Main Menu
Main Page
Forums
New pages
Recent changes
Random page
Help

Glitches
Arbitrary code execution
Pokémon cloning
Pomeg glitch and Glitzer Popping
Tweaking and voiding
Glitches by generation
Other glitch categories

References/Resources
Databases
Disassembly projects
The Big HEX List
Interactive tools
Reference documents
Terminology

Affiliates
Legendary Star Blob 2 (Hakuda) (日本語/Japanese)
Pokémon Speedruns wiki (English)
PRAMA Initiative (Français/French)
MissingNo. Glitch City (Italiano/Italian)
Become an affiliate!

Technical
Site source code

Search Wiki

 

Search Forums

 

Author Topic: Arbitrary code execution in Gold/Silver UE using the Coin Case  (Read 85621 times)

0 Members and 1 Guest are viewing this topic.

spamviech

  • Member+
  • *
  • Offline Offline
  • Gender: Male
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #195 on: October 27, 2017, 09:22:19 pm »
Player Sprite Modifier - Permanent (Old Man; Change 's and A to different values for different results, can replace the 55 for Box 1 with 'v(Another Letter) too, if desired value is unobtainable):
Code: [Select]
Box 1: Ap0's'vA55 (XOR A; OR d4; SUB 0x80)
Box 2: é9'l55555  (LD [ffd1], A)

Just tried out the code above (with slight adjustment for use with TM25 in balls pocket) on VC (english) and the results are quite interesting:
Moving up/down turns you into a male rocket moving sideways (random if left or right) while moving left/right turn you into one of the girls (think the sister from the one who gives you the squirtle bottle has the same model) looking down.
Getting on the bike doesn't change your model, but you still move faster.

Might try a few more numbers, but so far most restulted in glitchy graphics for the player character.
Just a note: the above code also looked glitchy while in the upper level of the pokémon center, so the sprite might be dependent on the map you're currently on. I was in Goldenrod City for reference.
« Last Edit: October 27, 2017, 09:25:07 pm by spamviech »

SatoMew

  • Member+
  • *
  • Offline Offline
  • Gender: Female
    • View Profile

Epsilon

  • Member+
  • *
  • Offline Offline
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #197 on: October 28, 2017, 06:19:29 pm »
Video is finally up. Curse ye slow internet speeds

My recommendation is to convert to WebM before uploading.

https://trac.ffmpeg.org/wiki/Encode/VP8

https://trac.ffmpeg.org/wiki/Encode/VP9

FFMPEG returns errors when converting BGB videos into WebM.
grouchy

SatoMew

  • Member+
  • *
  • Offline Offline
  • Gender: Female
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #198 on: October 28, 2017, 06:35:26 pm »
FFMPEG returns errors when converting BGB videos into WebM.

That's strange! :( What is ffmpeg's output?

What I usually do after merging the AVI and WAV is encode the video to WebM with VP9 on Constant Quality mode. The following snippet is the command I recall using for that process:

Code: [Select]
ffmpeg -i "/path/to/video.avi" -c:v libvpx-vp9 -crf 0 -b:v 0 -c:a libopus -pix_fmt yuv420p "/path/to/video.webm"

forsyz

  • GCLF Member
  • *
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #199 on: October 28, 2017, 07:30:36 pm »
how do you convert tm 27 and coincase codes to tm 17 codes

Epsilon

  • Member+
  • *
  • Offline Offline
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #200 on: October 28, 2017, 08:47:12 pm »
how do you convert tm 27 and coincase codes to tm 17 codes

There's no singular answer for that, it's entirely dependant on the code.

TM 17 are already TM 25 codes, no conversion is required.

Most, coin case codes can be converted by simply tacking p'd at the end of the main code. FMK's one-off code is not necessary for Wrong pocket TM codes.

If you are having difficulties coverting a specific code, just let me know.
grouchy

Nostalgia

  • GCLF Member
  • *
  • Offline Offline
  • Gender: Male
  • ?
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #201 on: October 29, 2017, 06:56:30 am »

For Coin Case, this adaptation should work:
Code: [Select]
Box 1:  Ap'v8é'm25
Box 2:  p0(male)55555
Box 3:  'vAé52p0'm
Box 4:  éJ9p0(female)55
Box 5:  éK9p0255
Box 6:  éL9p'd555
Box 7:  p0[b]?[/b]yyéA'd
Box 8:  p0éé(female)'dyy
Box 9:  p0ké0'dyy
Box10:  pppppéZ× (× is the multiplication character)
Box11:  .9'l'l'l'lx'd

Couldn't get this to work, getting sent into the glitch dimension. All box names are correct. I just want the wild Celebi code, I'm not interested in Shiny, and I don't know if this was the coin case adaption of the wild and shiny encounter or just the wild encounter.

Epsilon

  • Member+
  • *
  • Offline Offline
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #202 on: October 29, 2017, 07:01:46 am »

For Coin Case, this adaptation should work:
Code: [Select]
Box 1:  Ap'v8é'm25
Box 2:  p0(male)55555
Box 3:  'vAé52p0'm
Box 4:  éJ9p0(female)55
Box 5:  éK9p0255
Box 6:  éL9p'd555
Box 7:  p0[b]?[/b]yyéA'd
Box 8:  p0éé(female)'dyy
Box 9:  p0ké0'dyy
Box10:  pppppéZ× (× is the multiplication character)
Box11:  .9'l'l'l'lx'd

Couldn't get this to work, getting sent into the glitch dimension. All box names are correct. I just want the wild Celebi code, I'm not interested in Shiny, and I don't know if this was the coin case adaption of the wild and shiny encounter or just the wild encounter.

Spamviech made an error with the adaption. The code has two portions, the entry point and the OAM DMA loop. Fixing the stack on the OAM DMA loop causes the stack pointer to go in the wrong position, causing a game crash.

I might be able to make a fix soon, but the amount of SMC may cause conflict

The entry point and the stack repair combined is 7 boxes. Box 7 is the only box I can use for SMC, which is required to load the species index into $d0ed

Sorry, TM 25 only.


Spamviech made a fix :)
« Last Edit: October 29, 2017, 07:57:09 am by Couldntthinkofaname »
grouchy

spamviech

  • Member+
  • *
  • Offline Offline
  • Gender: Male
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #203 on: October 29, 2017, 07:41:34 am »
Spamviech made an error with the adaption. The code has two portions, the entry point and the OAM DMA loop. Fixing the stack on the OAM DMA loop causes the stack pointer to go in the wrong position, causing a game crash.

I might be able to make a fix soon, but the amount of SMC may cause conflict.

Yea, noticed that myself. Didn't look too closely when I wrote this.
Also, this is a code for a shiny encounter.

For just encounter manipulation with Coin Case use this Code (this time even tested  :-[):
Code: [Select]
Box 1: Ap'v8é'm25
Box 2: péZ(mult)0(male).9
Box 3: 'v'vé52p0'm
Box 4: éJ9p0(female)'l'l
Box 5: éK9p02'l'l
Box 6: éL9p'd555
Box 7: p0?yyéé'd
Box 8: p'dyyyyyy
You still need to replace ? in Box7-name with your preferred species. For Celebi this would be 5.

Edit:
Here for the shiny encounter. Also this time tested  :-[.
Code: [Select]
Box 1:  Ap'v8é'm25
Box 2:  péZ(mult)0(male).9
Box 3:  'v'vé52p0'm
Box 4:  éJ9p0(female)'l'l
Box 5:  éK9p02'l'l
Box 6:  éL9p'd555
Box 7:  p0?yyéé'd
Box 8:  p0éé(female)'dyy
Box 9:  p0ké0'dp'd

Still don't know how this OAM DMA loop thingy works, but at least this code does.
« Last Edit: October 29, 2017, 07:56:08 am by spamviech »

Nostalgia

  • GCLF Member
  • *
  • Offline Offline
  • Gender: Male
  • ?
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #204 on: October 29, 2017, 07:50:22 am »
Okay it worked but I got wild Kingdra in the grass outside Cherrygrove instead of Celebi hahahaha.

spamviech

  • Member+
  • *
  • Offline Offline
  • Gender: Male
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #205 on: October 29, 2017, 07:51:40 am »
You still need to replace ? in Box7-name with your preferred species. For Celebi this would be 5.
« Last Edit: October 29, 2017, 07:52:41 am by spamviech »

Nostalgia

  • GCLF Member
  • *
  • Offline Offline
  • Gender: Male
  • ?
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #206 on: October 29, 2017, 07:56:30 am »
07 gave me a wild egg battle.

spamviech

  • Member+
  • *
  • Offline Offline
  • Gender: Male
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #207 on: October 29, 2017, 08:05:46 am »
You`re too quick. Wait for me to edit my stupidity.  >:(
5 is for Celebi.  :-[
« Last Edit: October 29, 2017, 08:06:02 am by spamviech »

Nostalgia

  • GCLF Member
  • *
  • Offline Offline
  • Gender: Male
  • ?
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #208 on: October 29, 2017, 08:12:35 am »



So it worked, many thanks. Also wanted to take pictures to show that this is the best method to obtain Celebi now, no need for eggs or a changing another Pokemon into Celebi. This method is quicker, registers in Pokedex and Celebi comes with its start moves. :)

I have almost finished the game now, 16 Badges and 209 Pokedex, but I want to complete the Pokedex before I beat Red and I've obtained every single in-game Pokemon except Entei and Raikou now, so all I need now is them, the R/B/Y and Silver exclusives which I can get from box names.

Edit: very strange, but performing this glitch made the Mystery gift option appear at the title screen when I never spoke to the girl in Goldenrod dept store. It also changed my text speed to medium, when I had it on fast before. o.o
« Last Edit: October 29, 2017, 08:18:13 am by Nostalgia »

spamviech

  • Member+
  • *
  • Offline Offline
  • Gender: Male
    • View Profile
Re: Arbitrary code execution in Gold/Silver UE using the Coin Case
« Reply #209 on: October 29, 2017, 08:19:06 am »
Congratulations.  ;D

I cheated a bit with Happiness evolutions (they are a pain in Gen2; did that enough as a kid) and with Evolution Stones, but aside from that had a blast with glitchless gameplay.

Glitched stuff is great as well, but that's for another copy.  8)