Quantcast
Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
    1. Welcome to GTAForums!

    2. News

    1. Red Dead Redemption 2

      1. News
      2. Red Dead Online
      3. The Armadillo Inn *Spoilers*
    1. GTA Online

      1. After Hours
      2. Find Lobbies & Players
      3. Guides & Strategies
      4. Vehicles
      5. Content Creator
      6. Help & Support
    2. Crews

      1. Events
      2. Recruitment
    1. Grand Theft Auto Series

    2. GTA Next

    3. GTA V

      1. PC
      2. Guides & Strategies
      3. Help & Support
    4. GTA IV

      1. Episodes from Liberty City
      2. Multiplayer
      3. Guides & Strategies
      4. Help & Support
      5. GTA Mods
    5. GTA Chinatown Wars

    6. GTA Vice City Stories

    7. GTA Liberty City Stories

    8. GTA San Andreas

      1. Guides & Strategies
      2. Help & Support
      3. GTA Mods
    9. GTA Vice City

      1. Guides & Strategies
      2. Help & Support
      3. GTA Mods
    10. GTA III

      1. Guides & Strategies
      2. Help & Support
      3. GTA Mods
    11. Top Down Games

      1. GTA Advance
      2. GTA 2
      3. GTA
    12. Wiki

      1. Merchandising
    1. GTA Modding

      1. GTA V
      2. GTA IV
      3. GTA III, VC & SA
      4. Tutorials
    2. Mod Showroom

      1. Scripts & Plugins
      2. Maps
      3. Total Conversions
      4. Vehicles
      5. Textures
      6. Characters
      7. Tools
      8. Other
      9. Workshop
    3. Featured Mods

      1. DYOM
      2. OpenIV
      3. GTA: Underground
      4. GTA: Liberty City
      5. GTA: State of Liberty
    1. Red Dead Redemption

    2. Rockstar Games

    1. Off-Topic

      1. General Chat
      2. Gaming
      3. Technology
      4. Programming
      5. Movies & TV
      6. Music
      7. Sports
      8. Vehicles
    2. Expression

      1. Graphics / Visual Arts
      2. GFX Requests & Tutorials
      3. Writers' Discussion
      4. Debates & Discussion
    1. Forum Support

    2. Site Suggestions

Fooking

SA OM0

Recommended Posts

Fooking
I still don't understand some parts regarding duping safehouses. Why would you need Misappropriation to unlock the Abandoned Airstrip when you could already buy it after Interdiction?

 

 

 

You don't need it, but after I found out that Misappropriation unlocks the Airstrip, I wanted to try every mission to see if something else unlocks the Airstrip, and it does. Ran Fa Li unlocks the Airstrip, but it's one of the only 2 missions that work, but leaves blips behind. The other one is Madd Dogg's Rhymes, which unlocks Santa Maria Beach.

 

Edit: Updated list

 

 

 

0 Wang Cars - The Green Sabre & Mountain Cloud Boys1 Zero's RC Shop2 Airstrip - Ran Fa Li & Misappropriation3 Johnson House4 Willowfield5 Jefferson6 El Corona - Highjack7 Santa Maria Beach - Madd Dogg's Rhymes & N.O.E8 Verona Beach - Catalyst9 Mulholland - Zeroing In10 Mulholland (Madd Dogg's Mansion)11 Angel Pine - Intensive Care12 Angel Pine (trailer)13 Whetstone14 Dillimore15 Blueberry16 Palomino Creek - Cut Throat Business & Just Business17 Catalina's Hideout18 Doherty (garage)19 Doherty20 Hashbury - Saint Mark's Bistro21 Queens22 Paradiso - Nines and AK's23 Chinatown - Courier Asset & Breaking the Bank at Caligula's & High Stakes, Low Rider & Wu Zi Mu & Race Tournament & Dirt Track & 8-Track24 Calton Heights25 Tierra Robada - Drive-Thru26 Toreno's Ranch27 Fort Carson - Test Drive28 El Quebrados29 Prickle Pine30 Whitewood Estates31 Redsands West32 Rockshore West33 Creek34 Old Venturas Strip35 The Clown's Pocket36 Pirates in Men's Pants - Architectural Espionage & Key to her Heart37 The Camel's Toe - Life's a Beach38 The Four Dragons Casino

‌‌‌

 

Big Smoke: Crash

Ryder: Crash

Tagging up Turf: Crash

Cleaning the Hood: Crash

Drive Thru: Buy any safehouse right away, unlocks Tierra Robada

Nines and AK's: Buy any safehouse right away, opens Paradiso (it displays a green house on the map, instead of a floppy disc)

Drive-By: Crash

Sweet's Girl: Crash

Los Sepulcros: No crash, unlocks nothing

Doberman: Crash

Burning Desire: Crash

Gray Imports: Crash

Home Invasion: Crash

Catalyst: Exit the car and buy any safehouse, opens Verona Beach (it displays a green house on the map, instead of a floppy disc)

Robbing Uncle Sam: Crash

OG Loc: Crash

Wrong side of the Tracks: Crash

Just Business: Exit the car and buy any safehouse, unlocks Palomino Creek

Life's a Beach: Finish the dance and then buy any safehouse, unlocks Camel's Toe

Madd Dogg's Rhymes: Buy any safehouse right away, unlocks Santa Maria Beach (permanent blips)

Management Issues: Crash

House Party: Cutscene

House Party: Unknown, mission fails before you can reach any safehouse.

High Stakes, Low Rider: Buy any safehouse during the race, opens Chinatown (it displays a green house on the map, instead of a floppy disc)

Reuniting the Families: Crash

The Green Sabre: Buy any safehouse after getting into the marker but before entering the Bravura, unlocks Wang Cars. (Missions don't work)

Badlands: Crash

Local Liqour Store: Crash

King in Exile: Cutscene

Body Harvest: Crash

Small Town Bank: No crash, unlocks nothing

Tanker Commander: Crash

Against all odds: Crash

Wu Zi Mu: Unknown, crashes with OM0

Farewell, my Love: Opens Chinatown (it displays a green house on the map, instead of a floppy disc)

Are you going to San Fierro?: Crash

Wear Flowers in your Hair: Crash

Deconstruction: Crash

555 WE Tip: Crash

Snail Trail: Crash

Mountain Cloud Boys: Leave Woozie behind to avoid a permanent blip and buy any safehouse right away. Unlocks Wang Cars (Missions work properly)

Ran Fa Li: Buy any safehouse right away, opens the Airstrip (it displays a green house on the map, instead of a floppy disc) (permanent yellow marker, buying safehouses at other points crashes the game)

Lure: Crash

Amphibious Assault: Crash

The Da Nang Thang: Crash

Photo Opportunity: Crash

Jizzy: Cutscene

Jizzy: Crash

Outrider: Crash

Ice Cold Killa: Crash

Toreno's Last Flight: Crash

Yay Ka Boom Boom: Crash

Pier 69: Crash

T-Bone Mendez: Crash

Mike Toreno: Crash

Zeroing In: Buy any safehouse after stealing the car, unlocks Mulholland

Test Drive: Leave Cesar behind to avoid a permanent blip and then buy any safehouse, unlocks Fort Carson

Customs Fast Track: Crash

Puncture Wounds: Crash

Air Raid: Crash

Supply Lines...: Crash

New Model Army: Crash

Monster: Buy any safehouse right away, unlocks nothing (untested)

Highjack: Buy any safehouse right away, unlocks El Corona

Interdiction: Crash

Verdant Meadows: Cutscene

Learning to Fly: Crash

Boat School: Crash

Driving School: Crash

Bike School: No crash, unlocks nothing & doesn't even give double percentage

N.O.E: Buy any safehouse right away, Unlocks Santa Maria Beach

Stowaway: Crash

Black Project: Crash

Green Goo: Crash

Fender Ketchup: Crash

Explosive Situation: After the timer starts, unlocks nothing

You've had your Chips: Crash

Fish in a Barrel: Cutscene

Don Peyote: Crash

Intensive Care: Buy any safehouse after entering the marker at the Hospital, unlocks Angel Pine (house, not the trailer)

The Meat Business: Crash

Freefall: Crash

Saint Mark's Bistro: Buy any safehouse while in LC, unlocks Hashbury

Misappropriation: Buy any safehouse right away, unlocks the Airstrip

High Noon: Crash

Madd Dogg: Crash

Architectural Espionage: Start the mission without a Camera, kill the tourist and leave the pickup behind. Unlocks Pirates in Men's Pants.

Key to her Heart: Buy any safehouse during the chase, opens Pirates in Men's Pants (it displays a green house on the map, instead of a floppy disc)

Dam and Blast: Crash

Cop Wheels: Crash

Up, Up and Away!: Crash

Breaking the Bank at Caligula's: Buy any safehouse right away, Unlocks Chinatown

A Home in the Hills: Crash

Vertical Bird: At the few points the mission doesn't fail for leaving the ship, the game crashes

Home Coming: Crash

Cut Throat Business: Once you reach Santa Maria Beach with the Kart buy the safehouse. Unlocks Palomino Creek

Beat down on B Dup: Crash

Grove 4 Life: Crash

Riot: Crash

Los Desperados: Crash

End of the Line 1: Crash

End of the Line 2:

End of the Line 3:

Race Tournament: I tried World War Ace and Dirtbike Danger, both opened Chinatown (it displays a green house on the map, instead of a floppy disc)

Pimping: Crash

Trucking: Crash

Quarry 1: Crash

Quarry 2: Crash

Quarry 3: Crash

Quarry 4: Crash

Quarry 5: Crash

Quarry 6: Crash

Quarry 7: Crash

Pimping + Trucking:

Trucking + Pimping:

Pimping + Quarry:

Quarry + Pimping:

Burglary: Crash

Trucking + Burglary: Crashes when starting Burglary

Burglary + Trucking: Crashes when starting Trucking

Burglary + Quarry: Crashes when starting Quarry

Quarry + Burglary: Crashes when starting Burglary

Valet parking + Burglary: Burglary cancels Valet Parking

Burglary + Valet parking: Burglary cancels when using the Valet uniform

Valet parking: Mission fails when going too far, no safehouse can be reached.

Vigilante: Nothing duped, game crashes when getting into the vehicle, when pausing etc.

Paramedic: Impossible to leave the vehicle without cancelling the mission

Firefighter: Impossible to leave the vehicle without cancelling the mission

Taxi: Impossible to leave the vehicle without cancelling the mission

Bloodbowl: Crash

8-Track: Opens Chinatown (it displays a green house on the map, instead of a floppy disc)

Dirt Track: Opens Chinatown (it displays a green house on the map, instead of a floppy disc)

Kickstart: Crash

 

Edited by Fooking

Share this post


Link to post
Share on other sites
OrionSR

Comments and questions regarding Fooking's tests:

 

It's my understanding that you are using a cleo mod to launch missions on the Android version. Have all tests been on Android? Have successful results been tested on PC? I could probably craft a save with appropriately locked properties.

 

Can you send me links to before and after saves with a collection of "nothing unlocked" tests? If I can find anything amiss in the save then we can go back and check again with a specific test in mind.

 

Can I assume that all "nothing unlocked" tests except Bike School always provided double percentage?

 

When you mention the green house icon instead of the floppy disc, are red houses turning green?

 

Outdoor properties are not unlocked by the Buy Properties mission. They are controlled by the global variable $Total_Available_Save_Pickups ($885 PC, $884 mobile) and unlocked by other missions. I would not expect the Angel Pine trailer, Catalina's Hideout, the Doherty Garage, Toreno's Ranch, or Four Dragon's Casino (14 thru 18, respectively) to be unlocked by these strategies.

 

The Johnson House and Madd Dogg's Crib are also unlocked by missions but the save disks are always available (not limited by $Total_Available_Save_Pickups in the Player Save script). You just don't see the save pickup during the early mission because CJ is on a mission.

Share this post


Link to post
Share on other sites
Fooking

It's my understanding that you are using a cleo mod to launch missions on the Android version. Have all tests been on Android? Have successful results been tested on PC? I could probably craft a save with appropriately locked properties.

True. Testing on PC takes WAY too long, the only stuff I did on PC was Reuniting the Families, New Model Army and HSLR.

The reason why it takes too long, is because SA takes almost a minute to boot up and I have to find a save on gtasnp for every mission. On Mobile it takes 15-20 seconds to boot up, and I can immediatly open the mission menu and start a mission once the phone call is triggered.

 

Can you send me links to before and after saves with a collection of "nothing unlocked" tests? If I can find anything amiss in the save then we can go back and check again with a specific test in mind.

I can do that tomorrow, propably.

 

Can I assume that all "nothing unlocked" tests except Bike School always provided double percentage?

Yes, they do.

 

When you mention the green house icon instead of the floppy disc, are red houses turning green?

They are red (as my test save doesn't have the countryside or anything except LS unlocked.) Once the area with the safehouse is unlocked, it turns into a green icon. Edited by Fooking

Share this post


Link to post
Share on other sites
Patrick1994

@Orion
This is Misappropriation + Property Buying. [google scrlog]
00000578&0: [0914] COMMAND_0914 0
00000581&0: [0201] LOCATE_PLAYER_IN_CAR_CAR_3D
[nop, acts as a wait 0]
00000583&0: [1ADC] COMMAND_1ADC
the parameter to 0914 is 0 most likely because its type is nonsense, so whatever is left in ScriptParams[0] from earlier opcodes is used: 0 from "wait 0".

I have had a look at my SA instapass doc to check for waits in the airstrip unlock range; did not find anything that is usable and does not crash [i did not check out any version other than v1.0, though].
https://docs.google.com/spreadsheets/d/1iMA5yLGVAnxQvIFOVGk74hKasF2rrXiBSp2oHGoz8yc/edit#gid=843542130



Oh, there has been quite some action in here. I do not feel like reading it all. I'll just say that Ran Fa Li + Property Buying crashes on PC. I have tested it on SCM v1.0 and the other PC SCMs are identical for those two missions (I ran a diff program over all missions a while ago).


MONSTER & TRUCKING ALONE CRASHES THE GAME!

Please clarify.

Make x8 Monster work on PC remastered to change any% a whole lot. :D Monster x8 + Flight School = all of desert done (the ranch and airstrip missions). The Monster Trucks get stuck inside each other. Maybe loading a checkpoint helps - anything.

Feel free to just skip to the last paragraph if you feel lazy. ^^

This is how we do Monster x2 in any%. We gain control during the tutorial by having the intro cutscene start then and skipping it.



This is what TriplePat got with x3 Monster on PC (10sec clip at 1:23):

The execution is poor, that was not the point of the video. IIRC, I did the same with a camera to avoid CJ shooting and I was still too slow to get into the Monster truck before the tutorial restarts: The "getting into Monster" animation was interrupted and CJ teleported.

The third way to save the truck is warping to a tuning garage. But the LV one I tried was locked when LV is not unlocked (which is how it is in any% - LV/desert is not unlocked, only its missions). Using an SF one would work but the barriers cannot be passed - the undrowning glitch fails since the truck drowns and you only have 10s on foot until the mission fails, anyway.

Yet another way could be to start Monster with a call. Ending the call inside the tutorial cutscene would give control back so that we can get into the truck. However, remastered/mobile does not support om0 calls, right? The only way to get x8 Monster + a call would be valet parking, which requires om0 call holding. On PC, I do not see why it would not work but we cannot unlock Flight School there (and the setup requires a gf call which is purely random.



The remastered checkpoint system might make it work, somehow.
Maybe you can remotely repair the truck using a tuning garage without getting a black screen? Or you could teleport back to the tuning shop with a different Monster truck to get rid of it? Edited by Patrick1994

Share this post


Link to post
Share on other sites
Fooking

Please clarify.

Buying a safehouse during Trucking crashes the game, and buying a safehouse during Monster crashes the game. However, starting Trucking and then Monster, and then buying a safehouse will not crash the game.

Share this post


Link to post
Share on other sites
OrionSR

Buy Properties List updated with local offsets: (for reference with the Depreciate SA Instapass Stuff).

0	:BUYPRO1_306	Wang1	:BUYPRO1_410	Zeros2	:BUYPRO1_504	Airstrip3	:BUYPRO1_688	Santa Maria 4	:BUYPRO1_814	Rockshore West 5	:BUYPRO1_940	Fort Carson6	:BUYPRO1_1066	Prickle Pine7	:BUYPRO1_1192	Whitewood Estates 8	:BUYPRO1_1318	Palomino Creek 9	:BUYPRO1_1444	Redsands West 10	:BUYPRO1_1570	El Corona11	:BUYPRO1_1696	Calton Heights12	:BUYPRO1_1822	Muholland 13	:BUYPRO1_1948	Paradiso 14	:BUYPRO1_2074	Hashbury 15	:BUYPRO1_2200	Marina16	:BUYPRO1_2315	Pirate Pants17	:BUYPRO1_2437	Camel Toe18	:BUYPRO1_2559	Chinatown19	:BUYPRO1_2674	Whetstone20	:BUYPRO1_2789	Doherty21	:BUYPRO1_2904	Queens22	:BUYPRO1_3026	Angel Pine23	:BUYPRO1_3141	El Quebrados24	:BUYPRO1_3256	Tierra Robada25	:BUYPRO1_3371	Dillimore26	:BUYPRO1_3497	Jefferson27	:BUYPRO1_3612	Old Venturas Strip28	:BUYPRO1_3734	Clowns Pocket29	:BUYPRO1_3856	Creek30	:BUYPRO1_3971	Willowfield31	:BUYPRO1_4086	Blueberry

Share this post


Link to post
Share on other sites
Patrick1994

Please confirm that, Fooking. I tested it on PC v1.0: I started Monster, cheated om to 0, waited a few seconds, bought a property. My guess is that you forgot about version differences and thought that since T->Monster->Property did not crash for rhans, it must be due to Trucking.

 


I first thought you meant that Ran Fa Li unlocked Flight School. My bad. Anyway, I got Monster x8 to work using the food menu to gain control during the tutorial, just like we do in any%. But since we cannot unlock Flight School, it is worthless. Monster x3 would not skip Verdant Meadows, so I could buy the airstrip normally. It would skip Interdiction in addition to High Jack. However, there would need to be a fast setup to save the Monster truck, which does not exist, atm.

 

 

The Property Buying mission differs slightly in the remastered (and mobile) version. I analyzed Ran Fa Li which crashes on v1.0 but is fine on remastered (I used "winstore 1009" from Blantas). Global variables differ between those versions:
v1.0
{613} 02A7: $592 = create_icon_marker_and_sphere $591 at $666 $667 $668
{630} 018B: set_marker $592 radar_mode 2
mobile
{613} 02A7: $320[271] = create_icon_marker_and_sphere $591 at $665 $666 $667
{630} 018B: set_marker $320[271] radar_mode 2

 

So when the game executes the underlined variable as opcode, different things happen in each version: On mobile, 093C is executed, on PC 0940 (4 higher, since the variable number is bigger by 1 and a variable is 4 byte in size). 093C is a nop without parameters, 0940 is not a nop. It does not crash but it takes a parameter. Therefore, the following commands are different.

This is what is executed on PC:
00000628&1: [0940] SET_GROUP_FOLLOW_STATUS [uNKNOWN] 67715074
00000636&1: [9902] NOT COMMAND_1902 <-- crashes
On mobile, I suppose, this is executed:
628: [093C] NOP
intended commands from here on
Edited by Patrick1994

Share this post


Link to post
Share on other sites
Fooking

Hmm... Monster seems to be different on Mobile, I can start Monster during New Model Army whereas it crashes on PC. I'll try buying a property again, give me a minute.

 

Edit: Well, it works. Updated the testing list.

 

Edit 2: Patrick, can you tell me if the scripts say anything about the black Maverick in Interdiction that flies away and never returns? If it does, what conditions have to be met?

Edited by Fooking

Share this post


Link to post
Share on other sites
Patrick1994

@Fooking http://gtaforums.com/topic/833455-gta-sa-special-vehicle-guide/?do=findComment&comment=1069709529

 

[The next paragraph is more technical than usual]

Monster is an interesting case. The game loads 69000 bytes from the file main.scm into the part of memory where the mission code is in. Since BUYPRO1 (Property Buying mission) is at the end of the scm, only 4000 by are loaded, the rest of the previous mission (Monster in this case) remains. Since the Monster loop is at offset 5000 (1000 later), it coexists with Property Buying. However, starting missions initializes all local variables with 0, including the Monster handle, it counts as wrecked.

 

I have written some docs on instapasses a while ago. This property stuff is instapassing, too, but it feels funny to call it that since the Property Buying mission is so short. Feel free to skim/read them, it is a lot of stuff and most is probably not too important if at all. ^^

https://docs.google.com/document/d/1yMBtR3K1BlHd1dGL2HHuAjV-8JV50m3nqIMtyugARHA/edit?usp=sharing [Edit: this is mostly by Nick]

https://docs.google.com/document/d/10SYdrh4kTpICmsYZgnHXH5OrE_W4VY5WWpXw81ITivo/edit?usp=sharing

Edited by Patrick1994

Share this post


Link to post
Share on other sites
OrionSR
I wrote a script to tweak my icons and lock my enexes and garages and then launch the BuyPro1 mission so I test Fooking's successful mobile results on PCv1.


Courier Asset, right away, Chinatown

BMX, right away, crash

Street Race, right away, Chinatown enex only

Drive-Thru, right away, crash

Nines and Aks, right away, crash

Catalyst, right away, crash

Just Business, right away, crash

Life's a Beach, after dance, crash

Madd Dogg's Rhymes, right away, crash

Green Sabre, before entering Bravara, Wangs Autos, CV icon only

Cloud Mountain Boys, leave Woozie behind, crash

Ran Fa Li, right away, crash

Zeroing In, after stealing car, crash

Test Drive, leave Cesar behind, crash

Highjack, right away, crash

N.O.E., right away, crash

Intensive Care, after entering the marker at the Hospital, crash

Saint Mark's Bistro, while in LC, doesn't crash right away, doesn't seem to unlock anything in SF

Misappropriation, right away, crash

Architectural Espionage, leave camera behind, Pirates in Men's Pants Save Icon and Enex

Key to her Heart, right away, crash

Breaking the Bank at Caligula's, right away, crash

Cut Throat Business, exit Kart, double percentage
Edited by OrionSR

Share this post


Link to post
Share on other sites
‫

As far as i remember duping jury fury dupe the blips but they stay only for time you are around the blip if you leave radius it will disappear

Share this post


Link to post
Share on other sites
Fooking

What??? I'll try it after my last exam for today then, it's really odd that it crashes for you on PC..

Share this post


Link to post
Share on other sites
Nick007J

As far as i remember duping jury fury dupe the blips but they stay only for time you are around the blip if you leave radius it will disappear

That's because these blips are directly attached to entity and therefore are removed as soon as attached entity despawns. SA blips mechanic is generally more complicated.

Share this post


Link to post
Share on other sites
Fooking

Okay, what the f*ck, so the Mobile version is actually better when it comes to safehouse duping...

 

I tried Ran Fa Li on PC, and it doesn't work.

Edited by Fooking

Share this post


Link to post
Share on other sites
Nick007J

Okay, what the f*ck, so the Mobile version is actually better when it comes to safehouse duping...

 

I tried Ran Fa Li on PC, and it doesn't work.

It's not better, it has different script. Same thing as a common misconseption, when people thought japanese version of Vice City is "more stable", whereas it just had different script.

Share this post


Link to post
Share on other sites
Patrick1994

To simplify what Nick said: Different versions are different, not "more stable" or less. That means that some instapasses (property stuff is kind of an instapass) are exclusive to one versions, some to another, most "work" on all of them.

 

The SF CV icon is really just map icon and marker (I had to make sure). The thread that starts missions is not launched, so it does not give us early double-traction bikes. D:

 

 

 

Btw, I want to automate "crash testing" fully. Example:

 

From my instapass doc I see that the Vigilante wait at 14671 would instapass Dam&Blast (found by Powdinet). I want to test if it crashes:

My script should create a main.scm that contains a mission that has the perfect wait offset right after starting it (code is here: https://pastebin.com/zJPs3qNKI just need to convert it to binary data and add it into the scm, I also need to make it detect the stack from the thread name of the target mission (Dam & Blast; see the stack fixing part of my "advanced instapasses" doc)). Then it should start SA, launch the prepared mission, then launch the target mission.

 

Then it should parse scrlog.log and tell me what code was executed.

Share this post


Link to post
Share on other sites
‫

If You dupe first SF mission will the blips remain? (police station or hospital) or.. Can you force them to stay?

Share this post


Link to post
Share on other sites
Fooking

The SF CV icon is really just map icon and marker (I had to make sure). The thread that starts missions is not launched, so it does not give us early double-traction bikes. D:

Buying a safehouse during MCB (On Mobile) unlocks the CV missions, during TGS it only places an icon there.

Share this post


Link to post
Share on other sites
OrionSR

I can confirm another one of Fooking's observations: testing on PC takes a long time. It took a lot longer to complete my tests than I was expecting.

 

Additional Comments:

 

St Mark's Bistro was giving me fits. I could buy property while in LS simply by launching the mission with cleo, and return to SA by getting wasted, but it left my map without icons (but not the mini-map, oddly enough). I didn't make progress observations. I could save but couldn't load the save - might have a mission in memory; I need to check with a save editor. Can you provide more information on how this test was conducted on mobile?

 

I'm considering editing my main.scm to provide an indexed progress report. Basically, increment the progress provided for each subsequent property routine, then compare the difference in progress made to determine which partial routine has been executed.

 

I was expecting major differences in how this exploit would work on mobile and PC once I learned the importance of the precise location of wait commands within the local missions. I've made several attempts at directly comparing scripts from different versions and there are frequently slight changes that would make a huge difference in offsets if they occur early in the mission. I hadn't anticipated how the global variable would complicate matters.

 

Fooking, I've been impressed by your results, even if they mostly apply to mobile. And inspired. I'm considering the idea of running more tests based on the idea that experimentation is more likely to produce results. So far, careful planning has been better suited to explaining what's going on after something interesting has been discovered. But then again... SA on PC? I would expect that players have already tested every mission against the buy property mission just to see what happens. How new are these exploits?

 

 

I tried Ran Fa Li on PC, and it doesn't work.

 

My cleo strategy is new, my confidence is still low, but bolstered by confirmation of known strategies. Did you run your test with more natural strategies?

Edited by OrionSR

Share this post


Link to post
Share on other sites
Fooking

But then again... SA on PC? I would expect that players have already tested every mission against the buy property mission just to see what happens. How new are these exploits

Rhans's video was made on the 30th of December, but TriplePat discovered it. Probably a few days before that.

 

Not sure when it was discovered that Chinatown is unlocked when duping it using a Courier asset, but it came to my attention in my livestream a couple of days ago, right after the stream I made that video.

 

My cleo strategy is new, my confidence is still low, but bolstered by confirmation of known strategies. Did you run your test with more natural strategies?

I use the OnMissionChanger (direct download) to have OM0 after starting a mission, then I walk (or teleport using SACC) to a safehouse and buy it. Edited by Fooking

Share this post


Link to post
Share on other sites
Patrick1994

Most importantly: Fooking, I cannot make sense of the Mountain Cloud Boy thing, please upload all of your mobile main.scm and script.img versions (if you own multiple versions). Should be in gtasa_directory/data/script

 

 

 

 

Patrick1994 told me that there is an offset between (idk the exact numbers, but it's similar I hope) 1996000 and 1997000. If the value is in between this, a safehouse should unlock. I hope he'll get here soon, as he'll be able to explain it better.

Elaboration on that:

Install Cheat Engine, open the cheat table, make sure that the LUA script runs (say "yes"), make sure that auto-attach is enabled (see picture).

574e8373eb67e58e50113adc2b33eb5b.png

Now watch the value it tells you to watch (first entry in the table).

 

I also did not say "they will unlock", I said "~50% of the time". Approximately 50% of the offsets are useful (I estimate; just think of "offset" as "value in the cheat engine window") that are 19xxxxxx (see the cheat engine file). Those 50% are not chance. Same offset, same result.

 

 

 

@Orion

Regarding relative offsets of each command. You can get global offsets using the "code offsets" debugging feature of Sanny [thanks Nick]. Local offsets need to be calculated, still. D:

77242d39132600c14db4bf4f7608dbaa.png

 

 

 

Are there any open questions, apart from how some property "instapasses" worked? Here is Powdinet's explanation of "perma-passes" (the mission passed part of the mission being called over and over), that might be going on for the mysterious "property instapasses" (except that in this case, right after the unlock, the Property Buying thread ends because those missions just work like that, they are an exception):

 

A bit of explanation:

 

This works because LCS and VCS, unlike the previous games, always load only the mission code instead of a set number of bytes.

 

This means that you can have a big mission code running at the same time as a small mission (this is also possible in the previous games, but only with the last mission [note: a bit more than just the last one], so it's not as easy to manipulate)

 

Using this, all you have to do is find a big mission that executes a gosub or a function call into an offset that is now held by the small mission. Ideally it calls right into the mission pass code, but in this case, it jumped into the main loop of the mission, so it essentially dupes the mission. When the mission is passed, it jumps back to the big mission's loop, then jumps back again to the small mission. Now, since the variables have all been set correctly to pass the mission, it passes the mission, then loops back again infinitely.

Source

It could also be a jump instead of a gosub. It could even be a return: When a new mission is loaded, only the mission code changes (only the first ~4200 bytes in the case of Property buying). The "old" mission thread itself (e.g. the Architectural Espionage thread) does not change, so the stack stays the same. It could return into Property code - if, when the property was bought, it was inside a loop inside a sub-routine.

Edited by Patrick1994

Share this post


Link to post
Share on other sites
OrionSR

Thanks for the hint on CODE_OFFSETS. That will help a lot in my efforts to hex edit indexed progress into my main.scm, I'm not sure yet if I can trust a recompiled script to maintain the proper offsets.

 

Something I forgot to mention in my report of PC confirmation tests of Fooking's property duping experiments on mobile: Since 8-Track, Dirt Track and all all race tournaments, including the race portion of High Stakes, Low Rider, Wu Zi Mu, and Farewell, My Love, are all controlled by the same script, I didn't repeat tests for anything other than a default bike race in LS. I'm expecting all race tournaments and missions to produce the same results unless you can get something interesting to happen while following Cesar to the HSLR starting point.

 

Is there any hope of duping a mission plus the BMX/NRG Stunt mission and jump to a buypro1 routine that was loaded in the slack of the stunt mission? I'm not at all sure how this works but this seemed to be implied by previous statements.

Edited by OrionSR

Share this post


Link to post
Share on other sites
Fooking

I'll install SA Mobile now and record a test video for MCB and Ran Fa Li, and then upload the main.scm to my Google Drive

 

I couldn't find them at first, but they're located in the .apk itself lol.

scriptV1.img

mainV1.scm

 

[Youtube]

 

I also showed Misappropriation just for fun.

Edited by Fooking

Share this post


Link to post
Share on other sites
Patrick1994

Fooking, I still cannot make any sense of Mountain Cloud + Property. Once I get a new smartphone, I will check if the PC scm also "works" using the mobile version. I have already tried the other way around (mobile Mountain Cloud Boys in the PC version) and it made no difference [still crashes].

[i used Sanny's "hex [hex code] end" syntax to copy the mobile code since I could not decompiled it; I did not copy over the Property Buying code because I had already verified that at the relevant offset the code is identical to PC (where it crashes according to scrlog: it starts at offset 235, there it executes "is char dead", then invalid opcode FFF3).]

 

 

Orion:

mission plus the BMX/NRG

BMX results in a crash because it jumps to offset 4201 ("break" of the switch-case) of the started mission (BMX) after the property is bought. On both PC versions, this is a crash (I had looked into it a while ago). Since the jump happens on the same frame as the unlock, you cannot replace the mission code yet again to avert that jump.

 

Some other mission before BMX might work.

 

See "Blow Fish style instapass" for an example of this jump (your idea is in the doc, too, under "long instapasses").

 

 

 

 

I do not see why editing the scm in Sanny would mess with offsets, but you can verify that by diffing the decompiled original.scm and the decompiled edited.scm (https://www.diffchecker.com/) with the code_offsets debugging option.

Edited by Patrick1994

Share this post


Link to post
Share on other sites
‫

Would these property warps work on ps2 as well or they are too 'heavy' for ps2 to handle

Share this post


Link to post
Share on other sites
Fooking

Courier Asset, right away, Chinatown

Street Race, right away, Chinatown enex only

Green Sabre, before entering Bravara, Wangs Autos, CV icon only

Saint Mark's Bistro, while in LC, doesn't crash right away, doesn't seem to unlock anything in SF

Architectural Espionage, leave camera behind, Pirates in Men's Pants Save Icon and Enex

These ones should work, I can't tell for sure but you just have to try. Edited by Fooking

Share this post


Link to post
Share on other sites
‫

Endex what does that mean?

Share this post


Link to post
Share on other sites
Nick007J

I checked why game doesn't crash on mobile. Hilariously, just a day after saying that there are no "more stable versions", I have to take my words back.

 

Here is a rough decompilation of PC function:

 

char CRunningScript::ProcessOneCommand(){  ++CTheScripts::CommandsExecuted;  unsigned short opcode = *(unsigned short*)m_pCurrentIP;  m_pCurrentIP = (char *)m_pCurrentIP + 2;  m_bNotFlag = (opcode & 0x8000 == 0x8000);  return gCommandsTable[(opcode & 0x7FFF) / 100](opcode & 0x7FFF);}
Here is one from Android (I removed debugging and irrelevant stuff)

 

char CRunningScript::ProcessOneCommand(){  ++CTheScripts::CommandsExecuted;  unsigned short opcode = *(unsigned short*)m_pCurrentIP;  m_pCurrentIP = (char *)m_pCurrentIP + 2;  m_bNotFlag = (opcode & 0x8000 == 0x8000);  char (__thiscall *f)(CRunningScript*, int);  if (opcode <= 2699)    f = gCommandsTable[(opcode & 0x7FFF) / 100];  else    f = CRunningScript::ProcessCommands2600To2699;  // stuff  if (opcode != 0) //WAIT    //stuff    return f(opcode);  else    return 1;}
So unlike PC, which crashes on all unknown opcodes (>=2700), all such opcodes are ignored on Android, which actually makes it "more stable" than PC and consoles. Edited by Nick007J

Share this post


Link to post
Share on other sites
Fooking

Endex what does that mean?

There are 4 results;

● Crash

● Nothing unlocked, but double %

● Another safehouse unlocked, double % (this will display a save icon on the map, and a blue/green icon in front of the safehouse)

● Amother safehouse opened, double % (this will keep the red/green icon on the map, and the blue/green icon in front of the safehouse)

Share this post


Link to post
Share on other sites
Nick007J

Endex what does that mean?

I guess you mean 'enex', which is short for 'entry exit' - a yellow marker for interiors. R* called corresponding section in config files 'ENEX'.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • 1 User Currently Viewing
    0 Members, 0 Anonymous, 1 Guest

×

Important Information

By using GTAForums.com, you agree to our Terms of Use and Privacy Policy.