Re: Arbitrary code execution in Red/Blue using the "8F" item  (Read 2503 times)

Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #15 on: February 05, 2018, 03:52:29 pm »
Here is the hex ID of every type.

00 : Normal
01 : Fighting
02 : Flying
03 : Poison
04 : Ground
05 : Rock
07 : Bug
08 : Ghost
14 : Fire
15 : Water
16 : Grass
17 : Electric
18 : Psychic
19 : Ice
1A : Dragon

As you can guess, you must convert it into decimal for use as the quantity of an item in a 8F code, and you can use the full list to help you. Also, since you're not playing an english game, you should also convert your code for it to work in the german game. It's better to explain rather than give the answer, so here's what you have to do.

- Go there: and note the address you want to change. Let's say that if would be D170 and D171, the types of your current first Pokémon. Note that an address can be represented as a XXYY couple.
- Because you play a european non-english game, add 5 to those. You get D175 and D176.
- Determine the value you want for these. Let's say you want your Pokémon to be Flying type, so the value is 02.
- Use the following items in an 8F code
Lemonade *(decimal convertion of the value, in this case of the type's hex - flying would be 2, but fire, would then be 20)
X-accuracy *(decimal convertion of YY, in this case 117 for the first type and 118 for the second)
Carbos *(decimal convertion of XX, in this case 209)
Pokeball * 119
Fresh Water * 201

That should do the job. Now if you want the exact equivalent of the code you quote, which modifies the first Pokémon in your PC, then you could apply this to find it!  ;)

Ignore my last post, this guy is my god. I hadn't looked hard enough. <3


Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #16 on: February 05, 2018, 05:29:16 pm »
Type 1 - DA9B|DA= 218 |9B = 155
Type 2 - DA9C |DA= 218 |9C = 156

Type 1 - Psychic

lemonade*24 Psychic
Fresh Water*201

Type 2 - Flying

Fresh Water*201


Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #17 on: March 15, 2018, 06:32:26 pm »
Here's a method I came up with to get 8F pretty early in the game! Note: though it's not required, I'd suggest using a name that allows you to encounter missingno as often as possible during the Old Man Trick, such as ::::::: or something similar. The values that correspond with missingno can all be found on the Old Man Trick page )

Getting 8F early!
1. get to Cerulean City. On the way, catch a pidgey (You need Fly later)
2. Defeat the rival and all the trainers on the nugget  bridge. DO NOT fight any trainer in Cerulean Gym yet.
3: Catch an Abra in the grass west of the Nugget Bridge.
4. Do the trainer fly glitch on the Jr Trainer in the grass west of the nugget bridge.
5: Defeat the Jr Trainer in Misty's Gym.
6: fight Misty. Defeat her Staryu and black out against her Starmie.
7: Walk up Nugget Bridge. Text will pop up. Go through it and you will encounter Missingno. This adds 128 to the item in your 6th item slot. Now run from the fight with 'M.
8: Throw items from the 6th slot until you have exactly 127 of them (right facing triangle 7).
9: Do the trainer fly glitch on the Jr Trainer in the grass west of the nugget bridge again.
10: Defeat the swimmer in Cerulean Gym.
11: Fight Misty, defeating her Staryu.
12: Win OR lose against Misty's Starmie (it doesn't matter this time since you aren't using her again)
13: Walk up Nugget Bridge. Cancel the menu. Another fight with Missingno will start. Run from this one too!
14: buy and sell items at the pokemart untill you have between 700 and 799 pokedollars/dollars/whatever you want to call them.
15: Switch item 3 with item 6 (item 3 is your 255 stack now)
16: deposit/toss all items below item 3
17: deposit/toss all items above item 3
18: toss/deposit 253 of the item in the first slot, leaving you with 2 of said item.
19: switch slot 1 and 2. You should now have 1 of your item in the first slot.
20: switch slot 1 and 2 again. You should now have 0 of your item in the first slot. You now have inventory underflow.
21: deposit at least one ????? (slot 22) in pc
22: deposit at least one, but at most all but 1 soda pop (slot 69) in pc
23: buy/withdraw items until your inventory is back to normal. You also should scroll all the way up the item list until your cursor is in-bounds again.
24: withdraw ????? and at least 1 soda pop.
25: play through the game as normal until you get the HM for cut. Teach cut to one of your pokemon (catch another pokemon that can learn Cut if you need to)
26: go through one of the gates to Saffron City (presumably the lower one, since you're already in Vermillion City) and then go west through the gate to Celadon City.
27: buy 1 x X Special
28: go get the Fly HM (this is what you needed Cut for)
29: fly to Pallet Town
30: surf down to Cinnibar Island using ?????
31: fly to Viridian City, and get the old man to show you how to catch a pokemon
32: make sure you have 6 or more items, and that your X Special is in the 6th item slot.
33: encounter 'M. You now have 129 x X Special. Run from 'M.
34: throw 2 x X Special. You now have 127.
35: encounter 'M again. You now have 255 x X Special. Run from 'M again.

The next bits are the same as usual for obtaining 8F using item counter underflow

36: put your 255 stack in the second slot of your inventory, and any throwable item in the first slot.
37: Store all items below your 255 stack, and withdraw your Dome/Helix fossil. Your inventory is now
   Any item x[Any qty]
   X Special x255
   Helix/Dome Fossil
38: toss the item in slot 1, it will now be X Special x 255
39: Continue tossing the first item until the item menu "stops responding"
40: talk to the fossil guy and give him your Helix/Dome fossil.
41: Go to the eastmost corner of Celadon City.
42: Toss 254 of the X Specials in slot 1
43: Swap X Special x 1 with Nugget x 1 (slot 35)
44: Walk right - the map should will loop back to the left side of Celadon City. The amount of steps you take determines what item is in the slot, so walk right until 8F is in slot 35.
45: Swap 8F with the first item, then fly away.
46: store 8F in your PC.
47: buy/withdraw items until your inventory is back to normal.
48: withdraw 8F.
« Last Edit: March 15, 2018, 06:34:41 pm by Azarokkusu »


« Reply #18 on: April 11, 2018, 08:32:12 am »
The problem with this code is that sprites will cease to be updated anymore. Here's a replacement :
Code: [Select]

Box items :
Code: [Select]
Thunderstone x230
TM07 x175
Water Stone x34
Lemonade x165
Awakening x70
TM01 x[any qty]

Code :
Code: [Select]

; Code written :
; call D53B (wBoxItems)
; ld [c], a
; CD 3B D5 E2
Box items :
Code: [Select]
ld hl, $CFE6
xor a
ld [hli], a
ld [hli], a
ld a, $C3
ld c, $46
