On the 22nd June 2020, in the thread for Kaan's TAS this was said:
Well, imagine no more.
Sonic 3 & Knuckles has been able to skip Acts for many years. Now thanks to a series of new discoveries along with existing knowledge we are now able to entirely skip 3 of the Zones, saving over 6 minutes (~21,853 frames) compared to the previous TAS. The main new star of this TAS is the "break of the lock-on technology" that defines Sonic 3 & Knuckles. We do this by exploiting buffer overflow errors in Angel Island 2 and Hydrocity 2 that combined let us temporarily trick the game into thinking it is Sonic & Knuckles without changing or adjusting cartridges. The game will revert to being Sonic 3 & Knuckles again after a soft reset or power cycle, so we exploit the fact that a game over doesn't recheck the lock-on status, allowing us to skip the remaining stages in the Sonic 3 half.
RTA-TB (RTA Minus Time Bonuses) is the timing method used for Sonic 3 & Knuckles single segment speedruns. It is timed from file selection up until the fade out, and the timer pauses for any frames where the time bonus is counting down. For this TAS, we use this same timing method. See the Differences to existing TAS section for more information.
Using RTA-TB timing this run is: 20:54.449
Angel Island 2.2 (AI2.2 for short)
We use this to refer to the partial Angel Island 2 stage that we play after the death at the end of the first run-through of Angel Island 2.
O Zone
Affectionately called O Zone by the RTA community (due to the title card that appears after the Hydrocity 2 boss), is a strat where by drowning to during the score screen during the Hydrocity Act 1 boss, will cause the game to think Act 2 is Act 1, so after completing Act 2, it will show the title card for Act 2, but due to the geyser the graphics get messed up.
Emulator Notes
Bizhawk/GPGX is required for precisely 1 frame - a soft reset (which isn't TASable in Gens) to prevent the buffer overflow in Angel Island 2.2 from overwriting the checksum present at the end of memory, which if changed causes the game to hard reset.
The gmv from Kaan's TAS was converted to BizHawk and used as a base, so a lot of his TAS still remains here. I think this also causes the "Warning: Movie hash does not match the ROM" message.
GPGX loses an estimated 20-30 frames from the switch due to more accuracy with how lag frames are handled (Typically 1 per zone and 1 per death). Due to the Sky Sanctuary boss RNG being governed by the power on frame timer, this means Kaan's TAS was only adapted up to that point, so we don't have an exact figure on frames lost due to porting.
Emulators and Tools used:
Bizhawk 2.9.1.
Gens ReRecording 11b + TAS Tools.
Minerva (Chrezm's overlay and scripting framework that works in both Bizhawk and Gens).
Basic Bot + a custom Minerva script to stop emulation once a good crash in AI2.2 had been found.
A custom script I wrote to convert inputs from TAStudio back to Gens so we could use camhack to diagnose issues with level wraps, etc.
With jumping back and forth between emulators (and ROMs - Mushroom Hill was originally TAS'd on the Sonic & Knuckles ROM), re-records will likely be inaccurate. Basic Bot may have thrown more into the mix than was used (e.g. left the bot running for 8 hours with no results for the crash and sticking to the existing inputs).
Game imposed restrictions
A few things may seem sub-optimal but are required to be done in a certain way to have this set-up work.
We need to reach the end of Angel Island 2 with the Score Tally countdown occurring for the Save File to be updated to Hydrocity, allowing us to soft reset in AI2.2 to progress.
For us to be able to do "bridge skip" and die at the end of AI2, we need to complete the whole of Angel Island without dying, nor enter a bonus or special stage at any point in Angel Island.
For the AI2.2 crash to happen, we need to get rejected in the Tunnel at the end of AI2, and then hit the checkpoint so bad values get saved to RAM by the checkpoint, hitting the checkpoint first will cause the level to be as normal.
To get the game to think Hydrocity 2 is Hydrocity 1, we have to complete Hydrocity 1 without hitting any checkpoints and we need to die during the score tally - See level specific notes for more information.
We need to enter and exit a blue sphere stage at some point between the start of AI2.2 and the end of HC2 so the flags in memory for it are set. HC1 is best placed for this.
Once the game thinks Sonic 3 is no longer locked on, a game over is required, soft resetting at any point will cause the game to re-check for whether Sonic 3 is locked on or not. As a result, we deliberately avoid hitting any 1-up monitors and we also take intentional deaths whose sole purpose is to decrease the lives counter (2 in Hydrocity 2, 2 in Marble Garden 1). The number of lives is saved to SRAM only once a zone is completed, so even though dying in AI2.2 might be quicker, it won't update the amount of lives going into Hydrocity as we soft reset before making it to that save point a second time.
Also once the game thinks Sonic 3 is no longer locked on, (regardless of game over or not), it will prevent the save file from being updated further, so we cannot soft reset to skip the Mushroom Hill, Flying Battery or Sky Sanctuary cutscenes.
Differences to existing TAS
Timing
In Game Time has a few issues - time after the last hits on the bosses aren't counted. This means that any time spent in that period of time doing any actions that may be meaningful for the TAS would not be counted. For example, getting a shield in Act 1 or hitting the capsule in Act 2 doesn't count towards the total time. The Final Escape sequence also doesn't have the in-game timer running.
Real Time also has one massive issue - the time bonuses at the end of an act. At the end of an act, you are awarded a time bonus depending on how fast you finish a stage, the faster you finish it the more points you get, and those points count down at a rate of 100 points every frame. These bonuses can be large enough that occasionally, it may be faster to wait to clear an act at a moment where the awarded time bonuses would be smaller. As an example, finishing a stage with an in game time of 01:29::59 will give 10,000 in time bonuses, which would take 100 frames to count down; whereas finishing that same stage one frame later at 01:30::00 will give 5,000 in time bonuses, which would take only 50 frames to count down, netting an apparent gain of 100-(50+1)=49 frames. Since deliberately slowing down for the sole purpose of minimizing a time bonus seems antithetical to a speedrun, we do not use Real Time either. In this TAS the only flat Real Time strategy would have been in Death Egg 1, where allowing the time to tick over to 1:00 would yield a 10K time bonus instead of a 50K time bonus.
RTA-TB combines the best of both worlds by considering not only all of the in game timers without the penalties for finishing too fast, but also counting all of the time spent outside stages as well. This means we can still aim for the fastest stage time, but we can opt for strategies that will save Real Time when the IGT isn't counting. We make use of this change specifically in Angel Island 2, and Lava Reef 1, where the existing TAS has to wait out for something to happen before proceeding.
Pre game
Using a Save File is necessary, which conveniently saves us 13 frames.
Angel Island 1
Mostly identical.
0:10 We have to take the normal path here, as the original TAS breaks a life monitor, which will waste time losing it later.
0:12 we need to delay progression for about 13 frames here, otherwise the optimal crash found doesn't happen in Angel Island 2.2. We also need to get Y and X subpixels to match the original TAS so the rest of the stage and Angel Island 2 can play out the same.
Angel Island 2
Identical up until near the last checkpoint where we lose time to set up for the crash. We also keep the lightning shield for hitting the capsule as this is faster than the fire shield waiting for the capsule saving 276 frames.
Angel Island 2.2
The optimal crash here was found by us using a bot with random inputs after the spindash just before the crash, I've tidied up the inputs to only those required, so it looks cleaner.
Hydrocity 1
Mostly identical.
0:27 We jump over the extra life to avoid an additional death (250+ frame saving).
0:32 Need to divert to enter a blue spheres stage to fill in a portion of the memory.
0:38 Drowning is on a timer from entering the water, so we can't do anything to speed up this section, so we mess around with the boss and the signpost whilst that timer counts down.
Hydrocity 2
This is the best place to get us down to 1 life, so we have a small diversion to do so, and then we re-sync up with the existing TAS for the rest of the stage.
Marble Garden 1
Hydro 2's Time Bonus gives us an extra life that we need to lose, and then repeat to game over. Avoiding rings here is the fastest way to die.
Carnival Night and Ice Cap
It was nice knowing you?
Launch Base
It's worth noting that switching to Bizhawk this stage would have changed a lot due to being able to entirely skip Act 2 and its cutscene by using a soft reset to enter Mushroom Hill.
Mushroom Hill 1
Now we're using Sonic and Knuckles' Mushroom Hill 1 so the level wrap isn't possible (Left boundary is set further in the level). eandis replaces the Bubble Shield shenanigans from Carnival Night 2 with what you see here, picking up the lightning shield on the way so the boss can be zero-cycled, making the stage a couple of seconds faster than its S3K's counterpart.
Mushroom Hill 2
As we have the lightning shield, the routing here is slightly different, and we need to lose the shield before the boss. However, we still managed to save 8 frames over the existing TAS.
Flying Battery 1
Two new things here, A new strat was discovered for Sonic to do the same level wrap that Knuckles does, saving time. I also investigated the 2-frame save that the 100% TAS contained, and found that a further 42 frames could be saved by deferring more hits from the boss.
Flying Battery 2
Y-Subpixels were needed to be manipulated in Act 1 to resync this, but happy to say this is identical.
Sandopolis 1
Identical
Sandopolis 2
Identical
Lava Reef 1
0:05 A new floor clip was discovered by cubbycubbycat, which eandis found a consistent set up for.
0:12 Minor wait here is required for the right screen lock to get further through the level, otherwise when we wrap we end up part way through the level rather than at the boss.
0:46 New boss floor clip found by eandis means the monitor clip isn't needed, doesn't save any IGT time, but saves 86 frames from not having to have the monitor bounce and us clip underneath.
Lava Reef 2
Unfortunately, due to the lack of fire shield, we eat about 75 of the 86 frames saved from the boss clip, giving us an overall saving of 11 frames.
Hidden Palace
Identical
Sky Sanctuary
Identical - except we change which boss pattern is used and correct for that, we also don't need to pause anymore for RedEye's platforms.
Death Egg 1
Identical - except for Red Eye's platforms had to be redone, this is on par with Kaan's so no different timewise.
Death Egg 2
Identical - except for UwUBall (first boss of the level, thank Argick for popularising this name for it) needed some adjustments to work.
Glitch Specific information
Bridge Skip
Bridge Skip is not entirely new, but for reference, it is Sonic (Solo or with Tails) exclusive due to the cutscene at the start of his campaign. However, it is now used for an entirely different purpose: get a deliberate death after the savefile is updated. We need to die after the Act 2 tally is completed so that the savefile is updated to Hydrocity 1, thus allowing us to make progress in the TAS once we soft reset. We ultimately use this death to execute the Angel Island 2.2 crash, described later. An independently prepared write-up explaining Bridge Skip (done in the context of aiding single segment speedrunners achieve the memory manipulation needed to follow the TAS at the time) is available here for reference.
How we can break "Lock-on"
The way we trick the game Sonic 3 & Knuckles into thinking it is the game Sonic & Knuckles is by taking the way the game internally decides whether it is locked on to Sonic 3 or not, which originally is set up by game code to think it is locked on to Sonic 3, and then exploiting that to trick the game into temporarily thinking it is not locked on to Sonic 3.
On Sonic 3 & Knuckles startup, Sonic & Knuckles code is run, and part of it is what is referred to the "lock-on determination routine". This routine attempts to read the contents of ROM that would exist if a cartridge were to be locked on (in particular it is trying to read the header of a locked-on ROM). If it is convinced that such a locked-on ROM exists and that it seems to be a Sonic 3 cartridge, Sonic & Knuckles will be convinced it is running alongside Sonic 3, so it must behave as if it were Sonic 3 & Knuckles and thus sets the value at address $FFAE-FFAF to 0. If it is convinced that there is no such locked-on ROM, Sonic & Knuckles will be convinced it is running on its own and thus sets the value to 1 instead. The game will then refer to this value and this value only in order to make any decisions regarding whether to behave using a special Sonic 3 & Knuckles rule or a Sonic & Knuckles rule. In particular, it will assume that, if the value at that address is 0, it must mean that previously it had decided that a Sonic 3 cartridge was locked on; and if it is anything other than that, then it must mean that it previously decided that there is no Sonic 3 cartridge locked on. Crucially, this decision is made not by acting differently if the value is 0 or 1, but whether it is 0 or anything other than 0.
A few examples of such acting differently decisions include:
On an act start, when showing the title card, whether to show a "Sonic 3 & Knuckles" text or a "Sonic & Knuckles" text on the red banner that appears.
Whether to attempt to save to SRAM or not.
Whether super emeralds are a thing or not.
Whether you can access the Sonic 3 stages, special stages and bonus stages; or not.
Critically for this TAS, whether to display the Sonic 3 & Knuckles title screen or the Sonic & Knuckles title screen.
The TAS will start with Sonic 3 & Knuckles behaving as normal, setting $FFAE-FFAF to 0 and thus thinking it is Sonic & Knuckles locked on to Sonic 3. The buffer overflow from Angel Island 2.2 - described in the next section - gets us most of the way there by writing garbage to $FF7E-$FFAB. Entering a blue sphere stage and causing the buffer overflow in Hydrocity - described in the section after - gets us the rest of the way there and fills in $FFAE-FFAF with some non-zero value (in the TAS that is beda). As that value is not 0, at any further point where the game needs to act differently depending on whether it is locked on to Sonic 3 or not, the game will think it is not and thus think it is Sonic & Knuckles.
That means that this point, if we can make it to the title screen, the Sonic & Knuckles title screen will appear. Since we cannot soft reset (as that reruns the lock-on determination routine), we use the next fastest known way of making it to a title screen, which is getting a game over. Getting a game over, while at first glance seemingly restarting the game, does not actually rerun that routine. Therefore, once the game needs to decide it shows a Sonic 3 & Knuckles title screen or a Sonic & Knuckles title screen, since the value at FFAE-FFAF is non-zero (beda in the TAS), it will think it is Sonic & Knuckles and thus show that title screen.
The Angel Island 2.2 buffer overflow and "crash"
This abuses a bug in the Object Load Manager, the bug itself (but not this particular instance of it) is explained in this video. We cause the OLM to write garbage to memory by getting the horizontal camera coordinates to underflow, which eventually causes the game to attempt to garbage load as many objects as possible onto RAM. We use this overflowing behavior in a specific way that allows us to set up memory properly for the S&K corruption, as generally this overwriting just causes a hard reset.
For some stages including Angel Island 2, Sonic 3 & Knuckles uses an event manager internally called screen resize routines. This event manager is used to determine any actions that rely on the camera being at some specific set of coordinates. For example, in Angel Island 1, once the camera is at a specific set of coordinates, these are the first few events that trigger as you progress through the level:
load the Knuckles cutscene (emerald theft),
lower the screen lock once you progress through the level a bit,
load the first AIZ1 miniboss, etc.
This manager uses a routine counter to decide what the next event to trigger is if the camera approaches some given coordinates. Once the game triggers an event, it will then increase the routine counter by 2 so that it will now wait to see when the next event is ready to trigger. Crucially, this routine counter generally does not go backwards (so events don't happen twice), and it is a value that is saved whenever you hit a checkpoint and loaded once you respawn, which makes you able to view events that may have happened after you hit the checkpoint but before you died.
The setup in this TAS relies on getting "rejected" in the tube at the end of Angel Island 2 (that is, "randomly" start going to the left), at a particular point and then and only then hitting the checkpoint before the boss. That particular point is after screen resize event 8 happens, which triggers when the camera reaches x-coordinate 0x3C00. Event 8 is used to load the art for the airship that will be played in the cutscene coming up immediately after, but also to set up the value at address $EED4 to 0x4440. This value is used for the airship cutscene as follows: once the camera exceeds the value at $EED4, the game will subtract 0x200 from the position of the camera and all objects on screen. This is done to give the illusion of a never ending field for the airship cutscene.
This value at $EED4 is only set to that value when event 8 happens, and it is cleared once the stage restarts. As a result, for it to be set properly once you die, it must be the case that the event 8 happens. However, given that we touched the checkpoint after triggering that event, the game saves that we triggered it so it will not fire again; in fact, it will now be waiting to trigger the next event, 8+2=10.
Therefore, once we approach the airship cutscene again, the value at $EED4 will not be 0x4440 but instead just 0x0, which will continuously be higher than the camera x-coordinate at the airship cutscene. As a result, the game will continuously attempt to subtract 0x200 from the camera x-coordinate until it underflows. This makes the OLM start writing garbage to the ring status table and beyond, which if left unchecked eventually causes the checksum (a string right at the end of RAM) to be overwritten, and briefly afterwards invalid 68K code to be executed. This in turn causes a hard reset that wipes the entire memory clean due to the broken checksum string.
The tricky part for us is to get the memory overwritten in such a way that we are able to soft reset at an instant such that memory is setup for the O Zone step described in the next section, but before the checksum is overwritten. Whilst we don't completely understand how to manipulate how the memory gets overwritten, we believe there are two possibly related components to this:
A sub-frame component, or the amount of code run in a particular frame - so sometimes the checksum will get overwritten on the same frame as the areas in memory that we are interested in getting overwritten,
An input component - so slight variations in input leading to the crash will lead to the checksum being overwritten.
O Zone Buffer Overflow
In order to be able to do the level wrap in Hydrocity Act 2, it must be the case that you are playing from a fully reloaded act and not straight from an Act 1 transition. This is because there is a level wrap strategy that requires the left stage screen lock to be 0 in order to work. That screen lock is set to 0 from a fully reloaded act, but it is set to some non-zero value otherwise. In order to get a fully reloaded act, it is enough to die as soon as the game is comfortable enough that it is in Act 2. Single segment runners historically achieved this after a transition from Act 1 by getting a quick death at the start of the big wall section. However, in order to take advantage of the biggest time save possible, for the Act 1 boss fight, they had to get the majority of hits off screen, which is very hard to achieve consistently.
O Zone originally was a strategy designed for single segment runners that involved doing the following instead: drown during a very specific period of the Act 1-2 transition period. To do that, you stay in the water the entirety of the Act 1 boss fight, juggle the falling sign post a few times, and let the score tally appear in a small window of time where the end of stage tally appears but before your air is refreshed. As the tally started before you drowned, the game is now comfortable enough to think it is in Act 2, even if not all addresses updated in a standard transition from one act to the other are set properly (most notably the visible act number). This effectively achieved the same goal of starting Act 2 from a fully reloaded act and allowed them to go for the level wrap strategy immediately instead of having to take an extra death. This turned out to be generally faster for the average case of a single segment runner, but still slower than getting all of the Act 1 hits offscreeen and then dying in some other way.
However, it turns out this strategy had a side effect. Once the tally for Hydrocity Act 2 finishes, a small cutscene involving a geyser starts, which is used to transition to the next zone Marble Garden. However, because of the unusual death at the end of Act 1, the game will also attempt to show an Act 2 title card once this cutscene starts. Both the geyser and title cards have art that need to be processed by the game using the KosinskiM decompression and DMA queue buffer. This buffer at $FF64-$FF7B can hold up to 4 concurrent pieces, each taking one buffer slot of 6 bytes in length. However, the geyser when loaded takes up 1 piece and the title card takes 4 pieces. The game is not able to concurrently deal with 1+4=5 pieces in the buffer, leading to pieces being written past the buffer. In particular, it will write pieces to the next section of 6 bytes of memory that looks like a buffer slot and whose first 4 bytes are clear. For example, it will first check if $FF7C-FF7F is empty, if so it will write a piece to $FF7C-FF81; otherwise it will check if the next "buffer slot" at $FF82-FF85 is empty, if so it will write a piece to $FF82-FF87; otherwise it will check the next one and so and so on until it finds an appropriate section of memory. Critically, the game code does not, as part of the KosinskiM decompression and DMA queue buffer code, clear pieces that were written outside of it; so if nothing else in memory touches what was written outside that buffer, it will remain there.
This was discovered when single segment speedrunner Teeejj was doing Knuckles runs using the O Zone strat, and noticed that occasionally the game would have "Competition" selected on the main menu screen. It took us a while to figure out that this was never caused on the first attempt, but subsequent attempts done that also did O Zone without power cycling in between would cause the title menu to be changed, because its address $FF86 looked to the game as part of a buffer slot $FF82-FF87. It was then discovered that stacking multiple O Zones without power cycling in between would continue to cause more and more data to be overwritten in memory. One such address that could eventually be overwritten is $FFAC-FFB1, which contains the range $FFAE-FFAF, which as described before is what the game internally uses to decide whether it is locked on to Sonic 3 or not.
The Angel Island 2.2 buffer overflow crash fills in the memory on the way from the address KosinskiM decompression and DMA queue buffer up to the address of the locked-on flag. As a result, it is mostly sufficient to execute an O Zone once for the purpose of filling in the locked-on flag address with garbage, and thus making the game believe it is Sonic & Knuckles. Skipping the zones is still possible just by using O Zone by itself - do the glitch, reset at the Marble Garden title card, and repeat 5 more times. This does mean that other characters can skip from Marble Garden to Mushroom Hill, but it would probably make for a less entertaining run.
There are ways of reducing the amount of O Zones required that aren't performed in this TAS due to the Angel Island 2.2 crash filling in the memory as needed. For example:
1. if, in competition mode, you select the "No Monitor" option, enter the Grand prix menu, then go back twice to the main title screen menu.
2. when the title card at the start of Hydro 2 starts fading to reveal the stage, you hold some 2P input.
Special Stage detour
We need to enter a Special Stage in Hydrocity Act 1. This is because part of the memory that would look like a buffer slot on the way between $FF7E and $FFAC is actively written to when entering a savefile, That is the range $FF94-FF99. $FF94-$FF95 contains a partial list of special stage rings entered in the current zone, $FF96 the shield you had when entering the last special stage ring, and $FF97 a flag related to the respawn table used when reentering a stage from a special stage or a bonus stage. Even if the Angel Island 2.2 corruption would see these values overwritten with garbage, once you enter Hydrocity from the savefile, these values are all zeroed out following their intended meaning (e.g. $FF92-$FF95 is cleared because we have not entered any special stage rings in Hydrocity yet). Since $FF94-FF99 is also a slot that the O Zone buffer overflow would consider and it is currently all zeroes, if we take no further action, the buffer overflow would fill in $FF94-FF99 instead of the expected $FFAC-FFB1.
As a result, we must find a way of setting any of the bytes in that range to something other than zero so that the O Zone overflow skips over this slot and goes on to write to $FFAC-FFB1 instead. We found the quickest way of achieving this is entering and exiting the last Special Stage ring in Hydrocity Act 1, as that updates $FF94-$FF95 to remember that we entered that Special Stage ring with some non-zero value.
IGT reference times
Whilst not our target, for comparison with IGT timings here are the end of act timings. All times are in m:ss::frame format.
Act
In Game Time
Angel Island 1
0:43::07
Angel Island 2
1:23::21
Angel Island 2.2
0:06::16 (before the time in memory is overwritten)
Hydrocity 1
0:55::33
Hydrocity 2
0:22::08 (+0:06::43 in deaths)
O Zone Act 2
0:02::46 - technically wouldn't be counted as IGT normally
Marble Garden
0:20::06 in deaths
Carnival Night 1
N/A
Carnival Night 2
N/A
Ice Cap 1
N/A
Ice Cap 2
N/A
Launch Base1
N/A
Launch Base2
N/A
Mushroom Hill 1
0:31::17
Mushroom Hill 2
0:40::26
Flying Battery 1
0:43::03
Flying Battery 2
1:05::43
Sandopolis 1
1:04::51
Sandopolis 2
0:48::47
Lava Reef 1
0:46::14
Lava Reef 2
0:22::06
Hidden Palace
0:26::40
Sky Sanctuary
0:52::17
Death Egg 1
0:58::56
Death Egg 2
1:36::23 (+0:04::29 death)
Total
14:02::10
Possible improvements
If we were able to fully understand the AI2.2 buffer overflow and not have to rely on a bot to find a viable corruption, it could be potentially faster, and we likely wouldn't need the short delay in AI1.
LR1 has 3 frames potential to save before the digger (removing the last right press frame on the stairs, 1 frame after and one once clipped into the floor). However, this messes up the arms part of the boss. It also might end up that Red Eye's RNG would eat into that saving as well.
LR2, if a method is found to do what the fire shield does during the wrap (clips into a wall, and allows a zip) we would be able to harness most of the saving from the boss floor clip in LR1..
Credits/Special Thanks
kaan55 - We tried keeping as much of kaan's TAS here as possible with only changing where it was necessary, so the vast majority of this is made up of the work he did on the previous TAS.
eandis - Mushroom Hill 1 is all his work, the 2nd phase of the Lava Reef 1 boss is adapted from his inputs. Huge help with getting Hydrocity 2 sorted and synced up. And Originally discovered the Flying Battery 1 wrap along with the boss floor clip in Lava Reef 1.
Chrezm - Aside from providing the inputs for the ringless strategy in Marble Garden, and general improvements, a lot (if not all) of the setup for this TAS to work wouldn't have been possible without Chrezm's knowledge and valuable input.
Ctrl - gave the (in hindsight obvious) idea to avoid the 1up boxes in Angel Island and Hydrocity, which whilst it meant lots of stages desynced, it was worth it for the time save.
The Classic Sonic Speedrunning Community - You're awesome.
nymx: Replacing with the improvement by the author.
nymx: Well, I had a bit of a headache on this one. While I"m not knowledgeable about any Sonic games, I can certainly appreciate what I've seen.
Here is what I've decided. The previous submission attempts the same task of unlocking the gaming...so why not continue? While I was concerned at first, about the slow start, I finally caught the answer in the submission notes. If that's what it takes, then it lines up like other games I've seen...some sacrifice for the overall good. In this case, the ending time does beat the game and will now obsolete the aforementioned publication. Congratulations on the work!
Joined: 1/24/2018
Posts: 299
Location: Stafford, NY
Huh, so apparently by doing a bunch of stuff a normal player would consider insane and then exploiting the subsequent memory corruption in just the right way you can undo the "Lock On Technology" in the middle of a run, skipping a third of the combined game in the process!
Needless to say it's a Yes vote for me!
^ Why I don't have any submissions despite being on the forums for years now...
seems weird to me, if it's not locked is it even s3k?
TAS i'm interested:
Megaman series, specially the RPGs! Where is the mmbn1 all chips TAS we deserve? Where is the Command Mission TAS?
i'm slowly moving away from TASing fighting games for speed, maybe it's time to start finding some entertainment value in TASing.
There seems to be some slight confusion over the specific nature of the Sonic & Knuckles corruption. We aren't exactly irreparably breaking the lock-on technology or otherwise disconnecting Sonic 3 from Sonic 3 & Knuckles, in fact a simple soft reset at any point will bring you back to Sonic 3 & Knuckles. The way we trick the game Sonic 3 & Knuckles into thinking it is the game Sonic & Knuckles is by taking the way the game internally decides whether it is locked on to Sonic 3 or not, which originally is set up by game code to think it is locked on to Sonic 3, and then exploiting that to trick the game into temporarily thinking it is not locked on to Sonic 3.
On Sonic 3 & Knuckles startup, Sonic & Knuckles code is run, and part of it is what I call the "lock-on determination routine". This routine attempts to read the contents of ROM that would exist if a cartridge were to be locked on (in particular it is trying to read the header of a locked-on ROM). If it is convinced that such a locked-on ROM exists and that it seems to be a Sonic 3 cartridge, Sonic & Knuckles will be convinced it is running alongside Sonic 3 and thus set the value at address $FFAE-FFAF to 0000. If it is convinced that there is no such locked-on ROM, it will set the value to 0001 instead. The game will then refer to this value and this value only in order to make any decisions regarding whether to behave using a special Sonic 3 & Knuckles rule or a Sonic & Knuckles rule. In particular, it will assume that, if the value at that address is 0000, it must mean that previously it had decided that a Sonic 3 cartridge was locked on; and if it is anything other than that, then it must mean that it previously decided that there is no Sonic 3 cartridge locked on. Crucially, this decision is made not by acting differently if the value is 0000 or 0001, but whether it is 0000 or anything other than 0000.
A few examples of such decisions of acting differently include:
* On an act start, when showing the title card, whether to show a "Sonic 3 & Knuckles" text or a "Sonic & Knuckles" text on the red banner that appears.
* Whether to attempt to save to SRAM or not.
* Whether super emeralds are a thing or not.
* Whether you can access the Sonic 3 stages, special stages and bonus stages; or not.
* Critically for this TAS, whether to display the Sonic 3 & Knuckles title screen or the Sonic & Knuckles title screen.
The TAS will start with Sonic 3 & Knuckles behaving as normal, setting $FFAE-FFAF to 0000 and thus thinking it is Sonic & Knuckles locked on to Sonic 3. At the very end of Hydrocity, the long setup that we do in the zone causes a buffer overflow at the KosinskiM decompression and DMA queue, which combined with the previous Angel Island 2.2 crash, will be such that we fill in $FFAE-FFAF with something other than 0000 (in this TAS, that value is hex value `beda`). That value is not 0000, so any further point where the game needs to act differently depending on whether it is locked on to Sonic 3 or not, it will think it is not and thus think it is Sonic & Knuckles.
That means that this point, if we can make it to the title screen, the Sonic & Knuckles title screen will appear. Since we cannot soft reset (as that reruns the lock-on determination routine), we use the next fastest known way of making it to a title screen, which is getting a game over. Getting a game over, while at first glance seemingly restarting the game, does not actually rerun that routine. Therefore, once the game needs to decide it shows a Sonic 3 & Knuckles title screen or a Sonic & Knuckles title screen, since the value at FFAE-FFAF is non-zero beda in the TAS), it will think it is Sonic & Knuckles and thus show that title screen.
I updated the submission text accordingly.
I don't fully understand the confusion here, but from what I'm seeing, you're unlocking S&K from within S3&K.... I don't think you're beating S3&K in this case, cause after you unlock, it is a "brand new" game that you're clearing. In other words, you're going out of your way to set up the corruption just to play S&K from within S3&K, when you can just beat S&K itself.
If this is the case, then I would say that you didn't beat S3&K, you actually transitioned to another game (even if it is the same cartridge).
Technicalities aside, run is awesome and I liked all the madness there! Yes vote!
Worth noting, the game doesn't really change entirely.
If we carried on after the set up through marble garden, carnival night, ice cap and launch base the game will still say sonic & knuckles, and play as normal (well as normal as a TAS would show). However, when reaching Mushroom Hill 1, it will use the s&k level even though coming straight from launch base.
It will also give the sonic & knuckles logo at the end of the game.
We just shortcut to mh1 by game overing.
Also it's likely that if you took the inputs from the SK start from this TAS it would desync at one or more of these places:
- Mushroom Hill 1 boss final hit
- Mushroom Hill 2 preboss
- Lava Reef 1 Boss death position.
- Sky Sanctuary Boss RNG
- Death Egg 1 red eye platforms.
For those on the fence about whether we are switching games or not etc
Here is a video of what would happen if we didn't game over in Marble Garden, and just carried on playing the stages as per the previous TAS - and MH as this TAS.
Link to video
Complete bk2 from power on to showing the data select screen if anyone is interested in examining it themselves.
User movie #638562865824141834
Essentially showing:
- Title Cards still show S&K
- S3 Levels still play out correctly - i.e. the S3 cart hasn't been removed.
- We still get S&K's MH1 despite coming from S3/Launch Base
- Doing a soft reset in FB shows that we get back to S3K, and the save file still shows Hydrocity, even though the game has had 3 chances to update the save file (end of CN, LB, and MH).
If I had run it up to the end of the game the S&K logo would still show, despite never seeing the S&K title screen.
After overwriting the lock-on status memory address, which save file is the game saving to? In particular, could you reset somewhere during the Sonic & Knuckles half of the game, reload the file, and a) continue from the same point in the game and b) have the game think you are completing Sonic 3 & Knuckles? Or would the file fail to load for some reason?
This is a really interesting category as far as legitimacy debates go: I think one possible comparison is a "glitched newgame+" that plays Sonic & Knuckles via copying over data from a Sonic 3 & Knuckles save file via a glitch (which probably wouldn't be considered a Sonic 3 & Knuckles completion), but that's not the only way to interpret what's going on here. I guess another potential way to look at it is that the "continuous playthrough" posted two posts above is a playthrough that uses a glitch to start a Sonic & Knuckles game in a Sonic 3 level!
We've had various discussion of "completing the wrong game" in the past (although I can't easily find it at the moment), but don't think we came to any clear conclusions. (EDIT: I found it, although it probably isn't applicable here: Post #486426)
The first line of the "SaveGame" code is a check for the value of the SK_alone_flag ($FFAE-$FFAF). So whenever the game tries to save after the game thinks it's S&K, it won't save - which the end of the video in my previous post shows. Post #530403
The Game Over (or starting from the S&K title screen), removes the reference to the save file in memory, so would be unlikely to be possible without ACE.
There is the remote possibility that if we didn't use the game over, and found something similar in the S&K to set both bytes of the flag back to 0 without a crash, then the next act 2 completion will update the save file, and you could reset and load the save file.
Joined: 11/14/2014
Posts: 927
Location: South Pole, True Land Down Under
Ok...I'm posting here, because I've been looking at things and it really gives me a headache. So far, things look good. Explanations on why there is slowness in the beginning, as compared to the previous TAS is acceptable. For the concerns and/or confusion on unlocking, I don't have a problem with it...especially since we have a series of publications on this very situation.
So, I'm getting close to finishing my analysis...stay tuned!
I recently discovered that if you haven't reached a level of frustration with TASing any game, then you haven't done your due diligence.
----
SOYZA: Are you playing a game?
NYMX: I'm not playing a game, I'm TASing.
SOYZA: Oh...so its not a game...Its for real?
----
Anybody got a Quantum computer I can borrow for 20 minutes?
Nevermind...eien's 64 core machine will do. :)
----
BOTing will be the end of all games. --NYMX
Due to a site hiccup during publication, this thread wasn't moved to the correct sub-forum. This has now been fixed.
The publication can be found here.