Main Menu
Main Page
Forums
Recent changes
Random page
Help

Databases
GlitchDex
AttackDex
ItemDex

Major Glitches
Trainer escape glitch
Old man trick
Celebi trick
Select glitches (Japan)
SRAM glitch
CoolTrainer♀ corruption
LOL glitch
Rival LOL glitch
Super Glitch
ZZAZZ glitch
Pomeg corruption glitch (Glitzer Popping)
Tweaking
Elite Four door glitch (Japan)
Pokémon merge glitch
Pokémon cloning
Time Capsule exploit
Arbitrary code execution
Coin Case glitch
More

Other Glitch Categories
Glitches by generation
Glitches between two generations
Japan-only/language specific glitches
Music glitches
Natural glitches
Non-core series glitches
Non-Pokémon glitches
Officially acknowledged glitches
Recurring glitches
Dead glitches

References
Pokémon GameShark codes
The Big HEX List
GB programming
Curiosities
Debugging features
Easter eggs
Error traps
Glitch areas
Glitch myths
Non-glitch exploits
Placeholder texts
Pokémon glitch terminology
Unused content and prerelease information

Useful Tools
8F Helper
GBz80 to Items
Old man trick name generator
PATH (Prama's Advanced Tweaking Heaven)
Save file editors
Special stat/Pokémon converter
Trainer escape Trainer Pokémon finder

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Search Wiki

 

Search Forums

 

Author Topic: Arbitrary code execution in Red/Blue using the "8F" item  (Read 192515 times)

0 Members and 1 Guest are viewing this topic.

Torchickens

  • Administrator
  • *****
  • Offline Offline
  • Gender: Female
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #60 on: December 07, 2013, 07:52:50 am »
Quote
My item pointer table dumper shows that the valid items point to what they should.

Remember that because of Gen I's broken pointer arithmetic, item with ID $80 acts like $00, $81 like $01, $82 like $02, etc., and your pointer table dumper should take that into account. This would mean that $BB acts like $3B. $3B is an unused 'Coin' item, and that would explain everything, since it's programmed to do nothing.

Japanese Yellow has item $63 ('かいがらバッヂ'), which jumps to $D9B2 - number of Pokemon in the current box. Interestingly enough, on English Yellow, item $63 is 'ws m'...
My ROM (telling by the checksum) seems to be v1.0.

It has an improperly terminated name, so it causes all those wonderful Super Glitch effects, unless its name is made harmless (method of doing this is the same as in international releases)

<offtop>Suddenly, when I wasn't looking, my thread became popular like chocolate ;p</offtop>
Interesting, TheZZAZZGlitch. I never knew that.

Thanks for coming to the rescue! It's pretty cool that 'かいがらバッヂ' happens to be the equivalent of 'w sm' because that is one of the 'mysterious unused text' from Red/Green; ShellBadge.

Btw, I believe that in v1.1 and v1.2 it just locks up in battle on the items list with the white arrow pointer.

I just tested them now. It seems to have a completely different name on Rev A and B ('イ゙ぴま'), instead of  'ぐ(down arrow)へ' and viewing its name doesn't cause characters to be shown the bottom of the screen.

The battle corruption works in all versions, but you have to press A again after the cursor has gone white. Haven't tested if the Pokémon you get are the same.

Quote
Incidentally $BB has a pretty cool effect on my save. It causes some memory corruption in battle and turns the enemy into a level 127 hex: 38 Ketsuban

It has an improperly terminated name, so it causes all those wonderful Super Glitch effects, unless its name is made harmless (method of doing this is the same as in international releases)

<offtop>Suddenly, when I wasn't looking, my thread became popular like chocolate ;p</offtop>

It doesn't seem to have an improperly terminated name in Rev A and Rev B and it still causes corruption.
« Last Edit: December 07, 2013, 07:58:49 am by Torchickens »
Hello. I actually identify as gender questioning, but nowadays feel more firmly that I identify as female. My sex is male but I like to express myself as female.  She/her pronouns, please.


Thank you Myri for my avatar! Thank you Aeriixion for the cute sprite above! :) Roelof also made different variations of the sprite (which I animated).

Contact:

Email Youtube Twitter
Skype: Torchickens
Bulbapedia Starfy Wiki

Beyond all philosophies are the things that go best for you; what makes you feel content. It's important to always follow your heart, so unless you feel perfectly happy about it don't just follow something because it is popular, fits a style or is conventional. Sometimes you may reach a point you're not sure who you are, but as things settle I'm convinced things do work out in time.

TheZZAZZGlitch

  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Unknown opcode fc at 801a
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #61 on: December 07, 2013, 08:15:32 am »
Quote
It doesn't seem to have an improperly terminated name in Rev A and Rev B and it still causes corruption.

It doesn't look like it, but it is improperly terminated. In v1.1 and v1.2, its glitched name contains a $00 character, which (for some unknown reason) causes the text engine to stop reading the name, making it look harmless. But it still does not have the $50 character which is used to terminate text strings, and causes all the Super Glitch-like effects.
qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF

Torchickens

  • Administrator
  • *****
  • Offline Offline
  • Gender: Female
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #62 on: December 07, 2013, 08:22:29 am »
Quote
It doesn't seem to have an improperly terminated name in Rev A and Rev B and it still causes corruption.

It doesn't look like it, but it is improperly terminated. In v1.1 and v1.2, its glitched name contains a $00 character, which (for some unknown reason) causes the text engine to stop reading the name, making it look harmless. But it still does not have the $50 character which is used to terminate text strings, and causes all the Super Glitch-like effects.

Ah, OK.

edit: I'm still confused about something — you have to try to use the item to get the corruption to work, unlike move 00 where glitches would occur by scrolling down (I still don't fully understand why that is though, but I know from your Super Glitch thread the game reads the invalid name from somewhere in battle but not on the summary).

edit2: By the way, your images on your Super Glitch thread no longer work. (Smartfeel gives a 404 Error File Not Found). I thought I'd let you know if you still have those images and want to replace them.
« Last Edit: December 07, 2013, 08:43:56 am by Torchickens »
Hello. I actually identify as gender questioning, but nowadays feel more firmly that I identify as female. My sex is male but I like to express myself as female.  She/her pronouns, please.


Thank you Myri for my avatar! Thank you Aeriixion for the cute sprite above! :) Roelof also made different variations of the sprite (which I animated).

Contact:

Email Youtube Twitter
Skype: Torchickens
Bulbapedia Starfy Wiki

Beyond all philosophies are the things that go best for you; what makes you feel content. It's important to always follow your heart, so unless you feel perfectly happy about it don't just follow something because it is popular, fits a style or is conventional. Sometimes you may reach a point you're not sure who you are, but as things settle I'm convinced things do work out in time.

TheZZAZZGlitch

  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Unknown opcode fc at 801a
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #63 on: December 07, 2013, 08:49:50 am »
Quote
I'm still confused about something — you have to try to use the item to get the corruption to work, unlike move 00 where glitches would occur by scrolling down (I still don't fully understand why that is, though but I know from your Super Glitch thread the game reads the invalid name from somewhere in battle but not on the summary).

The whole corruption effect occurs when the name is loaded into memory. For items, it is when the Use/Toss menu is displayed. For moves, it occurs when hovering the cursor over a glitched move.

For moves, the memory corruption actually occurs 2 times: Once after viewing the moveset/move list, and once when hovering the cursor over the move.

Quote
By the way, your images on your Super Glitch thread no longer works.

I should still have the images somewhere on my disk, replacing them shouldn't be a problem.
qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF qÁF

Torchickens

  • Administrator
  • *****
  • Offline Offline
  • Gender: Female
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #64 on: December 07, 2013, 08:59:38 am »
OK, thanks!
Hello. I actually identify as gender questioning, but nowadays feel more firmly that I identify as female. My sex is male but I like to express myself as female.  She/her pronouns, please.


Thank you Myri for my avatar! Thank you Aeriixion for the cute sprite above! :) Roelof also made different variations of the sprite (which I animated).

Contact:

Email Youtube Twitter
Skype: Torchickens
Bulbapedia Starfy Wiki

Beyond all philosophies are the things that go best for you; what makes you feel content. It's important to always follow your heart, so unless you feel perfectly happy about it don't just follow something because it is popular, fits a style or is conventional. Sometimes you may reach a point you're not sure who you are, but as things settle I'm convinced things do work out in time.

Wack0

  • Coder, reverser, beta collector [BetaArchive staff]
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • cBRH - Doing nothing since 2k7
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #65 on: December 07, 2013, 09:14:21 am »
For items, it is when the Use/Toss menu is displayed.

So the nice freeze when the Use/Toss menu should be displayed makes sense...
C H E C K E D . B U I L D S . A R E . A W E S O M E N E S S

BetaArchiveSoftHistory Forumsirc.rol.im #galaxy,#softhistory

Also known as The Distractor.

Shane, please stop telling children that there's a Mew outside under the delivery trucks. - Management

Pokémon: arbitrary code execution 1996-2016

Wack0

  • Coder, reverser, beta collector [BetaArchive staff]
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • cBRH - Doing nothing since 2k7
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #66 on: December 07, 2013, 10:35:29 am »
And now for something completely different:

Enter the Hall of Fame with 8F:

Does what it says. This is for R/B English, offsets will be different everywhere else.

Code: [Select]
ld c,$16
ld h,$64
ld l,$bb
ld b,c
ld b,b
call $35d6
ret

0e 16 26 64 2e bb 41 40 cd d6 35 c9

Awakening  x 22
Carbos     x100
X Accuracy x187
X Attack   x 64
TM05       x214
Revive     x201


This basically calls a function labeled in the pokered disasm as "HallofFameRoomScript2". It basically changes some addresses, saves (using a function called "SaveSAVToSRAM"), and calls a function that does hall of fame and credits, then at "The End" waits for a button press and jumps to a function called "InitGame" (soft reset).
« Last Edit: December 07, 2013, 10:35:59 am by Wack0 »
C H E C K E D . B U I L D S . A R E . A W E S O M E N E S S

BetaArchiveSoftHistory Forumsirc.rol.im #galaxy,#softhistory

Also known as The Distractor.

Shane, please stop telling children that there's a Mew outside under the delivery trucks. - Management

Pokémon: arbitrary code execution 1996-2016

Torchickens

  • Administrator
  • *****
  • Offline Offline
  • Gender: Female
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #67 on: December 07, 2013, 10:47:38 am »
Here is a list of 'w sm' cheats I made for Pokémon Yellow. Most of them are simple but some could possibly be improved if no glitch items are required/key items with more than one quantity. Thanks TheZZAZZGlitch for the original versions of at least two of these codes.

The unused tune code is based on this video but Pokechu22 found that you can just change addresses C007, C009 and C00B to $68. I'm not sure if that allows for a better set-up.

I thought I'd post these after Wack0 posted his Hall of Fame code.
__________________________________
Walk through walls (ledge required):

EA 13 D7 C9

Code: [Select]
ld (D713), a
ret

TM34 x19
TM15 x201

___________________________________
Walk through walls (no ledge needed):

3E 01 EA 38 CD C9

Code: [Select]
ld a, 01
ld (CD38), a
ret

Lemonade x1
TM34 x56
TM05 x201

___________________________________

Play RBY unused tune:


93 8C F8 F7 02 40 CD 7D 2D C9


Code: [Select]
sub e
adc a,l
ld hl, sp
rst $30
ld (bc), a
ld b,b
call $7D2D
ret

Anywhere not specified: w sm
Item 3: Glitch item 93h x140
Item 4: TM48 x247
Item 5: Ultra Ball x64
Item 6: TM05 x125
Item 7: Bike Voucher x201
____________________________________________________________________________

Steal other Trainer's Pokémon/escape from Trainer battle:

3E 01 EA 56 D0 C9

Code: [Select]
ld a, 01
ld (D056), a
ret

Lemonade x1
TM34 x86
TM08 x201

___________________________________________________________________________________

Play Gym Leader music:

Code: [Select]
WRA1: D321 EA 5B D0               ld (D05B), a  : Put 63h into D05B
WRA1: D324 C9                     ret

Item 3 = TM34 x 91
Item 4 = TM08 x 201
___________________________________________________________________________________

Battle Safari Zone style:

Code: [Select]
WRA1: D321 3E 02                  ld a, 02 : Put 02h into a
WRA1: D324 EA 59 D0               ld (D059), a  : Put 02h into D059
WRA1: D327 C9   ret

Lemonade x2
TM34 x89
TM08 x201

___________________

Hurry, get away! battle:

Code: [Select]
WRA1: D321 3E 03                  ld a, 03 : Put 02h into a
WRA1: D323 EA 59 D0               ld (D059), a  : Put 03h into D059
WRA1: D326 C9   ret

Lemonade x3
TM34 x89
TM08 x201

___________________

Battle any Pokémon 1 : ID = item 3 quantity (level =last Pokémon battled/withdrawn)

3E xx EA 58 D0 C9

Code: [Select]
ld a, xx
ld (D058),a
ret

Lemonade x1
TM34 x88
TM08 x201

____________________________________________________________________________________

Battle any Pokémon 2 : ID = item 1 quantity (level =last Pokémon battled/withdrawn)


Code: [Select]
WRA1:D321 FA 1E D3         ld   a,(D31E)
WRA1:D324 04               inc  b
WRA1:D325 EA 58 D0         ld   (D058),a
WRA1:D328 C9               ret

TM50 x 30
TM11 x 04
TM34 x 88
TM08 x 201

_____________________________________________________________________________________

Battle any Pokémon (level = 1st item quantity. ID = 6th item quantity)

WRA1:D321 FA 1E D3         ld   a,(D31E)
WRA1:D324 EA 26 D1         ld   (D126),a

3E xx EA 58 D0 C9

Code: [Select]
ld a, (D31E)
ld (D126),a
ld a,02
ld (D058),a
ret

TM50 x30
TM11 x234
Carbos x209
Lemonade x (X)
TM34 x88
TM08 x201

_____________________________________________________________________________________


Change the second item +1

Code: [Select]
WRA1:D321 0C               inc  c
WRA1:D322 2B               dec  hl
WRA1:D323 0D               dec  c
WRA1:D324 2B               dec  hl
WRA1:D329 34               inc  (hl)
WRA1:D32A C9               ret

Burn Heal x43
Ice Heal x43
Full Heal x201

________________

Change the enemy species in battle

3E xx EA D7 CF C9

Lemonade x (X)
TM34 x 215
TM07 x 201

Code: [Select]
ld a, (xx)
ld (CFD7), a
ret

________________

Champion Blue's team

3E xx EA 14 D7 C9

Code: [Select]
ld a, xx
ld (D714), a
ret

Examples: 05 : one Gastly level 22, 77h: level 152 Q

Lemonade x (X)
TM34 x20
TM15 x201

________________

See the unused town's Town Map data (requires Town Map/Fly):

3E 0B EA 5D D3 C9

Code: [Select]
ld a, 0B
ld (D35D), a
ret

Lemonade x11
TM34 x93
TM11 x201

_______________

Map exit modifier:

3E xx EA 64 D3 C9

Code: [Select]
ld a, xx
ld (D36E), a
ret

Lemonade x (X)
TM34 x 100
TM11 x 201

______________

Make Pikachu stay:

Code: [Select]
06 16 | ld b -> 16
26 39 | ld h (39)
2E 64 | ld l (64)
CD 84 3E | call $3E84
C9 | ret

Bicycle x22
Carbos x57
X Accuracy x100
TM05 x132
Lemonade x201

_______________

Trigger Hall of Fame script (not recommended because you can walk up and get bad glitch text and maybe go off the boundaries. Additionally, you need two more glitch items):

3E 39 EA 6D D3 3E 64 EA 6E D3 3E 76 EA 5D D3 C9

Code: [Select]
ld a, 39
ld (D36D), a
ld a, 64
ld (D36E), a
ld a,76
ld (D35D), a
ret

Lemonade x57
TM34 x109
TM11 x62
glitch item 64h x234
glitch item 6Eh x211
Lemonade x118
TM34 x 93
TM11 x 201

_______________

Map color modifier:

3E xx EA 5C D3 C9

Code: [Select]
ld a, xx
ld (D35C), a
ret

Lemonade x (X)
TM34 x92
TM11 x201

_________________
Pikachu's happiness modifier:

3E xx EA 6F D4 C9

Code: [Select]
ld a, xx
ld (D46F), a
ret

Lemonade x (X)
TM34 x 111
TM12 x 201

__________________
Teach Pokémon 1 Surf (first move):

3E 39 EA 72 D1 C9

Code: [Select]
ld a, xx
ld (D172), a
ret

Lemonade x 57
TM34 x 114
TM09 x 201

__________________

Music tempo modifier:

3E xx EA E9 C0 C9

Code: [Select]
ld a, xx
ld (C0E9),a
ret

Lemonade x (X)
TM34 x 233
'small hiragana a' x 201
« Last Edit: December 07, 2013, 02:12:51 pm by Torchickens »
Hello. I actually identify as gender questioning, but nowadays feel more firmly that I identify as female. My sex is male but I like to express myself as female.  She/her pronouns, please.


Thank you Myri for my avatar! Thank you Aeriixion for the cute sprite above! :) Roelof also made different variations of the sprite (which I animated).

Contact:

Email Youtube Twitter
Skype: Torchickens
Bulbapedia Starfy Wiki

Beyond all philosophies are the things that go best for you; what makes you feel content. It's important to always follow your heart, so unless you feel perfectly happy about it don't just follow something because it is popular, fits a style or is conventional. Sometimes you may reach a point you're not sure who you are, but as things settle I'm convinced things do work out in time.

Wack0

  • Coder, reverser, beta collector [BetaArchive staff]
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • cBRH - Doing nothing since 2k7
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #68 on: December 07, 2013, 11:10:16 am »
Enter the Hall of Fame with "ws m" in English Yellow:



Code: [Select]
ld c,$16
ld h,$64
ld l,$56
ld b,c
ld b,b
call $3e84
ret

0e 16 26 64 2e 56 41 40 cd 84 3e c9

Awakening  x 22
Carbos     x100
X Accuracy x 86
X Attack   x 64
TM05       x132
Lemonade   x201
C H E C K E D . B U I L D S . A R E . A W E S O M E N E S S

BetaArchiveSoftHistory Forumsirc.rol.im #galaxy,#softhistory

Also known as The Distractor.

Shane, please stop telling children that there's a Mew outside under the delivery trucks. - Management

Pokémon: arbitrary code execution 1996-2016

Wack0

  • Coder, reverser, beta collector [BetaArchive staff]
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • cBRH - Doing nothing since 2k7
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #69 on: December 07, 2013, 11:56:20 am »
Play Pikachu's Beach in US Yellow:
Please note; the menus don't spawn when you exit Pikachu's Beach, just press B twice to exit them.



Code: [Select]
ld c,$3e
ld h,$40
dec e
ld l,e
ld a,a
ld b,c
ld b,b
call $3e84
ret

0e 3e 26 40 1D 6B 41 40 cd 84 3e c9

Awakening   x 62
Carbos      x 64
Escape Rope x107
X Attack    x 64
TM05        x132
Lemonade    x201
C H E C K E D . B U I L D S . A R E . A W E S O M E N E S S

BetaArchiveSoftHistory Forumsirc.rol.im #galaxy,#softhistory

Also known as The Distractor.

Shane, please stop telling children that there's a Mew outside under the delivery trucks. - Management

Pokémon: arbitrary code execution 1996-2016

Torchickens

  • Administrator
  • *****
  • Offline Offline
  • Gender: Female
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #70 on: December 07, 2013, 12:05:17 pm »
For those who are curious, the Pikachu's Beach code starts at 3E:4000. That's 0xF8000.

Part of the Pikachu's Beach code starts at 3E:407A (0xF807A), but executing that alone will cause glitches, including the music not changing and the HP value not displayed correctly. (That pointer in Japanese Yellow can be found here.)
Hello. I actually identify as gender questioning, but nowadays feel more firmly that I identify as female. My sex is male but I like to express myself as female.  She/her pronouns, please.


Thank you Myri for my avatar! Thank you Aeriixion for the cute sprite above! :) Roelof also made different variations of the sprite (which I animated).

Contact:

Email Youtube Twitter
Skype: Torchickens
Bulbapedia Starfy Wiki

Beyond all philosophies are the things that go best for you; what makes you feel content. It's important to always follow your heart, so unless you feel perfectly happy about it don't just follow something because it is popular, fits a style or is conventional. Sometimes you may reach a point you're not sure who you are, but as things settle I'm convinced things do work out in time.

Wack0

  • Coder, reverser, beta collector [BetaArchive staff]
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • cBRH - Doing nothing since 2k7
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #71 on: December 07, 2013, 01:09:44 pm »
Enter the Hall of Fame with 5kai in Japanese R/G v1.0:

Code: [Select]
ld c,$16
ld h,$7b
ld l,$e4
ld b,c
ld b,b
call $3620
ret

0e 16 26 7b 2e e4 41 40 cd 20 36 c9

Awakening  x 22
Carbos     x123
X Accuracy x228
X Attack   x 64
TM05       x 45
Max Revive x201


...and in Japanese Blue:



Code: [Select]
ld c,$16
ld h,$7e
ld l,$29
ld b,c
ld b,b
call $3636
ret

0e 16 26 7e 2e 29 41 40 cd 36 36 c9

Awakening  x 22
Carbos     x126
X Accuracy x 41
X Attack   x 64
TM05       x 54
Max Revive x201
« Last Edit: December 08, 2013, 09:25:58 am by Wack0 »
C H E C K E D . B U I L D S . A R E . A W E S O M E N E S S

BetaArchiveSoftHistory Forumsirc.rol.im #galaxy,#softhistory

Also known as The Distractor.

Shane, please stop telling children that there's a Mew outside under the delivery trucks. - Management

Pokémon: arbitrary code execution 1996-2016

Wack0

  • Coder, reverser, beta collector [BetaArchive staff]
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • cBRH - Doing nothing since 2k7
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #72 on: December 07, 2013, 02:50:53 pm »
Enter the Hall of Fame with かいがらバッヂ in Japanese Yellow v1.1 and v1.2:



Code: [Select]
ld c,$16
ld h,$7d
ld l,$c8
ld b,c
ld b,b
call $3e7e
ret

0e 16 26 7d 2e c8 41 40 cd 7e 3e c9

Awakening  x 22
Carbos     x125
X Accuracy x200
X Attack   x 64
TM05       x126
Lemonade   x201
« Last Edit: December 08, 2013, 09:26:11 am by Wack0 »
C H E C K E D . B U I L D S . A R E . A W E S O M E N E S S

BetaArchiveSoftHistory Forumsirc.rol.im #galaxy,#softhistory

Also known as The Distractor.

Shane, please stop telling children that there's a Mew outside under the delivery trucks. - Management

Pokémon: arbitrary code execution 1996-2016

Wack0

  • Coder, reverser, beta collector [BetaArchive staff]
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • cBRH - Doing nothing since 2k7
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #73 on: December 07, 2013, 02:56:44 pm »
Play Pikachu's Beach with かいがらバッヂ in Japanese Yellow v1.1 and v1.2:



Code: [Select]
ld c,$3e
ld h,$40
dec e
ld l,e
ld a,a
ld b,c
ld b,b
call $3e7e
ret

0e 3e 26 40 1D 6B 41 40 cd 7e 3e c9

Awakening   x 62
Carbos      x 64
Escape Rope x107
X Attack    x 64
TM05        x126
Lemonade    x201
« Last Edit: December 08, 2013, 09:26:19 am by Wack0 »
C H E C K E D . B U I L D S . A R E . A W E S O M E N E S S

BetaArchiveSoftHistory Forumsirc.rol.im #galaxy,#softhistory

Also known as The Distractor.

Shane, please stop telling children that there's a Mew outside under the delivery trucks. - Management

Pokémon: arbitrary code execution 1996-2016

Wack0

  • Coder, reverser, beta collector [BetaArchive staff]
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • cBRH - Doing nothing since 2k7
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #74 on: December 07, 2013, 03:25:42 pm »
Enter the Hall of Fame with P7 in Spanish R/B:



Code: [Select]
ld c,$16
ld h,$64
ld l,$bb
ld b,c
ld b,b
call $35f5
ret

0e 16 26 64 2e bb 41 40 cd f5 35 c9

Awakening (Despertar)    x 22
Carbos (Carburante)      x100
X Accuracy (Precisión X) x187
X Attack (Ataque X)      x 64
TM05 (MT05)              x245
Revive (Revivir)         x201
« Last Edit: December 07, 2013, 03:49:09 pm by Wack0 »
C H E C K E D . B U I L D S . A R E . A W E S O M E N E S S

BetaArchiveSoftHistory Forumsirc.rol.im #galaxy,#softhistory

Also known as The Distractor.

Shane, please stop telling children that there's a Mew outside under the delivery trucks. - Management

Pokémon: arbitrary code execution 1996-2016