Difference between revisions of "Invalid Text Command"

From Terranigma Wiki
Jump to navigation Jump to search
m
m (Improved method.)
 
Line 2: Line 2:
The game uses a jump table to call the various text commands that are in the game but it never checks if they are valid, so any invalid commands jump to whatever offset is found at the offset in the jump table.
The game uses a jump table to call the various text commands that are in the game but it never checks if they are valid, so any invalid commands jump to whatever offset is found at the offset in the jump table.
   
   
In our example we use 0xE9 which leads to the buttons' offset and then we can just hold a certain combination to jump to our code in SRAM.
In our example we use 0xF2 which leads to the code at the start of the SRAM.
 
Buttons:
*Player 1: Select + left
*Player 2: Select + Y
*Player 3: L
At the start of the SRAM whatever code is present will be executed.</br>
At the start of the SRAM whatever code is present will be executed.</br>
We prepared some code that fixes the string in the save file so it won't crash again and set the final day flag and then just save the game.</br>Now the second save file will forever directly go to the credits.
We prepared some code that fixes the string in the save file so it won't crash again and set the final day flag and then just save the game.</br>Now the second save file will forever directly go to the credits.


== Instructions ==
== Instructions ==
Prepare some payload at the start of the SRAM
This is currently not possible to do on console alone and needs a prepared SRAM.</br>
You need to prepare some payload at the start of the SRAM.
   
   
# Change one of the Player's names in the save file to E9 D4
# Change one of the Player's names in the save file to F2 D4
# Update the checksum of the save file
# Update the checksum of the save file
# Wait till the opening starts and press the buttons mentioned above and then A
# Wait till the opening starts and press any button to get to the save menu
# Your code should have been executed
# Your code should have been executed
# Press reset
# Press reset

Latest revision as of 13:12, 10 July 2022

Explanation

The game uses a jump table to call the various text commands that are in the game but it never checks if they are valid, so any invalid commands jump to whatever offset is found at the offset in the jump table.

In our example we use 0xF2 which leads to the code at the start of the SRAM.

At the start of the SRAM whatever code is present will be executed.
We prepared some code that fixes the string in the save file so it won't crash again and set the final day flag and then just save the game.
Now the second save file will forever directly go to the credits.

Instructions

This is currently not possible to do on console alone and needs a prepared SRAM.
You need to prepare some payload at the start of the SRAM.

  1. Change one of the Player's names in the save file to F2 D4
  2. Update the checksum of the save file
  3. Wait till the opening starts and press any button to get to the save menu
  4. Your code should have been executed
  5. Press reset
  6. Load the modified save file
  7. Enjoy the credits

Example: View