Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Evie the Bird Mother 🌸 ☽

Pages: [1] 2 3 ... 249
1
Video Games Discussion / General/random game discussions
« on: Yesterday at 08:44:20 pm »
Recently I've been listening to the music from a game called Ihatovo Monogatari. It was composed by Tsukasa Tawada; the same person who worked on Pokémon Colosseum and Pokémon XD; so it has some lovely majestic sounding music. It received a Satellaview version as well.

I don't have much else to say however as I don't know much about the game yet; so I decided to start this as a general thread to chat about recent games we've gotten into.

Edit: More regarding that video game composer, if you have a Switch Online subscription and a Switch you may be able to easily play one of his other non-Pokémon games he's composed for, called Earth Defense Force for SNES on the selection of SNES games. I feel this one sounds quite like something from Pokémon Colosseum/XD. https://www.youtube.com/watch?v=EWc7TdV2b4w&list=PL04FE1288F70772BA&index=2
2
Multimedia Discussion / Re: Recent purchases
« on: Yesterday at 08:23:27 pm »
Bought Bazaru de Gozaru aka Bazaar de Gosāru, Bazar dé Gozzare (obscure Game Freak game about a monkey who became a PC-Engine mascot and is featured in lots of merchandise commercials). It's great condition and I plan to transcribe some stuff from the manual.

I decided to buy a couple of Game Freak's other games as well; Mario & Wario and Click Medic but they haven't arrived yet. To complete my Game Freak collection I need to buy the following when money comes in: Smart Ball, Magical Tarurūto-kun, Nontan to Issho: Kuru-Kuru Puzzle, Bushi Seiryūden: Futari no Yūsha, Tembo the Badass Elephant,   Giga Wrecker (the original version and not Giga Wrecker Alt).
3
Interesting! :) Didn't know you could do this.
4
General Discussion / Re: Thread for Old Heads
« on: June 28, 2020, 05:17:29 pm »
Nice thread. :)

Hmm, I joined the GCL forums in 2006 as Torchickens. Originally my grammar wasn't very good/my writing style was different. I was also quite young. I wasn't quite enough an oldbie to have been around since the Professor Glitch forums and the even earlier sites (except as the temporary forum) and its predecessors, though.

Learning about the glitches here eventually lead to an overall interest in Pokémon glitches, unused content and lead to my YouTube channel ChickasaurusGL (originally it was one of two channels; the other was a now abandoned channel on Runescape called ChickasaurusRS), and before that Chickasaurus which I closed. I met a lot of the users on GCL still active now, and others that left. I hardly knew much at all about glitching originally.

I also liked posting in some other non-glitch related boards, and until I started identifying as a trans woman, I identified as male (also in my old YouTube channel content). I made a few tiny edits to another wiki I think Abwayax hosted called Infinitypedia for fan created universes, but nothing much.

When Glitch City became a wiki I enjoyed editing it, but when Glitch City Laboratories went down for a long time eventually the old forum was reopened. I became a staff member on GCLF and eventually an admin until I demoted myself. I got this wiki affiliated with the sites on the sidebar.

I wasn't the sort to use IRC/wasn't savvy with it, so most of my time here was just on the forums. Eventually GCL got its Discord, which I check but still get shy and don't post on very often. When TCRF got popular I started checking/adding a few things to the Pokémon articles, and on that note I remember Skeetendo and the disassembly projects when they were a lot newer; anything there was too complex for me and although they're less so now I'm still not very good at programming/hacking.

Answering your questions: If it wasn't for Glitch City I actually may have stopped playing/abandoned the Pokémon series after Diamond/Pearl, though a friend was into it at school. I left school and got a degree at university and do volunteer work, still play games, contribute to projects (usually YouTube and wikis) time to time. I also studied some Japanese evening classes for several years but don't retain much, and tried a TEFL course. I'm quite shy though, otherwise ambiverted (only talkative at certain times), so I'm unsure in the context of how GCLF changed my life, but it's given a lot of meaning with the endless amounts of things to do with glitches in free time.

It was 2006 when I joined, so it's been about 14 years since I joined. I have my own place now, and live alone other than to visit family. I have a lot more games now (too many), and in 2010 got into a series called Densetsu no Stafy to study a series other than Pokémon and edit a wiki about it, and about that same time I got into reading about other Nintendo games.
5
Yeah :( getting 0xEC and 0xF4 without GameShark is trickier/needs more precise requirements, but you can get it with arbitrary code execution (see this post and TheZZAZZGlitch's reply where you can use quantities 236 and 244) or Rival LOL glitch if not afraid to use them. Other options are possibly specifically made non-Rival name CoolTrainers/LGs and the remaining HP glitch, international Fossil Conversion glitch, connection copier, possibly bad PC boxes [all except the last and specific non-Rival 0xEC/0xF4 CT/LG are on the wiki. On that note luckytyphlosion shared CoolTrainer logs which I mirrored here https://sites.google.com/site/torchickens2/glitch-city-laboratories-resources  but for Red/Blue and I'm unsure if he ever did any for Yellow. I can teach how to use the Red/Blue ones, though.]. Note for the ones that display the Pokédex entry it's good to register Pidgeotto in advance, in case the Pokédex entry freezes the game (which just happened to me while testing).

I'm unsure of a step by step method from sprite corruption sorry, but you can also enter the Hall of Fame for the first time and register 0xEC and 0xF4 there. ^^ The corruption essentially only occurs if Hall of Fame data [as in accessible from the PC, not just corruption before you can access it I don't think] already exists (maybe technically it does corrupt but maybe the new entry re-initialises it with the Pokémon you actually had in the party, regardless if they're glitch Pokémon or not) . With the expanded inventory you can change D364 (item 36 quantity) to x118 to warp directly to the Hall of Fame room if you prefer, to register there without battling the Elite Four and Champion.

Unfortunately on the induction 0xEC as the first entry just played the Game Corner music, while 0xF4 made some corruption to the music (not changing the current track or playing a partial song but corrupting music channels) and played a cry, but not enough for any visible changes (unlike with the party status). With 0xEC as the second entry that may have made some music corruption like 0xEC as the first entry too. Viewing the Hall of Fame from the PC option didn't result in visible corruption either (I think I tried it with them as both entry 1 and 2 too, but still there was no visible corruption).

So from what I tried it does less corruption this way and it might not be possible to get unique visual effects/only music/Hall of Fame corruption, sorry. :(
 
6
Thanks for this, Flashlight. :)

I think with sprite dimensions, with the exception of 0 (which is read as x256), the game reads dimensions of 8, 9, 10, 11, 12, 13, 14 or 15 as if it was a valid dimension, possibly 7 (56x56 pixels). However, I don't have a more thorough answer to what actually happens when the game encounters a dimension of 8-15.

Type 0xFF (at least in name, but most if not all glitch types [not sure about $09-$13 and $80-$9A though]) apparently work the same if I remember from another post here) may be the same as glitch 0x7F (0xFF-0x80). I think the ones from $80-$FF except those used on (used Dex number) glitch Pokémon were omitted for this reason, but maybe we could add the ones from unused Dex numbers in addition to the used ones.

Cool, thanks for confirming re: TM/HM flags :). The reason why you have to read them right to left depends on the converter, as some like Windows Calculator print them in highest bit to lowest bit order (which leads to bit 0x7, bit 0x6 (...) first instead of bit 0x0, bit 0x1 (...) first).

Note there is the possibility HM06 (last byte's eighth bit or hexadecimal 0x7) still may have never been intended. Here a bit is effectively from lowest to highest 2^0 (first bit), 2^1 (second bit) and so on, and modern computers (with Game Boy counting) use eight bits in a byte; 2^8 is 256. This is a convenient way to store the data without using too many bytes (or the data structure could have been like [1st byte] (...) [55th byte] or having too many possible glitch entries if the engine would allow it with that change (though with this said, maybe you can access 'glitch HMs' like HM06+ through other more elaborate means?)

However, there is an unused field move (the third one internally after Fly and before Surf https://hax.iimarckus.org/topic/684/ ) if you force a Pokémon to have move 0xB4. In the past it's been speculated this linked to unused "Ground rose up somewhere!" text but the text doesn't mention a move in both EN and JP versions.  I remember trying the unused field move in Red/Green and it did seemingly nothing, but in the English version it worked like Surf?

The seen/own Pokédex flags also work this way (if I remember there are 19 bytes for seen and 19 bytes for own, and 19*8 is 152); and this goes as far as if that flag is set a Pokémon or glitch Pokémon will appear as No. 152 in the Pokédex, you can scroll to it too (not just through the Pokédex with 0 seen/own glitch or modifying the cursor manually) and it varies based on the language of the game and version.

Edit: Here are the glitch experience group formulas, (the file download GlitchExperienceGroups (1).png.) TheZZAZZGlitch originally made the image after posting how glitch experience groups work. https://sites.google.com/site/torchickens2/glitch-city-laboratories-resources (see also this thread https://forums.glitchcity.info/index.php?topic=6588.0 )
7
This thread will link to resources which reveal the pointers for things like 'out of bounds' item effects, move effects, and so on. The pointer tables are sorted by index number and pointer, so we can research them precisely and find arbitrary code executions.

(For now this thread is really short but I'm working on filling it up. Feel free to add any lists and would really appreciate ^^)

Using the SYM files (entrpntr's https://github.com/entrpntr/symfiles and my outdated ones https://sites.google.com/site/torchickens2/sym-files ) and the disassembly projects as a guide I'd like to cover as many 'glitch things' where the game does things like 'jp hl' or another means of accessing the pointer as possible.

For now, I'll only post pointers and past Pastebin dumps etc., but later I might post dumps of the actual code of the items and so on. Additionally in this thread, I'll post dumps of the Generation I (and later maybe other generations) base data structures for Pokédex No. 000-255. This should help with the unused glitch Pokémon families you need Game Genie/patching for, and any missing data for the other glitch Pokémon currently omitted on the wiki.

Generation I:

EN Red/Blue:

Pokédex base structure: Begins at $383DE in both EN Red and Yellow. 0x0383DE + (PkmnNo. − 1) × 0x1C will lead you to the offset for data for Pokémon (and glitch Pokémon) with the specified Pokédex number. The structure is documented at https://hax.iimarckus.org/files/missingno_explained.html and Bulbapedia http://bulbapedia.bulbagarden.net/wiki/Pok%C3%A9mon_base_stats_data_structure_in_Generation_I

(Dump of $100x$1C bytes: https://pastebin.com/yj0xLZFn (dumped by me))

Level up data and evolution data: Taken from the pointer table described with the data structure in this post https://forums.glitchcity.info/index.php?topic=5217.0 (to-do: add dump)

Item effect pointers: https://pastebin.com/KNBmC60Z (dumped by luckytyphlosion)
Type name pointers: https://pastebin.com/dYE9ZFNX (dumped by me)

Cry data by Pokémon index number (not Dex order): 0x39446 https://hax.iimarckus.org/topic/581/ (to-do: dump)

Menu sprite icon used (Pokédex order): $7190D one nybble per entry (source: https://hax.iimarckus.org/topic/637/ ) (to-do: dump)

Palette used for Pokémon on SGB: 0x725c8 (Pokédex order): Source: https://hax.iimarckus.org/topic/109/

Box SRAM pointers: (Add)

Encounter data by map pointers: (Add)

EN Yellow:

Pokédex base structure: Works like in EN Red.

(Dump of $100x$1C bytes: https://pastebin.com/KRUTtecC (dumped by me))

Level up data and evolution data: Taken from the pointer table described with the data structure in this post https://forums.glitchcity.info/index.php?topic=5217.0 (to-do: add dump)

Item effect pointers: https://pastebin.com/4Z9ygjcQ (dumped by luckytyphlosion)
Type name pointers: https://pastebin.com/dYE9ZFNX (dumped by me)

Cry data by Pokémon index number (not Dex order): 0x39462 https://hax.iimarckus.org/topic/581/ (to-do: dump)

Box SRAM pointers: (Add)

Encounter data by map pointers: (Add)

Palette used for Pokémon on SGB or GBC: (Add)

Generation II:

EN Gold:

(;These need documentation of the data structure)
Phone contact scripts: https://pastebin.com/cTPhrUpj (dumped by me)

EN Crystal:

Pokédex sorting script pointers: https://pastebin.com/rJc54xsG (dumped by luckytyphlosion)

Phone contact script pointers: https://pastebin.com/amJbgb72 (dumped by me)

JP Crystal:

Wrong pocket TM/HM pointers: https://pastebin.com/vMa147xv (dumped by me)

Generation III:

(Empty for now)

Generation IV+:

(Also empty)

I don't know the Nintendo DS architecture enough to know how these work (if glitch things are generally from extrapolations like Generations I, II, [III?]).
8
Generation I Glitch Discussion / New(?) powerful non-ACE glitch
« on: June 20, 2020, 02:24:07 pm »
Not sure what to call this exploit, and wonder if anyone else knows it yet. Maybe I'll call it "box breaker". It's a little like the glitch mart pwner, because it's a customisable buffer overflow. You can corrupt your name and party Pokémon too, but with more freedom than Super Glitch as this data is taken from the last Pokémon data in the box.

Basically, this glitch involves bad storage boxes. There is a way to precisely access boxes beyond box 12, and that is by touching memory address D5A0 with dry underflow glitch but set up in the items PC. It will be one of the item quantities representing your box number, which for this glitch (but you can do many more things in theory!) you can change to 0D (x13) or 8D (x141), placing you in box 14. From there, changing the box to itself will update DA80 (current box contents).

In order to retrieve a PC box, the game grabs a pointer (which is meant to be in SRAM) and copies it into DA80. However, for box 14 hl is CD7A (in RAM, not SRAM! which soon contains things like the last mart items @cf7b) when de is DA80 so the game copies content beginning from CD7A, nice.

However, in the process there is a buffer overflow, and data around that afrea (CD7A, maybe actually starting somewhere else) is corrupted based on the last contents of the box. So you can start on a valid box with your own Pokémon, and use that to affect the result once you modify D5A0 to the invalid box. By setting a breakpoint in BGB debugger for a convenient address like D059 (the encounter once the box is closed) or D157 (player name), you can find the source (+1) in hl while the pointer (D059/D157 etc.) is in de.

In these cases, DD60 affects D059 (last character in Trainer name for 5th Pokémon, followed by first character for 6th Pokémon) and DE5E (nickname for 9th Pokémon first character) affects D157.  In other words, we can change our name to match the 9th Pokémon (which can be renamed with the Name Rater), including names over 7 characters (however, you can only have a maximum of 10 or 11+ will delete the save) and then use the new name to encounter different Pokémon with the old man glitch. Old man glitch is also more efficient in this case. Another idea might be to name yourself a glitch Pokémon with invalid characters, to get Pokémon like Mew (0x15 character)). You can do anything you want RAM write-wise with arbitrary code execution and connection copier already, so this is another means.

Additionally, Pokémon 18's Speed EV lower byte (DCDF) affects CFD8! Maybe with enough manipulation you can catch anything you want with this (and not restricted to IDs 1-199), unless the Pokémon's experience group freezes the game (only applies to a few glitch Pokémon in Yellow where I haven't tested porting the glitch to yet).

Another idea might be to simply directly change the Pokémon in your party. DE6B (nickname for 10th Pokémon 3rd character) seems to touch D164, however the name input characters are usually $80+, making some Pokémon inaccessible. However, somehow I was able to have a past Level 100 Mewtwo in my party and because the terminators were broken, I could keep depositing the top Mewtwo which filled over 7 boxes. So this is also a cartridge mass cloning glitch as an alternative to the Virtual Console Poké Transporter one.

Another use of this glitch is withdrawing the Pokémon in the glitch storage boxes (but you have to be careful to avoid freezes). So if the Pokémon were taken from RAM, maybe with enough luck there might be a glitch to convert an item quantity into a PC Pokémon or similar?


Edit: So the pointers that get corrupted can vary by the invalid box you choose. There are some quite interesting ones in Red, from my notes

10 get "trainer" glitch mon in day care
15 write to cd38 based on db3a(?)
1a f622 (interesting, event flags) also 1e
1b dc43 mew from afe2? [3:b1a4]
27 fa7a
28 c050
29 ffcc  (pokemon 1 speed ev lower byte must be 00 daae so fff9 not set disabling controls]
2b cdd6
2d 8012 (vram corruption; break some sprites)
2e disables buttons
32 cd3e freeze
34 7e14 touches vram 8000+
35 cd13 freeze
3c cdb7
3f another wtw enabling can open start but cursor broke
42 e551 - tile corruption bgmap2?
4b cd05
52 cd1b freeze
55 cdbb
5d cb8f semi freeze
68 facd
69 d5a1 [find map warp address source]
6a 7fe7 touches vram
6d cc2b
71 cd0a
73 d422
74 cd7a
79 cd08
7b f622
7c afe2/??
7f c122

I did a few extra tests for those indices and the box data was again sourced as the data to write to the pointer (i.e. like in 15). Maybe all of them take the box data and write it to the pointer. The ones above D3/F3 like f622 are interesting, and other than through glitch meta map scripts/other glitch map related things you don't see corruption of event flags very often. Of note is also 29 (ffcc), which writes to the HRAM. If FFF9 is 00, the buttons won't be disabled, but other than text boxes all bringing up the Pokémon Center text there were only a few graphical glitches.

9
Pokémon Discussion / Re: Shared Game Freak song elements
« on: June 20, 2020, 01:08:06 pm »
Nice post! ^^ Thanks.

edit: maybe the sound effect from this song and Hydreigon's original cry?
10
Nice work. Actually I think some users studied the non-English version glitch Pokémon in the past, but the research is scattered around the forum and may be incomplete. There was also a document by danny extensively covering the Japanese glitch Pokémon (excuse the message at the beginning of the document) https://docs.google.com/document/d/1UXh27xFgGqrrxKJx-afoqZ22ROe_X1Ex-oU9KTWxkGM

Answering your questions,

1. 0x0383DE is an offset and 0x0000-0xFFFF is a pointer, which is different. To view an offset you need to open the ROM with a hex editor, such as the freeware HxD, and then go to that offset.
2. In theory you convert each byte into binary (you can do it with Windows Calculator), and then the first bit from lowest to highest is TM01, the second is TM02, and so on. The commented out data is based on that theory as I don't know either, but checking the TM/HMs by hand will confirm if it's right. Photon-Phoenix and Yuzihax converted them in the past but for GSC glitch Pokémon, I think.
 
11
Hello all,
after reading the documentation here:
https://glitchcity.info/wiki/List_of_revision_differences_in_the_core_Pok%C3%A9mon_games

It says Pokemon Blue had a version "1M". I've never seen any other Gameboy cartridge have a single digit code. and the M would imply Pokemon Blue had 3 version not 2; version 1, 2 and version 13?

I cannot find anywhere else on the web that talks about this mysterious 1M cartridge. I was hoping someone might be able to shed some more light onto it.

Thanks so much!

Hi! The table describes the imprint. Some aren't necessarily different in terms of the ROM/code (there are more imprints than those with a different ROM).



However, it's interesting there is a 1M imprint, and I wonder if it is different like you said.

The original source of that table was from 伝説のスターブロブ2 and was about the Japanese versions of Red/Green (not Blue). Unfortunately I can no longer locate the exact link, but a Japanese wiki mirrored it. In Red/Green, there was a v1.0 and a v1.1 in terms of ROM differences, as for there being four Japanese Yellow versions (v1.0, v1.1, v1.2, v1.3) (with the differences being described on that page).
12
I got up to Goldenrod Radio Tower on my dead battery Crystal without saving and it worked. :) It was a Sandshrew even though my only Pokémon were Croconaw and Togepi Egg. https://www.youtube.com/watch?v=_iiE1OZFoL8 On the route I bought some Poké Balls to see if anything happened after putting Pokémon in the boxes if I didn't win (e.g. corrupted box 2 like the Hall of Fame SRAM glitch?) but nothing else happened.
13
Yeah, I remember (when I used emulators) that in BizHawk, SRAM values are seemingly random if you start a game which has never had a save file, or have even cleared one with Up+Select+B; which allowed for different Pokémon Communication Center SRAM glitches and freezes in Japanese Crystal. (This also seemed to occur on my physical dead battery Japanese Crystal). So perhaps like CasualPokePlayer said, if you don't save or clear with Up+Select+B (or maybe use a dead battery cart), you have a random chance to get a match from a Pokémon that doesn't exist?

Wow cool, I didn't know Lucky Number Show was used in Mobile System GB/was planned to be used.
14
Thanks for your research Flashlight! ^^ I'll add your backsprite to the wiki. I'm currently grinding Yellow encounters, there are a lot of glitch battles/corrupted battle modes.
Weirdly, when using the Pidgey dex number code for Mew (970-47A-A2A), instead of anything pointing to Mew, you get a pokemon with the starting moves: Pay Day, TM37, Clamp, and Thunderpunch. Must be one of the "Unused wrong bank sprites 1-151" families you've mentioned in the newly-created FamilyDex article.

Good point. Actually now that you mention it, I've read the real Mew's base stats are located elsewhere in Red/Blue, but are at the expected place in Yellow. This may be why using its Pokédex number on the iimarckus.org link equation ( https://hax.iimarckus.org/files/missingno_explained.html ) seems to form a new glitch Pokémon. It's interesting because that breaks the 'two Pokémon with the same number have the same base stats and starting moves' rule.

In Yellow however, it may be different; using 151 gives you a Psychic-type Pokémon with Pound as its starting move, but may have a broken sprite; so I suppose that 151 fits more in the wrong bank sprite category, while Red/Blue's no Mew 151 is more like 152 and the rest.

Also of note I think because (none starting) learnsets/evolutions are taken from the index number not the Dex number, the Pokémon may still have some of the original Pokémon's moves (this is in addition to the cry which is [normally unless glitch battle or bad sound bank] unchanged too). I haven't tried evolutions though, so unsure if they work.
15
I've added a new FamilyDex with your information and some more details. It needs some more research like what colour 0xBF (if I got it right) is, and a screenshot of its back sprite and possible non-freezing front sprites if you lock the sound banks with 0108EFC0 and 0108F0C0. https://glitchcity.info/wiki/FamilyDex/RB:152
Pages: [1] 2 3 ... 249