Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Generation II Glitch Discussion

Pokémon Crystal: Better ACE through Key Items Glitch - Page 2

Re: Pokémon Crystal: Better ACE through Key Items Glitch

Posted by: Torchickens
Date: 2014-12-27 11:53:27
Great. Thanks and well done lucky!

I just have a few comments though. Can you type in your code as opcodes, like AF F6 D6…  (with sample junk code or optional code if necessary just so it runs on to the next box) please? You have "*"s in your code. I don't know what these mean. Some of these names aren't 8 characters long but you could probably fill the rest with junk code.

Additionally, I'm confused with what you do; I know that you set 'a' to $d7 (as part of fcd7) with or, and to $5e with sub (as part of fb5e) but how are you getting the game to put a into the addresses you show? I would have thought that you'd have to store these values in l first to use ld (hl),a but that opcode is a N/A.


Big thanks to the people that made the current coin case route so I'd have a sense of what I was doing, Sanqui for this awesome pastebin here so I could easily convert characters to opcodes, Hacky for giving me the address for the Red Flag, this so I could figure out each address in Gold, and I could get an idea of what addresses in the Gold Coin Case Route would I need to change for crystal, and the Pokemon Crystal Disassembly


Plus (though not exactly related to the execution) if it wasn't for Hacky for actually finding the balls pocket corruption method, or Paco81 for finding the duplicate key items glitch in the first place this wouldn't be possible. And maybe I deserve a bit of credit for discovering that TMs can execute code from RAM and how to get a glitch Pokédex mode. *shot*

Re: Pokémon Crystal: Better ACE through Key Items Glitch

Posted by: luckytyphlosion
Date: 2014-12-27 12:28:36
Plus (though not exactly related to the execution) if it wasn't for Hacky for actually finding the balls pocket corruption method, or Paco81 for finding the duplicate key items glitch in the first place this wouldn't be possible. And maybe I deserve a bit of credit for discovering that TMs can execute code from RAM and how to get a glitch Pokédex mode. *shot*

The thanks was just for the actual code writing, but of course other people helped in discovering the glitches
You have "*"s in your code. I don't know what these mean.

I forgot to specify what the asterisks were. The asterisks mean that the letter gets overwritten with the earlier code, so I could access addresses I couldn't access with only the standard letters.

Additionally, I'm confused with what you do; I know that you set 'a' to $d7 (as part of fcd7) with or, and to $5e with sub (as part of fb5e) but how are you getting the game to put a into the addresses you show? I would have thought that you'd have to store these values in l first to use ld (hl),a but that opcode is a N/A.


To get "a" into the addresses, I use EA (ld $xxyy,a) to write another letter into the box so the game reads that as the address value instead. It's a bit awkward, but it works out.

Some of these names aren't 8 characters long but you could probably fill the rest with junk code.

You don't need to name your boxes exactly 8 characters; they can be shorter. :P

Great; but can you type in your code as opcodes, like AF F6 D6…


I'll write the code in opcodes, but it'll take a while so it'll look "neat" (i.e. would look like this)

EDIT: Done :)


af f6 d6 f6 81 ea 80 fb af ea ea fc d6 a2 ea 8c fb af ea ea fb d6 fd ea b5 fc d6 b7 ea b6 fc b7 d0

; BOX 1
; p 0 'v 0 B é A 5
af            xor a
f6 d6          or $d6
f6 81          or $81; get $d7
ea 80 fb      ld $fb80,a

; BOX 2
; p é é* 6 'v c
af            xor a
ea ea fc      ld $fc(d7),a ; 0 pkmn in party
; (d7) number above changed to d7
d6 a2          sub $a2 ; get $5e

; BOX 3
; é M 5 p é é* 5
ea 8c fb      ld $fb8c,a ; load letter into later box letter
af            xor a
ea ea fb      ld $fb(5e),a ; make red appear
; (5e) number above changed to 5e

; BOX 4
; 'v 7 é v 6 'v x
d6 fd          sub $fd ; get $03
ea b5 fc      ld $fcb5,a ; change map group to $03
d6 b7          sub $b7 ; get $4c

; BOX 5
; é w 6 x 'd
ea b6 fc      ld $fcb6,a ; change map to silver cave
b7            or a ; unset carry flag
d0            ret nc


Actually, does it matter if your original Pokémon that was cloned is slightly different then the clones (different hp value, stats differ a bit because of stat exp + box trick)? :o

Re: Pokémon Crystal: Better ACE through Key Items Glitch

Posted by: Torchickens
Date: 2014-12-27 12:42:34

The thanks was just for the actual code writing, but of course other people helped in discovering the glitches


Yes, sorry. I was just being matter of fact and figured out that you were just listing people who helped in making the code. I maybe should have said nothing. Sorry if I sounded like I wanted you to list more people.


I forgot to specify what the asterisks were. The asterisks mean that the letter gets overwritten with the earlier code, so I could access addresses I couldn't access with only the standard letters.


OK.


Great; but can you type in your code as opcodes, like AF F6 D6…


I'll write the code in opcodes, but it'll take a while so it'll look "neat" (i.e. would look like this)


I don't mind if you just put the opcodes in one string. It's easy to just copy it into BGB that way, and the debugger disassembles it for you.

Edit: Just did your code and beat the game too :D.


Actually, does it matter if your original Pokémon that was cloned is slightly different then the clones (different hp value, stats differ a bit because of stat exp + box trick)? :o


What part of the route is this? Why might a different HP value/different stats matter?

Do you have a draft route written out? Because the bad clone glitch for getting held key items is one of the glitches I've never actually done.

I will be routing/copying the route if I get used to Bizhawk.

Re: Pokémon Crystal: Better ACE through Key Items Glitch

Posted by: luckytyphlosion
Date: 2014-12-27 13:31:02
The Stat exp/HP thing was related to getting a bad clone, since I thought that a bad clone wasn't appearing normally because my original Croconaw had different stats, hp.

I assumed that getting a bad clone was possible in Crystal, but I can't seem to get one. One time it seemed like I got a bad clone was when I actually got a hex FF Pokémon, which was only "half" a bad clone.

I pasted what I have on the wiki, but I'm stuck at the bad clone part. However, I checked in pikasav what box 1 looked like, and the results where interesting:
[IMG]http://puu.sh/dLycv/c8938999be.png[/img]

Maybe I need to clone in other boxes with 00s for empty spaces for the glitch to work.

EDIT: I think I figured out why cloning wasn't working.

When I started cloning, I got a corrupted clone with a name similar to ".KP". I released it and continued cloning. Despite my efforts, I couldn't get a bad clone.

Then, I loaded a state pre-cloning, saved, and decided to check the first box in pikasav. Like the image above, it was a giant garbled mess of garbadge data.

The first Pokémon was a sunflora, and interestingly, it had the same name of ".KP". I'm sure that someone discovered it already, but my guess is that you get a bad clone because your Pokémon has mixed data of hex 00 and your old Pokémon, which explains why I couldn't get a bad clone on BOX 1.

tl;dr don't clone on box 1 for bad clone.

Re: Pokémon Crystal: Better ACE through Key Items Glitch

Posted by: Torchickens
Date: 2014-12-27 13:43:27
For what it's worth, in Gold and Silver an empty box 1 has data filled with FF while boxes 2-14 have data filled with 00. This may also be the case in Crystal. I do not exactly know how the box corruption works, so this is just something I thought would be worth sharing. Do you know what the equivalent of AD82 (stored Pokémon 1) for Crystal is?

Re: Pokémon Crystal: Better ACE through Key Items Glitch

Posted by: luckytyphlosion
Date: 2014-12-27 13:46:22
According to the disasm, sBoxMons is at $ad26, which is where the first box Pokémon is stored. I can check werster's old gold glitched% videos and see what box he used for cloning, to see if I need to clone in a box with 00s or FFs.

EDIT: When werster cloned abra in the old gold glitched route, after the inital cloning attempts, he used "Move Pokemon without Mail" to put Abra back to the front of the party, instead of withdrawing it. Wonder what difference does that make. He also used Box 1 to clone Abra, and then switched to box 2 to hunt for bad clones.

After depositing abra into box 2, he switched to box 1 to clone, however it might be better to switch to another empty box, since Crystal Cloning is much harder.

EDIT2: writing exactly what werster did in his old gold glitched% run, starting from getting abra.

- Deposit Abra and the egg in the pc in box 1
- swap to box 2 and clone.
- use Move pkmn without mail to move Abra to the front of the party, then to move the egg in the party to the box.
- Deposit the two abras and clone again (still in box 1)
- use move pkmn without mail to move the two abras to the front of the party.
- deposit 3 abras and croconaw into box 1 and clone.
- withdraw 1 abra, and change boxes to box 2.
- deposit all abras into box 2 and clone.
- deposit all abras into box 2 again and clone.
- deposit 3 abras into box 2 and clone.
- deposit 4 abras into box 2 and clone.
- deposit 2 abras into box 2 and attempt to get a bad clone.
- check if box quantity in box 2 is 19, if it isn't then attempt to bad clone again.

My guess is that you clone in box 1 first to get 4 abras, then you switch to box 2 because there's only 1 FF at the end of your party, and box 1 would have FFs because you withdraw Pokémon.

When he did get a bad clone, it was the last 2 Pokemon, which means that bad clones can only be created by the Pokémon that were just deposited.

I'll try to see if I can get a bad clone now, doing what werster did and adapting it to crystal. I'll probably clone in box 2 first to get four clones, then switch to box 3/4 to hunt for a bad clone. I don't know if I need to fill my box almost entirely full like werster did, though.

Re: Pokémon Crystal: Better ACE through Key Items Glitch

Posted by: Torchickens
Date: 2014-12-27 13:57:42

According to the disasm, sBoxMons is at $ad26, which is where the first box Pokémon is stored. I can check werster's old gold glitched% videos and see what box he used for cloning, to see if I need to clone in a box with 00s or FFs.


Thanks. From that address I found the equivalent of AD6D (stored Pokémon 1 byte 1) is AD11.

Interestingly, when I started a new save in Crystal, box data from the old save still existed, so when I hacked a Bulbasaur as the first Pokémon it was called Mew.

Crystal had FFs in box 1 too, but only from AD11 to AD41; but if you erase your save completely, there are more FFs exclusive to box 1.

Re: Pokémon Crystal: Better ACE through Key Items Glitch

Posted by: luckytyphlosion
Date: 2014-12-27 14:22:57
Another thing I thought of. If only the nickname is corrupted, it may mean that you reset too late, but not late enough to corrupt the nickname data, since it is stored after the Main Pokemon data.

EDIT: now that I think about it, you wouldn't need to clone so many abras, because werster needed them to overflow party, while we don't need to overflow party.

Re: Pokémon Crystal: Better ACE through Key Items Glitch

Posted by: luckytyphlosion
Date: 2014-12-27 15:10:39
Testing out timings for Bad Clones (note because of human error, some times may be off)

Started the timer at the same time I press "Yes" to save, and stopped at 2.43 seconds at the time I reset. I got perfectly normal clones.

Second time timing, timer ended at 2.30 seconds, and no Pokémon in the box this time.

Still testing more times, so I may edit this a few times.

EDIT: 2.33 seconds doesn't give anything in the box.
EDIT2: 2.41 seconds gives glitch nicknames and nothing else. This means we need to reset between 2.33 and 2.41 seconds.
EDIT3: Okay, 2.41 seconds is off, I tried again with 2.39 seconds and I got perfectly good clones, so my timing must be off.
EDIT4: 2.35 seconds still gives corrupted nicknames. I'm starting to wonder if switching to a different box than box 1 would make any difference.
EDIT5: The box you switch to doesn't make any difference; I still got the same glitched nicknames.

Re: Pokémon Crystal: Better ACE through Key Items Glitch

Posted by: Torchickens
Date: 2014-12-27 15:16:45
I'm just going to dump Pokédex Mode execution pointers from Hacky's pointer table here for reference, and in case using another one turns out to be quicker for getting/executing arbitrary code. I reversed the endianness to the addresses you would find in BGB debugger or VBA memory viewer.

00: 4B F6 (?)
01: 4C 08 (?)
02: 4C 30
03: 60 11
04: 21 4D
05: C6 D0
06: FB 0E
07: 13 1A
08: 0D 22
09: FA 20
0A: 18 CD
0B: C9 4C
0C: D0 21
0D: 3E C6
0E: 0E 01
0F: 22 FB
10: 0D 3C
11: FB 20
12: 18 CD
13: C9 4C
14: CA 21
15: 16 C7
16: 5A FB
17: EA 3A
18: D2 65
19: D0 CD
1A: 20 4B
1B: 15 04
1C: 20 1D
1D: 7A F3
1E: D2 EA
1F: C9 C7
20: EA AF
21: C7 D2
22: D0 21
23: 11 C6
24: 4C 65
25: FB 0E
26: 1A C5
27: 65 EA
28: CD D2
29: 4B D0
2A: 0B 28
2B: 65 FA
2C: 22 D2
2D: D2 FA
2E: 3C C7
2F: D2 EA
30: 13 C7
31: 0D C1
32: E6 20
33: D2 FA
34: 0E C7
35: FE 00
36: 28 FB
37: 71 05
38: 3C 23
39: F7 18
3A: 3F C9
3B: BE 8E
3C: B5 41
3D: 3B 18
3E: 90 A8
3F: 99 B8
40: B6 0F
41: 09 45
42: 01 F2
43: 0A 0C
44: 71 FB
45: 04 06
46: 98 05
47: 24 AA
48: AD 23
49: DE 5B
4A: 9F A9
4B: 9B 68
4C: 57 E1
4D: 84 32
4E: 54 55
4F: 94 E8
50: 93 95
51: 33 60
52: 85 CE
53: 7D 17
54: EF 65
55: C4 F4
56: 67 66
57: 16 53
58: B4 A0
59: CD 88
5A: 5C A2
5B: 4A 5E
5C: CF CB
5D: 2A 2C
5E: 37 76
5F: D2 4C
60: 58 4B
61: 82 3A
62: D6 5D
63: 6A 6B
64: FA ED
65: BB A3
66: E5 74
67: 61 E4
68: 02 AE
69: 87 27
6A: 7C BD
6B: 8D 8C
6C: 0E 40
6D: E6 73
6E: 6D 63
6F: AB 62
70: F6 83
71: A5 A6
72: F9 6C
73: 43 44
74: F0 42
75: 81 DB
76: 51 7E
77: 38 52
78: B3 E2
79: 69 B7
7A: 34 9A
7B: 97 0B
7C: F1 96
7D: 92 C8
7E: 59 7A
7F: B1 C6
80: 1F 22
81: 20 1D
82: 21 1E
83: A4 26
84: 2B E0
85: 8B 8A
86: 2E 5F
87: 35 2F
88: AC E7
89: 11 12
8A: 19 10
8B: CC DD
8C: BA 7F
8D: 3D 3C
8E: 4D 3E
8F: E9 89
90: 36 39
91: C3 F7
92: D3 9C
93: F3 1A
94: 14 4E
95: DF 13
96: 6F 70
97: 1C 1B
98: 7B D4
99: 77 75
9A: A1 56
9B: D5 5A
9C: BC E3
9D: C7 50
9E: DA 4F
9F: EE EB
A0: 8F D7
A1: 15 D1
A2: 07 A7
A3: 79 EA
A4: D0 78
A5: F5 B9
A6: BF C0
A7: 72 DC
A8: D8 80
A9: 49 48
AA: B0 AF
AB: 9D 9E
AC: EC F8
AD: C9 C5
AE: 86 D9
AF: 30 31
B0: 47 03
B1: 64 2D
B2: 08 25
B3: 46 0D
B4: 28 6E
B5: C2 CA
B6: C1 B2
B7: 29 91
B8: 99 98
B9: 9B 9A
BA: 9D 9C
BB: 9F 9E
BC: 10 A0
BD: 12 11
BE: 16 15
BF: A4 A3
C0: 14 13
C1: A2 A1
C2: 19 AC
C3: 0A 1A
C4: 0C 0B
C5: 0E 0D
C6: A5 0F
C7: A7 A6
C8: 4A A8
C9: 4C 4B
CA: 2A 29
CB: AD A9
CC: 24 23
CD: 27 AE
CE: AF 28
CF: 1B B0
D0: 17 1C
D1: CE 18
D2: B4 B3
D3: C2 B5
D4: 5C C3
D5: 5E 5D
D6: 5F C9
D7: 45 D0
D8: 47 46
D9: BC BB
DA: 2E BD
DB: 3C 2F
DC: 3E 3D
DD: 81 BA
DE: 76 82
DF: 4F 77
E0: C7 50
E1: 2C 2B
E2: B6 2D
E3: 61 60
E4: 40 3F
E5: 84 41
E6: CD CC
E7: 1E 1D
E8: 20 1F
E9: 22 21
EA: BF C1
EB: 66 C0
EC: B9 67
ED: 30 CA
EE: 7B 31
EF: 7F D4
F0: 6D D6
F1: 58 6E
F2: 51 59
F3: 64 52
F4: BE 65
F5: D2 D1
F6: 26 25
F7: 3B 3A
F8: B7 EA
F9: 32 B8
FA: 38 33
FB: 34 39
FC: 36 35
FD: 42 37
FE: 44 43
FF: 6A EC

72 looks good (F9 6C or D96C) but you'd need a RageCandyBar?

Edit: No changes between v1.0 and v1.1.

Re: Pokémon Crystal: Better ACE through Key Items Glitch

Posted by: luckytyphlosion
Date: 2014-12-27 16:10:14
I'd rather use #9, because it can be easily represented into items or quantities. (Antidote or x9)

Re: Pokémon Crystal: Better ACE through Key Items Glitch

Posted by: Háčky
Date: 2014-12-27 16:10:51
EDIT: Could I use a Bicycle for Key Items Glitch instead, because it has a lower index value so I'd need to buy less Poke Balls?

No. The result of the item swaps (item + FF, or item 1) needs to be another key item, so that you can remove that item from the pocket by depositing it in the PC. Coin Case/Itemfinder is the lowest-numbered adjacent pair of key items.

Re: Pokémon Crystal: Better ACE through Key Items Glitch

Posted by: luckytyphlosion
Date: 2014-12-27 16:21:14
I'm just wondering, is there even any evidence that you can get bad clones in Crystal? Does a bad clone in crystal have the same qualities for a bad clone in Gold/Silver (like name, gender, etc), because we may miss what could possibly be a bad clone even though it wouldn't meet the requirements for one for gold/silver?

Re: Pokémon Crystal: Better ACE through Key Items Glitch

Posted by: Torchickens
Date: 2014-12-27 16:28:17

I'm just wondering, is there even any evidence that you can get bad clones in Crystal? Does a bad clone in crystal have the same qualities for a bad clone in Gold/Silver (like name, gender, etc), because we may miss what could possibly be a bad clone even though it wouldn't meet the requirements for one for gold/silver?


Yes. This video does it.

I know that werster and ringrush did it before because they got a bad clone and tried Crystal map distortion with 43 Pokémon; however, they found it didn't work on a real console because they couldn't withdraw that many Pokémon without a freeze.

I'll try to get a bad clone (either before or after you do; if I got one first I'll tell you the amount of frames) and then try the routing because I want to help you and I may need to know what I'm talking about, either today or tomorrow (got to go soon :()

Re: Pokémon Crystal: Better ACE through Key Items Glitch

Posted by: luckytyphlosion
Date: 2014-12-27 17:02:02
So I actually managed to get a bad clone, by using bgb's access breakpoint, and resetting when de (probably copydata) was at the sRam portion where the box data is. So hypothetically, getting a bad clone is possible (phew).

Basically, you need to deposit 5 Pokémon and bad clone to get the best chance of getting a bad clone.

There still isn't an specific time where you have to reset, but I'd say it's the time it takes to copy 128 bytes of data. (box structure is 32 bytes, you're depositing 5, so you need to soft reset before the game saves the 5th pokemon to sRAM, which equals to 128 bytes of copying.)