Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Arbitrary Code Execution Discussion

Learning to create a homebrew software through ACE - Page 1

Learning to create a homebrew software through ACE

Posted by: iamnguyen
Date: 2016-07-20 18:57:56
Hello,

As some of you already knew, I'm new to all this cool stuff. Your help is much appreciated. In the past few days, I learned pretty much everything about manipulating bytes in the RAM map through ACE. But it appears that you can do much more with ACEhttps://www.youtube.com/watch?v=D3EvpRHL_vk. I really want to know if I can make new Pokemons or just add more in-game event Pokemons. I can't bother you guys to guide me through all the steps, but I would very much appreciate it if you can direct me to the resources where I can get more out of ACE. Of course, a true enthusiast should learn computer programming from alpha to omega, but if you can help me quickly get to where I want, that'd be splendid. Thank you very much in advance.

Re: Learning to create a homebrew software through ACE

Posted by: Aldrasio
Date: 2016-07-20 22:14:51
If you want to learn about Gameboy programming, a good place to start is the Pan Docs, which is a complete technical specification of the Gameboy. This page is also useful, since it shows you which instructions correspond to which hex values. Additionally, there is an impressively complete disassembly of Pokemon Red version (US), if you want to take a look at the reverse-engineered assembly code. On Datacrystal, there is a ROM map and a RAM map, both of which are useful for different things. And of course, the original 8F thread is here, with tons of item loadouts you can use. And if you want to code for the Gameboy directly, you can use Rednex GameBoy Development System.

In the video you posted, ZZAZZ used a glitch item that, with his team of Pokemon, put the program counter in his items menu. From there, he used his items menu to write a small snippet of code that would take his X-Y coordinates on the map and write them to another area of memory as one byte. This way, he could write a much longer piece of code than something that would fit in the items menu.

And to answer your question, you can use ACE to write data to a save file and edit maps (ZZAZZ did so in this video), and you can also edit sprite properties and place interactable Pokemon where they shouldn't be (both of which were showcased here, to amusing effect).

But yeah, Arbitrary Code Execution is just that, arbitrary. You can write a program as large as the Gameboy's working RAM if you put enough time into it.

Re: Learning to create a homebrew software through ACE

Posted by: iamnguyen
Date: 2016-07-20 22:30:39
Thank you very much! Would you please direct me to the post that shows how one can manipulate ROM data? I only know how to manipulate RAM data.

Re: Learning to create a homebrew software through ACE

Posted by: Torchickens
Date: 2016-07-21 06:16:55

Thank you very much! Would you please direct me to the post that shows how one can manipulate ROM data? I only know how to manipulate RAM data.


The ROM data cannot be changed, unless you manually edit it with an external tool such as a hex editor (such as the free hex editor HxD) sadly. However, when you force the game to execute code from writable memory (and possibly loop the code) you can effectively create your own 'software'.

Using the Pokémon Red disassembly/Datacrystal ROM map and the hex editor, you can locate and identify the structure of data and modify it. This is a well-known structure.

Sometimes ROM data is represented as a three byte pointer (e.g. 04:6345) rather than an offset (e.g. 0x12345). Converting from pointer to offset and vice versa is detailed in this article; or you may use a calculator such as GB-PC.

Game Genie codes also serve as temporary patches for the ROM, and can be generated with this tool.

I've never created my own game with arbitrary code execution before so I don't know if this is best sadly, but one approach to making one might be to code your game in another language such as C, compile it and then work on the ROM you created to execute it with 8F.

The Pokémon games have some important routines like CopyData (for copying a given number of bytes from one area in writable memory to another). You can learn how these works by looking them up on the Pokémon Red disassembly and using the 'call' (CD yy xx) instruction to activate them.

Hope this helps.

Re: Learning to create a homebrew software through ACE

Posted by: Aldrasio
Date: 2016-07-21 15:52:34
Oh yeah, another resource I forgot to include: The Big List, which shows you what each hex character corresponds to (Moves, items, decimal values, Pokemon, letters) so you can know what hex codes to use. Super helpful for ACE.

Re: Learning to create a homebrew software through ACE

Posted by: Yeniaul
Date: 2016-07-21 18:24:37

Oh yeah, another resource I forgot to include: The Big List

You forgot because it's been here for so damn long.

Torchickens, you forgot memcpy ($B4 onward, R/B/Y), which copies data between pointers. (TheZZAZZGlitch has a video on fucking this up, it's quite amusing. :P)

Re: Learning to create a homebrew software through ACE

Posted by: iamnguyen
Date: 2016-07-21 18:43:42
Would you please post that link for me to watch? By the way, thanks a lot, everyone.

Re: Learning to create a homebrew software through ACE

Posted by: Yeniaul
Date: 2016-07-21 19:11:49

Would you please post that link for me to watch? By the way, thanks a lot, everyone.

If I can find it on my DSi (what I use to browse the web when my PC shits itself, so for now) I'd be fucking amazed…

…although, I might be able to do it, considering I got an AJAX IRC client to work… If not, just search "memcpy TheZZAZZGlitch" on the WyeTubs (YouTube).

Re: Learning to create a homebrew software through ACE

Posted by: Yeniaul
Date: 2016-07-21 19:25:47
HOLY SHIT I DID IT.

[youtube]youtube.com/watch?v=YP91vWSCCho[/youtube]

Re: Learning to create a homebrew software through ACE

Posted by: TheUnReturned
Date: 2016-07-22 00:39:54

HOLY s**t I DID IT.

[youtube]youtube.com/watch?v=YP91vWSCCho[/youtube]
that's REALLY fucked up xD

Re: Learning to create a homebrew software through ACE

Posted by: Torchickens
Date: 2016-07-22 06:08:18


Oh yeah, another resource I forgot to include: The Big List

You forgot because it's been here for so damn long.

Torchickens, you forgot memcpy ($B4 onward, R/B/Y), which copies data between pointers. (TheZZAZZGlitch has a video on fucking this up, it's quite amusing. :P)


Actually memcpy is CopyData according to the blue.sym file TheZZAZZGlitch published and the location of the routine in his video description. We can use that to look up the locations of more routines.

I agree, I enjoyed watching that video too. :)