Main Menu
Main Page
Forums
New pages
Recent changes
Random page
Help

Glitches
Arbitrary code execution
Pokémon cloning
Pomeg glitch and Glitzer Popping
Tweaking and voiding
Glitches by generation
Other glitch categories

References/Resources
Databases
Disassembly projects
The Big HEX List
Interactive tools
Reference documents
Terminology

Affiliates
Legendary Star Blob 2 (Hakuda) (日本語/Japanese)
Pokémon Speedruns wiki (English)
PRAMA Initiative (Français/French)
MissingNo. Glitch City (Italiano/Italian)
Become an affiliate!

Technical
Site source code

Search Wiki

 

Search Forums

 

Author Topic: Capture 2 Uxie/Azelf by sequence breaking (DP)  (Read 180 times)

0 Members and 1 Guest are viewing this topic.

RETIRE

  • Master of tilewriting
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • The Gen 4 dude
    • View Profile
Capture 2 Uxie/Azelf by sequence breaking (DP)
« on: October 01, 2019, 12:47:57 am »
The route for this is still work in progress.
For the time being, I will simply explain how capturing 2 Azelf and Uxie is possible.

First, we need to establish some key flags, map Id's and variables that will be abused.

Flags:
Capture flag Azelf: 294
Capture flag Uxie: 295
Capture flag Dialga/Palkia: 351

Load flag Azelf: 510
Load flag Uxie: 511
Load flag Dialga/Palkia: 482

Spear pillar sequence variable: 16536

Maps:
Hall Of Fame: 187
Spear Pillar (Box Legendarie): 220
Lake Valor (Azelf): 316
Lake Acuity (Uxie): 319

First, let's share how Azelf and Uxie their scripts work. First the game checks the 'load flag'
for them, 510 and 511 respectively. If they are cleared, then the Lake Spirits will spawn in their Maps.

After capturing them, load flags 510 and 511 are set, so they will no longer load.

Map 316 / 319
Script 3 battle Azelf/Uxie:
Setflag 142
Wildbattle
Setflag 294/295

Script 2 Mapscript:
Checkflag 142
CheckLR0 0 func_3

Function 3:
Setflag 510/511
Clearflag 142

With this in mind, let's explain how it is possible to capture them twice.

As you may know, if you fail capturing a Legendary and go to the Hall Of Fame,
the game gives you another shot at capturing these Legendaries. The way it does so is
by checking if the capture flag is set for that Pokémon, and if it is not, it clears the load flag.

I de-cluttered these functions for ease of understanding;

Map 187, Hall Of Fame

Func_8
Checkflag 351
CheckLR 0 func_9
Checkflag 294
CheckLR 0 func_12
Checkflag 295
CheckLR 0 func_13

Func_9
Setvar 16536 5
Clearflag 482

Func_12
Clearflag 510

Func_13
Clearflag 511

Some of you might also know that Azelf and Uxie are not accesible until after capturing the box legendary.
Not only are their areas unaccesible, they aren't loaded at all. After capturing the box legendary, the game
clears the load flags of the lake trio. But, since you aren't supposed to have battled them yet, it does not
check for the capture flags.

Map 220, Spear Pillar

Script 11 battle Dialga/Palkia:
Setflag 142
Wildbattle
CheckLR 1 func_25
Setflag 351
Jump func_26

Script 2 mapscript:
CheckLR 1 func_7
Checkflag 142
CheckLR 1 func_8

Function 7
Checkflag 142
CheckLR 1 func_8

Function 8:
Setflag 482
Clearflag 142

Function 25/26:
Message 44
....
Clearflag 510
Clearflag 511

There is however one thing we are overlooking right now. In the Hall Of Fame, since we have not captured the box legendary yet, the game sets variable 16536 to 5. This variable keeps track of the sequence position of Spear Pillar, when set to 5, a trigger runs script 14 to battle the box legendary rather than 11. The two scripts are very similar, except script 14 does not jump to function 26, and does not clear the load flags of Azelf and Uxie.

So, in order to clear the flags, we will have to run script 11, which means the sequence position must be set to an earlier state.
Luckily for us, we can sequence break this position! Using the RETIRE menu, which runs script 4 in runtime (script 5 in Spear Pillar)
it runs the cutscene of the box legendary breaking free and corrupting Sinnoh.

Script 5 Major cutscene
...
Message...
Warp...
Warp...
More Warps...
Message
Setvar 16536 2

Near the end of the script, the sequence position is updated to an earlier state of 2. From this point, we can trigger script 11, clear the flags of Azelf and Uxie and capture them a second time. As for Mesprit, sadly it's load flag isn't cleared using the Hall of Fame.

It is sadly not possible to just repeat the sequence position updating to an earlier state, since required NPC's are removed once the box legendary is captured. Trying to play the cutscene after that results in a crash.

If you'd like to read the entire scripts used for this rather than an abreviated version of it, you can acces Ganix's scriptdump with this link:
https://whoturgled.com/dp_scripts.html
« Last Edit: October 01, 2019, 01:05:04 am by RETIRE »
Hey, I mainly focus on generation 4 glitches and specialise in voidspecific glitches.

If you'd like to see progress on gen 4 research you can watch my videos here:
https://www.youtube.com/c/RETIREglitch

Feel free to send me pms on the forum or add me on discord by tagging me in the glitchcity laboratories server ^•^

Parzival

  • The Laziest Malware Enthusiast
  • GCLF Member
  • *
  • Offline Offline
  • Gender: Male
    • View Profile
    • (null)
Re: Capture 2 Uxie/Azelf by sequence breaking (DP)
« Reply #1 on: October 01, 2019, 08:58:38 am »
Any way to clear the capture flags so the NPCs still load, or is that thus far unknown?

i'm also on keybase and bitchute but i don't have nifty buttons for those. Bitchute isn't ready yet, but will be eventually.

Updating profiles when tired... not a good idea.

RETIRE

  • Master of tilewriting
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • The Gen 4 dude
    • View Profile
Re: Capture 2 Uxie/Azelf by sequence breaking (DP)
« Reply #2 on: October 01, 2019, 11:46:55 am »
Any way to clear the capture flags so the NPCs still load, or is that thus far unknown?

Not for these two. For shaymim and arceus however, yes. And I have made infinite capture routes for both, but the shaymin one isnt public yet.
Hey, I mainly focus on generation 4 glitches and specialise in voidspecific glitches.

If you'd like to see progress on gen 4 research you can watch my videos here:
https://www.youtube.com/c/RETIREglitch

Feel free to send me pms on the forum or add me on discord by tagging me in the glitchcity laboratories server ^•^

Parzival

  • The Laziest Malware Enthusiast
  • GCLF Member
  • *
  • Offline Offline
  • Gender: Male
    • View Profile
    • (null)
Re: Capture 2 Uxie/Azelf by sequence breaking (DP)
« Reply #3 on: October 01, 2019, 12:15:03 pm »
Any way to clear the capture flags so the NPCs still load, or is that thus far unknown?

Not for these two. For shaymim and arceus however, yes. And I have made infinite capture routes for both, but the shaymin one isnt public yet.
Damn. So... any other way to do it, like maybe invalid scripts, as scripts're the only way we can run any code at the moment?

i'm also on keybase and bitchute but i don't have nifty buttons for those. Bitchute isn't ready yet, but will be eventually.

Updating profiles when tired... not a good idea.

RETIRE

  • Master of tilewriting
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • The Gen 4 dude
    • View Profile
Re: Capture 2 Uxie/Azelf by sequence breaking (DP)
« Reply #4 on: October 01, 2019, 01:14:40 pm »
There is a setup we have created that gives full controll over functions by execute them from ram (it's ace but for functions rather than code), sadly the setup currently only works on emulators, but maybe a setup will be found for hardware too. The reason it crashes on hardware is assumed to be due to the fact that we execute code from backup savedata, or it might be due to testing on flashcarts/r4 carts not being accurate. If it can be pulled of on hardware, then it wouldnt matter anymore as any pokémon can be captured, given, any item, money... ,
Hey, I mainly focus on generation 4 glitches and specialise in voidspecific glitches.

If you'd like to see progress on gen 4 research you can watch my videos here:
https://www.youtube.com/c/RETIREglitch

Feel free to send me pms on the forum or add me on discord by tagging me in the glitchcity laboratories server ^•^

Parzival

  • The Laziest Malware Enthusiast
  • GCLF Member
  • *
  • Offline Offline
  • Gender: Male
    • View Profile
    • (null)
Re: Capture 2 Uxie/Azelf by sequence breaking (DP)
« Reply #5 on: October 01, 2019, 01:40:30 pm »
There is a setup we have created that gives full controll over functions by execute them from ram (it's ace but for functions rather than code), sadly the setup currently only works on emulators, but maybe a setup will be found for hardware too. The reason it crashes on hardware is assumed to be due to the fact that we execute code from backup savedata, or it might be due to testing on flashcarts/r4 carts not being accurate. If it can be pulled of on hardware, then it wouldnt matter anymore as any pokémon can be captured, given, any item, money... ,
Flashcarts have some SoC on them, swapping in ROMs and SAVes into unbacked SRAM, and flushing the actual saves to the SD on the fly. This is pretty similar with how all multi-ROM flashcarts work, and is basically how real DS carts work except with one SRAM chip instead of one ROM chip and various kinds of NAND/EEPROM.

If you have a setup for it or a save for it, i'll gladly grab an RTS for debugging the real hardware issue.

i'm also on keybase and bitchute but i don't have nifty buttons for those. Bitchute isn't ready yet, but will be eventually.

Updating profiles when tired... not a good idea.