Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Arbitrary Code Execution Discussion

Arbitrary code execution in Red/Blue using the "8F" item - Page 21

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: andr2535
Date: 2016-03-06 18:23:23
Hi, I wanted to ask a question that confuses me a bit.

I was trying to use Pigdevil2010's bootstrapping code for w sm(http://forums.glitchcity.info/index.php/topic,6638.msg198107.html#msg198107),
but my game seems to freeze when I use that bootstrapping code.

So I tried to find the cause of it using the bgb debugger, and it seems like the place where it is supposed to goto DA97, it goes to DA98 instead.
I fixed that by switching Nidoqueen with Nidoran(female).

Does this bootstrapping setup work for anyone(unaltered), or is there some mysterious bug on my end? :P

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Flandre Scarlet
Date: 2016-03-06 20:23:12
It could have just been a mistake on his part. Or maybe it was you IDK.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Krys3000
Date: 2016-03-07 12:01:45
Didn't we had another guy who had trouble with this setup previously? The G-Meister maybe?

I don't use this one but Torchickens' optimized setup for non-english games (which Haxel slightly modified again I believe) so I don't know but I'll double-check the code manually asap to see if it's a proper boostrap :)

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: FroggestSpirit
Date: 2016-03-09 15:33:36
Has anyone made a better bootstrap code using something like wack0's gameshark code?
I was able to have a JP D53B stored as the last 3 bytes of my trainers name (this only works if your name is short enough)
The only downside is that I had my 6th pokemon turn into ID F9, so when I arranged my party like:
6 pokemon:
anything
tentacool
ID F9 pokemon
anything
anything
anything

it works well, taking you to the first item in the PC, however it messes up battle sprites due to the missingno
Edit:also irrelevant, but I did this on the VC re-release

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Krys3000
Date: 2016-03-10 01:25:51
In R/B games, there is luckytyphlosion's compact setup: http://forums.glitchcity.info/index.php?topic=6638.msg198585#msg198585

Also there is a glitch Pokémon setup that only uses 3 Pokémon (but you can have up to 5), I don't remember who did it:
h Poké (hex:C3)
Graveler
M p u (hex:D3)

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: darksarcasm
Date: 2016-03-10 11:55:08
If I have my party Pokemon arranged correctly for the 8F execution to the third item in my bag (Pidgey, Parasect, Onix, Tentacool, Kangaskhan), am I correct in assuming the sixth slot Pokemon does not matter? By the same token, is the C9 Hex code a stop function, and therefore items below this item won't affect the code? I've noticed that most if not all the example codes in this post end with an item that is multiplied by 201.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Krys3000
Date: 2016-03-10 12:41:10
C9 (item TM01 or anything x201) is a ret instruction which ends your code. So yes, any item afterwards does not matter.

However, it is very different for the setup, as the bootstrap code starts with the value of address $D163 (number of Pokémon). Having 5 Pokémon calls for a placeholder, useless function, but having 6 Pokémon instead of 5 calls for an assign function which also uses the following hex value, 'skipping' it from code reading, and therefore breaking your code.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: darksarcasm
Date: 2016-03-10 18:37:26

C9 (item TM01 or anything x201) is a ret instruction which ends your code. So yes, any item afterwards does not matter.

However, it is very different for the setup, as the bootstrap code starts with the value of address $D163 (number of Pokémon). Having 5 Pokémon calls for a placeholder, useless function, but having 6 Pokémon instead of 5 calls for an assign function which also uses the following hex value, 'skipping' it from code reading, and therefore breaking your code.


Right, forgot that # of Pokemon in the party has a RAM address.

I really should learn assembly so I could write my own code and to easier understand the game.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Krys3000
Date: 2016-03-11 01:05:57
Yep, you don't need to be a super assembler expert to write some nice codes. Understanding a few opcodes is enough! You can also ask if you don't get how to use one. If you have an emulated game, you can also fearlessly try a few things and see how it reacts  :P

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: glitchhunter09
Date: 2016-03-11 20:52:17
by 255 of one item, what do you mean? The Limit is 99 so do I just make multiple stacks, use the Missingno 128 item glitch or what?

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Krys3000
Date: 2016-03-12 02:54:07
To get x255 of one item, either:
- use MissingNo.'s duplication (capture it or encounter it twice, tossing two items)
- use Glitch City RAM Manipulation to overflow the PC and withdraw any x255 item

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: glitchhunter09
Date: 2016-03-12 12:07:28
Thank you so much

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Flandre Scarlet
Date: 2016-03-14 21:18:11

___________________________________
Walk through walls (no ledge needed):

3E 01 EA 38 CD C9

ld a, 01
ld (CD38), a
ret

Lemonade x1
TM34 x56
TM05 x201

How would you translate this to Red and Blue using 8F instead of ws m?

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Krys3000
Date: 2016-03-15 02:37:25
You don't need to. Address $CD38 is in a RAM section that doesn't change between any international R/B and Y.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Flandre Scarlet
Date: 2016-03-15 08:09:59
It wasn't working for me earlier because I failed at counting glitch symbols and I had 211 instead of 201.