Main Menu
Main Page
Forums
New pages
Recent changes
Random page
Help

Glitches
Arbitrary code execution
Pokémon cloning
Pomeg glitch
Tweaking
Glitches by generation
Glitch categories

References/Resources
Databases
Disassembly projects
The Big HEX List
Pokémon cheat codes
Pokémon glitch terminology
Useful tools
More

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Technical
Site source code

Search Wiki

 

Search Forums

 

Author Topic: Yet another arbitrary sprites addendum  (Read 123 times)

0 Members and 1 Guest are viewing this topic.

Quirky Flower Chicken ❤✿

  • Head Administrator
  • *****
  • Offline Offline
  • Gender: Female
  • (Image thanks Sanrio + Pexels)
    • View Profile
Yet another arbitrary sprites addendum
« on: November 30, 2018, 06:44:48 pm »
Trainer 0x37 (D059/8=FF), known as "14S" in Red/Blue and "ゥ, A" in Yellow has a front sprite sourced from E891 in Echo RAM. This applies to both Red and Yellow.

Due to how Echo RAM works, E891 is a copy of C891. C891 is in the middle of C6E8 (wOverworldMap), a 1300 (decimal) byte structure. Sadly, this data is overwritten after saving and resetting. However, if arbitrary code execution is used to copy a customized sprite to this structure before battle, then it is possible to give Trainer 0x37 any sprite you desire. It just requires the internal 7x7 sprite dimension.

I've confirmed fighting the "Buried Alive" Trainer with this exploit. If you have BGB, copy and paste the following bytes to C891 and then change D058 (or D059) to 0xFF. You should now be fighting the Buried Alive Trainer (who is really just a glitch Trainer, further modifications will be needed to change his name and party). The other, long way is to write these bytes one by one with ACE, or write them elsewhere and copy them to C891.




For reference, here are the picture/money data for the standard glitch Trainers:

The first two bytes are the sprite pointer. The last three bytes are the BCD (binary coded decimal) payout values.

Red/Blue:


98 8E 94 8D 86 ; (f8)  - pointer 8e98
92 93 84 91 50 ; (f9)  - pointer 9392
81 94 86 7F 82 ; (fa)  - pointer 9481
80 93 82 87 84 ; (fb) - pointer 9380
91 50 8B 80 92 ; (fc) - pointer 5091
92 50 92 80 88 ; (fd) - pointer 5092
8B 8E 91 50 89 ; (fe) - pointer 8e8b
91 E8 93 91 80 ; (ff) - pointer e891
00 0A A5 03 00 ; (00) - pointer 0A00


Yellow:


98 8E 94 8D 86 ; (f8)
92 93 84 91 50 ; (f9)
81 94 86 7F 82 ; (fa)
80 93 82 87 84 ; (fb)
91 50 8B 80 92 ; (fc)
92 50 92 80 88 ; (fd)
8B 8E 91 50 89 ; (fe)
91 E8 93 91 80 ; (ff)
04 49 04 01 3A ; (00)

Note: The Trainer 0x00 (D059/8=C8) data may be wrong.
« Last Edit: November 30, 2018, 06:52:04 pm by Evie Torchic the Glitch Scientist »

(Image © Sanrio, Nintendo, HAL Laboratory)

✿ Hi! I'm Evie. I'm a transgender woman, but any pronouns are fine. She/her preferred. ✿ 🦋

Please note:

While I'm one of the staff who runs the site, Abwayax is the founder and manages the technical side of the site (specifically the server, but I can do forum/wiki stuff if you like, I suggest if you do to make a thread about it to gather a consensus). Still feel free to contact me about higher site issues though; I will forward them to Abwayax if needed. :)

Forgiveness is timeless, and moments we look back on humble the soul.

Thank you Nyapon for this lovely artwork. :3