Skilled player (1040)
Joined: 7/24/2013
Posts: 175
I did a quick search in the disassembly (which btw you can do too, it's available at https://github.com/iimarckus/pokered). The linked site is correct. The badge boosts function is at 0x3ee19, and what it does is using every other badge (the 1st,3rd,5th,7th) to increase the stats in order (that is ATK, DEF, SPD, SPC), which results in the stated listing. The second statement on the other hand is not correct. The move effect of lowering a stat (function at 0x3f54c) triggers no general stat re-evaluation, but calls 0x3ee19 (the badge boost function) directly at 0x3f63e (call nz, 6e19). Also, this is only done if it's the opponent's turn, that means using your stat-lowering moves won't do anything. The same goes for raising a stat (function at 0x3f428), which covers both moves and X-Items and is only triggered when it's your own turn (at 0x3f511).
Joined: 12/29/2007
Posts: 489
Was taking a look at some real time Pokemon speedruns recently and noticed this: http://wiki.pokemonspeedruns.com/index.php/Pok%C3%A9mon_Red/Blue/151_Pok%C3%A9mon The current real-time record is about 3:29, only 9 minutes short of the current TAS record. This was done using the help of several glitches which were undiscovered at the time, such as item underflow and the CoolTrainer move. This makes me believe that the current TAS record could be massively improved using these new glitches. Admittedly the boundary between what glitches are allowed and aren't allowed is a bit arbitrarily chosen, although it can be fairly well-defined ("Pokedex 'caught' flags must be set by the game and not corrupted; also no arbitrary code execution"). Given that this site's "completion" requirements are generally defined by the speedrun community (e.g. the Silver run must beat Red and not just the Pokemon League), and arguing that said Silver run's goals are slightly arbitrary anyway (in that you have to see Red in Mt. Silver and talk to him rather than just run the credits routine), would anyone seriously consider attempting an improvement to the "Gotta Catch 'Em All" TAS?
Joined: 9/15/2013
Posts: 154
Doesn't anything that happens as a result of the item underflow glitch or CoolTrainer result because arbitrary code is being executed?
Joined: 12/29/2007
Posts: 489
Neither of those force the PC (program counter) to jump to a location like the save data/party data/controller input that can be freely handled by the player; item underflow in particular doesn't move the PC at all. So they aren't arbitrary code execution.
Joined: 7/29/2011
Posts: 61
How do you do that? Is there a guide online somewhere?
Skilled player (1741)
Joined: 9/17/2009
Posts: 4981
Location: ̶C̶a̶n̶a̶d̶a̶ "Kanatah"
Skilled player (1040)
Joined: 7/24/2013
Posts: 175
I did some research on the 151 category in the past few weeks, and it seems the category is indeed still well-defined and reasonable. What I mean by that is that it's not broken to a point where there's a single trick you can use to catch every Pokémon with easily, which would create a fast but incredibly monotonous run. This is excluding arbitrary code execution of course, which by definition allows you to do literally anything. Using new strats and glitches will result in a huge improvement over the current run, saving 1 hour or more is quite possible I think. I started working on a new possible route, and it seems to work out nicely, so I'll be doing a new run of the 151 category (I actually found myself somewhat in the middle of it already, so I might as well finish it before someone breaks the category for good with some new discovery). Don't hold your breath for it yet, though, there's still a lot of work to do, but the chances are good that I will get to finish it in the coming month or so. As a teaser: There will also be a new trick used in the run to catch some of the otherwise unobtainable Pokémon in a faster way, but I won't spoil it yet, you can read all about it in the new run's submission text in a couple of weeks ;)
Fortranm
He/Him
Editor, Experienced player (878)
Joined: 10/19/2013
Posts: 1121
Which version are you using? Red might be a good choice because all four versions of Gen I will thus have a corresponding run.
Skilled player (1040)
Joined: 7/24/2013
Posts: 175
I'm infact planning on using Red, since Blue's version exclusives seem a little easier to get in Red than vice versa. Both versions are surprisingly close, though, I'm still not entirely sure which version is the faster one overall.
Joined: 9/15/2013
Posts: 154
Zowayix wrote:
Neither of those force the PC (program counter) to jump to a location like the save data/party data/controller input that can be freely handled by the player; item underflow in particular doesn't move the PC at all. So they aren't arbitrary code execution.
Not entirely true. https://www.youtube.com/watch?v=ry72jYferEo https://www.youtube.com/watch?v=3UnB1fomvAw Somewhat related: https://www.youtube.com/watch?v=D3EvpRHL_vk Regardless, 151 runs shouldn't use CoolTrainer/item underflow (our Pokemon Red/Blue "game end glitch" run already does that) or ACE/save corruption (both Yellow runs use these). Looking forward to the 151 run! I enjoy watching Pokemon speedruns a lot, especially if it features newly-discovered glitches!
Skilled player (1040)
Joined: 7/24/2013
Posts: 175
Dyshonest wrote:
Regardless, 151 runs shouldn't use CoolTrainer/item underflow (our Pokemon Red/Blue "game end glitch" run already does that) or ACE/save corruption (both Yellow runs use these).
Just to be clear here, I plan to use both the CoolTrainer and the item underflow glitch. While both of them can be used to trigger arbitrary code execution (ACE) (like my Blue any% run shows for CoolTrainer), they aren't inherently based on ACE, that means you can use them for useful stuff without triggering any ACE, and we do know the inner workings of the glitches well enough to distinguish. Otherwise there would be no line where to stop (e.g. you can trigger ACE even using a simple Trainer-Fly. Does that mean you need to forbid them as well?), and you would end up with an awfully defined pseudo-glitchless category. That means that there are exactly two things that are explicitly forbidden: - any form of ACE (more specifically, executing any line of assembly that you can influence the value of) - Manipulating the Pokédex caught entries by other than the intended means (i.e. catching, trading, gifts, prizes, evolutions). That means no tricking the game into generating Dex entries without actually obtaining them. Everything else may be used. The run is considered completed when Oak admires your 151 Pokédex count in the Hall of Fame and the credits roll. I spent a good amount of time making sure that these rules are still creating a sound category, i.e. not allowing to break the game to a point where the task is trivial. All available glitches are limited in some way and there is no single best way of catching Pokémon offered by any of them. Maybe I overlooked a glitch that trivializes the game, if anyone know one please point it out, I can spare myself from spending my time on a non-category then.
Skilled player (1741)
Joined: 9/17/2009
Posts: 4981
Location: ̶C̶a̶n̶a̶d̶a̶ "Kanatah"
Dyshonest wrote:
Regardless, 151 runs shouldn't use CoolTrainer/item underflow (our Pokemon Red/Blue "game end glitch" run already does that) or ACE/save corruption (both Yellow runs use these). Looking forward to the 151 run! I enjoy watching Pokemon speedruns a lot, especially if it features newly-discovered glitches!
Uh....save corruption isn't the same as ACE. On another note, how does trainer-fly manage to get that glitched? :o Infact, how many methods are known for the english releases that allow ACE?
Skilled player (1040)
Joined: 7/24/2013
Posts: 175
jlun2 wrote:
On another note, how does trainer-fly manage to get that glitched? :o
The ID of the text box displayed before the Trainer-Fly fight is stored and can be manipulated by various actions like talking to NPCs. If you set it to an ID which doesn't exist in the Trainer-Fly map, you can get the text pointer into ram. Texts have the awesome feature of inline assembler (byte 0x8) which lets the game execute everything after it. Hard to set up, but probably the fastest ACE in the game (without save corruption).
jlun2 wrote:
Infact, how many methods are known for the english releases that allow ACE?
Erm... all of them. Probably every glitch powerful enough to be useful can also be extended to ACE in this game.
ALAKTORN
He/Him
Former player
Joined: 10/19/2009
Posts: 2527
Location: Italy
http://www.youtube.com/watch?v=qyag0q2n_CY&t=3m2s this needs to be in the TAS, pls (directional input at the same time as A to talk to a trainer, Red turns around but the trainer still catches you) cool entertainment trick if used appropriately, you could have them talking to your back
Chamale
He/Him
Player (182)
Joined: 10/20/2006
Posts: 1355
Location: Canada
MrWint wrote:
jlun2 wrote:
On another note, how does trainer-fly manage to get that glitched? :o
The ID of the text box displayed before the Trainer-Fly fight is stored and can be manipulated by various actions like talking to NPCs. If you set it to an ID which doesn't exist in the Trainer-Fly map, you can get the text pointer into ram. Texts have the awesome feature of inline assembler (byte 0x8) which lets the game execute everything after it. Hard to set up, but probably the fastest ACE in the game (without save corruption).
Do we know any more about setting that up, by the way? I know I made a run that causes a crash in Viridian Forest when it starts reading some invalid text, but I don't know where the pointer ends up in that RAM or whether it can be manipulated.
Joined: 9/15/2013
Posts: 154
Uh....save corruption isn't the same as ACE.
What happens afterward though, is ACE, and doesn't necessarily need save corruption, it just makes it faster obviously as it's quicker to use save corruption than item underflow. One can argue that the stuff that happens with item underflow isn't ACE, but CoolTrainer? No, that's definitely ACE. Executing arbitrary things in the RAM as "valid" code. i.e.: Executing box names and their contents as code which translates to "warp to the Hall of Fame". I can really only see two uses for these, and I think both of them break your rules for it...? - to get an absurdly strong glitch Pokemon to powerhouse through everything or - to trigger something like this (fast-foward to about 13:10), a catch-anything program.
The ID of the text box displayed before the Trainer-Fly fight is stored and can be manipulated by various actions like talking to NPCs. If you set it to an ID which doesn't exist in the Trainer-Fly map, you can get the text pointer into ram. Texts have the awesome feature of inline assembler (byte 0x8) which lets the game execute everything after it. Hard to set up, but probably the fastest ACE in the game (without save corruption).
I remember when the Viridan City crash was posted, but what ACE potential does it actually have? Has anyone got it to do anything useful?
Skilled player (1040)
Joined: 7/24/2013
Posts: 175
Chamale wrote:
MrWint wrote:
jlun2 wrote:
On another note, how does trainer-fly manage to get that glitched? :o
The ID of the text box displayed before the Trainer-Fly fight is stored and can be manipulated by various actions like talking to NPCs. If you set it to an ID which doesn't exist in the Trainer-Fly map, you can get the text pointer into ram. Texts have the awesome feature of inline assembler (byte 0x8) which lets the game execute everything after it. Hard to set up, but probably the fastest ACE in the game (without save corruption).
Do we know any more about setting that up, by the way? I know I made a run that causes a crash in Viridian Forest when it starts reading some invalid text, but I don't know where the pointer ends up in that RAM or whether it can be manipulated.
I have not yet seen or done a concrete example of this doing something useful, but I have executed parts of RAM with it during some testing I did some time ago. I made a list of destination addresses for different text IDs in Viridian forest (this map is especially interesting for the any% category), there are a few useful ones (e.g. ID 0x10, 0x16 and 0x1c jump to 0xd7f3), setting the RAM up to do useful things for you is the hard part, especially early in the game. That's why it is of limited use in the any% category as of now, but it's definitely possible to do.
Dyshonest wrote:
Uh....save corruption isn't the same as ACE.
What happens afterward though, is ACE, and doesn't necessarily need save corruption, it just makes it faster obviously as it's quicker to use save corruption than item underflow.
That's exactly the point. All runs you have seen (especially for any%) use the glitches to trigger ACE. But you don't have to, they can be useful even if you don't.
Dyshonest wrote:
One can argue that the stuff that happens with item underflow isn't ACE, but CoolTrainer? No, that's definitely ACE. Executing arbitrary things in the RAM as "valid" code.
Again (assuming you are referring to the use of the transform glitch in my any% run), ACE is only one application of the transform glitch. It's the one you may have seen almost exclusively until now, since this is what you want to do when you do any% or break the game completely. There are more subtle way to use it, which don't involve ACE. I admit it's a bit counter-intuitive, but the trick is not to use the glitch to its fullest (ACE is far too powerful for anything else than any%), but to control it and let it do something useful in a more conventional way. If you ban everything that can be used for ACE, there won't be much game for you left to play.
ALAKTORN
He/Him
Former player
Joined: 10/19/2009
Posts: 2527
Location: Italy
MrWint wrote:
If you ban everything that can be used for ACE, there won't be much game for you left to play.
…don’t you mean the exact opposite? if you ban all glitches, you’ll only be left with how the game was meant to be played, lol
Skilled player (1040)
Joined: 7/24/2013
Posts: 175
ALAKTORN wrote:
MrWint wrote:
If you ban everything that can be used for ACE, there won't be much game for you left to play.
…don’t you mean the exact opposite? if you ban all glitches, you’ll only be left with how the game was meant to be played, lol
Sure, if you call that a game... :P
Joined: 9/15/2013
Posts: 154
I have not yet seen or done a concrete example of this doing something useful, but I have executed parts of RAM with it during some testing I did some time ago. I made a list of destination addresses for different text IDs in Viridian forest (this map is especially interesting for the any% category), there are a few useful ones (e.g. ID 0x10, 0x16 and 0x1c jump to 0xd7f3), setting the RAM up to do useful things for you is the hard part, especially early in the game. That's why it is of limited use in the any% category as of now, but it's definitely possible to do.
I wonder how far into the game you have to get for it to jump to useful bits of RAM?
That's exactly the point. All runs you have seen (especially for any%) use the glitches to trigger ACE. But you don't have to, they can be useful even if you don't.
To what extent are you using them that has nothing to do with ACE though? Making sprites disappear? Making a walk-through-walls item? I'm just a bit confused here as to how those glitches are useful outside of ACE potential considering 90% of the time they fry the save file or just crash the game.
I admit it's a bit counter-intuitive, but the trick is not to use the glitch to its fullest (ACE is far too powerful for anything else than any%), but to control it and let it do something useful in a more conventional way. If you ban everything that can be used for ACE, there won't be much game for you left to play.
I'll be looking forward to seeing it. The only other use I could think of is an "encounter anything" script similar to the one I linked to above in the video, which I guess might be faster than repetitively doing the Trainer Fly/Mew Glitch to get Pokemon? Though again, that's still ACE (assuming you're using item underflow and there's not some hidden thing to CoolTrainer that also triggers odd encounters). Then again I fell massively out of loop a few years back with Pokemon glitches - it astounded me to find out about the item underflow glitch + ACE, even further it astounded me that both are possible in real time.
Editor, Player (69)
Joined: 1/18/2008
Posts: 663
Dyshonest wrote:
...which I guess might be faster than repetitively doing the Trainer Fly/Mew Glitch to get Pokemon? Though again, that's still ACE (assuming you're using item underflow and there's not some hidden thing to CoolTrainer that also triggers odd encounters).
I know you're spewing more crap across threads where a lookup table or equivalent somehow turns into executing arbitrary instructions but can you please tell me where you got this ignorance and how I might be able to get it also? thanks.
true on twitch - lsnes windows builds 20230425 - the date this site is buried
Skilled player (1040)
Joined: 7/24/2013
Posts: 175
Dyshonest wrote:
I wonder how far into the game you have to get for it to jump to useful bits of RAM?
That question is still unanswered. I couldn't make it work in Viridian Forest when I tried it previously (which doesn't mean it's impossible), and it's the only useful place for any% (It's impossible in Mt. Moon, since the stored text is reset in Route 3 (as well as all other routes that have trainers on them)). Due to a lack of use, there hasn't been much exploration of other potential areas.
Dyshonest wrote:
To what extent are you using them that has nothing to do with ACE though? Making sprites disappear? Making a walk-through-walls item? I'm just a bit confused here as to how those glitches are useful outside of ACE potential considering 90% of the time they fry the save file or just crash the game.
I feel there a misunderstanding on which glitches involve ACE. Both things you mentioned can be achieved by conventional means. The (glitch) item which does these things exists in the game, we know exactly why it works and how, and there's no ACE involved at all. All you need to do it grab it. Manipulating RAM areas (e.g. in the inventory screen) is not ACE. The program counter stays where is should be, in the inventory screen routine, we're just accessing "items" the game doesn't expect. Also, if you crash the game while doing some glitch, you basically failed due to a lack of understanding on how the glitch works. None of them involve any RNG, the inner mechanics are just tricky at times, and doing something "bad" let's you lose control. Most instances of "the glitch craches the game" is actually due to a lack of knowledge. Take for example the transform glitch. It was known for a long time that it exists, and what it looks like when you do it (dubbed the "TMTRAINER effect") and that it likely crashed your game, but nobody cared to investigate why these things happen. Now that we know what happens internally (it overwrites certain RAM segments due to a missing EOS marker), we can prevent it from crashing by setting it up correctly, and even do useful things with it (like manipulating your opponent's Pokémon by overwriting its stats).
Joined: 9/15/2013
Posts: 154
I know you're spewing more crap across threads where a lookup table or equivalent somehow turns into executing arbitrary instructions but can you please tell me where you got this ignorance and how I might be able to get it also? thanks.
https://www.youtube.com/watch?v=5x9G5BWanWw totally not ACE https://www.youtube.com/watch?v=Q2_aczBkpxM around the 10m mark
I feel there a misunderstanding on which glitches involve ACE. Both things you mentioned can be achieved by conventional means. The (glitch) item which does these things exists in the game, we know exactly why it works and how, and there's no ACE involved at all. All you need to do it grab it. Manipulating RAM areas (e.g. in the inventory screen) is not ACE. The program counter stays where is should be, in the inventory screen routine, we're just accessing "items" the game doesn't expect.
I know both can be achieved through more conventional ways, like the Trainer Fly glitch being used to make Snorlax go away, etc. But obviously that takes time to set up. I meant more in reference to making an item that would do stuff like that for you. On the other hand when you manipulate the RAM areas a bit too much... https://www.youtube.com/watch?v=tNPisyK43Lc
Also, if you crash the game while doing some glitch, you basically failed due to a lack of understanding on how the glitch works.
Another part I should have elaborated more on. To my knowledge most glitches that end in a crash usually mean they have potential for ACE.
Editor, Player (69)
Joined: 1/18/2008
Posts: 663
Dyshonest wrote:
I know you're spewing more crap across threads where a lookup table or equivalent somehow turns into executing arbitrary instructions but can you please tell me where you got this ignorance and how I might be able to get it also? thanks.
https://www.youtube.com/watch?v=5x9G5BWanWw totally not ACE https://www.youtube.com/watch?v=Q2_aczBkpxM around the 10m mark
Oh, your ignorance comes from watching videos on Youtube! It all makes sense now. You ACE'd me bro! I'll start watching Youtube videos so that I can become a master ignoramus in no time! Thanks for the tip!
true on twitch - lsnes windows builds 20230425 - the date this site is buried
Experienced player (690)
Joined: 2/5/2012
Posts: 1795
Location: Brasil
Dyshonest wrote:
Another part I should have elaborated more on. To my knowledge most glitches that end in a crash usually mean they have potential for ACE.
not necessarily,that's just not how it works, cuz not all crashes are results of being able to access and modify data in any part of the game's code.Just because u accessed something u shouldn't,doesnt mean u have full control of what u access.
I want all good TAS inside TASvideos, it's my motto. TAS i'm interested: Megaman series, specially the RPGs! Where is the mmbn1 all chips TAS we deserve? Where is the Command Mission TAS? i'm slowly moving away from TASing fighting games for speed, maybe it's time to start finding some entertainment value in TASing.