Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Generation II Glitch Discussion

Arbitrary code execution in Gold/Silver UE using the Coin Case - Page 12

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: SatoMew
Date: 2017-10-25 15:55:02

I can make a video of it, provided I can figure out how lol


BGB lets you capture both video and audio! :)

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: Couldntthinkofaname
Date: 2017-10-25 16:04:12


I can make a video of it, provided I can figure out how lol


BGB lets you capture both video and audio! :)

Wondrous! I'll have it made sometime today/tommorow.

I can't say it will be Torchickens or Crystal_ quality though

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: Skeef
Date: 2017-10-25 17:10:25

Speaking of videos, is it possible to use this code but with PP Ups instead? https://www.youtube.com/watch?v=CiDi5nb-uoc I just want to know if there is a easier way to get PP Ups instead of the slow cloning method.


This should give you 255 of the first item in your item pack.

Box1: A p 0 9 é z 't x
Box2: 'd



Thank you!

Regarding the levels, they are based on the route you used this exploit in. Regarding the moves, the Celebi I tried this with used Confusion and Heal Bell agianst me, but I only had time to test out 3 attacks (it used heal bell twice).

As for the other Pokemon you mentioned, I will make them as soon as I return to my computer. :)


This seems the best way to get Celebi with it's start moves then. Other methods to obtain Celebi then have to do another glitch to teach it's start moves which takes a longer time. The only other way to get a Celebi with its start moves using one method is using the bad clone method to get a Celebi at level 0 then give it a Rare Candy to level 1 and it will learn it's start moves, but the bad clone method is more complicated, risky and time consuming, so your discovery is definitely the best method.


You could run TM25 in a more 8F way. Setting up the item pack. This is a gen 2 version of the change any byte in ram code. The box code above can help you get items over 99.

Any <- I actually have TM25 here :D
Any
Fresh Water - ld l
Full Heal - ld h xx
PP Up - ld a xx
Focus Band x201 - ld (hl) a / Ret

So 44 Fresh Water and 218 Full Heal would point to your fist party pokémon. With PP Up quantity determining the move learned. Jumping to item 3 requires a slide pokémon and Quagsire with music mail and Attract as move 1.

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: Couldntthinkofaname
Date: 2017-10-25 18:32:46
I've successfully combined my two prior codes! Here's the outcome:

All encountered Pokemon are <insert x Pokemon here> and shiny:
Box 1:  Ap'v8é'm25
Box 2:  p0(male)55555
Box 3:  'vAé52p0'm
Box 4:  éJ9p0(female)55
Box 5:  éK9p0255
Box 6:  éL9p'd555
Box 7:  p0?yyéA'd
Box 8:  p0éé(female)'dyy
Box 9:  p0ké0'dp'd

Replace ? with the species index

To access species indexes that are lower than $7f, than replace Box 7 with:

Box 7: p0?'v(space)éA'd

Then replace ? with SpeciesIndex + $7f

Due to the way the game generates wild Pokemon, most Pokemon obtained this way are 100% legitimate. This means they will probably be able to be moved to Pokébank when such services become available. There might still be OT issues with Mew, but these can easily be resolved with an OT editor, and I can make one if needs be.

Nintendo's going to have a real headache on their hands :)

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: Nostalgia
Date: 2017-10-25 18:38:13

This should give you 255 of the first item in your item pack.

Box1: A p 0 9 é z 't x
Box2: 'd


Is this a TM25 method? Because I'm only using the Coin Case for now.

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: Couldntthinkofaname
Date: 2017-10-25 18:51:39
Yes, his code is for TM 25 only.

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: Dragon Arbock
Date: 2017-10-25 21:09:47
Is your shiny and wild encounter modifier code TM 25? Cause I can't get it to work with coin case.

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: Couldntthinkofaname
Date: 2017-10-25 21:27:08

Is your shiny and wild encounter modifier code TM 25? Cause I can't get it to work with coin case.


Yep. TM 25 only for the time being, an unfortunately, it's likely to stay that way.

My code needs to load $xx into $d0ed, but the problem is $ed isn't character-representable. To compensate, my code double self-mods in order to load $ed into it's necessary location. That, and the code used to derail OAM DMA, takes up 6 boxes. Since box 7 is the only box that allows self-modding on all character slots, the code must start there. Adding the coin-case setup would take up box 7, the only box I can use.

Sorry. :(

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: Dragon Arbock
Date: 2017-10-25 21:34:31
Ah, disappointing.. don't know if it's worth the trouble to update my setup to 25 or not.. and then the other codes I use would need to be updated too.

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: Couldntthinkofaname
Date: 2017-10-25 21:38:56
I personally recommend TM 25 ACE, there's no hassle to fix the stack and you don't need to walk in a certain manner or listen to specific cry.

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: Dragon Arbock
Date: 2017-10-25 23:32:24
None of that really bothers me. The most tedious part has to be done either way (typing in the code). I could see the advantages though, either way I'll probably be forced into using it as support for coin case wavers.

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: Couldntthinkofaname
Date: 2017-10-26 06:58:43
Just make sure that when you switch to TM 25, move your slide Pokèmon and quagsire up one slot.

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: Torchickens
Date: 2017-10-26 11:28:34
Thanks for your work Couldntthinkofaname. :)

That wild Pokémon modifier and wild Pokémon are Shiny code looks awesome.

May make a video of it like Nostalgia suggested, and if you make one too I'll add a link to it in my video description.

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: Couldntthinkofaname
Date: 2017-10-26 11:31:07

Thanks for your work Couldntthinkofaname. :)

That wild Pokémon modifier and wild Pokémon are Shiny code looks awesome.

May make a video of it like Nostalgia suggested, and if you make one too I'll add a link to it in my video description.

Thanks agian!

I already have the AVI and WAV ready, but I can't combine them yet, i've been scrambling for a video editor that can do this to no avial.

Any suggestions?

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: Torchickens
Date: 2017-10-26 11:43:17


Thanks for your work Couldntthinkofaname. :)

That wild Pokémon modifier and wild Pokémon are Shiny code looks awesome.

May make a video of it like Nostalgia suggested, and if you make one too I'll add a link to it in my video description.

Thanks agian!

I already have the AVI and WAV ready, but I can't combine them yet, i've been scrambling for a video editor that can do this to no avial.

Any suggestions?


You're welcome.

I'm unsure as I usually use Bandicam with Stereo Mix to record the audio at the same time (or VBA's built-in recorder however it probably won't emulate the OAM DMA exploit correctly) without having to combine video and audio.

I think FFMPEG can do that though (according to https://stackoverflow.com/questions/11779490/how-to-add-a-new-audio-not-mixing-into-a-video-using-ffmpeg), use cd [add path here] on Command Prompt to set the current directory.

Windows Movie Maker can do it too but I'm unsure how that would affect the quality.