Main Menu
Main Page
Forums
Recent changes
Random page
Help

Databases
GlitchDex
AttackDex
ItemDex

Major Glitches
Trainer escape glitch
Old man trick
Celebi trick
Select glitches (Japan)
SRAM glitch
CoolTrainer♀ corruption
LOL glitch
Rival LOL glitch
Super Glitch
ZZAZZ glitch
Pomeg corruption glitch (Glitzer Popping)
Tweaking
Elite Four door glitch (Japan)
Pokémon merge glitch
Pokémon cloning
Time Capsule exploit
Arbitrary code execution
Coin Case glitch
More

Other Glitch Categories
Glitches by generation
Glitches between two generations
Japan-only/language specific glitches
Music glitches
Natural glitches
Non-core series glitches
Non-Pokémon glitches
Officially acknowledged glitches
Recurring glitches
Dead glitches

References
Pokémon GameShark codes
The Big HEX List
GB programming
Curiosities
Debugging features
Easter eggs
Error traps
Glitch areas
Glitch myths
Non-glitch exploits
Placeholder texts
Pokémon glitch terminology
Unused content and prerelease information

Useful Tools
8F Helper
GBz80 to Items
Old man trick name generator
PATH (Prama's Advanced Tweaking Heaven)
Save file editors
Special stat/Pokémon converter
Trainer escape Trainer Pokémon finder

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Search Wiki

 

Search Forums

 

Author Topic: Pokémon Stadium - N64 ACE HYPE !  (Read 532 times)

0 Members and 1 Guest are viewing this topic.

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Pokémon Stadium - N64 ACE HYPE !
« on: January 21, 2017, 07:34:10 am »
MrCheeze did it. Basically, attempting to use Pokémon Stadium to trade Pokémon to a Gen I cartridge with more than 20 Pokémon, you get a buffer overflow.
Tweet
Demonstration video
Tech stuff

Get hyped guys, if we manage to make cartswap real on the N64, we basically pwn the fifth generation of consoles.

I'm going to send a R.O.B to Game Freak at this point. Via mail.
« Last Edit: January 21, 2017, 07:39:23 am by ISSOtm »
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

Wack0

  • Coder, reverser, beta collector [BetaArchive staff]
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • cBRH - Doing nothing since 2k7
    • View Profile
Re: Pokémon Stadium - N64 ACE HYPE !
« Reply #1 on: January 21, 2017, 07:56:32 am »
i don't think N64 cartswap will be a thing because the protection.

Transfer Pak swapping on the other hand will be a breeze now N64 code exec has been obtained.

I love that the GB emulator seems to have been good enough, yet the save file parsing is terrible.
C H E C K E D . B U I L D S . A R E . A W E S O M E N E S S

BetaArchiveSoftHistory Forumsirc.rol.im #galaxy,#softhistory

Also known as The Distractor.

Shane, please stop telling children that there's a Mew outside under the delivery trucks. - Management

Pokémon: arbitrary code execution 1996-2016

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Pokémon Stadium - N64 ACE HYPE !
« Reply #2 on: January 21, 2017, 08:21:23 am »
I am fully aware of the protection.
AFAIK, building a N64 cartridge adapter like those for NES and SNES would fix the issue. I do know there are multiple protection chips for the N64, but I bet we could still perform cartswap on some games. Or maybe find a way to bypass the protection altogether, although that sounds unlikely to me.

Maybe we could break the emulator in funny ways now that we have ACE on the game :P
Just for the show, I guess. Still wonder how TASBot will total control the N64 with this.
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

Wack0

  • Coder, reverser, beta collector [BetaArchive staff]
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • cBRH - Doing nothing since 2k7
    • View Profile
Re: Pokémon Stadium - N64 ACE HYPE !
« Reply #3 on: January 21, 2017, 11:31:14 am »
I am fully aware of the protection.
AFAIK, building a N64 cartridge adapter like those for NES and SNES would fix the issue. I do know there are multiple protection chips for the N64, but I bet we could still perform cartswap on some games. Or maybe find a way to bypass the protection altogether, although that sounds unlikely to me.

Maybe we could break the emulator in funny ways now that we have ACE on the game :P
Just for the show, I guess. Still wonder how TASBot will total control the N64 with this.

With ACE on the game you can probably somehow swap GB carts in Transfer Pak, then init the new cart and call the emulator.
« Last Edit: January 21, 2017, 11:31:25 am by Wack0 »
C H E C K E D . B U I L D S . A R E . A W E S O M E N E S S

BetaArchiveSoftHistory Forumsirc.rol.im #galaxy,#softhistory

Also known as The Distractor.

Shane, please stop telling children that there's a Mew outside under the delivery trucks. - Management

Pokémon: arbitrary code execution 1996-2016

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Pokémon Stadium - N64 ACE HYPE !
« Reply #4 on: January 21, 2017, 11:40:28 am »
I was thinking about N64 cartswap.
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

jfb1337

  • ACE trainer
  • GCLF Member
  • Offline Offline
    • View Profile
Re: Pokémon Stadium - N64 ACE HYPE !
« Reply #5 on: March 29, 2017, 05:44:33 am »
The github says the maximum payload would be just under 128kb via 4 GB saves. But wouldn't it be possible to write a program that allows the user to keep removing GB carts to plug in new ones, and loading all the data off those? That way you could have an arbitrary large payload - limited only by the N64's RAM size.

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Pokémon Stadium - N64 ACE HYPE !
« Reply #6 on: March 29, 2017, 06:28:34 am »
Removing GB carts doesn't see possible to me (IIRC the game periodically checks whether a cart is inserted, but I may be wrong) ; however, we could do either of :
- Plug two Gen I carts and 1 or 2 carts with more SRAM than Pokémon (which have only 4 SRAM banks). Cartswap may be used to write data to these other carts.
- Use the 128 kB to make a RAM writer and simply write your payload with your N64 controller(s)
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

jfb1337

  • ACE trainer
  • GCLF Member
  • Offline Offline
    • View Profile
Re: Pokémon Stadium - N64 ACE HYPE !
« Reply #7 on: March 29, 2017, 01:46:19 pm »
Yes but once you have ACE then what the game does shouldn't be a limiting factor, should it? You could just enter your own loop of checking whether GB carts are inserted and reading from them if there are new ones, without returning to the game's code. Unless it runs in a separate thread that the OS won't let us kill, which is unlikely.

And yes, for TAS then reading from the controllers is the easiest way to go, but if as non TAS-ing human you want to use a large payload more than once for some reason then it would be easier to store it, especially if you have access to one of those things that allows you to read/write the save file of a GB cart from a PC, then you wouldn't have to manually enter the payload at all.
« Last Edit: March 29, 2017, 02:11:09 pm by jfb1337 »

Yeniaul

  • Guest
Re: Pokémon Stadium - N64 ACE HYPE !
« Reply #8 on: March 29, 2017, 03:01:38 pm »
Not necessarily, if the GB game is emulated then we'd have to  find a way to break out of the emulator and even then we'd have to start using N64-format ASM which is vastly different and much larger.

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Pokémon Stadium - N64 ACE HYPE !
« Reply #9 on: March 31, 2017, 12:53:03 pm »
Yes but once you have ACE then what the game does shouldn't be a limiting factor, should it? You could just enter your own loop of checking whether GB carts are inserted and reading from them if there are new ones, without returning to the game's code. Unless it runs in a separate thread that the OS won't let us kill, which is unlikely.
I don't know the details about how it is performed, so I won't get hyped on it until it is confirmed.

And yes, for TAS then reading from the controllers is the easiest way to go, but if as non TAS-ing human you want to use a large payload more than once for some reason then it would be easier to store it, especially if you have access to one of those things that allows you to read/write the save file of a GB cart from a PC, then you wouldn't have to manually enter the payload at all.
Imagine if the payload you stored in your GB carts was a memory editor that also allows you to jump to anypart of memory.
Bam, you can write any code and have it ran. No TAS skillz required (see offgao's memory editor, it's the state-of-the-art ACE tool for Gen I)

Not necessarily, if the GB game is emulated then we'd have to  find a way to break out of the emulator and even then we'd have to start using N64-format ASM which is vastly different and much larger.
You got it slightly wrong. We can't escape the emulator without N64 ACE - the emulator is (according to MrCheeze) too solid to be escapable.
What we do is copy N64 ASM as raw hex from GB carts ; to avoid being limited with the 4 N64 controllers (and thus GB carts) the idea was to copy one's contents, swap it, and repeat until the whole payload has been written.
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)