Main Menu
Main Page
Forums
New pages
Recent changes
Random page
Help

Glitches
Arbitrary code execution
Pokémon cloning
Pomeg glitch and Glitzer Popping
Tweaking and voiding
Glitches by generation
Glitch categories

References/Resources
Databases
Disassembly projects
The Big HEX List
Pokémon cheat codes
Pokémon glitch terminology
Useful tools
More

Affiliates
Legendary Star Blob 2 (Hakuda) (日本語/Japanese)
Pokémon Speedruns wiki (English)
PRAMA Initiative (Français/French)
MissingNo. Glitch City (Italiano/Italian)
Become an affiliate!

Technical
Site source code

Search Wiki

 

Search Forums

 

Author Topic: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!  (Read 14131 times)

0 Members and 1 Guest are viewing this topic.

Anna Says Hi

  • GCLF Member
  • Offline Offline
  • Too bad! The trade was cancelled.
    • View Profile
In that case, I have a mail/box code to give party Pokemon 3 maxed out DVs/IVs:
# means that any symbol can go there, since that slot will be overwritten by something later on.
Code: [Select]
Mail:
t##)'vQéh5?!ée50"
?cék5Aéo5l0A'm:5

Box names, starting from box 5 (the Pk is one character):
###ép5?7
07#'vt#09
#'vj##i5#
09Pk'd####

Code: [Select]
target: get 67 in FBA4, 6F in FBA7, 22 in FBAA, BD in FBAE, C2 in FBAF, jump to FB9C

org $F001

F002: or E; B3, t
F003: ld BC, 9B01; 01 01 9B; # # )
F006: sub $90; 'v Q
F008: ld (FBA7), A; EA A2 FB, é h 5
F00B: and $E7; ? !
F00D: ld (FBA4), A; é e 5
F010: or $72; 0 "
F012: ld C, (HL);
F013: and $A2; ? c
F016: ld (FBAA), A; é k 5
F019: add A, B; A
F01A: ld (FBAE), A; é o 5
F01D: xor E; l
F01E: or 80; 0 A
F020: jp NC, FB9C; 'm : 5


target: get FF into DD4A - DD54

org $FB9C

$FB9C: ld (FBAF), A; EA AF FB, é p 5
$FB9F: and $FD; ? 7
$FBA2: or $FD; F6 FD, 0 7
$FBA4: ld H, A; 67
$FBA5: sub $B3; D6 B3, 'v t
$FBA7: ld L, A; 6F

$FBA8: or $FF; F6 FF, 0 9
$FBAA: ld (HLi), A; 22
$FBAC: sub $A9; D6 A9, 'v j
$FBAE: cp L; BD
$FBAF: jp nz, $FBA8; C2 A8 FB, # i 5
$FBB2: or $FF; F6 FF, 0 9
$FBBD: pop HL; E1, Pk
$FBBE: ret nc; D0, 'd
« Last Edit: March 04, 2018, 02:30:20 pm by Anna Says Hi »

Krys3000

  • French living dexer
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - French Pokémon glitch website
Thanks for that code, that's very helpful!

The good thing with mail codes is that just like item codes, they are international and can be used in every localization. Box charset in German G/S/C and French Crystal doesn't allow coding, unfortunately; so we have to translate everything into another type of code everytime for international members, and this takes a lot of time  :(
« Last Edit: March 05, 2018, 05:51:29 am by Krys3000 »

Admin of the PRAMA Initiative, the main french Pokémon glitch website
https://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov

Inkblot

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Is there a certain type of bad clone that is needed to get the kingdra clone in crystal? I was cloning eevee's and i got one with ?'s as a name. I deposited into a box and then put 5 normal eevees into it, and trying to do the withdraw trick, but they never turned into kindras. the eevee didn't seem have anything wrong with it besides the name, so Do i need a more glitched out clone for it to work? or is there a specific way you have to do it? i read you need to save and reset the game before doing the tick, but is that all you need to do?

Also, would it be possible to use the gameshark/memory editor-item code to get the right tm in the wrong pocket, instead of using the bellsproud/mystery egg method? Or do you need to do the mystery egg method?

Krys3000

  • French living dexer
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - French Pokémon glitch website
About the corruption induced by Bad Clones, you can read this: https://forums.glitchcity.info/index.php?topic=8269.msg208830#msg208830
I guess changing the Bad Clone and the clones used is the best move if you don't manage to get the corruption.

Quote
Also, would it be possible to use the gameshark/memory editor-item code to get the right tm in the wrong pocket, instead of using the bellsproud/mystery egg method? Or do you need to do the mystery egg method?

Of course this is possible but then it requires another ACE method to do it :)

Admin of the PRAMA Initiative, the main french Pokémon glitch website
https://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov

Inkblot

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
So I went and set up bad clone ACE in crystal, and it worked! however, I have two things I want to ask about

1) Well, not really a question, but something that was a bit confusing. I used the code to get any item, as i needed to change a tm 43 into a tm 42 in order to start setting up wrong pocket ACE. the way you have the code set up, it makes it look like in crystal the 9th item should change, as the way you have it listed is makes it seem like the 2 items needed for coin case ACE in the beginning aren't needed and don't affect the code in crystal at all. I got really annoyed when i followed the bad clone ACE guide and my tm didn't change. However i quickly found out that the code had worked, just the item 2 slots down had changed. The code still changes item 11, but the way you wrote the code out is kinda confusing if using it for crystal. I think you should make it more clear that regardless of the game, its the 11th item that changes.

2) When i used that code, I saw that instead of making the item decreases by 1, it did it by 2. So my tm 43 became tm 41. This wasn't a huge issue, as I just used tm 44 instead, but i wasn't sure if this was intentional or if there is some odd quirk on my end that caused the extra jump.


EDIT: I always wanted to ask if the box codes listed here and on the thread with compeditive ones would work on crystal. I assume no as you only mention gold and silver when you talk about them, but i just wanted to check to make sure as If I can use them It would be really helpful.
« Last Edit: April 03, 2018, 07:37:39 am by Inkblot »

Parzival

  • Buyer beware: House comes with 3 free skeletons in a closet of your choice.
  • GCLF Member
  • *
  • Offline Offline
  • Gender: Male
  • This box intentionally left blank. ...wait...
    • View Profile
    • (null)
This'd really benefit from a character-value chart of some sort for box codes. It seems like no one's made one.


Ask me about betrayal.
Ask me about depression.
Ask me about death.
Ask me about destruction.
Ask me about hardship.
I've been through s**t.
If you need to talk to someone, my PM inbox is always open.

Epsilon

  • Member+
  • *
  • Offline Offline
    • View Profile
This'd really benefit from a character-value chart of some sort for box codes. It seems like no one's made one.
Quote from: Epsilon
Apologies for double posting.

Ok, so as the Discord conversations have indicated this wont be the "quick fix" I had anticipated. For my own sake, and for others, it has become necessary to map out the Characters that can be used to Represent areas of the box name, similar to what Spamviech did with G/S. (Self-modding in Crystal is done with é*5)

(Characters with _ are not directly reachable, and characters behind | are end-terminators)
Code: [Select]

$DB75 - $DB7D: _ _ _ _ _ _ _ _ | _
$DB7E - $DB86: _ (space) A B C D E F | G
$DB87 - $DB8F: H I J K L M N O | P
$DB90 - $DB98: Q R S T U V W X | Y
$DB99 - $DBA1: Z ( ) : ; [ ] a | b
$DBA2 - $DBAA: c d e f g h i j | k
$DBAB - $DBB3: l m n o p q r s | t
$DBB3 - $DBBC: u v w x y z _ _ | _
$DBBD - $DBC5: _ _ _ _ _ _ _ _ | _
$DBC6 - $DBCE: _ _ _ _ _ _ _ _ | _
$DBCF - $DBD7: _ 'd 'l 'm 'r 's 't 'v | _
$DBD8 - $DBE0: _ _ _ _ _ _ _ _ | _
$DBE1 - $DBE9: (PK) (MN) - _ _ ? ! . | &
$DBEA - $DBF2: é _ _ _ _ (male) _ * | _

Thankfully, it seems box names in Crystal are somewhat easier to self-modify.
grouchy

cuttlefish

  • GCLF Member
  • Offline Offline
  • It has stats. It can be killed.
    • View Profile
Thanks for putting so much work into making such a detailed guide!

I have some questions pertaining to Crystal version. I'm interested in using ACE to get Pokemon that don't appear in Crystal, but I did some research after reading this guide and it seems like they all corrupt your game in some irreversible way. I would like to be able to complete the Pokedex with just one game so glitching the Pokedex would bother me.

So I'm wondering what the best method would be if I want to keep the game as looking as normal as possible. Would the Bad Clone method be the best way to go for me?
« Last Edit: July 14, 2018, 11:58:29 am by cuttlefish »

Krys3000

  • French living dexer
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - French Pokémon glitch website
What do you exactly mean by 'they all corrupt your game in some irreversible way'? I don't think any kind of corruption induced by the use of ACE is irreversible. For example, if you use the Glitch Pokédex method, both your Pokédex and your Balls Pocket will get corrupted, but both can be fixed by the use of ACE itself. Of course, after fixing, you won't be able to ACE again unless you perform the method again.
With Bad Clone ACE indeed, nothing will get corrupted (as far as you are OK to have a corrupted clone in your box) but this method has strong limitations (e.g. code can only be executed from a PC, and codes have to be modified for fixing the de register issue if it uses it).

I would personally advise you to do the same thing as pretty much everybody does: use the Bad Clone ACE to plant Wrong Pocket TM ACE in your game (as indicated in III.4: Prepare the Party setup) and to give yourself a TM15 in the Box Pocket, which allows you to skip the Mystery Egg part that corrupts your Balls Pocket. Then, you can eliminate the Bad Clone and only work with Wrong Pocket TM ACE. In this case, the only visible addition to your game is the TM15 in the Balls Pocket so you have to be OK with that :)

Admin of the PRAMA Initiative, the main french Pokémon glitch website
https://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov

cuttlefish

  • GCLF Member
  • Offline Offline
  • It has stats. It can be killed.
    • View Profile
Oh I was under the impression that a lot of the oddities that come with ACE couldn't be undone. Sorry for my ignorance, and thank you for suggesting a method. I'll definitely start trying this soon since having a TM in the balls pocket doesn't seem so bad.

yorshee

  • GCLF Member
  • Offline Offline
    • View Profile
Hi, I'm new to the forums but I've been silently following the Pokemon glitch scene for over a decade! That being said, I don't know a lick of programming knowledge, I just think exploiting the original programmer's oversights to accomplish all this cool stuff is great.

All of this is pretty confusing to me but from what I've read in the OP and done in-game in Pokemon Crystal, I've managed to obtain a TM15 in my ball pocket, as well as used the Bad Clone ACE to execute these stored items, which is supposedly Crystal's version of the 'slide Pokemon':
PP Up x252
TM42 x18
TM27 x3
TM10 x(any quantity)

Execute that, then toss some of ‘em and execute again, then toss some more and execute a third time. The specifics are in the OP :P

The OP states:
With all this done, everytime you use the TM from the Wrong Pocket with the Pokémon in right place, code will be executed!
...so I don't need to do that every time, right? From the way OP worded it, it sounded like a one-time thing you'd have to do.

So now every time I use TM15, while having a Quagsire holding a TM50 and with Return as its first move as the first and only Pokemon in my party, it should run ACE from my stored items, correct?

I'm terrible at explaining things with words so I made a video detailing my problem: https://www.youtube.com/watch?v=zCtB00YE324 (sorry if some of the subtitles get cut off a bit, I got a new video-making program and I'm still learning the ropes)

Any explanations and help would be appreciated! :D
« Last Edit: August 01, 2018, 05:29:12 pm by yorshee »

Krys3000

  • French living dexer
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - French Pokémon glitch website
Re: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!
« Reply #41 on: September 10, 2018, 02:51:48 pm »
Hello,

For some reason I missed your post. I hope this reply finds you now but I will post on your video also to increase the chances.

You are right, there was an issue with that specific code. It changes the ID of item 11, regardless of the version. However in the case of Crystal, the code here was 9 items long because the first two items are missing compared to G/S. You need to add 2 random items before the item you want to change, X Accuracy in this case. You can also change the quantity of Fresh Water to x2 and it will affect the 9th item instead of the 11th.

With this corrected, it should work fine the way you do it. Thanks for the report and apologies for the confusion :)

Admin of the PRAMA Initiative, the main french Pokémon glitch website
https://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov