Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Generation II Glitch Discussion

Arbitrary code execution in Gold/Silver UE using the Coin Case - Page 14

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: spamviech
Date: 2017-10-27 22:22:19
Player Sprite Modifier - Permanent (Old Man; Change 's and A to different values for different results, can replace the 55 for Box 1 with 'v(Another Letter) too, if desired value is unobtainable):

Box 1: Ap0's'vA55 (XOR A; OR d4; SUB 0x80)
Box 2: é9'l55555  (LD [ffd1], A)



Just tried out the code above (with slight adjustment for use with TM25 in balls pocket) on VC (english) and the results are quite interesting:
Moving up/down turns you into a male rocket moving sideways (random if left or right) while moving left/right turn you into one of the girls (think the sister from the one who gives you the squirtle bottle has the same model) looking down.
Getting on the bike doesn't change your model, but you still move faster.

Might try a few more numbers, but so far most restulted in glitchy graphics for the player character.
Just a note: the above code also looked glitchy while in the upper level of the pokémon center, so the sprite might be dependent on the map you're currently on. I was in Goldenrod City for reference.

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: SatoMew
Date: 2017-10-28 11:49:14

Video is finally up. Curse ye slow internet speeds


My recommendation is to convert to WebM before uploading.

https://trac.ffmpeg.org/wiki/Encode/VP8

https://trac.ffmpeg.org/wiki/Encode/VP9

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: Couldntthinkofaname
Date: 2017-10-28 19:19:29


Video is finally up. Curse ye slow internet speeds


My recommendation is to convert to WebM before uploading.

https://trac.ffmpeg.org/wiki/Encode/VP8

https://trac.ffmpeg.org/wiki/Encode/VP9


FFMPEG returns errors when converting BGB videos into WebM.

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: SatoMew
Date: 2017-10-28 19:35:26

FFMPEG returns errors when converting BGB videos into WebM.


That's strange! :( What is ffmpeg's output?

What I usually do after merging the AVI and WAV is encode the video to WebM with VP9 on Constant Quality mode. The following snippet is the command I recall using for that process:

ffmpeg -i "/path/to/video.avi" -c:v libvpx-vp9 -crf 0 -b:v 0 -c:a libopus -pix_fmt yuv420p "/path/to/video.webm"

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: forsyz
Date: 2017-10-28 20:30:36
how do you convert tm 27 and coincase codes to tm 17 codes

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: Couldntthinkofaname
Date: 2017-10-28 21:47:12

how do you convert tm 27 and coincase codes to tm 17 codes


There's no singular answer for that, it's entirely dependant on the code.

TM 17 are already TM 25 codes, no conversion is required.

Most, coin case codes can be converted by simply tacking p'd at the end of the main code. FMK's one-off code is not necessary for Wrong pocket TM codes.

If you are having difficulties coverting a specific code, just let me know.

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: Nostalgia
Date: 2017-10-29 07:56:30


For Coin Case, this adaptation should work:
Box 1:  Ap'v8é'm25
Box 2:  p0(male)55555
Box 3:  'vAé52p0'm
Box 4:  éJ9p0(female)55
Box 5:  éK9p0255
Box 6:  éL9p'd555
Box 7:  p0[b]?[/b]yyéA'd
Box 8:  p0éé(female)'dyy
Box 9:  p0ké0'dyy
Box10:  pppppéZ ( is the multiplication character)
Box11:  .9'l'l'l'lx'd


Couldn't get this to work, getting sent into the glitch dimension. All box names are correct. I just want the wild Celebi code, I'm not interested in Shiny, and I don't know if this was the coin case adaption of the wild and shiny encounter or just the wild encounter.

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: Couldntthinkofaname
Date: 2017-10-29 08:01:46



For Coin Case, this adaptation should work:
Box 1:  Ap'v8é'm25
Box 2:  p0(male)55555
Box 3:  'vAé52p0'm
Box 4:  éJ9p0(female)55
Box 5:  éK9p0255
Box 6:  éL9p'd555
Box 7:  p0[b]?[/b]yyéA'd
Box 8:  p0éé(female)'dyy
Box 9:  p0ké0'dyy
Box10:  pppppéZ ( is the multiplication character)
Box11:  .9'l'l'l'lx'd


Couldn't get this to work, getting sent into the glitch dimension. All box names are correct. I just want the wild Celebi code, I'm not interested in Shiny, and I don't know if this was the coin case adaption of the wild and shiny encounter or just the wild encounter.


Spamviech made an error with the adaption. The code has two portions, the entry point and the OAM DMA loop. Fixing the stack on the OAM DMA loop causes the stack pointer to go in the wrong position, causing a game crash.

I might be able to make a fix soon, but the amount of SMC may cause conflict

The entry point and the stack repair combined is 7 boxes. Box 7 is the only box I can use for SMC, which is required to load the species index into $d0ed

Sorry, TM 25 only.

Spamviech made a fix :)

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: spamviech
Date: 2017-10-29 08:41:34

Spamviech made an error with the adaption. The code has two portions, the entry point and the OAM DMA loop. Fixing the stack on the OAM DMA loop causes the stack pointer to go in the wrong position, causing a game crash.

I might be able to make a fix soon, but the amount of SMC may cause conflict.


Yea, noticed that myself. Didn't look too closely when I wrote this.
Also, this is a code for a shiny encounter.

For just encounter manipulation with Coin Case use this Code (this time even tested  :-[):

Box 1: Ap'v8é'm25
Box 2: péZ(mult)0(male).9
Box 3: 'v'vé52p0'm
Box 4: éJ9p0(female)'l'l
Box 5: éK9p02'l'l
Box 6: éL9p'd555
Box 7: p0?yyéé'd
Box 8: p'dyyyyyy
You still need to replace ? in Box7-name with your preferred species. For Celebi this would be 5.

Edit:
Here for the shiny encounter. Also this time tested  :-[.

Box 1:  Ap'v8é'm25
Box 2:  péZ(mult)0(male).9
Box 3:  'v'vé52p0'm
Box 4:  éJ9p0(female)'l'l
Box 5:  éK9p02'l'l
Box 6:  éL9p'd555
Box 7:  p0?yyéé'd
Box 8:  p0éé(female)'dyy
Box 9:  p0ké0'dp'd

Still don't know how this OAM DMA loop thingy works, but at least this code does.

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: Nostalgia
Date: 2017-10-29 08:50:22
Okay it worked but I got wild Kingdra in the grass outside Cherrygrove instead of Celebi hahahaha.

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: spamviech
Date: 2017-10-29 08:51:40
You still need to replace ? in Box7-name with your preferred species. For Celebi this would be 5.

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: Nostalgia
Date: 2017-10-29 08:56:30
07 gave me a wild egg battle.

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: spamviech
Date: 2017-10-29 09:05:46
You`re too quick. Wait for me to edit my stupidity.  >:(
5 is for Celebi.  :-[

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: Nostalgia
Date: 2017-10-29 09:12:35
[img]http://i.picresize.com/images/2017/10/29/jUn1l.jpg[/img]
[img]http://i.picresize.com/images/2017/10/29/o71qX.jpg[/img]

So it worked, many thanks. Also wanted to take pictures to show that this is the best method to obtain Celebi now, no need for eggs or a changing another Pokemon into Celebi. This method is quicker, registers in Pokedex and Celebi comes with its start moves. :)

I have almost finished the game now, 16 Badges and 209 Pokedex, but I want to complete the Pokedex before I beat Red and I've obtained every single in-game Pokemon except Entei and Raikou now, so all I need now is them, the R/B/Y and Silver exclusives which I can get from box names.

Edit: very strange, but performing this glitch made the Mystery gift option appear at the title screen when I never spoke to the girl in Goldenrod dept store. It also changed my text speed to medium, when I had it on fast before. o.o

Re: Arbitrary code execution in Gold/Silver UE using the Coin Case

Posted by: spamviech
Date: 2017-10-29 09:19:06
Congratulations.  ;D

I cheated a bit with Happiness evolutions (they are a pain in Gen2; did that enough as a kid) and with Evolution Stones, but aside from that had a blast with glitchless gameplay.

Glitched stuff is great as well, but that's for another copy.  8)