1 2
13 14 15
24 25
Editor, Expert player (2329)
Joined: 5/15/2007
Posts: 3933
Location: Germany
Nice find, I will look forward to your further testing. Using the US version, in VBA and Bizhawk I've only been able to make the game reset itself at best. This might be specific to the VC version so please do test on GBA/NDS/GB Player. I would like to try too but I'm afraid I haven't been active in this game for a while so I don't know how to make Mario into a barrel (this might not be possible in both VBA and Bizhawk btw iirc due to an emulation problem).
Memory
She/Her
Site Admin, Skilled player (1556)
Joined: 3/20/2014
Posts: 1765
Location: Dumpster
MUGG wrote:
Nice find, I will look forward to your further testing. Using the US version, in VBA and Bizhawk I've only been able to make the game reset itself at best. This might be specific to the VC version so please do test on GBA/NDS/GB Player. I would like to try too but I'm afraid I haven't been active in this game for a while so I don't know how to make Mario into a barrel (this might not be possible in both VBA and Bizhawk btw iirc due to an emulation problem).
To make mario into a barrel, you need sign glitch. Video of this being done in all bosses (JP gb player): www.twitch.tv/altabiscuit/c/5375105?t=2h04m57s
[16:36:31] <Mothrayas> I have to say this argument about robot drug usage is a lot more fun than whatever else we have been doing in the past two+ hours
[16:08:10] <BenLubar> a TAS is just the limit of a segmented speedrun as the segment length approaches zero
endrift
Any
Emulator Coder
Joined: 12/14/2014
Posts: 161
I know that the way the game runs Mario Bros. is actually by reseting the game with a value in a specific location. This is the routine that resets the game into Mario Bros. in the US version. I took the liberty of commenting it up.
08057084:  4A07	ldr r2, [$080570A4]
08057086:  79D1	ldrb r1, [r2, #7] ; Load byte from 0x203FFFF
08057088:  2004	mov r0, #4
0805708A:  4240	neg r0, r0
0805708C:  4008	and r0, r1 ; Clear bottom two bits
0805708E:  2101	mov r1, #1
08057090:  4308	orr r0, r1 ; Set bottom bit
08057092:  71D0	strb r0, [r2, #7] ; Store back to 0x203FFFF
08057094:  4904	ldr r1, [$080570A8]
08057096:  2000	mov r0, #0
08057098:  8008	strh r0, [r1, #0] ; Store 16-bit value 0x0000 to 0x2000050
0805709A:  2040	mov r0, #64
0805709C:  F183 FB14  bl $081DA6C8
---
081DA6C8:  4B04	ldr r3, [$081DA6DC]
081DA6CA:  2200	mov r2, #0
081DA6CC:  701A	strb r2, [r3, #0] ; Disable platform interrupts
081DA6CE:  4B04	ldr r3, [$081DA6E0]
081DA6D0:  2200	mov r2, #0
081DA6D2:  701A	strb r2, [r3, #0] ; Acknowledge pending interrupts
081DA6D4:  3BFA	sub r3, #250
081DA6D6:  469D	mov sp, r3 ; Reset stack pointer
081DA6D8:  DF01	swi #1 ; Reset sound registers
081DA6DA:  DF00	swi #0 ; Reset game
Experimenting a bit, the value at 0x203FFFF seems to be crucial. When the routine starts, the value of the bottom bits is 0b00. Thus, when it ends, it's 0b01. However, if I force it to be 0b00 or 0b11 afterwards, it restarts back into Mario & Luigi. This byte appears to be a bitfield that's written to somewhat frequently, and the bottom bit says "Boot into Mario Bros." Setting it to 0b10, oddly, reboots back into the menu, skipping the intro.
Joined: 8/15/2014
Posts: 8
MUGG wrote:
Nice find, I will look forward to your further testing. Using the US version, in VBA and Bizhawk I've only been able to make the game reset itself at best. This might be specific to the VC version so please do test on GBA/NDS/GB Player. I would like to try too but I'm afraid I haven't been active in this game for a while so I don't know how to make Mario into a barrel (this might not be possible in both VBA and Bizhawk btw iirc due to an emulation problem).
I'm testing these on hardware action for action. Tried 5 different times and got crashes, but none into mario bros. GBA SP US is most likely not possible. Will update with GB player info soon. Edit 1: Also I did try bizhawk to replicate the glitch but found no way to make mario a barrel. Sign glitch behaves different on pc emulation and enters a useless loop where barrel hop command on luigi is on console. Edit 2: Not possible on gameboy player either, same kind of crash as gba sp, violent screech. Wii U crashes are much different.
endrift
Any
Emulator Coder
Joined: 12/14/2014
Posts: 161
If people think it might be useful, I could add a way in mGBA to trap the syscall that causes the game to reset so that A) a savestate can be taken and B) a backtrace can be discovered to see what's causing this.
Memory
She/Her
Site Admin, Skilled player (1556)
Joined: 3/20/2014
Posts: 1765
Location: Dumpster
endrift wrote:
If people think it might be useful, I could add a way in mGBA to trap the syscall that causes the game to reset so that A) a savestate can be taken and B) a backtrace can be discovered to see what's causing this.
Based on what has been said so far in the thread, my guess is that high jumping on a barrel always causes the game to reset (or crash on not pc emulator). Somewhere along the line, the bit changed to the value you mentioned. So the problem would be finding what causes the bits to change to that value correct? Would your addition help with this?
[16:36:31] <Mothrayas> I have to say this argument about robot drug usage is a lot more fun than whatever else we have been doing in the past two+ hours
[16:08:10] <BenLubar> a TAS is just the limit of a segmented speedrun as the segment length approaches zero
endrift
Any
Emulator Coder
Joined: 12/14/2014
Posts: 161
TheMG2 wrote:
Based on what has been said so far in the thread, my guess is that high jumping on a barrel always causes the game to reset (or crash on not pc emulator). Somewhere along the line, the bit changed to the value you mentioned. So the problem would be finding what causes the bits to change to that value correct? Would your addition help with this?
Combined with other features in the emulator (rewinding and watchpoints, mostly), it should be more than enough. I could take a look at it myself, but I'm not sure how to get the game into this state. If I could get an mGBA savestate, that should help, but that would need to be taken with the upcoming nightly (in about 2 hours) due to some changes that were made in savestates about 12 hours ago.
Memory
She/Her
Site Admin, Skilled player (1556)
Joined: 3/20/2014
Posts: 1765
Location: Dumpster
Out of curiosity, do the mario advance games boot into mario bros in a similar fashion?
[16:36:31] <Mothrayas> I have to say this argument about robot drug usage is a lot more fun than whatever else we have been doing in the past two+ hours
[16:08:10] <BenLubar> a TAS is just the limit of a segmented speedrun as the segment length approaches zero
endrift
Any
Emulator Coder
Joined: 12/14/2014
Posts: 161
Yes, they do. That was actually how I knew about this: the reboot-into-Mario Bros. functionality was very broken in every SMA game until I implemented the SoftReset syscall.
Joined: 8/16/2014
Posts: 11
I'm having difficulty replicating this on a GBA SP doing the same steps. It makes me wonder if there's other variables at play here like level values and stuff or if it's just specific to Wii U VC. Still have more things to test including the J version.
Joined: 8/16/2014
Posts: 11
So I couldn't replicate the glitch on Wii U VC. I went through the same steps and it crashes the game. I even loaded a restore point from yesterday where I was messing with it when it was working and it STILL crashed the game. Same method crashes the game on J and Eng for GBA SP, DS, and GB Player. I really don't know what to say about this one.
Skilled player (1741)
Joined: 9/17/2009
Posts: 4981
Location: ̶C̶a̶n̶a̶d̶a̶ "Kanatah"
endrift, Can you please also check what's missing in emulation that causes the sign glitch to be undoable on other emulators?
Experienced player (690)
Joined: 11/23/2013
Posts: 2233
Location: Guatemala
I have a quick question... Is the Action Command glitch memory corruption?
Here, my YouTube channel: http://www.youtube.com/user/dekutony
Editor, Expert player (2329)
Joined: 5/15/2007
Posts: 3933
Location: Germany
Not that I'll be back to TASing this game anytime soon (I don't feel like it) but... I'm not actually up to date with all the new small strategy changes and whatnot that altabiscuit found and uses in his runs. A big one seems to be the minigame in the cave that can give you 500 coins and going there also gives you hammers thus no need to glitch past two rocks in Teehee Valley (but glitching through them isn't so much slower). I don't know if 500 coins is worth the detour in TAS.
endrift
Any
Emulator Coder
Joined: 12/14/2014
Posts: 161
Good news! I was able to reproduce the sign and action command glitches in mGBA using the console version of the button listings on the tricks page, as well as reproducing altabiscuit's barrel Mario crash. Bad news, I don't think it's exploitable. We'd need predictable, controllable memory corruption to exploit this, and I don't think we have that (yet). E] Uh, hm.
Editor, Expert player (2329)
Joined: 5/15/2007
Posts: 3933
Location: Germany
- While mgba seems console-accurate so far on the US version of the game when doing the Sign glitch and Action command glitch, I can't reproduce step 8 of the sign glitch on the JP version... It doesn't seem to matter if I press R 15+1 / 15 / 1+2 / 2+1 times, I would never get the "Emerge" command on Mario. Instead, it takes 10+1 / 11 R presses on mgba. I don't know if this is a problem with mgba or with my documentation of the sign glitch. Might need looking into. I could check on the Japanese game on gameboy player if I'm not lazy, but maybe altabiscuit can help me out and do it for me *wink*. - Peach Speech glitch was tested on mgba. Let me quickly break it down: on english, console: freezes "pretty much always with nothing going on" according to my old post on english, mgba: seems to freeze always with nothing going on. on japanese, console: freezes with the battle cinematic leading to a yellow screen, according to my old post on japanese, mgba: seems to freeze always with nothing going on. This is looking to be a strong inaccuracy (since the battle cinematic was expected but nothing happened instead). on english and japanese, vba: Glitch events, glitch text boxes, glitch cutscenes, fancy stuff, Credits Glitch etc. This stuff seems dead now because they don't happen on console nor on mgba.
Editor, Expert player (2329)
Joined: 5/15/2007
Posts: 3933
Location: Germany
ThatEpicYoshi♣ on Youtube has commented on my glitch compilation video about a potential new glitch: as i got to the air port area i was messing around with mario and luigi's abilities (mainly fire-thunderhand) i was near the block, i actually hit the block a few inches away from the save album. then i ended up testing the elemental hand near the save album and suddleny it just started floating to the other block (that one was a wide M & L block.) then it stayed. i couldn't hit the save album because it was literally inside the wide one so i went to another area and back and it was in it's rightufl place. i'm not exactly sure what caused it. it might've been the wide block. idk, but this seems to be an un-discovered glitch. They said they used normal VBA 1.8.0-beta 3. Just posting this here for future reference.
Editor, Expert player (2329)
Joined: 5/15/2007
Posts: 3933
Location: Germany
I'm working on a new script and since people haven't been too excited, I thought I'm posting about it here too. So, if you have any wishes or ideas now is the time. I'm likely not going to change the script once it's done. What is it that you have always wanted to do? Have you wanted to go through walls or go to any room you want? What else?
Skilled player (1741)
Joined: 9/17/2009
Posts: 4981
Location: ̶C̶a̶n̶a̶d̶a̶ "Kanatah"
I never played this game, only the sequel, but is there some roulette during level up for stats? A lua that displays the effect of current stats against enemies might help for choosing which skill to increase. Right now, I have no idea how much for example 60 POW would even do against a boss or whatever later on. Edit: oh, and stach + discount/chance of landing a lucky hit.
jdaster64
He/Him
Joined: 12/1/2012
Posts: 103
Location: New Donk City
Damage calculation would definitely be interesting. I could probably find some old notes on STACHE discount info if that were pertinent, but I don't recall if I or the Yoshi's Lighthouse guys ever figured it out to 100% accuracy (it's a piecewice function that differs per STACHE discount group, unlike PiT). The attack power constants I found out earlier should be accurate enough to work with, and enemy stats are known.
Editor, Expert player (2329)
Joined: 5/15/2007
Posts: 3933
Location: Germany
As for the effect of power, there is an attack algorithm. I could make a calculator that shows how much damage certain attacks do agains certain def, but I'm not sure if I can make it completely accurate. I will give it a try. As for stache, I think both bros' stache counts together and the sum has to be past a certain threshold in Little Fungitown before it even has any effect. I think. The script will make it possible to go to any room and edit any stat and money so you can test all this stuff for yourself. I don't know if I'll be able to make a "preview" of how much you would pay for a certain item given a certain stache value. As for lucky hits, it is RNG dependent. It will depend if I can figure out the RNG - luckily, it seems to have a pattern so making a "future RNG" display could be possible.
Editor, Player (95)
Joined: 5/27/2006
Posts: 240
I was looking into disassembling all the battle related stuff at one point, but there's a ton to disassemble. This is the most I got for dealing damage (but I'm sure it's already known). (MarioPow * MarioPowMod * 0.4) - (EnemyDef * EnemyDefMod * 0.2) * 1.2 The mod is things like normal jump, weak jump, lucky, etc. There are a bunch but I didn't find them all.
Editor, Expert player (2329)
Joined: 5/15/2007
Posts: 3933
Location: Germany
Editor, Player (95)
Joined: 5/27/2006
Posts: 240
I think the formula is rewritten in a different way, but I'm not so sure the constant is supposed to go on the outside. Where does that information come from? I'm kind of curious now, so I think I'll try to disassemble it more and make a damage prediction script. Unfortunately the memory addresses used in battle move around for each new battle, but maybe I can figure out how that works.
jdaster64
He/Him
Joined: 12/1/2012
Posts: 103
Location: New Donk City
I never did any disassembly, my values were all calculated by fiddling with enemy and player POW/DEF to get the values to high precision. That formula above is correct for sure for Mario's jump (although using integer/256 values rather than floats; 102/256 for 0.4, etc.), but 0.4778*(Mario POW - 0.5*Enemy DEF) is a reasonable-enough approximation in 99.9% of cases, since barring stat modifiers, the formula always has a base of 102/256 * (Attacker POW - 1/2 * Defender DEF). That being said, I'd be interested in seeing disassembled formulas instead. EDIT: Wait, does the 'Lucky' modifier really apply before factoring in DEF? That doesn't sound right, especially since it's not even consistent (iirc) across attacks. I would imagine those modifiers are just for stat-raising/lowering statuses. Also, I can confirm that the stat progression on that page is from the US version, not sure if J is different.
1 2
13 14 15
24 25

1732269812