Main Menu
Main Page
Forums
New pages
Recent changes
Random page
Help

Glitches
Arbitrary code execution
Pokémon cloning
Pomeg glitch and Glitzer Popping
Tweaking and voiding
Glitches by generation
Other glitch categories

References/Resources
Databases
Disassembly projects
The Big HEX List
Interactive tools
Reference documents
Terminology

Affiliates
Legendary Star Blob 2 (Hakuda) (日本語/Japanese)
Pokémon Speedruns wiki (English)
PRAMA Initiative (Français/French)
MissingNo. Glitch City (Italiano/Italian)
Become an affiliate!

Technical
Site source code

Search Wiki

 

Search Forums

 

Author Topic: Arbitrary code execution in Red/Blue using the "8F" item  (Read 443124 times)

0 Members and 3 Guests are viewing this topic.

Pavel

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #450 on: September 04, 2016, 10:00:57 am »
Hello Yeniaul and Torchickens, thank you both for your answer!

There's 2 or 3 items with a variant on the name "ws m". Make sure it's the right hex value. I can't remember much, try the page on ws m for inventory photos. Oh, and ws m is Yellow and has a different bootstrap setup, as it runs from boxed PKMN data instead of party PKMN data. Oh, and both need the Daycare to never be used OR the extra leftover data from the last Pokémon expunged from the save, which I can do in a week or so én masse when my Arduinos get here in like 10 days.

Hm, for the ‘ws m’ item, I followed the indications presented in this video (https://www.youtube.com/watch?v=jR5rov2e6PU), where it is obtained using the ditto glitch with a spe value of 194. So if the ‘ws m’ item of the US version is also supposed to work for the French version, then I should have the correct one, because I am sure I used of pokemon with a ‘spe’ stat value equal to 194.

Ok for the bootstrap, yes, I followed the indications provided for Wack0, which are about a box of 20 specific pokemon in a specific order (but the majority of them are asleep and in bad health, following their capture, and my jolteon comes from a lvl 7 evee, obtained through the ditto glitch, don’t know if this is relevant to my problem though). Apart from my jolteon, all of them were captured in a ‘legit’ way, even my scyther.

You are using a correct bootstrap code for the French version (in non-English version European versions the code indeed has to be tweaked, because the addresses are offset by +5).

It's odd that ws m isn't working because if you meet all the item and stored Pokémon requirements the code should work.

Regarding the item position; one thing that may be the problem is if the beginning of your code begins from an item position other than slot 3; as Wack0's bootstrap code is designed to execute your code from slot 3 only; so make sure your item list begins at slot 3.

The place that the item execution begins depends solely on the bootstrap code (how we redirect the code flow from stored Pokémon); so you don't have to worry about ws m executing from the item storage box because that would need a completely different bootstrap code. Using an English language bootstrap code to redirect the code flow to item 3 instead of a French/German/Spanish Italian one may mean that the game would still run the code from D322, which due to the address differences is effectively English Red/Blue's D31E (item 1 quantity).

Additionally make sure that your item quantities/items are correct and the current box loaded is the same storage box as where you stored your 20 Pokémon (the Slowpoke with 233 HP followed by five Slowpoke, Voltorb, Scyther, Jolteon, ten Geodude, Voltorb).

Hope that helps!

Alas, even after verifying everything I could think of, it still did not work, be it the ‘item n°2 x255 script’, or the ‘item n°2 change’ script: my game still freezes.
You mentioned an offset of +5 between the European and the US versions of the game, could it be that this is also relevant to the code being executed by the game when reading the script? For example, if ‘item n°2’  is being referenced by an address number, then the code, and so the list item, should be different between European and US versions, right? For example, while reading the topic a bit more, I found posts where people are presenting evidence that some script / items list are different between the two versions, or even between two European versions with two different languages, such as here (http://forums.glitchcity.info/index.php?topic=6638.msg192602#msg192602) and here (http://forums.glitchcity.info/index.php?topic=6638.msg192604#msg192604): there is a difference of amount of 5 for the TM05’ item.

EDIT:
EDIT: You're on a French version? Well, there you go. That's the problem. Read the ACE article on the wiki to see the equivalent item.
Ok Yeniaul, thanks for the indication, I will look that up right away. I am sorry, I was so focused on my search on this topic / tread of post in particular that I missed the existence of the other resources of this site : /

EDIT 2:
So I’ve read the ACE wiki page (http://glitchcity.info/wiki/Arbitrary_code_execution), and I saw nothing about ‘equivalent items’ between languages for code in general, though there is a section dedicated to ‘Using 7eme etage’ in those European version (http://glitchcity.info/wiki/Arbitrary_code_execution#Using_7eme_etage_.2F_P7_.2F_S7_.28French_.26_Italian_.2F_Spanish_.2F_German_Red.2FBlue.29, to which script is that a reference? Is that the name of another object? ), but it seems to be for Red / Blue only.
There is a short section about the yellow’ wsm (http://glitchcity.info/wiki/Arbitrary_code_execution#Using_.22ws_m.22_.28Yellow.29), but it only talks about the bootstrapping part, and not about an item equivalence between versions.
Finally, I looked up the ‘non-key item duplication’ part (http://glitchcity.info/wiki/Arbitrary_code_execution#Non-key_item_duplication), which uses different items that what I saw up until now, but it seems designed for Red / Blue; or anyway, it doesn’t work either with me : /
Were you thinking about a specific part when recommending me to look up this wiki page, Yeniaul?
« Last Edit: September 04, 2016, 10:21:56 am by Pavel »

Yeniaul

  • Guest
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #451 on: September 04, 2016, 10:46:52 am »
No, you were right the first time. It's for RGB that it's different. My bad. :P
Try healing all of them. It may be the status conditions, as that affected my 8F bootstrap one time.

Evie the Bird Mother 🌸 ☽

  • Veteran Contributor
  • *
  • Offline Offline
  • Gender: Female
  • ああ、紅茶がおいしい。 ~ ^^
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #452 on: September 04, 2016, 11:18:25 am »
I think with both TheZZAZZGlitch script for changing item 2 and lowena's script for changing item 2 quantity to 255 there should be no differences, as it doesn't specify the address (as in something such as ld a, D05D) and only alters hl; which initially represents item 3 (when you examine the French Yellow bootstrap code; hl ends up becoming D326— item 3).

In the change item 2 identifier script hl is decremented twice to represent item 2 identifier, which is increased by 1 with an inc (hl), so the code should be compatible. The value of 'c' does not matter and is used because it is easy to represent 'inc c' and 'dec c' as an item.

The code for illustration:
Item 1: 8F
Item 2: Item you want to morph
Item 3: Burn Heal            x43
Item 4: Ice Heal             x43
Item 5: Full Heal            x201

ASM:
Code: [Select]
WRA1:D322 0C               inc  c
WRA1:D323 2B               dec  hl
WRA1:D324 0D               dec  c
WRA1:D325 2B               dec  hl
WRA1:D32A 34               inc  (hl)
WRA1:D32B C9               ret
« Last Edit: September 04, 2016, 11:25:03 am by Torchickens »
(I was former joint head admin but stepped down)
✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿
Here have some free flowers on every post. ^^
✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿
Love, faith, hope are free. If all is lost friends save us.
Thanks fans for lovely Torchic artwork. ♡ First image thanks Nyapon.

Pavel

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #453 on: September 04, 2016, 11:26:26 am »
No, you were right the first time. It's for RGB that it's different. My bad. :P
Try healing all of them. It may be the status conditions, as that affected my 8F bootstrap one time.

Ok dok, Yeniaul, thanks for information.
I tried that (healing all the pokemon, and then storing them back in the right order), and I think we are onto something because it did change something: now, after the freeze, my save was gone : /
Well, I guess that was bound to happen at some point, and after all, if using ‘ws m’ worked for me, I was going to use it for the ‘perfect stats and DV’ script, which carried the risk of losing the save, according to the author of the nice youtube video showing how to do this on a VC US Pokemon Yellow. I will try again on an emulator, that will allow me to get some practice first, with the possibility to have a backup of the save.


I think with both TheZZAZZGlitch script for changing item 2 and lowena's script for changing item 2 quantity to 255 there should be no differences, as it doesn't specify the address (as in something such as ld a, D05D) and only alters hl; which initially represents item 3 (when you examine the French Yellow bootstrap code; hl ends up becoming D326— item 3).

In the change item 2 identifier script hl is decremented twice to represent item 2 identifier, which is increased by 1 with an inc (hl), so the code should be compatible. The value of 'c' does not matter and is used because it is easy to represent 'inc c' and 'dec c' as an item.

The code for illustration:
Item 1: 8F
Item 2: Item you want to morph
Item 3: Burn Heal            x43
Item 4: Ice Heal             x43
Item 5: Full Heal            x201

ASM:
Code: [Select]
WRA1:D322 0C               inc  c
WRA1:D323 2B               dec  hl
WRA1:D324 0D               dec  c
WRA1:D325 2B               dec  hl
WRA1:D32A 34               inc  (hl)
WRA1:D32B C9               ret

Ok Torchickens, thanks for having continued to look into this. Before I saw your answer, I thought about maybe asking to Wack0 for a compatibility of the scripts I found on this thread between US Yellow and European (specifically French) Yellow; as he seemed to be the one to have worked the most on this non-US versions; but if you are telling me that there is no difference, then I believe you.
I really wonder why it didn’t work for me, I hope that using an emulator will make things easier for me to look into this : )
« Last Edit: September 04, 2016, 11:27:14 am by Pavel »

Evie the Bird Mother 🌸 ☽

  • Veteran Contributor
  • *
  • Offline Offline
  • Gender: Female
  • ああ、紅茶がおいしい。 ~ ^^
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #454 on: September 04, 2016, 11:32:53 am »
You're welcome.

I'm sorry to hear about your save file (it sucks and I know it gives me this horrible sinking feeling) and I hope you get the glitch to work soon. Good luck getting it to work on the emulator!

Ok dok, Yeniaul, thanks for information.
I tried that (healing all the pokemon, and then storing them back in the right order), and I think we are onto something because it did change something: now, after the freeze, my save was gone : /
Well, I guess that was bound to happen at some point, and after all, if using ‘ws m’ worked for me, I was going to use it for the ‘perfect stats and DV’ script, which carried the risk of losing the save, according to the author of the nice youtube video showing how to do this on a VC US Pokemon Yellow. I will try again on an emulator, that will allow me to get some practice first, with the possibility to have a backup of the save.

Note if you get the code to change your Pokémon's stat experience to work (and many other memory editing/execution codes) there is no risk of losing the save file for successful executions as the code doesn't affect the SRAM ($A000-BFFF; which must be write enabled), but I think the only errors are those in preparation, such as having the wrong Pokémon in the current box or a bad item code setup.

This opens up the possibility of the game freezing, such as through execution of the 'rst 38' (hex:FF) instruction. Since at 0038 is another rst 38 this causes the game to fill the memory with a 00 39 pattern and there is a chance it will corrupt the save file (although I don't know much more about the specifics of this; it could be that the SRAM bank was opened and the SRAM was corrupted).
« Last Edit: September 04, 2016, 12:20:04 pm by Torchickens »
(I was former joint head admin but stepped down)
✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿
Here have some free flowers on every post. ^^
✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿
Love, faith, hope are free. If all is lost friends save us.
Thanks fans for lovely Torchic artwork. ♡ First image thanks Nyapon.

Krys3000

  • French living dexer
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - French Pokémon glitch website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #455 on: September 04, 2016, 01:28:08 pm »
Hey Pavel, do you know there is a french website on glitches? Check out PRAMA Initiative. We also have a board in which we can help you with glitches in french, which might be cool for you  ;)

Admin of the PRAMA Initiative, the main french Pokémon glitch website
https://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov

Yeniaul

  • Guest
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #456 on: September 04, 2016, 01:45:17 pm »
Hey Pavel, do you know there is a french website on glitches? Check out PRAMA Initiative. We also have a board in which we can help you with glitches in french, which might be cool for you  ;)
Shameless self-promotion is shameless.

Pavel

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #457 on: September 04, 2016, 01:54:48 pm »
Note if you get the code to change your Pokémon's stat experience to work (and many other memory editing/execution codes) there is no risk of losing the save file for successful executions as the code doesn't affect the SRAM ($A000-BFFF; which must be write enabled), but I think the only errors are those in preparation, such as having the wrong Pokémon in the current box or a bad item code setup.

This opens up the possibility of the game freezing, such as through execution of the 'rst 38' (hex:FF) instruction. Since at 0038 is another rst 38 this causes the game to fill the memory with a 00 39 pattern and there is a chance it will corrupt the save file (although I don't know much more about the specifics of this; it could be that the SRAM bank was opened and the SRAM was corrupted).

Ok Torchickens, thanks for the explanation.
If that is the case, then maybe I did screw up something about the setup, before my save was erased. I shall find out when I reach this point again. I have found interesting resources here (http://www.smogon.com/forums/threads/pok%C3%A9mon-red-blue-and-yellow-to-be-re-released-for-the-3ds-virtual-console.3555769/page-19) to get to that stage as fast as possible, so as to be able to try it as soon as possible : )

Hey Pavel, do you know there is a french website on glitches? Check out PRAMA Initiative. We also have a board in which we can help you with glitches in french, which might be cool for you  ;)

Ahhhhhhh! After reading the first few lines of the page of PRAMA dedicated to the 8F / 'ws m' glitch, I so wish I pushed my search earlier until I found it and before my save crashed T.T !
Thanks for pointing me to it! As I have said above to Torchickens, I will first so a quickrun until I get to the point where I can safely train using this glitch, and if everything works correctly, I will do the same on the VC version : )

EDIT:
It seems the difference with what I was doing earlier is the bootstrapping recipe, as I tried using the one found by Wack0 instead of this shorter one for yellow, according to PRAMA's page (http://www.prama-initiative.com/index.php?page=8f-code-execution). Also, I obtained 'ws m' using the ditto glitch to encounter a certain glitch pokemon, instead of the item underflow glitch. But the item list recipe I used was correct, I am quite sure of that. Oh well, I shall confirm this once my save is ready.


Hey Pavel, do you know there is a french website on glitches? Check out PRAMA Initiative. We also have a board in which we can help you with glitches in french, which might be cool for you  ;)
Shameless self-promotion is shameless.
Well, this promoted site seems to be more relevant to my problem than a mainly-English-game-version oriented site, so it is not especially shameful if it answers the problem I have proposed, right? Besides, on the 8F page of the site, credit is given to Torchickens and TheZZaZZGlitch, so everything is fine, right?
« Last Edit: September 04, 2016, 02:06:20 pm by Pavel »

Krys3000

  • French living dexer
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - French Pokémon glitch website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #458 on: September 04, 2016, 02:05:25 pm »
Hey Pavel, do you know there is a french website on glitches? Check out PRAMA Initiative. We also have a board in which we can help you with glitches in french, which might be cool for you  ;)
Shameless self-promotion is shameless.

It's more like, you know, pointing out to a guy that there is a place where people can talk about this in his mother tongue.
Would it has been less 'shameless' if someone else pointed it out? This is stupid. You didn't need to be rude.


Admin of the PRAMA Initiative, the main french Pokémon glitch website
https://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov

Yeniaul

  • Guest
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #459 on: September 04, 2016, 02:32:04 pm »
Hey Pavel, do you know there is a french website on glitches? Check out PRAMA Initiative. We also have a board in which we can help you with glitches in french, which might be cool for you  ;)
Shameless self-promotion is shameless.

It's more like, you know, pointing out to a guy that there is a place where people can talk about this in his mother tongue.
Would it has been less 'shameless' if someone else pointed it out? This is stupid. You didn't need to be rude.
Wow, I'm starting to think you can't pick up sarcasm. I wasn't trying to be rude, but I am now, as you've pissed me off. You need to work on being less of an arsehole.

Krys3000

  • French living dexer
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - French Pokémon glitch website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #460 on: September 04, 2016, 03:18:23 pm »
Well, I've heard that kind of reflections many times, and I can assure you most of the time people are not joking, but just trying to be a jerk. Sorry if it's not your case, though I don't think that makes me an arsehole.

Anyway, if you insult everyone who don't get a joke, then maybe you should work on that, too.

Admin of the PRAMA Initiative, the main french Pokémon glitch website
https://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov

Yeniaul

  • Guest
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #461 on: September 04, 2016, 04:30:43 pm »
Well, I've heard that kind of reflections many times, and I can assure you most of the time people are not joking, but just trying to be a jerk. Sorry if it's not your case, though I don't think that makes me an arsehole.

Anyway, if you insult everyone who don't get a joke, then maybe you should work on that, too.

Check my sig. Blue line. I'm on the Autism Spectrum because I haven't been able to develop social skills (Asperger's Syndrome). And no, you're not an arsehole. More sarcasm.

Pavel

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #462 on: September 04, 2016, 11:33:22 pm »
Well, I've heard that kind of reflections many times, and I can assure you most of the time people are not joking, but just trying to be a jerk. Sorry if it's not your case, though I don't think that makes me an arsehole.

Anyway, if you insult everyone who don't get a joke, then maybe you should work on that, too.

Check my sig. Blue line. I'm on the Autism Spectrum because I haven't been able to develop social skills (Asperger's Syndrome). And no, you're not an arsehole. More sarcasm.

Gotcha. Well, IMHO, as far as I know, when talking face to face, things such as sarcasm or irony transpire through the tone of the voice or the expression made by one's face while speaking. It can also been conveined to someone without those clues if the someone knows the speaker well enough 'IRL', and has had the opportunity to train himself to recognize in which situations the speaker is prone to using sarcasm, so that he can apply his predicting skills on just plain text.
Seing as we are not face to face, nor do we know you well enough, we cannot do that, so as a default, people would tend to interpret your words using first degree, just as they appear to be.
In that case, if you want to convey sarcasm through text to people who do not know you well enough, you can use smileys, who take the role of facial expressions. In this case, maybe an emoticon like ': )' or ': D' (i.e.: to mean that your words were not to be taken for their a priori negative connotations) would have done the trick. Conversely, if you wanted to express sarcasm or irony regarding a sentence that carries a priori a positive meaning, you could use perhaps emoticons such as ': /' or '9_9' (for 'rolling eyes').

I am sorry for your condition, but without knowing this, people will expect you to express yourself this way / to have those skills, and, in my opinion, you canot blame them for reacting as they have been attacked when the sum of their previous experiences tells them they probably have been attacked. Now, a de-escalating approach would be to question 'the attacker' in order to know if he really has chosen to attack one, but you should not count on it.
It is true that you put the information regarding your condition in your signature, but your seems quite long (even though only the first sentences are 'normally big', so people might not read it (I know I didn't, and wasn't aware of your message in it until you pointed it out; but then it might be part of what an be expected of a newcomer to correctly read the signature of everyone who post on a forum; seing as I do not participate often on a forum I do not know if such an etiquette exists; if it does, then I sincerely apologize for not respecting it at first).

I apologize if what I have said sounds patronizing, but it seems to me this is better being said / being reminded, so that I can be sure (I do not know the experiences lived by every one of you) that everyone is on the same page. I should not bother you (all of you) afterwards.
« Last Edit: September 04, 2016, 11:35:57 pm by Pavel »

Hālian

  • That worldbuilding/micronations/MTG guy
  • Member+
  • *
  • Offline Offline
  • Gender: Male
  • Buried under a pile of OS-tans…
    • View Profile
    • Hoennese Realm
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #463 on: September 04, 2016, 11:54:29 pm »
I am sorry for your condition

Autism is not a condition.
The Hoennese Realm is under construction. Watch this space!



All sprites made by Naitekiakki, except:
Recolored Gardevoir made by me

Pavel

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #464 on: September 05, 2016, 12:30:33 am »
I am sorry for your condition

Autism is not a condition.

Since my pratice and understanding of English might be not good enough for this yet (or, since I am not concerned, I apparently never learned how to phrase it correctly in either languages, maybe), I apologize for having used this expression then. Now, according to you, and most importantly, according the the person concerned, how should I have phrased this / made a reference to this?