Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Generation II Glitch Discussion

The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution! - Page 2

Re: The newcomer and experienced user's guide to G/S Arbitrary Code Execution!

Posted by: Couldntthinkofaname
Date: 2017-11-05 12:43:19

Regarding the OAM DMA Hijacking, I'm unsure whether we can replace 2'd with péZ.9'l'l'l'lx'd or péZ.9'l'l'l'l2'd.


Use the forward code. The latter code is an ld command, which doesn't affect the carry flag. In order for Ret NC to return, the carry flag must not be set.

Also, the ld command would swallow the 'd by using it as an operand.

Re: The newcomer and experienced user's guide to G/S Arbitrary Code Execution!

Posted by: Krys3000
Date: 2017-11-06 08:38:44
Alright, all codes (except the first one obviously) are available for both techniques now, and I've added links to some threads. I'm going to start writing a quick and basic introduction to opcodes.

Of course, I should be writing a french adaptation to box codes for PRAMA, but the absence of ret nc and sub x instructions in french characters is very annoying because to use ret c or sbc x, the code itself must be modified a bit  :(

Re: The newcomer and experienced user's guide to G/S Arbitrary Code Execution!

Posted by: Torchickens
Date: 2017-11-06 10:15:18
Awesome. Thank you! ^_^

Yeah I relate to that, self-modifying codes can be a pain sometimes.

Re: The newcomer and experienced user's guide to G/S Arbitrary Code Execution!

Posted by: Krys3000
Date: 2017-11-07 07:10:27
I've added a quick introduction to opcodes. Don't hesitate to review it! :)

Re: The newcomer and experienced user's guide to G/S Arbitrary Code Execution!

Posted by: spamviech
Date: 2017-11-07 07:45:42
You should probably add the guide to GB Programming. Helped me a ton when I started messing around with 8F codes.

Also, the first avialable character for box names is space which is 0x7f. The corresponding instruction (ld a,a) can only be used as save passing code, but can be useful to reach certain numbers (e.g. using and).
Nothing major, but still a slight error. ;)

Re: The newcomer and experienced user's guide to G/S Arbitrary Code Execution!

Posted by: Couldntthinkofaname
Date: 2017-11-07 07:48:14

I've added a quick introduction to opcodes. Don't hesitate to review it! :)


You may want to add that "ret" does not necessarily mean the code has ended. "Ret" pops the top of the stack to the pc (Program Counter).

So…

Ld bc,d61a
Push bc
Ret

…is effectively executed as…

Jp d61a

Re: The newcomer and experienced user's guide to G/S Arbitrary Code Execution!

Posted by: Krys3000
Date: 2017-11-07 08:11:05
Haha yeah, in fact I said that 'I'll put some ressources about opcodes later in the guide' but then totally forgot to do it  ;D

I've added a few links including this one, and also the space and ret suggestions :) Thanks to both of you!


Re: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!

Posted by: Krys3000
Date: 2018-01-30 09:55:05
This guide has now been MASSIVELY UPDATED to add Crystal ACE (unifying it with this guide).

Please use this now as the 'official thread' for all games. I'm editing the other thread to redirect to this.

Re: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!

Posted by: Inkblot
Date: 2018-01-31 12:22:26
I am a little confused. In crystal, do you need to do the mystery egg setup AND do the item code listed in order to execute code with TM15, or can you do one or the other in order to get TM15 in the wrong pocket? I am confused as i think it said in the original guide that all you would need to do is use bad clone ACE to execute the item code, and that would get you TM15 in the wrong pocket. However it looks like it says here that you need to do both in order for it to work.

Also, I have a question regarding filling your Key Items pocket. If i fill it up with mystery eggs, Will that cause any issues if i try and get another key item? Like will I have to find a way to remove all the mystery eggs in order to get other key items i'd like. And if so, How would I do it.

Also, It looks like without the use of another game to trade items, It will take at least till beating jasmine in order to set everything up, as tm 23 is needed to use the get any item/get any amount of any item codes. However, once you have that, you can using the cloning glitch to get enough of those tms to perform the glitch (as well as get a ton of rare candies to teach quagsire the moves it needs). after that is done, you should be able to get the rest of the items you need through those glitches (if you have tm 50, you can use it to get any of the other tms by lowering its item value), and then set up TM15 in the wrong balls pocket!  So that means its possible to do ACE in crystal around 1 3rd though the game, which is really cool and will make a lot of the post game really interesting!

Re: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!

Posted by: Krys3000
Date: 2018-01-31 13:05:41
I am a little confused. In crystal, do you need to do the mystery egg setup AND do the item code listed in order to execute code with TM15, or can you do one or the other in order to get TM15 in the wrong pocket? I am confused as i think it said in the original guide that all you would need to do is use bad clone ACE to execute the item code, and that would get you TM15 in the wrong pocket. However it looks like it says here that you need to do both in order for it to work.


No, you indeed need to do both, but the order is not important. However it is most certainly possible to create an item, box or mail code that does both at the same time… don't hesitate to work on it if you have some time!

Also, I have a question regarding filling your Key Items pocket. If i fill it up with mystery eggs, Will that cause any issues if i try and get another key item? Like will I have to find a way to remove all the mystery eggs in order to get other key items i'd like. And if so, How would I do it.


You could just store the extra eggs in the PC  :P

Also, It looks like without the use of another game to trade items, It will take at least till beating jasmine in order to set everything up, as tm 23 is needed to use the get any item/get any amount of any item codes. However, once you have that, you can using the cloning glitch to get enough of those tms to perform the glitch (as well as get a ton of rare candies to teach quagsire the moves it needs). after that is done, you should be able to get the rest of the items you need through those glitches (if you have tm 50, you can use it to get any of the other tms by lowering its item value), and then set up TM15 in the wrong balls pocket!  So that means its possible to do ACE in crystal around 1 3rd though the game, which is really cool and will make a lot of the post game really interesting!


You're right. However, you can do a lot better than that. You could get TM23 using the Bad Clone Trick (which allows to get any item) using the move SLEEP TALK. If you don't want to, you could do a box/mail code that gives you TM23 instead. In theory, as soon as you have access to the Day Care, you should be able to do everything already.

Re: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!

Posted by: Inkblot
Date: 2018-01-31 14:14:58


You could just store the extra eggs in the PC  :P



they are key items through right? can you store those? Also if they are key items, doesn't that mean you can't toss them? I wouldn't mind putting them in the pc, but I'd want to be able to get rid of them at some point just so they aren't taking up space i could use for something else.

though now that i think about it, i could use the change item codes to turn them into something that IS toss-able and get rid of them that way. so i guess it isn't such a huge issue if i can't get rid of them normally.

Re: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!

Posted by: Krys3000
Date: 2018-01-31 15:22:25
You can store them, of course - and you have 50 storing item slots so I wouldn't worry much about space.

But yeah, to get rid of them definitively, you could use the item changing code  :D

Re: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!

Posted by: Anna Says Hi
Date: 2018-03-03 14:32:30
Why is this not pinned. I was about to create a thread for bad clone ACE and then found out this existed.

Also, this is a much better setup for bad clone ACE: https://pastebin.com/DaWmYHLF

(Note that you will have to pop something one additional time before returning, or else values in the range of (HL) will be corrupted after returning)

Re: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!

Posted by: Torchickens
Date: 2018-03-03 15:16:44
Stickied now, thanks.

Re: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!

Posted by: Krys3000
Date: 2018-03-04 09:08:16
Thanks Torchic  ;)


Why is this not pinned. I was about to create a thread for bad clone ACE and then found out this existed.

Also, this is a much better setup for bad clone ACE: https://pastebin.com/DaWmYHLF

(Note that you will have to pop something one additional time before returning, or else values in the range of (HL) will be corrupted after returning)


That setup is already in the guide in section IV.2 (B). Indeed it's a very cool setup because it allows mail box codes, which is not allowed by Crystal_'s setup in section IV.2 (A). I use items codes quite often so I don't mind doing Crystal_'s setup but I think it would be very cool to have a lot of mail box codes to use with lucky's setup :)