Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Arbitrary Code Execution Discussion

Arbitrary code execution in Red/Blue using the "8F" item - Page 58

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: joshuarpl2
Date: 2018-12-04 11:07:36
Made my first arbitrary code!
It goes like this
Items:
Any Item x[any]
8F
Lemonade x2
TM34 x89
TM08 x201

ASM:
ld a, $02
ld ($D059), a
ret
Made in just 3 lines of code, because it only changes a single address! (DO59 turns into 1F, which is the ID of Missingno!)
This is pretty much the same as the Catch Em All script lol.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: ISSOtm
Date: 2018-12-04 13:22:57
This won't set D059 to $1F, but to $02. Ie Kangaskhan.
You didn't even test your script, did you?

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Sherkel
Date: 2018-12-04 16:00:20
In spite of that strange error, you've gotten started, at least! :)

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: joshuarpl
Date: 2018-12-29 16:16:00

ld a, $02

Oh, I accidentally made it turn into value $02 xd!
Sorry!

(If i'm necro-bumping, i am sorry!)

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Parzival
Date: 2018-12-29 19:30:27
I would like to point out that Missingno. takes up several different slots. This may make the actual code setup easier with proper slot picking.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: kakonema
Date: 2019-02-15 12:41:31

So to write ISSOtm's version of theZZAZZglitch's memory editor (https://forums.glitchcity.info/index.php?topic=8200.0) you'd start with

lemonade x 229 (229 = $E5, the byte to write at DB01)
X accuracy x 1
Carbos x 219
pokeball x 119
Burn heal x 125
Fresh water x 234
Iron x 211
Lemonade x 0
TM34 x 35
TM 11 x 201

use 8f, which would write the value, set the quantity of lemonades to 0 and increase the quantity of X accuracies by 1, to 2. Throw lemonades until you had 17 (hex 11), use 8f, etc etc.


Is this code compatible with european versions of roms, i'm having a weird effects executing it? The bootstrap works with couple of tested codes (onyx replaced with graveler for 3rd item bag compatibility).

Do memory editor also need adjustments in order to work with euro roms?

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: ISSOtm
Date: 2019-02-15 12:50:23
Yes, they do. Don't know which though.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: kakonema
Date: 2019-02-15 13:14:44

Yes, they do. Don't know which though.


Well that's a bummer.

Hmmm, according to:

ld ($d325),a ; quantity of fresh water (234), Iron x 211 bytes: EA 25 D3
ld ($d323),a ;TM34 x 35, TM11. bytes: EA 23 D3


guess it just needs increase in quantity of TM34 and fresh water by 5 in order to match a bag address, right?

Editor is a different beast, it hurts my brain just by looking at code.

edit: On second thought, i need helix fossil instead of iron, but helix fossil is a key item and it doesn't have a quantity?

edit2: Success! Swapping iron x 211 with helix fossil x 211 and increasing TM34 x 35 to TM34 x 40 works, just need to write memeditor to test if it works.

edit3: Aaaaand it works!!! Thank you guys for making it possible, it's a mind-blowing work you're all doing.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Caveat
Date: 2019-04-26 19:37:45
After a year of being spared from my misery, I RETURN with this… thing.
It changes the species bytes of the first Pokemon in the current box!

"Stable" version:
Lemonade x(species index)
TM34 x129
TM18 x4
TM34 x150
TM18 x201
ld a, $xx
ld [$DA81], a
inc b
ld [$DA96], a
ret

"Unstable" version: (for making unstable hybrids)
Lemonade x(species index)
TM34 x129
TM18 x4
Lemonade x(recipient species)
TM34 x150
TM18 x201
ld a, $xx
ld [$DA81], a
inc b
ld a, $yy
ld [$DA96], a
ret

This isn't really useful and it's more of a "LOOK MOM I'M LEARNING ASM" thing, but it could be useful to you if you don't feel like getting a Charizard 'M and/or the Pokemon you want to merge?

EDIT: Here's something actually useful! It fills out your Pokedex (with an optional 152nd entry, if you want). Requires a few glitch items, but none of them have unterminated names. Yeah, dealing with CANCEL is annoying; sorry. D:

All 151:
X Accuracy x246
Carbos x210
HP Up x62
CANCEL (hex:FF) x119
TM50 x28
TM11 x254
CANCEL (hex:FF) x32
TM44 x4
Lemonade x127
TM34 x28
TM11 x234
Pokédex (hex:09) x211
TM01 x[Any qty]
;151 pokemon seen + caught
;hl=D322
ld l, $F6
ld h, $D2 ;hl=D2F6
inc hl ;hl=D2F7 on first loop
ld a, $FF
ld [hl], a ;set dex byte to FF
ld a, [$D31C]
cp a, $FF ; are all bytes set?
jr nz, $D326 ;if not, inc hl and do it again
inc b
ld a, $7F
ld [$D31C], a
ld [$D309], a ;getting rid of entry 152
ret

152nd entry:
X Accuracy x246
Carbos x210
HP Up x62
CANCEL (hex:FF) x119
TM50 x28
TM11 x254
CANCEL (hex:FF) x32
TM44 x201
;152 pokemon
;hl=D322
ld l, $F6
ld h, $D2 ;hl=D2F6
inc hl ;hl=D2F7 on first loop
ld a, $FF
ld [hl], a ;set dex byte to FF
ld a, [$D31C]
cp a, $FF ; are all bytes set?
jr nz, $D326 ;if not, inc hl and do it again
ret

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: Sherkel
Date: 2019-08-31 10:49:38
Now this is a ridiculously overdue article and much-needed addition. There is now a full explanation of -gm on the wiki (courtesy of Bbbbbbbbba). with both a tutorial and proper rundown of how the bootstrap ASM works. Telling people to use this item instead of the inferior 8F has been a running joke in Discord for something like a year (though it's not a joke), and while those interested were walked through it, this is where that info belongs.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: CasualPokePlayer
Date: 2020-03-04 20:20:23
So I've been looking at 8F, and dislike its bootstrap, so I decided to make my own bootstrap.

6 Pokemon

Anything, but I recommend a flyer for this slot, also needs 233 HP
Growlithe
Marowak
Vaporeon
Machoke
Slowbro

The bootstrap does this
ld b,xx ; filler, xx is Pokemon 1
ld hl,6991
add hl,hl ; get D322
ld (xxFF),sp ; xx being Pokemon 1
~~
jp hl ; jump to 2nd item in bag


The benefit of this bootstrap is that you can have (mostly) ANY Pokemon in slot 1, like Mew, as long as you keep it at 233 HP.

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: HumptyAce
Date: 2020-05-24 12:59:34
I'm coming back to this after some time. I was wandering if it is possible to make a code that would reset progress in-game. I already made my own codes to rebattle gyms (and the trainers that are in the gyms) because I had gamesharks codes to work with from the start, but I was thinking more of a way to simply reset trainer flags so that you can battle them again. I have a pretty old savefile that I don't want to erase, so that plus resetting gyms would basically make the game completely replayable ( I don't really care about event-linked trainers such as rocket hideout and lavander tower ones). Does someone have a clue?

Re: Arbitrary code execution in Red/Blue using the "8F" item

Posted by: thebear45
Date: 2020-07-15 09:03:35
Hi,

Is the catchemall script work in french version because, I set all up and execute but nothing happens,
No crash just used 8F as usual, quit the menu and nothing appears.
I also tried this code : https://justpaste.it/18bz8 (found in this thread) and same result : code work but do nothing !

Can u please help me ?