Glitch City Laboratories Archives

[table]
[tr]
[td]Newcomers: I highly recommend you read beyond this thread's first post. Thanks to the later posts you will learn how to do the described glitch on Yellow, Japanese Red/Green/Yellow or other international releases, and you'll find many different item lists for performing different tasks.[/td]
[/tr]
[/table]

[size=12pt]WHAT'S 8F?[/size]

8F is a Red/Blue equivalent of JP Red/Green's 5 - an item executing machine code starting from $D163 (Number of Pokemon) upon use. Its hex identifier is 0x5D, despite its hex-like name. 8F is treated by the game as a key item and it can't be tossed away or sold in the mart.

As address $D163 contains re-writeable data, it is possible to redirect the instruction pointer to the item list with relative jumps and easily run arbitrary code just by spelling the opcodes with items. With enough items, one could also make a program that reads key input continuously, writes it somewhere in the RAM and jumps to it after a while, allowing to even run your own homebrew software (jailbreaking the gameboy, lolz).

[size=12pt]HOW TO OBTAIN IT:[/size]

[size=12pt]OBTAINING 8F USING ITEM COUNTER UNDERFLOW GLITCH:[/size]

PREREQUISITES:

- Access to any event that removes an item from your inventory (Saffron guards, handing out a fossil in Cinnabar Lab, giving Gold Teeth to the Warden etc.)
- A following item list:
  Any item x[Any qty]
  X Special x255
  Item you need to give away x1

EXECUTION:

1. Toss the first item. It should change to X Special x255
2. Continue tossing the first item until the item menu "stops responding"
3. Trigger an event that removes the item from your inventory (example: get Kabuto, omanyte, or Aerodactyl down in Cinnabar)
4. Now, you should have 255 items with you. Go to the eastmost corner of Celadon City:

[img]http://i34.tinypic.com/2me4qdl.png[/img]

5. Toss 254 of your X Specials. Then swap the 'X Special x1' with 'Nugget x1' (35th item)
6. Try walking to the right - the map should now loop back to the left side of Celadon City. The amount of steps you take to the right determines the item you will get, so position yourself properly to obtain 8F. Swap it with the first item, then fly back to Celadon.
7. Store one of your newly acquired glitch items into the PC. Then buy any 3 items to bring your inventory back to normal.

A video of this method (makes it a lot easier to understand): http://www.youtube.com/watch?v=98_azamLeh4

[size=12pt]OBTAINING 8F USING INVALID ENCOUNTER FLAGS (OBSOLETE):[/size]

PREREQUISITES:

- A Ditto with a Cooltrainer move, nicknamed "R:u"  (Get Cooltrainer by transforming into a pokemon with 4 moves. swap the second move with the 1st, run, and Ditto's move will be cooltrainer)
- At least 1 Escape Rope
- Good Rod on your 4th item slot
- Exactly 10 Pokemon in your current box (this tremendously increases the chances of Cooltrainer move working properly) (sometimes the Cooltrainer move refuses to work, so if 10 pokemon doesn't work out, try 9 pokemon, and then 8, etc.)
- Preferably a Bicycle, to make things a little bit faster.

EXECUTION:

1. Heal your Pokemon in Fuchsia City's Pokemon Center.
2. Do the Safari Zone walk through walls glitch, with only Ditto in your party.
3. After you appear back at the Fuchsia City's Center with noclip activated, walk exactly:
a) 19 steps west
b) 28 steps north
c) 1 step west
d) 29 steps north
e) 11 steps east
4. Open your Pokemon menu and close it (important). You may want to use bicycle now to travel faster - you won't be able to do this later.
5. Go 11 steps west and keep walking south until you find yourself back on Route 18. Do not open your Start menu from now on.
6. Walk/bike to Seafoam Islands and enter the cave.
7. Encounter a wild Pokemon, and continuously try to use the Cooltrainer move. If it does not work after about 15 tries, quit the battle and start a new one. Do not open your Pokemon menu, Item menu or Start menu at all!
8. Eventually, the music will fade out, the move typing will become blank, and name of the opponent will get changed. Catch the resulting Pokemon - the game will state you caught a "94", and your Good Rod will turn into an 8F.
9. Use an Escape Rope, as there's a slight chance the game will crash after exiting the cave normally.

[size=12pt]OBTAINING 8F WITH A CORRUPTED ITEM PACK (OBSOLETE):[/size]

This method is not recommended - it has a lot of side effects and is terribly complicated. Use it only when the encounter flag method does not seem to work for you.

PREREQUISITES:

- A Pokemon on the first slot meeting very specific requirements:
    > It needs to have a Super Glitch as a 4th move
> Its three moves besides the Super Glitch have to contain 25 characters in total
> One of its three moves needs to be 4 characters long
> This Pokemon needs to be able to learn Mega Kick through TM05
An example: L ||M 4 (hex C6) with moves Body Slam, TM50, Quick Attack, [Super Glitch]
- Any Pokemon on the second slot you don't care about, nicknamed "cccccccc". It will be gone in the process, so don't use your L100 Charizard.
- A Pokemon on the third slot knowing Fly.
- Exactly 3 useless items in your Bag. They will get destroyed again, so don't pick anything important.
- TM05 (Mega Kick), deposited in the PC
- At least one free space in the PC to store your obtained 8F
- An empty Pokemon box currently selected, most likely box 12

SIDE EFFECTS:

Sadly, those side effects are actually quite annoying. But also, happily enough, one can fix them with 8F's arbitrary code execution.

1. Your player name will become blank (the game will save just fine though). However, with 8F's arbitrary code execution capabilities, one can change his name back to something nice.
2. Lower 5 Pokedex bytes will become corrupted, displaying some yet unseen species as caught. There's no easy way to fix this, but it's not a big deal unless you care about your Pokedex progression.
3. Your Pokemon box may get to a state where trying to release the glitch Pokemon inside will crash the game. This side effect does not happen every time, but if it does, again, this can be fixed with 8F's arbitrary code execution.

EXECUTION:

The process is a little bit complicated, but after around 15 minutes of hard work, you should be able to claim your own 8F without a cheating device.

1. Go to the exact spot shown on the screenshot below (second to last house on Celadon's south-east). Open up and close immediately your Pokemon menu while still standing on that spot.

[img]http://smartfeel.net/images/spot2.png[/img]

2. Go into a patch of grass and encounter a wild Pokemon. Do not open your start menu while going there.
3. Open and close your fight menu a few times, then run from the battle.
4. Open your Start menu. Your name should be glitched. If it isn't, repeat step 3.
5. Now you should have 16 Pokemon. Go to the Celadon's Pokemon Center and talk to Nurse Joy, but don't heal.
6. Go to the exact spot shown on the screenshot below:

[img]http://i34.tinypic.com/2me4qdl.png[/img]

7. Open up your Pokemon menu, swap the 2nd Pokemon with the 10th.
8. Now your item pack should have 162 items, with the first item being "RIVAL's" and the second being Ether.
9. If you have more than 1 Ether on the second position, toss them so only 1 remains.
10. Swap the Ether (2nd item) with the 35th one (for this location this should be a Nugget)
11. Try walking to the right - the map should now loop back to the left side of Celadon City.
12. Keep walking to the right until you find the spot below:

[img]http://i37.tinypic.com/fp9oiq.jpg[/img]

13. Open your item pack here - the Ether should turn into 8F. Switch it back with the second item to keep it.
14. Fly away to any town. Go to the Pokemon Center.
15. Store one of your 8Fs in the PC. 8F is treated like a key item and depositing more than one will clutter your PC.
16. (Optional) You can also deposit "RIVAL's" into the PC to get 2 glitch items for the price of one.
17. Swap the 10th Pokemon back with the 2nd. This will clear all your items.
18. Withdraw TM05 from your PC.
19. Swap the 2nd Pokemon with the 5th to avoid crashing in the next few steps.
20. Swap the 3rd Pokemon with the 2nd so your Pokemon with Fly won't get obliterated by Charizard 'Ms
21. Deposit your LM4 and your Pokemon with Fly.
22. From now on keep depositing Pokemon into your empty box until you're left with just one Pokemon in your party.
23. Withdraw LM4 and the Pokemon with Fly.
24. Exit out the PC and move the first Pokemon (Charizard 'M) to the last slot.
25. Deposit the Charizard 'M. You should now have only LM4 and the flyer in your team.
26. Because of the Super Glitch, your LM4 became an unstable hybrid of Krabby. Fly to Cerulean City, bring your LM4 into Daycare and take it out to change it back to LM4.
27. Fly back to Celadon City, stand in the spot below:

[img]http://i33.tinypic.com/2rf51s4.png[/img]

28. Teach your LM4 Mega Kick (use TM05). Replace the move with 4 characters in its name, otherwise stuff won't work as intended.
29. Fly to Cerulean City again, stand in the spot shown below:

[img]http://i35.tinypic.com/awokfs.png[/img]

30. Open your Pokemon menu here (important). If your LM4 is now the second Pokemon in your party, switch it back to the first slot.
31. Fight a wild Pokemon. Open up and close your fight menu a few times, then run from the battle.
32. Your name should be now blank. If it isn't, repeat step 30.
33. Fly to any Pokemon Center and heal your Pokemon.
34. And finally, you're done! You are now free to save the game if you're brave enough. Withdraw your 8F and have fun.

Full video presenting this done step by step: http://www.youtube.com/watch?v=Sw0h7ImFsAs

BOOTSTRAPPING

8F won't do anything amazing by itself - in order to make it execute code from $D322 (third item), we need to use the party Pokemon to spell out a short bootstrapping program, which will redirect the instruction pointer to your item pack. The requirements are as follows:

[tt]1.  6 Pokémon                                                        [0xD163 = 0x06]
2.  Onix as the first Pokémon                                        [0xD164 = 0x22]
3.  Pidgey as the second Pokémon                                      [0xD165 = 0x24]
4.  Tentacool as the third Pokémon                                    [0xD165 = 0x18]
5.  Meowth as the fourth Pokémon                                      [0xD166 = 0x4D]
6.  24 PP left on the second Pokémon's second move                    [0xD1B5 = 0x18]
7.  21 PP left on the second Pokémon's third move w/ 1 PP Up used    [0xD1B6 = 0x55]
8.  36 PP left on the fourth Pokémon's first move                    [0xD20C = 0x24]
9.  24 PP left on the fourth Pokémon's second move                    [0xD20D = 0x18]
10. 20 PP left on the fourth Pokémon's third move                    [0xD20E = 0x14]
11. Double Team as the fifth Pokémon's first move                    [0xD223 = 0x68]
12. Double Kick as the fifth Pokémon's second move                    [0xD224 = 0x18]
13. Strength as the fifth Pokémon's third move                        [0xD225 = 0x46]
14. Sixth Pokémon's attack stat has to be exactly 233                [0xD26C = 0xE9][/tt]

(11/12/13: Hitmonlee is probably the only Pokémon that can learn all of those moves)

Resulting ASM:
; -- Initial value of hl: D163
WRA1:D163 06 22            ld  b,22    ;  b = 22
WRA1:D165 24              inc  h      ; hl = D263
WRA1:D166 18 4D            jr  D1B5

WRA1:D1B5 18 55            jr  D20C

WRA1:D20C 24              inc  h      ; hl = D363
WRA1:D20D 18 14            jr  D223

WRA1:D223 68              ld  l,b    ; hl = D322
WRA1:D224 18 46            jr  D26C

WRA1:D26C E9              jp  hl

[img]http://i37.tinypic.com/55m07l.png[/img]

Sadly, we can't use K)ry's original code from Pokemon Green, as in international versions the opcodes [jp imm16] and [call imm16] can't be represented in a Pokemon's nickname, foiling our evil plan.

Well, now we're done with all those preparations, let's try to actually do something with this item! Below I present some examples of what is possible.

[size=12pt]USING 8F TO OUR ADVANTAGE[/size]

[size=12pt]"CATCH 'EM ALL" SCRIPT[/size]

This is just K)ry's ASM for JP Red/Green ported on the international release. With those items, 8F will act like an item that forces a Pokemon encounter based on the quantity of item #1, allowing to catch all 151 Pokemon easily.

Video: http://www.youtube.com/watch?v=Sw0h7ImFsAs#t=782s

ITEM LIST (starting from the first slot):
[tt]* Preferably Master Balls
* 8F
TM50                x31
TM11                x4
TM34                x89
TM08                x201[/tt]

ASM:
WRA1:D322 FA 1F D3        ld  a,(D31F)
WRA1:D325 04              inc  b
WRA1:D326 EA 59 D0        ld  (D059),a
WRA1:D329 C9              ret 

[size=12pt]ALTERNATIVE CATCH 'EM ALL[/size]

This version of the Catch 'Em All script requires more items, but gives the Pokemon instead of forcing an encounter (like: BLUE got EEVEE!), and allows for getting normally unobtainable glitch Pokemon without trading. The given Pokemon depends on the quantity of the 3rd item.

Remark: Avoid obtaining Missingno with this method. It will duplicate your 6th item and screw the opcodes up.

Video: http://www.youtube.com/watch?v=Sw0h7ImFsAs#t=865s

ITEM LIST (starting from the first slot):
[tt]* Any item
* 8F
Repel                x[SpeciesIndex]
X Speed              x14
Ultra Ball          x64
TM05                x72
Lemonade            x201[/tt]

ASM:
WRA1:D322 1E 20            ld  e,[SpeciesIndex]
WRA1:D324 43              ld  b,e
WRA1:D325 0E 02            ld  c,02
WRA1:D327 40              ld  b,b
WRA1:D328 CD 48 3E        call 3E48
WRA1:D32B C9              ret

[size=12pt]FIX THE PLAYER'S NAME[/size]

One of the side effects of obtaining 8F is blanking out your name. However, with this setup, you can change your name to the nickname of your first Pokemon. Using 8F will copy one letter from your first Pokemon's nickname to your player name. Use 8F (length of the name+1) times to copy all the name characters and bring your name back to normal.
Warning: This code is self modifying, it will increase quantities of items #3 and #5 every use - remember to set those quantities back to 181 and 88 if you want to reset this. Also use carefully, as there's no memory protection implemented and you may cause save corruption if you're not careful.

Video: http://www.youtube.com/watch?v=Sw0h7ImFsAs#t=918s

ITEM LIST (starting from the first slot):
[tt]* Any item
* 8F
TM50                x181
TM10                x64
TM34                x88
TM09                x46
Calcium              x52
X Accuracy          x35
Full Heal            x201[/tt]

ASM:
WRA1:D322 FA B5 D2        ld  a,(D2B5)
WRA1:D325 40              ld  b,b
WRA1:D326 EA 58 D1        ld  (D158),a
WRA1:D329 2E 27            ld  l,27
WRA1:D32B 34              inc  (hl)
WRA1:D32C 2E 23            ld  l,23
WRA1:D32E 34              inc  (hl)
WRA1:D32F C9              ret 

[size=12pt]CHANGE THE SECOND ITEM[/size]

This easy code uses only 3 basic items, and it increases the first item's index by 1 every time 8F is used. You can obtain normally unobtainable items, glitch items or TMs so you can do other item configurations described.

Video: http://www.youtube.com/watch?v=Sw0h7ImFsAs#t=974s

ITEM LIST (starting from the first slot):
[tt]* 8F
* Item you want to morph
Burn Heal            x43
Ice Heal            x43
Full Heal            x201[/tt]

ASM:
WRA1:D322 0C              inc  c
WRA1:D323 2B              dec  hl
WRA1:D324 0D              dec  c
WRA1:D325 2B              dec  hl
WRA1:D32A 34              inc  (hl)
WRA1:D32B C9              ret

[size=12pt]WALK THROUGH WALLS[/size]

Jump off a ledge after using 8F to walk through walls.

http://www.youtube.com/watch?v=Sw0h7ImFsAs#t=1020s

ITEM LIST (starting from the first slot):
[tt]* Any item
* 8F
TM34                x20
TM15                x201[/tt]

ASM:
WRA1:D322 EA 14 D7        ld (d714),a
WRA1:D325 C9              ret

[size=12pt]ESCAPE FROM A TRAINER BATTLE[/size]

This turns 8F into an item which allows escaping from any battle, including trainer battles.

http://www.youtube.com/watch?v=Sw0h7ImFsAs#t=1048s

ITEM LIST (starting from the first slot):
[tt]* Any item
* 8F
TM34                x120
TM08                x201[/tt]

ASM:
WRA1:D322 EA 78 D0        ld (d078),a
WRA1:D325 C9              ret

[size=12pt]CLEAR A POKEMON BOX[/size]

While obtaining 8F there's a slight chance Pokemon at your box will get corrupted and will crash the game upon releasing. One can either deal with it and switch to another box, or make the box empty with this item configuration.

Switch to the corrupted box, use the 8F, done. Be careful though, you don't probably want to clear the box with your L100 legendaries.

Video: http://www.youtube.com/watch?v=Sw0h7ImFsAs#t=1104s

ITEM LIST (starting from the first slot):
[tt]* Any item
* 8F
Lemonade            x1
Soda Pop            x64
TM34                x128
TM18                x201[/tt]

ASM:
WRA1:D322 3E 01            ld a,01
WRA1:D324 3D              dec a
WRA1:D325 40              ld b,b
WRA1:D326 EA 80 DA        ld (da80),a
WRA1:D329 C9              ret

[size=12pt]ENDING REMARK: BIG ITEM QUANTITIES?[/size]

All of those item lists will have at least one item with quantity bigger than 99. Obviously, it's possible to obtain those big quantities using the Missingno. item duplication glitch (duplicating a 99 item stack will result in a 227 item stack).
However, the numbers bigger than 9 are represented with glitch blobs, so it's normally impossible to read how many items you actually have. This short image guide below will help you with reading quantities of those big item stacks.

[img]http://i38.tinypic.com/2d8jgqg.png[/img]
^{* This image uses the Pokemon Center tileset}

I really don't see anything different about the post, and it looks like he just quoted the whole original post.

Edit: He added "(example: get Kabuto, omanyte, or Aerodactyl down in Cinnabar)" to the Item Counter Underflow Section, and added more information to the CoolTrainer section. It would also be good to add the much easier Cooltrainer method using Double-Distort, but Item Underflow is probably the best method because you can easily get any item for each script.

[li]Lemonade x184 (3E B8)[/li]
[li]Carbos x218 (26 DA)[/li]
[li]X Accuracy x172 (2E AC)[/li]
[li]Max Revive x255 (36 FF)[/li]
[li]Poké Ball x44 (04 2C: inc b, inc l)[/li]
[li]Poké Ball x189 (04 BD: inc b, cp l)[/li]
[li]Fire Stone x248 (20 F8)[/li]
[li]Poké Ball x201 (04 C9: inc b, ret)[/li]

works only for the European versions of the game, but has only been tested using the German version.

• When starting a new game, skips most of Oak's opening sequence. (Uses the default names NINTEN and SONY.)
  
• When starting a new game, you start outside your house instead of in your room.
  
• Holding B prevents random encounters.
  

I'm new here, but I thought I'd register to let you know about this:

http://gbatemp.net/threads/injecting-roms-into-vc-with-only-the-web-browser-sure.379760/

With this knowledge of injecting roms into vc games, what would happen if we were to trigger arbitrary code in a rom swapped Pokemon Blue?