Main Menu
Main Page
Forums
New pages
Recent changes
Random page
Help

Glitches
Arbitrary code execution
Pokémon cloning
Pomeg glitch and Glitzer Popping
Tweaking and voiding
Glitches by generation
Other glitch categories

References/Resources
Databases
Disassembly projects
The Big HEX List
Interactive tools
Reference documents
Terminology

Affiliates
Legendary Star Blob 2 (Hakuda) (日本語/Japanese)
Pokémon Speedruns wiki (English)
PRAMA Initiative (Français/French)
MissingNo. Glitch City (Italiano/Italian)
Become an affiliate!

Technical
Site source code

Search Wiki

 

Search Forums

 

Author Topic: Arbitrary code execution in Gold/Silver UE using the Coin Case  (Read 86516 times)

0 Members and 1 Guest are viewing this topic.

Epsilon

  • Member+
  • *
  • Offline Offline
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #150 on: October 24, 2017, 06:56:23 pm »
Here's a new code:

All encountered Pokemon are shiny:
Box 1: Ap0'méJ95
Box 2: p0-éK955
Box 3: p02éL9p'd
Box 4: (Doesn't Matter)
Box 5: p0éé(male)'dyy
Box 6: p0ké0'dp'd

After executing, just walk around in the grass. Any Pokemon you encounter will be shiny!

Please note this does affect trainer Pokemon as well, meaning any trainer you encounter will have a full shiny team. Also, note that the only way to disable this code is by resetting the game.

As of right now, this is TM 25 only. I have yet to port this for coin case.

Enjoy!
grouchy

Dragon Arbock

  • Oldschool Glitch Hobbyist
  • GCLF Member
  • Offline Offline
  • Charizard 'M is best Charizard
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #151 on: October 24, 2017, 10:39:10 pm »
Here's a new code:

All encountered Pokemon are shiny:
Box 1: Ap0'méJ95
Box 2: p0-éK955
Box 3: p02éL9p'd
Box 4: (Doesn't Matter)
Box 5: p0éé(male)'dyy
Box 6: p0ké0'dp'd

After executing, just walk around in the grass. Any Pokemon you encounter will be shiny!

Please note this does affect trainer Pokemon as well, meaning any trainer you encounter will have a full shiny team. Also, note that the only way to disable this code is by resetting the game.

As of right now, this is TM 25 only. I have yet to port this for coin case.

Enjoy!

Oh, this sounds cool. If this is possible, is it possible to use a code to alter the species of wild pokemon? I know with 8F you could.

Epsilon

  • Member+
  • *
  • Offline Offline
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #152 on: October 25, 2017, 04:36:13 am »
Here's a new code:

All encountered Pokemon are shiny:
Box 1: Ap0'méJ95
Box 2: p0-éK955
Box 3: p02éL9p'd
Box 4: (Doesn't Matter)
Box 5: p0éé(male)'dyy
Box 6: p0ké0'dp'd

After executing, just walk around in the grass. Any Pokemon you encounter will be shiny!

Please note this does affect trainer Pokemon as well, meaning any trainer you encounter will have a full shiny team. Also, note that the only way to disable this code is by resetting the game.

As of right now, this is TM 25 only. I have yet to port this for coin case.

Enjoy!

Oh, this sounds cool. If this is possible, is it possible to use a code to alter the species of wild pokemon? I know with 8F you could.

Yes, and I will work on it as soon as I get home.
grouchy

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #153 on: October 25, 2017, 05:52:36 am »
If you change addresses CEA3-CEA6 to 08 (or apparently all values 08-0E), it will allow you to walk through almost any wall. However these addresses will be reset after taking a step, so if you want to do this with arbitrary code execution it must be done with something like many uses of wrong pocket TM/HM code execution (as Coin Case requires moving in a specific pattern), or "real time arbitrary code execution".


Usually when I try writing to the OAM DMA, the game ends up crashing.

Maybe i'm missing something.

EDIT: Just tried it again, worked fine. Can't recall what I did wrong initially.
Since the OAM DMA routine is ran on every frame, you must overwrite the terminating RET last. Maybe that's what was going awry.
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

Epsilon

  • Member+
  • *
  • Offline Offline
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #154 on: October 25, 2017, 10:01:14 am »
Took a lot longer than expected, but here it is!

All wild Pokemon are <inset x pokemon here>:
Box 1: Ap'v8é'm25
Box 2: p0(male)55555
Box 3: 'v'vé52p0'm
Box 4: éJ9p0(female)55
Box 5: éK9p0255
Box 6: éL9p'd555
Box 7: p0?yyéé'd
Box 8: p'dyyyyyy

Replace ? with the SpeciesID.

Now, obviously not every Pokemon is going to be able to be represented with valid characters. If you would like this code to work with a specific Pokemon, just let me know and i'll be happy to make an adaption.

grouchy

Nostalgia

  • GCLF Member
  • *
  • Offline Offline
  • Gender: Male
  • ?
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #155 on: October 25, 2017, 12:07:15 pm »
That's amazing, what level are the Pokemon? The same level as the Pokemon on the route that are replaced? And you said to get encounters back to normal you just reset the game? Also does a Celebi you catch with this glitch have its start moves of Leech Seed, Heal Bell, Confusion and Recover?

As for suggestions for other Pokemon - maybe the baby Pokemon (Cleffa, Igglybuff, Magby, Elekid, Pichu) as these Pokes are annoying to breed for because for whatever reason its takes ages for the daycare to produce a egg I'm finding in the VC versions, others have reported this too, you get there eventually, but it sometimes takes A LOT of biking just for them to produce one egg.

Also the legendary beasts would be useful too. :) Currently I have Suicune, but it's annoying trying to rely on luck finding the others especially when you don't have their Pokedex entries.
« Last Edit: October 25, 2017, 12:13:59 pm by Nostalgia »

Epsilon

  • Member+
  • *
  • Offline Offline
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #156 on: October 25, 2017, 12:17:07 pm »
That's amazing, what level are the Pokemon? The same level as the Pokemon on the route that are replaced? And you said to get encounters back to normal you just reset the game? Also does a Celebi you catch with this glitch have its start moves of Leech Seed, Heal Bell, Confusion and Recover?

As for suggestions for other Pokemon - maybe the baby Pokemon (Cleffa, Igglybuff, Magby, Elekid, Pichu) as these Pokes are annoying to breed for because for whatever reason its takes ages for the daycare to produce a egg I'm finding in the VC games, others have reported this too, you get there eventually, but it sometimes takes A LOT of biking just for them to produce one egg.

Also the legendary beasts would be useful too. :) Currently I have Suicune, but it's annoying trying to rely on luck finding the others especially when you don't have their Pokedex entries.

Thank you!

Regarding the levels, they are based on the route you used this exploit in. Regarding the moves, the Celebi I tried this with used Confusion and Heal Bell agianst me, but I only had time to test out 3 attacks (it used heal bell twice).

As for the other Pokemon you mentioned, I will make them as soon as I return to my computer. :)
« Last Edit: October 25, 2017, 12:19:06 pm by Couldntthinkofaname »
grouchy

Dragon Arbock

  • Oldschool Glitch Hobbyist
  • GCLF Member
  • Offline Offline
  • Charizard 'M is best Charizard
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #157 on: October 25, 2017, 12:34:53 pm »
That's really nice of you to do. I was gonna mess around with it when I have time, but  if you can, you should probably make it compatible with pokemon that don't match existing single characters (like Sneasel is 't'v8).

Nostalgia

  • GCLF Member
  • *
  • Offline Offline
  • Gender: Male
  • ?
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #158 on: October 25, 2017, 12:55:31 pm »
Thank you!

Regarding the levels, they are based on the route you used this exploit in. Regarding the moves, the Celebi I tried this with used Confusion and Heal Bell agianst me, but I only had time to test out 3 attacks (it used heal bell twice).

As for the other Pokemon you mentioned, I will make them as soon as I return to my computer. :)

This seems the best way to get Celebi with it's start moves then. Other methods to obtain Celebi then have to do another glitch to teach it's start moves which takes a longer time. The only other way to get a Celebi with its start moves using one method is using the bad clone method to get a Celebi at level 0 then give it a Rare Candy to level 1 and it will learn it's start moves, but the bad clone method is more complicated, risky and time consuming, so your discovery is definitely the best method.

Epsilon

  • Member+
  • *
  • Offline Offline
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #159 on: October 25, 2017, 01:17:30 pm »
That's really nice of you to do. I was gonna mess around with it when I have time, but  if you can, you should probably make it compatible with pokemon that don't match existing single characters (like Sneasel is 't'v8).

Thanks!

In box 7 I left room for a 'v and another value to do just that. I left it out of the code for use with the likes of Celebi.
grouchy

Nostalgia

  • GCLF Member
  • *
  • Offline Offline
  • Gender: Male
  • ?
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #160 on: October 25, 2017, 01:31:07 pm »
This would be a good video idea to make along with the all encountered Pokemon are shiny code you discovered, Torchickens I hope you're reading this.

Anyway I'm still curious about some of the other factors with this. Like, if you set all the wild encounters to Celebi, catch the Celebi and save, how does the encounters go back to normal upon resetting if you just saved with that code in place? The one thing I wouldn't want to happen with a glitch like this would be to permanently mess up the code of the wild encounters.
« Last Edit: October 25, 2017, 01:31:55 pm by Nostalgia »

Epsilon

  • Member+
  • *
  • Offline Offline
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #161 on: October 25, 2017, 01:43:11 pm »
This would be a good video idea to make along with the all encountered Pokemon are shiny code you discovered, Torchickens I hope you're reading this.

Anyway I'm still curious about some of the other factors with this. Like, if you set all the wild encounters to Celebi, catch the Celebi and save, how does the encounters go back to normal upon resetting if you just saved with that code in place? The one thing I wouldn't want to happen with a glitch like this would be to permanently mess up the code of the wild encounters.

I can make a video of it, provided I can figure out how lol

As to how the code resets upon saving/resetting, the game simply fixes the DMA OAM routine upon startup.
« Last Edit: October 25, 2017, 01:43:51 pm by Couldntthinkofaname »
grouchy

Nostalgia

  • GCLF Member
  • *
  • Offline Offline
  • Gender: Male
  • ?
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #162 on: October 25, 2017, 02:11:51 pm »
Okay I understand.

But maybe Torchickens or Crystal_ might, they have both have made plenty of Coin Case videos in the past but this is something new to showcase and many people would find it useful.

Epsilon

  • Member+
  • *
  • Offline Offline
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #163 on: October 25, 2017, 02:13:19 pm »
Glad to hear!

I'll combine this with my shiny code, and hopefully add a Pokèrus code as well.
« Last Edit: October 25, 2017, 02:16:31 pm by Couldntthinkofaname »
grouchy

Nostalgia

  • GCLF Member
  • *
  • Offline Offline
  • Gender: Male
  • ?
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #164 on: October 25, 2017, 02:31:40 pm »
Speaking of videos, is it possible to use this code but with PP Ups instead? https://www.youtube.com/watch?v=CiDi5nb-uoc I just want to know if there is a easier way to get PP Ups instead of the slow cloning method.