Difference between revisions of "Invalid Text Command"
Jump to navigation
Jump to search
(Created page) |
(Added Instructions) |
||
| Line 1: | Line 1: | ||
== Explanation == | |||
The game uses a jump table to call the various text commands that are in the game but it never checks if they are valid, so any invalid commands jumps to whatever offset is found at the offset in the jump table. | The game uses a jump table to call the various text commands that are in the game but it never checks if they are valid, so any invalid commands jumps to whatever offset is found at the offset in the jump table. | ||
In our example we use 0xE9 which | In our example we use 0xE9 which leads to the buttons' offset and then we can just hold a certain combination to jump to our code in SRAM. | ||
Buttons: | Buttons: | ||
| Line 8: | Line 9: | ||
*Player 3: L | *Player 3: L | ||
At the start of the SRAM whatever code is present will be executed.</br> | |||
We prepared some code that fixes the string in the save file so it won't crash again and set the final day flag and then just save the game.</br>Now the second save file will forever directly go to the credits. | |||
== Instructions == | |||
Prepare some payload at the start of the SRAM | |||
# Change one of the Player's names in the save file to E9 D4 | |||
# Update the checksum of the save file | |||
# Wait till the opening starts and press the buttons mentioned above and then A | |||
# Your code should have been executed | |||
# Press reset | |||
# Load the modified save file | |||
# Enjoy the credits | |||
Example: [https://www.youtube.com/watch?v=PuIgQYwE254 View] | Example: [https://www.youtube.com/watch?v=PuIgQYwE254 View] | ||
Revision as of 18:29, 6 July 2022
Explanation
The game uses a jump table to call the various text commands that are in the game but it never checks if they are valid, so any invalid commands jumps to whatever offset is found at the offset in the jump table.
In our example we use 0xE9 which leads to the buttons' offset and then we can just hold a certain combination to jump to our code in SRAM.
Buttons:
- Player 1: Select + left
- Player 2: Select + Y
- Player 3: L
At the start of the SRAM whatever code is present will be executed.
We prepared some code that fixes the string in the save file so it won't crash again and set the final day flag and then just save the game.
Now the second save file will forever directly go to the credits.
Instructions
Prepare some payload at the start of the SRAM
- Change one of the Player's names in the save file to E9 D4
- Update the checksum of the save file
- Wait till the opening starts and press the buttons mentioned above and then A
- Your code should have been executed
- Press reset
- Load the modified save file
- Enjoy the credits
Example: View