Game objectives
- Emulator used: lsnes rr2-β23
- Aims for fastest time
- Uses glitched password
- Corrupts memory
- Executes arbitrary code
Executing $00F9
Big characters and small characters
Generally, big characters are placed in inside of the field. And small characters are in outside.
Big characters aren't placed in outside if you play this game normally.
(Sometimes small characters are in inside.)
Placing a big character in outside by using password
You can use a password at "スーパーバトルリーグ:Super Battle League" or "激闘対戦モード:VS Mode"
for organization of the team and fix ability of each character.
It depends on whether the 39th and 40th letter of a password who enters the outside.
Before the start of the match, Graphic data is loaded from rom.
But if a big character is placed in outside, memory corruption may be occured.
It's depend on some characters. Perhaps it is unexpected that a big character enters the outside.
How to executing $00F9
Outside player: Grate Kaminarimon(グレートかみなりもん)
Stage: Moon
Opponent: Knight Gundam team(ナイトドラゴンズ)
This combination makes stack corruption, and executing $00F9 occured.
Jumping to password area
Usable memory address
$00F9 = a number of times attract mode match is watched
$00FA = a number of times cursor is moved
$00FB = a number of times A or B are pushed at password mode.
$00FC = a number of times sounds when cursor is moved
$00FD = a number of times sounds when A or B are pushed at password mode.
$1F80-$1FB1 = password
A barrage
As you barrage the A with a password mode, $00FD will not catch up with $00FB, because the sound is not in time.
If the difference between $00FB and $00FD is set to 1 at the moment when screen gliches,
it is possible to make the instruction for jump to password area.
| Address | Bytes | Instruction | Comment |
|---|
| $00/00F9 | 01 80 | ORA ($80,x) | |
| $00/00FB | 20 80 1F | JSR $1F80 | Jump to password area |
Jumping to ending
Password
ノノノぼご ルじKぐチ ニニワおネ ネネネネネ
ネヤlネず ミ ネネネ ネネネネネ ネネネテテ
テテテテテ テテテテせ
| Address | Bytes | Instruction | Comment |
|---|
| $00/1F80 | 59 59 59 | EOR $5959,y | |
| $00/1F83 | 4A | LSR A | |
| $00/1F84 | 0E 99 1F | ASL $1F99 | $1F99 is shifted left of 1 |
| $00/1F87 | 9C 0C 42 | STZ $420C | $420C is set to 0(to stop HDMA) |
| $00/1F8A | 56 56 | LSR $56,x | |
| $00/1F8C | A9 04 | LDA #$04 | The accumulator is set to 0x04 |
| $00/1F8E | 58 | CLI | |
| $00/1F8F | 58 | CLI | |
| $00/1F90 | 58 | CLI | |
| $00/1F91 | 58 | CLI | |
| $00/1F92 | 58 | CLI | |
| $00/1F93 | 58 | CLI | |
| $00/1F94 | 58 | CLI | |
| $00/1F95 | 85 C2 | STA $C2 | $00C2 is set to 0x04 |
| $00/1F97 | 58 | CLI | |
| $00/1F98 | 20 74 C0 | JSR $C074 | 0x74 will be shifted left of 1 to 0xE8 |
| becomes... | | | |
| $00/1F98 | 20 E8 C0 | JSR $C0E8 | Call final scene |
Password Text Table
| あ | い | う | え | お | ア | イ | ウ | エ | オ | が | ぎ | ぐ | げ | ご | ガ | ギ | グ | ゲ | ゴ |
| 00 | 01 | 02 | 03 | 04 | 05 | 06 | 07 | 08 | 09 | 0A | 0B | 0C | 0D | 0E | 0F | 10 | 11 | 12 | 13 |
| か | き | く | け | こ | カ | キ | ク | ケ | コ | ざ | じ | ず | ぜ | ぞ | ザ | ジ | ズ | ゼ | ゾ |
| 14 | 15 | 16 | 17 | 18 | 19 | 1A | 1B | 1C | 1D | 1E | 1F | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| さ | し | す | せ | そ | サ | シ | ス | セ | ソ | だ | ぢ | づ | で | ど | ダ | ヂ | ヅ | デ | ド |
| 28 | 29 | 2A | 2B | 2C | 2D | 2E | 2F | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 3A | 3B |
| た | ち | つ | て | と | タ | チ | ツ | テ | ト | ば | び | ぶ | べ | ぼ | バ | ビ | ブ | ベ | ボ |
| 3C | 3D | 3E | 3F | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 4A | 4B | 4C | 4D | 4E | 4F |
| な | に | ぬ | ね | の | ナ | ニ | ヌ | ネ | ノ | ぱ | ぴ | ぷ | ぺ | ぽ | パ | ピ | プ | ペ | ポ |
| 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 5A | 5B | 5C | 5D | 5E | 5F | 60 | 61 | 62 | 63 |
| は | ひ | ふ | へ | ほ | ハ | ヒ | フ | ヘ | ホ | | | | | | | | | | |
| 64 | 65 | 66 | 67 | 68 | 69 | 6A | 6B | 6C | 6D | | | | | | | | | | |
| ま | み | む | め | も | マ | ミ | ム | メ | モ | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 6E | 6F | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 7A | 7B | 7C | 7D | 7E | 7F | 80 | 81 |
| や | | ゆ | | よ | ヤ | | ユ | | ヨ | A | B | C | D | E | F | G | H | I | J |
| 82 | | 83 | | 84 | 85 | | 86 | | 87 | 88 | 89 | 8A | 8B | 8C | 8D | 8E | 8F | 90 | 91 |
| ら | り | る | れ | ろ | ラ | リ | ル | レ | ロ | K | L | M | N | O | P | Q | R | S | T |
| 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 9A | 9B | 9C | 9D | 9E | 9F | A0 | A1 | A2 | A3 | A4 | A5 |
| わ | | を | | ん | ワ | | ヲ | | ン | U | V | W | X | Y | Z | | | | |
| A6 | | A7 | | A8 | A9 | | AA | | AB | AC | AD | AE | AF | B0 | B1 | | | | |
| a | b | c | d | e | f | g | h | i | j | ! | ? | ‐ | ・ | | | | | | |
| B2 | B3 | B4 | B5 | B6 | B7 | B8 | B9 | BA | BB | BC | BD | BE | BF | C0 | | | | | |
| k | | l | | m | n | | o | | p | | | | | | | | | | |
| C1 | | C2 | | C3 | C4 | | C5 | | C6 | | | | | | | | | | |
| ♥ | ◆ | | | | | | | | | | | | | | | | | | |
| C7 | C8 | | | | | | | | | | | | | | | | | | |
This ending is not for "スーパーバトルリーグ:Super Battle League".
This is for "真・闘球王伝説:Shin Toukyuou Densetsu".
Samsara: Changing branch to just "game end glitch" and accepting to Moons.
Samsara: Hopefully replacing with a file with the blank SRAM removed.
This btw. Not sure if it affects sync if deleted.
