Main Menu
Main Page
Forums
New pages
Recent changes
Random page
Help

Glitches
Arbitrary code execution
Pokémon cloning
Pomeg glitch and Glitzer Popping
Tweaking and voiding
Glitches by generation
Other glitch categories

References/Resources
Databases
Disassembly projects
The Big HEX List
Interactive tools
Reference documents
Terminology

Affiliates
Legendary Star Blob 2 (Hakuda) (日本語/Japanese)
Pokémon Speedruns wiki (English)
PRAMA Initiative (Français/French)
MissingNo. Glitch City (Italiano/Italian)
Become an affiliate!

Technical
Site source code

Search Wiki

 

Search Forums

 

Author Topic: Text box matching for Trainer-Fly glitch  (Read 1582 times)

0 Members and 1 Guest are viewing this topic.

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Text box matching for Trainer-Fly glitch
« on: April 13, 2015, 01:02:42 pm »
Hello everyone, ISSOtm here !

Today, the question that was brought up to my attention was "How does the text box matching method of the Trainer-Fly glitch work ?".

After a bit of research, it appears that when you encounter a Trainer, the following happens (all memory addresses are taken from Pokémon Blue) :
  • (he may approach you, or not)
  • his dialog appears, blah blah blah
  • Now is the instersting part : the game sets address $D059 to the internal Trainer ID.
  • The fight begins.
This address ($D059) is an instant encounter. As soon as the overworld script reads a non-zer value, the game triggers the corresponding encounter. But what's interesting, is that the Trainer-Fly glitch actually is built on this.
As soon as you enter the map flown from (which probably has its map script pointer changed ?), the last text box in memory pops up, then the encounter begins.
If looking at this sequence with a memory point of view, it gives the following :
  • The text box which has the ID contained in $CF13 is displayed
  • The instant encounter value is set. The textbox itself writes the value (at the same moment the music changes), but if it doesn't handles it, the value at $CFFC is written into $D058

Question 1 : During a TFly glitch, why is the value picked up from $CFFC ?
Answer : I don't know. I'm looking for that in the disassembly, see that later.

Question 2 : May this be used for ACE ?
Answer : I don't know either... It would mean a text box (with an invalid ID, I presume) runs code in player-controllable RAM. I'm looking both in the disassembly and testing on BGB. Stay tuned !
That would require $CFFC to hold an incorrect value... is that possible (like with Super Glitch ?)
« Last Edit: April 14, 2015, 07:39:31 am by ISSOtm »
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

luckytyphlosion

  • Banned
  • *
  • Offline Offline
  • Gender: Male
  • JACK-flys are OP
    • View Profile
Re: Text box matching for Trainer-Fly glitch
« Reply #1 on: April 14, 2015, 04:48:18 pm »
Quickly looked in bgb debugger, $CFFC is the high byte of the last enemy Pokemon.

However, $CFFC is the Special Value from the Pokemon Structure, and NOT the Special Value used to generate the Trainer-Fly encounter.

I wouldn't know why $CFFC is written to $D058, since it's "wPartyGainExpFlags" according to the disasm.

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Text box matching for Trainer-Fly glitch
« Reply #2 on: April 15, 2015, 02:18:22 am »
According to DataCrystal, CFFC-CFFD - Special (enemy)

But yeah, changing this value doesn't change the encounter.
Which one is used for the TFly encounter ? I cannot find it.
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

luckytyphlosion

  • Banned
  • *
  • Offline Offline
  • Gender: Male
  • JACK-flys are OP
    • View Profile
Re: Text box matching for Trainer-Fly glitch
« Reply #3 on: April 16, 2015, 08:29:02 pm »
It should be $cd2d, which is wEngagedTrainerClass in the disasm. Note that the above value, wEnemyMonUnmodifiedSpecial, is only ds 1, which means the total special value is overlapped with wEngagedTrainerClass.

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Text box matching for Trainer-Fly glitch
« Reply #4 on: April 21, 2015, 05:52:52 am »
It should be $cd2d, which is wEngagedTrainerClass in the disasm. Note that the above value, wEnemyMonUnmodifiedSpecial, is only ds 1, which means the total special value is overlapped with wEngagedTrainerClass.
Makes sense (including for the "modulo 256" constraint). My bad :P

I'm looking for text boxes that may cause code to be executed in player-controllable RAM (I mean party/boxed Pokémon, Daycare Pokémon, and bag/PC items data. Maybe in-battle Pokémon data and Pokédex flags too ? It seems trickier anyway.)
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

Evie the Bird Mother 🌸 ☽

  • Veteran Contributor
  • *
  • Offline Offline
  • Gender: Female
  • I am a chicken princess ^^
    • View Profile
Re: Text box matching for Trainer-Fly glitch
« Reply #5 on: April 21, 2015, 08:48:11 am »
Cool. If you can find such a script source, I'd appreciate it if you can post it in this thread. :)
(I was former joint head admin but stepped down)
✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿
Here have some free flowers on every post. ^^
✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿
Love, faith, hope are free. If all is lost friends save us.
Thanks fans for lovely Torchic artwork. ♡ First image thanks Nyapon.