MMBN3 11th chip glitch technical explanation

Terminology: in the text below, "selecting" a chip means pressing the A Button to add it to your hand.

When you're in battle, there are two arrays in memory which are right next to each other.

The first is a 10 byte array which holds information for the chip slots in the Custom Screen, so 1 for each chip slot. Let's call this the Chip States Buffer. These bytes can have 4 different values: 0x00 (the 0x prefix means hexadecimal) means the chip is selectable, 0x01 means the chip is selected, 0x02 means the chip can no longer be selected, and 0xFF means the chip is a slot which does not exist. The 0x00, 0x01 and 0x02 values determine how the chip displays the chip slot; 0x00 means the chip icon is shown as normal, 0x01 means the chip icon is removed, and 0x02 means the chip icon is shown grayed out. The 0xFF value is only checked when moving the cursor.

Whenever you (de)select a chip in the Custom Screen, all other chip slots have their states updated according to the Custom Screen rules. So e.g. if you select a Cannon A, that slot gets its state set to 0x01 (selected) and any slots with e.g. Sword S would have their states set to 0x02 (can no longer be selected). However, when you choose a chip, the game will only update a chip's slot if its value is 0x00. This makes sense, because any chip which is already selected or no longer selectable cannot suddenly become selectable again after choosing another chip.

Initially all 10 values are 0x00, regardless of your actual Custom Screen size, but you still can't move the cursor to those non-existent slots despite them not being 0xFF because the game also checks what the size of your Custom Screen should be, and won't let you move the cursor to chip slots which are out of range. So there are 2 requirements in order to move the cursor to a chip slot, namely: (1) your Custom Screen size is large enough, and (2) that chip slot does not have a value of 0xFF in it.

Directly after that 10 byte array comes a 5 byte array which tells the game which chips you've chosen for that turn, let's call this the Hand Buffer. Here the game stores 1 byte for each chip chosen, which is stored as the index of that chip in your (unshuffled!) Folder, starting at 0x00 for the 1st chip. So if you select a chip in the Custom Screen which happens to be the 20th chip in your Folder, the game will store a value of 20-1 = 19 = 0x13 in hexadecimal. Then when the game wants to display that chip's icon, name etc. in your hand, it will go to the 1st chip in your unshuffled Folder, move down by a number of chips, and then display the info of the chip it landed on.

Initially all 5 values in that array are 0xFF. 0xFF is a special value meaning that chip slot is empty (no chip has been chosen).

The first step of the 11th chip glitch is moving the cursor to the 11th chip. Initially this does not work, why? Recall the two conditions from before. The game neglects to properly cap the Custom Screen size at 10, and we have a Custom Screen size of 5 + 6 = 11, so the first condition is met. The second condition is that the Chip State value is not 0xFF. If we were to select the 11th chip, we would go to index 11 - 1 = 10 in the Chip States Buffer. Well, if we go to the start address of the Chip States Buffer and add 10, we actually end up in the first byte of the Hand Buffer. Recall that the Hand Buffer initially is filled with 0xFF values. So the game tries to read that slot's state, sees an 0xFF value, and stops you from moving the cursor to it.

Now let's select a chip in the Custom Screen. Suppose that we select the chip which is the 5th chip in our Folder. That means the game will store 5 - 1 = 0x04 as the first byte in our Hand Buffer. Now let's try moving the cursor to the 11th chip again. The first condition is still met, of course. But now, the byte that used to be 0xFF is now a different value which is not 0xFF. That means the second condition is also met. As a result, we can now move the cursor onto the 11th chip.

What happens when you highlight the 11th chip with the cursor? Basically, at the start of the battle, the game will shuffle your entire Folder once. For the rest of the battle, it will simply go through that shuffled Folder linearly, like a stack of cards. (Note: if you use FolderBack, your Folder gets re-shuffled too.) The 11th chip shown in the Custom Screen is basically the next chip that would be moved into the Custom Screen on the next turn, if you select at least one chip this turn.

Next, we're going to press the A Button on the 11th chip to select it. Now several things will happen in order. The first thing is that the game will check if we are actually able to select this chip. For this it will actually check two things.

One is that it will check if it's possible to select this chip in combination with the other chips we've already selected. This fails if the 11th chip is in a different code, for instance. By the way, for this check, the game will treat it as if you are trying to select the 11th chip, i.e. the chip shown in the Custom Screen info, i.e. the next chip that would be drawn from your Folder.

The other thing the game will check is that the chip is not already selected; otherwise you would be able to select the same chip multiple times, since any chip can always be selected with another copy of itself. For this, the game will look at the Chip States Buffer and check that the chip state is not 0x01 (selected). Any other value is ignored here, even 0x02 (can no longer be selected), because theoretically, if the chip passed the first check, then it should never be the case that the chip's state is 0x02.

Finally, let's assume that both checks pass and the game is going to add the chip to our hand. Now, three things will happen.

The first thing that happens is that the game will take the chip we selected and add it to the Hand Buffer. This means the game will take the Folder index of the highlighted chip (11th chip), and write that index into the first byte of the Hand Buffer which is not 0xFF. Suppose again that the 11th chip on the Custom Screen is index 4 (so 5th chip) in our Folder. Since we already selected 1 chip beforehand, this means the 2nd chip in the Hand Buffer will be set to the 5th chip in our Folder. So far so good, right?

The second thing that happens is the game will go through all the bytes in the Chip Slot Index, and re-evaluate whether that chip can be selected together with the chips currently in our hand, according to the Custom Screen rules. Recall that it will only process any bytes which are currently 0x00. Now, if that chip is not selectable in combination with our current hand, that slot's state will be changed to 0x02.

For the 11th chip glitch, this does not really affect us... or does it? Actually, there is a situation where it does. If the 1st chip you selected is also the 1st chip in the folder, then the value for that chip in the Hand Buffer will be ... 0x00! And the game will not simply stop at the 10th chip slot; no, no, it will happily keep going and evaluate the 11th chip slot, which is the 1st byte in our Hand Buffer. Because it sees that the value is 0x00, it will try to update it and, depending on the Custom Screen rules, the value may change to ... 0x02. Which is then re-interpreted as a Folder chip index in the Hand Buffer, and so the 1st chip in your hand suddenly changes to the 3rd chip in your (unshuffled) Folder.

This occurs when (1) you have a Custom Screen size of more than 10, (2) the 1st chip you select in the Custom Screen corresponds with the 1st chip in your Folder (meaning the Hand Buffer will receive a value of 0x00 when it is selected), and (3) the 11th chip in the Custom Screen (next to be drawn) cannot be selected together with any of the chips in your hand. Try it: build a unicode Folder without * chips, then replace the 1st chip with a different code and set it as your Regular Chip. Then go into battle and try to select your Regular Chip. It will change into the 3rd chip in your Folder.

Now finally, it's time for the real magic. There is one last thing which happens when we select a chip in the Custom Screen, and this is the part which the 11th chip glitch is most well known for. The third thing that happens is the game will update the Chip State for the slot we selected and change it to 0x01, meaning that slot is set to "selected". If we selected the 11th chip slot, that means the game will try to update the 11th byte in the Chip States Buffer. This byte is, in fact, the first byte of the Hand Buffer. So what happens is the game will write the value 0x01 into the first byte of the Hand Buffer. This means that the 1st chip in our hand is now the chip at index 1 in our Folder, which is the 2nd chip.

And that's how we can abuse the 11th chip glitch to select the 2nd chip in our Folder in almost any situation. Even if the 1st chip you select cannot be selected together with the 11th chip, you can simply move the cursor to the 11th chip, press the B Button to de-select the 1st chip, and then always be able to select the 11th chip, which will subsequently change to the 2nd chip in your Folder.

While it is also possible to select the 3rd chip in our Folder, the applications for that are much more limited since you can only do it once, as it can only be done when you try to select the 1st chip in your Folder. However, it does enable some unique hands which are not possible with just the 11th chip glitch. An example for that can be found here (note that the explanation there is a little outdated): https://lparchive.org/Mega-Man-Battle-Network-3-Blue/Update%2094/#:~:text=ok%2C%20so%20i%20switched%20back%20to%20the%20english%20version%2C%20because%20while%20i%20found%20another%20glitch%20in%20there%2C%20this%20one%20can%20be%20repeated%20in%20blue%20and%20white.%20and%20it's%20much%20easier%20to%20explain%20in%20english.

It's also possible to get a 12th chip glitch or even a 13th chip glitch by equipping even more Custom+. I won't go into detail about those but it basically works the same way as described above, just replace any "11" with "12" or "13".