Jigwally
He/Him
Active player (428)
Joined: 3/11/2012
Posts: 119
Hi, I've been trying to do thorough disassembly of this game and though I'd like to do a "normal" TAS at some point I think I've discovered the basis for a save corruption ending warp. I know that there isn't the capacity for mid-frame resets in NES TASes yet but I want to work it out now for when there is. The 2-byte checksum at the end of save data is the sum of every byte transferred to the save (this sums to more than 2 bytes so it rolls over multiple times). Then when it loads the game it sums all the bytes again and only loads the file if the value matches. So if you try to overwrite one save file with another and reset halfway through the file will be corrupt and won't load. However, if you were to reset at a moment where all the bytes in the half-overwritten save file add up to the saved checksum, you should be left with a file that loads properly. The usefulness of this is that I can potentially access vital game addresses and edit them directly in order to trigger the ending. I do this by creating a glitched officer. The first two bytes of every officer's data section is the address of the next officer in whatever list that officer is in. If there is an officer data stored there, and I overwrite a single byte of it with another officer's address, the end result will be that I get a new address. For example: If the officer next in the list is St.Cyr (22 61) and I reset right after I've overwritten the first bit with that of Victor (6E 60), I will get a new officer with base address 0x616E. Normally the addresses 0x616E and 0x616F are used for the high byte of Bessieres' next officer and the 1-byte ID for his nation. But when assembling a list of officers the game will take these two values as the address of the next officer in the list. So let's say these fields contain 0x61 and 0x00. The game will use the data from 0x61-0x6F to create a new officer. It will continue filling the list like this until it lands on a 2-byte value equal to zero (final officer in list) or crashes, sometimes because it's stuck in an infinite loop (if you get linked back to an officer already in the list for example) So somehow I have to use this capacity to create a glitch officer that, through this daisy-chaining, links to an address that is useful for me to modify. The stat I'm looking for specifically is 0x6FEB. When this is set to 3, the game advances to the ending. So how I might do it: 1) Create a saved game 2) Overwrite that saved game with another, creating a glitched officer address. 3) Overwrite that saved game with yet ANOTHER in order to fix the checksum (making sure that the next reset happens before your previous change is overwritten). 4) SOMEHOW from the above method & daisy-chaining address, create a link to an officer in Napoleon's city with base address 0x7070. This is the address for the gold in France's treasury. 5) Make sure that this amount is 28645 (0x6FE5). Now the next officer in the list will have base address 0x6FE5. 6) On your next city turn, choose "Rest" to end the turn, but use luck manipulation to have a Ball occur. This is a random event that boosts the Loyalty, Morale and Experience for each officer in your city by a random amount. Specifically, have the new officer gain the maximum of three experience. Each officer's experience address is an offset of 6 from their base address. So by increasing this by 3 you set address 0x6FEB to 3. 7) The game will now advance to the ending. Alternate: 5) Set amount to 28640 (0x6FE0). 6) Give glitched officer 3 cannons.
Alyosha
He/Him
Editor, Emulator Coder, Expert player (3828)
Joined: 11/30/2014
Posts: 2834
Location: US
There is subframe resets now in BizHawk: http://tasvideos.org/forum/viewtopic.php?p=480249#480249 Fortunate timing.
Jigwally
He/Him
Active player (428)
Joined: 3/11/2012
Posts: 119
DUDE FRICK YES
Jigwally
He/Him
Active player (428)
Joined: 3/11/2012
Posts: 119
I changed my strat slightly. Instead of pointing to France's gold, I point to $9C/$9D (Controller 1&2 input values) so by entering in the correct input I can manipulate any RAM value I want. First very unoptimized TAS: https://www.youtube.com/watch?v=2O8BoTzMsBg Didn't bother doing any RNG manip to avoid all the lengthy AI stuff + I spent more months than necessary getting the checksum just right.
Alyosha
He/Him
Editor, Emulator Coder, Expert player (3828)
Joined: 11/30/2014
Posts: 2834
Location: US
Cool! glad it works! Out of curiousity, how long would a normal TAS be without save corruption.
Jigwally
He/Him
Active player (428)
Joined: 3/11/2012
Posts: 119
Not sure. There are a lot of things you can potentially do with RNG manipulation, like successfully making unfair trades, having disasters happen in enemy cities, having enemy officers die of old age on the earliest possible year, getting officers to defect to your side, or baiting other cities into attacking you then capturing all their officers in the process. The main strat would be getting your AI commanders to do all the battles on their own so they're all won automatically without ever having to perform any hex battles. Scenario 3 would probably be the best to win with as well, because even though you start with slightly more cities in Scenario 4 the player gains control of Napoleon's relatives which just costs you more time when you'd rather be using them for AI attacking. England's total sea control is an issue but there's a tactic you can do where you let them capture your coastal city then immediately recapture it, which costs them a lot of ships. Basically, AI commanders will NEVER attack by sea unless they have sea control. So it's possible that you could work the RNG in your favor to sail to England, avoid Nelson, and capture one of their cities. And taking out England as soon as possible would be a great advantage. But you would have to be the one to initiate it and would have to manually go through the hex battle. It's very hard though, there are so many possible things to consider each turn and the RNG is very difficult to predict. I was trying to work out all the exact calculations pertaining to battle so that I could find the thresholds for certain events, like the most power your city can have and still get attacked. But there are a ton of functions and I've only worked out a portion of the code.
Jigwally
He/Him
Active player (428)
Joined: 3/11/2012
Posts: 119
New route using Scenario 4. Most of the runtime is me trying to adjust for the right checksum value after the main setup is completed. https://www.youtube.com/watch?v=mnf4gWkpKtM&feature=youtu.be