Joined: 12/29/2007
Posts: 47
Infinite mushroom glitch http://dehacked.2y.net/microstorage.php/info/1520317820/Super_Mario_Bros._3_%28U%29_%28PRG0%29_%5B%21%5D-Infinitemushroom.fm2 It is necessary to erase the venus fire first. And, the turtle should put it from the left. http://dehacked.2y.net/microstorage.php/info/239144468/Super_Mario_Bros._3_%28U%29_%28PRG0%29_%5B%21%5Danotherway.fm2 When the star is made to appear first, glitch is done further. The mushroom jumps up, and the leaf becomes green. A green leaf is a super-leef that can become Raccoon Mario directly.
Tompa
Any
Editor, Expert player (2215)
Joined: 8/15/2005
Posts: 1941
Location: Mullsjö, Sweden
Useless, but yet again beautiful! Keep 'em coming.
negative_seven
She/Her
Active player (429)
Joined: 11/25/2012
Posts: 103
Location: Europe
Lord Tom wrote:
For a walkathon do people think that grabbing shells/blocks should be forbidden, since it uses the B button, even if walking speed is not exceeded?
On a technical standpoint, I'd refer to the Super Mario World walkathon run. There, the rule is to not press left/right and Y/X at the same time. That might be a good rule to have, except it would require Mario to have to go back and get his 24 speed before grabbing the shell(In SMW you can hit a koopa and grab the shell without slowing down, so that wasn't a problem. Here it's a little tricker.). Giving a limit of 24 speed unless sliding or keeping speed after sliding or boosting in some obscure way etc etc is definitely way too arbitrary. I personally would just ban B altogether, except for menus and stuff. Entertainment-wise it shouldn't be too big of a deal. With such a slow speed lots of stunts not seen in the other runs can be performed anyway.
Joined: 5/9/2005
Posts: 752
Tompa wrote:
Useless, but yet again beautiful! Keep 'em coming.
Looks like the Glitchfest run needs an update then...
Tompa
Any
Editor, Expert player (2215)
Joined: 8/15/2005
Posts: 1941
Location: Mullsjö, Sweden
Don't expect such run from me at least. I'm already busy TASing this game.
Experienced player (588)
Joined: 2/5/2011
Posts: 1417
Location: France
Improving?
Current: Rayman 3 maybe? idk xD Paused: N64 Rayman 2 (with Funnyhair) GBA SMA 4 : E Reader (With TehSeven) TASVideos is like a quicksand, you get in, but you cannot quit the sand
Joined: 12/29/2007
Posts: 47
adelikat
He/Him
Emulator Coder, Site Developer, Site Owner, Expert player (3573)
Joined: 11/3/2004
Posts: 4754
Location: Tennessee
LOL, that was awesome. A shame that you are stuck in world 8 though :(
It's hard to look this good. My TAS projects
Lord_Tom
He/Him
Expert player (3143)
Joined: 5/25/2007
Posts: 399
Location: New England
Uuuuuuuuuuuummmmmmmm... Wow? Amazing work, I've enjoyed your various glitch vids! Definitely going to explore this more! Edit: I hexed the inventory to try using map items, nothing worked: Power-ups: Luigi sprite changes, but still can't move Whistle: Luigi disappears, warp music plays, but broken map screen still there, can't use additional items or move.
Patashu
He/Him
Joined: 10/2/2005
Posts: 4043
Could I get an encode? (Don't have a way to play it back on emulator atm)
My Chiptune music, made in Famitracker: http://soundcloud.com/patashu My twitch. I stream mostly shmups & rhythm games http://twitch.tv/patashu My youtube, again shmups and rhythm games and misc stuff: http://youtube.com/user/patashu
Joined: 2/21/2014
Posts: 4
Kirua was messing around with it on stream earlier. http://www.twitch.tv/kirua/b/508726271?t=1m35s
Patashu
He/Him
Joined: 10/2/2005
Posts: 4043
LOL! The new glitch makes the game look like SML2. Good stuff. What needs to be discovered now is why it puts you where it does in world 8. I mean, you can beat a world from anywhere (since the airship moves) so it's surely not because you beat the world from an unexpected level.
My Chiptune music, made in Famitracker: http://soundcloud.com/patashu My twitch. I stream mostly shmups & rhythm games http://twitch.tv/patashu My youtube, again shmups and rhythm games and misc stuff: http://youtube.com/user/patashu
Skilled player (1741)
Joined: 9/17/2009
Posts: 4981
Location: ̶C̶a̶n̶a̶d̶a̶ "Kanatah"
Patashu wrote:
Could I get an encode? (Don't have a way to play it back on emulator atm)
Here you go: Link to video
Editor, Expert player (2329)
Joined: 5/15/2007
Posts: 3933
Location: Germany
It seems that whatever you do before jumping inside that glitch tile (killing vs. not killing the koopa in the beginning for example) has an influence on the outcome. Because the crash screen looks different when I do or don't do certain things before I enter the garbage section. If I knew how, I would run a bot with random input that saves the outcomes that don't freeze or reset the game, for both the scenario where you killed the koopa and where you didn't; maybe that would help find something else useful.
HHS
Active player (286)
Joined: 10/8/2006
Posts: 356
The game just goes haywire and ends up jumping into the middle of some function, and the current player ($0726) gets set to 255. That's why you start at a strange map location. Edit: The crash happens on frame 3329. Since you're outside the valid playing area, it is interpreting ROM bytes as tiles. In this case, you hit a $03 byte at $9c70, which is a note block. It eventually writes a $80 back to this location, which changes the PRG layout, and it starts executing random things it shouldn't.
Editor, Expert player (2329)
Joined: 5/15/2007
Posts: 3933
Location: Germany
So what would be funny is if you could jump into a function that calls the ending cinematic. I will play around with it some more
MESHUGGAH
Other
Skilled player (1918)
Joined: 11/14/2009
Posts: 1353
Location: 𝔐𝔞𝔤𝑦𝔞𝔯
Noob question, but is this the only place where you can jump into a weird pipe and go through garbage data level? And how does that weird pipe glitch works?
PhD in TASing 🎓 speedrun enthusiast ❤🚷🔥 white hat hacker ▓ black box tester ░ censorships and rules...
Editor, Expert player (2329)
Joined: 5/15/2007
Posts: 3933
Location: Germany
From reading old Youtube comments: - 7-6 "Nothing useful" (PRG0) (U) - 4-F2 "Somewhat stuck, unable to do anything after entering the glitched area" (PRG0 and PRG1) (U) - 7-1: (J) (PRG0) doesn't take you to the glitched area. (U) (PRG0) as seen in this video. (U) (PRG1) takes you to the glitched area but you are "somewhat stuck" (E) gets you stuck too. Super Mario Allstars SMB3 does not take you to the glitched area, but wraps around the level instead. The pipe glitch does not work on the GBA versions. (J) (PRG1) was untested. Super Mario Allstars + SMW was untested. So there are some other places, but 7-1 seems to be the most viable one. The pipe glitch works by entering a wall, and crouching (-> going down a pipe that doesn't exist), at the bottom end of a pipe. See http://www.youtube.com/watch?v=yvOv-4Qtidw
MarbleousDave
He/Him
Player (13)
Joined: 9/12/2009
Posts: 1559
I think that (J) (PRG1) is similar to (U) (PRG1). SMAS+SMW may be similar to SMAS. Can this be done on Super Demo World?
Editor, Expert player (2329)
Joined: 5/15/2007
Posts: 3933
Location: Germany
I tested for 3 hours and 10 minutes and this is the only good result that I got. W8 warp (U) (PRG0) (FCEUX 2-2-1 interim) (this does not have dialogue with the king, and bringing up the item select and pressing up or down does not crash the game unlike RAT926's result) I also got an outcome where you could see the screen fade, and subsequent crash, but I didn't keep the fm2. My guess is that the game seems to have executed the code that made the screen fade and then didn't know what to. This seems promising to execute something desirable (end credits, or level warp, or idk) but I can only do trial-and-error and didn't get anything else good after those 3 hours 10 mins. - Killing, flipping over, not killing the koopa in the beginning; killing a piranha plant; hitting a coinbox all can influence the glitch, making it less or more likely to result in glitch effects (other than simply crashing the game) - Sometimes, after the glitch started, pressing different input can influence the outcome. This is a bit similar to the Kirby's adventure stone-in-water glitch, but it is way less effective in SMB3. - Swinging your tail seems to have a good influence on the glitch. Frog Mario and Fire Mario did not seem to cause good glitch effects. I can't go to the glitch area with a starman because you cannot go through pipes while invincible. - I was unable to cheat my way to the glitch area in Mario Allstars SMB3. I wanted to test what you could do if you were able to visit the glitch area in that game..
HHS
Active player (286)
Joined: 10/8/2006
Posts: 356
Total control is definitely possible with this bug. After it writes $80 to $9c70, it starts executing completely wrong things and then it returns to $0081. A BRK is then needed to get the PRG layout back to normal. So, by manipulating some bytes between $0088 and $00ff to read 20 e3 8f, you can get to the ending scene. Note that the stack pointer is overflowing, so a JSR is needed to get it back where it should be (or the ending will be bugged and get stuck when the carpet goes up). Edit: I tried killing the 3 plants, then went up the next two pipes and brought down the flying koopa. I killed the koopa down below so that it died at X position $20. Then I brought the other koopa back to the beginning of the stage and sent it spinning, then placed the first koopa on the middle pipe. I stopped the spinning koopa at position $e3 and the walking koopa at position $8f, then went down into the glitched area. Unfortunately, my attempt was thwarted by a JSR $0010 instruction having appeared at $00a6, but it seems like it should be doable.
Skilled player (1741)
Joined: 9/17/2009
Posts: 4981
Location: ̶C̶a̶n̶a̶d̶a̶ "Kanatah"
HHS wrote:
Total control is definitely possible with this bug. After it writes $80 to $9c70, it starts executing completely wrong things and then it returns to $0081. A BRK is then needed to get the PRG layout back to normal. So, by manipulating some bytes between $0088 and $00ff to read 20 e3 8f, you can get to the ending scene. Note that the stack pointer is overflowing, so a JSR is needed to get it back where it should be (or the ending will be bugged and get stuck when the carpet goes up).
:o Who would've guessed that a potential improvement to the current any% run would be completing a completely different level than the previous runs? :s
HHS
Active player (286)
Joined: 10/8/2006
Posts: 356
I made a LUA script to show if a given instruction can be reached starting at $0081.
target = 0xae

lengths={2,2,2,2,2,2,2,2,1,2,1,2,3,3,3,3,
 2,2,0,2,2,2,2,2,1,3,1,3,3,3,3,3}

while true do
 addr=0x81
 j=0
 y=0
 b=0
 while y<16 do
  op=memory.readbyte(addr)
  l=lengths[AND(op,31)+1]
  color='#ffffff'
  if op==0x20 or op==0x4c then color='#ff0000' l=3 b=b+1 end
  if l==0 or AND(op,0x8f)==2 or op==0x40 or op==0x60 then color='#ff0000' l=1 b=b+1 end
  if AND(op,31)==0x10 then color='#c0c000' end
  if addr==target then color='#00ff00' end
  for i=0,l-1 do
   x=memory.readbyte(addr)
   if b>1 then color='#502020' end
   gui.text(j*20,y*8,string.format('%02X',x),color)
   color='#bf9090'
   addr=addr+1
   j=j+1
   if j==12 then j=0 y=y+1 end
   if b==1 then b=2 end
  end
  if addr>target or addr<0x80 then break end
 end
 FCEU.frameadvance()
end
This requires a recent version of FCEUX (2.0.3 doesn't support colored text).
Editor, Expert player (2329)
Joined: 5/15/2007
Posts: 3933
Location: Germany
Total control is definitely possible with this bug. After it writes $80 to $9c70, it starts executing completely wrong things and then it returns to $0081. A BRK is then needed to get the PRG layout back to normal. So, by manipulating some bytes between $0088 and $00ff to read 20 e3 8f, you can get to the ending scene. Note that the stack pointer is overflowing, so a JSR is needed to get it back where it should be (or the ending will be bugged and get stuck when the carpet goes up).
This looks really promising! Good job. I tried manually editing addresses and I only had it trigger the ending when I edited $008b~$008d to read 20 e3 8f. Other nearby addresses did not seem to work. On your lua script, mind explaining the colors or what the display shows? I'm no good at this disassembling stuff so I appreciate any information you can give me.
HHS
Active player (286)
Joined: 10/8/2006
Posts: 356
The display shows the bytes from $0081 up until the desired address that you want to manipulate (I used $00ae). White bytes are the beginnings of instructions. A red byte means that execution will be diverted before the target is reached. A yellow byte is a branch instruction. The target address is highlighted in green if it will be reached (assuming no branches are taken).