Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Arbitrary Code Execution Discussion

BATTLE PROF. OAK - Page 1

BATTLE PROF. OAK

Posted by: nununoisy
Date: 2019-06-22 17:19:58
[img]https://i.imgur.com/WC8KulY.png[/img]
There is an unused trainer class called Prof. Oak ($E2) in the Gen I games that can't be normally accessed. Many battle him by using the Old Man glitch with an (Mn) character in their name. However, he often loads a glitch roster this way. This ACE script is small, but allows you to battle Prof. Oak in a method similar to how it may have been intended.

The script selects a roster based on which starter you chose ($D717). This choice is based on the popular assumption that Prof. Oak kept the starter that wasn't chosen by you or your rival (so whichever starter's type is weak to yours).

The script is small. You can use a RAM writer or memory editor. I chose to use TheZZAZZGlitch's memory editor since it has the subroutine execution feature, but you can use whatever you want. Make sure to CALL the script rather than JP to it. It uses relative jumps, so you can put it almost anywhere. I chose $DAA0, right in the middle of box data, above where TheZZAZZGlitch's editor resides ($DB01).

Using it is simple. CALL it then close any menus. The battle will begin right after. (It works in a similar fashion to the Catch 'Em All scripts.)

Bytes:
21 5D D0 FA 17 D7 FE 99 28 09 FA 17 D7 FE B0 28 06 18 08 36 01 18 06 36 02 18 02 36 03 2E 59 36 E2 C9

Code:

ld hl, wTrainerNo ; d05d
ld a, (wPlayerStarter) ; d717
cp 99 ; Bulbasaur
jr z, .bulbasaur
ld a, (wPlayerStarter)
cp B0 ; Charmander
jr z, .charmander
jr .squirtle ; It has to be Squirtle otherwise.

.bulbasaur:
ld (hl), 01 ; Roster 01 with Blastoise
jr .start

.charmander:
ld (hl), 02 ; Roster 02 with Venusaur
jr .start

.squirtle:
ld (hl), 03 ; Roster 03 with Charizard

.start:
ld l, 59 ; Change hl to wCurOpponent (D059)
ld (hl), E2 ; Prof. Oak
ret


8F list to CALL $DAA0 (if you need it):

*  8F
*  Any x[Any]
*  TM05 x160
*  TM18 x201

Bytes:
CD A0 DA call DAA0
C9 ret

It can also fit in the item pack, but there are a lot of glitch items.


8F
Any                          x[Any]
Thunderstone                x93 (hex:5D)
TM08                        x250 (hex:FA)
Thunder Badge (hex:17)      x215 (hex:D7)
TM54 (hex:FE)                x153 (hex:99)
Rare Candy                  x8 (hex:08)
TM50                        x23 (hex:17)
TM15                        x254 (hex:FE)
JACK/JOHN (hex:B0)          x40 (hex:28)
Town Map                    x24 (hex:18)
????? (Surfboard) (hex:07)  x54 (hex:36)
Master Ball                  x24 (hex:18)
Town Map                    x54 (hex:36)
Ultra Ball                  x24 (hex:18)
Master Ball                  x54 (hex:36)
Great Ball                  x46 (hex:2E)
4F (hex:59)                  x54 (hex:36)
TM26                        x201 (hex:C9)

Re: BATTLE PROF. OAK

Posted by: Torchickens
Date: 2019-06-28 11:33:31
Great! Thanks :) Yes, though changing D059 to 0xE2 and D05D to 01, 02 or 03 lets you do this I don't know if anyone has made one that reads from $D717 (starter) to determine the roster before.