Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Arbitrary Code Execution Discussion

Arbitrary code execution in Red/Blue using the "8F" item - Page 17

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: SnorLapraSuicuinEkans
Date: 2015-11-18 04:03:28
Nice, got it so you can pretty much change anything you want with the right code right ?

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Krys3000
Date: 2015-11-18 04:30:16
This code allows you to change the value of ONE memory address. It's very cool, but it's the least you can do using 8F.
You can create codes that will modify a different memory address every time you use it, or codes that will change several values in one take.
You could even create complex programs like TheZZAZZGlitch did creating a Pong, or the way Torchickens changed Pallet Town into a 1G Twinleaf Town. You don't have to limit yourself to the poor gameshark code simulation  :P

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: SnorLapraSuicuinEkans
Date: 2015-11-18 08:51:12
Yes, you are right but I'm just a beginner haha , am I right in saying for a code with XXXX00XX would be the glitch item j right ?

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Krys3000
Date: 2015-11-18 09:05:55
Actually, the glitch item is the last byte. So it would be for the XXXXXX00 code. And yes, it will be "j" in english games.
The third byte is the quantity of TM34 in the code I posted earlier.

But as Wack0 mentioned, this other code is easier to use:

Any Item
8F / ws*l||lm||
Lemonade xBB
X Accuracy xCC
Carbos xDD
Poké Ball x119
Fresh Water x201

No need for glitch items or complicated items. In this case, the 00 of your XXXX00XX code will be the quantity of X Accuracy.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: SnorLapraSuicuinEkans
Date: 2015-11-18 09:54:10
If the dec number is 00 like in this code 01FF00D7 what then

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Krys3000
Date: 2015-11-18 13:07:09
Then you should use this code:

Any Item
8F / ws*l||lm||
Lemonade x255 (FF)
X Accuracy x00 (00)
Carbos x215 (D7)
Poké Ball x119
Fresh Water x201

Or this one:

Any item
8F / ws*l||lm||
Lemonade x255
TM34 x00
TM15 x201

A quantity of 0 is something that can be obtained. Any quantity above 99 cannot be obtained normally, so you have to use glitches. MissingNo's duplication, for example, can rise the quantity of an item until 255. But in the case of a quantity of 0, because 0 = 256, MissingNo. cannot help.

To get a x0 item, you can use item underflow. I'm guessing you already did it at least once, to get the 8F / ws*l||lm|| item, unless you used Glitch World RAM Manipulation.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: SnorLapraSuicuinEkans
Date: 2015-11-18 14:07:51
Yes I used the item underflow glitch using 255 stacks and dropping items is it an item under cancel or is it close to where you find 8f

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: SnorLapraSuicuinEkans
Date: 2015-11-18 14:13:38
Wait I have 0 item bf4 in my pc I will use item morph glitch to change it to accuracy :)

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: SnorLapraSuicuinEkans
Date: 2015-11-18 14:46:16
Hmm this code is supposed to make me walk faster but It definatly isn't changing my walk speed but 8f is working but I don't know what its doing if its even doing anything ? Any way you can check what it does ???

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Krys3000
Date: 2015-11-18 15:01:21
I don't know where you get the code, but address $D700 is not related to speed. It's actually your "displacement status". Its value is 00 if you walk, 01 if you're biking, 02 if you're surfing. Changing its value to FF (as 01FF00D7 does) will not do anything.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: SnorLapraSuicuinEkans
Date: 2015-11-18 15:06:25
Great. http://www.supercheats.com/gameboy/pokemon-blue/5386/My-Collection-Of-Pokemon-Blue/ ;       he also has slow walking speed fast text speed and slow text speed all simillar codes :/

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Stackout
Date: 2015-11-18 18:20:06

Thanks, Wack0, I wasn't aware of this new version. I probably missed it while reading the thread. That's really a great code! I will add it to PRAMA too  ;)


it's not new, i made it back in 2013.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: SnorLapraSuicuinEkans
Date: 2015-11-19 09:59:38
So, I's there a website that tells me which each indivisial byte effects which area of memory that I will be able to understand because I can't read code very well

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Stackout
Date: 2015-11-19 11:52:35

So, I's there a website that tells me which each indivisial byte effects which area of memory that I will be able to understand because I can't read code very well


We have a list of gameshark codes if that's what you mean: http://glitchcity.info/wiki/index.php/Pok%C3%A9mon_GameShark_codes

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Krys3000
Date: 2015-11-19 14:11:52
Otherwise, you can:

- Use this RAM Map which gives most address of the WRAM: http://datacrystal.romhacking.net/wiki/Pokémon_Red/Blue:RAM_map
- Use the disassembly (but it's a bit harder to understand maybe): https://github.com/pret/pokered/blob/941d2b9eb8a59b42ea71a08b34b25c06477cf36d/wram.asm