algorithm is our main defense against the dark armies of the web, a state-of-the-art algorithm is necessary, Super Tilt Bro. uses SHA-256 which is unbroken and performs efficiently enough on the 6502 CPU.

The login protocol for Super Tilt Bro.

There would have been other alternatives, without citing them all here are some that can come to mind, and why it was not chosen. The Wi-Fi chip could handle HTTPS, partially, it performs the encryption but no server authentication. A challenge could be used instead of sending the hash, it would have prevented an attacker to log in knowing only the salted hash at the cost of a bit more complex login step, it is definitely an improvement if stealing accounts becomes a problem. Two-factor authentication, it is to be added over the login protocol, adding it can be achieved without changing the choices made above.

Let's discuss the SHA-256 hash algorithm

Hash algorithms have many fascinating properties. The one of interest in our case is that it can take any kind of data and transform it in a way that it is not possible to come back. In mathematical terms, this is a `h` function so that `h(m) -> x` and no way to discover `m` by knowing only `x`. Super Tilt Bro. places the login/password as `m` and transmits only `x` for authentication purpose.

SHA-256 operates on big endian 32-bit words. It requires 8 variables storing the final hashed value, 64 mathematically important constants, and an array of 64 variable words where most operations take place. This is 136 words, or 544 bytes, almost half of which are constants that can be stored in ROM. This is a very low memory footprint by today standards, and fits nicely in the NES limited RAM.

The message to be hashed is padded to be at least 64 bytes long, then is processed by successive chunks of 64 bytes. Each chunk passes through 64 rounds of pseudo-random bit shifting and logical operations, effectively producing a random-looking value in the 8 variables composing the hash. That is many iterations of multiple 32-bit operations, and definitely a big task for the 6502 CPU. Thankfully we can leverage our specific case to alleviate that.

SHA's way of scrambling your message

First, it is OK to be slow to compute the hash. The computation can be spread over multiple frames since it is done once, in the connection menu. That said, it cannot take several seconds. The player should not notice the connection being particularly slow just because of that. There also is a particularity that allows some shortcuts: the message's size is known. The login plus the password take 32 bytes, that's less than one chunk: we can implement pre-known padding and only handle a single chunk. Finally, using an 8-bit CPU we are not bound by the big endian nature of SHA-256 and can bring chaos to the variable and constant tables! Let's introduce the "shuffle endian", or when bytes are all around the place.

Instead of conforming to the table being 64 words of big endian 32 bits, Super Tilt Bro. rearanges it to 4 tables of 64 bytes. Each table containing a byte of each word. It allows accessing them more naturally in absolute-indexed addressing mode:

 

; Round constants K
;  Stores 64 32-bit words,
;  k0 is a table of the MSB of each word
;  k3 is a table of the LSB of each word
;
;  Will be indexed, should be aligned on 256 bytes
k0:
.byt $42, $71, $b5, $e9, $39, $59, $92, $ab
.byt $d8, $12, $24, $55, $72, $80, $9b, $c1
.byt $e4, $ef, $0f, $24, $2d, $4a, $5c, $76
.byt $98, $a8, $b0, $bf, $c6, $d5, $06, $14
.byt $27, $2e, $4d, $53, $65, $76, $81, $92
.byt $a2, $a8, $c2, $c7, $d1, $d6, $f4, $10
.byt $19, $1e, $27, $34, $39, $4e, $5b, $68
.byt $74, $78, $84, $8c, $90, $a4, $be, $c6
k1:
.byt $8a, $37, $c0, $b5, $56, $f1, $3f, $1c
.byt $07, $83, $31, $0c, $be, $de, $dc, $9b
.byt $9b, $be, $c1, $0c, $e9, $74, $b0, $f9
.byt $3e, $31, $03, $59, $e0, $a7, $ca, $29
.byt $b7, $1b, $2c, $38, $0a, $6a, $c2, $72
.byt $bf, $1a, $4b, $6c, $92, $99, $0e, $6a
.byt $a4, $37, $48, $b0, $1c, $d8, $9c, $2e
.byt $8f, $a5, $c8, $c7, $be, $50, $f9, $71
k2:
[...] ; 64 other bytes
k3:
[...] ; 64 other bytes

; Now we can access easily all bytes of any word with absolute-indexed addressing
ldx #5
lda k0, x ; Equivalent to C: k[5] >> 24
lda k1, x ; Equivalent to C: (k[5] >> 16) & 0xff
lda k2, x ; Equivalent to C: (k[5] >> 8) & 0xff
lda k3, x ; Equivalent to C: k[5] & 0xff

; That in itself would not have been a big performance enhancer,
; because once X is correctly set on a 32-bit words table we can access bytes with an addition in origin address,
; "lda k+0, x", "lda k+1, x", ...
; But SHA-256 requires looping and computing indexes quite a lot, having a natural value in the register simplifies
; the indexing of an otherwise complex algorithm.

This SHA-256 implementation has not been benchmarked, but the connection feels instantaneous, no need to optimize further. If the performances have met the need of first try, that was not the same for correctness. Some bugs appeared, and a C implementation has been written to be able to compare the internal state at different steps of the algorithm. To ensure accuracy, Super Tilt Bro. now has some unit tests and even a fuzzing test stressing explicitly its SHA-256 implementation.

Conclusion

Super Tilt Bro. uses modern cryptography to protect your password. Do not assume it is enough! Errors can have slipped in, this is just a game, do not trust it to protect a valuable password. Anyway, it was fun to implement SHA-256 on the NES!

If you want to go further in the rabbit hole, you can follow these links:

Wikipedia article on SHA-2 has a great pseudocode for the SHA-256 implementation: https://en.wikipedia.org/wiki/SHA-2

Another mad man who did the same, this article was my starting point: https://bumbershootsoft.wordpress.com/2019/04/24/implementing-sha-256-on-the-6502/

Super Tilt Bro.'s SHA-256 implementation, it is reusable and even expandable to handle multiple chunks: https://github.com/sgadrat/super-tilt-bro/blob/713cae919834535b0c756973c33e2ea2e56bb64a/game/logic/sha.asm

 

[RogerBidon | 145]

Super Tilt Bro. 2.1: NTSC fixes for the gold!

What's new in the game?

Story mode

Fixed a small visual glitch on platforming stages and improved contrast on the "retry" screen.

What's new under the hood?

Gold!

This is a very small change for a release, and there is a good reason for that. The focus was on fixing the last NTSC bugs that slipped by our european PAL-centric tests. Now that it is done, we have a version that is definitely good for production. For sure this time, we even started the production with it!

The most pressing issues solved are a purely hardware glitch that scrambled sprites on some NTSC systems, and the rescue mode which displayed badly on any NTSC systems. Finally, Sinbad's side-tilt was barely usable because of your favourite lazy developper checking only the most significant byte of a constant that is 1.0 in PAL but 0.8 in NTSC