Golden Sun Hacking Community
July 22, 2018, 08:51:39 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
  Home   Forum   DC Wiki Help Search Calendar Downloads Login Register  
Pages: [1]   Go Down
  Print  
Author Topic: I crashed the game in Tret tree  (Read 1672 times)
0 Members and 1 Guest are viewing this topic.

Regular Member
**

Coins: 2
Offline Offline

Posts: 135

« on: July 16, 2017, 03:07:38 AM »

https://www.twitch.tv/videos/159498931

I posted about some weird tilesets and stuff being rendered in Tret on emulator a long time ago. Finally found a convenient door to test out what happens on console. It crashes the game.
Logged
View Profile
Fox
Fox McCloud, the Hacking Doctor
Mercury Clan

Prodigy
*

Coins: 28
Offline Offline

I am: certainly not a Gallant!
Clan Position: Head Gallant
Posts: 2412

« Reply #1 on: July 16, 2017, 06:27:33 AM »

Tried to do this directly in the map (Using Debug Mode's Walk-Through-Walls instead of Retreat-Glitching... and umm... I think I got lost? (e.g. It looks like you can go right quite a bit. Edit: Although, if you are one tile off, it might just be a tiny bit. ... But then when I go up/left... I get a door/no crash.)

What are the coordinates of the crash? (And maybe the 'tile data' there too...) (The value at 020301B8 or 020301BC , and the value of whatever that points to.)


---
Referring to this topic? http://forum.goldensunhacking.net/index.php?topic=2611.0 ... Looks like I forgot to look it up, huh?

« Last Edit: July 16, 2017, 09:57:35 AM by Fox » Logged

Golden Sun Docs: Broken Seal - The Lost Age - Dark Dawn | Mario Sports Docs: Mario Golf & Mario Tennis | Misc. Docs
Refer to Yoshi's Lighthouse for any M&L hacking needs...

Remember kids! Before you go on that interview, remember to wash your hands in teawater! *Coughs on hand* (Excuse me, I just coughed up a little teawater, so they're still clean!) You wouldn't want that hiring manager to be unimpressed.

May the force be with you!
Shoo! Why does it smell in here?
Maybe that's the wrong kind of force. *smirk*
View Profile

Regular Member
**

Coins: 2
Offline Offline

Posts: 135

« Reply #2 on: July 16, 2017, 09:47:13 AM »

I probably should have mentioned that this is off of a hard reset .. just in case you soft-resetted to get out of bounds.

After going up for a while (about 10s) you should end up at (36,4250), going right should take you to (37,4250), then the game crashes at (17,4229)
Logged
View Profile
Fox
Fox McCloud, the Hacking Doctor
Mercury Clan

Prodigy
*

Coins: 28
Offline Offline

I am: certainly not a Gallant!
Clan Position: Head Gallant
Posts: 2412

« Reply #3 on: July 16, 2017, 10:10:16 AM »

Okay thanks! - It resets.... (Or well, I went directly to the final coordinates first to make sure, so that I could also get the number 0x1D -- Apparently most of that are about setting a tile to the PC's position... I assumed this was calculated with the base address of 06003000, but I will definitely want to do more testing before I go with basic assumptions....


@Hard Reset = I thought I noticed some strange object just barely peeking out on the right side of your screen... so I thought that was strange.....
« Last Edit: July 16, 2017, 10:17:03 AM by Fox » Logged

Golden Sun Docs: Broken Seal - The Lost Age - Dark Dawn | Mario Sports Docs: Mario Golf & Mario Tennis | Misc. Docs
Refer to Yoshi's Lighthouse for any M&L hacking needs...

Remember kids! Before you go on that interview, remember to wash your hands in teawater! *Coughs on hand* (Excuse me, I just coughed up a little teawater, so they're still clean!) You wouldn't want that hiring manager to be unimpressed.

May the force be with you!
Shoo! Why does it smell in here?
Maybe that's the wrong kind of force. *smirk*
View Profile

Regular Member
**

Coins: 2
Offline Offline

Posts: 135

« Reply #4 on: July 16, 2017, 10:26:08 AM »

Ah yes. That's the Tret sprite. That's what happens when you do this prior to getting Mia apparently. Unfortunately it doesn't do anything functionally - much to my disappointment :D
Logged
View Profile
Fox
Fox McCloud, the Hacking Doctor
Mercury Clan

Prodigy
*

Coins: 28
Offline Offline

I am: certainly not a Gallant!
Clan Position: Head Gallant
Posts: 2412

« Reply #5 on: July 16, 2017, 11:02:55 AM »

Oh. Thanks! Sounds interesting, and that is unfortunate...

Update: Meanwhile, I think I see something? Is it accurate?

(+0x100 for the next layer... since the tilemap is made of three layers.)

Layer 1 .... Layer 2
Layer 3 .... Probably nothing?


End of game here we come? (If possible.)

14 and below = (Nothing changed?)
15 = 000003FC
16 = 0000009A ; 00000005 (But also drops down / warps to another room.) ; I like how this is here since it is practically nudging Jenna flag.
17 = 000003FD
18 = 000003FE
19 = 000003FF
1A = 000003FC
1B = 00000400
1C = 00000401
1D = 000003FD
1E = (Nothing changed?)
1F = 000003FF
20 = 00000288

32 = 00000404
33 = 00000402
34 = 00000288
35 = 00000403
36 = 000002EB
37 = 00000405
38 = 00000406
39 = 00000407
3A = 00000359
3B = 00000406

--

Good news is that you can find a path pass the Map Code file, but it gets a little difficult....


* tileglitch.png (16.99 KB, 762x507 - viewed 76 times.)
« Last Edit: July 18, 2017, 04:05:26 AM by Fox » Logged

Golden Sun Docs: Broken Seal - The Lost Age - Dark Dawn | Mario Sports Docs: Mario Golf & Mario Tennis | Misc. Docs
Refer to Yoshi's Lighthouse for any M&L hacking needs...

Remember kids! Before you go on that interview, remember to wash your hands in teawater! *Coughs on hand* (Excuse me, I just coughed up a little teawater, so they're still clean!) You wouldn't want that hiring manager to be unimpressed.

May the force be with you!
Shoo! Why does it smell in here?
Maybe that's the wrong kind of force. *smirk*
View Profile

Regular Member
**

Coins: 2
Offline Offline

Posts: 135

« Reply #6 on: July 16, 2017, 12:59:46 PM »

Even if its TAS only thats still super interesting. So moving out of bounds can actually influence things, and in a relative (as opposed to absolute) way. So it really might be possible to start writing some convenient bytes to do unintended things.

EDIT: I should probably revive the TAS project I had and get it to Tret tree and find an oob path through the map data.
« Last Edit: July 16, 2017, 01:05:14 PM by Plexa » Logged
View Profile
Fox
Fox McCloud, the Hacking Doctor
Mercury Clan

Prodigy
*

Coins: 28
Offline Offline

I am: certainly not a Gallant!
Clan Position: Head Gallant
Posts: 2412

« Reply #7 on: July 16, 2017, 01:35:33 PM »

The thing is... When I posted the previous post, I didn't check to see if it worked the same way out-of-bounds as well... I mean like, the games can be quite clever with limiting functionality.... What is the possibility they check that it is in-bounds first (Like the X/Y location of the PC.), and the crashes being because of something else?
It seems like these events have some sort of activate once only type of mechanic... Eh? EDIT: It does something when [02001000] is not the same as the event id. (Then sets that to the Event ID) ... but if these are shared across event ids... then ... I guess you can only activate it twice since the second time is the drop.
Well, more research has to be done if we can actually do things. (Don't count your chickens before they hatch!)


Seems the numbers they become are at 02014700. (As in "not hard-coded"....) ... For both the "Damaged" leaves" and "Broke/fall through" leaves. ([+0x200])



Functions I am studying:
At the base of the research should be the Event Table in map code, the Event ID in this example shall use 0x1F...
02008560 = Just a call with args. == 02008334(0x209, 0x49, 0x23, 0x1F)
Args:
0x00000209 = r0 = Flag index
0x00000049 = r1 = source x
0x00000023 = r2 = source y
0x0000001F = r3 = event id?

02008334 = ?

This function is called around 02008390 and 020083BA:
080105D4 = I assume it replaces a tile, and transfers the modified tiles from RAM to VRAM.
Args:
r0 = source X
r1 = source Y
r2 = width
r3 = height
sp $44 = destination X
sp $48 = destination Y



EDIT: CONFIRMED!!! OUT-OF-BOUNDS STILL EDITS VALUES THE SAME WAY BUT THIS TIME IN THE OPPOSITE DIRECTION!!!! (-0x100)

Since -0x100 is the case, then there may be good reason to look into using garbage data (map code) from other maps. .... Hm... Although, I get the feeling it is entirely unnecessary. We might have this in the bucket? You think?
« Last Edit: July 18, 2017, 05:02:11 AM by Fox » Logged

Golden Sun Docs: Broken Seal - The Lost Age - Dark Dawn | Mario Sports Docs: Mario Golf & Mario Tennis | Misc. Docs
Refer to Yoshi's Lighthouse for any M&L hacking needs...

Remember kids! Before you go on that interview, remember to wash your hands in teawater! *Coughs on hand* (Excuse me, I just coughed up a little teawater, so they're still clean!) You wouldn't want that hiring manager to be unimpressed.

May the force be with you!
Shoo! Why does it smell in here?
Maybe that's the wrong kind of force. *smirk*
View Profile
Pages: [1]   Go Up
  Print  
 
Jump to:  

Cbox
Yesterday at 09:19:06 PM
Salanewt: Time to upload that "EXP gain when KO'd" patch I made a month ago.
Yesterday at 09:18:48 PM
Salanewt: Oh hey, the site's back up!
July 18, 2018, 10:49:52 PM
roger: I can post but it goes to an error page when I submit.
July 18, 2018, 05:24:12 PM
zman9000: Site is back WOO!
May 09, 2018, 12:35:37 AM
KyleRunner: The "Start In" field is not editable... I'll try making new shortcuts
May 08, 2018, 09:51:08 PM
Fox: If all else fails, you canmake new Shortcuts to do the same thing.
May 08, 2018, 09:49:53 PM
Fox: Export Properties > Shortcut (Tab) > Target / Start In ; Target (for Export) should be: (filename) 0 , and for Import: (filename) 1
May 08, 2018, 08:52:00 PM
KyleRunner: I can't change the path in properties menu...
May 08, 2018, 01:27:19 AM
Fox: You may need to edit something in properties, though... so it uses the exe file in the same directory.
May 08, 2018, 01:24:59 AM
Fox: It is suppose to be a shortcut, yes.
May 03, 2018, 11:48:05 PM
KyleRunner: Fox, the "export" function in your text editor is just a shortcut... Could you please fix it?
May 02, 2018, 09:53:45 PM
KyleRunner: I come here everyday. I'm working on a Portuguese translation, and the people here help me a lot.
May 02, 2018, 08:56:07 AM
Drake baku: My feel as well, I posted a little as well since my return, but silence was all that followed... At least the forum is a great source for data when hacking GS/ GS2, currently looking for something I have read a long time ago cause my PP recovery psy is not working
May 01, 2018, 09:58:04 AM
Fox: I am thinking a lot of this might be because of Discord?
May 01, 2018, 09:56:08 AM
Fox: Yeah, this forum is more dead than ever before.  February and April have 0 new topics. (All other months prior have more.) And March has lowest number of new posts. (It'd be dumb to count the very first month this site was created.)
April 25, 2018, 09:02:13 PM
Fox: Yes. The best tool is a hex editor. Well.... VBA, VBA-SDL-H, no$gba Debugger, GBATEK, and my documentation.... to use these to learn how the code/data works. Best method because it maximizes your editing ability... and then there is my program gsmagic that I was working on. Still in its early stages, though. (Even after year(s).)
April 25, 2018, 04:21:58 PM
Xendrox D: *exept tla editor.
April 25, 2018, 04:21:29 PM
Xendrox D: is there any other tool for hacking gs?
April 23, 2018, 09:26:27 PM
Atrius: Rarely, but not never.
April 23, 2018, 08:01:48 AM
Drake baku: Can it be, the god who created the editor, atrius. I heard you never came back online here anymore

Affiliates
Temple of Kraden Golden Sunrise
Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.069 seconds with 22 queries.