Arbitrary code execution in the Pokémon series
0x1500 control code arbitrary code execution (Crystal) | Cart-swap arbitrary code execution | Generation I custom map script pointer | Generation I invalid meta-map scripts | Generation I item ("8F", "ws m", "-g m", "5かい", "てへ" etc.) | Generation I move ("-", "TM42") | Generation I Trainer escape glitch text boxes | Generation II bad clone | Generation II Burned Tower Silver | Japanese Crystal Pokémon Communication Center SRAM glitches | Coin Case glitch | Generation II glitch Pokédex sortings | Pikachu off-screen glitch ACE | OAM DMA hijacking | Pikachu glitch emote | Generation III glitch Pokémon summary | Generation III glitch move animation) | Remote code execution | TM/HMs outside of the TM/HM pocket | ZZAZZ glitch Trainer FC
List of arbitrary code execution programs
(view, talk, edit)
0x1500 control code arbitrary code execution (Crystal) | Cart-swap arbitrary code execution | Generation I custom map script pointer | Generation I invalid meta-map scripts | Generation I item ("8F", "ws m", "-g m", "5かい", "てへ" etc.) | Generation I move ("-", "TM42") | Generation I Trainer escape glitch text boxes | Generation II bad clone | Generation II Burned Tower Silver | Japanese Crystal Pokémon Communication Center SRAM glitches | Coin Case glitch | Generation II glitch Pokédex sortings | Pikachu off-screen glitch ACE | OAM DMA hijacking | Pikachu glitch emote | Generation III glitch Pokémon summary | Generation III glitch move animation) | Remote code execution | TM/HMs outside of the TM/HM pocket | ZZAZZ glitch Trainer FC
List of arbitrary code execution programs
(view, talk, edit)
Facing direction arbitrary code execution is a form of arbitrary code execution in Generation I.This arbitrary code execution involves loading an invalid facing direction into memory address C109, and then using Lg- (hex:6E) while facing an exit. If done correctly, certain invalid facing directions will cause unintended behavior, including facing direction 0x0F which will cause arbitrary code execution at region DA41 in WRAM (wPlayTimeMaxed, followed by wPlayTimeMinutes, wPlayTimeSeconds and close to Safari Zone and Day Care data).
Getting facing direction 0x0F in English Yellow
Facing direction 0x0F can be obtained with another form of arbitrary code execution (such as ws m (hex:63)), however there is a means of obtaining it without it.If the player encounters Yellow MissingNo. (non-ghost/fossil form) in Viridian Forest, previously erased the save file with Up+Select+B and has never encountered a glitch Pokémon before, the Yellow MissingNo. will not freeze the game.
If the Pokémon menu and PC was opened in front of the PC in Viridian City's Pokémon Center before encountering the Yellow MissingNo., C109 may be set to 0F, which has the ability to execute arbitrary code at DA41.
If the player doesn't have a problematic play time, has never visited the Safari Zone and doesn't have any Day Care data, the code will fall through to DA7F, where a bootstrap Pokémon set up can be used to run code at item 3.