Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Arbitrary Code Execution Discussion

Arbitrary code execution in Red/Blue using the "8F" item - Page 19

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Krys3000
Date: 2016-02-14 15:30:10
Maybe you could add a note to the underflow glitch guide about the long name and storing 8F to help others in the future?


Unfortunately, I lack the time to complete my own Pokémon glitch website so I really don't have the time to contribute to GCL's wiki (so I at least try to answer questions on the forum). But yes, there are informations about this glitch and some others that really needs to be added.

I hadn't even heard of the RAM manipulation glitch but it sounds really cool, I'll have to check that out :)


You will find everything here (there's a video too). For the same reason, I still don't have the time to write a page for this :)

Nice code to get x255 of the second item! This cleary can be useful. Thanks!

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: lowena
Date: 2016-02-14 16:41:25
I completely understand not having the time to do stuff. Mabe if I stay here long enough and get into glitching/hacking enough I can help with the wiki (no guarantees at all though :P ).

And thank you! I'm glad you find it useful. :)

Does anyone know of a way to assemble code into hex? It would be nice to be able to write code in assembly then assemble it to insert into the ROM or paste into the debugger for testing purposes instead of having to look up the hex for each opcode :c

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Krys3000
Date: 2016-02-15 07:20:13
I don't know if that answers the question but there is a french "GBZ80 to items" software in which you choose your opcodes and it converts the code into hex values and then directly into items. It was developed by ISSOtm of the PRAMA Initiative team, who also is a Wiki Contributor here. I don't think it's hard for an english-speaker to understand how to use it, but maybe there is an english equivalent software somewhere.

You can find it here: http://prama-initiative.com/8F/

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: lowena
Date: 2016-02-15 16:51:02
Thanks! That helps a lot. It would be cool if you could just type assembly and not have to use the dropdown menus (which I recognize would probably be quite a bit more work to code), but it's much better than looking up opcodes in a table. :)

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Krys3000
Date: 2016-02-16 01:56:53

It would be cool if you could just type assembly and not have to use the dropdown menus (which I recognize would probably be quite a bit more work to code)


Planned for v.3.0 according to ISSOtm  :D

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Flandre Scarlet
Date: 2016-02-27 20:41:01
Just a note to the OP Nidoking and Nidoqueen are both capable of the moves hitmonlee currently uses for future reference (At the moment it says only Hitmonlee can learn all the moves.)

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Flandre Scarlet
Date: 2016-02-28 13:31:58
Would it be possible to make a code that makes pokemon number 1 in active box have type 1 or type 2 changed to another type. EX what everyone wanted to do and make charizard a fire dragon type, or for type 1 make Onix a grass ground type etc.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Krys3000
Date: 2016-02-28 16:11:15
You can do whatever the f*ck you want, dude.

Read this and you should be able to do what you are asking for. In case of problem, come back to ask!

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Flandre Scarlet
Date: 2016-02-28 18:32:01
Using this code but it isn't doing anything just exits the menu. I am trying to change current/active Box pokemon 1 type 2 into dragon. Maybe the type doesn't visibly change but I think it does/should. And yes I double checked my item quantities by hand  (scrolling up from 1) to make sure I have the right numbers.
Elixir 1 (any any)
8f
Lemonade 26
X Accuracy 156
Carbos 218
Pokeball 119
Fresh Water 201

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Azarokkusu
Date: 2016-02-28 20:41:50
This gave me everything I needed to make my team have maxed out DVs and stat exp, side-effectless! Thanks!

I did this with the first boxed pokémon in your current box (of course, since you can't have any pokémon you want in your party)

Item 1: any item (any quantity)
Item 2: 8F
Item 3: lemonade x 255
Item 4: X accuracy x 178
Item 5: Carbos x 218
Item 6: pokeball x 119
Item 7: fresh water x 201

Then, use 8F, then throw one X accuracy. repeat. 167 X accuracies is the last value you'll need for the last stat exp value (I believe 165 and 166 are regular exp, but if you set the exp value controlled by the two too high it will glitch out somewhat (it rolls over into negatives, as far as I can tell), so not reccomended.)

This corresponds with 01FFB2DA for 178 X accuracies, 01FFB1DA for 177 and so on.

01FFB2DA sets speed and special DVs to F (178 x X Special)
01FFB1DA sets attack and defence DVs to F (177 x X Special)
HP DV is based on the other DVs (Can't remember the exact details)

01FFB0DA and 01FFAFDA affect special stat exp  (176 and 175 x X Special)
01FFAEDA and 01FFADDA affect speed stat exp (174 and 173 x X Special)
01FFACDA and 01FFABDA affect defense stat exp (172 and 171 x X Special)
01FFAADA and 01FFA9DA affect attack stat exp (170 and 169 x X Special)
01FFA8DA and 01FFA7DA affect hp stat exp (168 and 167 x X Special)

Additionally you can teach a pokemon in the first slot of your current box any move:

Item 1: any item (any quantity)
Item 2: 8F
Item 3: Lemonade, quantity equal to move ID of what move you want to teach
Item 4: X Accuracy, quantity 161 for fourth slot, 160 for third slot, 159 for second slot or 158 for first slot
Item 5: Carbos, quantity 218
Item 6: Poké Ball, quantity 119
Item 7: Fresh Water, quantity 201

obviously you can use different item values for different box slots, but I find using the first slot in your current box is easy to keep track of.

( Gameshark codes from https://www.ocf.berkeley.edu/~jdonald/pokemon/pokemonrbycodes.txt )
(Big list of all hex values is here: http://glitchcity.info/biglist.htm )
video of the DV and stat exp changing here:  https://www.youtube.com/watch?v=CgsSjsJogTw
video of the move teaching trick here: https://www.youtube.com/watch?v=qcU3tD_IpTQ

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Krys3000
Date: 2016-02-29 02:36:50

Using this code but it isn't doing anything just exits the menu. I am trying to change current/active Box pokemon 1 type 2 into dragon. Maybe the type doesn't visibly change but I think it does/should. And yes I double checked my item quantities by hand  (scrolling up from 1) to make sure I have the right numbers.
Elixir 1 (any any)
8f
Lemonade 26
X Accuracy 156
Pokeball 119
Fresh Water 201
Carbon 218


$DA9C is the address you want to change in english or american R/B games, and I'm also pretty sure 1A is Dragon-type so yes, your items seem to be correct, although Carbos must be after X Accuracy and before Poké Ball. Check this first, then if it's not the problem, it probably comes from your Pokémon bootstrap setup. Can you tell us more about it? You didn't do the HP/PP Up mistake, right?  ;D

Nice job, Azarokkusu. Might be useful  ;) indeed guys, remember what Crystal_ explained us about giving your Pokémon high stats :)

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Azarokkusu
Date: 2016-02-29 02:59:57
I feel like just doing more with these gameshark codes. That "CHANGE ANY BYTE IN RAM TO ANYTHING" bit of code Wack0 posted (back on page 2) is amazingly useful. As someone who never actually had a gameshark, it's fun being able to mess with these codes without actually having a gameshark!

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Overheat
Date: 2016-02-29 03:24:04
Is this confirmed to work on the VC release? I cannot seem to get the codes to max DVs of the first pokemon in the active box to work, but the game does not crash when I use 8F, it just appears to have no effect.

Thank you.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Flandre Scarlet
Date: 2016-02-29 05:36:21
I actually do have carbos before the Pokeball I made a mistake in my post and didn't catch it. My bootstrap is
Onix
Pidgey 24 pp 2nd move 0 pp up 21 pp 3rd move 1 pp up
Tentacool
Meowth 36 pm 1st move 0 pp up 24 pp 2nd move 0 pp up 20 pp 3rd move 0 pp up
Hitmonlee double team, double kick, strength in that order
Zapdos 233 attack
I have successfully used other codes with this setup before without healing them after getting the right pp.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: SunbroTmac
Date: 2016-02-29 09:08:51

Is this confirmed to work on the VC release? I cannot seem to get the codes to max DVs of the first pokemon in the active box to work, but the game does not crash when I use 8F, it just appears to have no effect.

Thank you.


I can confirm that all of these should theoretically work on the VC release the same way as on cart or another emulator. I have 8F on my 3DS Blue and have successfully used the "change 2nd item" code. The changes made to the VC version do not appear to have made ANY glitches inaccessible as far as we know. I'm going to be trying to get max DVs later today as well so I'll PM you about it if you'd like.

EDIT: I just successfully obtained a max DV/Stat exp Snorlax on by VC Blue. Be sure to start at the X accuracy number listed in the main code and decrease by 1 each time you use 8F until you reach 167 so you max out all the stats. If that and your bootstrap team are intact, I'm not sure what else could be an issue.