Active player (378)
Joined: 6/5/2006
Posts: 188
Location: Malmö, Sweden
I remember there being a big discussion about whether resetting counts as hardware manipulation or not. Regardless, I would personally be against opening the CD tray and would consider it similar to Crooked Cartridge or scratching very particular sections of the Disc.
Even the best player is limited by the speed of his fingers, or his mind's ability to control them. But what happens when speed is not a factor, when theory becomes reality?
Joined: 3/20/2010
Posts: 126
Hey, Antdgar, which emulator are you using? I used both version of PSXJin 2.0.2 (according to Spike, apparently there are two different versions of them), and both of them desynced my Final Fantasy VII videos at about the 60,000-70,000 frame mark (each of them were about 40-41 minutes long). Is there any way I can fix these desynced videos? If not, what emulator are you using?
Post subject: I use pcsx
Joined: 3/18/2006
Posts: 971
Location: Great Britain
I use pcsx. But I think psxjin is better. I only use pcsx because I can run my lua scripts very fast with turbo mode. Try redoing the part that desyncs.
Joined: 3/20/2010
Posts: 126
What do you mean "redoing" it? EDIT: Wait a minute, I have now read that part of the site telling you how to deal with desynced movies in both plain text and binary format...and fortunately, PSXJin seems to come in the former...is that what you meant?
Joined: 11/30/2009
Posts: 17
Hey Antd, I was running around looking at RTA stuff and stumbled upon this. I'm gonna send it to BrutalAI too, since he seems to know a thing or two about event glitching. There's no description anywhere, it just says "midgar cut bug". http://www.nicovideo.jp/watch/1346770672
Joined: 7/9/2008
Posts: 15
The glitch is surprisingly simple. The field that is the Canon's Main Frame is used during a cut-scene and then later when your party reaches the field by by foot. Since we are not supposed be there or walk around freely the first time we see this field the game is scripted to among other things, disable movement. The paralysis is however not instant and we actually get a frame of movement before we are paralyzed. And as luck would have we have actually spawned right next to the trigger that triggers the Boss scene with hojo, so all you have to do is hold Down+Right+RunButton while the game fades to this field and voila, Cloud will move onto the trigger before he is paralyzed and the boss scene will play.
Post subject: big event skip
Joined: 3/18/2006
Posts: 971
Location: Great Britain
Carcinogen wrote:
Hey Antd, I was running around looking at RTA stuff and stumbled upon this. I'm gonna send it to BrutalAI too, since he seems to know a thing or two about event glitching. There's no description anywhere, it just says "midgar cut bug". http://www.nicovideo.jp/watch/1346770672
Huge! :D Great find.
Joined: 11/30/2009
Posts: 17
So judging from your description, it's easily replicable on console, too? 0_o Is it only doable on a specific version or is it engine specific?
Joined: 3/18/2006
Posts: 971
Location: Great Britain
Beyond easy!
Post subject: Re: Opening the CD tray: yes or no?
Joined: 4/1/2012
Posts: 8
Torn338 wrote:
antd wrote:
Does anyone have an opinion on opening the cd tray (in order to potentially skip large amounts of the game)? Specifically it will allow cloud to act as a golden chocobo and travel around the map with relative ease. In the instance of the emulator I'm using, I will have to load a dummy ISO. Edit: To clarify, I'm not asking about publication and whether it will be accepted. I'm asking whether opening the cd tray is deemed "legit" or not. I've already used the emerald countdown glitch in a weird way, so my initial argument for not opening the cd tray is waning.
Hmm, you could relate opening the CD tray to crooked Cartridges (N64 namely but probably all cartridges); Using ocarina of time as an example, that was the first way they found to escape the forest before deku tree, and it was deemed unacceptable as "legit". Here's a quote concerning SDA: "Why do you allow glitches but disallow cheat codes and tricks like crooked cartridge? Using glitches is simply trying to use whatever is within the rules of the game to your advantage. When you use a cheat device or outside alteration, then you're breaking the game's rules. As for cheat codes and debug codes, they differ from glitches in being intentionally programmed, so they are naturally outside the rules of the game as defined by the designers. " Outside alteration being messing with the cart/CD while not offering inputs via the controller. So personally, it's not legit. But, just because it isn't legit doesn't mean it wont be entertaining. The GT code for super metroid was deemed unlegit and I found it very entertaining (although probably a weird reference since it was just a debug code and not messing with the game outside of input) :p. I'd look forward to it if you decide to use it.
In this case, we're distinguishing between corrupting the memory through means of game pad input or through hardware manipulation. For the sake of a run that relies on the premise of corrupting the game's memory, loading a disc that further corrupts the game's memory and allows for fantastic results isn't doing anything to change the legitimacy of the run. It won't be published, but going all out on available glitch techniques only adds to the entertainment value of the run and would make the final product much more enjoyable. My opinion.
Post subject: midgar skip glitch: YouTube
Joined: 3/18/2006
Posts: 971
Location: Great Britain
Link to video watch the right video for the glitch (and the left video for a 'normal' run) watch on the youtube page or in full screen to read the RAM values details: http://antdgar.com/final-fantasy-vii/ff7-midgar-skip-glitch/ may save 10 minutes in a run that fights both boss battles
Joined: 9/2/2011
Posts: 21
Location: France
I'm not sure it has already been posted so this may be helpfull for some of you : http://q-gears.sourceforge.net/gears.pdf Tons of info, data values and precisely how display works. English is not my native language, it'll be more helpfull for you than me :)
Post subject: RNG solved, how to put into lua script to make predictions?
Joined: 3/18/2006
Posts: 971
Location: Great Britain
I learnt MIPS and disassembled the RNG used for critical hits in FF7. Here is how the randomness in critical hits is determined:
crit% = chance of critical       
crit% = (luck + level - enemy level) / 4

800f85f1 = enemy level
800f83f5 = luck
800f83e9 = level
##Random Function##

lw r3,0x00d4(r28)		# load word from 80062e18 = offset1
lui r2, 0x8006
addiu r2,r2,0x2e10		# 80062e10
addu r3,r3,r2			# 80062e10 + (word from 80062e18 as offset)
lbu r2,0x0(r3)			# load byte from 80062e10(offset1) = offset2
nop

addiu r4,r2,0x01		
andi r2,r2,0xff
sb r4,0x0(r3)			# increment by 1 and store

lui r1,0x8008
addu r1,r1,r2			# 80083084
lbu r2,0x3084(r1)		# load byte from 80083084(offset2) = rnd1
jr r31
nop

lw r3,0x0008(r28)		# load word from 80062d4c
nop

addiu r4,r3,0x01		# increment by 1

andi r3,r3,0x07			# AND 7 (check that value < 8)
sw r4,0x08(r28)			# store incremented value back to 8062d4c


beq r3,r0,0x14c18		# if crit% = 0 then no critical
addu r16,r2,r0			# move rnd1
jal 0x14b54
nop

lw r2,0xd4(r28)			# load word from 80062e18
nop
addiu r2,r2,0x01		# increment by 1
andi r2,r2,0x07			# AND with 7 (check that value < 8) = offset2
sw r2,0xd4(r28)			# store in 80026e18
jr r31
nop

jal 0x14b70
nop

lw r3,0xd4(r28)			# load word from 80062e18 = offset3
lui r2,0x8006
addiu r2,r2,0x2e10		
addu r3,r3,r2			
lbu r2,0x0(r3)			# load byte from 80062e10(offset3) = offset4
nop

addiu r4,r2,0x01		
andi r2,r2,0xff			
sb r4,0x0(r3)			# increment byte by 1 and store in 80062e11

lui r1,0x8008			
addu r1,r1,r2			
lbu r2,0x3084(r1)		# load byte from 80083084(offset4) = rnd2
jr r31
nop

andi r2,r2,0xff			
sll r2,r2,0x08			# rnd2 * 256
andi r3,r16,0xff		
or r2,r3,r2			# rnd1 OR rnd2 (combine rnd1 and rnd2) = rnd0
lw r31,0x14(r29)
lw r16,0x10(r29)
addiu r29,r29,0x18
jr r31
nop

lw r31,0x10(r29)
andi r2,r2,0xffff		# take 2 bytes of rnd0
jr r31
addiu r29,r29,0x18


## calculate crit_rnd for which to compare against crit% ##

lui r4,0x8000
ori r4,r4,0x8001		
andi r2,r2,0xffff		
sll r3,r2,0x01			## This section is actually simple, but compiler
addu r3,r3,r2			## optimised for MIPS
sll r2,r3,0x05			## Just: crit_rnd = ((rnd0 * 99) / 65535) + 1
addu r3,r3,r2			
mult r3,r4			
addu r2,r5,r3			
sra r2,r2,0x0f			
sra r3,r3,0x1f			
subu r2,r2,r3			
lw r31,0x10(r29)
addiu r2,r2,0x01		
jr r31
addiu r29,r29,0x0018		

slt r2,r16,r2			
bne r2,r0,0xb0888		# if crit% >= crit_rnd then critical hit success
nop
Unfortunately I don't know any high level languages. I'm sure this can be written in all of 10 lines in C :-P Anyway, I have no idea how to write a lua script that will calculate all of this (I'm only really familiar with assembly). I would appreciate if someone could help make this into a script so that I can know if a critical is possible on that frame. I will need this for when I start my 'glitchless' run, in order to optimize boss battles. I suppose more information may be needed for this script. In this case, what else is needed?
Post subject: Re: RNG solved, how to put into lua script to make predictions?
Joined: 3/4/2012
Posts: 74
antd wrote:
Unfortunately I don't know any high level languages. I'm sure this can be written in all of 10 lines in C :-P Anyway, I have no idea how to write a lua script that will calculate all of this (I'm only really familiar with assembly). I would appreciate if someone could help make this into a script so that I can know if a critical is possible on that frame. I will need this for when I start my 'glitchless' run, in order to optimize boss battles. I suppose more information may be needed for this script. In this case, what else is needed?
I'd be willing to give it a shot, but I'll won't have time to mess with it until late next week.
Post subject: Re: RNG solved, how to put into lua script to make predictions?
Joined: 3/18/2006
Posts: 971
Location: Great Britain
John11 wrote:
I'd be willing to give it a shot, but I'll won't have time to mess with it until late next week.
Any help is good help!
Lil_Gecko
He/Him
Player (98)
Joined: 4/7/2011
Posts: 520
I would love to help but this assembler thing is a mistery to me. What does that do exactly :
load byte from 80083084(offset2) = rnd1 
load byte from (83084 + offset2) ? also this part :
rnd1 OR rnd2 (combine rnd1 and rnd2) = rnd0
What's the operation between rnd1 and rnd2 ?
Warepire
He/Him
Editor
Joined: 3/2/2010
Posts: 2178
Location: A little to the left of nowhere (Sweden)
Lil_Gecko wrote:
also this part :
rnd1 OR rnd2 (combine rnd1 and rnd2) = rnd0
What's the operation between rnd1 and rnd2 ?
That's a bitwise OR: http://en.wikipedia.org/wiki/Bitwise_operation#OR To understand any of that, you may need to learn how to read binary numbers.
Post subject: Disasm comments
Joined: 3/18/2006
Posts: 971
Location: Great Britain
Lil_Gecko wrote:
I would love to help but this assembler thing is a mistery to me. What does that do exactly :
load byte from 80083084(offset2) = rnd1 
load byte from (83084 + offset2) ?
Yes, it loads the byte from 0x83084 + offset2.
also this part :
rnd1 OR rnd2 (combine rnd1 and rnd2) = rnd0
What's the operation between rnd1 and rnd2 ?
As Warepire says, it is the bitwise OR operation. In this scenario rnd2 is multiplied by 0x100 (256 in decimal). Then OR's the result with rnd1. It has the effect of combining them (as they are both one byte): (rnd1 = 0x10, rnd2 = 0x20) 1. rnd2 * 0x100: rnd2 = 0x2000 2. 0x10 OR 0x2000: rnd0 = 0x2010 I should probably fix those comments. They were only intended to be read by me :-p
Post subject: RNG critical hit psuedocode fragment
Joined: 3/18/2006
Posts: 971
Location: Great Britain
Here is a part of the RNG critical hit formula in C-like pseudocode. It may be easier to understand compared to my comments.
 // Get rnd1 //

{
  int rnd1;
  rnd1 = return byte_0x83084[byte_0x62e10[word_0x62e18]++];
}
It does the same for rnd2. But as you see in the disasm the actual values have changed by then. The addresses should be the same though.
Lil_Gecko
He/Him
Player (98)
Joined: 4/7/2011
Posts: 520
while true do
crit1=math.floor((memory.readbyte(0xf83f5)+memory.readbyte(0xf83e9)-memory.readbyte(0xF8589))/4);
crit2=math.floor((memory.readbyte(0xf845d)+memory.readbyte(0xf8451)-memory.readbyte(0xF8589))/4);
crit3=math.floor((memory.readbyte(0xf84c5)+memory.readbyte(0xf84b9)-memory.readbyte(0xF8589))/4);
rnd1 = memory.readbyte(0x83084+memory.readbyte(0x62e10+(memory.readbyte(0x62e18)+1)%8));
rnd2 = memory.readbyte(0x83084+memory.readbyte(0x62e10+(memory.readbyte(0x62e18)+2)%8));
rnd2=rnd2*256;
rnd0=rnd1+rnd2;
crit_rng=math.floor((rnd0*99)/65535)+1;
if crit1>=crit_rng then
gui.text(0,50,"Critical Hit from Character 1!");
else
gui.text(0,50,"");
end;
if crit2>=crit_rng then
gui.text(0,60,"Critical Hit from Character 2!");
else
gui.text(0,60,"");
end; 
if crit3>=crit_rng then
gui.text(0,70,"Critical Hit from Character 3!");
else
gui.text(0,70,"");
end;
gui.text(0,30,"Ennemy 1 crit% = "..crit1.." "..crit2.." "..crit3);
gui.text(0,40,"crit_rng = "..crit_rng);
emu.frameadvance();
end;
This script predicts when the RNG is in the right spot not when to attack. This should be done either 8 or 4 frames earlier. EDIT : Updated the script so it shows the Critical for each of the 3 characters. Also it only uses the ennemy 1 level to calculate the crit %. If there's more ennemies, you need to change the ennemy level address.
Joined: 6/24/2007
Posts: 119
there seems to be a TAS ? added cut + deathblower + powersoul from disc 2 maybe? http://www.nicovideo.jp/watch/sm18670648
Active player (279)
Joined: 4/30/2009
Posts: 791
I watched the first two parts of the nico TAS, and it does everything worse than antd did in his initial boss fights. There was a lot of waiting for crits rather than taking regular hits in the interim, a lot less crits, Guard Scorpion gets to raise his tail, and generally the approach was a lot slower and sub-optimal. Nice to see a finished TAS linked, although there's a lot of room for improvement.
Post subject: Yuffie Warp Glitch
Joined: 3/18/2006
Posts: 971
Location: Great Britain
Thanks Lil_Gecko, that script is great! I should be continuing work with the glitched run at some point; almost done with disc one. Link to video May as well put this here for investigatory purposes. PC version only though. Discovered by someone at SDA. I have not personally attempted this on the PSX. It allows the game to be completed in a few hours. Yuffie can be acquired earliest around Rocket Town. 1. Die in a battle 2. Load a save file and get Yuffie 3. After defeating Yuffie, the player will be warped to the boss/area in step 1.
Player (66)
Joined: 4/21/2011
Posts: 232
I think I'm missing context on the video. It looks like they activate a glitch that makes them have to fight the final bosses twice???
Joined: 6/19/2005
Posts: 180
Basically, he uses save file X to load a location/set of flags into the game's data. He uses that save, in this case, to load up the final sequence. The glitch requires that he dies, so he dies to JENOVA there. Next, he loads save file Y and goes and defeats Yuffie. The game glitches out and loads the location from save file X, which causes the game to freak out because it's doing stuff that it shouldn't be doing in disc 2. Interesting. If it works on console, awesome. I especially enjoy the fact that it just chops off the end cutscene and loads the credits.