Main Menu
Main Page
Forums
Recent changes
Random page
Help

Databases
GlitchDex
AttackDex
ItemDex
TrainerDex
TypeDex
UnownDex
More

Major Glitches
Trainer escape glitch
Old man trick
Celebi Egg trick
Select glitches (Japan)
SRAM glitch
CoolTrainer♀ corruption
LOL glitch
Rival LOL glitch
Super Glitch
ZZAZZ glitch
Pomeg corruption glitch (Glitzer Popping)
Tweaking
Elite Four door glitch (Japan)
Pokémon merge glitch
Pokémon cloning
Time Capsule exploit
Arbitrary code execution
Coin Case glitches
More

Other Glitch Categories
Glitches by generation
Glitches between two generations
Japan-only/language specific glitches
Music glitches
Natural glitches
Non-core series glitches
Non-Pokémon glitches
Officially acknowledged glitches
Recurring glitches
Dead glitches

References
Pokémon GameShark codes
The Big HEX List
Glitch Pokémon cries
GB programming
Curiosities
Debugging features
Easter eggs
Error traps
Glitch areas
Glitch myths
Non-glitch exploits
Placeholder texts
Pokémon glitch terminology
Unused content and prerelease information

Useful Tools
8F Helper
GBz80 to Items
Old man trick name generator
PATH (Prama's Advanced Tweaking Heaven)
Save file editors
Special stat/Pokémon converter
Trainer escape Trainer Pokémon finder

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Technical
Site Source Code

Search Wiki

 

Search Forums

 

Author Topic: Re: Arbitrary code execution in Gold/Silver UE using the Coin Case  (Read 486 times)

0 Members and 1 Guest are viewing this topic.

pigdevil2010

  • Member+
  • Offline Offline
  • Gender: Male
  • Welcome to the 40 ERROR.
    • View Profile
I'm going to find the another stable way to make the code jump to the third item in pocket like 8F and w sm. Since the third party Pokémon's IV and friendship can still have a chance to alter the code and these values are hard to control. Can anybody explain how sp work so that it make pc go to another place?

SatoMew

  • Member+
  • *
  • Offline Offline
  • Gender: Female
    • View Profile
[DELETED]
« Reply #1 on: September 01, 2015, 02:46:00 pm »
[DELETED]
« Last Edit: February 29, 2016, 05:59:25 pm by SatoMew »

forsyz

  • GCLF Member
  • *
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #2 on: September 28, 2017, 06:17:34 pm »
other people in the description said it crashes before gs vc came out so there maybe something wrong with the code

forsyz

  • GCLF Member
  • *
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #3 on: September 29, 2017, 07:51:14 am »
Also OAM DMA doesn't rely on any obscure detail, only on a simple feature used by almost all games. It couldn't be emulated incorrectly, no matter how crappy the emulator.
And god knows the VC is a crappy one.
any way to make toggle able ace i tried to make a one that lets you catch trainers pokemon but it just causes the game to glitch because the game thinks its a wild battle before you are in battle

Krys3000

  • The frenchie
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - Main french Pokémon glitch website
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #4 on: November 08, 2017, 04:17:10 pm »
Hello folks,

I've been working on day to attempt translating this code from Couldntthinkofaname that allows to get any Pokémon in the wild:
http://forums.glitchcity.info/index.php?topic=6716.msg207555#msg207555 so it becomes compatible with french games (no characters from $D0 to $D6, but $D8 to $DE are available).

From what I understood of the code, I thought this could have done the job:

Code: [Select]
WRAM1:D8C0 AF XOR A => A=00 : C=0
WRAM1:D8C1 F6 81 OR $81 => A=81
WRAM1:D8C3 DE AF SBC $AF => A=D2
WRAM1:D9C5 7F LD A,A
WRAM1:D9C6 7F LD A,A
WRAM1:D9C7 50 LD D,B

WRAM1:D8C8 AF XOR A => A=00 : C=0
WRAM1:D8C9 F6 81 OR $81 => A=81
WRAM1:D8CB DE 94 SBC $94 => A=ED
WRAM1:D8CD EA EF F8 LD $F8EF,A => $(F8EF)=ED
WRAM1:D8D0 50 LD D,B

WRAM1:D8D1 EA 89 FF LD $FF89,A => $(FF89)=D2
WRAM1:D8D4 AF XOR A => A=00 : C=0
WRAM1:D8D5 F6 F5 OR $F5 => A=F5
WRAM1:D8D7 7F LD A,A
WRAM1:D8D8 7F LD A,A
WRAM1:D8D9 50 LD D,B

WRAM1:D8DA EA 8A FF LD $FF8A,A => $(FF8A)=F5
WRAM1:D8DD AF XOR A => A=00 : C=0
WRAM1:D8DE 7F LD A,A
WRAM1:D8DF F6 F8 OR $F8 => A=F8
WRAM1:D8E1 7F LD A,A
WRAM1:D8E2 50 LD D,B

WRAM1:D8E3 EA 8B FF LD $FF8B,A => $(FF8B)=F8
WRAM1:D8E6 AF XOR A => A=00 : C=0
WRAM1:D8E7 F6 XX OR $XX => A=XX
WRAM1:D8E9 7F LD A,A
WRAM1:D8EA 7F LD A,A
WRAM1:D8EB 50 LD D,B

WRAM1:D8EC 7F LD A,A
WRAM1:D8ED 7F LD A,A
WRAM1:D8EE EA (whatever) D0 LD $D0ED,A => $(D0ED)=XX
WRAM1:D8F1 AF XOR A => A=00 : C=0
WRAM1:D8F2 F6 D8 OR $D8 => A=D8
WRAM1:D8F4 50 LD D,B

WRAM1:D8F5 DE 7F SBC $7F => A=59
WRAM1:D8F7 DE 89 SBC $89 => A=D0
WRAM1:D8F9 EA FE F8 LD $F8FE,A => $(F8FE)=D0
WRAM1:D8FC AF XOR A => A=00 : C=0
WRAM1:D8FD 50 LD D,B

WRAM1:D8FE (whatever) RET NC

Surprisingly to me (hopefully not to you) even before I try to use the Wrong Pocket TM, at the very moment I finish writing the last box name ($D8F5 to $D8FD) the game freezes, so I can't use my code. Do you know why? Thanks to anyone who can help!
« Last Edit: November 08, 2017, 04:17:34 pm by Krys3000 »

Admin of the PRAMA Initiative, the main french Pokémon glitch website
http://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov

Krys3000

  • The frenchie
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - Main french Pokémon glitch website
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #5 on: November 08, 2017, 04:21:47 pm »
Hello folks,

I've been working on day to attempt translating this code from Couldntthinkofaname that allows to get any Pokémon in the wild:
http://forums.glitchcity.info/index.php?topic=6716.msg207555#msg207555 so it becomes compatible with french games (no characters from $D0 to $D6, but $D8 to $DE are available).

From what I understood of the code, I thought this could have done the job:

Code: [Select]
WRAM1:D8C0 AF XOR A => A=00 : C=0
WRAM1:D8C1 F6 81 OR $81 => A=81
WRAM1:D8C3 DE AF SBC $AF => A=D2
WRAM1:D9C5 7F LD A,A
WRAM1:D9C6 7F LD A,A
WRAM1:D9C7 50 LD D,B

WRAM1:D8C8 AF XOR A => A=00 : C=0
WRAM1:D8C9 F6 81 OR $81 => A=81
WRAM1:D8CB DE 94 SBC $94 => A=ED
WRAM1:D8CD EA EF F8 LD $F8EF,A => $(F8EF)=ED
WRAM1:D8D0 50 LD D,B

WRAM1:D8D1 EA 89 FF LD $FF89,A => $(FF89)=D2
WRAM1:D8D4 AF XOR A => A=00 : C=0
WRAM1:D8D5 F6 F5 OR $F5 => A=F5
WRAM1:D8D7 7F LD A,A
WRAM1:D8D8 7F LD A,A
WRAM1:D8D9 50 LD D,B

WRAM1:D8DA EA 8A FF LD $FF8A,A => $(FF8A)=F5
WRAM1:D8DD AF XOR A => A=00 : C=0
WRAM1:D8DE 7F LD A,A
WRAM1:D8DF F6 F8 OR $F8 => A=F8
WRAM1:D8E1 7F LD A,A
WRAM1:D8E2 50 LD D,B

WRAM1:D8E3 EA 8B FF LD $FF8B,A => $(FF8B)=F8
WRAM1:D8E6 AF XOR A => A=00 : C=0
WRAM1:D8E7 F6 XX OR $XX => A=XX
WRAM1:D8E9 7F LD A,A
WRAM1:D8EA 7F LD A,A
WRAM1:D8EB 50 LD D,B

WRAM1:D8EC 7F LD A,A
WRAM1:D8ED 7F LD A,A
WRAM1:D8EE EA (whatever) D0 LD $D0ED,A => $(D0ED)=XX
WRAM1:D8F1 AF XOR A => A=00 : C=0
WRAM1:D8F2 F6 D8 OR $D8 => A=D8
WRAM1:D8F4 50 LD D,B

WRAM1:D8F5 DE 7F SBC $7F => A=59
WRAM1:D8F7 DE 89 SBC $89 => A=D0
WRAM1:D8F9 EA FE F8 LD $F8FE,A => $(F8FE)=D0
WRAM1:D8FC AF XOR A => A=00 : C=0
WRAM1:D8FD 50 LD D,B

WRAM1:D8FE (whatever) RET NC

Surprisingly to me (hopefully not to you) even before I try to use the Wrong Pocket TM, at the very moment I finish writing the last box name ($D8F5 to $D8FD) the game freezes, so I can't use my code. Do you know why? Thanks to anyone who can help!

Admin of the PRAMA Initiative, the main french Pokémon glitch website
http://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov