CTF(capture the flag) in GBAFE

7743 · December 26, 2023, 3:49am

Download

What is this?

This is an attempt to do CTF (capture the flag), which is often done at computer security conferences such as defcon, at ROMHack.
CTF is a competition to find the hidden passcode faster than anyone else by decrypting binary data and ciphers.

You have to fix the glitch in the game and find the passcode by looking at the EndEvent.
Once you find the passcode, please take a screenshot of the game and post it.

Please do not use Ctrl+U in the FEBuilderGBA debugger, etc. to directly display the EndEvent.
It would be great if you could also post when you have created an interesting problem.
Let’s deepen our understanding of the game by experiencing and solving glitch.

Q1:
Glitch in enemy turn.
Difficulty: low
ctf01

Model answer:

This is because this enemy unit is positioned out of range.
Simply moving him to the correct position will solve this problem.

password:
ctf01_ans.emulator

Q2:
Collapsing world.
Difficulty: low
ctf02

Model answer:

This is because you forgot the instruction to turn off the background.
This can be solved by simply adding an instruction to turn off the background.

password:
ctf02_ans.emulator

Q3:
Missing a weapon. Where is Merlinus?
Difficulty: Middle
ctf03_ans.emulator

Model answer:

This is because Supply is checked in Ability2 for both the Merlinus character and the class Transporter.
This feature is inherited by FE8 from FE7.
Units with this Ability will not appear on the Prepare screen.
Therefore, the solution is to turn off both of these checks.

This brings Merlinus to the preparation screen, where you can select him as a unit.
He has a Super sword which is very strong and you can use it to clear the game.

ctf03_ans3
ctf03_ans4
ctf03_ans5

password:
ctf03_ans.emulator

Q4:
Missing DeathQuote
For some reason, the event battle with the boss does not occur, and the DeathQuote is not displayed, even though it should be set correctly.
Difficulty: Hard

ctf04.emulator

Model answer:

This is because the game engine misunderstands that the screen remains dark.
After darkening the screen with FADI, you must issue FADU, etc. to restore the screen to its original state.

However, if you start a conversation with Dialog (TEXTSTART) after FADI, for some reason, the screen goes blank and the game engine operates normally.
However, the game engine recognizes that the screen is still dark, so the issuance of event combat is ignored.
Since no event combat occurs, no DeathQuote is generated.

Issuing a FADU just before the event combat will work correctly.

password:
ctf04.emulator_password

Q5:
Unopenable treasure chest
Somehow you are unable to retrieve the item from the treasure chest.
Difficulty: Middle

ctf05.emulator

Model answer:

This is because the designation of treasure chest and empty chest is reversed in tileset.
In FE8U, both are displayed as chest, so it is easy to make a mistake.
You have to be careful when creating a custom tileset.
In FEBuilderGBA, because it is confusing, the treasure chest tile is shown as chest and the empty box tile as chest [empty].

ctf05.emulator2
ctf05.emulator1

password:
ctf05.emulator_clear

Q6:
After 2 minutes, the world collapses.
Difficulty: Middle

ctf06.emulator_freeze

Model answer:

This is because the music data is corrupted.
In this case, I broke it by forcefully rewriting the address of the GOTO jump destination for this track using hex editor.
If I re-import a different song, it works correctly.

If you change the Map BGM to a different song, you can still solve the puzzle.

Failure to check the music data can cause this strange situation.
When testing, it is recommended to use frame skipping and listen to one loop of the song.

If you have a large amount of data, you may want to put SoundRoom in random playback mode and leave it overnight to see what happens.

password:
ctf06.emulator

Q7:
Cannot display menu
Difficulty:Hard (ASM, report7z)

Model answer:

Since this is report7z, you can use the diff debug tool to solve this problem.

Start the diff debug tool from MENU->Tools.

The data is listed in chronological order, so find the last backup that was working correctly.

With the last correctly working backup selected, take a diff diff. 4.

This time there was only one diff.
Let’s merge this one for now.

Press F5 and you will see that it works correctly.
Problem solved.

This is because the Hook address in the patch that anyone can use Supply is wrong.
This time I forced the address destruction with hex editor to create this CTF07.
It is quite difficult to track down the problem with ASM, but with the diff debug tool, I can see that the problem can be easily fixed.

password:
ctf07.emulator2

RecursiveBow · December 26, 2023, 5:29am

̶F̶r̶o̶m̶ ̶t̶h̶e̶ ̶t̶i̶t̶l̶e̶,̶ ̶I̶ ̶t̶h̶o̶u̶g̶h̶t̶ ̶y̶o̶u̶ ̶a̶d̶d̶e̶d̶ ̶a̶ ̶"̶C̶a̶p̶t̶u̶r̶e̶ ̶t̶h̶e̶ ̶F̶l̶a̶g̶"̶ ̶P̶v̶P̶ ̶g̶a̶m̶e̶ ̶m̶o̶d̶e̶ ̶l̶u̶l̶

This is truly awesome. The first two are one of the most common issues I’ve encountered myself when making chapters, and the third one was a really neat fact I didn’t know.

Looking forwards to more of this, if you’re going to do more! If you need any help, I myself am a bit of an expert when it comes to completely breaking the game in dumb ways.

Passwords

Splendid work!

7743 · December 26, 2023, 8:54am

Congrats on clearing the game.
Thanks for playing.

It will take some time to create the problem, so I can’t do it right away.
However, I have several ideas for event battle, map change, and ASM (report7z).

TheColorRed · December 26, 2023, 8:21pm

This is pretty cool. I vaguely remembered the answer to #3, but I only realized it when I accidentally opened the ending dialogue somehow in the text editor.

Passwords

7743 · December 27, 2023, 2:11am

Congrats on clearing the game.
Thanks for playing.

7743 · December 28, 2023, 1:22am

@RecursiveBow @TheColorRed
I added Q4 ,Q5 ,Q6 and Q7

RecursiveBow · December 28, 2023, 7:50pm

The thumbnail for Q7 makes it look like you have to mess with some assembler, I was scared to open it lol

Screenshots

Q6 took me a while because I played without sound, so I didn’t notice the new music

I can see someone intentionally using Q6’s bug to create a truly “time trial” map where you have to beat the map in X minutes or else the world collapses

More people need to do this! It’s an amazing exercise, they are really short, and they help a ton

LeskLyfeld · December 28, 2023, 8:23pm

I am mainly spying this but that would be a fun spin to a game gimmick - maybe to a likelihood of a FE game mixed with Half-Minute Hero (world ends every 30 seconds but you can pay gold to reset the clock) with a different length to accomodate FE’s playstyle.

Vesly · December 28, 2023, 8:30pm

No need - Contro’s goal window hack can display a timer. You just need some ram to store it in. Iirc his displays game time by default.
https://github.com/masterofcontroversy/ModularGoalWindow
My edited version: https://github.com/Veslyquix/Roguelike/blob/main/Patches/ModularGoalWindow/src/DrawTimeText.c#L40

You can see a 10 second per turn countdown used by me here: Make A Really Terrific Hack: MARTH - #10 by Vesly

@Contro official release when? Add a countdown version, too

Limited time fe aside, this is some neat stuff, 7743. It made me start thinking about asm puzzles to solve ingame to progress somehow. Not sure how that would work.

7743 · December 29, 2023, 2:02am

Congrats on clearing the game.
Thanks for playing.

Yes, maybe I should have given some hints about the sound.
I did not assume that some people play with the sound turned off.

RecursiveBow · December 29, 2023, 3:49am

I think it’s fine this way. You should check everything in the chapter. The “flag 4 on” was enough of a clue