Main Menu
Main Page
Forums
Recent changes
Random page
Help

Databases
GlitchDex
AttackDex
ItemDex
TrainerDex
TypeDex
UnownDex
More

Major Glitches
Trainer escape glitch
Old man trick
Celebi Egg trick
Select glitches (Japan)
SRAM glitch
CoolTrainer♀ corruption
LOL glitch
Rival LOL glitch
Super Glitch
ZZAZZ glitch
Pomeg data corruption glitch (Glitzer Popping)
Tweaking
Elite Four door glitch (Japan)
Pokémon merge glitch
Pokémon cloning
Time Capsule exploit
Arbitrary code execution
Coin Case glitches
More

Other Glitch Categories
Glitches by generation
Glitches between two generations
Japan-only/language specific glitches
Music glitches
Natural glitches
Non-core series glitches
Non-Pokémon glitches
Officially acknowledged glitches
Recurring glitches
Dead glitches

References
Pokémon GameShark codes
The Big HEX List
Glitch Pokémon cries
GB programming
Curiosities
Debugging features
Easter eggs
Error traps
Glitch areas
Glitch myths
Non-glitch exploits
Placeholder texts
Pokémon glitch terminology
Unused content and prerelease information

Useful Tools
8F Helper
GBz80 to Items
Old man trick name generator
PATH (Prama's Advanced Tweaking Heaven)
Save file editors
Special stat/Pokémon converter
Trainer escape Trainer Pokémon finder

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Technical
Site Source Code

Search Wiki

 

Search Forums

 

Recent Posts

Pages: 1 [2] 3 4 ... 10
11
Decent for the DS. It has minor anti-aliasing, which helps.
12
A CartSwap setup had been made (by Cryo, IIRC), which used the joypad to wake up the Game Boy. It did this, plus fillers :
Code: [Select]
ld a, $20 ; Select dpad
ldh [$FF00], a
ld a, $10 ; Joypad interrupt
ldh [$FFFF], a
stop ; $10, makes the Game Boy "deep sleep" until an interrupt occurs
XX ; Any byte
xor a
ld [$FF0F], a
inc a
ld [$FFFF], a
halt ; Wait for a VBlank interrupt, this helps stabilize the state

The user should simply run the code, swap carts, and press the D-Pad.
(Note : if the D-Pad is already held when the setup is ran, it will fail.)
It'd probably help if we spent about 1/4 of a second wasting time in this setup so we have time to compensate for user reaction time and button bounce.
13
Wiki Discussion / Re: Dex status/ideas for the wiki
« Last post by coloradohugge on Yesterday at 08:35:43 am »
I REALLY wanna get working on international glitch dex more soon, that's like my true burning passion when it comes to Pokémon glitching. so i really hope we can expand that further really soon, i would love to contribute as much as i possibly can ^^
14
>Hopefully we can escape the trashed-RAM Glitch City
change coordinates to somewhere normal with expanded pack
change map id with expanded pack and expanded party
use 9F
hope and pray
15
Fossil Charizard 'M get! :)



(This is with name 0x32)

Too bad almost all of the RAM is trashed, making escape from Glitch City very difficult. :(
But you could work with the items you're given in the expanded items pack in theory.

If you combine this with things that print tiles in battle (double distort CoolTrainer can do it) and avoid VRAM inaccessibility, then as VRAM is within the range of the BG Map (9C00-9E33) in theory if 9C2A is 0x15 this is another way to get Mew (or any other Pokémon/glitch Pokémon) as a fossil.



Will look into finding a way to escape the Glitch City (and potentially glitched meta-map scripts) and posting it here. :)
16
Multimedia Discussion / Re: What song are you listening to right now?
« Last post by ISSOtm on January 16, 2018, 11:52:54 pm »
Megalo Strike Back
Artist : Toby Fox
Album : I Miss You - EarthBound 2012

Basically listening to the entire album, too. Ninefield is rad.
17
The types of already documented buffer overflow techniques that allow memory manipulation from the screen data so far include:

1. Super Glitch: Corruption of data from $CF4B, $D0E1
2. - (move): Corruption of data from $CF4B
3. Unterminated name glitch item: Corruption of data from $CF4B
4. Glitch location names on the Fly menu. This is an obscure one and I'm unsure how it works.
5. Unterminated name glitch Pokémon (when selected from a box): Also corruption of $CF4B onward if I remember rightly. Used in oobLG.

I think I found another one for us to look into, this time with glitch Trainer class names.

D031 (Red/Blue) and D030 (Yellow) partially control the opposing trainer class in battle. I found a Trainer name in Yellow (hex:77) which may have an extremely long trainer name. If you defeat the foe with this value set on D031/D030 (may require avoiding a problematic AI) and they have victory text, their name will be printed on the screen, and it appears that like the other buffer overflows what is corrupted after battle depends on the screen data.

I noticed 9153 in VRAM would control CFD7 (enemy Pokémon), and that this happens to be part of the foe's sprite that is displayed after you beat them. With Lorelei I get FF. Not sure whether this is due to VRAM inaccessibility or if that address is really FF but what's good about this is that the picture pointer of the opposing Trainer can be modified by manipulating the two bytes at D033 (D032 in Yellow). This doesn't have to include valid sprite pointers, hence in theory you can get many more CFD7 values by trying out different pictures and glitch pictures (which could even be in RAM).

The glitch pictures can also be used for their own unique corruption effects (possibly related to things like their dimensions). I tried 99 99 (pointing to VRAM) and it interestingly also corrupted the name you get at the end of the battle, but then I got this lovely corruption:



(I tried this two times and the first time it flew me to a glitch location, but didn't screenshot it, sorry)

Despite the fact that during experimenting the CFD7 value would stay at its corrupted value, it seems D056 (and D058 as well so instant encounter may not be possible either) is reset back to 00 meaning you can't capture Q (or theoretically Charizard 'M if this works similarly in Red/Blue) this way, which is a little sad.

Hopefully we can still exploit this to do useful things though, even though in Yellow the only way I know is through arbitrary code execution (and in Red/Blue possibly with Super Glitch as well).
18
Arbitrary Code Execution Discussion / TheZZAZZGlitch's memory editor - 1.1 version
« Last post by ISSOtm on January 16, 2018, 11:37:19 pm »
TheZZAZZGlitch made a pretty cool memory editor, which nicely fits in 200 bytes. You can check it out in this video.
Given that the setup's duration basically depends on its length, I made a "1.1" version, which retains the same functionality, but fits it only 173 bytes !

Here is the byte list : https://pastebin.com/raw/H1FDy7Xw
Note that you will need to start with 173 X Accuracies instead of 200.


If you want to check out the source, which is even more messy (but also more commented) than the original : https://pastebin.com/raw/DU1PSNVg
19
A CartSwap setup had been made (by Cryo, IIRC), which used the joypad to wake up the Game Boy. It did this, plus fillers :
Code: [Select]
ld a, $20 ; Select dpad
ldh [$FF00], a
ld a, $10 ; Joypad interrupt
ldh [$FFFF], a
stop ; $10, makes the Game Boy "deep sleep" until an interrupt occurs
XX ; Any byte
xor a
ld [$FF0F], a
inc a
ld [$FFFF], a
halt ; Wait for a VBlank interrupt, this helps stabilize the state

The user should simply run the code, swap carts, and press the D-Pad.
(Note : if the D-Pad is already held when the setup is ran, it will fail.)
20
Pokémon Discussion / POKEMON TRADE CENTER
« Last post by Pokedude on January 16, 2018, 10:39:16 pm »
If anyone has a Pokemon and is willing to trade or clone it to some one who asks on this topic than please communicate to each other so you can trade with the current online available pokemon games.   8)
Pages: 1 [2] 3 4 ... 10