Mapping Off-the-Map Turf and Zone Glitches

[OrionSR]

Off-the-Map Turf and Zone Glitches

Flying outside the normal bounds of the map was always a favorite exploit on the original edition of San Andreas on PS2. Over 170 extra gang turfs could be glitched on the map if the player flew far enough. But on PC the glitch doesn't work the same way. Only a dozen zones at the end of info,zon can be glitched using this trick on PC.

But there are nasty side effects to traveling off the map on PC. Most notably, the Taxi Glitch where no passengers spawn anywhere. But also the Toreno Glitch - during the Mike Toreno mission the Doherty zones might be altered, breaking the mission if both zones are glitched. There are also other problems associated with zone names not displaying properly; a lot of players probably wouldn't notice. The severity of the Taxi and Toreno glitches has led to a culture that avoids this glitch on PC by staying within the normal bounds of the map.

Now we have a map of the off-the-map sectors and can avoid the minefield of taxi glitches to navigate towards the treasures of finally glitching the Mafia onto our maps without resorting to editors or modding. There are existing turf exploits that allow CJ to boost the density of existing gangs and add them to other zones. But normally there are no mafia on the map. A map of the sectors should allow players to glitch specific gangs into the best of the few zones available for exploit.

The images below can be enlarged, but they are just a snapshot of a much larger Google Sheet. Once things have been tested and any bugs worked out of the map I'll look into options for hosting a large composite map. In the meantime, view access is available for my SA Zone Glitches Google Sheets. This is a new document and could use confirmation. So far everything looks good. All of my conflicts have been resolved.

SA Zone Glitches - PC

SA Zone Glitches - PS2

 

A special thanks to rhans for the inspiration to map the mafia glitch sectors, to Nick007J for technical support and digging the formulas out of the game, and Bender for his work on refining the PS2 map.

________________________________________________________

This glitch is reported to only work for the original edition of San Andreas, but that should include "downgraded" v1 executables on PC. Script and data files won't make a difference. Xbox players have reported the taxi glitch but I have no way to verify that the Xbox glitch can be mapped to the PC glitches.

This glitch is prevented by the SilentPatch. Apply the patch to avoid problems. Disable it if you want to experiment with glitching some turfs or zones. I'm not sure if the patch has an option for this.

________________________________________________________

Fixing Corrupt Zone Information: If you get into trouble by traveling off the map and are encountering the Taxi, Toreno, or other zone information glitches, GTASnP.com can fix that for you. It doesn't attempt to fix individual errors. Instead it will replace the entire zoneinfo structure with a copy of known quality stored for this purpose. This repair will not alter zonepop's gang data.

________________________________________________________

A "sector" describes a square of the 10 by 10 grid that fogs areas of the map that CJ has yet to explore. The sectors are 600 meters square and center on 0, 0 in Blueberry. The glitch is caused when the routine that unfogs the map gets coordinates that are outside of the expected range. A normal index of 0 through 99 will unfog a sector of the map. A negative index corrupts the end of the zone population structure that holds information on gang density. An index beyond 99 can corrupt the zone information associated with zone names.

There aren't many good reasons to corrupt zone information intentionally, and there are always taxi, toreno and zone name glitches lurking in this area, but rhans found that if he glitches the ID of the SAN_AND zone it will link the large underlying zone to JTE1, Julius Freeway East in LV. Whichever gang controls JTE1 will have it's color displayed over the entire map, and SAN_AND finally scores as under control in the stats. A similar glitch is SUNMA to the north, and if both sectors are glitched then JTN1 is linked to SAN_AND. This is a new glitch; the implications are not well understood.

________________________________________________________

Understanding the Data

In the Sheet, three rows are associated with each sector to form a square when bordered with the column width. The bottom row contains the formula for calculating an index based on CJ's location on the margins of the sheet. The index is linked to the record and byte descriptions by the lookup table for display in the other rows. The top row displays the record being glitched; these group in columns. The 2nd row describes which byte within the record is manipulated. All zones with the same index will produce the same glitch.

The glitch can only work on null bytes. If the value isn't 00 then the game thinks the sector has already been unlocked and it won't make any changes. Zone Information data (names, coordinates, IDs, etc) that can be glitched are shaded. Zone Population data (gang density) is shaded for standard gangs. Dealers, unused gangs, and color bytes are considered safe and are not shaded. The following post has more details on the formatting rules and the known effects of each type of glitch.

Open Sectors (-1 thru -4) is written not read, so we can't instantly unfog the whole map on PC by glitching an upper byte, but it counts as a new sector and will increase the count within the OpenSector integer by 1 every 5 seconds (detection cycle) while CJ is within the zone. The whole map will unfog at 80 so it shouldn't take long for the map to unfog if CJ hangs in the area for a while. The nZones WORD has data; the align bytes can be glitched but it won't matter.

ZonePop data is mostly empty, unless gangs are present. Otherwise, popcycle and ethnicity will always have data, and are immune from corruption. If gangs are present then dealers are too, anything glitched into this field will probably be adjusted by other game mechanics. The RGBA color bytes are updated regularly. Modders often have trouble getting their custom colors to stick. Everything else is gang density.

An important factor in intentionally glitching gangs is that given multiple gangs of equal density (01), the gang with the lowest index (ballas) has control of the turf. And since all the close gang zones are located to the south, you'll need to sneak around the upper gangs to give priority to your target. Mafia, in this case, as they are unique as the only gang with fully rounded gang data but no place to spawn in game. But any gang will do, and it might provide other opportunities for migrating gangd now that it's not such a random process.

On PC, the turf glitches are limited to negative indexes. The math works out to limit all damage to the last 14 records of the zonepop structure and a little of the 15th, but the damage in the 15th can't reach gang data, and there are 2 unused records in memory that aren't in the save, so in the end only 12 turfs can be manipulated with these exploits. However, once you've got the gang you want in the city you need them, other exploits can be used to spread them around.

 

Some of the zones that can be glitched already have regular densities for standard gangs (PLS, LIND3). It's possible to clear all gangs from a zone by natural means, but it requires a gang war that ends with a density of 256 for grove, wiping out all traces of gangs so you can start fresh. I still need to go through the data and mark these gang zones differently, and highlight the best choices for new gangs in each city.

 

On PS2, the glitches are reversed. Negative indexes to the south, and off the map to the distant north, will cause zone info corruption. The damage is limited to the last 7 entries. There doesn't appear to be any conflicts with missions, or advantages to intentional corruption. Positive indexes to the east and represent the popular gang glitches caused by flying off the map. This map might make hunting for your 173rd zone a little less random.

Zone Information - Here There Be Monster!

Monsters like the Taxi Glitch. But most of the zone info bytes contain data. The characters of the zone name, X and Y coordinates, ID (mostly), island - all contain useful data. There are a few exceptions. The character strings allow for 8 bytes, which can include as many as 7 letters and numbers but must terminate with a null character, 00. When the terminator byte on the second instance of SAN_AND is corrupt the game can't find the base map and won't look for passengers in the area.

SAN_AND uses all 7 characters, but a 3 letter zone (TOM) would have 5 null bytes following the text. The byte immediately after the text must be the null terminator, the rest don't matter. The initial version of this map/sheet uses a 7 + null template for all zones. It has been updated reflect the true length of each string.

Edited August 28, 2017 by OrionSR

[OrionSR]

Conditional Formatting

 

The latest iteration of map sheet is using conditional formatting. Once I expanded the map to wrap around in the east when the pattern repeats it became far too difficult to format all of the potential null terminator glitches. Formatting rules are defined below.

 

And for now, gang8 and gang9 (indexed, ordinal as Gang 9 and Gang 10) are considered safe sectors. Clear paths are emerging in the gang data in the south. It's easy to imagine a route that travels the safe routes and dips into or crosses over the desired zone at a certain distance. Distance, as estimated by flight time, and more accurately measured by comparing distance traveled stats. The ocean grid makes cardinal navigation pretty easy. A dip into the history of flight navigation should provide a decent template for planning flight paths that rely solely on instruments.

 

Zone Information Formatting

• Taxi - Bright Red, no passengers anywhere unless repaired
• Toreno - Bright Red, can't complete Mike Toreno mission if both Doherty zones are glitched
• term - light red 3, null string terminator associated with zone name glitches
• null - light red 2 (null string terminator of the other string, not sure what this does
• Type - lighter red, not sure what this does
• .Island - lighter red, for SAN_AND with null island, unknown effect
• ID[1] - Orange, generic version of JTE1 ID glitch, might link with zone ID+255
• .JTE and .SUNMA - Orange, ID glitches associated with the ID of SAN_AND
• Z1[1] and Z2[1] - light orange, might boost the lower Z coord to 256, well above the standard 200 zone height
• Z1[0] - lighter orange, might increase the lower Z from 0 to 1, might be hard to notice
• 00 - light yellow, trailing null characters that won't matter if glitched
• Sectors - gray, standard fog array offsets

Gang Formatting

• Ballas - purple
• Grove - green
• Vagos - yellow
• Rifa - blue
• DaNang - orange
• Mafia - gray
• Triad - rose
• Aztecas - cyan

Colors were chosen to conform with the The Big Gangster Mod.

 

Useful Links:

• Zone Map by pdescobar
• Zone Structure in Saves and Memory
• The Ultimate Territory Glitch FAQ
• Satchel Trick on YouTube
• San Andreas Savegame Editor 3.x with Zone Tool
• San Andreas Save Editor: SASE v1.00 with Zone Tool

Edited April 2, 2021 by OrionSR

[Bnd]

I do have option to import/export saves from my PS2, but im no where near gang turfs. (only starter save progression)

 

If you do have one save that has gang turfs unlocked im willing to help.

I have V1 US.

[OrionSR]

I can modify one of your saves to enable gang wars, if you'd like. This isn't necessary to perform the glitch. Brand new starter saves work well for me as other factors are reduced, but if you'd like to see some progress on the map I can enable the gangs and their stats. Actually, I'm pretty sure I've got a cheat code for enabling wars in ric's PS2 gang war topic. There are other advantages to letting me craft a test save for you. I can move save disks and aircraft near the coasts. And increase flight skill, and muscle and fat if you want them for long flights but most of the test I'll need will be right off the coast.

 

I need to dig through my old PS2 notes. The zonepop address must be well documented for the gang war cheats to work. I'm confident that the zonefog structure immediately precedes zonepop for the glitch to work as I expect. I may have a cheat for the Open Sectors variable, that should nail down the offsets for off-the-map sectors with positive IDs. I'm not at all sure what to expect for a negative ID. Hopefully I'll find a little trash at the end of the zoneinfo structure that's gone unnoticed before.

 

I can't find my memory dumps from PS2. If I had those I could make a reasonable prediction for negative ID glitches. Are you set up to make save states in a PS2 emulator? That's were I got my dumps before. But at the time it was a painstaking process just to get setup to start the game. I'm reluctant to repeat the process or ask anyone else to start from scratch. If you've got other strategies for making smaller memory dumps I can specify the range in question.

 

A quick test to get started, any save will do: Fly south and southeast of the map where all the gang sectors are displayed for PC. That's the mystery data for PS2. Hopefully you'll be flying through a pattern similar to what you see to the east or west on the PC map. But for this purpose, all those 00s are useful data to me, so you shouldn't have trouble triggering something I can identify. And if nothing happens then that's good news too. This should be a reasonably long flight by comparison to most of the other test I need.

 

I need to probe what's just off the coast to the east with reference to landmarks on shore. A boat or jetpack might be better for this purpose and you'll want to return along the exact same path. The same indexes should apply to PS2, but will link to zonepop instead of zoneinfo. At first glance, guess:

• 104 = Ballas in SUNMA (start of SUNMA record)
• 105 = Grove
• 106 = Vagos
• 107 = Rifa
• 108 = DaNang
• 109 = Mafia

I'm not liking the look at that at all. I'd much rather put Ballas at the top of the map in sector 100 as that would align SUNMA Vagos with the LV airport. Only the test can tell.

 

A sample save that tests some but not all of these zones just off shore would be useful. Just off-shore is remarkably close on the east. Where the sea floor goes soft is probably an accurate measure. If it's hard to see the land then you are probably well within the next sector out. A little too far out should be helpful for this initial test. The most important factor is to stay well within the north/south center of the zone.

 

I'm expecting some glitches to be the same, like if you fly along the north shore it should unfog the map along the southern coast. The sectors just off the south or east unfog the on shore sector (cool trick of the math). So, if you travel east along the -3000 Y parallel you've got a 1200 meter wide swath of the same glitches. A reasonably long flight along this route to the east should help refine predictions.

 

Actually, I'm liking this PS2 map even better. It appears to leave a save sector off the coast, so you'll probably need to get 600 or so off shore to trigger any turf glitches. Purely theoretical at this point, and with only a few early ZonePop records filled in, but it's based off of my old notes on the starting offsets of ZoneInfo, ZoneFog, and ZonePop in PS2 memory. Anyway, this map puts SUNNN Vagos in the most direct path for the St Mark's Bistro mission. It would account for Ballas sometimes showing up in SUNMA, and Ballas or Grove in CIVI if you miss the mark and near to circle back. These aren't terribly concrete observations though, just trying to fit together as many observations as possible.

Edited August 25, 2017 by OrionSR

[Bnd]

Click

Here is my save, its not completed its still work in progress

 

//By Emulator what do you mean? Should i use emulator to test quicker? Or you asking if i use emulator? If thats the question i use real PS2

Edited August 25, 2017 by Bender ุ

[OrionSR]

Is this the save I'm supposed to buff? So no tests in this one? I'll see what I can do. What strategy are you using for transferring saves? Can you use raw cheat codes?

The question of an emulator is related to memory dumps. I have most of the info I need from a memory dump, notes on the offsets of key structures, but I've got a 12 byte gap between the ZoneFog and ZonePop arrays, can't account for a sectors unlocked variable, I'm not sure of a number-of-zones variable at the start ZonePop, and if those account for 8 of the bytes between zone fog and zone population then what are the other 4 bytes for? So if I had a snapshot of a limited range of memory that included all of the Zone Fog Array located at 0x007BA780 plus about plus and minus 512 bytes I'd be able to align my lookup table with the data. I think a snapshot of a limited amount of memory is possible on PS2 using cheat device software but I don't know how to do it. If you had an PS2 emulator like PCSX2 then a memory dump is easy. All I need is a save state and I can adjust it to map memory fairly quickly.

My PS2 Map is Broken - I'm worried that the PS2 isn't registering the variables in quite the same way.

Try as I might I can't get it to match the few observations I have recorded. Which isn't too surprising as my cohort couldn't replicate my PS2 results either. I'll quote the observations so we have the data all in one place. I also found my old notes on the memory offsets for the zone structures.

See Cheat Code Creation topic for v2 or PAL offsets:

ZoneInfo - 007B7800 32 bytes 380 Zones

Zone Fog Array - 007BA780 bytes 0-99

ZonePop - 007BA7F0 17 bytes 379 zones

Again, I managed to add Ballas to Santa Flora and Aztecas to Paradiso. I think you could do the same thing if you followed the same flight path (1:45 east of the LS car park with the NRGs, then return).

 

QUOTE (OrionSR)

So the plan is:

Set the map marker on the road in front of the NRG parking garage.
Fly a east of the marker in Shamal at mostly full speed for 1 minute and 45 seconds.
Flip the plane over and fly straight back towards the marker.
Save.

here's what i got by using same flight path for approximately 2 minutes...

SUNNN
ballas = 01

SUNMA
mafia = 01

BATTP
rifa = default
vagos =01

PARA
rifa = 01

CIVI
mafia = 01

BAYV
ballas = 01

CITYS
gsf = 01

OCEAF1
da nang =01

OCEAF2
no added density

OCEAF3
no added density

[Bnd]

Yeah this is my save, if you want you can edit this one and i can do tests on this one.

For exporting my saves i use UlaunchELF (Basicly plugging Pendrive into PS2, putting *.b file on it, then dragging it to Desktop on PC, is that simple)

By raw cheat codes you mean for example Action Replay Max ones?

No I'm sorry i can't access it, i can only I/E saves between my PS2.

 

As well starting GTA on PCSX2 is not a issue for me (even with my PS2 save)

Edited August 25, 2017 by Bender ุ

[OrionSR]

Yeah. UlaunchELF. That's the tool I've been tracking if I ever wanted to get into PS2 saves again. I'll see if I can find reference on memory dump features.

 

RAW codes can be converted to AR-Max, Codebreaker, or a number of other formats. I can manage cheat codes too but that's not an issue here, no worries.

 

It'll take a while to craft what I want. and it's too late to start tonight. The bells and whistles shouldn't be too tough. I'll see if I can set Katie's restart location to the LS airport near a save disk and a choice of aircraft - not sure if I can do the restart location from scratch though. The idea is you can crash and die at the end of the test and save the trip home. Any favorite aircraft I should include. Figure that a uniquely colored Andromada is already on the tarmac.

 

The tricky part will be the blips. Since PS2 offers little in the way of clues to your coordinates I'm planning on leaving a blip trail to follow. That way it'll be pretty tough to be off course by the 300 meters required to encroach on the neighboring zone. These test will need to be precise. I'm having a lot of trouble reconciling my old observations with the new map. It doesn't look like this will be the simple lookup conversion I was hoping for.

 

The formula used in the sheet to calculate the indexes on which all other information is mapped might look simple enough, but Nick and I spent a lot of time refining the equation until we finally had something that appears to screw up the math in exactly the same manner as the PC version. I'm not so sure that all of the same quirks will apply to the 128 bit processor of a PS2.

Edited August 25, 2017 by OrionSR

[rhans]

The info I would like to add is explaining how this glitch should work in combination with the other glitches used.

 

1 - Basic "satchel" glitch: Waiting for a territory to get attacked and killing at least 3 attackers on the desired territory and and have all of the other attackers dead by whatever means, like being run over by a car, or being killed by a random ped (or at least 1 can be alive if he is far from you). This should still add + 10 GSF density.

 

2 - Adding Ballas/Vagos (variation 1) - Once again wait for an attack, kill at least 3 attackers on the desired territory, but this time leave all the other attackers alive (or at least as many as you can), and either wait for the attack to time out, or cancel the attack by starting a mission. The density added is Number of Attackers alive x 3. So if 5 Vagos are alive, 15 Vagos density will be added. If

Ok, so this above is the normal effect, that happens when you use this glitch on a purely GSF. But if the territory has any other gang on it, the density increased will be the gang that was already dominant on that territory prior to the attack, and not the gang that is attacking.

So, if for example I used this glitch on Chinatown, and let 6 Ballas alive, I would NOT be adding 18 Ballas density to it, I would instead be adding 18 Triads density.

The dominance is checked by whatever gang besides GSF has the most density in the territory.

So if a territory has the densities: 70 GSF, 60 Triads and 40 Ballas, the dominant gang is Triads.

But what happens if many gangs have the same density on a territory, which should be common when doing the flying glitch (since all added gangs by it have a density of 1)? Well, each gang has a priority, and it will be dominant over others when the are tied with the same density, and the order from highest to lowest is:

1 - Ballas

2 - Vagos

3 - SF Rifa

4 - Da Nang Boys

5 - Mafia

6 - Triads

7 - VLA

8 - Gang 9

9 - Gang 10

GSF density has no effect whatever on which gang is dominant.

So this means I cannot add through glitches density of gangs that are not dominant on that territory to it (I cannot add Vagos to a Ballas territory, nor can I add Vagos to a Triads territory). The only way of adding Ballas or Vagos densitiy to a 3rd party gang is letting them attack the territory and not interfere (no glitches used).

So if I fly to a direction, and add to the same terriroy +1 GSF + 1 Da Nang, + 1 Mafia, + 1 Triads, + 1 Gang 10, the dominant gang will be Da Nang, so using this glitch there will increase Da Nang densitiy there while leaving all the other gangs there will the same density. So if you want a territory that has Mafia as the dominant gang, it means the territory cannot have on it Ballas, Vagos, SF Rifas and Da Nang.

 

3 - Adding Ballas/Vagos (second variation) - Wait for an attack to happen but leave it unchecked, kill gangs members on the desired territory until the time runs out. You should add + 30 of the attackers densitiy on the desired territory, unless it has a gang that is not GSF there, then it will increase by + 30 densitiy of whatever gang is dominant there.

 

4 - Mastermind glitch/ Pomor Manuever - Wait for an attack to happen, the kill 3 Ballas or Vagos on a territory that has gang you want to add somewhere else as the dominant one there. After doing that, go where the attack is happening and trigger it, the attackers should be the dominant gang where you previously killed 3 Ballas/Vagos. Now ignore them and go to the territory you want to add their gang densitiy to it, and keep killing Ballas/Vagos there until the attack times out (not that the territory where you want to add them must be a GSF pure, if I try to use the Mastermind glitch to add VLA to a Vagos territory, all I will do instead is increasing Vagos density there, and not VLA). Once you added the 3rd party gang where you wish, to further increase that gang density on this same territory, use glitches #2 and #3.

 

So, flying can only add the gangs like Mafia, Gang 9 and Gang 10 to very espific places, with extremely low density (1 density, but Gang 9 has priority, so Gang 9 is dominant), so you will barely be able to find them at all there. Fortunately you can use glitches #2 and #3 to increase their density there IF they are the dominant gang. Also, if you wish, you can further add them to other territories by using glitch #4.

 

On my save I had Gang 9 and Gang 10 added to Playa de Seville (both with density of 1, but Gang 9 has priority, so Gang 9 is dominant), then I used glitch #3 there, now I have 31 gang 9 densitiy there, while Gang 10 remained with 1 density. So now its very easy to find Gang 9 there, but still extremely rare to find Gang 10 there (they look just like VLA, but they drive Sentinels and are most of the time unnarmed). I can use glitch #4 later to add them to more places. Also, I got Mafia on STAR1 (Starfish Casino), with a bunch of other gangs, fortunately Mafia has the dominance over all other gangs there, so later I intend to use glitch #2 or #3 to find more Mafia members wandering there, and gltich #4 to add them to other places.

 

Also, if a territory with Ballas or Vagos, and they are not the dominant gang, you are not able to take it over, unless you increase their densitiy until they become the dominants. But you cant do that with glitches, only by waiting for them to attack there. So the only way to remove let say.... SF Rifa from Garcia is using glich #1 on it twice, so it will have 20 GSF density, now this means this territory can get attacked by Ballas or Vagos. Now use glitches #1 and #2 until a nearby territory has 20 or more Vagos or Ballas densitiy, now this means the can attack Garcia. Now you have to wait for them to attack Garcia and do nothing until the attack time out, and let them do that a second time. After this, whoever attacked the territory should be now the dominant gang on that territory, now go there and kill 3 gang members and and win all 3 waves to wipe them out as well the SF Rifas. This strategy can be used to wipe out all of the 3rd party gangs from their original territories.

Edited August 27, 2017 by rhans

[__mako]

Nice work, this is really useful, as I always wanted to add Mafia territories using this glitch with as few side effects as possible.

 

 

 

I have a question

 

Open Sectors (-1 thru -4) is written not read, so we can't instantly unfog the whole map by glitching an upper byte, but it counts as a new sector and will increase the count within the OpenSector integer by 1 every 5 seconds (detection cycle) while CJ is within the zone. The whole map will unfog at 80 so it shouldn't take long for the map to unfog if CJ hangs in the area for a while. The nZones WORD has data; the align bytes can be glitched but it won't matter.

 

would hanging in area which adds Mafia density to some turf for a long time add more density to that turf eventually, if I just hover there in heli/hydra?

[Nick007J]

would hanging in area which adds Mafia density to some turf for a long time add more density to that turf eventually, if I just hover there in heli/hydra?

No. Only sectors between -1 and -3 have this effect, and they only affect total number of zones revealed, increasing it at 1 zone per 5 seconds.

[OrionSR]

I want to stress before continuing that I still consider the PC map to be predictive. I was able to resolve any conflicts I had from years of observations and made several tests of specific zones and the critical limits where the math is weird, but I'd feel a whole lot more confident if others could replicate the results. Few of my coordinate tests have been normal. I've used a boat once or twice but almost everything else has been simply teleporting with a trainer.

 

Thanks rhans! I was hoping that you'd take the lead in developing strategies for applying the extended sector maps. I'm still trying to work out some of the finer details of null bytes in the PC map, and mostly trying to get my PS2 map working properly at this point. I pioneered a lot of the early research into turf exploits but it's been a long time since I've applied these strategies. I'm a bit rusty. One detail I couldn't account for in your explanation. There was something in the early strategies that required at least 1 grove, or maybe at least 1 grove, vago, or balla in the zone in order to get the exploit working. IIRC, since zone exploits were always so risky on PC players usually used basic hood abuse to stick 10 grove into the zone as a primer. I would expect the application of this exploit to be somewhat limited on PC, but if we can get the PS2 map working it might be a primary strategy on PS2. But... I can't remember how it all connects together.

 

rhans, would you mind formatting a basic link reference to your Turf Exploit channel and any related local topics? I'd like to include it in the opening post.

 

The PS2 map has been updated with the most predictive information we can design.

 

Next task, craft custom PS2 saves. More data is needed. This will take a while. It shouldn't be too tough to copy what I need from PC to PS2, but I still need to plan it out, save it on PC and hunt down the new records for transfer. This looks like an incomplete starter save based on SnP's report. Yeah, that's a known enough sample to work with. I'm going to break your save though, by unlocking all cities so you don't have to worry about restricted areas. This will kill the storyline because nobody can call CJ for new missions. Besides, the navigation blips won't go away. (If you want a custom save for PS2 I've got a heavily modified PS2 Chain Game starter save you can play with.)

Edited August 25, 2017 by OrionSR

[Bnd]

It is incomplete, like i said, its my own work in progress save.

 

If You please just send me *.b modified save i can work with would be helpful.

These AR Max saves, i cant imporr them... I only can import .b files to my ps2 (or atleast thats what i know how to do).

Edited August 25, 2017 by Bender ุ

[OrionSR]

Good news, everyone! PS2 Save Builder has been verified as safe, and more importantly, white listed by my security software. I didn't have to do anything special to download and use this software beyond enabling cookies on the host site. I can finally manage PS2 save archive formats again. So while I've got this thing working I extracted my saves and uploaded them to GTASnP.com. There's no difference between PAL and NTSC saves; v1 or v2 is the primary factor for most saves. The Japanese version is quite different, and not supported by these saves. The DB versions were for debug purposes, but included as main a file since everything is unlocked early so you can sample the features to be unlocked later. But unlocking the cities broke the debug save. The missions won't let CJ out of the early LS strand.

 

1 CG4PS2v1b3.b
2 CG4PS2v1b3DB.b

1 CG4PS2v3b3.b
2 CG4PS2v1b3DB.b

 

You can extract saves from nearly any PS2 save archive using PS2 save builder. AR-Max, Codebreaker, NPort, SharkPort, Xploder, and X-Port are all supported. Archives can be converted too, or repackaged with custom saves. The trick to PAL and NTSC conversion is getting the right folder name and base files, but I just use a known sample as at template and shuffle the saves between folders.

 

I'm off topic, better get back to save crafting. I've got an Andromada, AT-400, Shamal, Hydra, Hunter and Banshee to get to the larger and more distant aircraft at LSX. To the east in the channel is a Squalo, and a Skimmer along the dock in the SE that's exposed to open water - there's an oyster there, iirc. Are there any other vehicles that would be useful in this location?

 

Restart override is finally working, and seems to extend to an unreasonable flight range. Madd Dogg's save disk has been moved to the airport and marked with a save disk. This is all on PC so far, where it's easy to work out small bugs. Once everything is working I can start tweaking your save for testing purposes.

Edited August 26, 2017 by OrionSR

[OrionSR]

Coastal Test - PS2v1 test file (phone calls are broken)

It's been a while since I've crafted PS2 saves, and I made an awful lot of edits. Hopefully I didn't break anything important and the save will at least load for testing. It would help to verify as many details as possible as I'll be using this save to build test saves with different blips.

• Max armor increased to 200
• Flying skill to 1000
• Infinite run enabled
• Boosted ammo counts
• All cities unlocked
• Bridge barriers disabled
• Gang wars and gang war stats enabled
• All standard gangs, dealers and colors removed from zones
• Map fog reset
• Madd Dogg's disk and save blip moved to LS airport
• Respawn at the airport and keep weapons when wasted anywhere
• Andromada, AT-400, Hunter, Hydra, Shamal and Banshee spawn at LS airport
• Skimmer and Squalo spawn along the channel to the east
  (replaces 3 always hidden cargens, 3 random cars in Angel Pine, and 2 Journeys at the LS studios)
• Radar blips set 300 meters off each corner of the map

Coastal Test - the goal of this test is to avoid any glitches while flying around the edge of the map. Each corner has a blip 300 meters off shore. Head to the SE marker (red) and turn abruptly north. Head directly at the green marker. No new sectors should be unlocked along the east coast (check your map periodically). Turn west at or just before the green marker (don't round the corners too much). Head west towards the blue marker. As you travel west the southern sectors should unfog one sector ahead of CJ's location in the north. (The first couple were unfogged at the airport.) Turn south at the blue marker and head south along the western coast towards the yellow marker. The western map sectors should unfog just like CJ was within the map. When you reach the yellow marker turn sharply northeast and approach Angel Pine enough to check the wanted level. Crash and die to verify the restart override. Save at the LSX disk.

Verifying the unusual unfogging of the map is the primary goal of this test. You'll need to make regular observations using the in-game map. Future tests will rely more on glitches I can detect in the save.

Shorter Coastal Test - Fly between the red and yellow markers. The southern sectors should unfog in the same manner as the western coast.

Hunter Test

• Blips moved and recolored
• Map fog removed

Hopefully the first save worked as I've modified it slightly. This test is designed to probe the gangs of SUNMA in the northwest corner of the map.

• Use the Hunter. This is a fairly short test of toggling the Brown Tbunder side-mission to update the gang zones colors so you can tell which zone you are glitching with Ballas, Grove, or Vagos.
• The blue maker in sector 119 to the east of the LS airport should glitch Aztecas into SUNMA and align you with the other markers. There won't be any indication of an added Aztecas. Continue north to add Triad, Mafia, DaNang and Rifa until you approach the yellow marker.
• By the time the yellow marker in the center of the sector is within range of the mini-map you should notice a zone has been added to the Vagos' stat. Toggle vigilante to verify the colors of the glitched gang and zone.
• The sector with the green marker should glitch grove into the zone. I'm not sure if only grove will color the map after vigilante or if it's mixed with the Vagos color. It might be hard to distinguish between green or green+yellow.
• The purple marker is within a Ballas sector. Again, toggle vigilante to observe changes to the map.
• Get wasted under the purple maker. I want to see if I can identify the place of death coords in the save.

A new-to-me trick on the Hunter saves is that I figured out how to paint a marker purple. Please verify.

 

Negative Test - updated

• Distance traveled in a plane, distance traveled in a helicopter, and flight time stats have been reset to 0.

This save probes the deep southeast for zone glitches. The Red, Green, Blue and Yellow (RGBY in order nearest to farthest) markers will should cause null glitches with no observable effects to occur in LIND3, LIND4A, WWE1, and LDT8. Check pdescobar's zone mapper for zones in Willowfield, Whitewood Estates, and the LS Tower (Won't help this test. Zone names should display properly. I've got another test in mind for the term glitches but I'm running out of steam for this project.)

 

This is a fairly long trip; about the same as 1/3 the way around the map. In addition to testing the effects of negative sector indexes corrupting the zone information, I'd like a little data on distance traveled and flight time. Please include some comments for me to compare with the in-game stats for distance traveled, and game time. The measures assume that CJ is on task from start to finish and dies in sector with the yellow marker.

Edited August 28, 2017 by OrionSR

[OrionSR]

Zone Info Glitch Effects

 

The PC map has been updated with new rules that should accurately distinguish between bytes that contain data and are immune to the glitch (white background) and bytes that contain null data and are prone to changes (background colors). This update includes all the stuff that was 00 but not associated with known glitches.

 

Red are shade indicate a null terminator glitch

Pinks are the unknown Type and Island shades

Orange indicates a Z coordinate glitch

light yellow indicates the harmless nulls trailing a terminator

Gray are standard fog sector writes

 

I've been running some tests on potential zone glitches and their effects.

 

• term - Null terminators zone name gtx key. DOH1:DOH: and DOH2:DOH: both use DOH: to display Doherty as CJ enters the zone. If DOH: is altered to DOH; then that zone can't find it's name. Critical examples include the Taxi and Toreno glitches.
• null - Same thing but applied to the zones unique ID DOH1;DOH: using the colon/semicolon example above.
• Type - a few tests provided no new clues.
• Island - Changing SAN_AND to 01 like the other non-county zones didn't seem to do anything.
  
• Z1[1] indicates the upper bytes of a word that records the lower Z level of the zone. If the upper byte is glitched the zone will exists 200 meters above sea level. For a standard zone the bottom would be 256 and the top would be 200 but the zone probably works despite this reversal. If CJ enters El Corona with a glitched Z byte the zone name displayed is Los Santos, the larger underlying county zone. Cars and peds spawn according to the Los Santos zonepop rules unless CJ ascends into the proper zone.
• Z1[0] is the same glitch applied to the lower byte. For most zones the player is unlikely to notice the difference between a zone floor of 0 and 1 when ground level is 12.5.
• Z2[1] is the upper byte of the upper Z coordinate. A glitch in this byte would make the zone very tall, but unlikely to reach to interiors at 1000 meters.
  
• ID[1] is the upper byte of the zone ID word. Glitching this byte will link the zoneinfo record to the zonepop record with the matching ID, which will be the index of the standard ID + 256. Peds and cars will spawn according the the rules of the new link. Gang colors will be displayed for the gang controling the linked zone. Other implications have yet to be explored.

Testing Z and ID zone glitches

 

First Test: ELCO1 (ID 116) was linked to STAR1 (ID 371) using a hex editor. ELCO1 popcycle was changed to airport runway and STAR1 popcycle was changed to golf course. When the save was loaded golf carts spawned in ELCO1

Second Test: ELCO1's ID was reset back to 116 and it's Z1 floor was raised to 15. When the save was loaded generic cars spawned in the Los Santos zone. When CJ climbed on the roof of a house he entered the El Corona zone and runway traffic and peds started to spawn.

All zone info records in the save can be ID glitched, and all will link to a proper zone if glitched.

Modifications to the .Island of SAN_AND and the Type of test zones don't appear to have any effect.

 

"null" glitches - I have reviewed the standard scripts for the use of opcode 0583: that checks for the zone names associated with the first character string. All references are to Grove St, Glen Park, and Idlewood zones, each is well out of range of this glitch. I don't anticipate any ill effects from null glitches.

 

"term" glitches are associated with the zone's gxt key that links to the zone name - the 2nd character string. In addition to problems with Taxi and Mike Toreno in Doherty, it looks like Mike Toreno might also have problems if Easter Basin is glitched. Wear Flowers in Your Hair also references Easter Basin. Taxi could potentially have problems with county names but it looks like those are also out of range of the glitch. Pimping relies heavily on zone names. A heavily corrupted save might have problems with pimping in SF and LV, but few of the LS zones are within range of the glitch.

 

Added: Comments regarding the range of the zone glitches were specific to PC zone glitches. Current estimates for PS2 allow for only 7 possible zones to be glitched. I don't anticipate problems with term glitches and missions from any of the zones effected by the PS2 glitch. The zone glitches on PS2 should be limited to STAR1, RING, LDOC2, LIND3, LIND4A, WWE1 and LDT8. None of the PS2 zones are subject to ID glitches. The consequences of zone glitches on PS2 appears to be limited to the incorrect display of zone name. But there appears to be no benefit to any zone glitches either.

Edited August 27, 2017 by OrionSR

[Bnd]

Coastal Test

Save

I can provide a Stream VOD from what i did, it has to upload to youtube, I'll edit this post.

 

 

Other saves, I'll test them Tomorrow.

[OrionSR]

Woot! The modified PS2 save actually worked. I was holding my breath on that one. I've had terrible luck with blips in the past but I've learned a lot since then.

 

Yeah, a stream might clear up the mystery byte in this save. Everything else looked as expected in the save but observations of the coast unfogging was a critical component of this test. Can you confirm that the southern coast unfogged as you flew along the northern coast?

 

The mystery byte is a 01 flag in one of the trailing 00s of LDOC2. But the way I had my map arranged before would have put these sectors way outside of the bordering zones. So I added a single unused record after the standard zones to account for the 380th memory record and that placed your glitched byte in sector -186, just a bit south of the LS airport. So... This glitch is most likely explained by a flight using a westward bound flight that circled counter-clockwise a bit wider than expected before aligning on the first marker.

 

Wait for an update for the Negative Test. Everything shifted with the new observations so I need to move my blips around a bit.

 

The Negative Test in the post above has been updated.

___________________________________________________________

 

I've grown frustrated with the PS2 portion of this project. Waiting 2 days for test results isn't going to work. Bender, I'm sorry if this seems like a rant against you. If you were available to spit saves back at me as fast as I could crank them out then maybe I could make some progress. But that's not a reasonable expectation. I need a way to test my own saves or this just isn't going to work.

 

Please run the Hunter and Negative tests when you can. If the results are as predicted then maybe I'll just call it good enough and let the project sit until someone is ready to play with it.

 

What do I need to know to get uLaunchELF, LaunchELF, or wLaunchELF working on my PC and PS2? If I'm going to do this again I want to avoid the long process of transferring files with AR-Max. Maybe I'll clean up a little. If I get lucky I'll find my old flash drive.

Edited August 28, 2017 by OrionSR

[Lennart -]

Bnd. didn't post them yet so I will help him out.

https://youtu.be/GRgMYdi3HdE

https://youtu.be/FgSZ5HuCktg

[Bnd]

___________________________________________________________

 

I've grown frustrated with the PS2 portion of this project. Waiting 2 days for test results isn't going to work. Bender, I'm sorry if this seems like a rant against you. If you were available to spit saves back at me as fast as I could crank them out then maybe I could make some progress. But that's not a reasonable expectation. I need a way to test my own saves or this just isn't going to work.

Thing was i wasn't at home at the time, now i am, so i can test stuff all day.

[OrionSR]

Huh. The Andromada didn't spawn. And I need to run a few tests of hidden colors for PS2. I guessed black too many times. Thanks for noticing the custom plates. Nice vids. I was really confused about that odd 00 zone until I saw you turn back towards Angel Pine. What I saw in the video matched what I saw in the save.

 

To put it another way, you weren't the cause of my frustration, you just weren't the cure I was hoping for. No blame, no worries.

 

I directed my frustration towards scrounging up enough pieces to get my PS2, SA and AR-Max working again. I ran my own Hunter and Negative tests and got exactly the results I was hoping for. I'm fairly confident that the current PS2 map is correct and I just need to copy the new formatting rules over from PC to get it up to full speed. However, I still want to run a few tests for confirmation of more remote sectors and I'll need verification from you before I'll trust that what works for me will work for others. I'll be able to craft better saves now that I can see what I'm doing. I wasn't looking forward to learning Paul's trick of changing CJ's save location with his save editor.

 

BTW, my zones didn't change colors as expected during my Hunter test either. I'll check into that when I get the chance. And I still need your saves from after the tests. The videos help a lot but the data I really need is in the saves.

 

The conditional formatting rules for PS2 map sheet have been updated.

PC and PS2 descriptions updated in the opening posts. Editorial comments are welcome.

 

When I get some time off from work again I'll craft a few more test saves for PS2. Otherwise, I'm working towards wrapping up the investigation and documentation part of this project and turning things over to players trying to verify and use the new tool. Most of the discussion has been pretty technical so far.

Edited August 28, 2017 by OrionSR

[Bnd]

Negative Test with Death - Click

Negative Test without Death - Click

[OrionSR]

Good timing. I should have just enough time to review these tests before work.

 

Negative with Death looks perfect. A well flown path. All target zones have been glitched and also the expected collateral damage. And nothing else, very nice.

 

BTW, I was madly trying to complete my own test cycle from start to finish so I didn't get a chance to see the full Hunter video. I'm not sure the test procedures were clear. You could test for gang colors in the northern target sectors but I'm assuming I messed something up on that part. So, the hunter isn't required and a plane offers a quicker death. Fly south to the blue marker to align on the Aztecas sector, then fly north through yellow and green and crash at purple. This should glitch one of each without anything else, so round the southern corner to avoid straying too far east.

 

The next set of saves will have better starting locations. I wasn't sure where CJ was. El Corona was a good choice though. I want to probe the western gang zones and hit that long line of red term glitches that stretch from a little south of Angel Pine into the deep southeast sea. I need an airstrip near Angel Pine. Nothing big enough for large aircraft looks obvious on the map. I suppose I might be able to disable traffic on the roads... Easy on PC; I'd better visit the area.

 

Ah, I've got an idea. I'll surprise you.

Edited August 28, 2017 by OrionSR

[Bnd]

https://www.youtube.com/watch?v=DcOzBuxtaI8 - 22:15 Start of the Negative Test

[HalfOfAKebab]

Wow, this is really insane work. I love reading about stuff like this, and it's mindboggling to me that anyone could possibly figure things like this out. Where can I go to read more about stuff like this, and how can I learn more about the technical side of the game?

[OrionSR]

Mindboggling describes my feelings as well. I was working on something else when a new clue, and a new friend, brought 12 years of observations together rather suddenly. I feel a bit privileged to have been in a position to document the results of everyone's efforts on this long-standing mystery. I suppose I should wait for gameplay verification before I get too excited, but the success with the PS2 map has bolstered my confidence that we've got the right formula underlying the map.

 

This topic has been generally more technical than is usually allowed in the player's forums. But this level of detail is necessary for understanding how to apply the new map. I suspect that players may eventually develop more general or avionic descriptions for triggering specific glitches, but for now all we've got is the raw data laid out on a grid with pretty colors. I added links to several related topics in the 2nd post. Other technical topics tend to be relegated to the modding forums. An exception would be anything related to PS2 cheat codes. AR-Max style cheat codes are basically memory writes so these topics tend to include technical discussions on memory structures. This was a popular enough feature when SA was released that Cheats and Tricks had it's own sub-forum. I forget how the sub-forums have been migrated since. These topics might be mixed between Strategies and the General forums, or lost in some odd place. If you want to apply these strategies to PC or Mobile then we need to take the discussion to the modding forums.

 

The modding forums are full of way too much technical information. If you've got a project in mind I might be able to point you in the right direction. I've got a few mini-cleo projects on the shelf we can play with if you'd like to learn basic coding. Or, if you are willing to invest in the 010 Editor you can join me on my current project to upgrade the SA save template to support any type of SA save that isn't encrypted and update it to current standards.

 

Um... I'm liking this idea. There's actually a lot you could help with - bells and whistles I've got planned but haven't had a chance to implement. Something like enumerating the ped IDs so the template displays the model name instead of a number, and offers a drop down list of acceptable options, would be a very useful feature. I haven't developed this much beyond figuring out how to make it work for weapons and cars, so you could have your pick on interesting fields to play with and see the improvements implemented in the template. 010 has a trial period; you could try it out and reconsider when it expires.

 

San Andreas Save File Companion

Edited August 30, 2017 by OrionSR

[Bnd]

So, we missing only Hunter test right? I'll do it today once again properly (i think) and of course provide gameplay how i do it.

[OrionSR]

Oh, yeah. A Hunter Test save would complete the set. Thanks. Also, if you can beat me to it. I need a starter save for my Angel Pine mods that's a Negative Test save saved at the new airport disk. No flying, just saving. Then I'll only need to reset a few fog bytes for the next test. Once I've got CJ saved outside it's pretty easy to move him around between disks. I'll probably get antsy and do this myself after dinner but it'll be a couple of hours before I can get to it. My test mods are finally working on PC; I'm getting ready to transfer the data over to PS2.

 

Never mind. I've got what I need and have started the editing process.

Edited August 30, 2017 by OrionSR

[Bnd]

Hunter Test - I'm not sure... thats why results were late.... i followed the path via Blips; first was Light Blue then i turned and followed rest and died at purple.

[OrionSR]

Perfect once again. Your Hunter save had exactly the glitches I wanted to see and nothing that shouldn't be there. Nicely done.

 

That leaves only the tests of the western sectors. PS2 isn't at all happy about my objects despite adjusting for the proper IDs, but the Shamal managed to take off from the beach southwest of Angel Pine without any damage so I think I'll just work with what I've got and skip the large airport object I had planned to ease takeoffs. And I messed up the colors on my blips. So I'm still a ways from producing a proper test save but my trial run of the northern grove turfs looked good so I'm anticipating positive results.

 

I'm still having problems viewing my turf color changes on PS2 despite toggling missions or deaths. Perhaps this is due to mixed zones as the steep northern route leads to Vagos in each zone too. I'm hoping a more westerly route will produce more grove only zones. I can see color values in the save, and enabled Ballas on Mission Hill to verify my zones were visible. It seems like the zone coloring rules are a bit different for PS2 but I can't tell for sure. Can you get Ballas, Grove, or Vago colors to appear in the Hunter save if you glitch only one gang by approaching their single color marker from the west?