View Single Post
Old 04-18-2018, 11:49 AM
Mogri's Avatar
Mogri Mogri is offline
Yes, let's feast!
Join Date: Sep 2011
Location: Austin, TX
Pronouns: he
Posts: 16,569

What Actually Though

OK, so this last chapter was a real ride. You're wondering what happened. You're not alone. I, too, was burning with curiosity about how exactly this trick works, so I did Research, and I present to you now the fruits of my labors.

To prepare for this trick, we need a specific arrangement of consumables. We need some Cure Potions, Heal Potions, and Refreshers -- it doesn't matter how much of each, so long as we have at least one -- and the slot before the Cure Potions must be empty. This isn't too hard to set up as long as you know where to acquire some of everything.

After that, we talk to the Seed salesman. As mentioned, the first opportunity to buy Seeds is in Fireburg, which is why this trick isn't available earlier. Consumables salesmen allow you to buy any amount that you can afford, which includes zero. If we were to buy zero of an item that we already have, nothing would happen, which is why we need to have no Seeds before the purchase. Aside from Refreshers, you can use consumables outside of combat even when they would have no effect, so that part's not hard to set up.

Once we buy zero Seeds, we have zero Seeds in inventory. Why? To answer that, let's look in the game's memory.

This it what the memory looks like before we buy zero Seeds. Item #10 is Cure Potion, #11 is Heal Potion, and #13 is Refresher. All of these numbers are hexadecimal, so instead of the digits going from 0 to 9, they go from 0 to F. You don't need to understand hexadecimal to follow along, but keep that in mind for later.

Each of our inventory slots has two numbers associated with it. The first is the ID -- which item is this? -- and the second is the quantity -- how many do we own?

The ID of our first item slot is zero, meaning there's no item in that slot. When we acquire an item, the game first looks to see if we already own it, and if so, it increments our quantity of that item. If we don't already own it, then it finds the first empty item slot and sets it to that item. So after we buy zero Seeds, it looks like this:

How many Seeds do we own? Actually zero, but since the game sees that the first item slot contains zero Seeds instead of zero nothing, it's happy enough to allow us to use one. What happens when you use an item? Why, the quantity goes down by one, of course. What's zero minus one?


Okay, let's see what the memory has to say about this.


Let's get a little more fundamental. Everything in computer land is ones and zeroes. Each one of those boxes holds eight ones or zeroes, so when we have zero Seeds, the number zero looks like this:

0000 0000

When we subtract one from that number, it rolls over to this:

1111 1111

That's FF in hexadecimal, or 255 in our normal numbering scheme. But we subtract by carrying the one from somewhere, and in this case, the one came from the item 2 ID slot. The computer kept going until it found a digit it could subtract from.

Item #0F is the Sky Coin, which is why we now have a Sky Coin in our second item slot. This doesn't work like a normal Sky Coin; the game will not recognize us as Sky Coin owners at this time. But it's relevant that it's no longer a Cure Potion. (What happens if you use the Sky Coin, you ask? Out of battle, nothing. In battle, the game freezes. Maybe don't use fake Sky Coin.)

Why do we care that it's no longer a Cure Potion? Well, recall what happens when you buy an item that you don't already own: the game finds the first empty item slot and sets it to that item.

But all four of our item slots are full.

What's to the right of those four slots in the game's memory, anyway?


Why does the game decide to stop there? I can't answer this definitively without access to the source code, but the most likely explanation is that it looks something like this:

for (slot = 0; slot < 4; item++) {
  if (itemID(slot) == 0) break;
In other words, it fully expects to find an empty slot in one of our four inventory slots, because that's how the game is meant to work, but if it doesn't, then the value of "slot" after leaving the loop is one more than it should possibly be. Whatever the case, we have the ability to overwrite those inventory slots with the item ID and quantity that we choose.

How do those blocks of memory work? Each 1 or 0 corresponds to a key item. The first block's current value is E2, which looks like this in binary:

1110 0010

Those eight items are, in order, Elixir, Tree Wither, Wakewater, Venus Key, Multi-Key, Mask, Magic Mirror, and Thunder Rock. We have the first, second, third, and seventh of those.

The second slot works the same way, but for the items Captain Cap, Libra Crest, Gemini Crest, Mobius Crest, Sand Coin, River Coin, Sun Coin, and Sky Coin.

After buying 19 Cure Potions, our inventory looks like this. Let's take another look at the memory.

The first key items block now contains the value 10, which is the ID of Cure Potion. The second block contains the value 13, which is hexadecimal for 19 -- the amount of Cure Potions we bought. Let's look at both of those numbers in binary:

0001 0000 = 10
0001 0011 = 13

We have one item in the top two rows: the Venus Key. In the bottom two rows, we have three items: the Mobius Crest, Sun Coin, and Sky Coin. Unlike our fake consumable Sky Coins, these are the real deal: we can open the door in Focus Tower with these ones. (You might notice that the positions of the 1s in the binary correspond to the positions of the items in our inventory.)

So now that we know how the trick works, why don't we use it to get anything else? And why wait until Fireburg when we could do the trick with Cure Potion vendors?

Let's answer the first question first. What else could we get with this trick?

In our first two rows, we could get the values 10, 11, 12, or 13, corresponding to Cure Potions, Heal Potions, Seeds, and Refreshers, respectively. That could potentially get us the Thunder Rock and Magic Mirror in addition to the Venus Key. The Magic Mirror is no longer useful by Fireburg, but Thunder Rock is a necessary plot item later.

In the bottom rows, we could get any of those items except for the Captain Cap -- our limiting factor is that we can only buy 99 of an item. The River Coin and Sand Coin are no longer useful by the time we get to Fireburg, and the Mobius Crest is the only one we really need from here on. While we could have gotten more here, we also need enough money to buy the Cure Potions.

With that in mind, why wait until Fireburg? Fireburg is important, not because it sells Seeds specifically, but because it sells two kinds of consumable. In Aquaria, we could buy Cure Potions, which would have been sufficient to trigger this glitch, but then we would have been on our own obtaining a second type of consumable, which would have involved gathering it from chests three at a time to hit a very specific value. (This is a good time to mention that we can never take Cure Potions from a chest ever again if we value being able to win the game.)

This glitch is used for speedrunning FFMQ, and for the purposes of the speed run, it's fastest to play normally until Fireburg. Purchasing the Seeds and Cure Potions is extremely quick and allows us to bypass an enormous chunk of the game. For non-speedrunning purposes, we can probably do a lot more; I hadn't really looked into how exactly the glitch works until I went to do this writeup.

We haven't seen the last of this glitch, and after SHORTS's adventure has concluded, we'll revisit what exactly we can do with this. Just how badly can this game be broken?
Reply With Quote