Main Menu
Main Page
Forums
Recent changes
Random page
Help

Databases
GlitchDex
AttackDex
ItemDex
StatDex
TrainerDex
TypeDex
UnownDex
More

Major Glitches
Trainer escape glitch
Old man trick
Celebi Egg trick
Select glitches (Japan)
SRAM glitch
CoolTrainer♀ corruption
LOL glitch
Rival LOL glitch
Super Glitch
ZZAZZ glitch
Pomeg data corruption glitch (Glitzer Popping)
Tweaking
Elite Four door glitch (Japan)
Pokémon merge glitch
Pokémon cloning
Time Capsule exploit
Arbitrary code execution
Coin Case glitches
More

Other Glitch Categories
Glitches by generation
Glitches between two generations
Japan-only/language specific glitches
Music glitches
Natural glitches
Non-core series glitches
Non-Pokémon glitches
Officially acknowledged glitches
Recurring glitches
Dead glitches

References
Pokémon GameShark codes
The Big HEX List
Glitch Pokémon cries
GB programming
Curiosities
Debugging features
Easter eggs
Error traps
Glitch areas
Glitch myths
Non-glitch exploits
Placeholder texts
Pokémon glitch terminology
Unused content and prerelease information

Useful Tools
8F Helper
GBz80 to Items
Old man trick name generator
PATH (Prama's Advanced Tweaking Heaven)
Save file editors
Special stat/Pokémon converter
Trainer escape Trainer Pokémon finder

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Technical
Site Source Code

Search Wiki

 

Search Forums

 

Author Topic: The newcomer and experienced user's guide to G/S/C Arbitrary Code Execution!  (Read 887 times)

0 Members and 1 Guest are viewing this topic.

Epsilon

  • Zeta
  • Member+
  • *
  • Offline Offline
  • The default personal text makes no sense
    • View Profile
Re: The newcomer and experienced user's guide to G/S Arbitrary Code Execution!
« Reply #15 on: November 05, 2017, 12:43:19 pm »
Regarding the OAM DMA Hijacking, I'm unsure whether we can replace 2'd with péZ×.9'l'l'l'lx'd or péZ×.9'l'l'l'l2'd.

Use the forward code. The latter code is an ld command, which doesn't affect the carry flag. In order for Ret NC to return, the carry flag must not be set.

Also, the ld command would swallow the 'd by using it as an operand.
« Last Edit: November 05, 2017, 12:48:09 pm by Couldntthinkofaname »
"What's a stack? Can you eat that?"

"Sure, just POP it into your mouth!" (someoneplskillme)

Clash Royale profile: #LYQC9LLV. Join our clan because we're lonely.

Does anybody really know what time it is?

Does anybody really care?
- Chicago

Krys3000

  • The frenchie
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - Main french Pokémon glitch website
Re: The newcomer and experienced user's guide to G/S Arbitrary Code Execution!
« Reply #16 on: November 06, 2017, 08:38:44 am »
Alright, all codes (except the first one obviously) are available for both techniques now, and I've added links to some threads. I'm going to start writing a quick and basic introduction to opcodes.

Of course, I should be writing a french adaptation to box codes for PRAMA, but the absence of ret nc and sub x instructions in french characters is very annoying because to use ret c or sbc x, the code itself must be modified a bit  :(

Admin of the PRAMA Initiative, the main french Pokémon glitch website
http://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov

Princess Torchic ❤

  • Administrator
  • *****
  • Offline Offline
  • Gender: Female
  • ⛄🦋
    • View Profile
Re: The newcomer and experienced user's guide to G/S Arbitrary Code Execution!
« Reply #17 on: November 06, 2017, 10:15:18 am »
Awesome. Thank you! ^_^

Yeah I relate to that, self-modifying codes can be a pain sometimes.
Hi! I identify as female.  She/her pronouns, please.

Online I most often use the username Torchickens or Chickasaurus.

Ah.. koucha ga oishii ♪





Thank you Aeriixion for the cute sprite above! :) Roelof also made different variations of the sprite (which I animated).

Contact:
If you like, please contact me by private message here on the forums as I no longer check other places very often.

YouTube: http://www.youtube.com/user/ChickasaurusGL

I like to collect interesting video games. ^_^
https://www.vgcollect.com/Torchickens

Give love, receive love, repeat. But in order to love others you must first love yourself unconditionally, even if it means abandoning pressure from projects or taking time off work and empathise with the self as you are your own best friend. The key often is simply to follow your heart, your urges and have faith they are valid; use them to do what you want to do as long as it doesn't harm anyone, and/or sympathise and respect it as we all have bad days (even the prettiest rose has thorns but is still beautiful).

Krys3000

  • The frenchie
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - Main french Pokémon glitch website
Re: The newcomer and experienced user's guide to G/S Arbitrary Code Execution!
« Reply #18 on: November 07, 2017, 07:10:27 am »
I've added a quick introduction to opcodes. Don't hesitate to review it! :)

Admin of the PRAMA Initiative, the main french Pokémon glitch website
http://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov

spamviech

  • Member+
  • *
  • Offline Offline
  • Gender: Male
    • View Profile
Re: The newcomer and experienced user's guide to G/S Arbitrary Code Execution!
« Reply #19 on: November 07, 2017, 07:45:42 am »
You should probably add the guide to GB Programming. Helped me a ton when I started messing around with 8F codes.

Also, the first avialable character for box names is space which is 0x7f. The corresponding instruction (ld a,a) can only be used as save passing code, but can be useful to reach certain numbers (e.g. using and).
Nothing major, but still a slight error. ;)

Epsilon

  • Zeta
  • Member+
  • *
  • Offline Offline
  • The default personal text makes no sense
    • View Profile
Re: The newcomer and experienced user's guide to G/S Arbitrary Code Execution!
« Reply #20 on: November 07, 2017, 07:48:14 am »
I've added a quick introduction to opcodes. Don't hesitate to review it! :)

You may want to add that "ret" does not necessarily mean the code has ended. "Ret" pops the top of the stack to the pc (Program Counter).

So...

Ld bc,d61a
Push bc
Ret

...is effectively executed as...

Jp d61a
"What's a stack? Can you eat that?"

"Sure, just POP it into your mouth!" (someoneplskillme)

Clash Royale profile: #LYQC9LLV. Join our clan because we're lonely.

Does anybody really know what time it is?

Does anybody really care?
- Chicago

Krys3000

  • The frenchie
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - Main french Pokémon glitch website
Re: The newcomer and experienced user's guide to G/S Arbitrary Code Execution!
« Reply #21 on: November 07, 2017, 08:11:05 am »
Haha yeah, in fact I said that 'I'll put some ressources about opcodes later in the guide' but then totally forgot to do it  ;D

I've added a few links including this one, and also the space and ret suggestions :) Thanks to both of you!



Admin of the PRAMA Initiative, the main french Pokémon glitch website
http://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov

Krys3000

  • The frenchie
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - Main french Pokémon glitch website
This guide has now been MASSIVELY UPDATED to add Crystal ACE (unifying it with this guide).

Please use this now as the 'official thread' for all games. I'm editing the other thread to redirect to this.

Admin of the PRAMA Initiative, the main french Pokémon glitch website
http://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov

Inkblot

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
I am a little confused. In crystal, do you need to do the mystery egg setup AND do the item code listed in order to execute code with TM15, or can you do one or the other in order to get TM15 in the wrong pocket? I am confused as i think it said in the original guide that all you would need to do is use bad clone ACE to execute the item code, and that would get you TM15 in the wrong pocket. However it looks like it says here that you need to do both in order for it to work.

Also, I have a question regarding filling your Key Items pocket. If i fill it up with mystery eggs, Will that cause any issues if i try and get another key item? Like will I have to find a way to remove all the mystery eggs in order to get other key items i'd like. And if so, How would I do it.

Also, It looks like without the use of another game to trade items, It will take at least till beating jasmine in order to set everything up, as tm 23 is needed to use the get any item/get any amount of any item codes. However, once you have that, you can using the cloning glitch to get enough of those tms to perform the glitch (as well as get a ton of rare candies to teach quagsire the moves it needs). after that is done, you should be able to get the rest of the items you need through those glitches (if you have tm 50, you can use it to get any of the other tms by lowering its item value), and then set up TM15 in the wrong balls pocket!  So that means its possible to do ACE in crystal around 1 3rd though the game, which is really cool and will make a lot of the post game really interesting!

Krys3000

  • The frenchie
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - Main french Pokémon glitch website
Quote
I am a little confused. In crystal, do you need to do the mystery egg setup AND do the item code listed in order to execute code with TM15, or can you do one or the other in order to get TM15 in the wrong pocket? I am confused as i think it said in the original guide that all you would need to do is use bad clone ACE to execute the item code, and that would get you TM15 in the wrong pocket. However it looks like it says here that you need to do both in order for it to work.

No, you indeed need to do both, but the order is not important. However it is most certainly possible to create an item, box or mail code that does both at the same time... don't hesitate to work on it if you have some time!

Quote
Also, I have a question regarding filling your Key Items pocket. If i fill it up with mystery eggs, Will that cause any issues if i try and get another key item? Like will I have to find a way to remove all the mystery eggs in order to get other key items i'd like. And if so, How would I do it.

You could just store the extra eggs in the PC  :P

Quote
Also, It looks like without the use of another game to trade items, It will take at least till beating jasmine in order to set everything up, as tm 23 is needed to use the get any item/get any amount of any item codes. However, once you have that, you can using the cloning glitch to get enough of those tms to perform the glitch (as well as get a ton of rare candies to teach quagsire the moves it needs). after that is done, you should be able to get the rest of the items you need through those glitches (if you have tm 50, you can use it to get any of the other tms by lowering its item value), and then set up TM15 in the wrong balls pocket!  So that means its possible to do ACE in crystal around 1 3rd though the game, which is really cool and will make a lot of the post game really interesting!

You're right. However, you can do a lot better than that. You could get TM23 using the Bad Clone Trick (which allows to get any item) using the move SLEEP TALK. If you don't want to, you could do a box/mail code that gives you TM23 instead. In theory, as soon as you have access to the Day Care, you should be able to do everything already.

Admin of the PRAMA Initiative, the main french Pokémon glitch website
http://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov

Inkblot

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile

You could just store the extra eggs in the PC  :P


they are key items through right? can you store those? Also if they are key items, doesn't that mean you can't toss them? I wouldn't mind putting them in the pc, but I'd want to be able to get rid of them at some point just so they aren't taking up space i could use for something else.

though now that i think about it, i could use the change item codes to turn them into something that IS toss-able and get rid of them that way. so i guess it isn't such a huge issue if i can't get rid of them normally.

Krys3000

  • The frenchie
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - Main french Pokémon glitch website
You can store them, of course - and you have 50 storing item slots so I wouldn't worry much about space.

But yeah, to get rid of them definitively, you could use the item changing code  :D

Admin of the PRAMA Initiative, the main french Pokémon glitch website
http://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov