Sketch Glitch results - clementgallet/ff6-tas GitHub Wiki
Many addresses in RAM are overwritten, including item list, spell list, equipments.
Item list
In-battle item list ($2686 - $2B85), first arm equipment ($2B86 - $2B99) and second arm equipment ($2B9A - $2BAD) are computed from item list ($1869 - $1A68) and character data ($1600 - $184F) during battle startup in function C2/546E. Each element takes 5 bytes. After the battle, the in-battle item list and equiped weapons/shields will be stored.
In-battle item list
$0000 Item id
$0001 Item flags
08: Is a shield
10: Is a weapon
20: Can be thrown
40: Is a tool
80: Not usable as an item in battle
$0002 Item targeting
01: Affects single ally or enemy 10: Auto-accept default selection
02: Affects enemies or allies only 20: Multiple selection possible
04: Affects all allies and enemies 40: Enemy selected by default
08: Affects all allies or all enemies 80: Random selection among all enemies and allies
$0003 Item quantity
$0004 Item equipability
01: Onscreen character 0 can't equip item
02: Onscreen character 1 can't equip item
04: Onscreen character 2 can't equip item
08: Onscreen character 3 can't equip item
Non-weapon attacks
The glitch can pop items in the inventory with equipping flags, or item directly in arm slots, making it possible to attack with them. Let's see in details what are the properties of these Objects as weapons.
Magic list
The spell table can be overwritten and new spells can be used like enemy attacks, blitz, sword techs, desperation attacks, etc.
Command lists
Commands can be overwritten by certain formation molds. In-battle commands are stored starting $202E, taking 3 bytes per character per slot:
$0000 Command id
$0001 Command availability (bit 7 set is command available, same as for magic?)
$0002 Command aiming
With the glitch, you can execute monster scripts as well as glitched commands. See the list of commands.
Digging into ACE
Ideas to jump into RAM are:
- Execute a long jump opcode (currently: JMP $DC9B)
- Execute RTL and pray