Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Pokémon Discussion

RBY to be released on the 3DS Virtual Console - Page 1

RBY to be released on the 3DS Virtual Console

Posted by: Crystalame
Date: 2015-11-12 16:34:44
As announced on the Nintendo Direct today, Red, Blue and Yellow will be released on the 3DS's Virtual Console on February 26th

Bulbapedia's tweet about it, this is brand new so I don't think it's been posted to anything yet apart from Twitter (at the time of making this topic, anyway)

One of the coolest parts about this, I think, is that it apparently uses the 3DS's Wireless communication to link battle and trade. I wonder how many things they fixed/patched…?

Perhaps you guys will find new and interesting ways to break it  :P

Re: RBY to be released on the 3DS Virtual Console

Posted by: DaWoblefet
Date: 2015-11-12 18:39:57
I'm sure people will be heading up research once it comes out to see what is patched / what remains the same, but the length of time it's taking to get to the eShop implies to me that they're doing some cleanup. I'll personally be doing research to confirm / deconfirm various major and minor glitches as we go along. Of course, if we can still perform ACE, we can do anything :). I'll be curious to see what ends up happening.

Re: RBY to be released on the 3DS Virtual Console

Posted by: Stackout
Date: 2015-11-12 20:57:32
The only research that would need to be done is looking at the ROM and patch configuration.

Re: RBY to be released on the 3DS Virtual Console

Posted by: camper
Date: 2015-11-12 22:28:21
Will it be possible to hijack the 3DS with this?

Re: RBY to be released on the 3DS Virtual Console

Posted by: Blaziken257
Date: 2015-11-12 23:01:41
I imagine that the reason why the games won't come out for another few months is to coincide with the 20th anniversary of the games in Japan. I can't think of any other reason for it.

There are several things that I wonder about. First, will it be possible to use link capabilities online, or will it only be possible locally? I hope it will be possible online, otherwise there will be several Pokémon that I won't be able to get. Unless I use the Mew glitch…

…Which brings me to my second point. I wonder if any glitches will be fixed, especially when it's possible to execute arbitrary code (thanks to 8F). While most changes made to Virtual Console games involve making flashes less intense to reduce seizures, there are occasions when glitches are fixed (one example of this is Wario Land: Super Mario Land 3, which had a level skip glitch on GB, but not on 3DS). I guess we'll have to wait and see.

Third, will it be possible to download any language version, or will it be restricted based on region? One thing that I like about Gen VI is that you can pick the language when starting the game. Since I sometimes play Pokémon games in Spanish, this is a really nice feature. As someone who lives in the US, I hope I'm not stuck with just being able to download the English version. Prior to X/Y, I had to import games from Spain if I wanted to play them in Spanish (which was expensive), or use emulators.

Fourth, I hope it will be possible to upload screenshots on Miiverse. Though, the fact that it's not possible in any of the Gen VI games, or Pokémon TCG, kind of kills my hope here.

Fifth, I'm kind of bummed out that Super Game Boy features won't be supported for Red/Blue. They look so boring in gray… as do several other Game Boy games. Why N64 can emulate an SGB, but the 3DS (or Wii for that matter) can't, is beyond me.

Sixth, it will be harder for me to enjoy these games without connectivity with Pokémon Stadium (unless Game Freak releases that on the Wii U, which I doubt). PC boxes will be a pain to use, starters/fossils/Tyrogue evolutions will be difficult to get (without Mew glitch), and having to do with only 70 items (20 in bag + 50 in PC) will also be annoying for me… And of course, Pikachu won't be able to use Surf.

[size=8pt]Now I wonder why Nintendo took so long to support link capabilities on Virtual Console. Super Mario Bros. Deluxe could have really used it, but Nintendo probably won't patch it for that game now…[/size]

Re: RBY to be released on the 3DS Virtual Console

Posted by: Zowayix
Date: 2015-11-13 01:21:32

One of the coolest parts about this, I think, is that it apparently uses the 3DS's Wireless communication to link battle and trade. I wonder how many things they fixed/patched…?

So that's interesting. Nintendo have finally come to their senses, and put features in that emulators have figured out years ago. If they go further and put Transfer Paks and Controller Paks and all that crap in for N64 titles, make controller mappings more configurable and work with all controller types, and have VC games you buy on 3DS be playable on Wii U and where possible vice versa, they might actually start being competitive with ROMs and PC emulators.

Re: RBY to be released on the 3DS Virtual Console

Posted by: TheZZAZZGlitch
Date: 2015-11-13 02:42:32
RBY on the Virtual Console? With link cable support? There are so many things that could go wrong here. Sign me up!

The number of arbitrary code execution glitches on 1st Gen Pokemon games is so staggering that it's impossible to patch everything - it would be easier to just make a new game. From there, it should be possible to find and exploit a flaw in the emulator to gain code execution on the 3DS, assuming programmers at Nintendo still don't care about buffer overflows (some things never change). Also a reminder - remote code execution over the link cable was already found, in both Gen I and Gen II. If the Virtual Console editions still use the original link cable protocol, there will inevitably be a lot of trolls who erase your save file after you try to trade with them.

Memo to myself: After finding ACE on the Virtual Console, try some stuff:
1. Switching to unexistent ROM/RAM banks
2. Executing undefined opcodes
3. Fuzzing the IO ports
4. Capturing the hopefully unencrypted link cable traffic and reversing it
5. The blur effects in certain games to prevent seizures are certainly not generated by emulated hardware - there must be an IO port or bank that activates that feature, and the emulator itself handles the effect. Find out how to do this.
6. Potentially discover more hidden features in the VC emulator (maybe there are more special effects/commands than just the blur?).
7. Dump the VC ROM and see what was patched.
8. Check the uninitialized memory on the emulator. Normally the contents are undefined. Maybe I could find some heap information disclosure here?

Re: RBY to be released on the 3DS Virtual Console

Posted by: Stackout
Date: 2015-11-13 03:13:18

Memo to myself: After finding ACE on the Virtual Console, try some stuff:
1. Switching to unexistent ROM/RAM banks
2. Executing undefined opcodes
3. Fuzzing the IO ports
4. Capturing the hopefully unencrypted link cable traffic and reversing it
5. The blur effects in certain games to prevent seizures are certainly not generated by emulated hardware - there must be an IO port or bank that activates that feature, and the emulator itself handles the effect. Find out how to do this.
6. Potentially discover more hidden features in the VC emulator (maybe there are more special effects/commands than just the blur?).
7. Dump the VC ROM and see what was patched.
8. Check the uninitialized memory on the emulator. Normally the contents are undefined. Maybe I could find some heap information disclosure here?


Yeah, finding an emulator escape would be nice. I'd probably try and reverse the emulator itself though.

No need to dump the VC ROM, others surely will dump the whole titles with ROM and patch config.

Re: RBY to be released on the 3DS Virtual Console

Posted by: Krys3000
Date: 2015-11-13 06:30:14
I love to see TheZZAZZGlitch is already in the starting blocks for this  :XD:

Can't wait to see what comes up with that!

Re: RBY to be released on the 3DS Virtual Console

Posted by: Zowayix
Date: 2015-11-13 08:57:23

RBY on the Virtual Console? With link cable support? There are so many things that could go wrong here. Sign me up!

The number of arbitrary code execution glitches on 1st Gen Pokemon games is so staggering that it's impossible to patch everything - it would be easier to just make a new game. From there, it should be possible to find and exploit a flaw in the emulator to gain code execution on the 3DS, assuming programmers at Nintendo still don't care about buffer overflows (some things never change). Also a reminder - remote code execution over the link cable was already found, in both Gen I and Gen II. If the Virtual Console editions still use the original link cable protocol, there will inevitably be a lot of trolls who erase your save file after you try to trade with them.

Memo to myself: After finding ACE on the Virtual Console, try some stuff:
1. Switching to unexistent ROM/RAM banks
2. Executing undefined opcodes
3. Fuzzing the IO ports
4. Capturing the hopefully unencrypted link cable traffic and reversing it
5. The blur effects in certain games to prevent seizures are certainly not generated by emulated hardware - there must be an IO port or bank that activates that feature, and the emulator itself handles the effect. Find out how to do this.
6. Potentially discover more hidden features in the VC emulator (maybe there are more special effects/commands than just the blur?).
7. Dump the VC ROM and see what was patched.
8. Check the uninitialized memory on the emulator. Normally the contents are undefined. Maybe I could find some heap information disclosure here?



This fuckin' guy.

I wish you the best of luck. If anyone can make these VC releases do stupid shit for the hell of it, it'd be you.

Re: RBY to be released on the 3DS Virtual Console

Posted by: Stackout
Date: 2015-11-13 14:12:26

If the Virtual Console editions still use the original link cable protocol, there will inevitably be a lot of trolls who erase your save file after you try to trade with them.


You assume that the link emulation stuff will be online. Didn't they just say "wireless", therefore implying it'll be local multiplayer only?

Re: RBY to be released on the 3DS Virtual Console

Posted by: luckytyphlosion
Date: 2015-11-13 16:01:22

1. Switching to unexistent ROM/RAM banks

Apparently switching to bank 0x40 (or any non-00 multiple of 0x40) will load bank 0x00 on an MBC3. This may be of some interest to test.


2. Executing undefined opcodes


5. The blur effects in certain games to prevent seizures are certainly not generated by emulated hardware - there must be an IO port or bank that activates that feature, and the emulator itself handles the effect. Find out how to do this.


6. Potentially discover more hidden features in the VC emulator (maybe there are more special effects/commands than just the blur?).

Blur? I thought Nintendo just applied small changes to reduce flashing :P

Something to note of: Opcode FC in the VC emulator does something, while on real hardware it's an invalid opcode. This may be related to reducing blur, or it could be for something else. You can look at the changes Nintendo applied to some gb ROMs here.
[size=4pt]Kinda funny how your personal text is "Unknown opcode fc at 801a".[/size]



3. Fuzzing the IO ports


Fuzzing? So like corruption? One thing to test out would be if the game truly emulates the OAM DMA transfer (i.e. emulating OAM DMA bad accesses)


4. Capturing the hopefully unencrypted link cable traffic and reversing it

oh god


7. Dump the VC ROM and see what was patched.


There's already a homebrew application to do that, called Braindump


8. Check the uninitialized memory on the emulator. Normally the contents are undefined. Maybe I could find some heap information disclosure here?

I really don't think Nintendo cares enough to emulate something like that, but maybe…


Also a reminder - remote code execution over the link cable was already found, in both Gen I and Gen II. If the Virtual Console editions still use the original link cable protocol, there will inevitably be a lot of trolls who erase your save file after you try to trade with them.


There's also the issue of trading unstable Pokémon (namely glitch moves and glitch Pokémon). Of course, online multiplayer probably won't be a thing because of the staggering amount of bugs to abuse.

For me, I'd like to test out how accurate the 3DS emulator is, according to these tests. (of course, if there's another rom injection exploit I'd use that instead)

(If Nintendo/Game Freak was really concerned about exploits happening, they may hardcode a case for Pokémon Red/Blue to not allow the PC to access WRAM)

Re: RBY to be released on the 3DS Virtual Console

Posted by: hpoké_coloradohugge
Date: 2015-11-13 17:28:50
cause it is going to be a emulated version right?

Re: RBY to be released on the 3DS Virtual Console

Posted by: Crystalame
Date: 2015-11-13 18:21:32
As far as I'm aware, it's local wireless only, no Wi-Fi.

Re: RBY to be released on the 3DS Virtual Console

Posted by: SCared_Fir3
Date: 2015-11-14 12:41:51
I'm actually really excited about this, I thought it was never gonna happen.
Also to people complaining about (possibly) no Wi-Fi support: I feel like if they added Wi-Fi it kinda defeats the purpose/feel of the original games. You had to meet up IRL and connect a cord to trade, local wireless is the same concept. Idk but that's just what I think.

Edit: Also do you guys think they'll patch any glitches at all?