Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Non-Core Game Glitch Discussion

Idea for Pokémon Stadium Nintendo 64 arbitrary code execution - Page 1

Idea for Pokémon Stadium Nintendo 64 arbitrary code execution

Posted by: Torchickens
Date: 2017-01-11 11:34:23
Aru Aru made a box full of Diglett with different types and when the 'graphic' for one of the (presumably) glitch types was displayed the game locked up.

Could we theoretically adjust a Pokémon's stored typing (e.g. addresses D170 and D171) and find a glitch type which executes ideal arbitrary code (maybe from Pokédex flags) or something else that can vary in the memory?

https://www.youtube.com/watch?v=ZOaG2aYqQno

Re: Idea for Pokémon Stadium Nintendo 64 arbitrary code execution

Posted by: Cryo
Date: 2017-01-11 12:18:56
Oh wow, that's a pretty great idea!

I'll definitely be experimenting with the English versions of Pokemon Stadium and Pokemon Stadium 2 later today. :D

Re: Idea for Pokémon Stadium Nintendo 64 arbitrary code execution

Posted by: Torchickens
Date: 2017-01-11 12:51:54

Oh wow, that's a pretty great idea!

I'll definitely be experimenting with the English versions of Pokemon Stadium and Pokemon Stadium 2 later today. :D


Cool. Thanks! ^^

Re: Idea for Pokémon Stadium Nintendo 64 arbitrary code execution

Posted by: TheZZAZZGlitch
Date: 2017-01-11 13:02:40
Are there any relatively accurate N64 emulators with debugging functionality?

Re: Idea for Pokémon Stadium Nintendo 64 arbitrary code execution

Posted by: Torchickens
Date: 2017-01-11 13:17:29

Are there any relatively accurate N64 emulators with debugging functionality?


I did a search for you and found this (which is apparently based on the emulator Daedalus). Nemu64 apparently has a debugger as well, though the version listed there (and The Emulator Zone) is as old as 2003.

There is also a debugger project that from what I gather may be designed for real hardware, but I don't know what point in development it's at.

Hope that helps.

I remember that IIMarckus worked on analyzing Pokémon Stadium so he may likely be of help.

Edit: I tried running Pokémon Stadium on the first emulator and it said "Warning! Unhandled savegame type: FlashRam.", "Error! Exception :Writing to rom" and refused to load, so that may not work.

Edit 2: Project64 apparently has debugger support.

Re: Idea for Pokémon Stadium Nintendo 64 arbitrary code execution

Posted by: Cryo
Date: 2017-01-11 13:39:03
There's also an unofficial WIP debugger for Project64. Not sure how usable/useful the debugger is though.

Edit: Setting Diglett's secondary type to 0x10 does indeed cause the same crash on the English version of Pokemon Stadium.