Main Menu
Main Page
Forums
New pages
Recent changes
Random page
Help

Glitches
Arbitrary code execution
Pokémon cloning
Pomeg glitch and Glitzer Popping
Tweaking and voiding
Glitches by generation
Glitch categories

References/Resources
Databases
Disassembly projects
The Big HEX List
Pokémon cheat codes
Pokémon glitch terminology
Useful tools
More

Affiliates
Legendary Star Blob 2 (Hakuda) (日本語/Japanese)
Pokémon Speedruns wiki (English)
PRAMA Initiative (Français/French)
MissingNo. Glitch City (Italiano/Italian)
Become an affiliate!

Technical
Site source code

Search Wiki

 

Search Forums

 

Author Topic: ItemDexJP/B:000 theory  (Read 384 times)

0 Members and 1 Guest are viewing this topic.

Evie the Bird Mother ❤✿

  • Head Administrator
  • *****
  • Offline Offline
  • Gender: Female
    • View Profile
ItemDexJP/B:000 theory
« on: December 06, 2018, 01:49:03 pm »
As danny found, this glitch item in Japanese Blue has a randomized name. Could it be possible to use this to our advantage for LOL glitch combined with a screen data saving glitch item? ✿
« Last Edit: December 19, 2018, 11:11:31 am by Evie ❤✿ »

(Image © Sanrio, Nintendo, HAL Laboratory)

I want to be a mother. 🦋 ✿

✿ Hi, I'm Evie. Sex male, and spiritually doesn't believe 'male'/'female' needs to be defined; lives more stereotypically like a woman. Call me whichever pronouns you like. :)

Please note:

While I'm one of the staff who runs the site, Abwayax is the founder and manages the technical side of the site (specifically the server, but I can do forum/wiki stuff if you like, I suggest if you do to make a thread about it to gather a consensus). Still feel free to contact me about higher site issues though; I will forward them to Abwayax if needed. :)

Forgiveness.

I feel that the more people pray to our greatest source/God/mathematical equality for world peace, the more and more it manifests into reality (until our next spiritual death).

Thank you Nyapon for this lovely artwork. :3

Epsilon

  • Member+
  • *
  • Offline Offline
    • View Profile
Re: ItemDexJP/B:000 theory
« Reply #1 on: December 18, 2018, 12:06:38 am »
Before I can answer this, lets do a brief recap of exactly how the LOL glitch works, that way we have context:

 - The player enters the overworld loop during batte, tricking the game into beleiving that the player is sill in battle
 - The player opens the items menu, causing the game to save it's current tilemap to wTileMapBackup2
 - The player presses "a" on an item that does not have a 0x50 in it's name within 20 bytes. This causes CopyData to write the unterminated string in a buffer neaby wTileMapBuffer, which CopyString will then read into. It will then write to it's own buffer, eventually overwriting wEnemyMonSpecies2, which determines which pokemon we get after throwing the master ball.

So by that logic, if we wanted to perform the LOL glitch by using a tile from B:000's name, we would need:
 - An item that jumps back to the overworld loop in battle
 - An item that jumps back to the overworld loop outside (in Eng-Red, both are satisfied by 9f)
 - A means of backing up the tilemap to buffer2 with B:000's name on screen (Recall that the last time the game normally does this is before the items menu opens!)

And thankfully, in Jp-Blue,we have all of theese!    ...except the first one.

0x63


0x63 is a glitch item in Jp-Blue that, through a miracle of code flow, jumps us back to the overworld loop!

So why can't we use it during battle? Well, part of the reason why it reaches the overworld loop in the first place is because, shortly after it's execution, it performs three pops, and then a ret. When not in battle, after the three pops, the ret instruction will take you to a part of the ROM that eventually leads to the overworld loop.But it seems that, during battle, the stack is not so in our favor. Once it reaches the ret instruction, it points to a location in ROM that eventually leads to an invalid opcode. Bummer.


Because if the abnormality with the stack, we can't use 63 to reach the overworld loop during battle. IIRC, I had luck with another glitch item that reached the overworld loop, but that I believe executed code from memory, so it's reliability may be called into question.

Backing up tile data to buffer 2

combined with a screen data saving glitch item?

No need!

In Jp-Blue, the tile that gets written into wEnemyMonSpecies2 is at X=2 Y=5. This is well out of the way of the Start menu, and it gets changed occasionally by B:000's name. Because of this, we able to trigger a backup of X=2 Y=5 to wTilemapBackup2 by jumping back to the overworld loop, and re-opening the items menu!

We're out of battle here, so 0x63 should work juuuust fine  8).



In conclusion, the setup would go as follows:

 - Get 0x00 and put in the first slot. Also grab 0x63 and some Master Balls.
 - Get into a battle
 - By some means, get into the overworld loop. (when testing, I used an item, breakpointed before the item was used, and then forced a jump to the overworld loop. Hopefuy a way can be found!)
 - Correct the graphics using a warp
 -  Open and close the items menu (with 0x00 in your first slot), until you are comfortable with the tile at X=2,Y=5 (sometimes 0x00's random name wont corrupt it,just be patient!)
 - Make sure there is an 0x50 subtile close to, but not before, X=2,Y=5
 - Use 0x60
 - Open the items menu (backs up X=2,Y=5 to buffer2)
 - Press "A" on 0x00 (not guaranteed to be unterminated) or another unterminated glitch item
 - Throw a Master Ball


Will look into how reaching the overworld loop in battle might be possible.
« Last Edit: December 18, 2018, 12:09:42 am by Epsilon »
grouchy

Evie the Bird Mother ❤✿

  • Head Administrator
  • *****
  • Offline Offline
  • Gender: Female
    • View Profile
Re: ItemDexJP/B:000 theory
« Reply #2 on: December 19, 2018, 11:00:37 am »
Thank you for your lovely thorough reply Epsilon.

Yes, I had tested item 0x63 before and got the same results as you; item 0x63 was the only potential LOL glitch compatible item not executing a writable memory region.

About there being no need of a screen data saving glitch item (for 0x00/0x63 LG), this may not be true; as in the English games a copy of the screen without the Start menu being open is saved into memory once opening the menu. The purpose of the screen data saving glitch item (e.g. EN 9F) is to save what is on the menu into memory rather than from the overworld. However, I don't know for sure whether this also applies to the JP Blue Version.

Hopefully we can find away to avoid the freeze when the item is used in battle. ✿
« Last Edit: December 19, 2018, 11:07:35 am by Evie ❤✿ »

(Image © Sanrio, Nintendo, HAL Laboratory)

I want to be a mother. 🦋 ✿

✿ Hi, I'm Evie. Sex male, and spiritually doesn't believe 'male'/'female' needs to be defined; lives more stereotypically like a woman. Call me whichever pronouns you like. :)

Please note:

While I'm one of the staff who runs the site, Abwayax is the founder and manages the technical side of the site (specifically the server, but I can do forum/wiki stuff if you like, I suggest if you do to make a thread about it to gather a consensus). Still feel free to contact me about higher site issues though; I will forward them to Abwayax if needed. :)

Forgiveness.

I feel that the more people pray to our greatest source/God/mathematical equality for world peace, the more and more it manifests into reality (until our next spiritual death).

Thank you Nyapon for this lovely artwork. :3

Epsilon

  • Member+
  • *
  • Offline Offline
    • View Profile
Re: ItemDexJP/B:000 theory
« Reply #3 on: December 19, 2018, 11:21:49 am »
Thank you for your lovely thorough reply Epsilon.

Yes, I had tested item 0x63 before and got the same results as you; item 0x63 was the only potential LOL glitch compatible item not executing a writable memory region.

If I recall correctly, there was one that, albeit jumping into memory, was able to jump back into the overworld loop. The memory it jumped into I believe was late HRAM, which may be somewhat predictable? I'll see if I can dig it back up to find out what exactly happened there.


About there being no need of a screen data saving glitch item (for 0x00/0x63 LG), this may not be true; as in the English games a copy of the screen without the Start menu being open is saved into memory once opening the menu. The purpose of the screen data saving glitch item (e.g. EN 9F) is to save what is on the menu into memory rather than from the overworld. However, I don't know for sure whether this also applies to the JP Blue Version.

I knew that. What I meant by "we need not an item that backups the screen data to buffer 2", is that we need not an item that does "exactly that"

Example:

The tile at X=2 Y=5 is at C406 in the main tilemap buffer and CDE2 in buffer2. Let's just say that, after the player opened the items menu, the values at both addresses were 0x38. We'll just say that 0x00's random name corrupted the value at C406 to C8. While there are no direct ways to write C406 to CDE2, we can force another backup to buffer 2 by using item 0x63 and reopening the items menu. After that, both values, C406 and CDE2 would be C8 in this hypothetical scenario.
grouchy

Evie the Bird Mother ❤✿

  • Head Administrator
  • *****
  • Offline Offline
  • Gender: Female
    • View Profile
Re: ItemDexJP/B:000 theory
« Reply #4 on: December 19, 2018, 11:39:35 am »
I see, sounds great. :) Sorry I misunderstood :(

(Image © Sanrio, Nintendo, HAL Laboratory)

I want to be a mother. 🦋 ✿

✿ Hi, I'm Evie. Sex male, and spiritually doesn't believe 'male'/'female' needs to be defined; lives more stereotypically like a woman. Call me whichever pronouns you like. :)

Please note:

While I'm one of the staff who runs the site, Abwayax is the founder and manages the technical side of the site (specifically the server, but I can do forum/wiki stuff if you like, I suggest if you do to make a thread about it to gather a consensus). Still feel free to contact me about higher site issues though; I will forward them to Abwayax if needed. :)

Forgiveness.

I feel that the more people pray to our greatest source/God/mathematical equality for world peace, the more and more it manifests into reality (until our next spiritual death).

Thank you Nyapon for this lovely artwork. :3