Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Generation II Glitch Discussion

The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution! - Page 3

Re: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!

Posted by: Anna Says Hi
Date: 2018-03-04 14:23:40
In that case, I have a mail/box code to give party Pokemon 3 maxed out DVs/IVs:
# means that any symbol can go there, since that slot will be overwritten by something later on.

Mail:
t##)'vQéh5?!ée50"
?cék5Aéo5l0A'm:5

Box names, starting from box 5 (the Pk is one character):
###ép5?7
07#'vt#09
#'vj##i5#
09Pk'd####

target: get 67 in FBA4, 6F in FBA7, 22 in FBAA, BD in FBAE, C2 in FBAF, jump to FB9C

org $F001

F002: or E; B3, t
F003: ld BC, 9B01; 01 01 9B; # # )
F006: sub $90; 'v Q
F008: ld (FBA7), A; EA A2 FB, é h 5
F00B: and $E7; ? !
F00D: ld (FBA4), A; é e 5
F010: or $72; 0 "
F012: ld C, (HL);
F013: and $A2; ? c
F016: ld (FBAA), A; é k 5
F019: add A, B; A
F01A: ld (FBAE), A; é o 5
F01D: xor E; l
F01E: or 80; 0 A
F020: jp NC, FB9C; 'm : 5


target: get FF into DD4A - DD54

org $FB9C

$FB9C: ld (FBAF), A; EA AF FB, é p 5
$FB9F: and $FD; ? 7
$FBA2: or $FD; F6 FD, 0 7
$FBA4: ld H, A; 67
$FBA5: sub $B3; D6 B3, 'v t
$FBA7: ld L, A; 6F

$FBA8: or $FF; F6 FF, 0 9
$FBAA: ld (HLi), A; 22
$FBAC: sub $A9; D6 A9, 'v j
$FBAE: cp L; BD
$FBAF: jp nz, $FBA8; C2 A8 FB, # i 5
$FBB2: or $FF; F6 FF, 0 9
$FBBD: pop HL; E1, Pk
$FBBE: ret nc; D0, 'd

Re: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!

Posted by: Krys3000
Date: 2018-03-05 05:51:13
Thanks for that code, that's very helpful!

The good thing with mail codes is that just like item codes, they are international and can be used in every localization. Box charset in German G/S/C and French Crystal doesn't allow coding, unfortunately; so we have to translate everything into another type of code everytime for international members, and this takes a lot of time  :(

Re: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!

Posted by: Inkblot
Date: 2018-03-15 09:34:16
Is there a certain type of bad clone that is needed to get the kingdra clone in crystal? I was cloning eevee's and i got one with ?'s as a name. I deposited into a box and then put 5 normal eevees into it, and trying to do the withdraw trick, but they never turned into kindras. the eevee didn't seem have anything wrong with it besides the name, so Do i need a more glitched out clone for it to work? or is there a specific way you have to do it? i read you need to save and reset the game before doing the tick, but is that all you need to do?

Also, would it be possible to use the gameshark/memory editor-item code to get the right tm in the wrong pocket, instead of using the bellsproud/mystery egg method? Or do you need to do the mystery egg method?

Re: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!

Posted by: Krys3000
Date: 2018-03-15 16:04:23
About the corruption induced by Bad Clones, you can read this: https://forums.glitchcity.info/index.php?topic=8269.msg208830#msg208830
I guess changing the Bad Clone and the clones used is the best move if you don't manage to get the corruption.

Also, would it be possible to use the gameshark/memory editor-item code to get the right tm in the wrong pocket, instead of using the bellsproud/mystery egg method? Or do you need to do the mystery egg method?


Of course this is possible but then it requires another ACE method to do it :)

Re: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!

Posted by: Inkblot
Date: 2018-04-02 23:05:15
So I went and set up bad clone ACE in crystal, and it worked! however, I have two things I want to ask about

1) Well, not really a question, but something that was a bit confusing. I used the code to get any item, as i needed to change a tm 43 into a tm 42 in order to start setting up wrong pocket ACE. the way you have the code set up, it makes it look like in crystal the 9th item should change, as the way you have it listed is makes it seem like the 2 items needed for coin case ACE in the beginning aren't needed and don't affect the code in crystal at all. I got really annoyed when i followed the bad clone ACE guide and my tm didn't change. However i quickly found out that the code had worked, just the item 2 slots down had changed. The code still changes item 11, but the way you wrote the code out is kinda confusing if using it for crystal. I think you should make it more clear that regardless of the game, its the 11th item that changes.

2) When i used that code, I saw that instead of making the item decreases by 1, it did it by 2. So my tm 43 became tm 41. This wasn't a huge issue, as I just used tm 44 instead, but i wasn't sure if this was intentional or if there is some odd quirk on my end that caused the extra jump.


EDIT: I always wanted to ask if the box codes listed here and on the thread with compeditive ones would work on crystal. I assume no as you only mention gold and silver when you talk about them, but i just wanted to check to make sure as If I can use them It would be really helpful.

Re: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!

Posted by: Parzival
Date: 2018-06-21 13:13:15
This'd really benefit from a character-value chart of some sort for box codes. It seems like no one's made one.

Re: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!

Posted by: Couldntthinkofaname
Date: 2018-06-21 14:17:05

This'd really benefit from a character-value chart of some sort for box codes. It seems like no one's made one.


Apologies for double posting.

Ok, so as the Discord conversations have indicated this wont be the "quick fix" I had anticipated. For my own sake, and for others, it has become necessary to map out the Characters that can be used to Represent areas of the box name, similar to what Spamviech did with G/S. (Self-modding in Crystal is done with é*5)

(Characters with _ are not directly reachable, and characters behind | are end-terminators)


$DB75 - $DB7D: _ _ _ _ _ _ _ _ | _
$DB7E - $DB86: _ (space) A B C D E F | G
$DB87 - $DB8F: H I J K L M N O | P
$DB90 - $DB98: Q R S T U V W X | Y
$DB99 - $DBA1: Z ( ) : ; [ ] a | b
$DBA2 - $DBAA: c d e f g h i j | k
$DBAB - $DBB3: l m n o p q r s | t
$DBB3 - $DBBC: u v w x y z _ _ | _
$DBBD - $DBC5: _ _ _ _ _ _ _ _ | _
$DBC6 - $DBCE: _ _ _ _ _ _ _ _ | _
$DBCF - $DBD7: _ 'd 'l 'm 'r 's 't 'v | _
$DBD8 - $DBE0: _ _ _ _ _ _ _ _ | _
$DBE1 - $DBE9: (PK) (MN) - _ _ ? ! . | &
$DBEA - $DBF2: é _ _ _ _ (male) _ * | _


Thankfully, it seems box names in Crystal are somewhat easier to self-modify.

Re: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!

Posted by: cuttlefish
Date: 2018-07-14 12:07:39
Thanks for putting so much work into making such a detailed guide!

I have some questions pertaining to Crystal version. I'm interested in using ACE to get Pokemon that don't appear in Crystal, but I did some research after reading this guide and it seems like they all corrupt your game in some irreversible way. I would like to be able to complete the Pokedex with just one game so glitching the Pokedex would bother me.

So I'm wondering what the best method would be if I want to keep the game as looking as normal as possible. Would the Bad Clone method be the best way to go for me?

Re: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!

Posted by: Krys3000
Date: 2018-07-14 15:25:49
What do you exactly mean by 'they all corrupt your game in some irreversible way'? I don't think any kind of corruption induced by the use of ACE is irreversible. For example, if you use the Glitch Pokédex method, both your Pokédex and your Balls Pocket will get corrupted, but both can be fixed by the use of ACE itself. Of course, after fixing, you won't be able to ACE again unless you perform the method again.
With Bad Clone ACE indeed, nothing will get corrupted (as far as you are OK to have a corrupted clone in your box) but this method has strong limitations (e.g. code can only be executed from a PC, and codes have to be modified for fixing the de register issue if it uses it).

I would personally advise you to do the same thing as pretty much everybody does: use the Bad Clone ACE to plant Wrong Pocket TM ACE in your game (as indicated in III.4: Prepare the Party setup) and to give yourself a TM15 in the Box Pocket, which allows you to skip the Mystery Egg part that corrupts your Balls Pocket. Then, you can eliminate the Bad Clone and only work with Wrong Pocket TM ACE. In this case, the only visible addition to your game is the TM15 in the Balls Pocket so you have to be OK with that :)

Re: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!

Posted by: cuttlefish
Date: 2018-07-14 16:11:24
Oh I was under the impression that a lot of the oddities that come with ACE couldn't be undone. Sorry for my ignorance, and thank you for suggesting a method. I'll definitely start trying this soon since having a TM in the balls pocket doesn't seem so bad.

Re: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!

Posted by: yorshee
Date: 2018-08-01 18:02:42
Hi, I'm new to the forums but I've been silently following the Pokemon glitch scene for over a decade! That being said, I don't know a lick of programming knowledge, I just think exploiting the original programmer's oversights to accomplish all this cool stuff is great.

All of this is pretty confusing to me but from what I've read in the OP and done in-game in Pokemon Crystal, I've managed to obtain a TM15 in my ball pocket, as well as used the Bad Clone ACE to execute these stored items, which is supposedly Crystal's version of the 'slide Pokemon':
PP Up x252
TM42 x18
TM27 x3
TM10 x(any quantity)

Execute that, then toss some of em and execute again, then toss some more and execute a third time. The specifics are in the OP :P

The OP states:
With all this done, everytime you use the TM from the Wrong Pocket with the Pokémon in right place, code will be executed!
…so I don't need to do that every time, right? From the way OP worded it, it sounded like a one-time thing you'd have to do.

So now every time I use TM15, while having a Quagsire holding a TM50 and with Return as its first move as the first and only Pokemon in my party, it should run ACE from my stored items, correct?

I'm terrible at explaining things with words so I made a video detailing my problem: https://www.youtube.com/watch?v=zCtB00YE324 (sorry if some of the subtitles get cut off a bit, I got a new video-making program and I'm still learning the ropes)

Any explanations and help would be appreciated! :D

Re: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!

Posted by: Krys3000
Date: 2018-09-10 15:51:48
Hello,

For some reason I missed your post. I hope this reply finds you now but I will post on your video also to increase the chances.

You are right, there was an issue with that specific code. It changes the ID of item 11, regardless of the version. However in the case of Crystal, the code here was 9 items long because the first two items are missing compared to G/S. You need to add 2 random items before the item you want to change, X Accuracy in this case. You can also change the quantity of Fresh Water to x2 and it will affect the 9th item instead of the 11th.

With this corrected, it should work fine the way you do it. Thanks for the report and apologies for the confusion :)