Arbitrary code execution
0x1500 control code arbitrary code execution (Crystal) | Cart-swap arbitrary code execution | Generation I custom map script pointer | Generation I invalid meta-map scripts | Generation I item ("8F", "ws m", "-g m", "5かい", "てへ" etc.) | Generation I move ("-", "TM42") | Generation I Trainer escape glitch text boxes | Generation II bad clone | Generation II Burned Tower Silver | Japanese Crystal Pokémon Communication Center SRAM glitches | Coin Case glitch | Generation II glitch Pokédex sortings | Pikachu off-screen glitch ACE | OAM DMA hijacking | Pikachu glitch emote | Generation III glitch Pokémon summary | Generation III glitch move animation) | Remote code execution | TM/HMs outside of the TM/HM pocket | ZZAZZ glitch Trainer FC
[hr] No further extensions
Cloning | Item duplication glitch (Generation I) | Pokémon merge glitch ("Q Glitch", Generation I) | Time Capsule exploit | Bug-Catching Contest data copy glitch (Generation II, Japan only) | Berry glitch | Battle Tower Lati@s glitch (Generation III) | (Mimic) Transform Rage glitch (Generation IV)
Transform held item glitch (Generation IV, Japan only) | Mimic glitch (Generation IV, Japan only)
[hr] Buffer overflow techniques
99 item stack glitch | LOL glitch | Rival LOL glitch | Instant LOL glitch | RAM LOL glitch | Out of bounds LOL glitch | blockoobLG | Instant encounter infinite chain glitch | LGFly | Super Glitch (Generation I) | Party remaining HP glitch | Super Glitch (Generation III) | Text pointer manipulation mart buffer overflow glitch | CoolTrainer♀-type move | Double distort CoolTrainer♀ corruption | Yami Shop glitch | Party Pokémon box data shift glitch | Unterminated name glitch item instant encounter (Japanese Red/Green)
[hr] Item stack duplication glitch (Generation I)
Generation I expanded items pack (Glitch Rocket HQ maps, Map FE (English and non-English European Yellow) | Map script pointer manipulation (arbitrary code execution | Map script pointer item ball manipulation) | Text pointer manipulation (arbitrary code execution | Item ball manipulation | Mart buffer overflow) | Trainerless instant encounter glitch
[hr] Bad clone glitch (Generation II)
????? party overloading (Type 0xD0 move glitch | ????? map corruption | Celebi trick | Celebi Egg trick | Shiny Celebi trick | Glitch move map corruption | Overloaded party map corruption | Glitch Unown (Glitch Unown map corruption) | Duplicate key items glitch (Infinite items and item creation, Expanded Balls pocket (Wrong pocket TM/HMs, Glitch Pokédex categories))
[hr] Closed menu Select glitches (Japanese Red/Green)
Dokokashira door glitch (International) | Fossil conversion glitch (international) | Second type glitch | Skip to Level 100 glitch | Trainer mutation glitch | Walk through walls (International) | Lift glitch | Badge describer glitch
[hr] Pomeg glitch (Generation III)
Pomeg data corruption glitch ("Glitzer Popping") | Charm glitch
[hr] Voiding (Generation IV)
Broken escalator glitch (Japan only) | Elite Four door glitch (Japan only)
[hr] 2x2 block encounter glitches (Generation I)
Left-facing shore tile glitch (in-game trade shore encounter trick, Old man trick, Trade link up shore encounter trick, Fight Safari Zone Pokémon trick) | Viridian Forest no encounter grass tiles glitch
[hr] Glitch City
Safari Zone exit glitch | RAM manipulation | Out of bounds Glitch City (Generation II) | Slowpoke Well out of bounds corruption (French Gold/Silver/Crystal)
[hr] Large storage box byte shift glitch
Storage box remaining HP glitch | Generation I max stat trick
[hr] Pikachu off-screen glitch
Trainer corruption glitch
[hr] SRAM glitches
Generation I save corruption | 255 Pokémon glitch | Expanded party encounter table manipulation (Generation I) | Send party Pokémon to a new game (Generation I) | Generation II save corruption | Mailbox glitches | Mystery Gift item corruption | Trainer House glitches
[hr] Trainer escape glitch
Death-warp | Ditto trick | Experience underflow glitch | Mew trick | Text box ID matching | Meta-map script activation
[hr] Walk through walls
Ledge method | Museum guy method | Rival's effect | Select glitch method (International Select glitch method), Brock Through Walls
[hr] Surf down glitch
Grass/rock Surfing glitch (Spanish/Italian only) (adaptions: Submerge glitch (international)) | 8 8 (0x7C) grass/rock surfing glitch (English Red/Blue))
(view, talk, edit)
|PRAMA Initiative a également une page sur .|
The corruption effects of the CoolTrainer♀-type "-" move and Super Glitch items may be referred to as a semi-Super Glitch effect, due to them only corrupting data from one buffer instead of two. Super Glitch items have also been referred to as TMTRAINER items.
Super Glitch and Semi-Super Glitch corruption allows the player to mass corrupt data in a way that can be controlled by updating the screen data on the screen by opening a menu such as the "Pokédex", "Pokémon" or "Item" menu when a 0x50 sub-tile appears in the right place on the screen.
There are numerous desirable effects such as corrupting the player's name, corrupting the player's party to obtain zero or more than six Pokémon (usually with the side effect of a corrupted name), playing a sound effect or tune and capturing unintended Pokémon (see - (Generation I move)).
Once a poorly understood glitch, Super Glitch was researched by the user TheZZAZZGlitch who found the cause of the glitch and how to manipulate specific data with it.
Furthermore, people from the Pokémon speedrunning community (in particular luckytyphlosion) have discovered many techniques related to Super Glitch, such as the corruption points for CoolTrainer♀, and the techniques LOL glitch (item Super Glitch), Rival LOL glitch (item Super Glitch with tile printing glitch item and screen saving glitch item), instant encounter infinite chain glitch (item Super Glitch in a specific place in Red/Blue due to the game internally using "8 8", item hex:7C), LGFly and oobLG (unterminated name glitch Pokémon Super Glitch).
MechanicsSuper Glitch effects occur when a data string is stored at a 20-byte buffer at $CD6D, and this data is moved to the buffer at $CF4B (for Super Glitch moves, items, unterminated name glitch Pokémon, fly destinations) and/or $D0E1 (for Super Glitch moves).
Stored beyond the 20-byte buffer is the beginning of sub-tile data on the screen which is updated after actions such as opening the Pokédex menu, opening the Pokémon menu and opening the items menu. If the internal name of the string exceeds 20 characters with no $50 (terminator) byte, the game will effectively send over a 20-byte truncated version of the name but also the stored screen data beginning at $CD81 until a $50 terminator is found.
This allows for specific manipulation (with CoolTrainer♀ type move, LOL glitch and its sub-glitches) involving triggering Super Glitch corruption from specific places on the map.
TMTRAINER effectThe TMTRAINER effect is the name of a specific effect caused by Super Glitch, which can be achieved by opening the items or Pokémon menu in battle before opening a Fight menu containing a Super Glitch move.
In a battle, the music fades out and the foe is said to be both frozen solid and hurt by a burn, which depletes all of the foe's HP in one turn. If the player is in a Trainer battle, then after the Pokémon faints, it is sent out again with full health.
In Red and Blue, the game may possibly freeze after a Super Glitch corruption and the battle ends, due to the corruption of address CFC4 to an odd 'bad' value rather than an even value.
Something similar to the TMTRAINER effect may also be seen out of battle with Super Glitch items and having a random unterminated "-" name appear with a PP restoring item.
Super Glitch moves"Super Glitch" is a common nickname for the many volatile glitch moves that exist with hexadecimal index numbers of A6 through to C3. These moves typically have no "real" name, and typically adopt anything from nothing to a Pokémon name, Trainer name or even a random group of letters when used.
These moves themselves have their own effects, but the main corruption is often caused when the Super Glitch move's random name appears on the screen; a 'random' series of bytes which may or may not be terminated by a hex:50 character in its first twenty characters.
Additionally, Super Glitch move A6's internal name is taken from the ROM and is never terminated; meaning that a Game Boy console/accurate emulator will always cause corruption when Super Glitch move A6's name is viewed by opening the Fight menu, selecting it on the Fight menu, bringing up the moves list with an item, or viewing its name on the summary screen.
Many glitch Pokémon can learn Super Glitch moves, such as .4 (dec:194). Often the glitch Pokémon itself is relatively harmless but can become harmless (as with any Pokémon species, glitch or not) when given a Super Glitch move.
General effectsOften, opening the party menu before viewing the Super Glitch move will trigger the infamous "TMTRAINER effect", in which a Pokémon becomes frozen solid and burned at the same time, with burn damage reducing all of its HP in one turn. After Super Glitch is used in Pokémon Red and Blue, the game may freeze unless the memory address CFC4 is set to an odd, 'bad' value rather than an even value.
Other common effects of viewing Super Glitch include corruption of the player's name, corruption of the player's Pokémon, two-choice dialogue boxes or "box-sets" (e.g. "Yes"/"No") and freezes which have a chance of destroying the save data.
Super Glitch moves can be highly volatile, hence the name and can be triggered by almost any action which displays the name including opening the Fight menu, viewing a Pokémon's summary that knows the move, and bringing up the name after using an item on it such as a PP Up.
The first Super Glitch move (Super Glitch move A6) is special in that the first 20 characters of its name always point to a constant ROM (rather than writable memory) location in which it is always unterminated. This means that with correct saved screen, the player may always secure corruption.
ManipulationWhen a menu (such as the Pokédex, Pokémon or Item menu) is opened up on the overworld, the game will update saved screen data from $CD81 and beyond (see the mechanics section). This means that data can be manipulated into addresses $CF4B (if the move is viewed) and/or $D0E1 (if the Fight menu is opened up) if one of the menus is opened up in a specific place.
This can be abused for expanded party glitches such as the international fossil conversion glitch to obtain a party of over six Pokémon (corrupting the name) and to fix the player's name afterwards.
The starting location for Super Glitch move corruption can be described with the following equation.
Starting location for corruption = hex:D0E1 + MoveLengths + NumberOfMovesBeforeSuperGlitch
Expanded partyThe following steps allow the player to obtain an expanded party with a party counter of their choice.
1) Have a Pokémon with a Super Glitch move as the first move, such as Yellow's Z4 (hex:C3) which learns the move at level 35 or Red/Blue's ゥL ゥM 4 (hex:C6). If it is going to learn Super Glitch by level up, have it learn Super Glitch via Rare Candy in a safe spot.
2) Go to a Pokémon Center just below the PC.
3) View your Pokémon menu and deposit a Pokémon. This will become your number of Pokémon depending on the species' index number later. 4) Press A on the Super Glitch Pokémon to bring up Deposit/Stats/Cancel, but don't deposit it yet. View its moves on its stats menu. There is a chance that your number of Pokémon will become 0, so do this several times to get the 0 Pokémon corruption.
5) With the Deposit/Stats box still open, deposit the Super Glitch Pokémon and hopefully you'll get 255 Pokémon.
6) Withdraw a Pokémon to change your party counter to a value depending on the index number of the Pokémon you withdraw. You can use Q/Charizard 'M (FF) if you want to keep 255 Pokémon.
7) Switch the first Pokémon with the second.
Semi-Super Glitch move ("-"; CoolTrainer♀-type) corruptionThe "-" move (CoolTrainer♀-type in Red/Blue), which has a random internal name is also affected by corruption similar to that of a Super Glitch move.
However, it functions a little differently and can only be caused randomly from a limited number of methods, including opening/closing the Fight menu or selecting it when it is the first option on the menu, and using a PP increasing/raising item on the move.
"-" will only corrupt data from $CF4B and beyond, which is why the effect is referred to as Semi-Super Glitch; as unlike other unterminated name glitch moves (Super Glitch moves) data is not corrupted at the buffer at $D0E1. This is a good thing in the sense that the player's name, party Pokémon and box-set value (e.g. "Yes"/"No") remain uncorrupted. The glitch is also ideal for mutating the enemy Pokémon ($CFD8) by manipulating the value of screen tile y=06, x=01 and having a hex:50 sub-tile on the screen.
Unfortunately, since there is no way to perform a corruptions of the player's name or party Pokémon, it is also impossible to perform a safe corruption with "-" move corruption.
Additionally, the success rate of a corruption occurring may suddenly decrease and the glitch may become seemingly impossible to perform (something that has hindered speedruns of the game when "-" corruption was generally allowed).
It is thought that increasing or decreasing the number of hex:50 bytes in memory (e.g. of Pokémon in the current storage boxes) may help in making the glitch work again.
Semi-Super Glitch items (aka TMTRAINER items)The glitch items with unterminated names such as "PC" (hex:80) in Red/Blue and "2p" (hex: 92) in Yellow are affected by a form of Super Glitch corruption which is essentially a "-" move corruption outside of battle. The corruption occurs after pressing A on the item (and not necessarily using it), and the game won't freeze if a hex:50 sub-tile is present somewhere on the screen after the coordinates pertaining to addresses the player wants to corrupt.
If the hex:50 sub-tile is significantly late, it can cause the game to activate a 'force-A' effect in which the player won't be able to close the menu without using an item such as a Poké Flute if it happens to be at the top of the item list. This is due to corruption of address D05A (battle type). Furthermore, invalid D05A values may cause a 'scrambled mess'[clarification needed]
Super Glitch items are relevant in/capable of causing the following glitches:
Yami Shop glitch (i.e. corruption of the items in a Poké Mart). LOL glitch — When a Super Glitch item is used, the game still corrupts $CFD8 (enemy species) based on the tile at position y=06, x=01. If a spot is used where a hex:50 sub-tile appears on the screen not as far enough to corrupt D057 (battle type address), then the player can escape from battle using a partial battle escape glitch item (e.g. "9F"; hex:5E for Red/Blue or -gm; hex:6A for Yellow) to partially escape from battle (leaving D057 as 1), before moving to the relevant spot to press A on the Super Glitch item and throw a ball such as a Master Ball. This allows the player to catch the Pokémon manipulated by altering $CFD8. A wild hooked Metapod can be forced to appear if the menu is forced to be closed and due to the corruption of instant encounter address D059; the Pokémon species/Trainer (D036) can be different in Japanese versions due to a non-menu tile being responsible).
Super Glitch Fly destinationsThe mechanics of Fly menu corruption are not well understood, however opening up a glitched Fly menu and displaying the name of a glitch location may cause glitches to occur when the menu is closed, such as a battle with a glitch Trainer.
Glitch Fly locations are available through arbitrary code execution, select glitches (e.g. Fossil conversion glitch) and international fossil conversion glitch.
Semi-Super Glitch Pokémon namesSuper Glitch Pokémon names are also known as unterminated name glitch Pokémon, and are useful for the glitch oobLG. They are not to be confused with glitch Pokémon with names that require scrolling to go past (due to having particular control characters in their names) and are rather eleven character strings unterminated by a hex:50.
External LinksMaking Super Glitch moves useful (Red Blue Green) Log of Super Glitch research by Tombstoner Forum thread on Super Glitch
See alsoSuper Glitch (Generation III). Text pointer manipulation mart buffer overflow glitch.
|This article or section is a stub. You can help wiki by [ expanding it].|