Posts for Zowayix


1 2
7 8 9
19 20
Experienced Forum User
Joined: 12/29/2007
Posts: 489
Chamale wrote:
Also, I'm not sure this route would be faster than using the Cooltrainer glitch. However, since I can't figure out how to use the Cooltrainer glitch effectively, I'll work on this TAS instead.
This is only the realtime route where Cooltrainer is very impractical; wasn't there something posted a while back about using the Brock Through Walls glitch to get into Cerulean Cave and catch a Transform user (Ditto, instead of Mew) faster than otherwise possible?
Experienced Forum User
Joined: 12/29/2007
Posts: 489
jlun2 wrote:
grassini wrote:
get help from kaphotics,he said he would help when people stopped playing 4th and 5th gen
Well, he still hasn't submitted his supposedly legit pokemon black TAS yet, so I doubt it.
^I believe he mentioned as a comment on that video that he wouldn't be submitting it since it was suboptimal.
Experienced Forum User
Joined: 12/29/2007
Posts: 489
Patashu wrote:
Chamale wrote:
I'm trying to plan a route for the any% TAS now that we know about the Mount Moon glitch.
Link? I missed this if it's new.
It is indeed new. Here:
MrWint wrote:
Chamale wrote:
Has anyone seen the trick used in this Youtube video? The first use is at 8:12 and it shows up repeatedly, it's a variant of the Brock glitch that gives the player the ability to walk through walls. I haven't managed to replicate it yet, I tweeted at the uploaded asking how it works. It's a very impressive run, and using that glitch to encounter Ditto sooner could shave more minutes off the possible improvement to the current TAS. It could even be used to enter Cerulean Cave and directly catch a wild Ditto, although I'm not certain that's faster than catching level 7 Mew and raising it a few levels.
I looked into it, and it's possible in the UE version as well, basically rendering all current TASes (except for the save corruption one) obsolete. I wish you would've dug this up before I did my 151 run, but oh well, at least it makes it easier to decide on potential future projects... Short explanation on how it works: For these cutscenes, the game represents the path the player will walk along as a list of simulated joypad inputs. However, it's possible to override a simulated input with specific user inputs (defined in $cd3b). Doing this pauses the execution of the cutscene for that input. Also, while the cutscene is playing, collision and encounter checks are turned off. Since you're not supposed to be able to talk to Pewter Gym guy from the right, there is no walking path defined for it, and the game searches for one beyond the actual path data. By manipulating the RAM to contain the exact coordinates of the player's position (16, 36), an invalid path is loaded that may be too long for the buffer, overflowing it and writing its data to other areas of memory, especially the aforementioned $cd3b, which sets override inputs that allow you to walk around by yourself while the cutscene stays paused, enabling you to walk through any object in the process. Note that the buffer overflow may also overwrite $cd6b, which defines a mask for joypad inputs that are discarded and can render you unable to press the needed buttons. The setup to make this work will be different in J and UE, becasue the memory addresses are shifted (mainly because of shorter text buffers). 0xwas used Rattata's party menu sprite to create the needed coordinates at $cc5c, reading path data from $1000 that happens to allow free roaming in the cutscene. In UE, this setup doesn't work since the alignment of the RAM data is different. However, it can be achieved by other means. I created a quick proof-of-concept which uses Charmander's DVs to enable free roaming. Note that the dust clouds that appear are not strictly necessary for it to work, they are most likely a side-effect caused by one of the overwritten bytes, and is useful since it sets $cd6b to 0, re-enabling all buttons that may have become disabled in the course of the memory corruption. This also raises the question whether there may be more "J only" glitches that actually are not, and just require a different setup. tl;dr: Almost all Gen I runs can be improved using this, probably by several minutes.
Experienced Forum User
Joined: 12/29/2007
Posts: 489
flavio0159 wrote:
Hello All! Could this be a new glitch? See Select Item and Mario with Star. http://puu.sh/aVri2/3dd3eae075.png Jump in 0:54 Link to video Sorry my bad english
Looks like a previously unseen variant of the already-known Chuck-Eat glitch, where item-swapping a Chuck onto Yoshi's tongue will change the reserve item and/or Mario's powerup status depending on the type of Chuck, Mario's previous powerup status, and previous reserve item. In this case the combination of 3 factors happened to lead to invincible Mario + Bullet Bill in reserve. I have to say I've never seen an enemy in the reserve box before on vanilla SMW, so that was interesting. Not as useful as a cloud or goal sphere though.
Experienced Forum User
Joined: 12/29/2007
Posts: 489
Mitjitsu wrote:
Zowayix wrote:
So what's the actual time?
Mupen runs SM64 at exactly 30fps, but NTSC runs the game at 29.97. So with enough number crunching you can figure it out based on that.
Multiplying 5:00.36 by 30/29.97 gives about 5:00.66, still closer to sub 5 than any other movie seen so far. How is this "not even close to sub 5"?
Experienced Forum User
Joined: 12/29/2007
Posts: 489
So what's the actual time?
Experienced Forum User
Joined: 12/29/2007
Posts: 489
^I think it might have something to do with lag - scrolling through the glitched menus and so on causes a lot of it and Yellow might have better lag management than earlier Gen I games simply because it was made later.
Experienced Forum User
Joined: 12/29/2007
Posts: 489
Arbitrary code execution would pretty much have to be banned by default in any catch 'em all run. Doing the bad clone glitch over and over and over would be super boring to say the least. But I suppose you could argue that it constitutes a "100%" run and is thus eligible for Vault regardless of entertainment value.
Experienced Forum User
Joined: 12/29/2007
Posts: 489
Mothrayas wrote:
Personally, I'd like a screenshot of the Cooltrainer glitch in action, and some of the unusual catches made with it. Here are some examples (I like the Eevee one most): There's just so much not right in each of these images.
It's too bad the opponent's name gets corrupted in each case. Having it remain as "DIGLETT" while the lower text box clearly says something else would be quite the double-take.
Experienced Forum User
Joined: 12/29/2007
Posts: 489
Patashu wrote:
Fortranm wrote:
GamingAori wrote:
https://www.youtube.com/watch?v=cFS6gsrD-9Y is a warping to hall of fame glitch.
It's finally here. Is it considered ACE?
This is classic ACE. The names of the pokemon in the box are executed as code.
Now all we need is a way to trigger this faster than actually beating the game.
Experienced Forum User
Joined: 12/29/2007
Posts: 489
(reposting because it was lost on the previous page) How does 56:15 (while the menu is not opened) look?
Experienced Forum User
Joined: 12/29/2007
Posts: 489
^The third one isn't exactly unique to this run though, and it barely shows any glitchiness. Let me see if I can come up with a better screenshot example of JACK that doesn't look so boring. EDIT: This isn't JACK, but how does 56:15 (while the menu is not opened) look?
Experienced Forum User
Joined: 12/29/2007
Posts: 489
^Around 48:25 on the YouTube video.
Experienced Forum User
Joined: 12/29/2007
Posts: 489
May I nominate a different publication screenshot? The current one doesn't showcase anything unique to the run; looking at it alone shows a glitch known since the early days of Red/Blue. I'd suggest displaying one of the glitches that has never been published here before; that would include the Cooltrainer name display glitch, the Glitch City (wrong warp) glitch if I recall correctly, JACK, map distortion, and text pointer manipulation showing the player "battling an item". Of these, JACK would perhaps be the most spectacular to see in a single screenshot; text pointer manipulation would come after that.
Experienced Forum User
Joined: 12/29/2007
Posts: 489
jlun2 wrote:
Has there been any documentation on exactly what causes the game to mess up when simply looking at the glitched moves? Because it would be very useful if it allows you to change and capture an opponent's pokemon since that would mean no mass egg hatching in a catch em all.
I believe it's the same reason that "Super Glitch" effects occur in Gen I - the move's name lacks a terminator and is so long that displaying it overwrites other memory areas. Exactly which bytes and memory areas these are, though, I believe is still undocumented.
Experienced Forum User
Joined: 12/29/2007
Posts: 489
Invariel wrote:
And the vine climbs higher in All Stars. Interesting. I wonder if it does Fun Things (tm) in 2-2 and 7-2 in All Stars as well. (In fact, I wonder if it does Fun Things (tm) in 2-2 and 7-2 at all... Back in a few.) Edit: Start of 2-2, no interesting effect. Middle of 2-2, some interesting screen draw issues, which culminated in this: http://img.photobucket.com/albums/v282/Invariel/SMB12-2after5-2VineGlitch_zps1607871f.png All of the blocks are solid and impassable. Basically, the screen was drawing half a screen forward all the time, reminiscent of one of the hack modes of SMB on a 1000-in-1 cart. Edit 2: Nothing interesting until the start of 3-2, where the initial Koopa Troopa was invisible for a few blocks. It still registers as a damaging object. Edit 3: Nothing interesting until the start of 5-1, where the initial Koopa Troopa was again rendered invisible, and still registers as a damaging object. Thought: Can I activate this through time-out on another vine? Answer: - Not in All Stars - the timer freezes as you climb up. - Not in vanilla - the timer freezes as you climb up.
What happens if you try climbing up on the same frame the timer hits 0?
Experienced Forum User
Joined: 12/29/2007
Posts: 489
^Right, but p4wn3r brought up an excellent point that voided part of my argument, so I'm trying to come up with an alternate definition.
Experienced Forum User
Joined: 12/29/2007
Posts: 489
Good point; however, using the definition you just wrote... "...execute any commands of the attacker's choice..." Item underflow does not execute any commands of choice. The user is limited to the commands already programmed within, namely "every overworld tick, look at this memory location and run the code it points to" or "when the player steps on a warp tile, the current map changes to the one stored in this memory location". The user can arbitrarily edit memory so that these (already existing and not chosen) commands end up doing what the user wants. But item underflow cannot be used directly to run a command of choice.
Experienced Forum User
Joined: 12/29/2007
Posts: 489
Much later, here's an English video and explanation: https://www.youtube.com/watch?v=_JCUkA0UWJg The glitch only seems to work on Japanese R/S, as future games prevent Tricking Mail. It's still not known exactly what causes the single map-tile glitch, but as it appears to be some form of memory corruption, maybe this could lead to more exploits later on?
Experienced Forum User
Joined: 12/29/2007
Posts: 489
Then maybe we can define ACE as "corrupting the portion of memory where control data (ROM, code, PC, stack pointer, etc.) is stored"?
Experienced Forum User
Joined: 12/29/2007
Posts: 489
@above: Are route descriptions truly necessary? I'd argue that runs are defined by their goals, not their routes. Taking the SDW run as an example, there's no branch separating the "warps from World 1 and has to go through Misty Star World" run from the "warps from World 2 to Desert Star World, skipping the MSW autoscroller but requiring more level completions" run. They're different routes for sure, but the route difference doesn't make them dissimilar enough to branched - because they have the same goal. The goal should be what's in the title, not the route.
Experienced Forum User
Joined: 12/29/2007
Posts: 489
p4wn3r wrote:
Zowayix wrote:
The current real-time record is about 3:29, only 9 minutes short of the current TAS record. This was done using the help of several glitches which were undiscovered at the time, such as item underflow and the CoolTrainer move. This makes me believe that the current TAS record could be massively improved using these new glitches.
Wow, it seems people were pretty busy while I was away xD
Zowayix wrote:
Arbitrary code execution is defined as causing the game's program counter to jump somewhere it is not supposed to go.
You can get all the effects of ACE without ever taking the PC to a forbidden position, this is known as ROP: https://en.wikipedia.org/wiki/Return-oriented_programming To do this attack, you send the PC to perfectly valid sections of the game code and chain them together to do something evil. Of course, if someone decided to submit a run using ROP, people would obviously qualify it as ACE, but I pointed this out because defining ACE as "don't let the PC go where it's not supposed to" leads to loopholes.
Hmm, if you're limited to various sections of code already existing in the game, that's no longer truly arbitrary execution anymore, right?
Experienced Forum User
Joined: 12/29/2007
Posts: 489
What is A2MT?
Post subject: Branch names
Experienced Forum User
Joined: 12/29/2007
Posts: 489
After a couple months of getting used to the new branch names, I think it's appropriate to bring this up: In terms of the goal of TASVideos, the old branch names made more sense. For the vast majority of movies on this site, the goal is to beat the game as fast as possible, and (effectively) nothing else. For those games where "as fast as possible" effectively wrecks any semblance of regular gameplay (e.g. Yellow save corruption), we have alternate movies, namely the Cooltrainer move glitch movie and the 7-badge movie. Using the Cooltrainer move glitch movie as an example, the problem with the current "warp glitch" title is that the primary goal of the movie is not to perform the warp glitch. It's simply to beat the game as fast as possible, without hard resetting. If some other glitch were found in the future that didn't involve save data corruption or the Cooltrainer move and still beat the game faster than 28 minutes, that movie would presumably obsolete this one, although the branch name would require changing. A similar, more contentious (and hopefully enlightening) example occurs with the current "11 exit" Super Mario World movie. Its branch name is "warps". Going by that name (or the previous "11 exits" name), why shouldn't Masterjun's "modify the player's coordinates" ACE movie obsolete it? Why shouldn't the cloud glitch be allowed? The nice and simple answer is that the primary goal of the movie is not to beat the game with warps/11 exits. The goal is to beat the game without relying on arbitrary code execution.* Therefore, I support renaming the branches back to the convention used before, i.e. describing the primary goal of the movie. Feel free to either back me up or provide counterpoints. *Yes, I know that the "stack corruption" movie that beats the game from YI3 would then obsolete it. This could be remedied by making the branch name "no ACE, no final boss skip" or something similar; many other movies have multiple clauses in the branch name, such as "70 stars, No BLJ" and several Super Metroid movies.
Experienced Forum User
Joined: 12/29/2007
Posts: 489
^No, that's Marathon mode in Standard. Mission has a Marathon mode too, as does Catch; all three last 20 levels.
1 2
7 8 9
19 20