13 replies to this topic

[Tsathoggua]

On the latest (I think) built base, finished building a hangar a while ago, positioned at one edge of the base, and on completion, it turned out to be..well...in two pieces, one on one half of the wall, the other on the opposite side. Anyone seen this screwup before? (vanilla UFO). And whats more, is it safe to use it to host an aircraft or is this likely to result in further cockups?

And for that matter, anything that can be taken advantage of? it can't host two aircraft, determined that much by adding two interceptors to the order menu but not following through on it.

I've heard of cowboy builders before, but this takes the biscuit!

[NKF]

Ah, this is a fun bug in the dos version of the game. They fixed it in the CE version and TFTD. Surprisingly it won't break battlescape combat, but be careful you don't end up splitting the base into two halves, which might make a base battle impossible to win if any aliens spawn in the isolated hangar quarters.

How you perform this bug is try to build the hangar by selecting a slot in the sixth base column. You'll notice the base parts that end up on column 1 will be offset by one row down.

If you want, I can go into the technical explanation on what's happening.

- NKF

[magic9mushroom]

NKF, on 19 September 2016 - 08:48 AM, said:

Ah, this is a fun bug in the dos version of the game. They fixed it in the CE version and TFTD. Surprisingly it won't break battlescape combat, but be careful you don't end up splitting the base into two halves, which might make a base battle impossible to win if any aliens spawn in the isolated hangar quarters.

How you perform this bug is try to build the hangar by selecting a slot in the sixth base column. You'll notice the base parts that end up on column 1 will be offset by one row down.

If you want, I can go into the technical explanation on what's happening.

- NKF

I've never heard of this before; I'd be interested in an explanation. And it might be worth putting it up in Known Bugs.

[NKF]

It's to do with how the game manages the base map. To us, we see a 2d map of 6x6 modules. We can work with any part of the map by going directly to it with its row and column coordinates.  Note that Row and Column coordinates start from 0, so the the top-left most module is (0,0), and the bottom right most module is (5,5).


The game however handles the map as a 1d map. A continuous series of all 36 modules. If we laid it out flat with each module location numbered in numerical order starting from 0, it would look like:

00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 

To us, the 2d map is laid out like so:

00 01 02 03 04 05
06 07 08 09 10 11
12 13 14 15 16 17
18 19 20 21 22 23
24 25 26 27 28 29
30 31 32 33 34 35

To access the module at any particular row or column, The game uses the following formula:

(Row x 6) + column

6 is the map width.

Say you want to access the module at row 2 column 1 (or three down, two across). We would have (2 x 6) + 1 = 12 + 1 = 13 .

When placing a hangar, you're placing the top-left quarter.  The three other quarters are offset from this. With the 2nd quarter being +1 column, 3rd quarter being +1 row, and 4th quarter +1 row, +1 column.

Let's say we're placing a hangar at the previous example of row 2 column 1:

Quarter 1 (2, 1) = (2 x 6) + 1 = 12 + 1 = 13
Quarter 2 (2, 2) = (2 x 6) + 2 = 12 + 2 = 14
Quarter 3 (3, 1) = (3 x 6) + 1  = 18 + 1 = 19
Quartter 4(3, 2) = (3 x 6) + 2 = 18 + 2 = 20

If you look at the 2d map, the hangar would therefore be occupying locations 13, 14, 19 and 20.

Now, with the bug, what happens if you place the top-left quarter along the last column? Let's say we put the hangar down at the end of the top line of the base at row 0, column 5

Quarter 1 (0, 5) = (0 * 6) + 5 = 0 + 5 = 5
Quarter 2 (0, 6) = (0 * 6) + 6 = 0 + 6 = 6
Quarter 3 (1, 5) = (1 * 6) + 5 = 6 + 5 = 11
Quarter 4 (1, 6) = (1 * 6) + 6=  6 + 5 = 12

Technically the column should never be able to go beyond 5. But as the three other quarters are offset from the quarter you set down, the column ends up going beyond the map width. It doesn't go off the map as such but instead is pushed to the start of the next row down. So 5 and 11 are placed just fine, but 6 and 12 end up on the other side of the base, shifted down one line.

That's it really. And yes, placing a hangar at 29 or 35 would result in the game overwriting whatever is in memory immediately after the base map, which isn't good at all.

- NKF

[magic9mushroom]

I didn't think the game let you place a hangar hanging off the edge of the map like that. I guess you learn something every day.

Also, won't a hangar at 30/31/32/33/34 also result in buffer overflow, because it's hanging off the bottom edge?

[NKF]

Good point, it certainly will. Just running a quick test, it seems you can't build the hangar in slots 30 - 34, but will let you place it at 35.

After doing that, I had 6400 Avalanche launchers in storage. Hmm. Undocumented money/missile launcher cheat?

I guess it's just the right edge of the base that's affected.

- NKF

[magic9mushroom]

NKF, on 20 September 2016 - 05:22 AM, said:

Good point, it certainly will. Just running a quick test, it seems you can't build the hangar in slots 30 - 34, but will let you place it at 35.

After doing that, I had 6400 Avalanche launchers in storage. Hmm. Undocumented money/missile launcher cheat?

I guess it's just the right edge of the base that's affected.

- NKF

I'm thinking that's due to (possibly erroneously) detecting a collision with another base module. When I ran my tests, using a new base, it let me place one in 30-34.

[Kir'jaeden]

magic9mushroom, on 23 September 2016 - 03:21 AM, said:

I'm thinking that's due to (possibly erroneously) detecting a collision with another base module. When I ran my tests, using a new base, it let me place one in 30-34.

It seems range checking in executable is off. That is cause of such effects, as splitted hangars, units beyound of map etc. They switched it off to supress wast number of crashes. In most case it goes silently with no visible consequences.
Btw you have such pretty eyes you know.

[Tsathoggua]

Not always so smooth. Now I have a craft in it, I transferred an interceptor mounting twinlinked plasma cannons, and arrived (so NOT, I think, the in-transfer unlimited fuel bug) It is now airborne at zero percent fuel, and I've been making use of it as a patrol plane to regularly cover the entirety of the map that is not sub-ocean, to search for bases.

Found two, so far. Ethereal and I think muton, although could have been either ethereal, muton or floater. Each time, of went the strike team, off went the top of a considerable number of alien skulls:)

[magic9mushroom]

Tsathoggua, on 28 September 2016 - 06:41 PM, said:

Not always so smooth. Now I have a craft in it, I transferred an interceptor mounting twinlinked plasma cannons, and arrived (so NOT, I think, the in-transfer unlimited fuel bug) It is now airborne at zero percent fuel, and I've been making use of it as a patrol plane to regularly cover the entirety of the map that is not sub-ocean, to search for bases.

Found two, so far. Ethereal and I think muton, although could have been either ethereal, muton or floater. Each time, of went the strike team, off went the top of a considerable number of alien skulls:)

No, that sounds like the ordinary transfer unlimited fuel bug. The unlimited airtime occurs the next time you launch a transferred craft. It would only be new if you landed the 0% plane (voluntarily ending the unlimited-airtime flight) and then it didn't refuel (ordinarily it does).

[Tsathoggua]

Does it work for elerium fuelled craft, like the firestorm?

And can transfer-bugged craft engage targets, and stay in the air afterwards if one catches the craft before it gets back to base and orders it to remain in the air. And what about troop transports. can say, a skyranger, or avenger be transferred then sent on an intercept mission* then remain up and around without being mandatorily returned to base (its really, really annoying sometimes to have to go back to base and refuel when the transport still HAS 90% of its fuel tank full, when their is a nice juicy supply ship begging to be looted (yes I know about the 'bug' of crash, terror sites etc. remaining operative and not disappearing if there is any kind of craft en-route to the  site, I keep an empty skyranger at a remote polar base in the antarctic  just for this reason, the transport being slower by far than the interceptors and WAY slower than a firestorm)

*if not, then is it possible to transfer, take to the skies, but NOT on a mission of any kind, and then have them just hang about in the air until needed?

[Bomb Bloke]

Most of the details can be found here:

http://www.ufopaedia...A#Infinite_Fuel

Can't say I've messed with it myself, but were I to do so, the main utility to me would be scouting for alien bases. Your ships have their own radar coverage, and having them patrol near where you suspect bases may be often reveals where they are.

Really if I were inclined to cheat I'd just reveal the base locations, but yeah.  

[magic9mushroom]

Tsathoggua, on 29 September 2016 - 06:11 AM, said:

Does it work for elerium fuelled craft, like the firestorm?

Yes.

Quote

And can transfer-bugged craft engage targets, and stay in the air afterwards if one catches the craft before it gets back to base and orders it to remain in the air. And what about troop transports. can say, a skyranger, or avenger be transferred then sent on an intercept mission* then remain up and around without being mandatorily returned to base (its really, really annoying sometimes to have to go back to base and refuel when the transport still HAS 90% of its fuel tank full, when their is a nice juicy supply ship begging to be looted (yes I know about the 'bug' of crash, terror sites etc. remaining operative and not disappearing if there is any kind of craft en-route to the  site, I keep an empty skyranger at a remote polar base in the antarctic  just for this reason, the transport being slower by far than the interceptors and WAY slower than a firestorm)

*if not, then is it possible to transfer, take to the skies, but NOT on a mission of any kind, and then have them just hang about in the air until needed?

Troop transports will get "Low Fuel" after a mission regardless of their actual fuel reserves, so this bug will not protect you. It will let you use a Lightning beyond its normal range, though.

Interceptors will automatically attempt to return to base after an air battle, but can be redirected to do something else (whether or not the bug is in play, but obviously the bug makes it much more useful to do so).

You need a destination to launch a craft, but this can be an arbitrary waypoint. When it reaches a waypoint it will patrol, which is the only time the alien base detection will run. Obviously, with this bug in play ships can patrol indefinitely.

[magic9mushroom]

News!

I tested what's going on with the buffer overflow. What's overflowing is the value for "time to finish module at X position at this base" overflowing into "amount of X item at this base". Since the only four-square structure you can build is the Hangar, this allows you to overwrite the first 7 bytes in your base stores with 25.

Slot 37 is Engineers (this gives you 25 Engineers).
Slot 38 is Scientists (this gives you 25 Scientists).
Slot 39 is Stingray Launchers, bottom byte (this gives you 25 Stingray Launchers).
Slot 40 is Stingray Launchers, top byte (this gives you 25 * 256 = 6400 Stingray Launchers).
Slot 41 is Avalanche Launchers, bottom byte (this gives you 25 Avalanche Launchers).
Slot 42 is Avalanche Launchers, top byte (this gives you 25 * 256 = 6400 Avalanche Launchers).
Slot 43 is Cannons, bottom byte (this gives you 25 Cannons).

Note that Engineers and Scientists are one-byte fields, hence the rollover bug. Items, however, are two-byte fields, so that getting e.g. 256 Elerium doesn't roll over to 0 (though I imagine getting 65536 would).

There are two obvious and egregious exploits of this bug:

1) You can sell the craft weapons for much more than it cost to initiate Hangar construction. Since the bug can be triggered again and again by simply dismantling the Hangar - though you have to sell them in-between! - this effectively gives you infinite money.

2) You can make Engineers and Scientists out of thin air. You don't need a Living Quarters at the base performing this exploit, although since it's an overwrite rather than an add you have to transfer them to another base to accumulate them beyond 25 (which will require a Living Quarters for the Transfer to go through). Still better than buying them (with your infinite money, above), as transfer times are well under 24 hours while the normal arrival time for personnel is 72.


I can confirm that this bug does not work in TFTD DOS.

NKF, this should go in Exploits: For Free right?