Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Generation II Glitch Discussion

Dude full box glitch - Page 1

Dude full box glitch

Posted by: Torchickens
Date: 2018-04-29 16:45:17
Natural glitch is a made up term I like to use for glitches that aren't just sub-glitches of other glitches.

I found earlier today it seems when you watch the Dude's demonstration but have six Pokémon and all Pokémon in the box full, it glitches up the game as the game tells you the Poké Ball can't be used due to a full box.

Surprisingly however, weird things may happen afterwards like white screen game freezes, and I believe there is a chance there could possibly even be arbitrary code execution (even if it's not in the English version).

At first I believed this was impossible because I couldn't get the Dude to do the demonstration again after choosing Yes. However you may be able to activate this glitch if you say No and view the demonstration at a later time.

Have only done this on a Crystal v1.0 so far. Hopefully it also works in Gold/Silver and non-English versions.

Will look more into this soon.

Edit: Tested in Gold saying No and saying Yes later with a full party and box, and the Dude didn't do the capture demonstration and only said something like 'Pokémon can be found in the grass who knows when they'll pop out'. But I wonder if it's possible by blacking out after talking to Elm first to Cherrygrove City then catching Pokémon and returning?
Edit 2: Works in English Gold if you black out from Weedle then walk to the right edge of Route 29, but no freeze this time.

[img]https://i.imgur.com/5ej61sw.png[/img]

Edit 3: Imgur isn't working at the moment, so I've attached in order: A glitch sprite you can see in Gold, and part of the corruption in English Crystal v1.0

Edit 4: Tested English, French, German, Spanish, Italian and Japanese Crystal and they were all similar.

German Crystal allows you to get lots of money after battle.

In Spanish Crystal I save and reset before viewing the demonstration, and found arbitrary code execution at DBCD in RAM (box 10 name character 8 when unbanked, oh my!), so we might be on to something however sadly DBCD seemed to get overwritten by the corruption.

Re: New Generation II natural glitch potential to be powerful?

Posted by: Torchickens
Date: 2018-04-30 17:41:24
I've successfully performed this on German Crystal on BGB to get max money. Interestingly I can't do this on the German Virtual Console version, or VBA rerecording svn480 (which is not the most accurate emulator).

Does anybody have a physical German Crystal cartridge they could test this on and provide a photo of the pick up screen on a Game Boy or other official hardware please?

Re: New Generation II natural glitch potential to be powerful?

Posted by: Kyoukipichi
Date: 2018-04-30 19:18:14
Normally, you can't visit the Dude while having a full party, right?

Re: New Generation II natural glitch potential to be powerful?

Posted by: luckytyphlosion
Date: 2018-04-30 19:20:47
Because the enemy Pokémon isn't caught, the game has to run code to redraw battle HUDs. However, we never send out a battle Pokémon, so any relevant memory stays cleared. This means that the game will read past the battle Pokémon nickname when attempting to print its name. Unfortunately, this has no real use as the game will eventually read an unavoidable $3f byte which is a control character for printing the enemy trainer's name. The enemy trainer's name is located between the battle Pokémon nickname and the earliest $3f, so the game will recursively print the enemy trainer's name until it crashes.

Re: New Generation II natural glitch potential to be powerful?

Posted by: Torchickens
Date: 2018-05-01 07:14:27

Normally, you can't visit the Dude while having a full party, right?


In regards to loading the demonstration, you actually can without a cheating device if you white out in Professor Elm's lab after obtaining the Pokédex (enabling you to buy Poké Balls) and respawn in Cherrygrove City. This saves the demonstration when you step in a certain x position (near New Bark Town, which can only be done once) at Route 29 for later.

However I think the developers wanted to avoid it. You can load the catching demonstration again if you talk to the Dude instead of stepping at the x position, but it seems you can't if you have a full party and box (he only says the 'who knows when they'll pop out' text).


Because the enemy Pokémon isn't caught, the game has to run code to redraw battle HUDs. However, we never send out a battle Pokémon, so any relevant memory stays cleared. This means that the game will read past the battle Pokémon nickname when attempting to print its name. Unfortunately, this has no real use as the game will eventually read an unavoidable $3f byte which is a control character for printing the enemy trainer's name. The enemy trainer's name is located between the battle Pokémon nickname and the earliest $3f, so the game will recursively print the enemy trainer's name until it crashes.


Darn, that's a shame. Thanks lucky.

Re: Dude full box glitch

Posted by: Torchickens
Date: 2018-05-09 10:03:03
Tried the Dude full box glitch in Korean Silver, and it misaligned the character. Unfortunately didn't get any money unlike German Crystal. Have tested every other official Crystal but not every Gold/Silver yet.

Re: Dude full box glitch

Posted by: spamviech
Date: 2018-05-18 06:56:44
Finally got around trying it on hardware.
You can see some pictures here.
Lighting far from perfect, but should be good enough to see what's going on.

Didn't include a picture of it, but I ended up with max money (999999) afterwards.


Another option to trigger this without fainting (i.e. coming from the starting town) should be to use PC-cloning to fill the box & party.
Getting the first spare pokémon can be done the same way you can obtain all starters in the same save (i.e. save before starter pickup as last save before the cloning). Didn't try that one since it should work exactly the same.


Edit:
Added an attachement for when the free trial of the image hoster used above runs out.

Re: Dude full box glitch

Posted by: Torchickens
Date: 2018-05-18 08:45:29
Thanks for the confirmation and additional detail! :)

Re: Dude full box glitch

Posted by: Tabbender
Date: 2018-05-21 09:47:45
I'm currently testing this on my french Silver cartridge. I don't understand how but the save battery… quite literally fixed itself ? I definitely remember my save file being gone a few months ago when i tried to load it to test gen 2 glitches. I still can't get my old file back, but i'm now able to save for some reason, so i'm able to test the glitch under different circumstances. To say that i bothered to get the first badge just so i could get enough money for the pokeballs, when i could have just cloned a single pokemon…

Anyway, for now the only effect i've found is that the fight ends instantly. It doesn't seem to modify the game in any way (though it might set some flags or other things i can't see).

EDIT: The game softlocks when my Togepi egg is in the first party slot ! Could this mean ACE possibilities ?

EDIT 2: I noticed that when the fight ends, there's a quick image of a lvl 0 glitch pokemon fighting the opponent. I think i read something about this here, but nothing about the egg softlock thing. Also, i tried to KO a pokemon and put it in the first slot, the game didn't softlock, so it isn't due to the first slot pokemon being unable to fight.

EDIT 3: The game also softlocks when the first slot pokemon is Togepi after i hatched it.

Re: Dude full box glitch

Posted by: Torchickens
Date: 2018-05-21 10:46:32
That's interesting!

Yeah, I didn't test most of the Gold/Silver ones except Korean Silver because of Crystal apparently working with invalid/unterminated names differently (I didn't remember the specifics, but it's why Day control character ACE in Crystal can work with unterminated names as well as the exploit being from a Mobile GB related function), then again I need to revise those glitches and what luckytyphlosion said.

But with that odd Togepi behavior who knows what we might be able to do in one of the Gold/Silver languages?

Re: Dude full box glitch

Posted by: Tabbender
Date: 2018-05-21 12:08:50
Whatever the difference is, it's something that is unaffected by the pokemon still being an egg.

Also i tried many pokemon species, none of them gave a different effect except for Togepi (and its egg).

Re: Dude full box glitch

Posted by: spamviech
Date: 2018-05-23 14:28:21
To say that i bothered to get the first badge just so i could get enough money for the pokeballs, when i could have just cloned a single pokemon…


Actually did the same and then it hit me.  :XD:
Replicated with cloning just to be sure: also works. :)

Just found out that the amount of money you get depends on the Rival name.
The name "A" only gives you  a miniscule 25k.
Not too suprising considering what lucky said earlier, but still interesting.

Edit:
Also, why is getting a bad clone so much easier when you just want to clone normally?
I spent days trying to get one without success and now I did it twice without even trying. Wtf me.  :o

Re: Dude full box glitch

Posted by: Tabbender
Date: 2018-05-24 17:33:17
So it seems that the glitch have the same effect on emulator (at least bgb) than on console for french Silver. I was able to get the same behavior, and i think i found what caused it.

[img]https://i.gyazo.com/a59ee0f72374f7bd2be3f1c91aa82faa.png[/img]

For some reason, the value at DA2A is affected to the "a" variable. That's probably why the game softlocks (it doesn't happen only with 0xAF, by the way. I noticed the same behavior for 0xB0 and 0xAE. So having a Togetic or a Igglybuff in the first slot will softlock the game as well). I have no idea if we'll manage to get something out of this, but i find it weird that a value can softlock the game just by being set to a variable.