Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Sanqui

Pages: [1] 2
Site Announcements / Re: SEE YOU SPACE COWBOY...
« on: July 14, 2020, 06:22:28 am »
This is absolutely an end of an era.

Glitch City Laboratories has been a part of many childhoods, including mine.  The entire concept of glitches in Pokémon games had a huge impact on my life.  I would even say it was a big contributor to the career I have taken, that is computer engineering.  The sense of mystery and wonder and a look behind the curtains one would get when following early MissingNo. tutorials and experiencing glitches for the first time was unparalleled.  I would say no game can offer an experience like this today.  Among the many emotions glitches would cause, one of the more interesting ones is a sense of awe and even fear.  As a kid, I didn't have a Game Boy, I played the Pokémon games on emulator, but even then I had real fear over corrupting the game state.  At some point I would even have (light) nightmares of the game glitching up too much as a result of me toying with it and erasing my progress.  I believe I was not the only one to have experienced such feelings, this was a very real risk to people playing on a real Game Boy.  The black background on TRSRockin' and spooky pictures of MissingNo as a ghost...  the culture of figuring out new creepy glitches...  following incomplete writeups on the internet, trying to discern what was real and what was a fake tale of Poké Gods... there was an unparalleled culture of mysticism, and I would read up on every last bit there was.

From the same Czech Pokémon fansite I would download Pokémon ROMs, there were also ROM hacks available.  At the time, they were primitive changes of text, maps, and sprites, sometimes even vulgar, but I would not understand that back then, with my limited English likely contributing to that.  Nonetheless, these hacks fascinated me, the idea of modifying the game to my liking being tantalizing.  The same website also offered simple tools like starter and map editors.  They would often corrupt the game, but I enjoyed using them and making simple hacks to my own amusement.  My skills would slowly grow as I would learn to use a hex editor to make text changes, dreaming of making a Czech translation of the Pokémon games.  Tutorials on the internet taught me to read hexadecimal and even understand how pointers work.  Remember Pokémon Diamond and Jade?  In 2008, a community of fans of this Game Boy game got together and I put my basic skills to real use in collaborating on a translation patch of original game, Keitai Denjuu Telefang, into English.

As the years went on, so would my maturity, but Pokémon stayed a big part of my life.  I learned to code, in simple C, in PHP, in Python.  I would hone those skills on making simple dumps of game data.  I learned Game Boy assembly to fix a frustrating glitch in our Telefang translation patch.  I would put this skill to use in Pokémon, too.  One of my earliest "ASM" ROM Hacks was a Nuzlocke hack for Pokémon Red, which I wrote by hand in a hex editor.  I made that back in 2011!  It was an important accomplishment to me.

Soon afterwards, I discovered the work in progress Pokémon disassembly project.  I saw the importance and joined the effort, making my own hacks along the way.  There is even one hack I sank a lot of effort into and kept secret until release, which never happened...  I also made the Pokémon Red randomizer which brings Pokémon from later gens into the game, which is still popular today (seriously, I regularly get emails from people telling me how much they appreciate it).  The point is, I grew intensely familiar with the original Pokémon games on what I would say is an incredibly deep level.  I still say I know the games "inside out".  I can appreciate every little bit of graphics, every note of the music, the revolutionary and timeless game play, the monsters, the engine and its particularities.  Pair that with the culture of glitching close to my heart and the games are and will remain my favorites even as my life has moved on from Pokémon two generations ago.

Understanding the details of the game's internals brings a certain pride with it.  Telling people why and how the MissingNo. glitch works was a favorite of mine (I still want that "Ask me about MissingNo. t-shirt").  And the amount of times I would debunk that "because of how hexadecimal works, the Master Ball has a 1/256 chance to fail" (???) myth!

I remember when arbitrary code execution started being the name of the game.  I was amazed when TheZZAZZGlitch wrote pong just using items!  At that time, I already had plenty of Game Boy projects going on.  I was even writing my own emulator (in Python...) as a thesis in my high school, and I created a simple snake game.  I knew I could accomplish something myself for Pokémon, too.  Gen 1 had been thoroughly studied by the time, so I focused on Gen 2.  Quickly I realized that the Coin Case glitch, which was also called "glitch dimension" at the time due to its tendency to restart in Game Boy mode, had potential.  I brought out bgb and spent hours tracing where the code runs through.  I thought it was silly to document what every individual cry does.  I still think the only reason people even knew the cries affect the result is thanks to the Machop in Vermillion.  These effects were barely interesting!  Nonetheless, I traced the game's execution upon viewing the Coin Case.  I discovered the error the translators made in improperly terminating the dialogue box.  I watched the game hop through memory.  I figured out why Machop's cry is so significant.  A single instruction, left behind by memory values the cry used, a simple `inc sp`, caused the game to change its course and execute other memory.  That memory was the tile or attribute map of the current screen.  I observed it change as I moved around.  I noticed that jump instructions appear.  I prayed for a useful one and my wish was granted, upon a certain movement a jump to the third party Pokémon data appeared.  Bingo, I thought.  Now we have total control.  I further routed the code to the PC box items and published a proof of concept here on GCL.

Others quickly found useful pieces of code as I expected, which made me happy.  The thread grew to 26 pages!  It's silly, but this makes me feel accomplished.  I wasn't done with the Coin Case, though.  At that time, I also watched Pokémon speedruns, perhaps they were even peaking in popularity.  The glitched route to beat Pokémon Gold at the time involved getting a bad clone with a save restart and then using its corrupted stats to walk through walls.  I was never a fan of save corruption glitches, they feel like a cop out.  I knew a useful ACE exploit could be performed much faster if I could run code from PC Box names.  After seeing a slow TAS attempt done with only items, I figured I have to do it myself.  And snatch the RTA world record while I'm at it.

I was not a speedrunner, albeit I had done a few randomizer races.  I came up with a route that was much more complicated than it needed to be, but I was just very happy to have it done.  Catch a Wooper, collect a Return TM, hop into the PC boxes.  My first attempt even involved beating Whitney for friendship and writing there separate series of box names!  My rudimentary notes for that run can be found here.  Writing the box code was a real exercise in restricted coding.  With the instruction set limited to only opcodes that can be represented with the characters available while naming, doing even simple operations was extremely tough.  To perform certain operations, self-rewriting code was even necessary.  This kind of programming, with "holes" in the code filled in by previous code, felt like a complicated puzzle, a highly specialized skill.  My first run with the route was actually slower than the existing world record due to poor execution.  Luckily, others in the Pokémon speedrunning community let me take another shot at the run the next day, and I got to hold the world record in Pokémon Gold Any%.  For approximately 24 hours, because not only others could simply play better than me, but we also got together with other programmers and over time improved the route significantly.  I also got a shout out at SGDQ that year (2014) :)  Today the route involves RNG manipulation together with save corruption again.  I still consider the Coin Case exploit one of my best accomplishments ever :)

I helped figure out some other glitches useful for speedrunning, such as Brock Through Walls, which I believe I have also named, and Glitzer Popping, which I definitely haven't named :p. 

I don't want to toot my horn too much, but there is one more topic I'll touch upon, and that's the whole Spaceworld debacle.

It was a bit over three years ago when __ dropped the link to the Space World '97 demo of Pokémon Gold/Silver into the pret discord.  It was afternoon and I was at an event with our friends—we were taking care of a retro gaming room, a kind of arcade.  The event was just about to end when luckytyphlosion, a friend from the speedrunning community, sent me a link and told me to download it immediately.  I was busy, but it took only one screenshot to convince me to do so.  I couldn't believe what I was seeing.  It was the prototype.  Pokémon Gold before the reboot.  I remember that just a few weeks before then, I was telling people about the rough development Gold/Silver has seen, and how I would give a kidney for a prototype.  And here it was right in front of my eyes.  I remember how I sat on my laptop there simply coordinating and working on this while my friends were packing things around me.  Eventually I was basically surrounded by boxes, but I insisted, this is really important!

Recognizing the significance of this prototype, I set to collect the most acclaimed Pokémon hackers, reverse engineers, translators, and historians in one place in order to dissect this prototype.  I even got veterans who haven't worked on Pokémon stuff for over ten years to come back and participate. I named this group Team Spaceworld and yes, I attempted to restrict the release of the prototype until it was "ready" by our standards.  I intended to do a coordinated release together with a translation patch so that people would get to enjoy it "properly", however vaguely that was defined.  Whether that was a good plan or not is completely moot because the ROM got leaked a mere four days later (not "once it looked like it may not get done" like some people have proclaimed).  Nonetheless, I am still extremely proud of what our group has accomplished in those four days.  We dumped the sprites, the maps, the text, we had a lot of data and translations ready.  The amount of work everybody put together is incredible and I'm still happy about how it went.  Sadly, after the leak, motivation and interest to work on the translation patch waned.  I do put some blame on myself for that.

At no point did I possess anything else, like prototypes or source code, that was not released to the public, except for a bunch of screenshots, and I had nothing to do with the future leaks.  When the recent leaks happened, I was as giddy to dig into them as everybody else, it was quite thrilling.  My sole accomplishment with these is probably the rips of early and unused music tracks.

Yet it's true that these last leaks feel like one last nail on the coffin of the innocent childhood digging into the Pokémon games.  I know our knowledge of the Pokémon games is still not complete, and even recently it still felt like we discover something new now and then (I have contributed to Crystal_'s #OldGenFactOfTheDay hashtag myself), but our collective knowledge is pretty darn big.  Some things are still to be figured out about the game's development.  Not raw code, like the disassemblies, but the human factor in development, which takes a completely different skillset.  I believe Helix Chamber is still working on that, and I admire their determination.  I'm also still waiting for the Game Engine Black Book of Pokémon Red, in the style of Fabien Sanglard's DOOM book.  Or maybe it will be up to me to write it some day—who knows.

I suppose when taken in total, I was never a significant member of the Glitch City Laboratories community per se.  But this place definitely feels important to me, a lot of my work and hobbies revolve around the topic, and my life would have been different if GCL was never here to begin with.  Thanks, everybody, for the good times, and I wish well upon your lives.
There is not enough space in the Game Boy memory to write out the entire game of Red/Blue.
Emulation & ROM Hacking / Re: Anatomy of an e-Reader Mystery Event
« on: November 23, 2014, 05:50:29 pm »
I'm also interested in the gen 3 distribution ROMs, though I doubt we'll see those until hell freezes over. The only one known to exist outside of Nintendo is in the hands of a collector who paid like £200 for it on ebay. It's also bolted inside the GBASP it came with.
One of my friends owns a Gen 3 distribution cartridge or two.  I didn't realize they weren't dumped - I could totally borrow them and dump them with my DS.
Generation I Glitch Discussion / Re: Brock Through Walls
« on: August 20, 2014, 03:22:51 am »
Edit: So from my conversation with Sanky, apparently PP 16 and 36 only worked because of a coincidence. Move 2's PP should be 36, and move 3's PP should be 16, not the other way round.
Still wrong..  Sigh.

By the way, Bulbasaur needs to be last in your party menu when you flash it.

I think we should edit/remove some posts from this thread to make sure nobody else gets confused again.
The Dumpster Out Back / Re: Brock Through Walls
« on: August 19, 2014, 04:15:48 pm »
Move 2's PP should be 36, and move 3's PP should be 16, not the other way round.
That's right.  Sorry for the confusion.
By the way, if you have multiple Pokémon, Bulbasaur (or whoever has the right PP) needs to be last when you flash your Pokémon menu.
Generation I Glitch Discussion / Re: Brock Through Walls
« on: August 19, 2014, 03:27:30 pm »
Thanks for the address (and also the route!). I can verify that gets written to, but even after menu-flashing, it still might not work, but apparently if you catch a Pokémon before doing it, it may work, hmm.
That's actually really odd.  Can I have a save right before the glitch with the plain Bulbasaur setup that doesn't work?

EDIT: P.S. I added you on Skype so we can talk faster.
Generation I Glitch Discussion / Re: Brock Through Walls
« on: August 19, 2014, 02:37:03 pm »
The coordinates need to be at a memory location which ends with 2, 6, A, or E.  The 2nd move's PP is located at D02E, so the game matches the coordinates there.  The next two bytes read (4th move's PP and level) are read as the route pointer ($0800 in the Bulbasaur route).
That's an in battle address and the glitch works with 00s there. PP move 2 for Pokémon 1 is at D189/A so I'm confused, because it seems to be the first coordinate address that counts according to what you just posted.

There is a copy of this data at AF52 though, which should be save data as it's in SRAM.

Still, when I swap Bulbasaur to #02 and don't save (leaving AF52 as it is) the glitch doesn't work.  :???:

Also, after playing around with switching Bulbasaur the glitch stopped working. Why is this?

Sorry for so many questions. It's just these problems are hurtful for speedrunning, like ThomazSDA and I just started a new game and got the requirements on Bulbasaur, but the glitch wouldn't work.
I'm kind of confused by what you did, haha, and I might've made some mistakes during my explanation.  Here's a brief speedrunning route by Shenanagans_, including the correct requirements.  I've just ran it in the past hour.
The reason it works is, when you menuflash Bulbasaur, its data gets copied to CF98 (the disassembly doesn't have a name for this).  The 2nd move PP is then located at CFB6 (sorry, I was wrong earlier with D02E), which works for the exploit.
Sorry about the confusion.
Generation I Glitch Discussion / Re: Brock Through Walls
« on: August 19, 2014, 02:04:58 pm »
This results in the game finding the player coordinates in memory as the PP (the coords need to be at xxx2, xxx6, xxxA, or xxxE)

I don't get what you mean. I notice that at the tile one step right from the NPC, my coordinates according to D361-D362, D364-D365 are y=16 (hex:10), x=36 (hex:24), y block= 00 x block=00 though, and that matches up with Bulbasaur's second and third move PP (0x24, 0x10).

The coordinates need to be at a memory location which ends with 2, 6, A, or E.  The 2nd move's PP is located at D02E, so the game matches the coordinates there.  The next two bytes read (4th move's PP and level) are read as the path pointer ($0800 in the Bulbasaur route).
Generation I Glitch Discussion / Brock Through Walls
« on: August 19, 2014, 03:04:56 am »
This is a relatively easy glitch which lets you walk through walls as early as Brock skip.  Basically, performing the Brock skip and then speaking to the guy who leads you the gym from the right, while having a specific setup, activates a walk through walls state.
You can see it in action in this WR run:

How this works is as follows.  When the guy's script activates, the game searches through a table of coordinates and pointers to figure out your initial movement.  However, the developers didn't account for you standing to the right of him, so there's no path defined.  Usually, if you try to speak to him without any preparation, the game will softlock, since it can't find your coordinates anywhere in memory.  However, with a little setup, you can prop the game to find your position and read an invalid path.
The method used in this run requires having a Lv. 8 Bulbasaur with 16 Tackle PP and 36 Growl PP, having the moves in the 2nd and 3rd slot.  You also need to look at its stats screen.  This results in the game finding the player coordinates in memory as the PP (the coords need to be at xxx2, xxx6, xxxA, or xxxE), and reading the next two bytes (4rd PP and level) as a pointer to the path.  $800 happens to be an useful glitch path, which overflows and overwrites the "disallowed buttons" variable, letting you walk through walls.

Cheers to 0xwas for demonstrating this on the Japanese version (where the setup is more trivial), MrWint for explaining how the glitch works, myself for figuring out the details again (Kappa), Dabomstew for figuring out the Bulbasaur setup, and Shenanagans other routing and doing the run.  Great job all around!
Generation VI Glitch Discussion / Re: Bad Egg in XY?
« on: August 13, 2014, 04:00:26 am »
ダメタマゴ (dame tamago) indeed does stand for Bad Egg.  Cool find, but not surprising, given there are tools to modify saves and RAM of X/Y already.
I have my own pet definitions of the terms "bug", "glitch", and "exploit".

A bug is a simple programming mistake, which may or may not have consequences.  For example:
  • The fact that you can encounter Pokémon on the Cinnabar Island shore is a bug, because the tiles are wrongly treated as non-water tiles.
  • The fact that switching the first and second move of a Transformed Ditto actually swaps Transform after the battle too is a bug, because the moves should be restored in the original order after Transform ends.
A glitch is undefined behavior.   For example:
  • Missingno. itself is a glich, because unintended data is read as Pokémon data.  There is no bug involved, the situation is unaccounted for because it should not happen in the first place.
  • The Cooltrainer move is a glitch, because a Pokémon can never have a move 0 in the first slot.  The effects caused by the game trying to read the 256th name are glitches.
An exploit is abusing an oversight, bug, or glitch for an in-game advantage.  For example:
  • Intentionally cloning the seventh item in your inventory by encountering Missingno. is an exploit.
  • Using the Cooltrainer glitch to change the opposing Pokémon species so you can catch it is an exploit.

Due to this, I disagree with Torchickens that glitches are "problems that need fixing".  By my nomenclature, glitches are ultimately caused by bugs, which need to be fixed.
text pointer manipulation..

Just curious. Has this been used in a way to save time? The closest thing that comes to my mind is via save corruption, where the level script pointer may be changed in Red's room to activate the Hall of Fame script.
Yes, actually.  MrWint's very recent 151 TAS has introduced it, and uses it to tweak trainers and items on the map into Pokémon.  It has been implemented into the current 151 RTA speedrun route already, too.
Honestly, I'd say gen 1 has just the right variety of interesting non-breaking glitches which can be studied, understood, and abused, without actually breaking the game.  For example, with a well defined "no arbitrary execution" rule, a "Catch 'em all" 151 speedrun shows off the great variety of useful glitches in Pokémon Red/Blue without diverging into monotony.  Trainer fly, experience underflow, Missingno. item duplication, item underflow, Old man exploit, Cooltrainer, text pointer manipulation..  You name it and it's a memorable, non-game-breaking exploit with interesting properties.  Many other quirks and mechanics of gen 1 are also impressively in-depth, such as "dsum manipulation", which lets you RNG manipulate to encounter the wild Pokémon you want, quickly.

Understandably, later generations, being more solid in their coding, mostly lack these interesting properties.  I can pretty much only note one notable glitch per later generations:
* Gen 2 - Coin Case glitch
* Gen 3 - Pomeg glitch
* Gen 4 - Tweaking
These three glitches lead into other interesting exploits, which are fun to study and play with, but they're alone.
I can't even think of any particularly useful or interesting glitch in gen 5, let alone gen 6.
For these reasons, Gen 1 is, and will probably stay, the premier glitching generation.  (that sounds so stupid...)
Check out Shenanagans' Pokémon Gold run at SGDQ, using the power of the coin case to beat the game in 40 minutes:
Just want to put a reminder here that the low 16 bits of the PID can't change, as that'll definitely mess up the checksum.

What do you mean by low 16 bits? There are 16 bits in the whole PID because it is four bytes. Do you mean the first 8 bits?
A byte is 8 bits.  The PID is 32 bits long (4 bytes).  While the checksum is 16 bits (2 bytes).  So if any the least significant 16 bits (two bytes) of the PID change, the checksum will come out differently.
Pages: [1] 2