1 2
10 11 12 13
Ambassador, Experienced player (710)
Joined: 7/17/2004
Posts: 985
Location: The FLOATING CASTLE
This is very cool! Could it be possible to execute multiple hacks by resetting and starting a new party? Or by changing your party's order and doing another loop? About various skips, Ice Cave skip would have some issues. Ice Cave is the best place to get the gold you need to buy the bottle. Plus it has the flame sword that ends up being the best equippable weapon for the normal TAS. Skipping orbs would be more valuable. If we can skip them all we just need to figure out how to beat the final dungeon. Earth Orb would probably be the biggest gain to skip since you could completely ignore Earth Cave. If the question is how to beat the final dungeon if we can go straight to it, white mages might be most useful. All the bosses have magic and so if they get muted there is a chance to do nothing. To get a quick kill we would need to grind quite a bit to get level 5 magic for BANE. It might be better to just do the Sky Palace and get the sky orb. As far as game flags, some other ideas: -There is a flag for learning Lefeinish. If we set that we can go to Sky Palace without visiting Sea Shrine. Still need the waterfall but that is easy. -We could go straight from ship to airship by combining airship flag with canal and Earth Orb or canoe. If I could only skip one thing I might pick Earth orb over air orb. Earth Cave is loooong. My first thoughts for four flags would be Earth Orb, Water Orb, Lefeinish, canoe. You could head straight to Ice Cave after getting the ship, then get the airship. Need to hit the waterfall and Lefein before entering Mirage Tower. Get bane sword and light the remaining orbs. Now final dungeon will be easy. A more direct approach would be to light all the orbs. Pick a fighter and three white mages. Head to the peninsula of power and grind on zombulls. Then use mute to beat the final dungeon. Black mages could get BANE but it would be tricky to grind them up efficiently. Fighting is slow. Edit: Yeah, definitely Earth Cave if it's just one skip. Looking through my run, that would save about 12 minutes. At first glance air orb might skip more but unfortunately it skips the most important weapon.
Player (80)
Joined: 8/5/2007
Posts: 865
I'm trying to figure out what options are available to us. Without the JMP or JSR commands, we're in a difficult spot. Using the character name directly to write values is impossible because there is no overlap between our character set and the RAM. We could potentially work around this using the registers themselves, though. Let's look at the register states after using welcotar's script up through command $310:
A:A2 X:10 Y:00 S:11 P:nvubdIZC
A's value comes from $310, which is
A:00 X:10 Y:00 S:11 P:nvubdIZC               $0310:01 00     ORA ($00,X) @ $B549 = #$A2
The values at $10 and $11 are set somewhere in the $C681 subroutine (lines $B173 and $B177 respectively). Since they are in the volatile zero page memory, we may ultimately be able to manipulate A's value, although that depends on whether or not subroutine $C681 is effectively deterministic. X's value is straightforward, coming from subroutine $D9EF, which loops 16 times. As long as $D9EF is called immediately prior to the corruption (which looks likely), we're stuck with that value. Y's value is also set by $D9EF, so if we're stuck with X=$10, we're just as well stuck with Y=$00 as far as I can tell. I'll ignore the stack pointer and flags because I think they're stuck with the values we see here. So how do we move forward? One powerful way would be manipulating the zero page memory at $10 and $11 to give us an arbitrary value for A, allowing us to jump anywhere in the $294 to $396 range, hopefully to RAM that we've written to take us somewhere yet more favorable. I'll leave that possibility as speculative. Assuming instead that we're stuck with $A2, $10, and $00 as our register values, our options are more limited. We can't execute outright arbitrary code and we have just a few tools to poke the RAM. We can store A, store X, store Y, or transfer X to the stack pointer and that's pretty much all. As far as addressing for the purpose of storing values, absolute is out of the question, since our character set points to the ROM, not the RAM. I may be wrong, but I also think that messing with the zero page memory is unlikely to do any good since it's so volatile regardless. That leaves us with indirect addressing. So without knowing what's in $80-$FF (which is easiest for us to access), that's where I'm stuck as of this morning. It looks like we either want to manipulate A's value or store A via indirect addressing. One final possibility would be to load a favorable value for X and then send that to the stack pointer, but I'm not sure how useful that would be. Perhaps there's a good spot to load to if we knock the stack pointer out of alignment. Edit: I looked a little deeper into the code to see if we can manipulate A. The short answer is apparently no, we can't. I ran TheAxeMan's published run to see if the values in addresses $D2 and $D3 ever change. Outside of battle, no, they're a constant value of $49 and $B5 (or $B549 in little endian, since they're actually an address pointer). The subroutine at $C681 features a loop that continues to execute until address $4D is equal to $D0. This subroutine loads $D2 and $D3 and transfers them to $10 and $11 and then A effectively loads the value there (at $B549). Since that's part of the ROM, we're stuck with A=$A2. I'll keep looking for new possibilities. Edit 2: Addresses $30A through $311 appear to be affected by entering (item?) shops. Those changes linger, so we might have an avenue there. Edit 3: Nope. Shops also override $312 through $315. I suppose if we're very lucky, whatever item or text is being loaded into $30A through $311 might correspond to useful opcodes.
Joined: 1/31/2015
Posts: 14
Bobo the King wrote:
    1) I'd very much like to see the disassembled ROM! PM me or post it publicly. 2) If you happen to know, what is stored in address range $294-$2D9? I'll research it myself in the meantime, but so far I'm stumped. 3) What happens if you climb the stairs, say, another 70 times? Since 256 and 7 are coprime, maybe we have some leeway as to where the stack corruption takes us. I'm not very good with assembly language and it's hard for me to interpret what you've written, so I'm exploring that very slowly. 4) The glitch actually sets the program counter to $30A and it eventually increments to $312. What is in the $30A-$311 range? In my latest test, the first three instructions were garbage ($80) but the instruction at $310 happened to be $01 00 corresponding to ORA ($00, X). If as many as 8 more bytes can be directly manipulated, I'm confident we can get arbitrary code execution to work.
    1) Replied off-list. Anyone else who is interested please PM me. 2) The $200 page mirrors the NES sprite OAM. There are lots of places where it is cleared and rebuilt, so in general I think that range will only be used when there are lots of NPCs as in the circle of sages. So sadly probably not controllable at any of the exploit points. 3) The easiest way to experiment with this is to set an execute breakpoint on RAM in fceux (say <$8000), walk up and down the stairs N times, try opening/closing the menu and see where you land. Apart from the $300 page, I've ended up in the spell list, but that's not much easier to control. 4) The $300 page is used as temporary storage space for the various menu programs in bank E. Each one uses it slightly differently. $01 is the starting class of the second player character (thief) in the party picker menu. Selecting that class is the easiest way to get safely past that instruction and make the shop program not crash; but I think anything that will make A 0-7 after the jump should work, and it should be possible to avoid the terrible thief.
Bobo the King wrote:
Edit: Here's a quick update to report on what I thought was a promising lead. I discovered that a flag at $62CA dictates whether the black orb is present in the Temple of Fiends. I cheated it to 0 (corresponding to it being gone) and the tile is not traversible. I suppose you really do need the four orbs shining to step forward through the altar. Oh well. Of the other skips we might reasonably execute, I'm wondering whether it would be better to get the early airship (it may depend where it shows up) or skip the air orb, which would also obsolete the Waterfall, Leffein, and parts of the Sea Shrine and the return to Melmond.
For a no-reset run, since we basically only get 1-2 instructions, I think we'd just pick whatever would save the most time. The airship starts out parked where it normally appears in the desert. Only bank E and F are likely accessible here, so it's not too huge a set of possibilities. Lots of the "OA*" labels in bank E are accessible (though note that the J addresses are slightly different.) For a save corruption route with resets, an interesting possibility would be to start the game normally, save at the inn, reset and start a new game with exploit code that jumps into the save game copy loop with a bogus value for the current index. We can do this repeatedly to tweak the save RAM on cart. That way it should be possible to do a lot more crazy stuff. I've put the player in the middle of the ocean that way as a proof of concept. ;-) I agree NA looks pretty hopeless but someone clever might work something out. Meanwhile J is definitely broken so I'll focus on that I think.
Joined: 1/31/2015
Posts: 14
TheAxeMan wrote:
This is very cool! Could it be possible to execute multiple hacks by resetting and starting a new party? Or by changing your party's order and doing another loop?
Just switching party order won't do it; the only time when the game writes the name to this page is in the party selector menu. But, yep, you can save, reset, enter a new second character name, reset, then load your save and execute a new hack. Assuming the RAM doesn't get flipped during the time when you reset, the game doesn't actually clear it. I've experimented a bit more with jumping into the save game loop, too. Since we only control 4 bytes, we're pretty limited in the values we can prepare for the A and X registers, so can't really manipulate much of interest in the save RAM. That'd work 100% on console but it seems like resetting is the best way to do it for now.
TheAxeMan wrote:
About various skips, Ice Cave skip would have some issues. Ice Cave is the best place to get the gold you need to buy the bottle. Plus it has the flame sword that ends up being the best equippable weapon for the normal TAS.
It turns out you can get as many xcalburs as you want by jumping into the give xcalbur routine, exiting the castle, then going back in for another trip. This might be interesting for gold and/or for arming a party of fighters/knights.
TheAxeMan wrote:
Skipping orbs would be more valuable. If we can skip them all we just need to figure out how to beat the final dungeon. Earth Orb would probably be the biggest gain to skip since you could completely ignore Earth Cave.
Sadly I still haven't been able to get any orbs.
TheAxeMan wrote:
If the question is how to beat the final dungeon if we can go straight to it, white mages might be most useful. All the bosses have magic and so if they get muted there is a chance to do nothing. To get a quick kill we would need to grind quite a bit to get level 5 magic for BANE. It might be better to just do the Sky Palace and get the sky orb. As far as game flags, some other ideas: -There is a flag for learning Lefeinish. If we set that we can go to Sky Palace without visiting Sea Shrine. Still need the waterfall but that is easy.
You can pretty easily get the chime, or short circuit the magic key trading quest.
TheAxeMan wrote:
-We could go straight from ship to airship by combining airship flag with canal and Earth Orb or canoe.
It should be possible to get airship + canoe, sure.
TheAxeMan wrote:
If I could only skip one thing I might pick Earth orb over air orb. Earth Cave is loooong. My first thoughts for four flags would be Earth Orb, Water Orb, Lefeinish, canoe. You could head straight to Ice Cave after getting the ship, then get the airship. Need to hit the waterfall and Lefein before entering Mirage Tower. Get bane sword and light the remaining orbs. Now final dungeon will be easy. A more direct approach would be to light all the orbs. Pick a fighter and three white mages. Head to the peninsula of power and grind on zombulls. Then use mute to beat the final dungeon. Black mages could get BANE but it would be tricky to grind them up efficiently. Fighting is slow. Edit: Yeah, definitely Earth Cave if it's just one skip. Looking through my run, that would save about 12 minutes. At first glance air orb might skip more but unfortunately it skips the most important weapon.
The reason orbs are tricky is that they are on the $ce00 page, and are given as a side-effect of walking onto an altar tile. There doesn't seem to be a way to get there directly given the character set, though I'm not 100% certain it's impossible yet. Something new I've been considering is whether it might be possible to break the mapper to return into the bank with the end credits code (bank #d) or another bank. I was investigating some more the effect of character classes on the hacks: fighter (00) causes BRK => nope thief (01) ok bb (02) causes STP => nope rm (03) Interesting Mapper Behavior => nope (if no reset) wm (04) ok bm (05) ok Interesting Mapper Behavior: With 2nd player == RM, we execute 03 00 which is a read-modify-write op to ($00,X) = $10 -> $B549 this causes two writes to $b549 with bit 7 = 0 the first has bit 0 = 1, the next has bit 0 = 1 mmc1 sreg = 01xxx pattern loading code tries to select bank #9, actually selects #5 mmc1 sreg = 01 (00101) then return selects bank #e, actually selects #9 mmc1 sreg = 01 (11001) so later when we bank switch to #e, we end up in #9 instead. So by partly reprogramming the mapper, we might be able to access some code in other banks. Kind of a long shot but it's something I hadn't considered before. I love this game, it's so full of bugs and somehow it still keeps going. :-)
Active player (436)
Joined: 9/27/2004
Posts: 650
Location: Canada
would using the FF I and II version provide different options?
Ambassador, Experienced player (710)
Joined: 7/17/2004
Posts: 985
Location: The FLOATING CASTLE
Very interesting. I wonder if there is some way to hack it to turn off random encounters. Another idea I had was triggering the ending by triggering the fight vs Chaos. If you make it so that Chaos comes up in a random fight it won't go to the credits afterwards. But if you hack Garland as an npc into Coneria and talk to him then it works. Only thing is there is a flag for the first two times you talk to him. Each time is actually a separate npc entry that disappears after talking. Then again, maybe you can just trigger the 'fight Chaos for the win' event. If this is possible then I think the fastest way to win would be to use the MUTE spell. The fight would be long but possibly still the fastest way to get to the credits.
Joined: 1/31/2015
Posts: 14
I managed to get the earth orb with save corruption!* It should be pretty trivial to extend the method to get all 4 orbs or whatever else. It feels like a credit warp may be in reach now, too, but I still haven't found it... The new trick is that you can set things up to execute two names as code, which gives enough breathing room to do more stuff. If you just set the last byte of P2 name to BCS or BCC, and set P4's class right, you can land in P4's name after P2's. So you can choose:
; p2 name:
LDA $abs  ; load pretty much any value from a 16-bit rom addr
BCS          ; next byte after name is +$15
; brief trip through lala land then we land in p4 name
; provided we choose p4 class 04
; p4 name:
TAX          ; index the desired byte of save state
JMP $ab90  ; jump into save loop
So for example, you can start the game normally and save to get a clean file. Then reset, and start a new game. Choose the names
ad 80 c3 b0
and
aa 4c 90 ab
to modify the save file to have the earth orb. You can then reset and do it again to get whatever else. Note though that you should work up from lower numbered inventory addresses, to avoid overwriting WRAM with the ROM values on subsequent saves. (*If we want to avoid save corruption, you can also just hide the NPCs for the fiends and have a walkathon---I tested hiding lich etc. Is it preferred to avoid save corruption? I'm not sure what all is allowed.)
Ambassador, Experienced player (710)
Joined: 7/17/2004
Posts: 985
Location: The FLOATING CASTLE
welcotar wrote:
Is it preferred to avoid save corruption?
Save corruption is quite acceptable. Especially when it lets you break things much more nicely. Usually save corruption is the any% and no save corruption becomes a separate category. So don't hold back, do whatever it takes to jump to the credits!
Active player (436)
Joined: 9/27/2004
Posts: 650
Location: Canada
So I guess you just corrupt in the 4 orbs and overwrite some stats to have a Stout Fellow in your party, and go directly to the ToFR? I like that. edit: could give a monk some huge level, that would give him good defense and attack with 1 code, yes? I'll just go ahead and post the notes I've got, even though it's pretty well all obsolete. Maybe there would be something useful for a no-reset or no save-corruption route: Character 2 Thief, name: 4c ae 95: class change 4c 84 b2: unlock airship 4c 56 93 : do canal explode event 4c 7e 93 : get xcalibr 4c 87 94 : unlock canoe 4c a6 95 : get chime 4c 8e 95 : get cube 4c 56 94 : get oxyale
Post subject: Re: orb get!
Active player (436)
Joined: 9/27/2004
Posts: 650
Location: Canada
welcotar wrote:
So for example, you can start the game normally and save to get a clean file. Then reset, and start a new game. Choose the names
ad 80 c3 b0
and
aa 4c 90 ab
to modify the save file to have the earth orb. You can then reset and do it again to get whatever else. Note though that you should work up from lower numbered inventory addresses, to avoid overwriting WRAM with the ROM values on subsequent saves.
it looks like the following names in this order should give all orbs, the values should always be correct when you enter the menu: top left:
ad 7e 72 b0
aa 4c 90 ab
top right:
ad 9a 71 b0
aa 4c 90 ab
bottom left:
ad 4d 71 b0
aa 4c 90 ab
bottom right:
ad 80 c3 b0
aa 4c 90 ab
this does indeed allow access to the ToFR right after beating garland. for some reason, i can't get at character stats though, i think i'm doing something wrong there.
Active player (436)
Joined: 9/27/2004
Posts: 650
Location: Canada
fun fact: you need the Mystic Key for ToFR
Post subject: re: mystic key
Joined: 1/31/2015
Posts: 14
Haha, I forgot about that---there are two types of door tiles, mk and non-mk, and from a certain point maps use mk doors. On my end I've been looking for a credit warp or faster warp to chaos still. Nothing has panned out yet. Some ideas - The msb of the return address on the stack is already #c9, which is the page with the end credits jsr. If we could just set $112 to the correct low byte and get to an rts, we'd be set. Or we could txs and then rti. I'm just a little over budget on instructions for doing this, though, and haven't been able to get more. - Write the credit warp code one byte at a time into non-volatile ram, then somehow jump into it. This is tricky because not a lot of non-clobbered ram is in range. Setting both the index and the data in the couple instructions we get is hard. And then jumping into that RAM is an unsolved problem. - Instead of getting all the orbs, we could make the map loading code return us to a floor in tofr, perhaps using warp or something. Might be faster.
Active player (436)
Joined: 9/27/2004
Posts: 650
Location: Canada
using this name
4c 91 99
will jump to something related to switching the party order and fill a bunch of stats and weapon/armor slots with garbage, mostly 0's. would it be possible to use a 2 line name, similar to the way you can edit the saves, to fill the stats with some other nonzero garbage?
Ambassador, Experienced player (710)
Joined: 7/17/2004
Posts: 985
Location: The FLOATING CASTLE
Which stats can you alter? Most of them are worthless. What you really need is an instant kill ability. Either the Bane sword or instakill spells like BANE or RUB with MP to use them. Hacked level or experience on a black mage could work, just need to reach Melmond for BANE.
Joined: 1/31/2015
Posts: 14
Inzult wrote:
using this name
4c 91 99
will jump to something related to switching the party order and fill a bunch of stats and weapon/armor slots with garbage, mostly 0's. would it be possible to use a 2 line name, similar to the way you can edit the saves, to fill the stats with some other nonzero garbage?
That address puts you in the party reorder menu without loading the patterns or setting up the temporary ram for it (you can use the normal buttons to move garbage sprites around). When you push B to exit, it copies stats to $6c00-6dff then copies back the character at offset $301 to base+#$0, $309 to base+#$40, $311 to base+#80 and $319 to base+#c0. Those $3xx offsets should be 0,40,80,c0 in some order but are not set here, so it copies junk. Haven't been able to put that to use, though. You might be able to get it to copy ffs or something by turning off cartridge ram in the mapper. Jumping into menus is a cool idea, though. You can also run the party name menu, so could potentially input more instructions that way without resetting. But it crashes after entering the P1 name due to the same stack corruption bug we're exploiting, so you need to fix S, land somewhere safe, branch and then jump... not much room left. Another thing I'll look into this weekend sometime is jumping to the warp proc. 9a 4c 56 af just happens to work (and warps you to the current floor). But we might be able to manipulate the stack bytes it's touching to warp to some other floor.
Joined: 1/31/2015
Posts: 14
TheAxeMan wrote:
Which stats can you alter? Most of them are worthless. What you really need is an instant kill ability. Either the Bane sword or instakill spells like BANE or RUB with MP to use them. Hacked level or experience on a black mage could work, just need to reach Melmond for BANE.
It's easy to learn BANE (which is called クラウダ in J). To teach the first player, use
a8 a5 4c b0 / a8 4c b9 a3
To get MP to cast it, you can just corrupt the save like for the orbs, e.g.
ae 56 c2 b0 / a8 4c a2 ab
This sets num L5 casts to 7 (which is at $6300 + char offset (use 0 for first slot) + #24). It doesn't really have to be a mage. You might also need to set offset #2c to also set max casts, I'm too sleepy to test it right now.[/code]
Former player
Joined: 2/15/2015
Posts: 12
I've been doing glitched runs this week and got it down to a 59 minute RTA today. I think a TAS with the same approach would be less than 40 minutes. I do some slow safety strats for RTA that are unnecessary with minor manipulation. The fastest method I've found for killing things is to corrupt the level of your party leader and trigger all enemies to flee. ad56a3b0/aa4c8593 sets the level of the second character to 102 (effectively 103 for morale calculations) which guarantees everything but bosses who have about a 2/3rds chance to run. Should be easy to manipulate without costing much time. I'd like to make it higher but loading accumulator values over $7F sets the N flag which leads to a crash down the line. If you need xp, ad8c8db0/aa4c8593 gives the first player 589824 xp which takes them to level 37 after enough battles. Same principle works to give the second player max experience but conflicts with the level code. You could reorder party between glitches if you wanted a high effective level party member and an actual level 50 party member for some reason. If you just need a small amount of xp, aa4caeb3 gives 1792 xp to the first player with a single code. If you need money, 4ca9a6 will underflow your gil if called with less than 19 gil to start with. It's basically jumping into a purchase after the money check is already supposed to have been done. Fairly quick to setup given the starting amount and another single code. I haven't found a way to skip or directly acquire the Key yet. Closest I've got is to use 4caf93 to get the medicine and take that to Elfland. Would save quite a bit of time to avoid that trip. Here's the basic route I have in mind: - Glitch 4 orbs. ad7e72b0/aa4c90ab ad9a71b0/aa4c90ab ad4d71b0/aa4c90ab ad80c3b0/aa4c90ab - Glitch medicine. 4caf93 - Glitch level of second character. ad56a3b0/aa4c8593 - Move second character to party lead. - Walk to ToF and trigger Garland fleeing. Warp back and get the lute and bridge. - Walk to Pravoka and trigger pirates fleeing. Get the boat. - Sail to Elfland and get the Key. - Sail home and walk to ToF. - Walk through ToF triggering all bosses to flee. As much as possible you want to manipulate enemies to surprise you and bosses/unrunnable encounters to go first in the turn order. If you can kill off your other party members without losing time, that might turn a profit with a reduced number of commands to input.
Active player (436)
Joined: 9/27/2004
Posts: 650
Location: Canada
Gyre wrote:
I haven't found a way to skip or directly acquire the Key yet. Closest I've got is to use 4caf93 to get the medicine and take that to Elfland.
for what it's worth, that was also the best solution I came up for with the key. i like the clvl to make enemies run idea though. very clever!
Joined: 1/31/2015
Posts: 14
Gyre wrote:
I've been doing glitched runs this week and got it down to a 59 minute RTA today. I think a TAS with the same approach would be less than 40 minutes. I do some slow safety strats for RTA that are unnecessary with minor manipulation.
Cool, exciting to see some RTA strats. :-) The fear/run thing is hilarious.
Gyre wrote:
I haven't found a way to skip or directly acquire the Key yet. Closest I've got is to use 4caf93 to get the medicine and take that to Elfland. Would save quite a bit of time to avoid that trip.
Oh, the key (しんぴのかぎ) is just inventory, so you can get it just like an orb by glitching it into your save file, with e.g. ae74c2b0/a84c90ab.
Gyre wrote:
Here's the basic route I have in mind: - Glitch 4 orbs. ad7e72b0/aa4c90ab ad9a71b0/aa4c90ab ad4d71b0/aa4c90ab ad80c3b0/aa4c90ab - Glitch medicine. 4caf93 - Glitch level of second character. ad56a3b0/aa4c8593 - Move second character to party lead. - Walk to ToF and trigger Garland fleeing. Warp back and get the lute and bridge. - Walk to Pravoka and trigger pirates fleeing. Get the boat. - Sail to Elfland and get the Key. - Sail home and walk to ToF. - Walk through ToF triggering all bosses to flee. As much as possible you want to manipulate enemies to surprise you and bosses/unrunnable encounters to go first in the turn order. If you can kill off your other party members without losing time, that might turn a profit with a reduced number of commands to input.
This sounds pretty good. I still have only been able to wrong warp to the current floor, but am hoping to find a warp into tofr to avoid some of the walking. Credit warp is going to be really hard but I still think there's a chance with so much control.
Ambassador, Experienced player (710)
Joined: 7/17/2004
Posts: 985
Location: The FLOATING CASTLE
I watched the RTA, it's very clever. The level hack is a great idea for handling fights. You could get a little faster by having your guys try to run from unrunnable fights instead of fighting back. It also might be possible to shave off a random battle or two. Hmm, I'll start thinking about how to optimize the luck manipulation. It might be a little faster to do the running yourself instead of letting the enemies run. That will decide whether or not to use a thief or other character as the lead. You could manipulate some ambushes too, but not repeatedly because there would be no way to manipulate the next fight. Manipulating smaller enemy groups would also save more time if they run. It doesn't look like there would be a good spot to get your guys to die. Might be faster to have them live. You could fight Garland before the level hack, but that seems slow. Perhaps if the first fight in TOFR is runnable you could go there with the hacked char still second, let the enemies kill everyone off before running. Then you don't have to hit select to reorder. Otherwise maybe Lich could use physical attacks before running. Could you execute one of the glitches after Garland? So you would pick new game, set up the hack and then load your actual party to do memory corruption and go to Garland. After getting lute you do the stairs 70 times. Should be a small savings if it works.
Joined: 1/31/2015
Posts: 14
Gyre wrote:
ad56a3b0/aa4c8593 sets the level of the second character to 102 (effectively 103 for morale calculations) which guarantees everything but bosses who have about a 2/3rds chance to run. Should be easy to manipulate without costing much time. I'd like to make it higher but loading accumulator values over $7F sets the N flag which leads to a crash down the line.
a2a698b0/8a4c8593 will set the third character's level to 166 (just need an extra op in there to clear the N flag). Edit: Oh, sorry, that won't help you, because the morale calculation wraps and 2*166 mod 256 == 76. I'll see if we can bump it up more, though.[/b]
Post subject: credit warp!
Joined: 1/31/2015
Posts: 14
Ok, after a very long day I've got a credit warp together. Interestingly though I'm not sure if it'll be faster than Gyre's RTA strats. I've checked all the steps but haven't optimized it. 1. New game, buy some heals and save at inn so you have 10G left. 2. Use 4ca9a6 to underflow gold. 3. Buy up to exactly 58 heals.* 4. Get yourself to a house shop and buy exactly 76 houses.* 5. Underflow your pure potion count to 255 using a2719ab0/984c5ab3. 6. Go fight some imps and have all your characters drink ineffectually until you have exactly 201 pures.* 7. Run 4c59a6. * I did this using a hex editor after I verified the method worked. Not sure how long it actually takes. The key insight was that the bytes at a659 happen to be JSR $6038, even though the program there groups the bytes differently. That's the house, heal and pure potion count which we control. So we can write a little program to jump to the credits roll with the potion count, then jump to the JSR to it.
Active player (436)
Joined: 9/27/2004
Posts: 650
Location: Canada
I don't know how long that credits warp route would take, but I completed an RTA with this route: - Make a Fresh Save. Inn in bottom right town. Reset. - key + 4 orbs ae74c2b0 / a84c90ab ad7e72b0 / aa4c90ab ad9a71b0 / aa4c90ab ad4d71b0 / aa4c90ab ad80c3b0 / aa4c90ab -level 103 ad56a3b0 / aa4c8593 ~22 minutes for this^ - put thief in slot 1, walk to garland, he runs - get lute - walk to tofr - try not to die The time was 32:07, but with the luck manipulation, possible fight skips with better pathing, and perfect menuing, I'd imagine you're looking at sub 30.
Post subject: Re: credit warp!
Former player
Joined: 2/15/2015
Posts: 12
welcotar wrote:
1. New game, buy some heals and save at inn so you have 10G left. 2. Use 4ca9a6 to underflow gold. 3. Buy up to exactly 58 heals.* 4. Get yourself to a house shop and buy exactly 76 houses.* 5. Underflow your pure potion count to 255 using a2719ab0/984c5ab3. 6. Go fight some imps and have all your characters drink ineffectually until you have exactly 201 pures.* 7. Run 4c59a6.
Quick optimization here is that you only need 57 heals and 32 houses to trigger the credits. Should save about a minute and a half of shopping. I think this is faster than the scare the boss route, but it's amusingly close given how different the approaches are.
Ambassador, Experienced player (710)
Joined: 7/17/2004
Posts: 985
Location: The FLOATING CASTLE
Very interesting. I can think of a few tweaks for each of those potential routes. I assume that buying houses means you would, playing almost normally from the start, beat Garland and the pirates and then sail to Elfland where the item shop has houses. So if you glitch pure potions first you can use them along the way. Definitely during the Garland fight too. Even with all the shopping I would guess this ends up faster too. Surely we have to optimize the other route too as a pacifist run. :)
1 2
10 11 12 13