Main Menu
Main Page
Forums
Recent changes
Random page
Help

Databases
GlitchDex
AttackDex
ItemDex
TrainerDex
TypeDex
UnownDex
More

Major Glitches
Trainer escape glitch
Old man trick
Celebi Egg trick
Select glitches (Japan)
SRAM glitch
CoolTrainer♀ corruption
LOL glitch
Rival LOL glitch
Super Glitch
ZZAZZ glitch
Pomeg corruption glitch (Glitzer Popping)
Tweaking
Elite Four door glitch (Japan)
Pokémon merge glitch
Pokémon cloning
Time Capsule exploit
Arbitrary code execution
Coin Case glitches
More

Other Glitch Categories
Glitches by generation
Glitches between two generations
Japan-only/language specific glitches
Music glitches
Natural glitches
Non-core series glitches
Non-Pokémon glitches
Officially acknowledged glitches
Recurring glitches
Dead glitches

References
Pokémon GameShark codes
The Big HEX List
Glitch Pokémon cries
GB programming
Curiosities
Debugging features
Easter eggs
Error traps
Glitch areas
Glitch myths
Non-glitch exploits
Placeholder texts
Pokémon glitch terminology
Unused content and prerelease information

Useful Tools
8F Helper
GBz80 to Items
Old man trick name generator
PATH (Prama's Advanced Tweaking Heaven)
Save file editors
Special stat/Pokémon converter
Trainer escape Trainer Pokémon finder

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Technical
Site Source Code

Search Wiki

 

Search Forums

 

Author Topic: Arbitrary code execution in Red/Blue using the "8F" item  (Read 264802 times)

0 Members and 1 Guest are viewing this topic.

Krys3000

  • The frenchie
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - Main french Pokémon glitch website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #660 on: August 10, 2017, 06:57:00 am »
Not sure what your code is supposed to be, but it doesn't seem to be what you think.

You can use the standard Single-addresse value changing code to trigger the encounter of a Mew in the grass, but the level is variable.

Modified code for european games is:

Anything
8F
Lemonade x21
X Accuracy x221 (x220 if yellow)
Carbos x207
Poké Ball x119
Cool Water x201

Another solution is the fake Ditto Trick:

Anything
8F
ThunderStone x45
TM05 x4
Max Revive x21
Awakening x8
Max Ether x4
Repel x254 (253 if Yellow)
Poké Ball x25
Lemonade x1
Antidote x119
TM01 xany

Then you'll encounter mew by going on Route 16 from Celadon and closing the START Menu. There's a way to modify it to change the level, I'll try to do that later.

Admin of the PRAMA Initiative, the main french Pokémon glitch website
http://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov

Marv231

  • GCLF Member
  • Offline Offline
  • Gender: Male
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #661 on: August 10, 2017, 10:18:08 am »
Thanks.  The Celadon- Route 16 Code works fine.


I found another Setup, where the Level is the same, like the last seen Pokemon.
In my case, Level of Arbok, that I took out of the PC to have my Bottrap complete.
With leveling Arbok, I can set the Level of the Pokemon, I like to have.

Any Item x Indexnumber of the Pokemon, you want
S7
TM 50 x 36
TM 11 x9
TM 34 x94
TM08  x201

After using S7 and closing the menue, the Battle with the Pokemon starts

DoubleNegative

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #662 on: August 18, 2017, 11:58:53 am »
Is there a quick cloning method known in red and blue? I found an easy way, but I wanted to know if it's common knowledge by now.

Parzival

  • DO NOT TOUCH SPAGOOT
  • GCLF Member
  • *
  • Offline Offline
  • aaaaaaaaaaaaaaaaaaaaaa
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #663 on: August 18, 2017, 12:21:09 pm »
Is there a quick cloning method known in red and blue? I found an easy way, but I wanted to know if it's common knowledge by now.
http://glitchcity.info/wiki/Pok%C3%A9mon_cloning_(Generation_I)
Ask me about betrayal.
Ask me about depression.
Ask me about death.
Ask me about destruction.
Ask me about hardship.
I've been through s**t.
If you need to talk to someone, my PM inbox is always open.


DoubleNegative

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #664 on: August 18, 2017, 03:53:41 pm »
Is there a quick cloning method known in red and blue? I found an easy way, but I wanted to know if it's common knowledge by now.
http://glitchcity.info/wiki/Pok%C3%A9mon_cloning_(Generation_I)

I found an 8F setup that can be used for cloning. It's way safer than save corruption and also probably faster. Should I post it here?

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #665 on: August 19, 2017, 04:44:38 am »
Totally.
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

DoubleNegative

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #666 on: August 19, 2017, 08:46:51 am »
Easy (ish) cloning:
Prerequisite: box 1 is empty and the pokemon to clone is in another box. The pokemon to clone also cannot have any HMs.
You will also need the standard 5 pokemon 8F setup.

Inventory:
* any item x any
* 8F
* Lemonade x 19
* X accuracy x 128    (127 if using yellow, but then I don't know how wsm works.)
* Carbos x 218
* Poke ball x 119
* TM01 x any

Procedure:
* Change to box 1 and use 8F
* Move the pokemon to clone into box 1
* Release all the pokemon in box 1 by releasing from the top of the list repeatedly until the box is empty.
* Use 8F again. The box is now filled with unstable hybrids of your pokemon and 'M (FF)
* Withdraw as many as you want and use the daycare to stablize the hybrids. They should all stablize to be the originally deposited pokemon.

The last step is not necessary if you want to transfer the clones to sun/moon. Just transfer the box, toss 18 lemonade, use 8F, and withdraw the original pokemon.

natanelho

  • >_> Nothing to see here <_<
  • GCLF Member
  • Offline Offline
  • hey!WHAT THIS BOX DOES????
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #667 on: August 20, 2017, 02:20:26 pm »
Easy (ish) cloning:
Prerequisite: box 1 is empty and the pokemon to clone is in another box. The pokemon to clone also cannot have any HMs.
You will also need the standard 5 pokemon 8F setup.

Inventory:
* any item x any
* 8F
* Lemonade x 19
* X accuracy x 128    (127 if using yellow, but then I don't know how wsm works.)
* Carbos x 218
* Poke ball x 119
* TM01 x any

Procedure:
* Change to box 1 and use 8F
* Move the pokemon to clone into box 1
* Release all the pokemon in box 1 by releasing from the top of the list repeatedly until the box is empty.
* Use 8F again. The box is now filled with unstable hybrids of your pokemon and 'M (FF)
* Withdraw as many as you want and use the daycare to stablize the hybrids. They should all stablize to be the originally deposited pokemon.

The last step is not necessary if you want to transfer the clones to sun/moon. Just transfer the box, toss 18 lemonade, use 8F, and withdraw the original pokemon.
can you please write the asm code? I really dont understand why people dont do it... that's very easy to do, pretty useful for the ones who want to know what exactly it does and it doesn't do any harm to anyone...

Parzival

  • DO NOT TOUCH SPAGOOT
  • GCLF Member
  • *
  • Offline Offline
  • aaaaaaaaaaaaaaaaaaaaaa
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #668 on: August 20, 2017, 03:44:24 pm »
can you please write the asm code? I really dont understand why people dont do it... that's very easy to do, pretty useful for the ones who want to know what exactly it does and it doesn't do any harm to anyone...
He... did.
The items script is LITERALLY GBz80ASM.
It's a simple conversion with ISSOtm's converter, which can be found in the "Useful Tools" section of the sidebar, or here.
Ask me about betrayal.
Ask me about depression.
Ask me about death.
Ask me about destruction.
Ask me about hardship.
I've been through s**t.
If you need to talk to someone, my PM inbox is always open.


DoubleNegative

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #669 on: August 20, 2017, 03:47:35 pm »
can you please write the asm code? I really dont understand why people dont do it... that's very easy to do, pretty useful for the ones who want to know what exactly it does and it doesn't do any harm to anyone...

lemonade x 19       ld a,$13 ; box capacity is $14 so use that - 1 to bring box to near full
X accuracy x 128    ld l,$80  ; low byte of box size address
Carbos x 218         ld h,$DA ; high byte of box size address
Poke ball x 119      inc b ; not important                                 ld (hl),a ; make box 1 currently have 19 pokemon
TM01 x any           ret

This setup is explained in an earlier post and is called the pseudo-gameshark.

DoubleNegative

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #670 on: August 24, 2017, 11:52:14 am »
Is there a simple memory hex editor script for English Blue yet? I saw a version of one on a Japanese game which worked by reading from a toss item menu. Also, I want to use it to edit box pokemon data, so it can't be stored there.
« Last Edit: August 24, 2017, 05:02:04 pm by DoubleNegative »

Parzival

  • DO NOT TOUCH SPAGOOT
  • GCLF Member
  • *
  • Offline Offline
  • aaaaaaaaaaaaaaaaaaaaaa
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #671 on: August 24, 2017, 05:34:24 pm »
IIRC there is, but it's long and requires too many glitch items. Not particularly worth it.
Ask me about betrayal.
Ask me about depression.
Ask me about death.
Ask me about destruction.
Ask me about hardship.
I've been through s**t.
If you need to talk to someone, my PM inbox is always open.


ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #672 on: August 25, 2017, 03:44:57 am »
There's the old memory writer setup. It's a bit long, but it works.
Look for TheZZAZZGlitch's "Jailbreaking the Gameboy" video, and edit the setup a bit to repoint the written data.
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

Princess Torchic ❤

  • Administrator
  • *****
  • Offline Offline
  • Gender: Female
  • The Chicken Girl
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #673 on: August 25, 2017, 08:41:21 am »
There's the old memory writer setup. It's a bit long, but it works.
Look for TheZZAZZGlitch's "Jailbreaking the Gameboy" video, and edit the setup a bit to repoint the written data.

Alternatively as well there is the reusable RAM writer which you can then use to set up offgao's memory editor and similar. :)

It works in a simple way and uses 11 items (not that hard to get), and when you write a value to the address you want the quantities reset back to 0 (256), which can be tossed from without any issues to get any value to write or RAM address to write to.
« Last Edit: August 25, 2017, 08:44:49 am by Torchickens »
Hi! I identify as female.  She/her pronouns, please.

Online I most often use the username Torchickens or Chickasaurus.

Ah.. koucha ga oishii ♪





Thank you Aeriixion for the cute sprite above! :) Roelof also made different variations of the sprite (which I animated).

Contact:
If you like, please contact me by private message here on the forums as I no longer check other places very often.

YouTube: http://www.youtube.com/user/ChickasaurusGL

I like to collect interesting video games. ^_^
https://www.vgcollect.com/Torchickens

Give love, receive love, repeat. But in order to love others you must first love yourself unconditionally, even if it means abandoning pressure from projects or taking time off work and empathise with the self as you are your own best friend. The key often is simply to follow your heart, your urges and have faith they are valid; use them to do what you want to do as long as it doesn't harm anyone, and/or sympathise and respect it as we all have bad days (even the prettiest rose has thorns but is still beautiful).

DoubleNegative

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #674 on: August 25, 2017, 09:14:30 am »
I didn't see that post so I rewrote the ram writer in the mean time, but with a slightly different setup.

Lemonade x ??
Carbos x ??
X Accuracy x ??
Poké Ball x 119
Thunderstone x 35
TM10 x 36
Escape Rope x 175
Great Ball x 119
HP Up x 35
Elixer x 119
Antidote x 44
Super Potion x 44
Ice Heal x 119
TM01 x 1

It would be helpful if there was a way to switch between using it like this and using it as a sequential editor. As if the X accuracy is incremented each use, and incrementing carbos when it reaches 0.