Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Sanqui

Pages: [1] 2
1
Emulation & ROM Hacking / Re: Anatomy of an e-Reader Mystery Event
« on: November 23, 2014, 05:50:29 pm »
I'm also interested in the gen 3 distribution ROMs, though I doubt we'll see those until hell freezes over. The only one known to exist outside of Nintendo is in the hands of a collector who paid like £200 for it on ebay. It's also bolted inside the GBASP it came with.
One of my friends owns a Gen 3 distribution cartridge or two.  I didn't realize they weren't dumped - I could totally borrow them and dump them with my DS.
2
Generation I Glitch Discussion / Re: Brock Through Walls
« on: August 20, 2014, 03:22:51 am »
Edit: So from my conversation with Sanky, apparently PP 16 and 36 only worked because of a coincidence. Move 2's PP should be 36, and move 3's PP should be 16, not the other way round.
Still wrong..  Sigh.

By the way, Bulbasaur needs to be last in your party menu when you flash it.

I think we should edit/remove some posts from this thread to make sure nobody else gets confused again.
3
The Dumpster Out Back / Re: Brock Through Walls
« on: August 19, 2014, 04:15:48 pm »
Move 2's PP should be 36, and move 3's PP should be 16, not the other way round.
That's right.  Sorry for the confusion.
By the way, if you have multiple Pokémon, Bulbasaur (or whoever has the right PP) needs to be last when you flash your Pokémon menu.
4
Generation I Glitch Discussion / Re: Brock Through Walls
« on: August 19, 2014, 03:27:30 pm »
Thanks for the address (and also the route!). I can verify that gets written to, but even after menu-flashing, it still might not work, but apparently if you catch a Pokémon before doing it, it may work, hmm.
That's actually really odd.  Can I have a save right before the glitch with the plain Bulbasaur setup that doesn't work?

EDIT: P.S. I added you on Skype so we can talk faster.
5
Generation I Glitch Discussion / Re: Brock Through Walls
« on: August 19, 2014, 02:37:03 pm »
The coordinates need to be at a memory location which ends with 2, 6, A, or E.  The 2nd move's PP is located at D02E, so the game matches the coordinates there.  The next two bytes read (4th move's PP and level) are read as the route pointer ($0800 in the Bulbasaur route).
That's an in battle address and the glitch works with 00s there. PP move 2 for Pokémon 1 is at D189/A so I'm confused, because it seems to be the first coordinate address that counts according to what you just posted.

There is a copy of this data at AF52 though, which should be save data as it's in SRAM.

Still, when I swap Bulbasaur to #02 and don't save (leaving AF52 as it is) the glitch doesn't work.  :???:

Also, after playing around with switching Bulbasaur the glitch stopped working. Why is this?

Sorry for so many questions. It's just these problems are hurtful for speedrunning, like ThomazSDA and I just started a new game and got the requirements on Bulbasaur, but the glitch wouldn't work.
I'm kind of confused by what you did, haha, and I might've made some mistakes during my explanation.  Here's a brief speedrunning route by Shenanagans_, including the correct requirements.  I've just ran it in the past hour.
The reason it works is, when you menuflash Bulbasaur, its data gets copied to CF98 (the disassembly doesn't have a name for this).  The 2nd move PP is then located at CFB6 (sorry, I was wrong earlier with D02E), which works for the exploit.
Sorry about the confusion.
6
Generation I Glitch Discussion / Re: Brock Through Walls
« on: August 19, 2014, 02:04:58 pm »
This results in the game finding the player coordinates in memory as the PP (the coords need to be at xxx2, xxx6, xxxA, or xxxE)

I don't get what you mean. I notice that at the tile one step right from the NPC, my coordinates according to D361-D362, D364-D365 are y=16 (hex:10), x=36 (hex:24), y block= 00 x block=00 though, and that matches up with Bulbasaur's second and third move PP (0x24, 0x10).

The coordinates need to be at a memory location which ends with 2, 6, A, or E.  The 2nd move's PP is located at D02E, so the game matches the coordinates there.  The next two bytes read (4th move's PP and level) are read as the path pointer ($0800 in the Bulbasaur route).
7
Generation I Glitch Discussion / Brock Through Walls
« on: August 19, 2014, 03:04:56 am »
This is a relatively easy glitch which lets you walk through walls as early as Brock skip.  Basically, performing the Brock skip and then speaking to the guy who leads you the gym from the right, while having a specific setup, activates a walk through walls state.
You can see it in action in this WR run: https://www.youtube.com/watch?v=LqbsGKH5mQE

How this works is as follows.  When the guy's script activates, the game searches through a table of coordinates and pointers to figure out your initial movement.  However, the developers didn't account for you standing to the right of him, so there's no path defined.  Usually, if you try to speak to him without any preparation, the game will softlock, since it can't find your coordinates anywhere in memory.  However, with a little setup, you can prop the game to find your position and read an invalid path.
The method used in this run requires having a Lv. 8 Bulbasaur with 16 Tackle PP and 36 Growl PP, having the moves in the 2nd and 3rd slot.  You also need to look at its stats screen.  This results in the game finding the player coordinates in memory as the PP (the coords need to be at xxx2, xxx6, xxxA, or xxxE), and reading the next two bytes (4rd PP and level) as a pointer to the path.  $800 happens to be an useful glitch path, which overflows and overwrites the "disallowed buttons" variable, letting you walk through walls.

Cheers to 0xwas for demonstrating this on the Japanese version (where the setup is more trivial), MrWint for explaining how the glitch works, myself for figuring out the details again (Kappa), Dabomstew for figuring out the Bulbasaur setup, and Shenanagans other routing and doing the run.  Great job all around!
8
Generation VI Glitch Discussion / Re: Bad Egg in XY?
« on: August 13, 2014, 04:00:26 am »
ダメタマゴ (dame tamago) indeed does stand for Bad Egg.  Cool find, but not surprising, given there are tools to modify saves and RAM of X/Y already.
9
I have my own pet definitions of the terms "bug", "glitch", and "exploit".

A bug is a simple programming mistake, which may or may not have consequences.  For example:
  • The fact that you can encounter Pokémon on the Cinnabar Island shore is a bug, because the tiles are wrongly treated as non-water tiles.
  • The fact that switching the first and second move of a Transformed Ditto actually swaps Transform after the battle too is a bug, because the moves should be restored in the original order after Transform ends.
A glitch is undefined behavior.   For example:
  • Missingno. itself is a glich, because unintended data is read as Pokémon data.  There is no bug involved, the situation is unaccounted for because it should not happen in the first place.
  • The Cooltrainer move is a glitch, because a Pokémon can never have a move 0 in the first slot.  The effects caused by the game trying to read the 256th name are glitches.
An exploit is abusing an oversight, bug, or glitch for an in-game advantage.  For example:
  • Intentionally cloning the seventh item in your inventory by encountering Missingno. is an exploit.
  • Using the Cooltrainer glitch to change the opposing Pokémon species so you can catch it is an exploit.

Due to this, I disagree with Torchickens that glitches are "problems that need fixing".  By my nomenclature, glitches are ultimately caused by bugs, which need to be fixed.
10
text pointer manipulation..

Just curious. Has this been used in a way to save time? The closest thing that comes to my mind is via save corruption, where the level script pointer may be changed in Red's room to activate the Hall of Fame script.
Yes, actually.  MrWint's very recent 151 TAS has introduced it, and uses it to tweak trainers and items on the map into Pokémon.  It has been implemented into the current 151 RTA speedrun route already, too.
11
Honestly, I'd say gen 1 has just the right variety of interesting non-breaking glitches which can be studied, understood, and abused, without actually breaking the game.  For example, with a well defined "no arbitrary execution" rule, a "Catch 'em all" 151 speedrun shows off the great variety of useful glitches in Pokémon Red/Blue without diverging into monotony.  Trainer fly, experience underflow, Missingno. item duplication, item underflow, Old man exploit, Cooltrainer, text pointer manipulation..  You name it and it's a memorable, non-game-breaking exploit with interesting properties.  Many other quirks and mechanics of gen 1 are also impressively in-depth, such as "dsum manipulation", which lets you RNG manipulate to encounter the wild Pokémon you want, quickly.

Understandably, later generations, being more solid in their coding, mostly lack these interesting properties.  I can pretty much only note one notable glitch per later generations:
* Gen 2 - Coin Case glitch
* Gen 3 - Pomeg glitch
* Gen 4 - Tweaking
These three glitches lead into other interesting exploits, which are fun to study and play with, but they're alone.
I can't even think of any particularly useful or interesting glitch in gen 5, let alone gen 6.
For these reasons, Gen 1 is, and will probably stay, the premier glitching generation.  (that sounds so stupid...)
12
Check out Shenanagans' Pokémon Gold run at SGDQ, using the power of the coin case to beat the game in 40 minutes: https://www.youtube.com/watch?v=XaSg_mWVOUM
13
Just want to put a reminder here that the low 16 bits of the PID can't change, as that'll definitely mess up the checksum.

What do you mean by low 16 bits? There are 16 bits in the whole PID because it is four bytes. Do you mean the first 8 bits?
A byte is 8 bits.  The PID is 32 bits long (4 bytes).  While the checksum is 16 bits (2 bytes).  So if any the least significant 16 bits (two bytes) of the PID change, the checksum will come out differently.
14
This is amazing progress and you're all great.  Thank you for the detailed explanation, ZZAZZ!

Just want to put a reminder here that the low 16 bits of the PID can't change, as that'll definitely mess up the checksum.
15
Since the 30th bit of PV got changed, every 6th bit of bytes that mod 4 equals 3 got changed. This means that held item, experience points, 2nd move, 4th move, 4th move's PP, speed EV, beauty condition, feel condition, pokeball caught and egg status (this explains why you always got it in egg form) got changed.
Exactly this.  And the only bits of the PID that *may* change are the top 16 ones (otherwise the checksum won't match). 
Because the PID XORs the substructures, and the bit in the PID has changed, the same bit will change every 32 bits of the substructures.
So every second or third byte (zero-indexed) of the substructures will be changed accordingly (usually resulting in stuff like the glich items or second moves).
Pages: [1] 2