Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Arbitrary Code Execution Discussion

Arbitrary code execution in Red/Blue using the "8F" item - Page 36

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: ISSOtm
Date: 2017-01-25 03:06:58

Well, just decided to quickly code something for 8F…

[size=12pt]CHANGE ANY BYTE IN RAM TO ANYTHING[/size]
[size=8pt](or, psuedo-GameShark in software)[/size]

This code uses only 5 basic items, and will easily allow you to modify any byte in RAM one wants to.

Item 1: any item
Item 2: 8F
Item 3: Lemonade, quantity (byte to change to, or 2nd byte of GScode)
Item 4: X Accuracy, quantity (low byte of RAM address to change, or 3rd byte of GScode)
Item 5: Carbos, quantity (high byte of RAM address to change, or 4th byte of GScode)
Item 6: Poké Ball, quantity 119
Item 7: Fresh Water, quantity 201

ASM:
D322: 3E xx        ld a, xx
D324: 2E xx        ld l, xx
D326: 26 xx        ld h, xx
D328: 04            inc b
D329: 77            ld (hl), a
D32A: 3C            inc a
D32B: C9            ret

So, for GameShark code 011559D0, which would encounter a Mew after you close the menu (and yes, this is the one i tested it with – on a real cart no less), use the following item list:

Item 1: any item (but I guess you'd want Master Balls here for this example!)
Item 2: 8F
Item 3: Lemonade, quantity 21
Item 4: X Accuracy, quantity 89
Item 5: Carbos, quantity 208
Item 6: Poké Ball, quantity 119
Item 7: Fresh Water, quantity 201

By the way, since no address is hardcoded, this *should* work on Yellow too; but I haven't tested it there. (obviously the example posted above won't!)

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: jelome1989
Date: 2017-01-25 03:29:39
That's not what I'm looking for, but thanks anyway. I found the code to manipulate the DVs, but unfortunately, you can only manipulate the DVs by pairs and not individually, so it would be impossible to manipulate DVs to force shininess when transferring to Gen 7

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Unused Trainer
Date: 2017-01-25 05:22:07

That's not what I'm looking for, but thanks anyway. I found the code to manipulate the DVs, but unfortunately, you can only manipulate the DVs by pairs and not individually, so it would be impossible to manipulate DVs to force shininess when transferring to Gen 7
Yes i agree with you.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: jelome1989
Date: 2017-01-25 08:28:52
Hold on, I might have something here. I executed the code with x10 Lemonades but ended up with 0 Atk and Speed DVs and 10 Defense and Special DVs… Why is that? The Atk should be paired with the Def DVs thus they should end up with equal DVs but why are my results different?

I used this code to manipulate the DVs but replaced 'FF' with '10':
01FF85D1
01FF86D1

Please advise. Thanks

Edit: Hold on, I think I get it now. Seems I made a stupid mistake. Will update later. It seems WE CAN MANIPULATE THE DVs to force shininess after all!

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: ISSOtm
Date: 2017-01-25 08:55:31
Yep, you can manipulate DVs. There's no problem to manipulate them individually either.

Take the number of ATK DVs, turn it into hex digit #1.
Take the number of DEF DVs, turn them into hex digit #2.
Use the code 01(digit #1)(digit #2)85D1 to manipulate both.
Replace ATK with SPD, DEF with SPE and 85 with 86 and you can manipulate both SPD and SPE DVs !

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: jelome1989
Date: 2017-01-25 09:34:15
Yeah, I got it. I actually recorded it and made it on my first try. Will upload it soon in my channel.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: forsyz
Date: 2017-01-25 10:47:22
How would you change trainer id and name.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: ISSOtm
Date: 2017-01-25 12:40:46
Are you talking about doing such on a save, or on a Pokémon ?

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Masked_koopa
Date: 2017-01-25 13:25:16
Hi, I hate to be a bother, but is it possible to convert this R/B item script to be compatible with yellow? I tried decreasing the quantities of the items that were "D" in the code by one, but I'm reluctant to do more due to risk of save file loss (and I already lost one by being too reckless wi the walk through walls code)



Code: (change character name, from OP)


Video: http://www.youtube.com/watch?v=Sw0h7ImFsAs#t=918s

ITEM LIST (starting from the first slot):
* Any item
* 8F
TM50                x181
TM10                x64
TM34                x88
TM09                x46
Calcium              x52
X Accuracy          x35
Full Heal            X201

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Torchickens
Date: 2017-01-25 16:26:57

Hi, I hate to be a bother, but is it possible to convert this R/B item script to be compatible with yellow? I tried decreasing the quantities of the items that were "D" in the code by one, but I'm reluctant to do more due to risk of save file loss (and I already lost one by being too reckless wi the walk through walls code)


Code: (change character name, from OP)


Video: http://www.youtube.com/watch?v=Sw0h7ImFsAs#t=918s

ITEM LIST (starting from the first slot):
* Any item
* 8F
TM50                x181
TM10                x64
TM34                x88
TM09                x46
Calcium              x52
X Accuracy          x35
Full Heal            X201


Hi Masked_koopa, no worries. Sure!

As thought you need to decrease addresses and other values by 1. We need to decrease both the addresses and the values for l.

Your code represents the following:


ld a, D2B5
ld b,b
ld (D158),a
ld l, 27
inc (hl)
ld l, 23
inc (hl)
ret


We need to change D2B5 to D2B4, D158 to D157, 27 to 26 and 23 to 22, which results in the following items you'll need for Yellow (note Carbos is used instead of Calcium):

TM50 x 180
TM10 x 64
TM34 x 87
TM09 x 46
Carbos x 52
X Accuracy x 34
Full Heal x 201

Hope that helps!  :)

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Crystal_
Date: 2017-01-28 12:09:41
Using 8F to get PokeBank-compatible Mew and shiny Pokemon

https://www.youtube.com/watch?v=H8AgGp5cqPI

Item lists (includes assembly code):
Encounter Mew with 8F: http://pastebin.com/MJd9rA8y
Mew method #1 (change player IDNo. and name): http://pastebin.com/BA4mK4PK
Mew method #2 (change Mew IDNo. and name): http://pastebin.com/z836UeVA
One shiny Pokemon: http://pastebin.com/QaNpSYCc
All current box shiny Pokemon: http://pastebin.com/z6ZVN76z

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: holymoly
Date: 2017-01-31 18:39:27
i've done the brock through walls glitch to go to saffron and got the 8f item, but i forgot about the party setup and i'm stuck because my strongest pokemon is a lv 9 abra. is there any way to get the five pokemon or do i need to restart?

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: ISSOtm
Date: 2017-02-01 01:52:18
You can't Teleport back to Pewter ?

Otherwise, you'll have to advance your progression if you want to get the Pokémon.
If you have access to Saffron this won't be too much of a problem.

If you have a Rare Candy, here's how to duplicate it to make stuff that much easier.
1) Buy balls. LOTS. Also buy different items so you have at least 6 occupied slots.
2) Give a drink to the Saffron guards.
3) Heal at Saffron Poké Center.
4) Go south and Trainer-Escape from the top-left Trainer (stand with him on the same row as Red but one tile offscreen, walk left and hold START during the walk, use Teleport).
5) Go to Route 8.
6) Fight the Gambler on the south-east part of the road, lose to his first Pokémon. Make sure he makes at least one step when encountering you, otherwise you'll get a softlock.
BONUS : Before going to Vermilion, pay Snorlax a visit. That should remove him at step 9, which means you can go through Cycling Road :)
7) Make sure Rare Candy is in the 6th slot of your inventory.
8) Open your START menu then head towards Vermilion.
9) Close the menu again then run away (or catch, whatever you want) Missingno.
10) CANDIEZ

Then you can get the Pokémon.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: YellowFreddy
Date: 2017-02-06 16:49:38
Is there an Intuitive, Searchable, opcode map for the GB, I would like to write some item codes.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Flandre Scarlet
Date: 2017-02-06 18:14:40

Is there an Intuitive, Searchable, opcode map for the GB, I would like to write some item codes.

Something like this? http://www.pastraiser.com/cpu/gameboy/gameboy_opcodes.html