Main Menu
Main Page
Forums
New pages
Recent changes
Random page
Help

Glitches
Arbitrary code execution
Pokémon cloning
Pomeg glitch and Glitzer Popping
Tweaking and voiding
Glitches by generation
Glitch categories

References/Resources
Databases
Disassembly projects
The Big HEX List
Pokémon cheat codes
Pokémon glitch terminology
Useful tools
More

Affiliates
Legendary Star Blob 2 (Hakuda) (日本語/Japanese)
Pokémon Speedruns wiki (English)
PRAMA Initiative (Français/French)
MissingNo. Glitch City (Italiano/Italian)
Become an affiliate!

Technical
Site source code

Search Wiki

 

Search Forums

 

Author Topic: Arbitrary code execution in Red/Blue using the "8F" item  (Read 397765 times)

0 Members and 2 Guests are viewing this topic.

joshuarpl2

  • Banned
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #855 on: December 04, 2018, 11:07:36 am »
Made my first arbitrary code!
It goes like this
Items:
Any Item x[any]
8F
Lemonade x2
TM34 x89
TM08 x201

ASM:
ld a, $02
ld ($D059), a
ret
Made in just 3 lines of code, because it only changes a single address! (DO59 turns into 1F, which is the ID of Missingno!)
This is pretty much the same as the Catch Em All script lol.

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #856 on: December 04, 2018, 01:22:57 pm »
This won't set D059 to $1F, but to $02. Ie Kangaskhan.
You didn't even test your script, did you?
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

Sherkel

  • Ringsome on the aquaface
  • Administrator
  • *****
  • Offline Offline
  • Gender: Male
  • Is it an illusion, or a tower built on sand?
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #857 on: December 04, 2018, 04:00:20 pm »
In spite of that strange error, you've gotten started, at least! :)

joshuarpl

  • GCLF Member
  • Offline Offline
  • Gender: Male
  • Oh snap, I destroyed my save file!
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #858 on: December 29, 2018, 04:16:00 pm »
ld a, $02
Oh, I accidentally made it turn into value $02 xd!
Sorry!

(If i'm necro-bumping, i am sorry!)
« Last Edit: December 29, 2018, 04:16:58 pm by joshuarpl »
If I am necro-bumping, I am sorry.
4 4 scares me on a deep emotional level I can't describe.

Parzival

  • Buyer beware: House comes with 3 free skeletons in a closet of your choice.
  • GCLF Member
  • *
  • Offline Offline
  • Gender: Male
  • This box intentionally left blank. ...wait...
    • View Profile
    • (null)
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #859 on: December 29, 2018, 07:30:27 pm »
I would like to point out that Missingno. takes up several different slots. This may make the actual code setup easier with proper slot picking.
Ask me about betrayal.
Ask me about depression.
Ask me about death.
Ask me about destruction.
Ask me about hardship.
I've been through s**t.
If you need to talk to someone, my PM inbox is always open.

kakonema

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #860 on: February 15, 2019, 12:41:31 pm »
So to write ISSOtm's version of theZZAZZglitch's memory editor (https://forums.glitchcity.info/index.php?topic=8200.0) you'd start with

lemonade x 229 (229 = $E5, the byte to write at DB01)
X accuracy x 1
Carbos x 219
pokeball x 119
Burn heal x 125
Fresh water x 234
Iron x 211
Lemonade x 0
TM34 x 35
TM 11 x 201

use 8f, which would write the value, set the quantity of lemonades to 0 and increase the quantity of X accuracies by 1, to 2. Throw lemonades until you had 17 (hex 11), use 8f, etc etc.

Is this code compatible with european versions of roms, i'm having a weird effects executing it? The bootstrap works with couple of tested codes (onyx replaced with graveler for 3rd item bag compatibility).

Do memory editor also need adjustments in order to work with euro roms?

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #861 on: February 15, 2019, 12:50:23 pm »
Yes, they do. Don't know which though.
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

kakonema

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #862 on: February 15, 2019, 01:14:44 pm »
Yes, they do. Don't know which though.

Well that's a bummer.

Hmmm, according to:
Code: [Select]
ld ($d325),a ; quantity of fresh water (234), Iron x 211 bytes: EA 25 D3
ld ($d323),a ;TM34 x 35, TM11. bytes: EA 23 D3

guess it just needs increase in quantity of TM34 and fresh water by 5 in order to match a bag address, right?

Editor is a different beast, it hurts my brain just by looking at code.

edit: On second thought, i need helix fossil instead of iron, but helix fossil is a key item and it doesn't have a quantity?

edit2: Success! Swapping iron x 211 with helix fossil x 211 and increasing TM34 x 35 to TM34 x 40 works, just need to write memeditor to test if it works.

edit3: Aaaaand it works!!! Thank you guys for making it possible, it's a mind-blowing work you're all doing.
« Last Edit: February 15, 2019, 08:40:08 pm by kakonema »

Caveat

  • The Metropolitan Mutant of Ark
  • GCLF Member
  • *
  • Offline Offline
  • Wrrrooooooaaaar! Peeko!
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #863 on: April 26, 2019, 06:37:45 pm »
After a year of being spared from my misery, I RETURN with this... thing.
It changes the species bytes of the first Pokemon in the current box!

"Stable" version:
Lemonade x(species index)
TM34 x129
TM18 x4
TM34 x150
TM18 x201
Code: [Select]
ld a, $xx
ld [$DA81], a
inc b
ld [$DA96], a
ret

"Unstable" version: (for making unstable hybrids)
Lemonade x(species index)
TM34 x129
TM18 x4
Lemonade x(recipient species)
TM34 x150
TM18 x201
Code: [Select]
ld a, $xx
ld [$DA81], a
inc b
ld a, $yy
ld [$DA96], a
ret

This isn't really useful and it's more of a "LOOK MOM I'M LEARNING ASM" thing, but it could be useful to you if you don't feel like getting a Charizard 'M and/or the Pokemon you want to merge?

EDIT: Here's something actually useful! It fills out your Pokedex (with an optional 152nd entry, if you want). Requires a few glitch items, but none of them have unterminated names. Yeah, dealing with CANCEL is annoying; sorry. D:

All 151:
X Accuracy x246
Carbos x210
HP Up x62
CANCEL (hex:FF) x119
TM50 x28
TM11 x254
CANCEL (hex:FF) x32
TM44 x4
Lemonade x127
TM34 x28
TM11 x234
Pokédex (hex:09) x211
TM01 x[Any qty]
Code: [Select]
;151 pokemon seen + caught
;hl=D322
ld l, $F6
ld h, $D2 ;hl=D2F6
inc hl ;hl=D2F7 on first loop
ld a, $FF
ld [hl], a ;set dex byte to FF
ld a, [$D31C]
cp a, $FF ; are all bytes set?
jr nz, $D326 ;if not, inc hl and do it again
inc b
ld a, $7F
ld [$D31C], a
ld [$D309], a ;getting rid of entry 152
ret

152nd entry:
X Accuracy x246
Carbos x210
HP Up x62
CANCEL (hex:FF) x119
TM50 x28
TM11 x254
CANCEL (hex:FF) x32
TM44 x201
Code: [Select]
;152 pokemon
;hl=D322
ld l, $F6
ld h, $D2 ;hl=D2F6
inc hl ;hl=D2F7 on first loop
ld a, $FF
ld [hl], a ;set dex byte to FF
ld a, [$D31C]
cp a, $FF ; are all bytes set?
jr nz, $D326 ;if not, inc hl and do it again
ret

« Last Edit: April 27, 2019, 01:14:36 pm by Caveat »
dr dr pepper is back