Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Arbitrary Code Execution Discussion

2-Pokémon Yellow ACE setup using 4F item (works in all games now) - Page 1

2-Pokémon Yellow ACE setup using 4F item (works in all games now)

Posted by: Krys3000
Date: 2017-08-23 17:43:53
Hey there,

Here's an unusual setup for Yellow games only, using 2 Pokémon only (and a third one but temporarly and not in the PC), instead of 10.

You can use the celadon loop trick to get 4F / S3 (german) / P3 (italian) / 3EME ETAGE. You have to perform 4 steps less than for wslm. Original discovery of the behavior of the 4F item is from Tagada67 on PRAMA's board: http://forum.prama-initiative.com/viewtopic.php?f=3&t=680&p=6192#p6186

4F executes from Echo RAM $FA64. In English games, this is the catch rate of the last Pokémon that visited the Day Care (or the current one). In European non-english games, it's the first current HP byte of that Pokémon.

Note that if you never placed a Pokémon in the Day Care, this item nops until stored Pokémon, so it behaves EXACTLY like wslm, meaning the traditional setup works with 4F. Otherwise, placing (and immediately withdrawing) any lvl25 Pokémon (lvl29 in non-english games) with currently 24 HP will make it jump to stored Pokémon, so it will work also.

Now here's the setup:

English game

- Place and withdraw (or not) at the Day Care a Nidorina (that apparently should not be evolved from a Female Nidoran), with Bite, Fury Swipes, Double Kick and Growl (the first two moves are placeholders and can be something else, the last two are learned)

- Store in the active PC Box:
1. Any lvl25 Pokémon with currently 24 HP, 33 PP currently for the first AND second move, 19 PP currently for the third move (3 PP Up used) and no fourth move or no PP currently on it
2. Clefairy, Male Nidoran or Spearow (among many possibilities) with 233 HP

- Execute code with your items


WRA1:DA64 78 ld a,b
WRA1:DA65 2C inc l
WRA1:DA66 9A sbc d
WRA1:DA67 18 2E jr DA97
WRA1:DA97 18 19 jr DAB2
WRA1:DAB2 21 21 D3 ld hl,D321
WRA1:DAB5 00 nop
WRA1:DAB6 04 inc b
WRA1:DAB7 00 nop
WRA1:DAB8 E9 jp hl


European non-english game

- Place and withdraw (or not) a lvl80 Pokémon with currently 24 HP in the Day Care.

- Store in the active PC Box:
1. Any Pokémon with 33 PP currently for the first move, 38 PP currently for the second move, 19 PP currently for the third move (3 PP Up used) and no fourth move or no PP currently on it
2. Clefairy, Male Nidoran or Spearow (among many possibilities) with 233 HP

- Execute code with your items


WRA1:DA64 00 nop
WRA1:DA65 18 50 jr DAB7
WRA1:DAB7 21 26 D3 ld hl,D326
WRA1:DABA 00 nop
WRA1:DABB 04 inc b
WRA1:DABC 00 nop
WRA1:DABD E9 jp hl


This setup is still perfectible though so don't hesitate if you can improve it :D

Re: 2-Pokémon Yellow ACE setup using 4F item (4-Poké setup if game is english)

Posted by: Torchickens
Date: 2017-08-24 11:20:57
Wow this is a nice find. :D

Thanks for sharing Krys3000. I think I remember seeing luckytyphlosion's pointer list and thinking one of the other F items could activate arbitrary code but I didn't know it would be that easy.

I don't quite understand the steps. Do you have to place and withdraw all the requirements you post, and where do you place them (which ones go in the Day Care and which ones go in the PC)?

(These)


- Place/withdraw at the Day Care a Female Nidoran with Bite, Fury Swipes, Double Kick and Growl (the first two moves are placeholders and can be something else)

- Store :
1. Any lvl25 Pokémon with currently 24 HP, 33 PP currently for the first AND second move, 19 PP currently for the third move (3 PP Up used) and no fourth move or no PP currently on it
2. Clefairy, Male Nidoran or Spearow (among many possibilities) with 233 HP

Enjoy!

Re: 2-Pokémon Yellow ACE setup using 4F item (works in all games now)

Posted by: Krys3000
Date: 2017-08-24 11:34:11
I've edited the first post because at first I had a 4-Pokémon setup for english games, so it's more complete now.

Sorry for the confusion. The idea is that the Pokémon in the Day Care (Nidorina in english games) can be taken back immediately, or not. As you wish.

The 2 other Pokémon must be in the active PC box. I will edit that and I intend to make it clear with asm code etc. asap  :P

EDIT : I've added asm and corrected a mistake for english setup, Nidorina should be used, not Nidoran.

Re: 2-Pokémon Yellow ACE setup using 4F item (works in all games now)

Posted by: Torchickens
Date: 2017-08-25 09:38:16

I've edited the first post because at first I had a 4-Pokémon setup for english games, so it's more complete now.

Sorry for the confusion. The idea is that the Pokémon in the Day Care (Nidorina in english games) can be taken back immediately, or not. As you wish.

The 2 other Pokémon must be in the active PC box. I will edit that and I intend to make it clear with asm code etc. asap  :P

EDIT : I've added asm and corrected a mistake for english setup, Nidorina should be used, not Nidoran.


Np. Thanks Krys3000! :D

Re: 2-Pokémon Yellow ACE setup using 4F item (works in all games now)

Posted by: Marv231
Date: 2017-08-25 12:16:15
Nice and easy Setup  :D

Thank you for it  :)
As a good Effekt of this Setup, you can have as many other Pokemon in the Box, as you want.
Makes it easier to farm Pokemon.
When you catch them and they go in your team, you can deposit them in the actual Box, so no need to switch them, deposit and switch back.


Is it only for me, that the Move Tackle for Nidorina on the first or second Slot freezes the Game (Pokemon Yellow, englisch Version) ?
When I replaced the Move with any other Attack, all works fine.

I only tested it on this game, so I don`t know, if it´s the same for Red and Blue.


Re: 2-Pokémon Yellow ACE setup using 4F item (works in all games now)

Posted by: Krys3000
Date: 2017-08-25 13:17:42
Yes, moves are very important. The two i mention works and many others will but not all :)

Re: 2-Pokémon Yellow ACE setup using 4F item (works in all games now)

Posted by: Torchickens
Date: 2017-08-30 07:10:58

Nice and easy Setup  :D

Thank you for it  :)
As a good Effekt of this Setup, you can have as many other Pokemon in the Box, as you want.
Makes it easier to farm Pokemon.
When you catch them and they go in your team, you can deposit them in the actual Box, so no need to switch them, deposit and switch back.


Is it only for me, that the Move Tackle for Nidorina on the first or second Slot freezes the Game (Pokemon Yellow, englisch Version) ?
When I replaced the Move with any other Attack, all works fine.

I only tested it on this game, so I don`t know, if it´s the same for Red and Blue.


Yeah, with Tackle the move spells out ld hl,xxyy; which I suspect would cause the game to ignore executing the following code (a relative jump to DA97). To be safe it's best to catch a low level Nidorina on Route 9 and level it up to have Krys3000's moves.

Furthermore it's indeed important to not evolve the Nidoran (unless probably if you're using the VC version which ignores invalid opcodes). The 0x78 in Krys3000's copy of the code is Nidorina's catch rate (ld a,b). If you catch a Nidoran and evolve it this byte will instead be 0xEB which is an invalid opcode that will freeze the game on non-3DS versions.

Re: 2-Pokémon Yellow ACE setup using 4F item (works in all games now)

Posted by: Krys3000
Date: 2017-08-30 07:33:47
I didn't know about that difference between GB and VC games. Thanks Torchickens, that's really interesting in terms of ACE codes to have some other 'placeholder' opcodes to deal with :D

Re: 2-Pokémon Yellow ACE setup using 4F item (works in all games now)

Posted by: Torchickens
Date: 2017-08-30 08:07:25

I didn't know about that difference between GB and VC games. Thanks Torchickens, that's really interesting in terms of ACE codes to have some other 'placeholder' opcodes to deal with :D


You're welcome :).

I didn't know either until somebody said (possibly somewhere else on the forums if I remember rightly). TheZZAZZGlitch has a thread and video about this subject here:

http://forums.glitchcity.info/index.php?topic=7559
https://www.youtube.com/watch?v=oQZMVo_Fmrs

Re: 2-Pokémon Yellow ACE setup using 4F item (works in all games now)

Posted by: spamviech
Date: 2018-04-07 09:10:50
I managed to construct a jump that only requires a special Pokémon as the last one that visited the day care:

For european non-english games:
Take any pokémon with 24 current HP at Lv 25.
It's moveset has to consist of 4 moves with the first move at 33 current PP (no PP-Up), second move at 38 current PP (no PP-Up; has to be 39 for red/blue), third move at 19 current PP (3 PP-Up), fourth move at 41 current PP (3 PP-Up).

As pokémon that satisfies this moveset (enough max PP) you can use a Bellsprout with Poisonpowder, Growth, Sleep Powder & Stun Spore as its moves.

Here's the asm code associated with these values:
HP & Lv (jump to current PP values)
-----------
jr 19

current PP values
------------------
ld hl, d327
jp (hl)


For english games:
This one is a bit more complicated and is untested, but should still work.
Note that some 8F codes like maximize previous item count relying on a specific value of the hl register won't work with this one.

First, you have to trade the pokémon from a Gen2-game holding a Water Stone as its item. It's first move has to be Bind.
Afterwards, you have to set up the current PP of its first three moves:
first move at 3 current PP (3 PP-Up), second move at 33 current PP (no PP-Up; has to be 34 for red/blue), third move at 19 current PP (3 PP-Up).


asm code:
Item/Catch Rate & first move
------------------
jr 14

current PP values
------------------
jp d327


It might be possible to create a Gen1-only Pokémon using a Nidorina with Doublekick and Scratch to jump to some EV-value and tailor them to jump forward to PP-Values.

Re: 2-Pokémon Yellow ACE setup using 4F item (works in all games now)

Posted by: Torchickens
Date: 2018-04-07 11:29:40
That's awesome!

Thanks spamviech :)

Re: 2-Pokémon Yellow ACE setup using 4F item (works in all games now)

Posted by: Krys3000
Date: 2018-04-08 04:06:41
Thanks spamviech! This is a better setup than mine, I didn't think about the possibility to have a move with 41 PP once PP Ups are used. I'll add this to the wiki page :)

Re: 2-Pokémon Yellow ACE setup using 4F item (works in all games now)

Posted by: lel
Date: 2018-04-12 19:48:50
I hate to kind of post this twice, but I guess I should probably put this here since it's more relevant here than the 8F thread. I'm like 99.9% sure DA64 isn't catch rate. Like, I've looked into this a lot. I just checked again before I started typing here because I want to make absolutely sure.

I just went into BGB's debugger and set D16F-D172 counting down from 9A (that was entirely arbitrary) and then Daycared my first Pokémon. D170 (Type 2 of Pokémon 1 in Yellow) was equal to 99. When I deposited, DA64 was equal to 99.

Soooooo, DA64 is the second type in US English. If you count in the disassembly (Daycare begins at DA5F, then count from there to DA64) it confirms this.

The reason it looks like DA64 is catch rate is because poison type (like Nidorina) just does "inc bc". So that does nothing, then moves to the catch rate at DA65. So if you use, for instance, the fighting type, it'll just eat the next two bytes (catch rate and first move).

So then I thought for a second and put a Hitmonlee there because it's easy to get a Hitmonlee that's got the necessary moves to do a jump (there are almost definitely better ones for this; it was just the first thing I thought up).

So consider this:

Put in daycare a Hitmonlee with these moves (you can take it out afterward if you want):
* Any move.
* Any move that won't crash the game when used on its own (I use Meditate for this).
* Double Kick.
* Mega Kick.

Then you just need to box:
* Any pokemon with current pp as follows:
  1) Any PP
  2) 33
  3) 33 (you can do this method in Red/Blue too, but if you do you just need to change this to 34)
  4) 19 with 3 PP Up used
* Clefairy (or anything else that won't crash the game or alter h or l registers) at 233 hp
* Anything
* Tentacool
* Parasect

WRA1:DA64: 01 2D 1B ld bc,$1B2D
WRA1:DA67: 60 ld h,b
WRA1:DA68: 24 inc h
WRA1:DA69: 18 19 jr DA83
WRA1:DA83: 18 2E jr DAB3
WRA1:DAB3: 21 21 D3 ld hl,D321
WRA1:DAB6: 04 inc b
WRA1:DAB7: 00 nop
WRA1:DAB8: E9 jp [hl]

This was the best I could think of where you didn't have to do some stat/EV manipulation or anything and where everything (except 4F itself, of course) is available without doing any glitches.