Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Wack0

Pages: 1 [2] 3 4 ... 63
According to the disassembly, it can not (the Time Capsule exploit only bypasses the species check).
Here are the patches:

Interestingly there are patch files for Crystal included, meaning that a Crystal VC release may still happen (or perhaps they abandoned it after realising they'd need to do something about the GB Mobile Adaptor in the Japanese version).

As with R/B, the patch files include comments with some IDA output and some actual src:

Code: [Select]
;  call ir_main
; ld d,a ; IR_STAT
; xor a

;   _IRcomm_end   0x2a1b9
; ld hl,ir_read_buf                |       21 50 c7 
; ld de,ir_read_buf_stk            |       11 00 c8
; ld bc,15                         |
; call block_move                  |
;                                   |

;3e 3f 21 92 51 cf cd df 65 00   
; ------->
; BCALL G_BANK0b,set_send_data2
; call read_buf_clr

Interesting that the "official" bankswitched call macro takes a bank as well as function address. I guess the official GB/C compiler and linker are inferior to rgbds and doesn't have an inbuilt feature to get the bank number that a symbol is in.
Wiki Discussion / Re: The big hex list
« on: September 18, 2017, 07:45:05 pm »
I just took a look.

It seems if you're willing to replicate the initial battle initialisation code, put the trainer class index in the a register then jump to the middle of InitBattleCommon, you can set up a trainer battle with any trainer class.

To be more clear, your payload would be doing everything up to the bankswitched call to InitBattleVariables, setting the a register then jumping to ld [wTrainerClass],a.
BTW, roamer struct is:

byte species; byte level; byte map_group; byte map_number; byte HP; word DVs;


When moving roamers, the code checks if map_group is $FF, this means the roamer is no longer available to catch; the roamer-encounter code only checks if you're on the same map as it (so it seems that you can indeed encounter a roaming ????? (00)) - this basically means that if you've caught at least one roamer, glitch map FF FF has at least one roaming ????? (00) in it:

And, even more hilariously, there's a function that sanity checks a wild Pokémon's species, returning with carry on if it's invalid (00, > FC); unfortunately, Game Freak forgot a ld a,b before calling it (alternatively, they wrote ld b,[hl] instead of ld a,[hl]), so what is checked isn't the wild Pokémon's species, but its level!

Not that this matters; the sanity check is done on the in-ROM wild Pokémon data before the battle starts, and besides, the only call to this function is done with code dealing with wild Pokémon data, which is completely skipped in the case of a roamer anyway.

Torchickens: did you try Flying away to reset the location value to something random? Just moving routes wouldn't work because the game won't find the location in the roamer-moving data (it does this before anything else), whereas Flying just checks if map_group if $FF or not.
I finally took a look at the "bad dump", turns out it's not really a "bad dump", someone modified the ROM.

Entry point jumps to 0:00e0, which is just nops in the good dump, but this space was used to add the following code:

ld a,0
ld [$6000],a
ld a,$30
ld [$6000],a
jp $0150

This code makes no sense, the header says it uses MBC1, where $6000 is a 1-bit wide register that flips between two different banking modes. Maybe this is for flashcart compatibility?

In addition, a ld a,1 got patched to ld a,0 at 00:024C, and again at 01:488E.

Finally, the header checksum got patched.
Going into the Pokemon Center breaks the WTW.

The Pokémon Center is only entered on poison whiteout, and when the Safari Zone step counter is still active.

EDIT: wait a minute, Gen I quirkiness strikes again, doesn't it? Whiting out puts you outside of the Pokémon Center, doesn't it?

In that case going into the Trade Center and whiting out in there would have to be done while the Safari Zone's step counter is running.
I didn't think about that, maybe the ROM I used was indeed a bad dump (causing the errors on an emulator) and my physical cartridge (being official) was a good dump hence didn't have the glitch on GBA SP and my physical SNES/Super Game Boy.

This is the MD5 checksum of the ROM I used on emulator.

DAT-o-MATIC says this is a trusted dump, but with the information now maybe that was a false positive.

Actually, it seems as if that ROM is a bad dump.
DAT-o-MATIC says that two dumps were made in 2014 and both have MD5 hash of 3029C962C483DF174FC6F5C9202326E3.
Regarding linking two European Generation I games, I've been talking about it like it may be possible based on what I've read.

Turns out Torchickens successfully did this to show "changing OT names" with regards to NPC traded Pokémon with an OT name of 5D 50 ..., between an English and a Spanish Generation I game, in a video in 2012:

So it is indeed possible. I think the doubt is because of structure changes between Japanese Generation I/II games and all localisations, causing link incompatibility between a Japanese and non-Japanese Generation I or II game.

I'm not sure if the Virtual Console emulator allows links between Generation I games of different languages (no matter if they would be compatible or not), though.
I was just wondering how you'd do the trade linkup derivative of the left-facing shore tile glitch directly after the walk-through-walls ledge trick.

It took me a while to realise: go into the Safari Zone, save and reset then head out of the Safari Zone, get two Pokémon poisoned, go to Cinnabar and deposit all but one of the poisoned Pokémon, jump off a ledge with your 500th step, walk around the Safari Zone entrance until whiteout, withdraw your other poisoned Pokémon and deposit the healthy one, go link with another game, run around the trade center until whiteout, leave the Pokémon Center and walk up and down the right coast.
I don't know whether I was just extremely unlucky but with so many tries I wonder whether something else is going on there or even whether there's a bug with Spanish version encounter tables (where on Route 1 the beginning bytes are 19 03 24 03 A5 03 which are expected Pokémon on that route).

I guess you could put a write breakpoint on the EU equivalent of CFD8 (CFD3? CFDD? Can't remember...).
Pokémon Glitch Discussion / Re: I'm new to this, and looking for some tips?
« on: September 02, 2017, 12:07:16 pm »
I moved this topic to a better place.
I'd suggest to look at the stickied threads around the Pokémon Glitch Discussion section. Also, looking at the wiki should also be able to help you :)
Double posting here, as I just realised that if all non-Japanese Generation I games really are link compatible, it means that the trade linkup derivative of the left-facing shore tile trick could be used to encounter 192-197 on non-German games (as far as i can tell, using the walk-through-walls ledge trick first in Italian and Spanish versions, making sure to visit the Cinnabar Island Pokémon Center beforehand).
Given that I own a DMG, a CGB and a GBASP plus two flashcarts, I'd be eager to test this - however I don't have the necessary ROM.

You can't search the Internet for it?
Regarding the new page layout, it seems that a script could be created that could automatically fill in most of that information, a la the original Melchior project?

The script could output wiki markup and mark the pages as stubs, allowing for someone else to come in and finish the final parts.

Bonus points if it could create a Pokédex screenshot too, which is theoretically possible.
Pages: 1 [2] 3 4 ... 63