This is only a proof of concept so far, nothing useful has been achieved so far. For now it seems to only work with the German ROM of the game.
The first part is to perform the so called chicken glitch which works by getting a level up in the following map:
This works like this:
- Obtain one fire ring
- Be at an XP value where the killing of shadow keeper gives you a level up
- Bring shadow keeper to an HP amount where the fire ring damage will kill it
- Bring your HP to an amount where the next hit will kill you
- Jump into shadow keeper while holding select this will allow you to be at 0 HP while entering the chest
- Use the fire ring and aim at shadow keeper to kill it
- Click through the dialog and wait through the cutscene
- When done correctly you should hear the level up sound and the dialog typing sound in the following screen
- The cutscene should now no longer continue and now you can control one of the NPCs while holding the run button
Trying to use the magic chest ring menu in this room will seemingly crash the game. But this can be abused since it is jumping into RAM area where the sprite information is stored.
These positions which are two u16 can be fully controlled since there is no collision anywhere on the map,
though the first byte is always skipped due how the RAM values are.
This allows a total of three bytes to be controlled here, with can be any value.
- Position the NPC to the desired offset to get the desired ASM in the example it is jumping to the user's name. ( [any byte value] 82 cc f4 )
- Equip the magic chest, it still possible to enter/leave the menu just fine.
- When pressing the item use button it jumps to that code and then executes the jump and then jumps to the name and executes that.
This is a save state for: bsnes-plus version 05 (Aug 18 2019) Accuracy profile with debugger
This ROM version: Terranigma (G) (V1.0) [!]