Main Menu
Main Page
Forums
New pages
Recent changes
Random page
Help

Glitches
Arbitrary code execution
Pokémon cloning
Pomeg glitch and Glitzer Popping
Tweaking and voiding
Glitches by generation
Glitch categories

References/Resources
Databases
Disassembly projects
The Big HEX List
Pokémon cheat codes
Pokémon glitch terminology
Useful tools
More

Affiliates
Legendary Star Blob 2 (Hakuda) (日本語/Japanese)
Pokémon Speedruns wiki (English)
PRAMA Initiative (Français/French)
MissingNo. Glitch City (Italiano/Italian)
Become an affiliate!

Technical
Site source code

Search Wiki

 

Search Forums

 

Author Topic: Arbitrary code execution in Red/Blue using the "8F" item  (Read 405266 times)

0 Members and 3 Guests are viewing this topic.

Skeef

  • GCLF Member
  • *
  • Offline Offline
  • Eek!
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #345 on: April 14, 2016, 09:59:10 am »
Made a few random codes that i havent seen on this thread.

Cloning via daycare:
8F
Any
X Accuracy x72
Carbos x218
Max Revive x01
TM01 x(any)

Put the pokémon to clone in the daycare, take it back out. And run the 8F code. The pokémon is now in the daycare again, ready to be taken out.
Code: [Select]
$D322 <- 2E 72 || ld l, 72
$D324 <- 26 DA || ld h, DA
$D326 <- 36 01 || ld (hl), 01
$D328 <- C9    || ret

ATT, DEF, SPD and SPEC IV's 10:
8F
Any
X Accuracy x135(134) <--- first 135, then 134.
Carbos x209
Max Revive x170
TM01 x(any)

This seems a bit random, but this IV spread makes it shiny in gen2 games. Not verry usefull atm unless you still play the cartridges. But if they release them on VC... :D
Code: [Select]
$D322 <- 2E 87(86) || ld l, 87(86)
$D324 <- 26 D1     || ld h, D1
$D326 <- 36 AA     || ld (hl), AA
$D328 <- C9        || ret

Turn Badges on/off
- 8F
- Any
- X Accuracy x86
- Carbos x211
- Max Revive x(XX) <- binary switches
- TM01 x(any)

Pretty straight forward. Just pick the badges you want (or don't want) and convert the byte to decimal to determine the Max Revive quantity.

Binary switches:
00000001 = boulder badge
00000010 = cascade badge
00000100 = thunder badge
00001000 = rainbow badge
00010000 = soul badge
00100000 = marsh badge
01000000 = volcano badge
10000000 = earth badge
Code: [Select]
$D322 <- 2E 56 || ld l, 56
$D324 <- 26 D3 || ld h, D3
$D326 <- 36 xx || ld (hl), xx
$D328 <- C9    || ret

realsamusaran

  • GCLF Member
  • Offline Offline
  • Gender: Female
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #346 on: April 22, 2016, 04:05:33 pm »
I feel silly asking this, but just to clarify, it doesn't matter what you end your code with as long as it has a hex value of C9?

So every code can be ended with TM01 or any item x201?

Krys3000

  • French living dexer
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - French Pokémon glitch website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #347 on: April 23, 2016, 03:32:21 am »
Yes  ;)

Admin of the PRAMA Initiative, the main french Pokémon glitch website
https://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov

realsamusaran

  • GCLF Member
  • Offline Offline
  • Gender: Female
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #348 on: April 23, 2016, 04:45:50 am »
I feel silly asking this, but just to clarify, it doesn't matter what you end your code with as long as it has a hex value of C9?

So every code can be ended with TM01 or any item x201?
hm. I tried this, but the codes worked slightly different from how they worked before.

The item duplication code turned my 1 Nugget into 0 (256), and the code to change the item into a different item went -1 instead of +1.

The only thing I changed was swapping the Revive x201 or Full Heal x201 with a TM01. I was very careful, double-checking my bootstrap and the items in the code. I'm not sure what I must have done wrong. Is the Revive read as part of the code before the x201 tells it to end? I guess that was more what I meant to ask.

Skeef

  • GCLF Member
  • *
  • Offline Offline
  • Eek!
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #349 on: April 23, 2016, 06:23:57 am »
Yes, the Revive or Full Heal are both part of the code.

The duplication code basicly decreases the ammount of the second item by 2. So having 1 item - 2 rolls to 255. By replacing the
Revive with TM01 the code only does -1. Turning the second item to 00. (but you can still drop them so its not that big a deal)

Not sure what happens with the code to chance the second item tho. If you simply replaced Full Heal x201 with TM01 that code does nothing. If you replaced the Full Heal x201 with Revive x201 however it goes -1.

Either ways, if you don't want to use 201 item quantity, you could do Revive/Full Heal x04 followed by TM01

realsamusaran

  • GCLF Member
  • Offline Offline
  • Gender: Female
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #350 on: April 24, 2016, 06:10:59 am »
Yes, that must have been what I did for the code to change the item's index. Oopsies. I should pay more attention.

So then if I understand you correctly, the relevant item x 04 followed by TM01 x any would be suitable for any code requiring x 201 of the item at the end?

Krys3000

  • French living dexer
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - French Pokémon glitch website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #351 on: April 24, 2016, 07:42:07 am »
Well, it's not that simple. The quantity of the 'relevant item' will be read as code. Skeef gave you the example of a quantity of x04, which is a very good example since 04 matches the opcode 'inc b'. Since you finished your code already and won't use b anymore (or never did), then it won't cause any harm.

However, your codes might be more complex than just a one-shot instruction. If you write a function which will, for example, increase something everytime the code is activated, and that function uses the value of b for some reason, it will mess up your code, so you have to find another quantity for your final item - one that matches an opcode that cannot mess with your code.

Admin of the PRAMA Initiative, the main french Pokémon glitch website
https://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov

Skeef

  • GCLF Member
  • *
  • Offline Offline
  • Eek!
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #352 on: April 24, 2016, 11:55:15 am »
Exactly. My 8F bootstrap code has 6 pokémon tho, so the first thing it does is ld b xx. Meaning b always resets when i use 8F.

I made a small adjustmen to pigdevil2010's bootstrap to better fit my needs:
Any <--- woot!
Pidgey - 233 hp remaining
Parasect
Onix
Tentacool
Arbok

I can go out with my bootstrap and not mess up the opcodes when i catch a pokémon :D

danny

  • Decamark Collector and Pokémaniac
  • Member+
  • *
  • Offline Offline
  • i hate being alive
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #353 on: April 24, 2016, 05:40:19 pm »
Step 1. Do the Mew glitch with 195 special to catch h POKé
Step 2. Catch Onix
Step 3. Do the Remaining HP glitch with HP of 211 to get M p'u
Step 4. Faint them all
Step 5. Put them in this order: h POKé, Onix, M p'u
Step 6. Now you have three free slots with the same effect as 5!

Yes, this requires glitches, but 8F is a glitch too.
ralsei is my son.

discord: dani#5700

Skeef

  • GCLF Member
  • *
  • Offline Offline
  • Eek!
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #354 on: April 25, 2016, 11:59:00 am »
Why do you need to faint them? O.o

danny

  • Decamark Collector and Pokémaniac
  • Member+
  • *
  • Offline Offline
  • i hate being alive
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #355 on: April 25, 2016, 02:44:33 pm »
Why do you need to faint them? O.o

so you can use any pokemon you want
ralsei is my son.

discord: dani#5700

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #356 on: April 26, 2016, 09:57:22 am »
Exactly. My 8F bootstrap code has 6 pokémon tho, so the first thing it does is ld b xx. Meaning b always resets when i use 8F.

I made a small adjustmen to pigdevil2010's bootstrap to better fit my needs:
Any <--- woot!
Pidgey - 233 hp remaining
Parasect
Onix
Tentacool
Arbok

I can go out with my bootstrap and not mess up the opcodes when i catch a pokémon :D
I remeber posting this one a while ago on PRAMA's forums... However, you just made me realize I never added it to the wiki page ! Let's do this.
It won't show up right away tho, as it needs the approval of someone like Torchickens. My edits have to be approved by an "authorized user".
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

Skeef

  • GCLF Member
  • *
  • Offline Offline
  • Eek!
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #357 on: April 26, 2016, 12:04:04 pm »
I also tried putting pidgey on the 4th place. To see if i could use a pokémon thats not version exlusive instead of Arbok. But apparantly relative jumps can only jump for 128 bytes, making the 4th pokémon out of range  :(.

Also, the change to the wsm bootstrap is still not visible either. It still says Nidoqueen instead of Nidoran (female).

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #358 on: April 26, 2016, 04:25:16 pm »
Arbok is not version-exclusive. It can be caught easily using the Ditto Glitch (the bottommost Trainer in Route 14 does), check this out.
Cooltrainer may also help (I did make this setup on a Red cartridge, but without ever encountering an Abo or Arbok :P)
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

Krys3000

  • French living dexer
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - French Pokémon glitch website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #359 on: April 27, 2016, 04:56:50 am »
Implying you can actually perform the Ditto Trick or Cooltrainer Trick, which might not be the case.

Of course, you can still rely on Old Man/GC RAM Manipulation to get a MissingNo., but it's true that having a setup with no version-exclusive or glitch Pokémon is an improvement.

Admin of the PRAMA Initiative, the main french Pokémon glitch website
https://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov