Main Menu
Main Page
Forums
Recent changes
Random page
Help

Databases
GlitchDex
AttackDex
ItemDex
TypeDex
UnownDex
More

Major Glitches
Trainer escape glitch
Old man trick
Celebi trick
Select glitches (Japan)
SRAM glitch
CoolTrainer♀ corruption
LOL glitch
Rival LOL glitch
Super Glitch
ZZAZZ glitch
Pomeg corruption glitch (Glitzer Popping)
Tweaking
Elite Four door glitch (Japan)
Pokémon merge glitch
Pokémon cloning
Time Capsule exploit
Arbitrary code execution
Coin Case glitch
More

Other Glitch Categories
Glitches by generation
Glitches between two generations
Japan-only/language specific glitches
Music glitches
Natural glitches
Non-core series glitches
Non-Pokémon glitches
Officially acknowledged glitches
Recurring glitches
Dead glitches

References
Pokémon GameShark codes
The Big HEX List
GB programming
Curiosities
Debugging features
Easter eggs
Error traps
Glitch areas
Glitch myths
Non-glitch exploits
Placeholder texts
Pokémon glitch terminology
Unused content and prerelease information

Useful Tools
8F Helper
GBz80 to Items
Old man trick name generator
PATH (Prama's Advanced Tweaking Heaven)
Save file editors
Special stat/Pokémon converter
Trainer escape Trainer Pokémon finder

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Search Wiki

 

Search Forums

 

Author Topic: Verifying console/emulator behavior with 8F  (Read 3415 times)

0 Members and 1 Guest are viewing this topic.

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Verifying console/emulator behavior with 8F
« Reply #15 on: July 21, 2016, 07:03:33 pm »
I edited my previous post, and I bump here for everyone to notice the bump.

I asserted that hte game will hang, although there is a chance my information is not correct. Anyone having a GBC/A could test ? Thanks.
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

TheUnReturned

  • A strange guy
  • GCLF Member
  • *
  • Offline Offline
  • Gender: Male
  • Yawns
    • View Profile
Re: Verifying console/emulator behavior with 8F
« Reply #16 on: July 21, 2016, 11:32:43 pm »
I edited my previous post, and I bump here for everyone to notice the bump.

I asserted that hte game will hang, although there is a chance my information is not correct. Anyone having a GBC/A could test ? Thanks.
It might or might not hang... It's also decided by how well the CPU perform
Always treasure the present
To remain it in the past

Aldrasio

  • GCLF Member
  • Offline Offline
  • Gender: Male
  • Our Lady of Perpetual Underflow
    • View Profile
Re: Verifying console/emulator behavior with 8F
« Reply #17 on: July 22, 2016, 09:46:26 am »
I edited my previous post, and I bump here for everyone to notice the bump.

I asserted that hte game will hang, although there is a chance my information is not correct. Anyone having a GBC/A could test ? Thanks.
It might or might not hang... It's also decided by how well the CPU perform

Why would that be a factor, though? It matters how it interprets an instruction, which is entirely on how the CPU handles command logic. Performance shouldn't matter.

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Verifying console/emulator behavior with 8F
« Reply #18 on: July 22, 2016, 12:38:03 pm »
Assuming the CPU's components aren't rusted, the instruction always is interpreted the same way.
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

Duo

  • GCLF Member
  • Offline Offline
  • Gender: Male
  • GBDev ain't dead.
    • View Profile
Re: Verifying console/emulator behavior with 8F
« Reply #19 on: September 05, 2016, 05:54:32 pm »
re: bgb 1.4.1

Please guys, update your BGB to the most current version 1.5.2. Version 1.4.1 is ancient (4 years+)

http://bgb.bircd.org

-Duo

luckytyphlosion

  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • JACK-flys are OP
    • View Profile
Re: Verifying console/emulator behavior with 8F
« Reply #20 on: September 05, 2016, 09:28:31 pm »
Inaccessible VRAM access is also relevant when encountering unstable missingno in Yellow version on a cleared save file. The game will hang for 6-7 minutes with a file that does not emulate inaccessible VRAM (such as 3DSVC), as the audio command pointers are corrupted to read from OAM ($fe00-fe9f). With accurate emulators/real hardware, inaccessible VRAM will cause the corrupted audio pointers to terminate quickly (from the $FF read during mode 2/3), however if VRAM is always open, the game continually process the audio much longer as there is no terminator.

Also, stop doesn't exist as an opcode in 3DSVC. Double Speed mode doesn't even require it, from my tests.

EDIT: okay didn't realize that inaccessible VRAM is emulated correctly on 3DSVC. However, it seems that inaccessible OAM isn't emulated correctly, as GB code never writes to OAM directly. (most, if not all code uses the OAM DMA)
« Last Edit: September 05, 2016, 09:33:37 pm by luckytyphlosion »

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Verifying console/emulator behavior with 8F
« Reply #21 on: September 05, 2016, 11:43:28 pm »
So we should also test OAM access outside of VBlank ?
And maybe test OAM corruption emulation.
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

Wack0

  • Coder, reverser, beta collector [BetaArchive staff]
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • cBRH - Doing nothing since 2k7
    • View Profile
Re: Verifying console/emulator behavior with 8F
« Reply #22 on: September 06, 2016, 05:16:04 pm »
The new video by TheZZAZZGlitch inspired me to shove the 3DS VC binary into ida again.

I found the gb cpu interpreter function (let me guess: nintendo abandoned their attempt at a gba emu for 3DS, instead going the hardware route, because they never heard of a dynamic recompiler). The handler for the "stop" opcode just skips past the operand and ignores it, as is known.

I haven't checked fully the interesting stuff yet (custom opcode 0xfc handler!), that will come very soon.

edit: OK, so opcode 0xfc seems pretty useless. All its operands come from the loaded patchconfig, and if pc is not equal to the address of any patches (or if no patches are loaded!) then no operation occurs.
« Last Edit: September 07, 2016, 12:11:33 pm by Wack0 »
C H E C K E D . B U I L D S . A R E . A W E S O M E N E S S

BetaArchiveSoftHistory Forumsirc.rol.im #galaxy,#softhistory

Also known as The Distractor.

Shane, please stop telling children that there's a Mew outside under the delivery trucks. - Management

Pokémon: arbitrary code execution 1996-2016

Charmy

  • A guy who likes glitchyness.
  • Member+
  • *
  • Offline Offline
  • Gender: Male
  • "NIDOQUEEN THOMAS wants to battle!"
    • View Profile
Re: Verifying console/emulator behavior with 8F
« Reply #23 on: September 07, 2016, 01:05:42 pm »
Hmm i still don't understand this, i have no ASM or opcode knowledge so...
help.

But, GBC.emu Free seems to give weird results then it comes to walking out of bounds, it seems to show ether the "start" menu or the Pokémon Center text.
In some areas i can actually progress thru the text and the game completely ignores the RAM corruption going on.
It tries to heal around 100 Pokémon.
Then it changes the screen data to vomit.
Then Oak's lab music plays.
Then when the "We hope to see you again!" text finishes, the game crashes with some teal and the rival's theme.
If i choose Cancel, then the same teal rival thingy happens.

I think you should test that emulator as well.
"Time is mone
Go along then" - Old Man


TMZ4 is the BEST TM while the sucky Channel is the best channel.

Wack0

  • Coder, reverser, beta collector [BetaArchive staff]
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • cBRH - Doing nothing since 2k7
    • View Profile
Re: Verifying console/emulator behavior with 8F
« Reply #24 on: September 07, 2016, 03:36:33 pm »
By the way, this stuff was already discovered, but for the record, here's a decompilation of the function used to read emulated GB's memory in the VC emu. (hex-rays + manual fixups)

Code: [Select]
int gb_read_memory(unsigned int address)
{
  #define UNDEFINED 0xff
  switch ( address >> 12 ) {
    case 0u:
    case 1u:
    case 2u:
    case 3u:
      return bank0_ptr[address];
    case 4u:
    case 5u:
    case 6u:
    case 7u:
      return currbank_ptr[address - 0x4000];
    case 8u:
    case 9u:
      if ( (*LCDSTAT_ptr & 3u) >= 3 )
        return UNDEFINED;
      return vram_ptr[address - 0x8000];
    case 0xAu:
    case 0xBu:
      if ( !fp_read_sram )
        return UNDEFINED;
      return fp_read_sram(address);
    case 0xCu:
      return wram_bank0_ptr[address - 0xc000];
    case 0xDu:
      return wram_currbank_ptr[address - 0xd000];
    case 0xEu:
      return wram_bank0_ptr[address - 0xe000];
    case 0xFu:
  if ( address >= 0xff80 )
    return hram_ptr[address - 0xff80];
  if ( address >= 0xff00 )
    return io_regs[address - 0xff00] & io_regs_maxvalues[address - 0xff00];
  if ( address >= 0xfea0 )
    return UNDEFINED;
  if ( address >= 0xfe00 )
    return oam_ptr[address - 0xfe00];
  return wram_currbank_ptr[address - 0xf000];
    default:
      return UNDEFINED;
  }
}

(this function is (relocated) at 0x165264, in the VC emulator version 2.058, which is the version used with at least the original release of the Gen1 VC. The GB CPU interpreter function is (relocated) at 0x1a3b28, and the NES/Famicom CPU interpreter function is directly afterwards at 0x1a8c18. I can provide a partially annotated .idb on request.)
« Last Edit: September 07, 2016, 03:39:37 pm by Wack0 »
C H E C K E D . B U I L D S . A R E . A W E S O M E N E S S

BetaArchiveSoftHistory Forumsirc.rol.im #galaxy,#softhistory

Also known as The Distractor.

Shane, please stop telling children that there's a Mew outside under the delivery trucks. - Management

Pokémon: arbitrary code execution 1996-2016

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Verifying console/emulator behavior with 8F
« Reply #25 on: October 26, 2016, 08:02:20 am »
I know this topic has been locked, but there seems to be one oddity with VBA and money. It dates quite a bit, but since I'm writing more about GCRM, it came back to me.

If you have, let's say, 123456 money, the game stores this as $12, $34, $56. Using GCRM, we can turn this into $12, $6F, $56.

I expected this to work the same as 127556 (1 * 100000 + 2 * 10000 + 6 * 1000 + 15 * 100 + 5 * 10 + 6 * 1), and console (GBC or GBASP, can't remember which) verified this.
However, Krys3000 notified me that VBA acted as if he had 126956 money (as if it "corrected" the F to a 9).

By "the same as X", I mean that after doing an action with money the remaining  amount of monies was the same as if we had had X.


So, here is my point : unlock this topic, do some tests with the DAA instruction, and lock it again. I can't do that myself as of now, sorry.

[EDIT]
Seems like my post unlocked the topic. Oops.
« Last Edit: October 26, 2016, 08:03:27 am by ISSOtm »
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

Torchickens

  • Administrator
  • *****
  • Offline Offline
  • Gender: Female
    • View Profile
Re: Verifying console/emulator behavior with 8F
« Reply #26 on: March 08, 2017, 06:15:58 pm »
I think I may have found a Game Boy Player inaccuracy, which is really surprising.

In English Pokémon Red there is a special glitch map 0xE7. After a couple of hours of testing I finally found a way to access it.

1) First get 202 Pokémon in the party (this is to place a C9 in memory at EC2B (CC2B) for map 0xE7's level-script pointer at EAF1). Without arbitrary code execution, this should be possible by activating Super Glitch while on the deposit option of a Pokémon Center's PC, depositing the Pokémon to get 255 Pokémon and then withdrawing a PC4SH to get 202 Pokémon (the ID of PC4SH).
2) Stand in the spot below, save and reset then put the party cursor to Pokémon 202 and close the menu.
3) Change D36E/D36F to 4112 and D35E to E7. You can do this with a TM31 x1 and X Attack x18 in the expanded items pack if you replace them with the Master Ball x199 and TM41 x79 respectively.



4) You will warp to map 0xE7 and the game shouldn't freeze.

Note: The 202 Pokémon requirement may not be necessary on Game Boy/Virtual Console but it is on Game Boy Player.

This is where the emulation error comes in:

On a Game Boy Advance SP and Virtual Console, the map redirects you to another map (possibly Pallet Town) where Professor Oak may tell you not to go out and loop around the screen until you're forced to walk out of bounds.



But on the Game Boy Player the map doesn't redirect you and you get to explore it!



Though it's easy to go out of bounds and freeze the game.

At first I wondered whether there were requirements for it not to work I was overlooking, but I tested the same save file doing the same steps on a Game Boy Player and then a Game Boy Advance SP in alternation. Every time on the Game Boy Advance SP it warped to Pallet Town. Every time on the Game Boy Player it let me explore the map.
« Last Edit: March 08, 2017, 06:20:49 pm by Torchickens »
Hello. I actually identify as gender questioning, but nowadays feel more firmly that I identify as female. My sex is male but I like to express myself as female.  She/her pronouns, please.


Thank you Myri for my avatar! Thank you Aeriixion for the cute sprite above! :) Roelof also made different variations of the sprite (which I animated).

Contact:

Email Youtube Twitter
Skype: Torchickens
Bulbapedia Starfy Wiki

Beyond all philosophies are the things that go best for you; what makes you feel content. It's important to always follow your heart, so unless you feel perfectly happy about it don't just follow something because it is popular, fits a style or is conventional. Sometimes you may reach a point you're not sure who you are, but as things settle I'm convinced things do work out in time.

TheSixthItem

  • Game breaker
  • GCLF Member
  • *
  • Offline Offline
  • Gender: Male
  • ZZAZZDZZGZZUZZKZZ#ZZXZZUZZ7ZZ#ZZ
    • View Profile
Re: Verifying console/emulator behavior with 8F
« Reply #27 on: June 22, 2017, 12:33:26 am »
GBA4IOS 2.1:
UnknownOpcodes: FAIL5
InvalidBanks: PASS
VRAMAccess: PASS
EchoRAM: PASS
InvalidStop: FAIL
I do things

Wack0

  • Coder, reverser, beta collector [BetaArchive staff]
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • cBRH - Doing nothing since 2k7
    • View Profile
Re: Verifying console/emulator behavior with 8F
« Reply #28 on: August 26, 2017, 06:38:36 pm »
Has anybody tried running these tests on a Kong Feng GB Boy Colour (Chinese bootleg CGB clone)?
C H E C K E D . B U I L D S . A R E . A W E S O M E N E S S

BetaArchiveSoftHistory Forumsirc.rol.im #galaxy,#softhistory

Also known as The Distractor.

Shane, please stop telling children that there's a Mew outside under the delivery trucks. - Management

Pokémon: arbitrary code execution 1996-2016