To address some of the points in that thread:
About the status bar color issue, both the text window and the status bars use the same palette index, but the game switches the palette as necessary. The status bar may flash blue if some processing took too long, so that the game was unable to load the orange palette in time. This is also why the window becomes orange if it is left on screen when the game thinks it is not, as the game then stops switching the palette.
I don't think enemy level numbers are ever displayed on the screen, are they?
Hit Up indeed does not work right unless you are tangled (and neither does Hit Down). When tangled, it works fine, and it gives you a boost or reduction of 1/4 after the initial reduction by 1/16 because of the tangle.
The critical rate is halved by gloves, swords, axes and spears.
The function that multiplies your weapon experience with 99 and divides by the maximum weapon experience is used to determine what to display in the menu.
The boss random seed is determined by the file checksum, not the save counter (although the save counter is included in the checksum).
Character behaviour (except for bosses) is given here:
http://www.mediafire.com/view/s971u01cs1gh5eq/somacn.txt
And the game script is here:
http://www.mediafire.com/view/l328ub6gu17t8i6/somscpt.txt
This has some information about rooms:
http://www.mediafire.com/view/6ga1vidqcoc8coz/somroom.txt
The "Scripts" lines list the arrival script followed by scripts invoked by stepping on triggers.
The "Ent" lines list paths to a room by path number, starting location, exit type, and the direction walked when entering.
For BG1 and BG2 we have a list of room parts to load (part index, x, y). Then, a list of characters follows. This gives the x, y, floor number, direction, type, script, trigger type and whether the character can be pushed. Trigger types are:
- None: The character can't be interacted with.
- Near: Trigger when player is within 24 pixels.
- Face: Trigger when player is within 8 pixels and facing the character.
- BothFace: Trigger when player is within 8 pixels and both are facing each other.
- Talk8: Can be talked to within 8 pixels.
- Talk28: Can be talked to within 28 pixels.
- FaceTalk: Can be talked to within 28 pixels when both are facing each other.
Near, Face and BothFace are bugged in that if multiple players trigger these at the same time, the game jumps to C1:D017, but they forgot to set the accumulator to 8 bits. This code does the following when interpreted with wrong flag settings:
lda Characters.XSpeed,x
beq loc_C1D042
eor $06
bpl loc_C1D042
lda $02
and #$980
ora ($1d,x)
and #$9de0
and #$24e0
cop #$10
…
loc_C1D042:
lda Characters.YSpeed,x
beq loc_C1D06D
eor $07
bpl loc_C1D06D
lda $02
and #$980
cop #$1d
…
loc_C1D06D:
lda Characters.XSpeed,y
beq loc_C1D07E
eor $06
bmi loc_C1D07E
lda #$1901
and #$99e0
and #$b9e0
ora [$e0] ; continue into C1D081
loc_C1D07E:
lda Characters.YSpeed,y
loc_C1D081:
beq locret_C1D08F
eor $07
bmi locret_C1D08F
lda #$1902
and #$99e0
and #$60e0 ; continue into C1D090
locret_C1D08F: rts
loc_C1D090:
lda Characters.XSpeed,x
beq loc_C1D0B7
eor $06
bpl loc_C1D0B7
eor $06
and #$980
ora ($99,x)
dec a
cpx #$3a9d
cpx #$84a9
ora Characters.PushDirection,x
sta Characters.PushDirection,x
lda #$1904
and #$99e0
and #$80e0
ora (EnableBG2),y
asl $e0 ; continue into C1D0BA
loc_C1D0B7:
lda Character.XSpeed,y
loc_C1D0BA:
beq loc_C1D0C8
eor $06
bmi loc_C1D0C8
lda #$1901
and #$99e0
and #$bde0
ora [$e0] ; continue into C1D0CB
loc_C1D0C8:
lda Characters.YSpeed,x
loc_C1D0CB:
beq loc_C1D0EF
eor $07
bpl loc_C1D0EF
eor $07
and #$980
ora ($99,x)
tsc
cpx #$389d
cpx #$88a9
ora Characters.PushDirection,x
sta Characters.PushDirection,x
lda #$1908
and #$99e0
and #$80e0
ora (EnableBG2),y
ora [$e0] ; continue into C1D0F2
loc_C1D0EF:
lda Characters.YSpeed,y
loc_C1D0F2:
beq loc_C1D100
eor $07
bmi loc_C1D100
lda #$1902
ora Characters.PushDirection,y
sta Characters.PushDirection,y
loc_C1D100:
rep #$20
txa
sta Characters.Pusher,y
rts
If we could just reach the TSC, we might be able to jump to a controlled address. For this to happen, the player must be standing still. The NPC must be moving east if the player is north of the NPC, otherwise west. The word at the long address at $e0 must be between $0001 and $7fff. Finally, an interrupt must happen after C1D081 but before C1D0C9, which changes this word so that it becomes negative. So it's questionable whether one will be able to pull this off at all.
If we get to one of the COP instructions, we end up executing a SBC nnnnnn, x instruction and continuing from $7e0003. At this point, we have:
$03: seems to always be ff - sbc $nn00aa, x
$04: 0a - asl
$05: 00 - brk
$06: 00 - brk (player on right) or 80 - bra (player on left)
$07: 00 - brk (player below) or 80 - bra (player above)
$08: horizontal distance
$09: vertical distance
$0A: horizontal center distance
$0B: vertical center distance
$0C: varies
$0D: varies
$0E-$0F: script number and activation mode
I still don't know why the money window glitch happened. Somehow, it entered the dialogue option selection state. This can only happen when executing command 5A or 5B, or when closing a window, as far as I can tell. One can then easily jump to any byte within 512 bytes of the last option command, which was the save prompt in script 0050. For some reason, it then sometimes continues presenting a choice, allowing for further jumps. That is how he managed to jump to the Neko dialogue.