Main Menu
Main Page
Forums
Recent changes
Random page
Help

Databases
GlitchDex
AttackDex
ItemDex
TypeDex
UnownDex
More

Major Glitches
Trainer escape glitch
Old man trick
Celebi trick
Select glitches (Japan)
SRAM glitch
CoolTrainer♀ corruption
LOL glitch
Rival LOL glitch
Super Glitch
ZZAZZ glitch
Pomeg corruption glitch (Glitzer Popping)
Tweaking
Elite Four door glitch (Japan)
Pokémon merge glitch
Pokémon cloning
Time Capsule exploit
Arbitrary code execution
Coin Case glitch
More

Other Glitch Categories
Glitches by generation
Glitches between two generations
Japan-only/language specific glitches
Music glitches
Natural glitches
Non-core series glitches
Non-Pokémon glitches
Officially acknowledged glitches
Recurring glitches
Dead glitches

References
Pokémon GameShark codes
The Big HEX List
GB programming
Curiosities
Debugging features
Easter eggs
Error traps
Glitch areas
Glitch myths
Non-glitch exploits
Placeholder texts
Pokémon glitch terminology
Unused content and prerelease information

Useful Tools
8F Helper
GBz80 to Items
Old man trick name generator
PATH (Prama's Advanced Tweaking Heaven)
Save file editors
Special stat/Pokémon converter
Trainer escape Trainer Pokémon finder

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Search Wiki

 

Search Forums

 

Author Topic: ACE via Cable Club and Persistent ACE  (Read 322 times)

0 Members and 1 Guest are viewing this topic.

ds84182

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
ACE via Cable Club and Persistent ACE
« on: November 09, 2016, 06:08:41 pm »
I wrote an arbitrary code execution platform thing based off of http://vaguilar.js.org/posts/1/. It achieves code execution through the Cable Club and expands it by loading different SRAM payloads that the user can select (currently can dump and flash the entire SRAM). Using SRAM dump and flash I can unload a payload into the save file of the game that executes code while the game is running AS LONG AS THE USER VISITS PALLET TOWN ONCE DURING RUNTIME. The persistent code runs from SRAM in some empty unused area. When the user presses the SELECT button it shows a menu that lets you fly anywhere (using the standard fly dialog) without having a Pokemon that knows fly (it also overrides the fly list so you can fly places without visiting there first).

The code can be found here: https://github.com/ds84182/redisdead

I have no clue if it works on other peoples computers. It requires an environment set up in a certain way.

Aldrasio

  • GCLF Member
  • Offline Offline
  • Gender: Male
  • Our Lady of Perpetual Underflow
    • View Profile
Re: ACE via Cable Club and Persistent ACE
« Reply #1 on: December 07, 2016, 10:00:51 pm »
Does this work with any save file? I did something like this a while ago based on the same post. I got it to upload save files just fine off of a new game (demonstrated here), but I ran into a roadblock when it came to downloading save files. The RAM address used for the stack overflow is in the middle of the game's flag data, so a lot of the time I'd randomly get an instruction that hung the CPU. Using a new game guaranteed that most of the flag data was 00, so it just nop'd into the injected code.