Are you interested in the mechanics, algorithms and numbers as I do...

Also I like leftover content in the games. Unused models or sounds, leaked betas and alphas.

Serious Sam had quite a lot of cut content left in the game files. There's also a beta from around 98. It has shit ton of levels, the movement is way faster, the sounds are different and some models are less polished or totally different. The game was supposed to be much bigger, but they decided to split it into 3 parts. The whole worlds concept from serious Sam is present in the beta.

I meant serious Sam 2 of course.

In civilisation 2 ghandi would suddenly start nuking even though he's supposed to be the most peaceful. That's because the variable holding the aggression level is unsigned char.

Char (1 byte) can hold biggest number of 255 word (2 bytes) little over 16k and dword (4 bytes) over 4kkk. It can be calculated by 2^number of bits. 1 byte = 8 bits

Now what does signed and unsigned means ? I need byte can hold value from 0 to 255. If you want numbers with sign it's gonna be -128 to 127

So let's say ghandi is at 0 aggression and something happens that will lower his aggressions even more. Since the value is not signed it will wrap to 255aking him the most hostile.

well im honestly entertained, OP.

...

Metin 2 (old mmo) had a a hack commonly called 1hk (one hit killer)

It exploited a bug where you could change how far away will the target be blown away after you strike it with your weapon.

Setting the value to 9999 would just push your out of bounds. For monsters it was insta kill. The best thing is that the items drop at your position, not the enemy, so you could use this to farm on bosses. Player treated with such attack would get kicked out of the server.

Another bug from metin 2. This game has enemies called metin. It's a stone that flies from the sky, you need to find them and destroy them. Every 10% HP taken from the stone will spawn a group of enemies.

However, there's a bug that will make the monsters not spawn or it will make totally different monsters to spawn if you slow down the metin (you can have x% chance to slow down target in an item)

How does it work ? Metin uses move speed and attack speed variables to hold the Id number of the group of the monsters. Beign slow down makes the value 20-30 smaller usually giving you invalid ID, so nothing spawns

ghandi? more like yande

In half life opposing force you get a weapon that can create a teleporter. When you use it, you will be taken to xen. From there you find another teleporter which will take you somewhere close to where you came from. However, if you save and load in xen the game will forget where you came from and you will be teleported at the centre of the map. Usually its out of bounds, but sometimes it's useful and can be used to skip big parts of map

do you happen to know why basic rocket jumping in tf2 tends to propel you further if you hold crouch while the blast hits you?

No, but maybe it's because the hotbox is smaller and the game treats it like it weight less.. hmm. I have source code of tf2 I will try to look it up

Do you wonder why your old stolen cars in GTA 3 will be remembered by game for a long time, but other time it will forget about it very soon and it will disappear ? There's many things that can make your vehicle respawn, but the most likely thing that happened is this.

When you steal the car it goes on a certain list of "important" cars and it will not be deleted. However, if the previous owner of the car tries to get his car back and grabs you handle, the game considers the car part of the traffic right away and it's deleted from that list. If you leave the car and go out of its sign it will dissapear

It checks to see if the owner can enter the car.

If it can't, it stays. If the driver's door is blocked, the car will always be there.

Fucking hell. Sorry for the misspellings, my retarded phone thinks it knows better what I want to say…

If you played the original dos doom (or source port like chocolate doom) you probably didn't see this face very often. It's supposed to show up every time you take more than 20 damage, however, the code is written backwards, where they divide new health from old health, so this face shows up only if you health went up by 20 while beign attacked (basically you need to get shot and pickup a health pack at the same time)

Yeah. It will also disappear if it becomes a mission car. For example in some missions you need to pick up someone and when you leave the car they won't follow you, instead it will tell you to get back to the car.

That's why you need to reenter the helicopter after rescuing lance.

Bump

Tell me o crazy game wizard, where doth thine knowledge came from? I mean even if you just gathered this from around the net its pretty impressive.

I play a lot of games and watch speedruns and since i'm a programmer I can often guess why it happens and I know where to look for the answers.

Another bug from Metin 2

In this game every item has 3 "sockets". They are used for different things depending on the item. Weapons and armor use them to store soul stones (each stone has a bonus, for example def + 10), items with time store the time in socket 0 etc.

So what can you do with that ?

Let's say your sword is at inventory slot 1, the soul stone is at slot 2 and your item with time (for example thief glove which gives you 50% more chance for a item drop) on slot 3.

The item with time has to have 1 minute left for this trick to work

You drag 'n' drop soul stone on your sword, a window will pop up asking if you want to do that. Now you move sword to some other slot and put the glove in the slot 1. You accept it and the sould stone is put into a glove giving you 20k + minutes. How does it work ?

For items that can accept soul stones the socket can be either :

0 - it's not accesible, you can't put a soul stone inside
1 - the slot is empty (that's why you need 1 minute left in your item)
2 - the slot is broken
anything else is the ID of the stone. The ID of stones is pretty big, 28000 - 28440 and that's how much minutes you will get.

Yet another bug from metin2

In metin2 almost every item that you can equip (swords, armors, shields etc.) have levels. starting at +0 and finishing at +9 (example Full Moon Sword +9)

All those items +0-9 are separate items, when you upgrade from one level to another the game just deletes the item and gives you a new one.

There are 2 ways of upgrading your item. You can either give it to blacksmith or use Blessing scroll. If blacksmitch fails the upgrade you lose the item, but if you use the scroll and fail, your item is dowgraded one level.

Now what you do is, take the level 1 armour for warrior at +5 and try to fail upgrading it to +6, it will turn into an unusued powerfull bow instead of the armour +4. Why ?

This unused bow has fucked up upgrading system table and it will upgrade from +0 to this weak armour +5, so failing to upgrade this armour will go back and give you the bow.

...

I went in expecting some shit-tier blogposts, and ended up in the most interesting thread in the catalog.

And i expected more people to post their shit

Had to google it. Very interesting indeed.

Look up pannenkoek and his alt channel pannenkeok.
You'll love it.
Fantastic explanations and demonstrations of Super Mario 64 glitches, and how they can be applied to challenges such as completing SM64 with as few a presses as possible.

How many presses is his record?

I really like his 255 coin limit video, it does a really good job at explaining object structure arrays and how they are allocated.

Stop this forced meme garbage already.

Propably everyone here knows about MissingNo pockemon or at least heard of it. What is it and how does it work ?

You talk to OLD MAN, he will show you how to fight and catch a pokemon. Then you fly to Cinnabar Island and surf near the shore. After a while you will encounter a wild pokemon, it might be MissingNo or normal pokemon, it depends on your name.

explanation :
When you talk with OLD MAN the game simply copies your original name somewhere, replace it with "OLD MAN" and after that it resteres your original name.
But where do they copy the original name ? Nowadays you have so much ram you could just put it anywhere, but on old systems you had use everything you got. They copy it into a table containing information about wild pokemons in given area (first byte is the ID of pokemon, second is the level). Normaly that's not a problem, as soon as you enter an area where wild pokemon occur the table will be overwriten with valid data. This doesn't happen in the cities however. This still doesn't make anything strange to happen, but it just so happens that the tiles near the shore Cinnabar Island act as grass. You can potentialy encounter any pokemon with any level you want based on your name.

what the fuck dude?

The Ulillillia classic of him spending too much time on Bubsy 3D is good. Also amusing is him doing the background scrolling trick in Sonic 3 & Knuckles. Want me to find that one too?

Sorry user, I had a lapse in intelligence, for whatever reason I thought you meant how many a presses does it take to record his video.

Put it straight, I'm retarded.

Sure. Funnily enough I saw this channel pannenkoek2012 before in recommended but never watched any. Now I am.

last year it was 27, but he has discovered tons of exploits since.

ProgrammerAnon, do you understand how the damage system in Dragon's Dogma works?

There seems to be all kinds of weird technical fuckery going on there, and no one can seem to explain it all.

steamcommunity.com/app/367500/discussions/0/405691147603474565/

The game ain't open source nigguh, he is a programmer not a wizard.

and thats why its called missingno huh? because with most names youll have it asking for an invalid pokemon

it's 22 and a half now.

Nice quads but
How can you have a button press?This doesn't exist.

MissingNo is just short for MissingNumber, but it's displayed as MissingNo because of the 10 characters limit. Also worth mentioning is that the original pokemon games have 150 (or 151 ? i dont remember) pokemons, but the table holding pokemon's info has 190 entries. Most of them are blank, but 9 of them have some data left inside, so propably they planed on making 190 pokemons, but they were cut.

That's not even getting into the "Trainer Escape"/Mew Glitch

was meant for

It could be found through reverse engineering, but since it's a new game there's shit ton more code to go through than super mario 64. Also they most likely have some DRM and anti debugging stuff… it can be bypassed, but i ain't no cracker.

The general idea of how to find this shit out would be something like this.

Look through memory and find a stable pointer to enemy health. Set up a breakpoint when it changes, go back up the callstack and find the function that calculates the damage.

you see Henry, half a button press is a concept that evolved from segmented runs, to get to a star, sometimes you only need the release part of the A press, so if in another section you only need the press part of the A press, if you don't add two a presses to the overall run, only one, so he calls that a half A press.
that user must be jesting tho because the term doesn't apply to whole runs.

forgot pic

Javascript and HTML don't count, faggot.

I actually don't know either (just a bit oh HTML, but that's propably web 1.0 shit)

C/C++/asm x86 is my stuff.

[doubt]
It takes 10 years to master faggot, you probably only know the basics

I didn't say i'm master, but i'm good enough to sell fixes/new features to certain MMO private servers cuz it's so buggy. That's mostly asm though…

I'm currently working on my own game and it's C++ with SDL. We'll see how it goes… so far it's preddy gud

will things like this become more rare as hardware becomes more powerful and they dont have to find ways to cram more data into a smaller space?

Propably. Also a lot of values nowadays are clamped so they can't overflow. Back then every CPU cycle counted, so clamping every value would be a waste of the CPU time (aka raster time)

I did reverse engineering on Devil May Cry 4 (and Special Edition). It's much easier than you're thinking it is.

Most people on CE tend to stop at the basics (infinite health, infinite something) however.

I used CE to find npc table in metin2 which allowed me to make a "scanner" hack which would tell where's the monster you are looking for.

What else do you use? I know my friend wanted to use static disassembly and a lot of other tools just to get Sam to spawn outside of his intended missions in MGR. But I think it was kind of over kill.

Files uploaded are other random bullshit I did to DMC4SE. I put in a bunch of disassembler comments which CE tends to fuck up on, but I'm going to have to put them in a separate document later.

I think I'm still happiest about autoskipping cutscenes since DMC4 has an annoying amount of them.

I was about to post about how the original USB jailbreak for PS4 worked, but i've found great page about it, so just read that !

cturt.github.io/ps4.html

If you're asking me what other programs i use for RE… well, I don't do RE that much anymore, but I mostly used IDA and it's remote debugger (metin2 server runs on FreeBSD) For the client (windows) it was CE + OllyDBG + IDA.

That should be a feature in every game.

If you watched DWaHMoV or any other run of HL2 on new engine, you're propably familiar with ABH (Accelerated Back Hopping) how does it work ?

It's Valve's poor attempt on fixing the bunnyhoping. When you go over the speed limit the game will give you some speed in opposite dirrection to slow you down, but since you're hopping backwards without holding the S key and you start by spriting forward, the game thinks you're going forward and gives you boost backwards. Every jump gives you more and more boost, since the ammount is your current speed - the limit.

You're talking out of your ass, skiddie.

I don't think so

Personally I feel learning about IVs made me dislike playing Pokemon, but aside from that I love learning about the inner workings of games.

Pikmin for the Gamecube has a debugger on the disk. Apparently the devs couldn't get the proper debuggers in time, so they made a quick one for normal computers. It can run as a normal program but you need some dependencies to get it working correctly.
In Turok: Evolution, if a tree lands on an enemy they die in one hit. This is an intended feature, and enemies will panic and not jump out the way. What isn't intended is that this works on the final boss. As a workaround the trees in the final fight take a lot of damage to fell, but it's still possible to topple one over the boss and instakill him.
Also in Turok: Evolution, you can play as a raptor in multiplayer. Pressing X on the Gamecube version changes your camera angle to third person. Jump in a pool of water and press X to go back to first person, and you'll find that the game now considers the whole map to be water. You can swim in the air and fly around, but you'll drown eventually. My guess is that they didn't give a fuck about playable raptors because it's only in 2 multiplayer modes. The game tests to see if you surface by checking where the first person camera is, and technically you didn't have a first person camera when you entered the water.
There's a Final Fantasy boss with so much health that healing the boss causes a value overflow, reducing it's health to 0. At least I think so, I don't follow FF much.
In the latest version of Minecraft pistons have a glitch where they don't exist for one frame while they retract. This causes a weird pulling motion as the piston head moves back, which can move the player and items. If a piston pushes down onto a player and retracts, it pulls them on top of the piston. This can be used to make elevators which can move the player faster than flying, and it's easy as fuck to do.
Pokemon Gold/Silver/Crystal has the Celebi Egg Trick, which causes data to be read from the wrong place and makes the game load a move ID as a pokemon ID. As the name suggests it's used to get Celebi. It's really complex, and I can't do it justice, so look here: glitchcity.info/wiki/index.php/Celebi_Trick

I've been searching my whole life for video games with tons of fun glitches but the only games I play are actually really good and had good testing.

The only game that comes close to being the best of both worlds for me is Mirror's Edge 1. It's in my top ten simply because pushing that game to it's absolute limit and getting impossible times doing so is the one of the most exhilarating experiences I've had with a game mechanics since the circlestrafing and "dance" mechanics of DooM.

We need a list of games that match this odd description.

Gothic is a great action rpg which also has shit ton of bugs. Even as a kid without internet I knew lots of tricks and bugs

Oh that reminds me of something. Team pokeme made a demo for Pokemon mini. It's not documented at all. Some GameCube game has an emulator of Pokemon mini, so they used it to make their own assembler and PC emulator and then coded pretty impressive demo
pouet.net/prod.php?which=16376

Those are cool but the coin case glitch in Gold/Silver is way better. In its heyday lots of kids knew about talking to the Machop in Vermilion and then using it to make the game do funny things, but fairly recently it came to light that you can use it to execute arbitrarty code. Anything I could say about it would just be copy-pasted from other people so just read this.

glitchcity.info/wiki/index.php/Coin_Case_glitch

It works even better in Hexen II because they increased the max speed, probably to account for class variances and the boots of speed.

Speaking of Doom, as a kid when playing MAP15, I was unable to make that jump to the ledge with the switch to lower the platform blocking a teleporter to the red keycard. But I found by accident mucking around inside the room that I could activate the switch from there.

I love just how many bugs in Pokemon Gen I seem to just be oversights. My favorite is probably encountering wild Pokemon in Misty's gym using the fishing rod, just because it's the first time I found and recognized a moment where the developer missed something.

In Arcanum, there are some places that you're not supposed to visit until a certain point in the main story. There are several major cities and places locked behind story progression. Arcanum operates with a global map like Fallout, and places of interest appear as you either explore around them, or, as mentioned, during story progression or getting a side quest. Story locations usually don't appear when you try to explore. However, if you place a waypoint very, VERY close to where they are, you can still discover them. We are talking a pixel or 2 margin of error.

This way you can get to Caladon, Stillwater and a few other places. But most notably, Vendigroth Ruins. That place is a lategame area that has many really powerful mechanical and arachnid enemies, but also holds the schematic and components for the best gun in the game.

When I play a gunslinger, I make a beeline for that place, and carefully navigate it to get the schematic and the components, for a huge early boost in power.

Never ever do that shit

To my knowledge, Mario Strikers Charged is the most bugged-but-functional game I've ever played and IMO it has all to do with two gimmicks they introduced in the game that didn't really translate well with the tracking system for the goalkeepers.
Basically, your goalie Kremling is programmed to follow opponents with the ball and to push away those that are near him. This works fine for like 99% of interactions, but the programmers never assumed that some characters, by virtue of using special moves, can zip through a slice of the field at a higher than average speed. Now, the goalie's AI knows that it can't get too much out of bounds and will always go back to its starting position if he does that, but the goalie is also programmed to punt dangerous opponents with a higher priority. This means that if you're using Boos (sometimes it works with other speed characters if you get good items or knockback) he'll desperately try and follow you through the whole field. If you pass the ball or he gets stuck into level geometry though he immediately sidesteps back to the goal area.

Also there's tons of little glitches surrounding the soccer ball, which can be "punted" in two ways, one of which was intended just as a way to bait opponents with no startup animation but that if performed very softly it grants extra speed and strengthens the next shot. The whole meta was basically set around doing weirdass tricks with it.

Don't worry he's speaking loosely. The internal check is if the difference between current and previous health is greater than 20, and only if the "damage" face is being displayed.

It still doesn't make it any less weird that they'd forget about such an easily tested feature though

Have they ever fixed it in post?

i can just smell op's autism

Maybe, I'd call it curiosity

Would you mind explaining more about the work you do for MMO servers? I'm a rank amateur at programming, but I once made an effective DLL injector that I hoped would help me bot a private MMO release for fun (I was limited by my ignorance of reversing though). Any tips or descriptions of experience you have in regards to learning memory manipulation as it applies to video games would be appreciated

This is a fascinating thread by the way, and good luck with your games

Nah when you're coding a whole lot of stuff it'd be quite easy to forget such a minor detail. Some source ports fix the bug.

Another fun bug in Doom is the idchoppers cheat code. It actually makes you invulnerable but only for an instant. This is what it does.

plyr->powers[pw_invulnerability] = true;

This setting is how many tics (1/35th of a second) the effect is supposed to last for, not an on/off flag.

Well, the MMO i was playing with had it's server side files leaked… but it was some old shit, propably beta from around 2004. It runs on FreeBSD, uses Mysql for tables, LUA for quests. At the very begining of private servers people only modified the server by the lua scripts, they were intended for quests, but could be used to do other cool stuff, of course in some way limited.

The main executable is about 50mb elf.. it's compiled in debug with and unstriped, so just throwing it into IDA was almost like reading the source… well, not quite, but after 2-3 years I just knew this whole engine even thought i never read the source… Untill last year, it was leaked.

At first we only did simple difs, that is just simple patches, like noping some calls or changing some jumps to modify some rules of the game that couldn't be done before. Then I started writing my own small functions and hooks in assembly in the file. I was using the stack protector space that was present in every function.. about 30-40 bytes each.

At that point I knew about DLLs on windows and I even wrote some before, but I couldn't do it on FreeBSD, the way of loading library in way different and it took me a long time to discover.

But since that it was easy as shit. I just have one source for one .so and I inejct it into the server file. The code is a mess of c++ classes and singletons and asm patches….

I'm working on a really shitty platformer, would you be willing to beta test in a couple of months?

You are cool op

Only partially true.
flafla2.github.io/2015/02/14/bunnyhop.html

Kek. Sure why not

Thanks for the link. I was looking for some explanation more in depth but couldn't find any

btw im working on a game too. You can add me on steam for chat or ocasional encouraging dickpic swap.
You have to send the invite, I don't have any games, so I can't send invites

steamcommunity.com/id/amigarules/

bump