Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Generation I Glitch Discussion

"Buy any item from shop" cheat gym badge man glitch textbox - Page 1

"Buy any item from shop" cheat gym badge man glitch textbox

Posted by: TheSixthItem
Date: 2017-06-22 06:13:12
[img]https://image.prntscr.com/image/ussudk7CSRKoDS8KvQQhew.png[/img]
An interesting glitch, when you use a "buy any item from shop" cheat and ask the gym badge man to review it, you get a glitch text box

Re: "Buy any item from shop" cheat gym badge man glitch textbox

Posted by: Caveat
Date: 2017-06-22 06:28:05
Fascinating…

I wonder if it changes based on the item code you have activated?

Re: "Buy any item from shop" cheat gym badge man glitch textbox

Posted by: TheSixthItem
Date: 2017-06-22 07:07:10

Fascinating…

I wonder if it changes based on the item code you have activated?

With rare candy I got 9999999999Poké94 ERROR so it probably changes

Re: "Buy any item from shop" cheat gym badge man glitch textbox

Posted by: Torchickens
Date: 2017-06-22 21:04:43
I decided to research this subject and made some really interesting finds.

When displaying items in a list, the game first has to decide what type of list it is, like is it an item and quantity list or are we just displaying items in sequence?

This is controlled by memory address CF94 (CF93 in Yellow) and these are the menu type IDs:

00: Your Pokémon in the current box with levels. If forced in the inventory the Pokémon will still act like the items you have.
01: Move IDs in sequence. If you had Master Ball x97 this would appear as Pound (dec:01), Agility (dec:97). If forced in the inventory they will act as the items as if entry 1 was item 1 and entry 2 was item 1's quantity but as an item and so on. Curiously entries may act as unterminated name glitch items and thus require that you use them where a 0x50 sub-tile is on the screen.
02: Items in sequence, no quantities. We can thus convert quantities into items you can use if you replace the items pack with it. Used by Poké Marts.
03: Regular items pack. Key items have their quantities hidden. Used by the inventory and item PC.
04(+?): Items in sequence, no quantities (again).

When you talk to the badge man or use a lift (Celadon Department Store, Rocket Hideout, Silph Co.) the game uses list type 04, although these may be interpreted as key items hence not have quantities even if the list type was 03.

List types do not apply to the fossil list if you talk to the scientist in Cinnabar Lab with more than one fossil, so seem to be handled differently.

CF8B (CF8A in Yellow) also controls the pointer to the entries in the list. For inventory items CF8B is 1D D3 (D31D) because that is where our items begin. For stored PC items CF8B is 3A D5 (D53A). For box entries it's 80 DA (DA80), which likewise is where stored Pokémon in the current box begin.

For Poké Marts, the badge man and lifts the pointer is 7B CF (CF7B), and the data here gets written to beforehand depending on which list you opened. Notice that the Poké Mart first item code is 01xx7CCF. This is why using the code will change the badge man's list entries and lift list entries as well.

If you use an invalid entry in a lift list it doesn't matter as only the position counts, so if you replaced entry 2 and it was 2F with a Master Ball it would still take you to the second floor.

However, it turns out invalid badge man entries can bring up glitch text boxes, and this is actually the subject of a glitch in Japanese Red/Green/Blue. In that glitch the badge items are represented in the code as such:


15 16 17 18 19 1A 1B 1C FF


[0x15]
[0x16]
[0x17]
[0x18]
[0x19]
[0x1A]
[0x1B]
[0x1C]
[0xFF]

What happens when you swap one of these entries with another is similar to how the duplicate key items glitch works in Generation II. The game will 'pretend' that the list was an item+quantity list, like this:

x 22
x 24
x 26
x 28
CANCEL

It's hard to picture how this will affect the actual list, but let's say we pretend the items list has quantities and we swapped x 22 with x 24, we would get

x 24
x 22
x 26
x 28

Back into a list of entries only this would be:

[0x17]
[0x18]
[0x15]
[0x16]
[0x19]
[0x1A]
[0x1B]
[0x1C]

And this is what actually happens in game, explaining why the [0x15] and [0x16] were shifted down two slots instead of just swapping places.

But you can get glitch entries like this too:

[img]http://i.imgur.com/rtBAvw9.png[/img]

The reason why seems to be because the game is pretending that the entries we're swapping have quantities then there are only a limited number of 'item+quantity' pairs until we go past the end of the buffer and corrupt unrelated data. We can bring up glitch entries this way or even corrupt the lower byte of the list pointer, which could bring a lot more glitch entries to select and allow us to access more than eight entries.

This could even theoretically result in the corruption of CFBF, so if you escaped from battle using a partial escape glitch item beforehand then maybe you could catch any(!) Pokémon and glitch Pokémon (except maybe for FF; you can't anything the game would interpret as Cancel and bad/division by 0 growth rate glitch Pokémon) without CoolTrainer/unterminated glitch item with specific screen data, and this could probably be more convenient than Fossil conversion glitch.

Maybe you could corrupt D036 (instant encounter) as well just by swapping entries around.

[img]http://i.imgur.com/siDOpu1.png[/img]



Something that still stands though is this; what happens when non-badge entries are selected? I'll be researching this as it could allow for arbitrary code execution if it allows for text code, and the text code is in WRAM and you can place an 08 at the beginning of the text code, marking that bytes after it are executed as assembly.

Edit: I put together a way to get Mew but it's ridiculously difficult in practise. Will upload a video soon.

Re: "Buy any item from shop" cheat gym badge man glitch textbox

Posted by: Parzival
Date: 2017-06-23 09:25:36
I find this funny since when I was 5 or 6 I still had Pokemon Red, a Gameshark and my GBC, and I found these while cheating my young ass off. These are what got me into corruptions.

God, the nostalgia…

Re: "Buy any item from shop" cheat gym badge man glitch textbox

Posted by: Torchickens
Date: 2017-07-07 09:13:23

I find this funny since when I was 5 or 6 I still had Pokemon Red, a Gameshark and my GBC, and I found these while cheating my young ass off. These are what got me into corruptions.

God, the nostalgia…


I relate to this too, I used to love playing around with my Xploder (which works just like a GameShark).

Good times can't beat them. :)

By the way, we now have yet another arbitrary code method:
https://www.youtube.com/watch?v=mGbeJnwR32Y

Possibly what we can do next is manipulate an arbitrary Trainer victory script.

Re: "Buy any item from shop" cheat gym badge man glitch textbox

Posted by: TheSixthItem
Date: 2017-07-07 09:18:59
I now feel like finally downloading a ROM of pokemon green
O and are you a magician or something? <3ing my comment while being on gcl