Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Generation I Glitch Discussion

Yet another arbitrary sprites addendum - Page 1

Yet another arbitrary sprites addendum

Posted by: Torchickens
Date: 2018-11-30 18:44:48
Trainer 0x37 (D059/8=FF), known as "14S" in Red/Blue and ", A" in Yellow has a front sprite sourced from E891 in Echo RAM. This applies to both Red and Yellow.

Due to how Echo RAM works, E891 is a copy of C891. C891 is in the middle of C6E8 (wOverworldMap), a 1300 (decimal) byte structure. Sadly, this data is overwritten after saving and resetting. However, if arbitrary code execution is used to copy a customized sprite to this structure before battle, then it is possible to give Trainer 0x37 any sprite you desire. It just requires the internal 7x7 sprite dimension.

I've confirmed fighting the "Buried Alive" Trainer with this exploit. If you have BGB, copy and paste the following bytes to C891 and then change D058 (or D059) to 0xFF. You should now be fighting the Buried Alive Trainer (who is really just a glitch Trainer, further modifications will be needed to change his name and party). The other, long way is to write these bytes one by one with ACE, or write them elsewhere and copy them to C891.

77 BC E5 1D 73 CD 56 72 3F 3C CE 9F F1 FC F2 91 FF F8 7F 3C A5 7F B6 1F CA 4F 11 63 2F D2 20 E9 4C 95 38 D9 53 0F F2 7F DF 1F AB AC E4 5F D2 BF C5 6C 7C 12 3E 14 2C 53 87 E8 AF FC 9F F8 21 96 17 81 4C D2 5E AC AA 0B 0A 2E 21 A4 8B E8 11 74 88 10 E2 23 1D C6 2E 88 A3 0F AF 94 3F F3 83 F2 10 AD 0B D5 C3 BF 52 78 A9 4A A2 97 F2 24 8B 46 AF E2 2A C1 2F 94 BA 23 FF C9 94 88 D5 41 E3 18 35 50 49 FF F2 AB 29 29 7E AD 45 29 14 16 62 3F FC C7 48 BF FA 07 C2 A0 A0 50 60 DB F2 BF FC C9 4D 21 71 E0 A8 14 6D 42 27 FF CC ED 05 C3 C3 0F BD 1E 25 17 F0 CA FF CD 60 A3 5B D7 F5 7F 23 2B FC F0 68 8A FF 23 2A BC F2 2F 85 F4 AF 3C A9 18 2C BC F3 14 9C AC F3 A0 D2 F3 CF 98 1D 7F 4F 3A 5F FF E3 CE BC 3A E1 9E 7B F7 E7 9A AD FF AD 1E 52 14 CC FA D1 E4 E0 D7 FB EB 47 93 6F F7 DE B4 79 2B D1 37 2F 90 CA 9A A7 2F 7F A1 37 E8 E8 75 C2 CA AC D2 70 A1 7F F8 BF A3 23 48 E2 AA 33 F4 9A 30 BF 7C 3F FC 0C 1D 0E 3C 36 1B DF 14 AA C2 FD 02 43 2C C4 E4 E3 6B C3 5F E4 F8 2B FD 11 C4 32 CC 38 A9 12 2A 08 2F FF CC CD 2A 61 A4 4B 71 19 12 30 4B DB 05 5B B3 10 E0 97 78 CB 71 39 32 5D 16 FE 28 7E 18 25 DE 17 FC 57 91 26 CF 30 44 33 2A 4B E1 FE C6 12 44 60 BD 4C 83 E4 7C FF BF CD FB 18 D9 11 2C C1 FF E1 C8 C1 6B FD CC DF 71 95 B3 4C CF FD E1 41 D4 84 DF EE 13 2E C6 96 FD 05 55 0D 28 74 CC FD 33 0C B7 47 6C 1D 41 3F F4 CC 32 F9 E4 7F D3 30 CB 29 E4 5F 4F E8 AD A7 97 53 6C 0B 69 E6 CC E2 B2 9E 73 FC AC 9E 8D FF FE 9E 75 FF FF 1E 85 F0 C4 00


For reference, here are the picture/money data for the standard glitch Trainers:

The first two bytes are the sprite pointer. The last three bytes are the BCD (binary coded decimal) payout values.

Red/Blue:


98 8E 94 8D 86 ; (f8)  - pointer 8e98
92 93 84 91 50 ; (f9)  - pointer 9392
81 94 86 7F 82 ; (fa)  - pointer 9481
80 93 82 87 84 ; (fb) - pointer 9380
91 50 8B 80 92 ; (fc) - pointer 5091
92 50 92 80 88 ; (fd) - pointer 5092
8B 8E 91 50 89 ; (fe) - pointer 8e8b
91 E8 93 91 80 ; (ff) - pointer e891
00 0A A5 03 00 ; (00) - pointer 0A00


Yellow:


98 8E 94 8D 86 ; (f8)
92 93 84 91 50 ; (f9)
81 94 86 7F 82 ; (fa)
80 93 82 87 84 ; (fb)
91 50 8B 80 92 ; (fc)
92 50 92 80 88 ; (fd)
8B 8E 91 50 89 ; (fe)
91 E8 93 91 80 ; (ff)
04 49 04 01 3A ; (00)

Note: The Trainer 0x00 (D059/8=C8) data may be wrong.