NitroGenesis
He/Him
Editor, Experienced player (556)
Joined: 12/24/2009
Posts: 1873
RPG I used to play, very good game. I might try a run of it.
YoungJ1997lol wrote:
Normally i would say Yes, but thennI thought "its not the same hack" so ill stick with meh.
Joined: 12/20/2010
Posts: 28
Ah, one of my favorite PlayStation games ever. I still have the original disc, complete with case and manual (as well as the second and third games and the Alter Code: F remake). I think it would be awesome to see the game TASed. I know of the Item Duplication Trick, but it would be interesting to see what other tricks and glitches exist.
Joined: 2/15/2009
Posts: 329
Too much route planning/rng!
Working on: Legend of Legaia, Vagrant Story
Joined: 12/20/2010
Posts: 28
exileut wrote:
Too much route planning/rng!
Can't be any worse than the Final Fantasy games, and those have runs. Honestly, Nitro, I hope you and anyone else considering this game don't get discouraged by the amount of work necessary. I love this game and would enjoy seeing it broken.
NitroGenesis
He/Him
Editor, Experienced player (556)
Joined: 12/24/2009
Posts: 1873
I would like to run this game. Problem is, it crashes PSXjin every time I try to open it. Help would be appreciated.
YoungJ1997lol wrote:
Normally i would say Yes, but thennI thought "its not the same hack" so ill stick with meh.
Joined: 7/7/2011
Posts: 140
Location: Germany
If everything else fails you could still use pcsx
How should I know what I think before I read what I post?
Patashu
He/Him
Joined: 10/2/2005
Posts: 4043
My Chiptune music, made in Famitracker: http://soundcloud.com/patashu My twitch. I stream mostly shmups & rhythm games http://twitch.tv/patashu My youtube, again shmups and rhythm games and misc stuff: http://youtube.com/user/patashu
Joined: 9/6/2014
Posts: 1
So, arbitrary code execution (ACE) has been achieved in Wild Arms, cutting down the game to just the three character prologues, Lolithia's tomb, a short trip to get the lighter, and a LOT of duping and apple eating. You can see speedrunner cha0s using the technique, real-time on PS3, in this video: Link to video To keep it at least somewhat brief, and because I'm still investigating hopefully less apple-heavy/inventory-intensive approaches, I won't do a full data dump here. If you're interested in the route above (WHY!?), or specific technical details, feel free to ask though. This is an extension of a glitch which previously made sub-2 hour runs of Wild Arms possible. By getting to the lighter in the Mountain Pass without a full party, you end up recruiting a garbage character we've nicknamed "Hollow Man." If one thinks of Rudy, Jack, and Cecilia as characters 0, 1, and 2 respectively, then Hollow Man is the -1th character, pointing at a block of memory that precedes that of the main characters. It turns out that by removing Hollow Man's body armor, we can corrupt the character table even further, creating what we've called "Cursed Hollow". This garbage character points at executable code - just what we want! Specifically, it points at code which is executed during the enemy morphing animations at the beginning of a battle. By duplicating and feeding stat-boosting apples to the Cursed Hollow, we can change two instructions into whatever we want. Unfortunately, naively using jump instructions to the best ACE target candidates (item memory or magic name strings) would have required tens of thousands of apples. To achieve ACE within a reasonable time, we instead jump to item memory indirectly by combining arbitrary register values and offsets to create a valid jump target. Semi-manually searching for a valid combination was the most time-consuming task. The payload uses the quantity values in the inventory, and is pretty straightforward. The first word (4 items/bytes) is the jump target, which will point at the next word. The next word/first instruction fixes the AT register, which was corrupted by the indirect jump process. The second instruction writes the ending scene ID, 0x60, to Jack's map location address. The last instruction jumps back to normal code execution. And that's it! Jack has been essentially "moved" to the ending and by switching to him, the ending plays out in full. It was really fun working on this, and with some more tweaks I'm working on I hope we'll get to see a sub-hour run at some point. Remember to like and follow http://twitch.tv/cha0stwitch, for whom without his discoveries this would not be possible.
Active player (261)
Joined: 12/13/2016
Posts: 352
Very outdated route and some of the information is not accurate, but here is a translation of the notes for the nico TAS https://docs.google.com/document/d/1IvK0s3CDU1Nv-wcYVjVewxuGVjxDDszvSjIDyv_qh1c/edit