Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Generation I Glitch Discussion

Official 1st Gen (Red/Blue and Yellow) Glitch Discussion - Page 20

Re: Official 1st Gen (Red/Blue and Yellow) Glitch Discussion

Posted by: camper
Date: 2014-04-12 04:15:11
2. It's hard to get the move in Yellow since we can't switch move orders after Transforming anymore.

Re: Official 1st Gen (Red/Blue and Yellow) Glitch Discussion

Posted by: Torchickens
Date: 2014-04-12 08:00:37

I have two questions:
1. Why does Missingno. crash your game in yellow? Does it suffer the same problem as PokeWTrainer?
2. Why can't you use the Cooltrainer move to mutate Pokemon in Yellow?



1. Not exactly. The dimensions; AD do not freeze the game, however its pointer 06 00 does/causes the walking characters effect (I don't know why though). If you fix its pointer you can have it never freeze on the opponent's side. Normally you may get a freeze when you encounter Yellow Missingno. and sometimes you'll not, kind of like you may get a freeze if you only fixed #205's dimensions and sometimes not.

Here are two Game Genie codes to fix Yellow Missingno. on the opponent's side (I don't know what I'm breaking):

00F-CDA-F72
40F-CEA-E6A

2. You actually can. But like camper said you can't use the Transform trick to get it on Yellow because you can't switch move orders after transforming on that version. You may have to trade a Ditto with the 0x00 move from Red/Blue to Yellow (and it is no longer CoolTrainer  typed on Yellow). Freezes and the glitch not happening are common, though. The Missingno. you get is hex:32, like in Red/Blue.

Re: Official 1st Gen (Red/Blue and Yellow) Glitch Discussion

Posted by: camper
Date: 2014-04-12 09:58:30

The Missingno. you get is hex:32, like in Red/Blue.

The Pokemon you get depends on the last position you opened the Party menu, Item menu or the PC, whether in or out of battle. Whether the glitch occurs is likely to be depended on the RAM.

Re: Official 1st Gen (Red/Blue and Yellow) Glitch Discussion

Posted by: luckytyphlosion
Date: 2014-04-12 12:12:39
The problem I get whenever I try the "—" move (X - x can learn it at level 11) is that no matter what happens, the game simply crashes. No matter where my position is, the game just immediately crashes. Another thing I noticed is that in Yellow, opening the Pokemon menu in battle gives a Horsea instead of Missingno.

And for Missingno., is there a way to encounter Missingno. without cheats and without it crashing? (Normal form missingno., not Kabutops/Aerodactyl/Ghost Missingno)

Re: Official 1st Gen (Red/Blue and Yellow) Glitch Discussion

Posted by: Torchickens
Date: 2014-04-12 12:35:51


The Missingno. you get is hex:32, like in Red/Blue.

The Pokemon you get depends on the last position you opened the Party menu, Item menu or the PC, whether in or out of battle. Whether the glitch occurs is likely to be depended on the RAM.


Actually, while it's likely Yellow behaves in a similar way (I forgot about this video by TheZZAZZGlitch), you're very likely to just get a Missingno. or a Horsea by opening the menu in battle. I've tried different sprites and got the same result, with level 127 Horsea only appearing in Yellow if you mess up the graphics on the opponent's side (flip them) after sending certain glitch Pokémon into battle.

Edit: But an added note; you must view the glitch Pokémon's stats either in battle or outside of battle to flip the opponent's sprite.



The problem I get whenever I try the "—" move (X - x can learn it at level 11) is that no matter what happens, the game simply crashes. No matter where my position is, the game just immediately crashes. Another thing I noticed is that in Yellow, opening the Pokemon menu in battle gives a Horsea instead of Missingno.

And for Missingno., is there a way to encounter Missingno. without cheats and without it crashing? (Normal form missingno., not Kabutops/Aerodactyl/Ghost Missingno)


You're just unlucky. Keep trying. I did it in Diglett's Cave after opening the Pokémon menu in battle there.

Normal Missingno. may not freeze the game on the opponent's side in Yellow, but it's uncommon. When you exit, player sprites will walk across the screen.

Re: Official 1st Gen (Red/Blue and Yellow) Glitch Discussion

Posted by: luckytyphlosion
Date: 2014-04-12 12:46:49

You're just unlucky. Keep trying. I did it in Diglett's Cave after opening the Pokémon menu in battle there.

Opening the Pokemon menu guarentees Horsea 100% for me. It's just when I try to get Pokemon off of the screen tiles that it crashes. What makes it differ from Red/Blue than with Yellow?

Re: Official 1st Gen (Red/Blue and Yellow) Glitch Discussion

Posted by: Torchickens
Date: 2014-04-12 12:51:57


You're just unlucky. Keep trying. I did it in Diglett's Cave after opening the Pokémon menu in battle there.

Opening the Pokemon menu guarentees Horsea 100% for me. It's just when I try to get Pokemon off of the screen tiles that it crashes. What makes it differ from Red/Blue than with Yellow?


Your opponent's sprite was probably flipped. Save and restart then try again to fix it, but don't check X-x's stats after you reload the game. Let me know if it works this time.

Missingno. sprites through the Pokémon menu in battle method:

[img]http://i.minus.com/jF2uw7dNFh6DI.png[/img][img]http://i.minus.com/jGaZGcj2VScAQ.png[/img]

Horsea sprites through the Pokémon menu in battle method:

[img]http://i.minus.com/jbkTBF9ewu12yS.png[/img]

Opening the Pokemon menu guarentees Horsea 100% for me. It's just when I try to get Pokemon off of the screen tiles that it crashes. What makes it differ from Red/Blue than with Yellow?


You can get Missingno. or Horsea through the Pokémon menu in battle in Diglett's Cave way in Red/Blue too. But yeah, I'm not sure. I'm having the game freeze in Yellow too by trying TheZZAZZGlitch's trick.

Re: Official 1st Gen (Red/Blue and Yellow) Glitch Discussion

Posted by: luckytyphlosion
Date: 2014-04-12 13:05:58
I guess I didn't make my question clear enough :(.
What I meant to say is use the "—" move like you would is TheZZAZZGlitch's Catching rare/unavailable/glitch/over lv.100 Pokemon with the Cooltrainer move.
I made sure there was a bush tile in the correct position, yet my game crashed. Why does it work in Red/Blue, but not in Yellow?

Re: Official 1st Gen (Red/Blue and Yellow) Glitch Discussion

Posted by: Torchickens
Date: 2014-04-12 13:09:15

I guess I didn't make my question clear enough :(.
What I meant to say is use the "—" move like you would is TheZZAZZGlitch's Catching rare/unavailable/glitch/over lv.100 Pokemon with the Cooltrainer move.
I made sure there was a bush tile in the correct position, yet my game crashed. Why does it work in Red/Blue, but not in Yellow?


I'm not sure about that. Sorry for not answering your question.

Edit: Quote from TheZZAZZGlitch's Super Glitch thread:

- Sadly, all presented glitches (with exception of the first part of Harmless Super Glitch trick) do not work in Yellow. Newer versions handle battle screens a little bit differently, not allowing me to carry overworld screen data to a battle. However, the way of manipulating Super Glitch's written values remains the same. Maybe someone will find a workaround soon.


So it seems you can't carry overworld screen data into battles via start menu in Yellow.

Re: Official 1st Gen (Red/Blue and Yellow) Glitch Discussion

Posted by: camper
Date: 2014-04-12 13:31:55
Also you don't have to use the – move at all, since it's the name of the move (cloaked by –) that matters, not the move itself.

Re: Official 1st Gen (Red/Blue and Yellow) Glitch Discussion

Posted by: TheZZAZZGlitch
Date: 2014-04-12 15:01:36
Yep. The glitch mentioned above does not work in Yellow. In Yellow the buffered screen contents are updated after sending out a Pokemon in battle, overwriting any previous data. Not sure why the developers decided to change this behavior.

You may have to trade a Ditto with the 0x00 move from Red/Blue to Yellow (and it is no longer CoolTrainer  typed on Yellow).


This reminded me to show you something interesting: the type of the Cooltrainer move in Yellow changes depending on the opponent's sprite (more precisely, it's the lower left corner of the sprite that determines the name).

[img]http://i.minus.com/jbaaYoWFAe6VlN.png[/img]

It takes its name from address $9292. The location is writeable, so it can be changed to make it say whatever I want, just like $C3's species name in Japanese Green; for example, the GAME-CRASHER-9000 type:

[img]http://i.minus.com/jxj83TMt23l4M.png[/img]

Re: Official 1st Gen (Red/Blue and Yellow) Glitch Discussion

Posted by: Torchickens
Date: 2014-04-12 15:17:22
Ha ha, great find! When I modify $9292 to your values though, although I can get it to sort of work 9s appear in between some characters. Emulation error?

[img]http://i.minus.com/jA2JpaTl5gY5q.png[/img]

Re: Official 1st Gen (Red/Blue and Yellow) Glitch Discussion

Posted by: SM
Date: 2014-04-13 08:11:51
does anyone know what is the cause of zzazz glitch?

Re: Official 1st Gen (Red/Blue and Yellow) Glitch Discussion

Posted by: Torchickens
Date: 2014-04-13 08:46:55

does anyone know what is the cause of zzazz glitch?


To start a Trainer battle, the game needs to load a lot of data, such as the trainer sprite, his pokemon and the money he'll concede if defeated. When it loads the money is where things can get really ugly. For reasons that are beyond me, money is stored in a completely different manner, the game uses a data structure of three bytes and instead of converting the value to binary, it stores it in "human" representation. For example, $123456 would be stored as 0x123456 instead of 0x01E240, the proper conversion.

Trainer missingno.s of ID 251, 252, 254 and 255 point to location with invalid money data. When the game tries to perform arithmetic with these data in said structure, it goes nuts and starts overwriting huge portions of RAM. More specifically, for every block of three bytes, two of them will contain 0x9999 (the maximum amount of money a trainer could give). This pattern repeats itself many times through RAM. To see this better, I recommend pausing the video on the emulator after the ZZAZZ trainer is faced and set VBA's memory viewer to 0xD070.


So allegedly it's related to the winning money. That's why the game keeps writing 0x99. (which in decimal is 153). As p4wn3r said, money in the game is stored in 'human representation', so what you see in hexadecimal is what you get in decimal. I don't know the exact reasons why the game can't manage the winning money. It's likely to be 'base' in the formula Payout=Last Pokémon LevelBase that causes problems. Note only glitch Trainer classes cause the ZZAZZ glitch, but what p4wn3r didn't mention is that it's only specific glitch Trainer rosters that cause it; you can have a glitch Trainer class and be 'OK'. For example, it's less known that Trainer 256 (C8)'s roster 5 in Red can cause a more volatile version of the ZZAZZ glitch that corrupts your items and the overworld, but not roster 7.

Gia told me once via Youtube that p4wn3r did a disassembly of what happens during the ZZAZZ glitch, but I don't know if he published it anywhere.

Edit: HyperHacker thinks it's something different:

It's interesting that 153 = 0x99, as the game does use Binary-Coded Decimal for some values; for example your money ($999,999 = 99 99 99 rather than 0x0F423F). However I think this is a coincidence. From a technical standpoint, this glitch overwrites several areas of memory with two different patterns. Your Pokémon's stats all become 153, which (being 16-bit values) indicate the entire status block is overwritten with the byte pattern 0099. However your name becomes ZZxZZxZZxZZx (where x is unchanged), which indicates that block is overwritten with a different pattern: write two bytes of 99, then skip one.
Having played with the game code a fair bit, this seems familiar to me: I suspect it's actually the graphic decompression routine gone out of control due to the Pokémon having garbage graphic data. The graphic compression routines include commands such as "fill with 2-byte pattern" (0099 in this case) and "fill with byte, skipping every third." These exactly match the symptoms. Another hint is that it corrupts the player's trainer and Pokémon graphics - the first place an out-of-control graphic decompression routine is going to trash is the other graphics right nearby. HyperHacker 03:45, 16 December 2009 (UTC)

Re: Official 1st Gen (Red/Blue and Yellow) Glitch Discussion

Posted by: TheZZAZZGlitch
Date: 2014-04-13 10:44:28
I tried to set some breakpoints in BGB and see what exactly is corrupting the memory. It looks like the source of the problem is a subroutine at $781D, rom bank 3.

It is not documented in IIMarckus's Pokemon Red disassembly, so its purpose remains a mystery. The subroutine is used in the ReadTrainer subroutine (at $39C53), which, well, reads trainer data.

[tt]Func_f81d: ; f81d (3:781d)
call Load16BitRegisters
and a
ld b, c
.asm_f822
ld a, [de]
adc [hl]
daa
ld [de], a
dec de
dec hl
dec c
jr nz, .asm_f822
jr nc, .asm_f835
ld a, $99
inc de
.asm_f830
ld [de], a
inc de
dec b
jr nz, .asm_f830
.asm_f835
ret[/tt]

The bold part in the code is what's responsible for writing the 99s all over the memory. At $D079 there seems to be a 3-byte buffer of some sort. The 'Func_f81d' subroutine is responsible for filling this buffer with data.
It seems like it is a yet another buffer overflow bug in Generation I.

EDIT 1: Further experimentation has shown that $D079 is indeed the location which holds the payout money of a trainer. But why exactly the subroutine freaks out and starts writing 99s everywhere?

EDIT 2: The subroutine seems to be used to multiply two BCD (binary coded decimal) numbers.