Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Generation II Glitch Discussion

Abnormal Pokémon: $FE trade corruption for fun and profit - Page 1

Abnormal Pokémon: $FE trade corruption for fun and profit

Posted by: Háčky
Date: 2014-07-03 01:00:45
As Torchickens has documented, taking a Pokémon with index number $FE in either Generation I or II into a trade or link battle with a Generation II game causes everything in the party to appear corrupted to the other gameshifted by one byte, to be more specific. Typically, this prevents trading, because everything will appear to be abnormal to the other game. (Note: I havent looked very far into exactly why this corruption happens, but the code starting at $2879E in Crystal looks extremely suspicious.)

What makes a Pokémon abnormal, anyway? The function at $FB57E in Crystal checks three things for Pokémon traded from Generation I:

1. The Pokémon must not be a hybrid, unless its an Egg. (Theres no way for a Generation I Pokémon to be seen as an Egg in Generation II, because $FD does not appear in the conversion table.)
2. The Pokémons level (offset $21 in the Generation I Pokémon data structure; offset $03 is ignored) must not be over 100.
3. The Pokémons types must be correct, unless its a Magnemite or Magneton (because they gained the Steel type in Generation II).

When $FE shifts the Generation I data structure, the least significant byte of the Pokémons remaining HP will become its species, its Type 2 will become its Type 1, its catch rate/held item will become its Type 2, and the least significant byte of its maximum HP will become its level. There are at least three ways to engineer things so that all these values will look okay after the corruption:

1. Get a Magneton with 54 HP remaining out of a total HP of 256 or higher.
2. Get any single-typed Pokémon in Generation II (except Normal or Bug type), with the same remaining HP as its index number in Generation I, and a total HP either less than 100 or between 256 and 356 (for example, a Krabby with 78/78 HP can be used, and you might be able to catch one of those by fishing in Whirl Islands 1F with a Super Rod). Give it the item with the same index number as its type: FightingMaster Ball, PoisionBrightPowder, GroundGreat Ball, RockPoké Ball, GhostMoon Stone, FireRepel, WaterMax Elixer, GrassFire Stone, ElectricThunderStone, PsychicWater Stone, DragonHP Up, DarkProtein. Then send it to Generation I normally (using the Johto guard glitch if necessary) before trading it back to Generation II with $FE corruption.
3. Get any Pokémon in Generation II with HP that corresponds to the Generation I index number of any single-typed Pokémon (except Normal or Bug type) which is the same as its own second type. Give it the item with the same index number as that Pokémons type. Send it to Generation I normally (using the Johto guard glitch if necessary), hybridize it with that Pokémon, and then trade it back to Generation II with $FE corruption.

(Normal is index $00, which corresponds with an item named ?, and Bug is $07, which corresponds with a Teru-sama. There are no pure Flying, Steel, or Ice-types in Generation II.)

When a corrupted Pokémon is received, its name and OT will be missing the first letter, its current HP will be its original level 256, it may have multiple status conditions based on its type, it will be holding an item based on the index number of its first move, and its fourth move will be based on the least significant byte of the OT ID number and have PP based on its original level. Its stats, experience points, IVs, and EVs will probably be greatly increased, except for Special Attack and Special Defense which have to be recalculated.

Another thing Ive noticed is that, if you put two $FE Pokémon in your party, everything will be shifted by two bytes, three $FEs will shift everything by three bytes, and so on. A three-byte shift would turn a Pokémons level into its species, its first two moves into its two types, and the least significant byte of its Attack stat into its level.

This might be the easiest method: get a level 54 Magneton, which should have less than 100 Attack unless its EV is too high, and corrupt it with three $FEs in the party. You can teach it TM33 Reflect as its third move so that it will be holding a GS Ball, or TM44 Rest so it will hold a Sacred Ash. (Unfortunately, Magnemite and Magneton dont learn any moves with indices under 100 that correspond to key items, so this method wont provide everything needed to corrupt the Balls pocket.)

It should be even easier to mess around with this in a trade between two Generation II games, if theres a convenient way to obtain ????? ($FE). Obviously it can be done with arbitrary code execution, but I dont know how much setup that would require.

Re: Abnormal Pokémon: $FE trade corruption for fun and profit

Posted by: Stackout
Date: 2014-07-03 10:32:47
Magnemite and Magneton dont learn any moves with indices under 100 that correspond to key items


given that that function does not check moves, couldn't you just use 8F/ws m to force such a move onto the Pokémon?

Re: Abnormal Pokémon: $FE trade corruption for fun and profit

Posted by: rortik
Date: 2014-07-03 14:06:44
However if we can find a consistent and fairly quick way to get a hold of ?????, then this glitch would be much more exploitable.


As it is we can't do much if it's only Magneton.



Now I have even more incentive to find a way to get ????? quickly…

Re: Abnormal Pokémon: $FE trade corruption for fun and profit

Posted by: Torchickens
Date: 2014-07-03 16:20:47

1. The Pokémon must not be a hybrid, unless its an Egg. (Theres no way for a Generation I Pokémon to be seen as an Egg in Generation II, because $FD does not appear in the conversion table.)
2. The Pokémons level (offset $21 in the Generation I Pokémon data structure; offset $03 is ignored) must not be over 100.
3. The Pokémons types must be correct, unless its a Magnemite or Magneton (because they gained the Steel type in Generation II).


Thanks for your explanation. I'm glad you found that there's a use for the FE corruption trick.

With your explanation, I found that you can trade at least Missingno. to Generation II.

Missingno. hex:50 is considered as a Remoraid in Generation II, so if you use 8F/ws m to change its type in memory to Water/Water (15h, 15h) it becomes tradeable.

Are there any glitch Pokémon that have the same type as its Generation II Pokémon? We could probably trade this glitch Pokémon into Generation II without 8F/ws m.

Note that some types on glitch Pokémon are called Normal but they aren't actually Normal, rather a glitch type called Normal. If I remember rightly this applies to at least 94's "Ghost" type as well.


However if we can find a consistent and fairly quick way to get a hold of ?????, then this glitch would be much more exploitable.


As it is we can't do much if it's only Magneton.



Now I have even more incentive to find a way to get ????? quickly…


Just a note: The abnormal Pokémon message may appear when trading between two Generation II games too.


Edit: Following what I wrote about trading a Missingno. to Generation II by making it Water type, I found a glitch Pokémon that may be tradeable to Generation II. It's a hybrid, so you can get no key items from it without arbitrary code execution, but:

OPkMn4X (hex:CF) is Bug/Poison type.

On Generation II it's read as an Ariados, which is also Bug/Poison type.

Thinking about it though, this glitch Pokémon is a non-Ditto trick obtainable (because it's index number is greater than 199) so you couldn't get its 'natural' hold item anyway(?).

Re: Abnormal Pokémon: $FE trade corruption for fun and profit

Posted by: Háčky
Date: 2014-07-03 18:35:06

Magnemite and Magneton dont learn any moves with indices under 100 that correspond to key items


given that that function does not check moves, couldn't you just use 8F/ws m to force such a move onto the Pokémon?

Well, yes, but if youre using 8F/ws m, you might as well set the catch rate/held item byte and whatever other stats you want to corrupt directly rather than relying on $FE to do the job.

Another option I somehow forgot to consider is that you should be able to take any level 54 Pokémon with Attack of 100 or less and hybridize it with Magneton. That way, you can start with whatever Pokémon learns the move you want to turn into an item. (Conceivably, it should be possible to use a triple-shift for something other than Magnemite/Magneton if its first two moves correspond to its types, but I dont know if theres any way that would be feasible.)

Are there any glitch Pokémon that have the same type as its Generation II Pokémon? We could probably trade this glitch Pokémon into Generation II without 8F/ws m.

It looks like weve got no less than eight in the English versions, and one of them is even obtainable with the Ditto trick:

P ($CB) shares the Pokédex number of Pidgeotto in Red/Blue and becomes Noctowl.
O PkMn4 X ($CF) shares the Pokédex number of Beedrill in Red/Blue and becomes Ariados.
N g ¥ ($F8) shares the Pokédex number of Rattata in Red/Blue and becomes Snubbull.
4. . ($C5) shares the Pokédex number of Golduck in Yellow and becomes Totodile.
($D4) shares the Pokédex number of Snorlax in Yellow and becomes Cleffa.
B ($D7) shares the Pokédex number of Pidgey in Yellow and becomes Togetic.
Z ($E5) shares the Pokédex number of Persian in Yellow and becomes Aipom.
p ($F5) shares the Pokédex number of Snorlax in Yellow and becomes Dunsparce.

Just a note: The abnormal Pokémon message may appear when trading between two Generation II games too.

I think (havent confirmed) its only the species and level that are checked, since types arent stored in the Pokémon data in Generation II.

Re: Abnormal Pokémon: $FE trade corruption for fun and profit

Posted by: Háčky
Date: 2014-07-04 22:53:08
Oh, theres one more glitch Pokémon you can trade across time.

Do the Ditto trick using a Rock/Ground-type Pokémon (Onix or the Geodude family) with a special stat of 182. Since the fossil/ghost Missingno. take their base stats in a wild battle from whatever your last encounter was, youll run into a Rock/Ground-type Kabutops fossil Missingno., which becomes Pupitar when traded to Generation II.

Doing this with the Aerodactyl fossil or ghost forms of Missingno. requires a Rock/Dark (Tyranitar) or Psychic/Flying (Lugia) Pokémon, which arent normally available in Generation I.



Something I wanted to document, although unfortunately it turns out not to be useful, is how the species index is converted between Generation I and Generation II. The conversion table (at $FBA26 in Gold/Silver, $FB91C in Crystal) is stored in order of Generation I indices, starting from 1, and each byte is the corresponding Generation II index (which is always the same as the Pokédex number). The first entry is $70, which means index number 1 (Rhydon) from Generation I becomes $70 when traded to Generation II. To convert a Generation II Pokémon back to Generation I format, the game reads through this table until it finds a value that matches, while keeping a running tally of how far into the table it is, so a Pokémon with index $73 (Kangaskhan) in Generation II will be converted to $02 in Generation I, because $73 is the second entry in the table.

The first 250 entries in the table are straightforward and well-documented; all Pokémon from Bulbasaur to Ho-Oh are given a conversion. Inexplicably, entries 251 and 252 are both $CA. (I guess its possible someone was trying to make a joke based on Wobbuffets name in Japanese?) The conversions for Generation I indices 253255 and 0 come from the first four bytes of the following program code. Index 253 becomes $FA (Ho-Oh) and index 0 becomes $4F (Slowpoke), but the values for indices 254 and 255 represent a pointer which differs in some versions of the game:

Japanese Gold/Silver: $FE $10 (Pidgey), $FF $D1 (Snubbull)
Japanese Crystal: $FE $65 (Electrode), $FF $D2 (Granbull)
Korean Gold/Silver: $FE $DB (Magcargo), $FF $D1 (Snubbull)
International Gold/Silver: $FE $1E (Nidorina), $FF $D1 (Snubbull)
International Crystal: $FE $34 (Meowth), $FF $D2 (Granbull)

Since $FB$FF and $00 never appear as values in the conversion table, theres no way to get Celebi, an Egg, or any of the ????? variants into a Generation II game by trading them from Generation I. But what if you try to send those Pokémon from Generation II to Generation I? The game will keep searching past the end of the conversion table until it finds the value its looking for. Specifically, in the English versions, it will find the values at these positions (modulo 256):

Gold/Silver: $00 $18 (Rhyhorn), $FB ??, $FC $65 (Wigglytuff), $FD ??, $FE $38 (Missingno.), $FF $39 (Mankey)
Crystal: $00 $18 (Rhyhorn), $FB $63 (Omastar), $FC $41 (Venonat), $FD ??, $FE $38 (Missingno.), $FF $39 (Mankey)

$FB in Gold/Silver and $FD in all three games dont appear anywhere in the remainder of the ROM bank containing the conversion table. When that happens, the game continues its search into RAM until it finds the value its looking for. Thats why trading Celebi from Gold/Silver back to Generation I using the Johto guard glitch gives unpredictable resultsthe converted species is based on the position that an $FB byte happens to be lying around in RAM.

Re: Abnormal Pokémon: $FE trade corruption for fun and profit

Posted by: Torchickens
Date: 2014-07-05 08:45:55
Great research. Thanks Háčky. I will read it carefully later.  :D

Yeah, I knew about the conversion table before thanks to Koolboyman.

I think showing this image again I made in the past will be useful.

[img]http://i.minus.com/jbgV0MAdnoV5h1.png[/img]

The $CA, $CA, $FA values follow.

What FB/FD is when traded back to R/B/Y sounds hard to predict from what you said, though it would be interesting if we could get FB, FC and FD (FE can be obtained by evolving Yellow's / g J 1 (hex:C9) at level 60) without remaining HP glitch (which only works with a box 1 that was never filled) or Generation I arbitrary code execution.

Edit:


but the values for indices 254 and 255 represent a pointer which differs in some versions of the game:

Japanese Gold/Silver: $FE $10 (Pidgey), $FF $D1 (Snubbull)
Japanese Crystal: $FE $65 (Electrode), $FF $D2 (Granbull)
Korean Gold/Silver: $FE $DB (Magcargo), $FF $D1 (Snubbull)
International Gold/Silver: $FE $1E (Nidorina), $FF $D1 (Snubbull)
International Crystal: $FE $34 (Meowth), $FF $D2 (Granbull)


I don't get how to find these Pokémon. Thanks to Datacrystal I know how to convert a pointer to a ROM address, and the relevant area seems to be in bank 3E.

What actually are the pointers though? Following the FA value (index 253 into Ho-Oh) in English Gold/Silver is 1E D1. I tried following 3E:1ED1 as a pointer but it didn't lead to a 1E (Nidorina) value.

Re: Abnormal Pokémon: $FE trade corruption for fun and profit

Posted by: Háčky
Date: 2014-07-05 10:54:11
I don't get how to find these Pokémon. Thanks to Datacrystal I know how to convert a pointer to a ROM address, and the relevant area seems to be in bank 3E.

What actually are the pointers though? Following the FA value (index 253 into Ho-Oh) in English Gold/Silver is 1E D1. I tried following 3E:1ED1 as a pointer but it didn't lead to a 1E (Nidorina) value.

The conversion routine isnt following a pointer; its just using those two bytes, which happen to represent a RAM address that changed between versions, as the Generation II equivalents of $FE and $FF, because theyre at offsets $FD and $FE from the start of the table (and the table starts with 1).

Re: Abnormal Pokémon: $FE trade corruption for fun and profit

Posted by: Torchickens
Date: 2014-07-05 19:53:52

I don't get how to find these Pokémon. Thanks to Datacrystal I know how to convert a pointer to a ROM address, and the relevant area seems to be in bank 3E.

What actually are the pointers though? Following the FA value (index 253 into Ho-Oh) in English Gold/Silver is 1E D1. I tried following 3E:1ED1 as a pointer but it didn't lead to a 1E (Nidorina) value.

The conversion routine isnt following a pointer; its just using those two bytes, which happen to represent a RAM address that changed between versions, as the Generation II equivalents of $FE and $FF, because theyre at offsets $FD and $FE from the start of the table (and the table starts with 1).


OK. Thanks. I didn't pick up that 1E was Nidorina's index number and D1 was Snubbull.