News:

As a consequence of the forum being updated and repaired, the chatbox has been lost.
However, you can still come say hi on our Discord server!

Main Menu

I crashed the game in Tret tree

Started by Plexa, 15, July, 2017, 11:07:38 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Plexa

https://www.twitch.tv/videos/159498931

I posted about some weird tilesets and stuff being rendered in Tret on emulator a long time ago. Finally found a convenient door to test out what happens on console. It crashes the game.

Daddy Poi's Oily Gorillas

#1
Tried to do this directly in the map (Using Debug Mode's Walk-Through-Walls instead of Retreat-Glitching... and umm... I think I got lost? (e.g. It looks like you can go right quite a bit. Edit: Although, if you are one tile off, it might just be a tiny bit. ... But then when I go up/left... I get a door/no crash.)

What are the coordinates of the crash? (And maybe the 'tile data' there too...) (The value at 020301B8 or 020301BC , and the value of whatever that points to.)


---
Referring to this topic? http://forum.goldensunhacking.net/index.php?topic=2611.0 ... Looks like I forgot to look it up, huh?

Golden Sun Docs: Broken Seal - The Lost Age - Dark Dawn | Mario Sports Docs: Mario Golf & Mario Tennis | Misc. Docs
Refer to Yoshi's Lighthouse for any M&L hacking needs...

Sometimes I like to compare apples to oranges. (Figuratively) ... They are both fruits, but which one would you eat more? (If taken literally, I'd probably choose apples.)
Maybe it is over-analyzing, but it doesn't mean the information is useless.


The only GS Discord servers with significance are:
Golden Sun Hacking Community
GS Speedrunning
/r/Golden Sun
GS United Nations
Temple of Kraden

Can you believe how small the Golden Sun Community is?

2+2=5 Don't believe me? Those are rounded decimal numbers. Take that, flat earth theorists! :)

Plexa

I probably should have mentioned that this is off of a hard reset .. just in case you soft-resetted to get out of bounds.

After going up for a while (about 10s) you should end up at (36,4250), going right should take you to (37,4250), then the game crashes at (17,4229)

Daddy Poi's Oily Gorillas

#3
Okay thanks! - It resets.... (Or well, I went directly to the final coordinates first to make sure, so that I could also get the number 0x1D -- Apparently most of that are about setting a tile to the PC's position... I assumed this was calculated with the base address of 06003000, but I will definitely want to do more testing before I go with basic assumptions....


@Hard Reset = I thought I noticed some strange object just barely peeking out on the right side of your screen... so I thought that was strange.....
Golden Sun Docs: Broken Seal - The Lost Age - Dark Dawn | Mario Sports Docs: Mario Golf & Mario Tennis | Misc. Docs
Refer to Yoshi's Lighthouse for any M&L hacking needs...

Sometimes I like to compare apples to oranges. (Figuratively) ... They are both fruits, but which one would you eat more? (If taken literally, I'd probably choose apples.)
Maybe it is over-analyzing, but it doesn't mean the information is useless.


The only GS Discord servers with significance are:
Golden Sun Hacking Community
GS Speedrunning
/r/Golden Sun
GS United Nations
Temple of Kraden

Can you believe how small the Golden Sun Community is?

2+2=5 Don't believe me? Those are rounded decimal numbers. Take that, flat earth theorists! :)

Plexa

Ah yes. That's the Tret sprite. That's what happens when you do this prior to getting Mia apparently. Unfortunately it doesn't do anything functionally - much to my disappointment :D

Daddy Poi's Oily Gorillas

#5
Oh. Thanks! Sounds interesting, and that is unfortunate...

Update: Meanwhile, I think I see something? Is it accurate?

(+0x100 for the next layer... since the tilemap is made of three layers.)

Layer 1 .... Layer 2
Layer 3 .... Probably nothing?


End of game here we come? (If possible.)

14 and below = (Nothing changed?)
15 = 000003FC
16 = 0000009A ; 00000005 (But also drops down / warps to another room.) ; I like how this is here since it is practically nudging Jenna flag.
17 = 000003FD
18 = 000003FE
19 = 000003FF
1A = 000003FC
1B = 00000400
1C = 00000401
1D = 000003FD
1E = (Nothing changed?)
1F = 000003FF
20 = 00000288

32 = 00000404
33 = 00000402
34 = 00000288
35 = 00000403
36 = 000002EB
37 = 00000405
38 = 00000406
39 = 00000407
3A = 00000359
3B = 00000406

--

Good news is that you can find a path pass the Map Code file, but it gets a little difficult....
Golden Sun Docs: Broken Seal - The Lost Age - Dark Dawn | Mario Sports Docs: Mario Golf & Mario Tennis | Misc. Docs
Refer to Yoshi's Lighthouse for any M&L hacking needs...

Sometimes I like to compare apples to oranges. (Figuratively) ... They are both fruits, but which one would you eat more? (If taken literally, I'd probably choose apples.)
Maybe it is over-analyzing, but it doesn't mean the information is useless.


The only GS Discord servers with significance are:
Golden Sun Hacking Community
GS Speedrunning
/r/Golden Sun
GS United Nations
Temple of Kraden

Can you believe how small the Golden Sun Community is?

2+2=5 Don't believe me? Those are rounded decimal numbers. Take that, flat earth theorists! :)

Plexa

#6
Even if its TAS only thats still super interesting. So moving out of bounds can actually influence things, and in a relative (as opposed to absolute) way. So it really might be possible to start writing some convenient bytes to do unintended things.

EDIT: I should probably revive the TAS project I had and get it to Tret tree and find an oob path through the map data.

Daddy Poi's Oily Gorillas

#7
The thing is... When I posted the previous post, I didn't check to see if it worked the same way out-of-bounds as well... I mean like, the games can be quite clever with limiting functionality.... What is the possibility they check that it is in-bounds first (Like the X/Y location of the PC.), and the crashes being because of something else?
It seems like these events have some sort of activate once only type of mechanic... Eh? EDIT: It does something when [02001000] is not the same as the event id. (Then sets that to the Event ID) ... but if these are shared across event ids... then ... I guess you can only activate it twice since the second time is the drop.
Well, more research has to be done if we can actually do things. (Don't count your chickens before they hatch!)


Seems the numbers they become are at 02014700. (As in "not hard-coded"....) ... For both the "Damaged" leaves" and "Broke/fall through" leaves. ([+0x200])



Functions I am studying:
At the base of the research should be the Event Table in map code, the Event ID in this example shall use 0x1F...
02008560 = Just a call with args. == 02008334(0x209, 0x49, 0x23, 0x1F)
Args:
0x00000209 = r0 = Flag index
0x00000049 = r1 = source x
0x00000023 = r2 = source y
0x0000001F = r3 = event id?

02008334 = ?

This function is called around 02008390 and 020083BA:
080105D4 = I assume it replaces a tile, and transfers the modified tiles from RAM to VRAM.
Args:
r0 = source X
r1 = source Y
r2 = width
r3 = height
sp $44 = destination X
sp $48 = destination Y



EDIT: CONFIRMED!!! OUT-OF-BOUNDS STILL EDITS VALUES THE SAME WAY BUT THIS TIME IN THE OPPOSITE DIRECTION!!!! (-0x100)

Since -0x100 is the case, then there may be good reason to look into using garbage data (map code) from other maps. .... Hm... Although, I get the feeling it is entirely unnecessary. We might have this in the bucket? You think?
Golden Sun Docs: Broken Seal - The Lost Age - Dark Dawn | Mario Sports Docs: Mario Golf & Mario Tennis | Misc. Docs
Refer to Yoshi's Lighthouse for any M&L hacking needs...

Sometimes I like to compare apples to oranges. (Figuratively) ... They are both fruits, but which one would you eat more? (If taken literally, I'd probably choose apples.)
Maybe it is over-analyzing, but it doesn't mean the information is useless.


The only GS Discord servers with significance are:
Golden Sun Hacking Community
GS Speedrunning
/r/Golden Sun
GS United Nations
Temple of Kraden

Can you believe how small the Golden Sun Community is?

2+2=5 Don't believe me? Those are rounded decimal numbers. Take that, flat earth theorists! :)