Main Menu
Main Page
Forums
Recent changes
Random page
Help

Databases
GlitchDex
AreaDex
AttackDex
DexDex
ItemDex
StatDex
TMHMDex
TrainerDex
TypeDex
UnownDex
More

Major Glitches
Trainer escape glitch
Old man trick
Celebi Egg trick
Select glitches (Japan)
SRAM glitch
CoolTrainer♀ corruption
LOL glitch
Rival LOL glitch
Super Glitch
ZZAZZ glitch
Pomeg data corruption glitch (Glitzer Popping)
Tweaking
Elite Four door glitch (Japan)
Pokémon merge glitch
Pokémon cloning
Time Capsule exploit
Arbitrary code execution
Coin Case glitches
More

Other Glitch Categories
Glitches by generation
Glitches between two generations
Japan-only/language specific glitches
Music glitches
Natural glitches
Non-core series glitches
Non-Pokémon glitches
Officially acknowledged glitches
Recurring glitches
Dead glitches

References
Pokémon GameShark codes
The Big HEX List
Glitch Pokémon cries
GB programming
Curiosities
Debugging features
Easter eggs
Error traps
Glitch areas
Glitch myths
Non-glitch exploits
Placeholder texts
Pokémon glitch terminology
Unused content and prerelease information

Useful Tools
8F Helper
GBz80 to Items
Old man trick name generator
PATH (Prama's Advanced Tweaking Heaven)
Save file editors
Special stat/Pokémon converter
Trainer escape Trainer Pokémon finder

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Technical
Site Source Code

Search Wiki

 

Search Forums

 

Author Topic: Re: Arbitrary code execution in Red/Blue using the "8F" item  (Read 2157 times)

0 Members and 1 Guest are viewing this topic.

WendyBettyJanice

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #15 on: February 05, 2018, 03:35:31 pm »
Hey, first post!
Using the Wack0's simple Gameshark script to do a couple things, and i'm curious as to what you are supposed to do when the code requires you to enter a 00

for example I have a code that modifies the typing of the current box slot one pokemon. it should look like this

any item
8f
Lemonade * number corresponding to type
X-accuracy * 155 for primary type and 156 for secondary type
Carbos * 218
Pokeball * 119
Fresh Water * 201

This code works perfectly, and i have used it to replace Aerodactyl's flying typing with ghost as a proof of concept. the only problem is that when i want to make something a normal type i would have to have 0 lemonades because 00 is the hex that corresponds with normal. I have tried it just without any lemonades and it freezes the game, as expected. Is it possible to make the game read as having 0 lemonades by somehow rolling it over to 256, or anything like that? Thanks!


I know this is old, but i've taken info from this site a lot but never had need to register, this however is driving me crazy, I can't find a list anywhere, showing with Dec number relates to which typing. all I know is from this, 00 is normal, and from the TypeDex on this site, that 14 is fire.

Can anyone throw me a lifeline or point me to where i can find a list of them?

Thanks in advance all.

WendyBettyJanice

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #16 on: February 05, 2018, 03:52:29 pm »
Here is the hex ID of every type.

00 : Normal
01 : Fighting
02 : Flying
03 : Poison
04 : Ground
05 : Rock
07 : Bug
08 : Ghost
14 : Fire
15 : Water
16 : Grass
17 : Electric
18 : Psychic
19 : Ice
1A : Dragon

As you can guess, you must convert it into decimal for use as the quantity of an item in a 8F code, and you can use the full list to help you. Also, since you're not playing an english game, you should also convert your code for it to work in the german game. It's better to explain rather than give the answer, so here's what you have to do.

- Go there: http://datacrystal.romhacking.net/wiki/Pokemon_Red:RAM_map and note the address you want to change. Let's say that if would be D170 and D171, the types of your current first Pokémon. Note that an address can be represented as a XXYY couple.
- Because you play a european non-english game, add 5 to those. You get D175 and D176.
- Determine the value you want for these. Let's say you want your Pokémon to be Flying type, so the value is 02.
- Use the following items in an 8F code
Anything
8F
Lemonade *(decimal convertion of the value, in this case of the type's hex - flying would be 2, but fire, would then be 20)
X-accuracy *(decimal convertion of YY, in this case 117 for the first type and 118 for the second)
Carbos *(decimal convertion of XX, in this case 209)
Pokeball * 119
Fresh Water * 201

That should do the job. Now if you want the exact equivalent of the code you quote, which modifies the first Pokémon in your PC, then you could apply this to find it!  ;)

Ignore my last post, this guy is my god. I hadn't looked hard enough. <3

WendyBettyJanice

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #17 on: February 05, 2018, 05:29:16 pm »
Type 1 - DA9B|DA= 218 |9B = 155
Type 2 - DA9C |DA= 218 |9C = 156

Type 1 - Psychic

lemonade*24 Psychic
X-accuracy*155
Carbos*218
Pokeball*119
Fresh Water*201

Type 2 - Flying

lemonade*2
x-accuracy*156
Carbos*218
Pokeball*119
Fresh Water*201

Azarokkusu

  • GCLF Member
  • Offline Offline
  • 8F enthusiast
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #18 on: March 15, 2018, 06:32:26 pm »
Here's a method I came up with to get 8F pretty early in the game! Note: though it's not required, I'd suggest using a name that allows you to encounter missingno as often as possible during the Old Man Trick, such as ::::::: or something similar. The values that correspond with missingno can all be found on the Old Man Trick page https://glitchcity.info/wiki/Old_man_trick )

Getting 8F early!
1. get to Cerulean City. On the way, catch a pidgey (You need Fly later)
2. Defeat the rival and all the trainers on the nugget  bridge. DO NOT fight any trainer in Cerulean Gym yet.
3: Catch an Abra in the grass west of the Nugget Bridge.
4. Do the trainer fly glitch on the Jr Trainer in the grass west of the nugget bridge.
5: Defeat the Jr Trainer in Misty's Gym.
6: fight Misty. Defeat her Staryu and black out against her Starmie.
7: Walk up Nugget Bridge. Text will pop up. Go through it and you will encounter Missingno. This adds 128 to the item in your 6th item slot. Now run from the fight with 'M.
8: Throw items from the 6th slot until you have exactly 127 of them (right facing triangle 7).
9: Do the trainer fly glitch on the Jr Trainer in the grass west of the nugget bridge again.
10: Defeat the swimmer in Cerulean Gym.
11: Fight Misty, defeating her Staryu.
12: Win OR lose against Misty's Starmie (it doesn't matter this time since you aren't using her again)
13: Walk up Nugget Bridge. Cancel the menu. Another fight with Missingno will start. Run from this one too!
14: buy and sell items at the pokemart untill you have between 700 and 799 pokedollars/dollars/whatever you want to call them.
15: Switch item 3 with item 6 (item 3 is your 255 stack now)
16: deposit/toss all items below item 3
17: deposit/toss all items above item 3
18: toss/deposit 253 of the item in the first slot, leaving you with 2 of said item.
19: switch slot 1 and 2. You should now have 1 of your item in the first slot.
20: switch slot 1 and 2 again. You should now have 0 of your item in the first slot. You now have inventory underflow.
21: deposit at least one ????? (slot 22) in pc
22: deposit at least one, but at most all but 1 soda pop (slot 69) in pc
23: buy/withdraw items until your inventory is back to normal. You also should scroll all the way up the item list until your cursor is in-bounds again.
24: withdraw ????? and at least 1 soda pop.
25: play through the game as normal until you get the HM for cut. Teach cut to one of your pokemon (catch another pokemon that can learn Cut if you need to)
26: go through one of the gates to Saffron City (presumably the lower one, since you're already in Vermillion City) and then go west through the gate to Celadon City.
27: buy 1 x X Special
28: go get the Fly HM (this is what you needed Cut for)
29: fly to Pallet Town
30: surf down to Cinnibar Island using ?????
31: fly to Viridian City, and get the old man to show you how to catch a pokemon
32: make sure you have 6 or more items, and that your X Special is in the 6th item slot.
33: encounter 'M. You now have 129 x X Special. Run from 'M.
34: throw 2 x X Special. You now have 127.
35: encounter 'M again. You now have 255 x X Special. Run from 'M again.

The next bits are the same as usual for obtaining 8F using item counter underflow

36: put your 255 stack in the second slot of your inventory, and any throwable item in the first slot.
37: Store all items below your 255 stack, and withdraw your Dome/Helix fossil. Your inventory is now
   Any item x[Any qty]
   X Special x255
   Helix/Dome Fossil
38: toss the item in slot 1, it will now be X Special x 255
39: Continue tossing the first item until the item menu "stops responding"
40: talk to the fossil guy and give him your Helix/Dome fossil.
41: Go to the eastmost corner of Celadon City.
42: Toss 254 of the X Specials in slot 1
43: Swap X Special x 1 with Nugget x 1 (slot 35)
44: Walk right - the map should will loop back to the left side of Celadon City. The amount of steps you take determines what item is in the slot, so walk right until 8F is in slot 35.
45: Swap 8F with the first item, then fly away.
46: store 8F in your PC.
47: buy/withdraw items until your inventory is back to normal.
48: withdraw 8F.
« Last Edit: March 15, 2018, 06:34:41 pm by Azarokkusu »

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #19 on: April 11, 2018, 08:32:12 am »
The problem with this code is that sprites will cease to be updated anymore. Here's a replacement :
Code: [Select]


Box items :
Code: [Select]
Thunderstone x230
TM07 x175
Water Stone x34
Lemonade x165
Awakening x70
TM01 x[any qty]


Code :
Code: [Select]


; Code written :
; call D53B (wBoxItems)
; ld [c], a
; CD 3B D5 E2
Box items :
Code: [Select]
ld hl, $CFE6
xor a
ld [hli], a
ld [hli], a
ld a, $C3
ld c, $46
ret
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)