A user named DaWoblefet (who also has an account on these forums if I remember correctly) recorded this glitch previously documented by DragonWhale93. It has been known for quite a while now since July 2017, but I haven't noticed many people talking about it.

Apparently in Pokémon Sun/Moon if you save at the exact position in a Pokémon Center that the delivery man would appear, obtain a new Mystery Gift (you could possibly do it with a Pokémon Bank subscription) it is then possible to walk out of bounds into the void. However it's not known if there is anything extra you can do with this glitch.
The types of already documented buffer overflow techniques that allow memory manipulation from the screen data so far include:

1. Super Glitch: Corruption of data from $CF4B, $D0E1
2. - (move): Corruption of data from $CF4B
3. Unterminated name glitch item: Corruption of data from $CF4B
4. Glitch location names on the Fly menu. This is an obscure one and I'm unsure how it works.
5. Unterminated name glitch Pokémon (when selected from a box): Also corruption of $CF4B onward if I remember rightly. Used in oobLG.

I think I found another one for us to look into, this time with glitch Trainer class names.

D031 (Red/Blue) and D030 (Yellow) partially control the opposing trainer class in battle. I found a Trainer name in Yellow (hex:77) which may have an extremely long trainer name. If you defeat the foe with this value set on D031/D030 (may require avoiding a problematic AI) and they have victory text, their name will be printed on the screen, and it appears that like the other buffer overflows what is corrupted after battle depends on the screen data.

I noticed 9153 in VRAM would control CFD7 (enemy Pokémon), and that this happens to be part of the foe's sprite that is displayed after you beat them. With Lorelei I get FF. Not sure whether this is due to VRAM inaccessibility or if that address is really FF but what's good about this is that the picture pointer of the opposing Trainer can be modified by manipulating the two bytes at D033 (D032 in Yellow). This doesn't have to include valid sprite pointers, hence in theory you can get many more CFD7 values by trying out different pictures and glitch pictures (which could even be in RAM).

The glitch pictures can also be used for their own unique corruption effects (possibly related to things like their dimensions). I tried 99 99 (pointing to VRAM) and it interestingly also corrupted the name you get at the end of the battle, but then I got this lovely corruption:

(I tried this two times and the first time it flew me to a glitch location, but didn't screenshot it, sorry)

Despite the fact that during experimenting the CFD7 value would stay at its corrupted value, it seems D056 (and D058 as well so instant encounter may not be possible either) is reset back to 00 meaning you can't capture Q (or theoretically Charizard 'M if this works similarly in Red/Blue) this way, which is a little sad.

Hopefully we can still exploit this to do useful things though, even though in Yellow the only way I know is through arbitrary code execution (and in Red/Blue possibly with Super Glitch as well).
Generation I Glitch Discussion / 'Pokémon Brown Mode' (Pokémon Yellow)
« on: January 16, 2018, 03:27:33 pm »
This is a 'glitch' in Yellow I may have discovered that allows you to start a Glitch Dimension with brown colours, possibly derived from unused Trainer 0xFF ("TM55")'s AI. Currently it is Game Genie only, but may be possible with ws m with the help of modified Trainer battle routine.

It also doesn't seem to be RAM dependent (other than possibly from what Game Boy mode you're using) as I tested it on two save files and set breakpoints for RAM, but I don't know for sure.

On Pokémon Yellow, enter the following Game Genie codes:


As well as GameShark code 01C958D0 (rosters loaded from other trainers and/or non-roster 00s may not work the same).

Try to fight the glitch Trainer that appears and the battle will restart with you in a cave. Do this six more times and the game may suddenly reset.

It's an amazing coincidence this exists, but I guess with so many things that can happen in the game something like this would eventually happen.

Note: You may have to be on Game Boy Color mode for this to work. This didn't seem to do the reset on Super Game Boy mode (nor Game Boy mode, though I don't know if effects would be visible if it did) for some reason.
It looks like a Mail glitch was documented recently that meant the Pokémon Ruby any% category was split into any% and any% glitchless, and it allows you to take many Rare Candy hold items from a Pokémon (wondering if its part of the Mail and Trick glitches)

I don't know how this particular glitch works though, would anyone like to elaborate? Thanks.

Edit: Maybe it's not exactly the same glitch, epicdudeguy said the Japanese community thought it was only possible with a move "really hard to obtain" which could be Trick.

Edit 2: They use Twins Amy & Liv (クミとルミ) on Route 103 to start a Double Battle with Harbor Mail attached to Pokémon 1, 3, 5, 6, Abra (Pokémon 2) uses Thief on the first of your Pokémon (holding a Harbor Mail), then Thief on the opposing Minun. The mail is taken off of Abra and into the PC. A Rare Candy is equipped to a Wingull with one-character name (Pokémon 4) like Pokémon 1. Then a Harbor Mail is attached to Pokémon 1 and the phrase Geodude (イシツブテ) is entered. Then another mail is attached to Pokémon 2 (also イシツブテ name). Then you attempt to attach a Mail to the Wingull holding a Rare Candy, causing you to take away one mail in the pack and obtain one Rare Candy each time, and this can be repeated many (how many mails you have) times.

I wonder then whether the length of Pokémon 1 and Pokémon 4's name is important. On our wiki article it says to "repeat steps 2. and 4. five times" but it could be related to Kadabra's five character name (ユンゲラー). In the video Wingull and Marshtomp only have a one character name.
Wiki Discussion / Dex status/ideas for the wiki
« on: December 28, 2017, 11:57:44 am »
It's not realistic all of these will get done, but here are some Dex ideas for the wiki. You can post all sorts of ideas here for others to research in case they want to do so.

GlitchDex - Done
AttackDex - In progress
ItemDex - Done (except Generation II glitch items)
TrainerDex - In progress (work completed in non-wiki form by TheZZAZZGlitch for English RBY and Japanese Red/Green)
TypeDex - Done (in terms of all used types on glitch moves)
UnownDex - In progress

PhoneDex (GSC) - Not started but work completed in non-wiki form by Photon-Phoenix/Yuzihax
OptionDex (GS) - Not started but work completed in non-wiki form by Photon-Phoenix/Yuzihax
DexDex (GSC) - I think pokechu22 did work on this. These are glitch Pokédex listing options.
DollDex (GSC) - Photon-Phoenix/Yuzihax
PosterDex (GSC) - Photon-Phoenix/Yuzihax
AreaDex (RBY, GSC, later) - Done in parts but not as a dex project/no prefix for articles yet. Not that viable for GSC (only possibly on a case by case basis for those that don't freeze the game)
SecretBaseDex - Generation III glitch decorations
StatDex (RBY) - Some work by danny. None done for Generation II yet.
TileDex - Done by PRAMA Initiative for French version of Red/Blue.
RibbonDex (RSE upwards) - Zowayix documented one of them.
SpecialEmoteDex (Yellow)
SoundBankDex (RBY)
PredefDex (RBY) - Already done for Yellow, but could possibly go deeper.
FacingDex (RBY) - Based on value of C109. See here.
DayDex (GSC)

All have only been done for English versions (except for the TileDex and TrainerDex) right now.
Generation I Glitch Discussion / 'Tile Chaos': An obscure glitch effect
« on: December 28, 2017, 07:14:13 am »
I like to call this effect "Tile Chaos". This effect has already been known and is caused by some glitch moves (their animation), as well as invalid D057 (Red/Blue) or D056 (Yellow) values greater than 01 and throwing a Master Ball.

Basically from what I gather the game attempts to play a glitch animation, but corrupts the screen causing many glitchy animated sprites to appear. If you have animations disabled you can avoid the ones caused by glitch moves.


...On invalid D057 values:

(This is possible if an unterminated name glitch item corrupts that value to be greater than 02 and you throw a Poké Ball.

...On glitch moves:

I think the Japanese glitch community may already have a name for this, so I may try to see if they have a name for it later. I also don't know whether Glitch City had a name for it when it did the old ItemDex had a name for it, as I've noticed it on one glitch move so far.

I don't know if there's any use for this but it's a nice effect to say the least.
Video Games/Glitches Discussion / Mario & Luigi series
« on: December 27, 2017, 11:43:53 am »
I got Mario & Luigi: SuperStar Saga & Bowser's Minions for Christmas, did anyone else here also like the original or other games in the series?
I love the complexity of this beautiful Fire Emblem Fates song. Please note that I haven't played the game so these are 'blind' reflections (meaning I don't have background knowledge of what they could be about) and I view these thoughts from how I understand them rather than what I think they are actually about.

You are the ocean’s gray waves
Destined to seek
Life beyond the shore
Just out of reach

;We look to the bright side in life, perfection in happiness (as life beyond the shore illustrates)

Yet the waters ever change
Flowing like time
The path is yours to climb

;But in reality life is hard, like vicious tides we always encounter conflict.
;In order to live it we have to fight against the tide. And it flows like time because things are constantly changing, not always happy not always sad.

In the white light
A hand reaches through
A double-edged blade cuts your heart in two
Waking dreams fade away
Embrace the brand new day

;Then in sad times when we reach for our comfort and hope. (Sometimes but not always) the truth is hurtful to realise. For example the American Dream. If you work hard you'll be rewarded, but some argue in reality its often more about who you know than what you know.
;Hence our dreams fade away, we become more grounded and have to be grateful for what time gives us. Night time: end of day. Day time: Beginning of new day with renewed hope for wellness.

Sing with me a song
Of birthrights and love
The light scatters to the sky above
Dawn breaks through the gloom
White as a bone

;We often develop interests of value to us, but in truth is life really about love.
;And in any time of gloom we can realize the bright side. Our bubble of negativity dissolves.
;White as a bone is interesting however, because bone in one view sounds like a gloomy thing and not a positive thing. However sometimes the things that matter the most are the most grounded; the skeleton, food, drink, fundamental needs being of most importance to us and not sugar coated things.

Lost in thoughts, all alone

;I feel sympathy for the singer as I relate myself. We never know what life is about really.

You are the ocean’s gray waves
Destined to seek
Life beyond the shore
Just out of reach

Yet the waters ever change
Flowing like time
The path is yours to climb

Embrace the dark,
You call a home.
Gaze upon an empty white throne,
A legacy of lies,
A familiar disguise.

;I think this is a popular theme in general. We find comfort in human associated things. Security, and though stigmatized by the shadow side (the animal side we want to suppress): money, power. The throne is associated with wealth, and being white is painted with all things that are pure, but in actuality it can be argued as a lie. In Christianity the Devil is also depicted as manipulative.

Sing with me a song
of conquests and fates
The black pillar cracks
beneath its weight.
Night breaks through the day
Hard as a stone

;Life is full of achievements and we reach our fates. In doing so we build character and a sense of self. I don't have an idea regarding the second part though except I get ideas of comforts (held up by the pillar) being broken and we face the bitter reality of life without a home.

Lost in thoughts, all alone

The path you walk on belongs to destiny
Just let it flow
All of your joy and your pain all fall like the tide
Just let it flow

;In life a good strategy is that you have to face what comes with the faith it's for the greater good. In embracing all of our emotions and drives they will naturally fade and reappear and the sense of resistance goes away.

Life is not just filled with happiness
Nor sorrow
Even the thorn in your heart
In time it may become
A rose

;I personally feel this is very true. Life is not that much defined by our emotions but rather our principles, strength of conviction, soul, heart.
;The very thing you fear may eventually become love. Also the phrase in context of war "Yesterday's enemy is today's friend"; to mean that things aren't black and white/good and bad; there is moral ambiguity.

A burdened heart,
Sinks into the ground
A veil falls away without a sound
Not day nor night, wrong nor right
For truth and peace you fight

;While you fight for your cause, somebody else will perish with a burdened heart. Yet the very thing you're fighting for is truth and peace. (Love and war actually have many things in common as counter-intuitive as this may sound: they both fight for what is seen as 'right')

Sing with me a song
Of silence and blood
The rain falls but
Can’t wash away the mud
Within my ancient heart dwells madness and pride
Can no one hear my cry?

;Warfare while starting out from an ideal is cold and vicious. Its grim and people die. I feel what it is saying is it makes you wonder whether you are 'mad' to start or fight in the war, and deep down the reason could be related to an issue of pride. The singer may be viewed as seeing this, but nobody notices it because they are too caught up in the war (also 'won the battle but lost the war').

You are the ocean’s gray waves
Destined to seek life beyond the shore
Just out of reach
Yet the waters ever change
Flowing like time
The path is yours to climb

You are the ocean’s gray waves
Generation VII Glitch Discussion / Secret Power volcano animation oversight
« on: December 20, 2017, 12:41:47 pm »
I noticed this recently thanks to SnorlaxMonster in a Bulbapedia edit revision:

Quote from: SnorlaxMonster
In [[Generation VII]], Secret Power uses the animation of Incinerate when used in volcanic areas, the only instance of it using the animation of a multi-target move in that generation. Unlike in Generation VI, it uses the same animation as Incinerate in battles with multiple opponents, causing both opponents to react to the hit despite the move only affecting one of them.

It's interesting that this occurs in Generation VII but not Generation VI. Does this work in both Ultra Sun/Moon and the original Sun/Moon?
(Top post: Introduction and how to find glitch stats)

As has been done countless times over the years here on Glitch City Labs, here is the start of another Dex project. :)

I'm unsure how to check the addresses for the user and foe stat modifiers for the relevant glitch stat, (an educated guess would say it is at CD19+(ID) for player stat mods and CD2D+(ID) for foe stat mods) though, nor where the stat is actually stored, so due to those complications I decided to simply look for methods of changing the stat name.

There are three different stat name databases in Red/Blue, as such:

1. [SOURCE: OFFSET $DF2E (03:5F2E). Used for vitamins like HP Up.]

HEALTH [0x50]
ATTACK [0x50]
DEFENSE [0x50]
SPEED [0x50]
SPECIAL [0x50]

;How to research: Set a BGB breakpoint to 3:5E46, change the a register to your desired index number. (Health is ID 01).

2. [SOURCE: OFFSET $12B3A (04:6B3A). Used on the status screen.]

SPEED [0x4E]

3. [SOURCE: OFFSET $3F69F (0F:769F). Used for X (STAT) items.]

ATTACK [0x50]
DEFENSE [0x50]
SPEED [0x50]
SPECIAL [0x50]
EVADE [0x50]

These allow for two different groups of glitch stat names. I don't know about source 2 though as it is just plain text stored one after the other.

How to look up the names for list 3 can be found here.

Set a breakpoint to 0F:768B and use the X item.

Register b will be equal to essentially the index number of the string in the third database (for example ATTACK is 01), and hl will be initially set to 769F (as the ATTACK string can be found at 0F:769F or offset $3F69F). In order to look up the stat name, it seems the game searches through the database until it finds a 0x50 character, decreasing register b by 1 each time until hl lands on the name of the string.

For example, the Defense stat is located at $3F6A6. By the time the game moves on to other tasks, hl is equal to 76A6 hence the game prints it and this is stored in buffer CF4B.

If you modify register b, you can look up the names for glitch stats.
Pokémon Discussion / Red/Green hidden items list
« on: December 19, 2017, 01:46:02 pm »
This is a way to get any wrong pocket TM/HM in non-English Gold/Silver, modified from a Pastebin. It assumes you have no key items before doing the glitch and is for early game use (just after you get to Goldenrod City).

I decided to give this its own thread because the method got hidden in another thread.

I feel it may be a little easier than the stack corruption method.

1. Get your bad clone. If you have access to an emulator, you can try a breakpoint method for BGB described in this article (note you must use box 4 and five Pokémon in the box for this). Testing on French, the breakpoint for de seems to be the same as the English version for French, German, Spanish, Italian versions, but I don't know for sure re: other non-French versions, and Japanese/Korean are likely to be different.

If you don't want to obtain a bad clone, then theoretically you can use the Hall of Fame SRAM glitch to get a bad clone (but both Sally and I didn't confirm it outside of English Gold). This is a tricky glitch as you must go through the entire game without saving. I don't know if obtaining any key items would mess things up too, but worst case scenario you can possibly trade a ????? from this glitch on to another game or try an international trade. Trading a ????? obtained from the English version's Coin Case glitch might be an option as well.

2. Put a Machop with Seismic Toss as move 1 in the party (learned at Level 19). I chose this over the Bellsprout method. Not sure if it's that harder though.
3. Stabilize your bad clone to get a ?????. Put this at the top of the party and the Machop after it.
4. Move a Pokémon above ????? to get 7 Pokémon.
5. Take the second Pokémon (a ????? that changed from 00 to FF I think) into the Day Care.
6. Deposit the first Pokémon. Machop should now be in the first slot after depositing it.
7. Deposit the second Pokémon. Machop should now be holding a Mystery Egg.
8. Keep depositing the first Pokémon and fix the party. Don't take Machop's item yet.
9. Clone Machop to obtain another Machop holding a Mystery Egg.
10. Take both Mystery Eggs. The key items should now just contain two Mystery Egg stacks.
11. Don't swap them yet, and have in the Balls pocket exactly: Great Ball x1, Poké Ball x2.
12. Swap the two Mystery Eggs. You should now have Master Ball x5 and Ultra Ball x255.
13. Toss from the Ultra Ball stack to equal the TM/HM (which will be forced in the Balls pocket) ID you desire. For example, tossing 47 to get 208 will give TM17, an arbitrary code execution item.
14. Swap the Master Ball x5 with the Ultra Ball x(amount)
15. Deposit a Mystery Egg you should have, and then withdraw it again.

This will result in you have the item you desire in slot 1. It doesn't just work with TMs/HMs, for example you can obtain a wrong pocket Rare Candy (quantity of 32) that likely has infinite use instead. However it's a good idea to get arbitrary code execution set up first, and then you can use box names to obtain other wrong pocket items like HM01.

Let me know if you have any questions. :)
In Pokémon Red (and Blue, confirmed this to be extra sure both it is unterminated and has the effect in the next paragraph), when glitch item hex:77 is used in battle it will usually result in the TMTRAINER effect. This is expected because the glitch item has an unterminated name.

However, if a 0x50 sub-tile is present in the battle screen data earlier than usual (possible with GameShark code 0150A0C3, OAM DMA hijacking might work though) then you can get a luck dependent corruption effect that goes E4 35 00 35 in the SRAM (unbanked/SRAM bank 0 after further analysis) and repeats. For some reason as well, there will be a black bar 'r corruption pattern on the screen and freeze.

Want to have a go at analyzing this TheZZAZZGlitch please?

Video Games/Glitches Discussion / Favourite Super Smash Bros. game?
« on: December 08, 2017, 05:07:07 am »
What are our favourite Super Smash Bros. games and how would we rank them best to worse?

Mine go like this:

1. Super Smash Bros. Melee
2. Super Smash Bros. for Nintendo 3DS
3. Super Smash Bros. for Wii U (I know there's a lot of things to do but have got the most pleasure out of the smaller 3DS version)
4. Super Smash Bros. (Nintendo 64)
5. Super Smash Bros. Brawl

Although my favourite game in terms of how it feels is Melee, I really love how Smash 4 has so many characters, music, stages, Assist Trophies, items and so on.
Project "Gotta Document 'Em All" / StatDex?
« on: December 08, 2017, 04:25:22 am »
Using a Game Genie code (which acts as essentially a temporary ROM patch), could we investigate the names and relevant addresses related to glitch stats? (Invalid stats other than Attack, Defense, Speed, Special)

Not too long ago TheZZAZZGlitch did research on one of the glitch stats. He found that in Yellow, the hex:4E glitch stat can be lowered by using glitch move TM47, and that this affects address 0xCD7C.

I'll look into this if I find the time after ItemDex and AttackDex are done, but a little help is certainly welcome and is much appreciated. :)
