Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Arbitrary Code Execution Discussion

R/B: Battle Test Debug Function - Page 1

R/B: Battle Test Debug Function

Posted by: Stackout
Date: 2014-07-29 03:56:02
I noticed this debug function in the pokered disasm just now, that has been stubbed out (ret placed at the beginning). It's been documented, but there's no reference to it in any other site yet.

TestBattle:
ret

.loop
call GBPalNormal

; Don't mess around
; with obedience.
ld a, %10000000 ; EARTHBADGE
ld [W_OBTAINEDBADGES], a

ld hl, W_FLAGS_D733
set 0, [hl]

; Reset the party.
ld hl, wPartyCount
xor a
ld [hli], a
dec a
ld [hl], a

; Give the player a
; level 20 Rhydon.
ld a, RHYDON
ld [wcf91], a
ld a, 20
ld [W_CURENEMYLVL], a
xor a
ld [wcc49], a
ld [W_CURMAP], a
call AddPartyMon

; Fight against a
; level 20 Rhydon.
ld a, RHYDON
ld [W_CUROPPONENT], a

predef InitOpponent

; When the battle ends,
; do it all again.
ld a, 1
ld [wcfcb], a
ld [H_AUTOBGTRANSFERENABLED], a
jr .loop

I think the comments are enough to explain this one.

The actual function start (after the ret) is at 1:4da6. So here's 8F code for it!

ld c,$01
ld h,$4d
ld l,$a6
ld b,c
ld b,b
call $35d6
ret

[tt]0e 01 26 4d 2e a6 41 40 cd d6 35 c9[/tt]

[tt]Awakening  x  1
Carbos    x77
X Accuracy x166
X Attack  x 64
TM05      x214
Revive    x201[/tt]

Re: R/B: Battle Test Debug Function

Posted by: Torchickens
Date: 2014-08-01 09:31:05
Wow, this is awesome. I'll video it, hopefully that way more people will know about it.

It makes me think, Shigeki Morimoto made it sound like there were no debugging features left in the game.


We put Mew in right at the very end. The cartridge was really full and there wasn't room for much more on there. Then the debug features which weren't going to be included in the final version of the game were removed, creating a miniscule 300 bytes of free space. So we thought that we could slot Mew in there. What we did would be unthinkable nowadays!


But you could say that what he really meant was that some debugging features were removed, but not all of them.

If someone thoroughly looks into Red/Green for unused stuff one day, then perhaps we'll find debugging features there that weren't carried over to Red/Blue.

I also wonder whether the localizations were debugged with features that were left in game, or the developers just left/altered them for sentimental reasons.

Edit: Video.

Edit 2: The code is in Red/Green at 01:4B8D. It's (mainly) the same.

I made conversions to make the code work with 5 (hex:5A) in Red/Green. Thanks to this, I knew what the bankswitch pointers were. One code is for v1.0, and another is for v1.1. Use K)ry's item 2 payload (http://forums.glitchcity.info/index.php?topic=6573.0)

For Red/Green v1.0:

0e 01 26 4b 2e 8d 41 40 cd 20 36 c9

Awakening x1
Carbos x75
X Accuracy x141
X Attack x64
TM05 x32
Max Revive x201

For Red/Green v 1.1:

0e 01 26 4b 2e 8d 41 40 cd 0e 36 c9

Awakening x1
Carbos x75
X Accuracy x141
X Attack x64
TM05 x14
Max Revive x201

Re: R/B: Battle Test Debug Function

Posted by: Stackout
Date: 2014-08-04 15:46:53
That debugging team is different between R/G, JPBlue, English and European R/B, and all languages of Yellow. Given that the Yellow team includes a level 5 Pikachu, I can only assume that debug team function at least was used throughout Gen 1 development.

Re: R/B: Battle Test Debug Function

Posted by: Torchickens
Date: 2014-08-04 16:28:37

That debugging team is different between R/G, JPBlue, English and European R/B, and all languages of Yellow. Given that the Yellow team includes a level 5 Pikachu, I can only assume that debug team function at least was used throughout Gen 1 development.


Are you referring to the gift Pokémon function.

I'm not sure. It could always be an easter egg, but is probably less likely to be one in Red/Green. We don't know for sure what Game Freak used, even though the Red/Green team may reflect what Pokémon were used in development, because Tsunekazu Ishihara said he used Exeggutor for debugging the program. (link)

Re: R/B: Battle Test Debug Function

Posted by: Stackout
Date: 2014-08-04 17:24:18

Are you referring to the gift Pokémon function.

Yes, I am.

I'm not sure. It could always be an easter egg, but is probably less likely to be one in Red/Green. We don't know for sure what Game Freak used, even though the Red/Green team may reflect what Pokémon were used in development, because Tsunekazu Ishihara said he used Exeggutor for debugging the program. (link)


Indeed. I'm just speculating, due to the fact the team changed between the different games of Gen 1.