Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Generation III Glitch Discussion

ENG Emerald 0x611 Box Code ACE - Page 1

ENG Emerald 0x611 Box Code ACE

Posted by: papajefe
Date: 2020-04-17 08:06:03
Been having a blast learning about the new discoveries in Emerald that revolve around egg hatching the 0x611 glitch Pokemon to execute code from the Box names.

Currently I know of two sets of codes that were created by merrp.

#1 Faraway Island & Birth Island Warp
#2 Navel Rock Warp

These two codes are simply amazing, and I'm grateful to merrp and all the other people who's hard work went into this. I dared to look into how one one takes an idea, converts it into ARM code, and then converts that into box names… and I'm frankly just not 6head enough to pull this off (as much as I'd love to learn).

However, this seems like the ideal place to ask for more known codes that can be executed this way (I know its new and probably not many exist yet) and post some ideas for codes that others might find useful.

Idea #1 - Change Player TID, SID, or both.

This would be useful for creating TID\SID combinations that allow very exotic frames in the PRNG to be shiny. As of right now, the only way to do any sort of TID\SID abuse in Emerald involves using hyper accurate timer1 manipulation using Japanese tools.

Having attempted this myself, I can say its almost prohibitively difficult to hit both a desired TID AND SID, because it requires no less than 3 consecutive 60 fps accurate inputs and those inputs need to be precise. Because of how sensitive timer1 is, if you leave your finger on the button longer than 1-frame, it affects the result.

Idea #2 - Game Clear \ Give National Dex \ Complete National Dex

I grabbed this idea from someone else's YouTube comment, but essentially they were interested in speed-running to the endgame for the purposes of interacting with Pokemon BOX and receiving gift Pokemon from there. Setting the flag that tells the game "Hey its time to receive your Johto Starter" would be amazing too, especially if it could be done multiple times to receive all three starters.

Idea #3 - Activate Battle Video functionality before Battle Frontier

This is particularly useful for RNG abuse on retail. When you do a LINK BATTLE with another player, the game's RNG state syncs up to the host player. If you save a battle video, and replay it, you can effectively "warp" to another RNG state that would be hours, days, or even weeks of waiting away.

Having access to this earlier in the game, would allow MUCH more exotic frames when RNG'ing certain targets, most notably the Emerald Roaming Lati@s. Currently you're required to RNG this target right after completing the Elite 4, because they force you into interacting with the TV after you leave your room. If you could play a saved battle video in your room beforehand, you could jump to much more interesting spreads.

Re: ENG Emerald 0x611 Box Code ACE

Posted by: merrp
Date: 2020-04-24 06:42:17
I'll just dump every payload I've made so far here, for reference:

As always be sure to count the number of spaces as it can hard to tell sometimes!

These are all exclusively ARM payloads with 0x611, not for the (seemingly less popular) THUMB 0x40E9 glitch species. Additionally, you must have Box 11 Slot 29 onwards empty for these to work. This means you must not have any pokemon from the last two slots of Box 11 to the end of Box 14.

Map Warps
All
Every 0x611 map warp I've made begins the same way:

box_01: (mFloyLRo) @ lowercase L
box_02: ( ?mRo )
box_03: (?P-n  )
box_04: (EFQRn  )
box_05: (TRnt ?n)
box_06: ( ?lGEn ) @ lowercase L
box_07: (? ?q  )
box_08: (EVTTn  )
box_09: (FMBnNJRo)
box_10: ( ?5Bq ) @ 5, not S


Hall of Fame

box_11: (?To  )
box_12: (EFQm  )
box_13: (  ?)


Faraway Island

box_11: (?oSo  ) @ capital S
box_12: (E4FRn  )
box_13: (FQm)


Birth Island

box_11: (?wSo  ) @ capital S
box_12: (E4FRn  )
box_13: (FQm)


Navel Rock

box_11: (?CRlo  ) @ lowercase L
box_12: (EqFRo  )
box_13: (FQm)


Speedrunning
This is a game clear payload that will take you to the hall of fame screen, and respawn you in Littleroot afterwards, but does not technically beat the game.

It's the payload used in current Emerald Any% speedruns: https://www.twitch.tv/videos/600562136

box_01: (mFloyLRo)
box_02: ( ?mRo )
box_03: (?LT-n  )
box_04: (EYN?n  )
box_05: (FNRoz ?n)
box_06: ( ?FHEn )
box_07: (? ?q  ) @ lowercase L
box_08: (E  ) @ three spaces


0x611 -> 0x40E9 morph

These might not be of much interest to anyone, but they're useful for a video I'm making that does ACE without requiring cloning.

The basic idea is to hatch an 0x611 with a Lilycove City warp, enter a new code and enter it in a contest to turn it into an 0x40E9 (which is better as it can be used just by looking at it and is more stable, but has crazy EV requirements)

Lilycove Warp/setup

box_01: (mFloyLRo) @ lowercase L
box_02: ( ?mRo )
box_03: (?P-n  )
box_04: (EFQRn  )
box_05: (TRnt ?n)
box_06: ( ?    )
box_07: (?      )
box_08: (EFGEn  )
box_09: ( ?qVTTn)
box_10: ( ?FMBn )
box_11: (?NJRo  )
box_12: (E5Bq  )
box_13: (VHoFQm)
box_14: ( ?)


0x611 -> 0x40E9 Contest conversion
You must have ran the above code immediately before you do this!
Additionally, the hatched 0x611 must be in your first party slot and you must have one of your own pokemon in the second slot.

box_01: (/BGnuTQo)
box_02: ( ?  Ro )
box_03: (?AFgm  )
box_04: (EdF?n  )
box_05: (tS?nAFwm)
box_06: ( ?Gkm )
box_07: (?IFRo  )
box_08: (EFUm  )
box_09: (BJgm Fxl) @ lowercase L
box_10: ( ?FQm )
box_11: (?LT-n  )
box_12: (EYN?n  )
box_13: (FNRoz ?n)


0x40E9 Map Warp
You must have run the two above codes, and must not have changed Box 14's name afterwards.


box_01: (xzN 6FF)
box_02: (X XxC? )
box_03: (?P-n  )
box_04: (EFQRn  )
box_05: (TRnt ?n)
box_06: ( ?VTTn )
box_07: (?FM?n  )
box_08: (ENJRo  )
box_09: (5Bq    )
box_10: ( ?    )


Then, you can use any of the above codes in Box 11 onwards to warp to those maps by viewing 0x40E9's summary.

Now as for what you mentioned:
Changing player TID/SID - Pretty easily doable, it's very close to the map data I normally modify, but not all values are created equal or are easy to set, because of the limited English character set. If you have a specific value you want to change one too, or you want a code to swap TID/SID (so you can see SID!) I could do that

Game Clear - The Hall of Fame warp above will let you get the National Dex. Setting the flag to get the Johto Starter directly is probably doable with a call to FlagSet.

Early Frontier Pass - I forget if the Frontier Pass is just a Key Item or needs a flag to activate. If the former, modifying the bag to have it is probably the easiest route to do this. If it's a flag and you also need the item, you might need to run a longer code than can fit in Box names.

I'll also post Southern Island and try to work on some of the things you mentioned soon!

Re: ENG Emerald 0x611 Box Code ACE

Posted by: Orcastraw
Date: 2020-04-24 17:06:44
Would it be possible for the payload that changes 0x611 into 0x40E9 to work more generically to change Pokemon into another? I'm working on a speedrun that obtains all legendary pokemon that are in gen 4, which involves Emerald at the moment, and am very intrigued by a more consistent way to obtain pokemon like Celebi other than repeated glitzer popping.

Re: ENG Emerald 0x611 Box Code ACE

Posted by: CasualPokePlayer
Date: 2020-04-24 23:59:11

Would it be possible for the payload that changes 0x611 into 0x40E9 to work more generically to change Pokemon into another? I'm working on a speedrun that obtains all legendary pokemon that are in gen 4, which involves Emerald at the moment, and am very intrigued by a more consistent way to obtain pokemon like Celebi other than repeated glitzer popping.

Not really, you really have to have a lot of assumptions about the values (ie PID and TID/SID) because the checksum/encryption/data subsection order. Probably possible to get any Pokemon from a mon you know the data for (ie DOTS, or some ACE to figure out your SID lol), but it might require a lot of changes just to get the right values (limited character set).

Also, ACE is more or less just frowned about for full completionish runs (trivializes the point of full completion runs), you probably shouldn't use ACE in that sort of run and stick to glitzer popping.

Re: ENG Emerald 0x611 Box Code ACE

Posted by: Torchickens
Date: 2020-04-25 13:40:23
These are amazing. Thanks merrp! ^^

Re: ENG Emerald 0x611 Box Code ACE

Posted by: merrp
Date: 2020-04-25 15:45:29


Would it be possible for the payload that changes 0x611 into 0x40E9 to work more generically to change Pokemon into another? I'm working on a speedrun that obtains all legendary pokemon that are in gen 4, which involves Emerald at the moment, and am very intrigued by a more consistent way to obtain pokemon like Celebi other than repeated glitzer popping.

Not really, you really have to have a lot of assumptions about the values (ie PID and TID/SID) because the checksum/encryption/data subsection order. Probably possible to get any Pokemon from a mon you know the data for (ie DOTS, or some ACE to figure out your SID lol), but it might require a lot of changes just to get the right values (limited character set).

Also, ACE is more or less just frowned about for full completionish runs (trivializes the point of full completion runs), you probably shouldn't use ACE in that sort of run and stick to glitzer popping.


Basically this. To change 0x611 into 0x40E9 I have to read the checksum but since I can't easily write an XOR instruction with English characters, changing the pokemon into another in this way requires knowing its original species (so that you can compute the value to add to the checksum). Here is the actual ASM:


SUBC r11,r1,BA01    E2C1BCBA @ r11=020644FD
BIC r12,r11,E90    E3CBCEE9 @ r12=0206406D
BIC r0,r12          E3CC0000 @ r0=xxxx406D (0x406D is 0x40E9 xor DOTS' PID)
LDRH r12,[r11+B]    E1DBC0BB @ r12=checksum of slot 1
ADC r12,D8          E2ACC0D8
ADC r12,3A00        E2ACCDE8 @ r12=checksum+0x40E9-0x0611
STRH r12,[r11+B]    E1EBC0BB @ store checksum, r11=02064508
LDRH r12,[pc+0x16]  E1DFC1B6
BIC r12,C3          E3CCC0C3 @ r12=E02CC000 EOR r12,r12,r0
STRH r12,[pc+6]    E1CFC0B6 @ write the XOR ahead of execution
LDRH r12,[r11+0x4C] E1DBC4BC @ r12=TID of slot 2
EOR r12,r12,r0      E0ECC000 @ r12=0x40E9 xor TID xor PID
STRH r12,[r11+5]    E1CBC0B4 @ store species
ADC r12,lr,C60      E2AECEC6 @ r12=08007647
ADC r12,D30000      E2ACC8D3 @ r12=8D37647
BIC r12,C00000      E3CCC8C0 @ r12=8137647
ADC r0,r12,EE      E2AC00EE @ r0=GameClear


The instruction stored in Box 14 prior to this execution will be a BX r0.

As you can see, it's a miracle this fits. It'd be pretty challenging to apply this to target any species; it's probably easier just to use glitzer popping to swap EVs -> growth.

Re: ENG Emerald 0x611 Box Code ACE

Posted by: papajefe
Date: 2020-04-28 15:33:15
That's awesome you think the TID\SID manipulation is possible, despite not being 100% unlocked due to the character set.

Are there a set of values which are for sure easy, and others which wouldn't be changeable?

Having a code that's somewhat flexible, even if not 100%, would still be cool and useful. As long as you can edit the digits of TID\SID. Eventually you'd be able to makes some combination of values that results in your target PID being shiny. Its certainly easier than starting a new game file and RNG abusing the starter\TID over-and-over until you get lucky. Especially if you could just keep looking at 0x40E9 again and again to "re-roll" it, and then shift some box names around to Swap TID\SID and read the changed values.

Alternatively, having codes which you could activate by looking at 0x40E9 that add or subtract a handful of fixed amounts from your current TID\SID would be another workaround. Its fairly trivial to take your current TID\SID in hex, and then solve for an amount you need to add\subtract from each one to reach a TID\SID combo that makes a specific PID shiny.