Main Menu
Main Page
Forums
New pages
Recent changes
Random page
Help

Glitches
Arbitrary code execution
Pokémon cloning
Pomeg glitch and Glitzer Popping
Tweaking and voiding
Glitches by generation
Other glitch categories

References/Resources
Databases
Disassembly projects
The Big HEX List
Interactive tools
Reference documents
Terminology

Affiliates
Legendary Star Blob 2 (Hakuda) (日本語/Japanese)
Pokémon Speedruns wiki (English)
PRAMA Initiative (Français/French)
MissingNo. Glitch City (Italiano/Italian)
Become an affiliate!

Technical
Site source code

Search Wiki

 

Search Forums

 

Author Topic: Arbitrary code execution in Red/Blue using the "8F" item  (Read 443156 times)

0 Members and 1 Guest are viewing this topic.

Wack0

  • Coder, reverser, beta collector [BetaArchive staff]
  • Banned
  • *
  • Offline Offline
  • Gender: Male
  • cBRH - Doing nothing since 2k7
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #225 on: October 13, 2015, 08:26:43 am »
The event flag is used so you don't battle Sabrina again after you beat her.

The barrier in Pokemon League goes against "number of badges", which is at D356.

To set this so you have all the badges, you can use an item list like:

Item 3: Lemonade x255
Item 4: X Accuracy x86
Item 5: Carbos x211
Item 6: Poké Ball x119
Item 7: Fresh Water x201

which is based from this template I made 2.5 years(!) ago.

This sets $D356 to $FF which gives you all the badges.
C H E C K E D . B U I L D S . A R E . A W E S O M E N E S S

BetaArchiveSoftHistory Forumsirc.rol.im #galaxy,#softhistory

Also known as The Distractor.

Shane, please stop telling children that there's a Mew outside under the delivery trucks. - Management

Pokémon: arbitrary code execution 1996-2016

SatoMew

  • Member+
  • *
  • Offline Offline
  • Gender: Female
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #226 on: October 15, 2015, 11:05:05 am »
The event flag for beating Sabrina is bit 1 of 0xD7B3, but this won't give you her badge. Do you want to make the game think you beat Sabrina, or do you want her badge?

Huh, so what exactly happens in Red and Green that causes the "win even if lost" bug?

SnorLapraSuicuinEkans

  • GCLF Member
  • Offline Offline
  • Gender: Male
  • 8f lol
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #227 on: November 15, 2015, 07:57:47 pm »
Do you have to set up bootstrap + item setup or just one of them also is it supposed to crash if no setup is done
How to use 8f... 8__8

Krys3000

  • French living dexer
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - French Pokémon glitch website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #228 on: November 16, 2015, 03:30:06 am »
Hello,

The glitch item 8F / Wslm reads code from your Team / box.
The standard setup we use redirects the reading to the items.
You could do your codes with Pokémon data only, but it's hard, so we prefer this way.

If you don't have the Team / box setup, it won't work. Depending of the Pokémon, it will most likely freeze.

So unless you feel in the mood to code with Pokémon, you need both.

Admin of the PRAMA Initiative, the main french Pokémon glitch website
https://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov

SnorLapraSuicuinEkans

  • GCLF Member
  • Offline Offline
  • Gender: Male
  • 8f lol
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #229 on: November 16, 2015, 12:13:45 pm »
Thank you, I wasn't sure if I wanted to spend the time to get the setup because on the emulator I use (meboy 2.2) when I used 8f an error would pop up instanly stating I was out of bounds, but now you have said that it crashes the game depending on the pokemon you have that could be why it crashes, so I will set it up and hopefully it will fix the problem :D
How to use 8f... 8__8

Krys3000

  • French living dexer
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - French Pokémon glitch website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #230 on: November 16, 2015, 12:43:00 pm »
No problem ;)
If you're in trouble getting your code to work, don't hesitate to come here and we'll try to help  :P

Admin of the PRAMA Initiative, the main french Pokémon glitch website
https://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov

SnorLapraSuicuinEkans

  • GCLF Member
  • Offline Offline
  • Gender: Male
  • 8f lol
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #231 on: November 16, 2015, 12:52:03 pm »
Will do, thanks again 8)
How to use 8f... 8__8

SnorLapraSuicuinEkans

  • GCLF Member
  • Offline Offline
  • Gender: Male
  • 8f lol
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #232 on: November 17, 2015, 09:46:41 am »
Done, works well at least I know 8f is capable for my emulator is there anwhere I can go to find more interesting codes :D How to use Jack properly, what does 4848 do an 8__8 also thanks
How to use 8f... 8__8

SnorLapraSuicuinEkans

  • GCLF Member
  • Offline Offline
  • Gender: Male
  • 8f lol
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #233 on: November 17, 2015, 11:28:32 am »
Also can you do gameshark codes having the hex iitems ?
How to use 8f... 8__8

Krys3000

  • French living dexer
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - French Pokémon glitch website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #234 on: November 17, 2015, 01:43:04 pm »
I'm not sure to understand your question.

To execute a gameshark code only using 8F, given a Gameshark code is structured this way: AABBCCDD
You can do this :
Any item
8F / ws*l’||lm||
Lemonade xBB (decimaled)
TM34 xCC (decimaled)
hex:DD item x201

To get the DD item, if it is a glitch item, you can use this code:
8F / ws*l’||lm||
Item you want to morph
Burn Heal x43
Ice Heal x43
Full Heal x201

The second item gains 1 hex each time you use the code.

Admin of the PRAMA Initiative, the main french Pokémon glitch website
https://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov

SnorLapraSuicuinEkans

  • GCLF Member
  • Offline Offline
  • Gender: Male
  • 8f lol
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #235 on: November 17, 2015, 03:59:13 pm »
Yes, being BB CC and DD being being byte 1-3 right ? I am confused as I have seen this code Walk through walls  010138CD but is it wrongly corrosponded to their items (max revive x accuracy carbos) because I checked their hex in the big list and it dosn't match I am probably checking the wrong place, so could you tell me what I'm doing wrong ? I'm very confused at the moment haha , I have done the catch em all code and any item code and I am just trying to understand how to work it. Thanks for helping :D
How to use 8f... 8__8

Krys3000

  • French living dexer
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - French Pokémon glitch website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #236 on: November 17, 2015, 04:54:36 pm »
In the Gameshark code you mention,
AA = 01
BB = 01
CC = 38
DD = CD

So the corresponding code is:
Any item
8F / ws*l’||lm||
Lemonade x1
TM34 x56
TM05 x201

Because 38, in decimal, is 56, and TM05 is the item with a hex value of CD.
Then use 8F / ws*l’||lm|| and you will walk through walls. Proceed this way with any gameshark code you would like to use.

Please note RAM address $CD38 is in a memory section which doesn't change between versions AND localizations. You will not have to change this code if you use it in Yellow version, nor if you use a foreign game.

Admin of the PRAMA Initiative, the main french Pokémon glitch website
https://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov

SnorLapraSuicuinEkans

  • GCLF Member
  • Offline Offline
  • Gender: Male
  • 8f lol
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #237 on: November 17, 2015, 05:53:53 pm »
Ok right what about 1 lemonade and tm 34 where do they come in ?
How to use 8f... 8__8

Wack0

  • Coder, reverser, beta collector [BetaArchive staff]
  • Banned
  • *
  • Offline Offline
  • Gender: Male
  • cBRH - Doing nothing since 2k7
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #238 on: November 17, 2015, 06:52:56 pm »
In the Gameshark code you mention,
AA = 01
BB = 01
CC = 38
DD = CD

So the corresponding code is:
Any item
8F / ws*l’||lm||
Lemonade x1
TM34 x56
TM05 x201

Because 38, in decimal, is 56, and TM05 is the item with a hex value of CD.
Then use 8F / ws*l’||lm|| and you will walk through walls. Proceed this way with any gameshark code you would like to use.

Please note RAM address $CD38 is in a memory section which doesn't change between versions AND localizations. You will not have to change this code if you use it in Yellow version, nor if you use a foreign game.

why use that when this is easier? (all that's needed is 5 items you can get from Celadon department store)

Optimise your code to use only non-glitch/non-key items if possible guys, I always tried to do this...

http://forums.glitchcity.info/index.php/topic,6638.msg189609.html#msg189609
C H E C K E D . B U I L D S . A R E . A W E S O M E N E S S

BetaArchiveSoftHistory Forumsirc.rol.im #galaxy,#softhistory

Also known as The Distractor.

Shane, please stop telling children that there's a Mew outside under the delivery trucks. - Management

Pokémon: arbitrary code execution 1996-2016

Krys3000

  • French living dexer
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - French Pokémon glitch website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #239 on: November 18, 2015, 03:51:33 am »
Thanks, Wack0, I wasn't aware of this new version. I probably missed it while reading the thread. That's really a great code! I will add it to PRAMA too  ;)

Ok right what about 1 lemonade and tm 34 where do they come in ?

To answer this question: I told you earlier using 8F gets the game to read code from party, and having the specific setup redirects the reading to the THIRD item.
Now the third item is Lemonade x1. Third item memory address in english R/B is $D322. Lemonade's hex ID in the Big List is 3E so that's the value for this address.
The following address would be the quantity of Lemonade, then the hex ID of the fourth item, its quantity, fifth item, etc.

Here, we have the following read code:
3E (Lemonade) 01 (x1) EA (TM34) 38 (x56) CD (TM05) C9 (x201)

To understand what it means you need to know how these hex numbers are interpreted as game instructions.

Here's something you could use: http://www.pastraiser.com/cpu/gameboy/gameboy_opcodes.html
In this table, every hex number matches an instruction. The instructions pour the above numbers are:
3E : ld A, d8
This puts the following number into an in-game "A" value. So from now on, A = 01.
Since 01 was integrated to this instruction, we continue with the third one.
EA : LD (a16),A
This specific instructions takes the memory address composed by the next TWO hex numbers and affects A as its value. Note the numbers are read in reverse order here; the memory address will be $CD38. So this instruction gets $CD38 to take the value 1. This is what the gameshark code does, since having 1 as value of this address will get you to walk through walls.
38 and CD having been used here, we conclude this with the last number.
C9 : ret
This is an "end" instruction, that stops the reading of the code. It is very important to place it, otherwise the game will continue to read the following addresses as code... and God knows what can happen then.

Click on Wack0's link and read the ASM (instructions) of its code. You would be able to understand it, if I tell you "inc" is an increase instruction.


Admin of the PRAMA Initiative, the main french Pokémon glitch website
https://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov