Main Menu
Main Page
Forums
Recent changes
Random page
Help

Databases
GlitchDex
AttackDex
ItemDex

Major Glitches
Trainer escape glitch
Old man trick
Celebi trick
Select glitches (Japan)
SRAM glitch
CoolTrainer♀ corruption
LOL glitch
Rival LOL glitch
Super Glitch
ZZAZZ glitch
Pomeg corruption glitch (Glitzer Popping)
Tweaking
Elite Four door glitch (Japan)
Pokémon merge glitch
Pokémon cloning
Time Capsule exploit
Arbitrary code execution
Coin Case glitch
More

Other Glitch Categories
Glitches by generation
Glitches between two generations
Japan-only/language specific glitches
Music glitches
Natural glitches
Non-core series glitches
Non-Pokémon glitches
Officially acknowledged glitches
Recurring glitches
Dead glitches

References
Pokémon GameShark codes
The Big HEX List
GB programming
Curiosities
Debugging features
Easter eggs
Error traps
Glitch areas
Glitch myths
Non-glitch exploits
Placeholder texts
Pokémon glitch terminology
Unused content and prerelease information

Useful Tools
8F Helper
GBz80 to Items
Old man trick name generator
PATH (Prama's Advanced Tweaking Heaven)
Save file editors
Special stat/Pokémon converter
Trainer escape Trainer Pokémon finder

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Search Wiki

 

Search Forums

 

Author Topic: “Abnormal” Pokémon: $FE trade corruption for fun and profit  (Read 2436 times)

0 Members and 1 Guest are viewing this topic.

Háčky

  • Distinguished Member
  • *
  • Offline Offline
  • Pick which packet as an error?
    • View Profile
As Torchickens has documented, taking a Pokémon with index number $FE in either Generation I or II into a trade or link battle with a Generation II game causes everything in the party to appear corrupted to the other game—shifted by one byte, to be more specific. Typically, this prevents trading, because everything will appear to be “abnormal” to the other game. (Note: I haven’t looked very far into exactly why this corruption happens, but the code starting at $2879E in Crystal looks extremely suspicious.)

What makes a Pokémon “abnormal”, anyway? The function at $FB57E in Crystal checks three things for Pokémon traded from Generation I:

1. The Pokémon must not be a hybrid, unless it’s an Egg. (There’s no way for a Generation I Pokémon to be seen as an Egg in Generation II, because $FD does not appear in the conversion table.)
2. The Pokémon’s level (offset $21 in the Generation I Pokémon data structure; offset $03 is ignored) must not be over 100.
3. The Pokémon’s types must be correct, unless it’s a Magnemite or Magneton (because they gained the Steel type in Generation II).

When $FE shifts the Generation I data structure, the least significant byte of the Pokémon’s remaining HP will become its species, its Type 2 will become its Type 1, its catch rate/held item will become its Type 2, and the least significant byte of its maximum HP will become its level. There are at least three ways to engineer things so that all these values will look okay after the corruption:

1. Get a Magneton with 54 HP remaining out of a total HP of 256 or higher.
2. Get any single-typed Pokémon in Generation II (except Normal or Bug type), with the same remaining HP as its index number in Generation I, and a total HP either less than 100 or between 256 and 356 (for example, a Krabby with 78/78 HP can be used, and you might be able to catch one of those by fishing in Whirl Islands 1F with a Super Rod). Give it the item with the same index number as its type: Fighting→Master Ball, Poision→BrightPowder, Ground→Great Ball, Rock→Poké Ball, Ghost→Moon Stone, Fire→Repel, Water→Max Elixer, Grass→Fire Stone, Electric→ThunderStone, Psychic→Water Stone, Dragon→HP Up, Dark→Protein. Then send it to Generation I normally (using the Johto guard glitch if necessary) before trading it back to Generation II with $FE corruption.
3. Get any Pokémon in Generation II with HP that corresponds to the Generation I index number of any single-typed Pokémon (except Normal or Bug type) which is the same as its own second type. Give it the item with the same index number as that Pokémon’s type. Send it to Generation I normally (using the Johto guard glitch if necessary), hybridize it with that Pokémon, and then trade it back to Generation II with $FE corruption.

(Normal is index $00, which corresponds with an item named ?, and Bug is $07, which corresponds with a Teru-sama. There are no pure Flying, Steel, or Ice-types in Generation II.)

When a corrupted Pokémon is received, its name and OT will be missing the first letter, its current HP will be its original level × 256, it may have multiple status conditions based on its type, it will be holding an item based on the index number of its first move, and its fourth move will be based on the least significant byte of the OT ID number and have PP based on its original level. Its stats, experience points, IVs, and EVs will probably be greatly increased, except for Special Attack and Special Defense which have to be recalculated.

Another thing I’ve noticed is that, if you put two $FE Pokémon in your party, everything will be shifted by two bytes, three $FEs will shift everything by three bytes, and so on. A three-byte shift would turn a Pokémon’s level into its species, its first two moves into its two types, and the least significant byte of its Attack stat into its level.

This might be the easiest method: get a level 54 Magneton, which should have less than 100 Attack unless its EV is too high, and corrupt it with three $FEs in the party. You can teach it TM33 Reflect as its third move so that it will be holding a GS Ball, or TM44 Rest so it will hold a Sacred Ash. (Unfortunately, Magnemite and Magneton don’t learn any moves with indices under 100 that correspond to key items, so this method won’t provide everything needed to corrupt the Balls pocket.)

It should be even easier to mess around with this in a trade between two Generation II games, if there’s a convenient way to obtain ????? ($FE). Obviously it can be done with arbitrary code execution, but I don’t know how much setup that would require.
« Last Edit: July 03, 2014, 12:07:39 am by Háčky »

Wack0

  • Coder, reverser, beta collector [BetaArchive staff]
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • cBRH - Doing nothing since 2k7
    • View Profile
Re: “Abnormal” Pokémon: $FE trade corruption for fun and profit
« Reply #1 on: July 03, 2014, 09:32:47 am »
Quote
Magnemite and Magneton don’t learn any moves with indices under 100 that correspond to key items

given that that function does not check moves, couldn't you just use 8F/ws m to force such a move onto the Pokémon?
C H E C K E D . B U I L D S . A R E . A W E S O M E N E S S

BetaArchiveSoftHistory Forumsirc.rol.im #galaxy,#softhistory

Also known as The Distractor.

Shane, please stop telling children that there's a Mew outside under the delivery trucks. - Management

Pokémon: arbitrary code execution 1996-2016

rortik

  • GCLF Member
  • Offline Offline
  • Pokemon Yellow: Best game ever
    • View Profile
Re: “Abnormal” Pokémon: $FE trade corruption for fun and profit
« Reply #2 on: July 03, 2014, 01:06:44 pm »
However if we can find a consistent and fairly quick way to get a hold of ?????, then this glitch would be much more exploitable.


As it is we can't do much if it's only Magneton.



Now I have even more incentive to find a way to get ????? quickly...
~Rortik

Torchickens

  • Administrator
  • *****
  • Offline Offline
  • Gender: Female
    • View Profile
Re: “Abnormal” Pokémon: $FE trade corruption for fun and profit
« Reply #3 on: July 03, 2014, 03:20:47 pm »
1. The Pokémon must not be a hybrid, unless it’s an Egg. (There’s no way for a Generation I Pokémon to be seen as an Egg in Generation II, because $FD does not appear in the conversion table.)
2. The Pokémon’s level (offset $21 in the Generation I Pokémon data structure; offset $03 is ignored) must not be over 100.
3. The Pokémon’s types must be correct, unless it’s a Magnemite or Magneton (because they gained the Steel type in Generation II).

Thanks for your explanation. I'm glad you found that there's a use for the FE corruption trick.

With your explanation, I found that you can trade at least Missingno. to Generation II.

Missingno. hex:50 is considered as a Remoraid in Generation II, so if you use 8F/ws m to change its type in memory to Water/Water (15h, 15h) it becomes tradeable.

Are there any glitch Pokémon that have the same type as its Generation II Pokémon? We could probably trade this glitch Pokémon into Generation II without 8F/ws m.

Note that some types on glitch Pokémon are called Normal but they aren't actually Normal, rather a glitch type called Normal. If I remember rightly this applies to at least 94's "Ghost" type as well.

However if we can find a consistent and fairly quick way to get a hold of ?????, then this glitch would be much more exploitable.


As it is we can't do much if it's only Magneton.



Now I have even more incentive to find a way to get ????? quickly...

Just a note: The abnormal Pokémon message may appear when trading between two Generation II games too.


Edit: Following what I wrote about trading a Missingno. to Generation II by making it Water type, I found a glitch Pokémon that may be tradeable to Generation II. It's a hybrid, so you can get no key items from it without arbitrary code execution, but:

OPkMn4X (hex:CF) is Bug/Poison type.

On Generation II it's read as an Ariados, which is also Bug/Poison type.

Thinking about it though, this glitch Pokémon is a non-Ditto trick obtainable (because it's index number is greater than 199) so you couldn't get its 'natural' hold item anyway(?).
« Last Edit: July 03, 2014, 04:37:22 pm by Torchickens »
Hello. I actually identify as gender questioning, but nowadays feel more firmly that I identify as female. My sex is male but I like to express myself as female.  She/her pronouns, please.


Thank you Myri for my avatar! Thank you Aeriixion for the cute sprite above! :) Roelof also made different variations of the sprite (which I animated).

Contact:

Email Youtube Twitter
Skype: Torchickens
Bulbapedia Starfy Wiki

Beyond all philosophies are the things that go best for you; what makes you feel content. It's important to always follow your heart, so unless you feel perfectly happy about it don't just follow something because it is popular, fits a style or is conventional. Sometimes you may reach a point you're not sure who you are, but as things settle I'm convinced things do work out in time.

Háčky

  • Distinguished Member
  • *
  • Offline Offline
  • Pick which packet as an error?
    • View Profile
Re: “Abnormal” Pokémon: $FE trade corruption for fun and profit
« Reply #4 on: July 03, 2014, 05:35:06 pm »
Quote
Magnemite and Magneton don’t learn any moves with indices under 100 that correspond to key items

given that that function does not check moves, couldn't you just use 8F/ws m to force such a move onto the Pokémon?
Well, yes, but if you’re using 8F/ws m, you might as well set the catch rate/held item byte and whatever other stats you want to corrupt directly rather than relying on $FE to do the job.

Another option I somehow forgot to consider is that you should be able to take any level 54 Pokémon with Attack of 100 or less and hybridize it with Magneton. That way, you can start with whatever Pokémon learns the move you want to turn into an item. (Conceivably, it should be possible to use a triple-shift for something other than Magnemite/Magneton if its first two moves correspond to its types, but I don’t know if there’s any way that would be feasible.)

Are there any glitch Pokémon that have the same type as its Generation II Pokémon? We could probably trade this glitch Pokémon into Generation II without 8F/ws m.
It looks like we’ve got no less than eight in the English versions, and one of them is even obtainable with the Ditto trick:

P ($CB) shares the Pokédex number of Pidgeotto in Red/Blue and becomes Noctowl.
O PkMn4 X ($CF) shares the Pokédex number of Beedrill in Red/Blue and becomes Ariados.
’N g ゥ¥ ($F8) shares the Pokédex number of Rattata in Red/Blue and becomes Snubbull.
4. . ($C5) shares the Pokédex number of Golduck in Yellow and becomes Totodile.
ゥ ($D4) shares the Pokédex number of Snorlax in Yellow and becomes Cleffa.
B ($D7) shares the Pokédex number of Pidgey in Yellow and becomes Togetic.
Z ゥ ($E5) shares the Pokédex number of Persian in Yellow and becomes Aipom.
▼ pゥ ($F5) shares the Pokédex number of Snorlax in Yellow and becomes Dunsparce.

Just a note: The abnormal Pokémon message may appear when trading between two Generation II games too.
I think (haven’t confirmed) it’s only the species and level that are checked, since types aren’t stored in the Pokémon data in Generation II.

Háčky

  • Distinguished Member
  • *
  • Offline Offline
  • Pick which packet as an error?
    • View Profile
Re: “Abnormal” Pokémon: $FE trade corruption for fun and profit
« Reply #5 on: July 04, 2014, 09:53:08 pm »
Oh, there’s one more glitch Pokémon you can trade across time.

Do the Ditto trick using a Rock/Ground-type Pokémon (Onix or the Geodude family) with a special stat of 182. Since the fossil/ghost Missingno. take their base stats in a wild battle from whatever your last encounter was, you’ll run into a Rock/Ground-type Kabutops fossil Missingno., which becomes Pupitar when traded to Generation II.

Doing this with the Aerodactyl fossil or ghost forms of Missingno. requires a Rock/Dark (Tyranitar) or Psychic/Flying (Lugia) Pokémon, which aren’t normally available in Generation I.



Something I wanted to document, although unfortunately it turns out not to be useful, is how the species index is converted between Generation I and Generation II. The conversion table (at $FBA26 in Gold/Silver, $FB91C in Crystal) is stored in order of Generation I indices, starting from 1, and each byte is the corresponding Generation II index (which is always the same as the Pokédex number). The first entry is $70, which means index number 1 (Rhydon) from Generation I becomes $70 when traded to Generation II. To convert a Generation II Pokémon back to Generation I format, the game reads through this table until it finds a value that matches, while keeping a running tally of how far into the table it is, so a Pokémon with index $73 (Kangaskhan) in Generation II will be converted to $02 in Generation I, because $73 is the second entry in the table.

The first 250 entries in the table are straightforward and well-documented; all Pokémon from Bulbasaur to Ho-Oh are given a conversion. Inexplicably, entries 251 and 252 are both $CA. (I guess it’s possible someone was trying to make a joke based on Wobbuffet’s name in Japanese?) The conversions for Generation I indices 253–255 and 0 come from the first four bytes of the following program code. Index 253 becomes $FA (Ho-Oh) and index 0 becomes $4F (Slowpoke), but the values for indices 254 and 255 represent a pointer which differs in some versions of the game:

Japanese Gold/Silver: $FE → $10 (Pidgey), $FF → $D1 (Snubbull)
Japanese Crystal: $FE → $65 (Electrode), $FF → $D2 (Granbull)
Korean Gold/Silver: $FE → $DB (Magcargo), $FF → $D1 (Snubbull)
International Gold/Silver: $FE → $1E (Nidorina), $FF → $D1 (Snubbull)
International Crystal: $FE → $34 (Meowth), $FF → $D2 (Granbull)

Since $FB–$FF and $00 never appear as values in the conversion table, there’s no way to get Celebi, an Egg, or any of the ????? variants into a Generation II game by trading them from Generation I. But what if you try to send those Pokémon from Generation II to Generation I? The game will keep searching past the end of the conversion table until it finds the value it’s looking for. Specifically, in the English versions, it will find the values at these positions (modulo 256):

Gold/Silver: $00 → $18 (Rhyhorn), $FB → ??, $FC → $65 (Wigglytuff), $FD → ??, $FE → $38 (Missingno.), $FF → $39 (Mankey)
Crystal: $00 → $18 (Rhyhorn), $FB → $63 (Omastar), $FC → $41 (Venonat), $FD → ??, $FE → $38 (Missingno.), $FF → $39 (Mankey)

$FB in Gold/Silver and $FD in all three games don’t appear anywhere in the remainder of the ROM bank containing the conversion table. When that happens, the game continues its search into RAM until it finds the value it’s looking for. That’s why trading Celebi from Gold/Silver back to Generation I using the Johto guard glitch gives unpredictable results—the converted species is based on the position that an $FB byte happens to be lying around in RAM.

Torchickens

  • Administrator
  • *****
  • Offline Offline
  • Gender: Female
    • View Profile
Re: “Abnormal” Pokémon: $FE trade corruption for fun and profit
« Reply #6 on: July 05, 2014, 07:45:55 am »
Great research. Thanks Háčky. I will read it carefully later.  :D

Yeah, I knew about the conversion table before thanks to Koolboyman.

I think showing this image again I made in the past will be useful.



The $CA, $CA, $FA values follow.

What FB/FD is when traded back to R/B/Y sounds hard to predict from what you said, though it would be interesting if we could get FB, FC and FD (FE can be obtained by evolving Yellow's ァ / g J 1 (hex:C9) at level 60) without remaining HP glitch (which only works with a box 1 that was never filled) or Generation I arbitrary code execution.

Edit:

but the values for indices 254 and 255 represent a pointer which differs in some versions of the game:

Japanese Gold/Silver: $FE → $10 (Pidgey), $FF → $D1 (Snubbull)
Japanese Crystal: $FE → $65 (Electrode), $FF → $D2 (Granbull)
Korean Gold/Silver: $FE → $DB (Magcargo), $FF → $D1 (Snubbull)
International Gold/Silver: $FE → $1E (Nidorina), $FF → $D1 (Snubbull)
International Crystal: $FE → $34 (Meowth), $FF → $D2 (Granbull)

I don't get how to find these Pokémon. Thanks to Datacrystal I know how to convert a pointer to a ROM address, and the relevant area seems to be in bank 3E.

What actually are the pointers though? Following the FA value (index 253 into Ho-Oh) in English Gold/Silver is 1E D1. I tried following 3E:1ED1 as a pointer but it didn't lead to a 1E (Nidorina) value.
« Last Edit: July 05, 2014, 09:47:23 am by Torchickens »
Hello. I actually identify as gender questioning, but nowadays feel more firmly that I identify as female. My sex is male but I like to express myself as female.  She/her pronouns, please.


Thank you Myri for my avatar! Thank you Aeriixion for the cute sprite above! :) Roelof also made different variations of the sprite (which I animated).

Contact:

Email Youtube Twitter
Skype: Torchickens
Bulbapedia Starfy Wiki

Beyond all philosophies are the things that go best for you; what makes you feel content. It's important to always follow your heart, so unless you feel perfectly happy about it don't just follow something because it is popular, fits a style or is conventional. Sometimes you may reach a point you're not sure who you are, but as things settle I'm convinced things do work out in time.

Háčky

  • Distinguished Member
  • *
  • Offline Offline
  • Pick which packet as an error?
    • View Profile
Re: “Abnormal” Pokémon: $FE trade corruption for fun and profit
« Reply #7 on: July 05, 2014, 09:54:11 am »
I don't get how to find these Pokémon. Thanks to Datacrystal I know how to convert a pointer to a ROM address, and the relevant area seems to be in bank 3E.

What actually are the pointers though? Following the FA value (index 253 into Ho-Oh) in English Gold/Silver is 1E D1. I tried following 3E:1ED1 as a pointer but it didn't lead to a 1E (Nidorina) value.
The conversion routine isn’t following a pointer; it’s just using those two bytes, which happen to represent a RAM address that changed between versions, as the Generation II equivalents of $FE and $FF, because they’re at offsets $FD and $FE from the start of the table (and the table starts with 1).

Torchickens

  • Administrator
  • *****
  • Offline Offline
  • Gender: Female
    • View Profile
Re: “Abnormal” Pokémon: $FE trade corruption for fun and profit
« Reply #8 on: July 05, 2014, 06:53:52 pm »
I don't get how to find these Pokémon. Thanks to Datacrystal I know how to convert a pointer to a ROM address, and the relevant area seems to be in bank 3E.

What actually are the pointers though? Following the FA value (index 253 into Ho-Oh) in English Gold/Silver is 1E D1. I tried following 3E:1ED1 as a pointer but it didn't lead to a 1E (Nidorina) value.
The conversion routine isn’t following a pointer; it’s just using those two bytes, which happen to represent a RAM address that changed between versions, as the Generation II equivalents of $FE and $FF, because they’re at offsets $FD and $FE from the start of the table (and the table starts with 1).

OK. Thanks. I didn't pick up that 1E was Nidorina's index number and D1 was Snubbull.
Hello. I actually identify as gender questioning, but nowadays feel more firmly that I identify as female. My sex is male but I like to express myself as female.  She/her pronouns, please.


Thank you Myri for my avatar! Thank you Aeriixion for the cute sprite above! :) Roelof also made different variations of the sprite (which I animated).

Contact:

Email Youtube Twitter
Skype: Torchickens
Bulbapedia Starfy Wiki

Beyond all philosophies are the things that go best for you; what makes you feel content. It's important to always follow your heart, so unless you feel perfectly happy about it don't just follow something because it is popular, fits a style or is conventional. Sometimes you may reach a point you're not sure who you are, but as things settle I'm convinced things do work out in time.