Main Menu
Main Page
Forums
Recent changes
Random page
Help

Databases
GlitchDex
AttackDex
ItemDex
TypeDex
UnownDex
More

Major Glitches
Trainer escape glitch
Old man trick
Celebi trick
Select glitches (Japan)
SRAM glitch
CoolTrainer♀ corruption
LOL glitch
Rival LOL glitch
Super Glitch
ZZAZZ glitch
Pomeg corruption glitch (Glitzer Popping)
Tweaking
Elite Four door glitch (Japan)
Pokémon merge glitch
Pokémon cloning
Time Capsule exploit
Arbitrary code execution
Coin Case glitch
More

Other Glitch Categories
Glitches by generation
Glitches between two generations
Japan-only/language specific glitches
Music glitches
Natural glitches
Non-core series glitches
Non-Pokémon glitches
Officially acknowledged glitches
Recurring glitches
Dead glitches

References
Pokémon GameShark codes
The Big HEX List
GB programming
Curiosities
Debugging features
Easter eggs
Error traps
Glitch areas
Glitch myths
Non-glitch exploits
Placeholder texts
Pokémon glitch terminology
Unused content and prerelease information

Useful Tools
8F Helper
GBz80 to Items
Old man trick name generator
PATH (Prama's Advanced Tweaking Heaven)
Save file editors
Special stat/Pokémon converter
Trainer escape Trainer Pokémon finder

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Search Wiki

 

Search Forums

 

Author Topic: Using 8F to ACE other games  (Read 315 times)

0 Members and 1 Guest are viewing this topic.

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Using 8F to ACE other games
« on: February 11, 2017, 10:52:57 am »
This is a method to perform ACE on each game frame - provided it uses OAM DMA. I guess all games use it, so, yeah.
It also has the bonus of being cartswap-friendly.
Need no more to be convinced ? Then here is the thing !


This works only on Pokémon Red or Blue.
You need to place the following hex data at the following locations.
Use your favorite emulator's (or BGB if you intend to do cartswap) memory viewer to do that.
Alternatively, you can use an in-game memory editor such as offgao's (see this thread)
Also, make sure all data at FF80 is not executed until it is complete. It's very sensitive data executed on each frame, and you don't wanna crash.
One way to do it is to write a $C9 at $FF80 first, and write the $CD last.

These two pieces of data don't persist after saving and resetting.
Code: [Select]
At DF00 : (WRITE FIRST !!)
3E76EA65D32146FF3EC3C9

At FF80 : (MAKE SURE YOU HAVE WRITTEN DF00 BEFORE THIS !!)
CD00DF77

Once both pieces of code are in place, go into any house, exit it and o surprise, Hall of Fame !
Tech details are below.


If you want to try the cartswap-based funky badass-showoff version (Pokémon Blue "cartswap wrong warp%"), then set up DF00 and FF80 as above, and then this.
Code: [Select]
At D163 :
06B0242E22182DFFB00015000014142D0A2D0000B1A00000CD002C00300041002B0032F8E423280000060015000D000B000E000B2400E9

At D31D :
045D010163C33BD501FF

At D53A :
1A21541F110BDF014900CDB5003E10E0FF07E0003DEA36DFEA57DF3E8AEA43DF3EC3EA55DF3EA1EA56DF76003E01E0FF7600C30BDFFF
Now, open your bag (surprise, there's 8F in there), use 8F. The game will then freeze, so use "Load ROM without reset" on BGB and load Pokémon Blue (or Red, works fine too).
Press any direction on the D-Pad, and the game will start. You can then choose to start a new game, and you will soon find out your house leads directly to the Hall of Fame ! Nice.


I attached a BGB save state to be tried on Pokémon Red that has all set up. This was hex edited, but is doable legitimately. You just have to load it in BGB, then use the above method or just close the menus and walk out of your house.




Tech stuff
On each LCD frame, the game has to run a small routine in RAM to transfer sprites from a temporary buffer to the location the GB uses. However, we hijack this routine to run custom code.
The trick is simple : hijack usual code flow, run our code, and make sure everything else goes as intended.

At $FF80 is this code :
Code: [Select]
ld a, $C3
ldh [$FF46], a
which we overwrite with
Code: [Select]
call $DF00
ld [hl], a

Pokémon R/B/Y allocate $DF00 to $DFFF to be stack space. However, during usual play, I never experienced the game using more than ~100 bytes at once. This leaves us with more than 128 bytes for code storage !
Code: [Select]
ld a, $76 ; Hall of Fame map ID
ld [$D365], a ; Door mats exit
ld hl, $FF46 ; OAM DMA
ld a, $C3
ret
This code essentially sets all door mats exits to warp Red to the Hall of Fame. Pretty neato, huh ?
This is a half gameshark emulator, because it can't set a value mid-frame. However, it is cartswap-friendly, using for example the following setup :


The data at $D163 and $D31D set up 8F properly, I'll just skip explaining them.

The code at $D53B is a bigger deal.
Code: [Select]
PartialInit:: ; $D53B
  ld hl, Init
; Real init function. We copy it to RAM for patching.
  ld de, $DF0B
; Routine copy location.
  ld bc, $0049
; How large the target code is : 73 bytes !
; We will append a jump to end it later.
  call CopyData
  ld a, $10
  ldh [$FFFF], a
; Only enable joypad interrupt.
; It should pop instantly, but it doesn't crash, phew !
  rlca
; a = $20
  ldh [$FF00], a
; Select Dpad
  dec a
; a = $1F
; Patch WRAM clear size to not clear $DF00 onwards.
  ld [$DF0B+$2B], a
; Write part of the "return" address.
  ld [$DF0B+$3F], a
  ld a, $8A
; Patch HRAM clear code to not clear patched DMA code.
  ld [$DF0B+$38], a
; It will clear past HRAM, but no problem.
  ld a, $C3
; JP instruction.
  ld [$DF0B+$3D], a
  ld a, $A1
  ld [$DF0B+$3E], a
; Patch DMA writing with returning to ROM code.
  jp $DF0B
; Jump to patched init. Cartswap is complete.
« Last Edit: February 11, 2017, 03:29:49 pm by ISSOtm »
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

MarcinTVP8

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Using 8F to ACE other games
« Reply #1 on: February 11, 2017, 02:27:28 pm »
Sorry, but I don't see an attachment attached here.

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Using 8F to ACE other games
« Reply #2 on: February 11, 2017, 03:29:46 pm »
That's because there were none :D
Now there is one. Thanks for correcting stupid me.
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)