Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Arbitrary Code Execution Discussion

Ho-oh on a Real Pokemon Red Cartridge (SRAM Hack) - Page 1

Ho-oh on a Real Pokemon Red Cartridge (SRAM Hack)

Posted by: Pokeglitch86
Date: 2017-03-18 03:11:49
Hey guys!

https://youtu.be/9jywUgo49LQ

Re: Ho-oh on a Real Pokemon Red Cartridge (SRAM Hack)

Posted by: Torchickens
Date: 2017-03-18 04:42:22
Wow! This is really nice.  :) Great job Pokéglitch86!

Where do you store your script to make it Ho-Oh even after you reset the game? I used meta-map scripts back when I did Pallet Town into Twinleaf Town.

Re: Ho-oh on a Real Pokemon Red Cartridge (SRAM Hack)

Posted by: Pokeglitch86
Date: 2017-03-18 12:23:20
I believe it is a meta-map script. It is a modified version of Mr. Cheeze's mew truck save virus with much of his code still remaining, though currently unusable. The map script modifies the OAM DMA routine and the OAM DMA routine then modifies the map script keeping everything running even after changing maps or saving and resetting. Running custom scripts during the OAM DMA is what is doing the bulk of the work rather than using map scripts.

Re: Ho-oh on a Real Pokemon Red Cartridge (SRAM Hack)

Posted by: ISSOtm
Date: 2017-03-18 12:34:39
What code do you run during the OAM DMA ?

Re: Ho-oh on a Real Pokemon Red Cartridge (SRAM Hack)

Posted by: Pokeglitch86
Date: 2017-03-18 13:05:00
The first two bytes of the OAM DMA routine are replaced with a jump command which eventually leads to the custom code. The two bytes that are over written are suppose to load C3 into register A, so we do this in our custom code before returning back to the OAM DMA routine. The custom code just ensures graphical changes are made under the right circumstances, such as copying Ho-oh's sprite (that we have stored in empty save ram) to VRAM where it will be displayed.

Re: Ho-oh on a Real Pokemon Red Cartridge (SRAM Hack)

Posted by: ISSOtm
Date: 2017-03-18 15:16:23
The method I prefer to use is to replace

ld a, $C3
ldh [$FF46], a

3E C3
E0 46

with

call wCustomCode
ldh [$FF00+c], a

CD wCustomCode
E2


and append this to wCustomCode :

ld c, $46
ld a, $C3
ret


What's the assembly for yours ? I don't fully understand how you do it.

Re: Ho-oh on a Real Pokemon Red Cartridge (SRAM Hack)

Posted by: jfb1337
Date: 2017-03-19 12:31:23
MrCheeze's virus patches the first two bytes with jp 78, and at the location it jumps to it then calls the custom code and jumps back to the rest of the OAM script. The custom code sets the a register correctly.

Anyway, this is really cool! I want to add Marill and call it Pikablu to troll my friends

Re: Ho-oh on a Real Pokemon Red Cartridge (SRAM Hack)

Posted by: Pokeglitch86
Date: 2017-03-19 14:10:49
Yes, I'm just using the code Mr. Cheeze wrote, but I have it calling another script before returning back to OAM.

I actually was originally disguising a Seadra as a Marill (named Pikablu of course)! But then I decided to switch to adding Ho-oh instead. I think for version 2 I may make it a Pikablu rather than a Ho-oh, as well as getting Mr. Cheeze's virus working with my code so you could trade that Pikablu to a completely unmodified cartridge.

Re: Ho-oh on a Real Pokemon Red Cartridge (SRAM Hack)

Posted by: Torchickens
Date: 2017-03-19 15:40:36
This was originally a secret but I may as well share it now. Me and ISSOtm are working on something cool that started (coincidentally) shortly before your thread, and part of it (not all of it) involves obtaining Pikablu (a Pokémon modified to have Marill's sprite).

Would you like to team up on Discord? Thinking if we share our code it may help the project finish a lot faster and you can have the BGB save state of what's been done so far.

Re: Ho-oh on a Real Pokemon Red Cartridge (SRAM Hack)

Posted by: Pokeglitch86
Date: 2017-03-19 16:58:27
Oh absolutely! My documentation is incredibly poor, so be warned. What exactly do you have in mind?

Re: Ho-oh on a Real Pokemon Red Cartridge (SRAM Hack)

Posted by: Torchickens
Date: 2017-03-19 17:10:21

Oh absolutely! My documentation is incredibly poor, so be warned. What exactly do you have in mind?


Cool, thanks! :) I will send you a PM about it.

Re: Ho-oh on a Real Pokemon Red Cartridge (SRAM Hack)

Posted by: camper
Date: 2017-03-20 03:36:02
That's for April Fools right?

Re: Ho-oh on a Real Pokemon Red Cartridge (SRAM Hack)

Posted by: ISSOtm
Date: 2017-03-20 07:10:21
If we manage to make it in time, I guess ? :P

Re: Ho-oh on a Real Pokemon Red Cartridge (SRAM Hack)

Posted by: Pokeglitch86
Date: 2017-04-03 23:35:38
New update with Pikablu and Pokedex entry. https://youtu.be/QvTEVYbKMTw

Unfortunately, I got the code together too late for April 1st.

Re: Ho-oh on a Real Pokemon Red Cartridge (SRAM Hack)

Posted by: TheBabyMaker
Date: 2018-02-21 12:13:48

Hey guys!

https://youtu.be/9jywUgo49LQ


Can you please share the save file with us ?  :'( :'( :'(