Main Menu
Main Page
Forums
New pages
Recent changes
Random page
Help

Glitches
Arbitrary code execution
Pokémon cloning
Pomeg glitch and Glitzer Popping
Tweaking and voiding
Glitches by generation
Other glitch categories

References/Resources
Databases
Disassembly projects
The Big HEX List
Interactive tools
Reference documents
Terminology

Affiliates
Legendary Star Blob 2 (Hakuda) (日本語/Japanese)
Pokémon Speedruns wiki (English)
PRAMA Initiative (Français/French)
MissingNo. Glitch City (Italiano/Italian)
Become an affiliate!

Technical
Site source code

Search Wiki

 

Search Forums

 

Author Topic: Arbitrary code execution in Red/Blue using the "8F" item  (Read 443149 times)

0 Members and 2 Guests are viewing this topic.

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #525 on: January 25, 2017, 03:06:58 am »
Well, just decided to quickly code something for 8F...

CHANGE ANY BYTE IN RAM TO ANYTHING
(or, psuedo-GameShark in software)

This code uses only 5 basic items, and will easily allow you to modify any byte in RAM one wants to.

Item 1: any item
Item 2: 8F
Item 3: Lemonade, quantity (byte to change to, or 2nd byte of GScode)
Item 4: X Accuracy, quantity (low byte of RAM address to change, or 3rd byte of GScode)
Item 5: Carbos, quantity (high byte of RAM address to change, or 4th byte of GScode)
Item 6: Poké Ball, quantity 119
Item 7: Fresh Water, quantity 201

ASM:
Code: [Select]
D322: 3E xx         ld a, xx
D324: 2E xx         ld l, xx
D326: 26 xx         ld h, xx
D328: 04            inc b
D329: 77            ld (hl), a
D32A: 3C            inc a
D32B: C9            ret

So, for GameShark code 011559D0, which would encounter a Mew after you close the menu (and yes, this is the one i tested it with -- on a real cart no less), use the following item list:

Item 1: any item (but I guess you'd want Master Balls here for this example!)
Item 2: 8F
Item 3: Lemonade, quantity 21
Item 4: X Accuracy, quantity 89
Item 5: Carbos, quantity 208
Item 6: Poké Ball, quantity 119
Item 7: Fresh Water, quantity 201

By the way, since no address is hardcoded, this *should* work on Yellow too; but I haven't tested it there. (obviously the example posted above won't!)
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

jelome1989

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #526 on: January 25, 2017, 03:29:39 am »
That's not what I'm looking for, but thanks anyway. I found the code to manipulate the DVs, but unfortunately, you can only manipulate the DVs by pairs and not individually, so it would be impossible to manipulate DVs to force shininess when transferring to Gen 7

Unused Trainer

  • GCLF Member
  • *
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #527 on: January 25, 2017, 05:22:07 am »
That's not what I'm looking for, but thanks anyway. I found the code to manipulate the DVs, but unfortunately, you can only manipulate the DVs by pairs and not individually, so it would be impossible to manipulate DVs to force shininess when transferring to Gen 7
Yes i agree with you.

jelome1989

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #528 on: January 25, 2017, 08:28:52 am »
Hold on, I might have something here. I executed the code with x10 Lemonades but ended up with 0 Atk and Speed DVs and 10 Defense and Special DVs... Why is that? The Atk should be paired with the Def DVs thus they should end up with equal DVs but why are my results different?

I used this code to manipulate the DVs but replaced 'FF' with '10':
01FF85D1
01FF86D1

Please advise. Thanks

Edit: Hold on, I think I get it now. Seems I made a stupid mistake. Will update later. It seems WE CAN MANIPULATE THE DVs to force shininess after all!
« Last Edit: January 25, 2017, 08:39:04 am by jelome1989 »

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #529 on: January 25, 2017, 08:55:31 am »
Yep, you can manipulate DVs. There's no problem to manipulate them individually either.

Take the number of ATK DVs, turn it into hex digit #1.
Take the number of DEF DVs, turn them into hex digit #2.
Use the code 01(digit #1)(digit #2)85D1 to manipulate both.
Replace ATK with SPD, DEF with SPE and 85 with 86 and you can manipulate both SPD and SPE DVs !
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

jelome1989

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #530 on: January 25, 2017, 09:34:15 am »
Yeah, I got it. I actually recorded it and made it on my first try. Will upload it soon in my channel.

forsyz

  • GCLF Member
  • *
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #531 on: January 25, 2017, 10:47:22 am »
How would you change trainer id and name.

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #532 on: January 25, 2017, 12:40:46 pm »
Are you talking about doing such on a save, or on a Pokémon ?
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

Masked_koopa

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #533 on: January 25, 2017, 01:25:16 pm »
Hi, I hate to be a bother, but is it possible to convert this R/B item script to be compatible with yellow? I tried decreasing the quantities of the items that were "D" in the code by one, but I'm reluctant to do more due to risk of save file loss (and I already lost one by being too reckless wi the walk through walls code)



Code: (change character name, from OP)


Video: http://www.youtube.com/watch?v=Sw0h7ImFsAs#t=918s

ITEM LIST (starting from the first slot):
* Any item
* 8F
TM50                 x181
TM10                 x64
TM34                 x88
TM09                 x46
Calcium              x52
X Accuracy           x35
Full Heal             X201
« Last Edit: January 25, 2017, 01:27:00 pm by Masked_koopa »

Evie the Bird Mother 🌸 ☽

  • Veteran Contributor
  • *
  • Offline Offline
  • Gender: Female
  • ああ、紅茶がおいしい。 ~ ^^
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #534 on: January 25, 2017, 04:26:57 pm »
Hi, I hate to be a bother, but is it possible to convert this R/B item script to be compatible with yellow? I tried decreasing the quantities of the items that were "D" in the code by one, but I'm reluctant to do more due to risk of save file loss (and I already lost one by being too reckless wi the walk through walls code)


Code: (change character name, from OP)


Video: http://www.youtube.com/watch?v=Sw0h7ImFsAs#t=918s

ITEM LIST (starting from the first slot):
* Any item
* 8F
TM50                 x181
TM10                 x64
TM34                 x88
TM09                 x46
Calcium              x52
X Accuracy           x35
Full Heal             X201

Hi Masked_koopa, no worries. Sure!

As thought you need to decrease addresses and other values by 1. We need to decrease both the addresses and the values for l.

Your code represents the following:

Code: [Select]
ld a, D2B5
ld b,b
ld (D158),a
ld l, 27
inc (hl)
ld l, 23
inc (hl)
ret

We need to change D2B5 to D2B4, D158 to D157, 27 to 26 and 23 to 22, which results in the following items you'll need for Yellow (note Carbos is used instead of Calcium):

TM50 x 180
TM10 x 64
TM34 x 87
TM09 x 46
Carbos x 52
X Accuracy x 34
Full Heal x 201

Hope that helps!  :)
« Last Edit: January 25, 2017, 04:31:21 pm by Torchickens »
(I was former joint head admin but stepped down)
✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿
Here have some free flowers on every post. ^^
✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿
Love, faith, hope are free. If all is lost friends save us.
Thanks fans for lovely Torchic artwork. ♡ First image thanks Nyapon.

Crystal_

  • Distinguished Member
  • *
  • Offline Offline
  • 39 00 39 00 39 00 39 00
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #535 on: January 28, 2017, 12:09:41 pm »
Using 8F to get PokeBank-compatible Mew and shiny Pokemon

https://www.youtube.com/watch?v=H8AgGp5cqPI

Item lists (includes assembly code):
Encounter Mew with 8F: http://pastebin.com/MJd9rA8y
Mew method #1 (change player IDNo. and name): http://pastebin.com/BA4mK4PK
Mew method #2 (change Mew IDNo. and name): http://pastebin.com/z836UeVA
One shiny Pokemon: http://pastebin.com/QaNpSYCc
All current box shiny Pokemon: http://pastebin.com/z6ZVN76z

holymoly

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #536 on: January 31, 2017, 06:39:27 pm »
i've done the brock through walls glitch to go to saffron and got the 8f item, but i forgot about the party setup and i'm stuck because my strongest pokemon is a lv 9 abra. is there any way to get the five pokemon or do i need to restart?

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #537 on: February 01, 2017, 01:52:18 am »
You can't Teleport back to Pewter ?

Otherwise, you'll have to advance your progression if you want to get the Pokémon.
If you have access to Saffron this won't be too much of a problem.

If you have a Rare Candy, here's how to duplicate it to make stuff that much easier.
1) Buy balls. LOTS. Also buy different items so you have at least 6 occupied slots.
2) Give a drink to the Saffron guards.
3) Heal at Saffron Poké Center.
4) Go south and Trainer-Escape from the top-left Trainer (stand with him on the same row as Red but one tile offscreen, walk left and hold START during the walk, use Teleport).
5) Go to Route 8.
6) Fight the Gambler on the south-east part of the road, lose to his first Pokémon. Make sure he makes at least one step when encountering you, otherwise you'll get a softlock.
BONUS : Before going to Vermilion, pay Snorlax a visit. That should remove him at step 9, which means you can go through Cycling Road :)
7) Make sure Rare Candy is in the 6th slot of your inventory.
8) Open your START menu then head towards Vermilion.
9) Close the menu again then run away (or catch, whatever you want) Missingno.
10) CANDIEZ

Then you can get the Pokémon.
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

YellowFreddy

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #538 on: February 06, 2017, 04:49:38 pm »
Is there an Intuitive, Searchable, opcode map for the GB, I would like to write some item codes.

Flandre Scarlet

  • Mistress of Scarlet Devil Mansion
  • GCLF Member
  • *
  • Offline Offline
  • Role playing as my favorite character is fun
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #539 on: February 06, 2017, 06:14:40 pm »
Is there an Intuitive, Searchable, opcode map for the GB, I would like to write some item codes.
Something like this? http://www.pastraiser.com/cpu/gameboy/gameboy_opcodes.html
I am a fan of Pokemon, Glitches, Touhou, Yugioh, Smash, Mario, Sonic, Kirby, (2D) Metroid, and MORE!