Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Arbitrary Code Execution Discussion

w sm codes for Yellow? - Page 1

w sm codes for Yellow?

Posted by: MewFlare
Date: 2017-02-26 08:38:57
I've been looking through some of the forum posts on arbitrary code execution and I can only find the box setups for w sm and no item scripts that it runs. I know that the codes have to be different in Yellow, but I can only find 8F setups.

More specifically, I'm looking for an item setup that would give me any Pokemon I want (not battle it, just give it to me like Eevee or Lapras).

The 8F code for it on Red/Blue is

- Any item
- 8F
- Repel x index number of wanted Pokemon
- X Speed x14
- Ultra Ball x 64
- TM05 (Mega Kick) x72
- Lemonade x201

How would I have to modify this item code to work on Yellow with w sm?

Also, one last thing. What item script would I need to play Yellow's unused song?

Thanks in advance!

Re: w sm codes for Yellow?

Posted by: Torchickens
Date: 2017-02-26 13:26:22
Many codes for Yellow you have to deconstruct/analyze the code and modify the fourth digit of the address(es) involved -1, so for instance D059 (instant encounter) becomes D058; and it would involve changing an item or quantity. This excludes a few (usually lower?) addresses like CD38; so the same walk through walls code could be used between Red/Blue and Yellow, although I don't know the specifics sadly.

But with the gift Pokémon code it's different as it calls a routine and the locations of routines may differ between Red/Blue and Yellow. The best way to deal with it is often to use a hex editor and search for similar bytes from the routine.

Back into raw code using the Big List:


- Repel x index number of wanted Pokemon
- X Speed x14
- Ultra Ball x 64
- TM05 (Mega Kick) x72
- Lemonade x201

Becomes
1e xx 43 0e 02 40 cd 48 3e c9

When you see a cd it means "call", and the code in bold is call 3e48.

Taking a look in BGB debugger, we can find the following code here:

[img]https://i.imgur.com/iCkKUhH.png[/img]

Now, CF91 is one of the addresses that is reduced by 1 in Yellow; so if we search for 78 ea 90 cf [ld a,b ld (cf90),a ld a,c] in a hex editor (I like to use HxD which is freeware) we can luckily find the beginning gift Pokémon routine in Yellow at 3E59.

[img]https://i.imgur.com/Yuo9pXL.png[/img]

So we need to change cd 48 3e to cd 59 3e (59 3e because the call routine expects big endian, which may mean highest value comes first; sadly not sure but remember it's the often the opposite byte order you would find in a memory viewer)

Hence the only change you need to make is the x72 (hex:48) in TM05 to x89 (hex:59), and the Lemonade (hex:3E) remains unchanged and you're good to go :).

Hope that helps!

Re: w sm codes for Yellow?

Posted by: MewFlare
Date: 2017-02-26 14:41:33
Yay! Thanks Torchickens :)

Unfortunately I only have a very basic understanding of programming and code. I've tried to learn more but I've never been very good with numbers :/

I also brought up the unused song because I watched the video you uploaded recently on your Youtube channel showing how to play that song by switching items around in an expanded item pocket and either riding the bike or trying to print from the Pokedex. I tried it but couldn't find the right items in my expanded inventory, so I figured ACE would be a way to guarantee that I get the effect I want (I'm a bit of a control freak like that :P). But now I recall that in your video you were in Route 1 when you did the glitch and when I did it I was in a Pokemon Center. Are the things you find in your expanded inventory location based? Maybe that's what I did wrong…

Re: w sm codes for Yellow?

Posted by: ISSOtm
Date: 2017-02-26 14:42:57
They are.

Re: w sm codes for Yellow?

Posted by: Torchickens
Date: 2017-02-26 15:28:11

Yay! Thanks Torchickens :)

Unfortunately I only have a very basic understanding of programming and code. I've tried to learn more but I've never been very good with numbers :/

I also brought up the unused song because I watched the video you uploaded recently on your Youtube channel showing how to play that song by switching items around in an expanded item pocket and either riding the bike or trying to print from the Pokedex. I tried it but couldn't find the right items in my expanded inventory, so I figured ACE would be a way to guarantee that I get the effect I want (I'm a bit of a control freak like that :P). But now I recall that in your video you were in Route 1 when you did the glitch and when I did it I was in a Pokemon Center. Are the things you find in your expanded inventory location based? Maybe that's what I did wrong…


Pleasure :)

I see. ASM and ROM hacking can look intimidating and I relate re: once not understanding pointers and similar, and mathematics was never my forte either. If you would like to know about some of the basics re: hacking let me know and I'll try the best I can to help. :)

Yeah, like ISSOtm posted some of the items that appear in the expanded items pack are location based.

In order to get the right items for item 31 and 32, you may walk around in Celadon City to find an item x0 (actually x256) based on your x-position and use the Celadon looping map trick if necessary to access out of bounds coordinates; which won't send you to another map unless you step on a map boundary (coordinate 0x32 or 0xFF), or clear your items pack and redo the dry underflow glitch with the items you need to place into item 31 and item 32.