Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Generation I Glitch Discussion

Pokemon Blue plays itself (TPP) - Page 2

Re: Pokemon Blue plays itself (TPP)

Posted by: luckytyphlosion
Date: 2015-01-02 11:28:34
Simplified version of my other code. This decreases the chance of start to be pressed by 1/2, and it will not press up when the player is in the daycare, which is where I store my code. (starting from DA48)

EDIT: Oops made an error need to fix it.
EDIT2: fixed the new code.

You'll need to modify the HRAM code to jump to DA48 after completing the OAM DMA.


ld a,(ff00+D4)
bit 0,a
ld a,(ff00+D3)
jr z,DA52
res 3,a
res 2,a ; no select button
push af
ld a,(D35E)
cp a,48
jr nz,DA60 ; jumps to second pop af
pop af
res 6,a ; can't press up in daycare
push af
pop af
ld (ff00+f8),a
ret


EDIT3: Maybe I need to modify the code even more, start is still being pressed way too much.
EDIT4: New code that presses start less:


ld a,(ff00+D4)
bit 0,a
jr z,02
bit 1,a
ld a,(ff00+D3)
jr nz,02
res 3,a
res 2,a ; no select button
push af
ld a,(D35E)
cp a,48
jr nz,04 ; jumps to second pop af
pop af
res 6,a ; can't press up in daycare
push af
pop af
ld (ff00+f8),a
ret

Re: Pokemon Blue plays itself (TPP)

Posted by: Crystal_
Date: 2015-01-05 09:51:43
I did something similar in Pokemon Crystal but editing the ROM rather than writing stuff in RAM (so no hopes for triggering it with arbitrary code execution, that wasn't the point anyway since it's just a romhack).

I basically edited the auto input handling routine (used for the catching tutorial) so that when auto input mode is on, the button press is randomly taken from a customizable array of buttons.
https://github.com/xCrystal/pokecrystal__RTG_AIM/blob/master/home/joypad.asm#L238
(lol, did I really srl five times rather than and 7  :XD:)

I did it so that you could press a combination of buttons first to turn auto input mode on at any point, and the same to turn it off.
https://github.com/xCrystal/pokecrystal__RTG_AIM/blob/master/home/joypad.asm#L101

I guess something similar can be done in Pokemon Blue, since the game similarly goes on auto input mode during old man's catching tutorial.

Re: Pokemon Blue plays itself (TPP)

Posted by: luckytyphlosion
Date: 2015-01-05 23:20:28
I think I found the reason why the TPP thing didn't work on VBA, but I might be wrong. Still worth sharing anyways.

While browsing in the Red Disassembly, I noticed that $FFF9 is an actual used value. If $FFF9 is not zero, then the game skips the input check, which is why $FFF8 isn't updated by the controller register. $FFF9 is never used in normal gameplay, but since I stored my code there, it just made it so the controller wouldn't be updated, so I guess it's only limited to games that have that specific check (don't know if all games have it).

The only time $FFF9 is used is when the game is started. When the game starts, it checks if the console is SGB, and if it is, it loads SGB Palletes, loading $1 into $FFF9 to disable input in the process.

However, since the SGB pallete routine is only called on Initialize, I don't think this is the case, and this is probably still a VBA related bug.

Re: Pokemon Blue plays itself (TPP)

Posted by: Torchickens
Date: 2015-01-09 19:31:17
I got it to work in VBA, but only when it isn't in Super Game Boy mode which is interesting. I wonder if you used a HRAM value other than $FFF9 (you'd have to make sure that the 5 addresses that follow it are unused too) it would fix this problem?

My 'raw' 8F code:

3E F0 EA 1E D3 26 D3 2E 4A 22 3E D3 22 3E CB 22 3E 97 22 3E E0 22 3E F8 22 3E C9 22
26 FF 2E 86 3E 18 22 3E 71 22 2E F9 3E 3D 22 3E 20 22 3E FD 22 3E C3 22 3E 4A 22 3E D3 22 C9

I just used TheZZAZZGlitch's "jailbreaking" method in order to execute this code.

This 59 opcode/operand-long code won't "fit" in the items pack (since there are only 17*2 accessible addresses if your code starts from item 3), but it would fit in the stored PC items.

This is not really viable though, because it contains duplicate items (you can't deposit more than 1 of these with a quantity over 99 IIRC) and there are also a couple of glitch items.

Would anyone like to add 'junk code' into my code so that it spells out good items, please? Thanks.

Re: Pokemon Blue plays itself (TPP)

Posted by: luckytyphlosion
Date: 2015-01-10 11:39:34
Since $FFF9 disables the joypad check, it's the only way you can have the game read the randomized inputs and not go through the joypad check.

Trying to make the code out of items isn't that suitable; rather I created a method to write code using the Map Script Pointer.


*Any Tossable Item
*Any Tossable Item
TM50 x31
TM43 x4
TM03 x55
PP UP x4
TM50 x33
TM11 x177
TM34 x72 ; quantity controls Low byte of where to write
TM50 x33 ; Item controls high byte of where to write
Leaf Stone x211
Full Heal x175
TM34 x31
TM43 x234
Thunderstone x211
TM24 x140
[]j. x205
Fire Stone x41
TM01 x[any]

ld a,(D31F)
inc b ; filler
swap a
ld c,a
inc b ; filler
ld a,(D321)
or c
ld (FA48),a
ld hl,D32F
inc (hl)
xor a
ld (D31F),a ; zeros the two top items' quantities
ld (D321),a
ld (ff00+8C),a
nop ; filler
call 2920 ; makes the start menu open
ret


Swap a Water Stone with 211/243 Quantity into the Map Script Pointer, to start the hex writer.

The TM34's quantity and the TM50 item identifier controls exactly where to write. For this code, I used the 72 quantity and the TM50 to start writing in the beginning of Daycare data (FA48). The two items' quantities control the low byte and high byte of the byte to write. Using this method, write the following bytes:

F0 D4 CB 47 28 02 CB 47 28 02 CB 4F F0 D3 20 02 CB 9F CB 97 F5 FA 5E D3 FE 48 20 04 F1 CB B7 F5 F1 E0 F8 C9

ld a,(ff00+D4)
bit 0,a
jr z,02
bit 1,a
ld a,(ff00+D3)
jr nz,02
res 3,a
res 2,a ; no select button
push af
ld a,(D35E)
cp a,48
jr nz,04 ; jumps to second pop af
pop af
res 6,a ; can't press up in daycare
push af
pop af
ld (ff00+f8),a
ret


After inputting that code, swap a "Nickname?" with 216 quantity where the Leaf Stone is, and write these following bytes.


3E 4F 4F 21 F7 D2 AF 22 0D 20 03 EA 63 D1 3D EA 1D DE F3 3E 18 E0
86 3E 71 E0 87 3E 3D E0 F9 3E 20 E0 FA 3E FD E0 FB 3E C3 E0 FC 3E 48 E0 FD 3E DA E0 FE 3E B0 EA 6E D3 3E 40 EA 6F D3 D9

ld a,4F ; 3E 4F
ld c,a ; 4F
ld hl,D2F7 ; 21 F7 D2
xor a ; AF
; .loop
ldi (hl),a ; 22
dec c ; 0D
jr nz,03 ; .loop, 20 03
ld (D163),a ; EA 63 D1
dec a ; 3D
ld (D31E),a ; EA 1E D3
di ; F3
ld a,18 ; 3E 18
ld (ff00+86),a ; E0 86
ld a,71 ; 3E 71
ld (ff00+87),a ; E0 87
ld a,3D ; 3E 3D
ld (ff00+f9),a ; E0 F9
ld a,20 ; 3E 20
ld (ff00+fa),a ; E0 FA
ld a,FD ; 3E FD
ld (ff00+fb),a ; E0 FB
ld a,C3 ; 3E C3
ld (ff00+fc),a ; E0 FC
ld a,48 ; 3E 48
ld (ff00+fd),a ; E0 FD
ld a,DA ; 3E DA
ld (ff00+fe),a ; E0 FE
ld a,B0 ; 3E B0
ld (d36e),a ; EA 6E D3
ld a,40 ; 3E 40
ld (d36f),a ; EA 6F D3
reti ; D9


Finally, swap another Nickname 216 where the Map Script Pointer is, and close the menu to execute the code.

This code is slightly different. It only presses start 1/4 of what it normally would, and it prevents access to the daycare man. (where I store my code)

Re: Pokemon Blue plays itself (TPP)

Posted by: Torchickens
Date: 2015-01-10 12:11:44

Since $FFF9 disables the joypad check, it's the only way you can have the game read the randomized inputs and not go through the joypad check.


Thanks lucky, I didn't know.

Your method looks cool (and I like how it looks like you can execute RNG plays Pokémon but with start being pressed 1/4 of the time now). I may try it some time. Thanks for sharing it.