Dex dump glitch

The Dex dump glitch is a buffer overflow glitch in Generation I which occurs with very long unterminated Pokédex entries, due to the game attempting to print characters for the Pokédex category off the screen. The first character in the Pokédex category corresponds with memory address 0xC3F9 (wTileMap+0x59), but very long Pokédex categories exceed the wTileMap buffer, so corrupt unrelated memory addresses.

Example and requirements

For just the practical steps, see here

• The glitch Pokémon 0xDC, a Pidgeotto hybrid in Pokémon Red and Blue has an arbitrary Pokédex sourced from AA00 in RAM. In order to register the Pokédex entry, Pidgeotto must not be owned.

Usually catching one would freeze the game, or corruption would fail due to one or more of the following reasons:

• • If the player had never interacted with glitch Pokémon sprites or freezes, this data would remain as 0xFF (in bank 0) and the game may never find a terminating 0x50 byte.
  • If SRAM is locked (as might be the case for catching 0xDC within a Pokémon battle without a LOL glitch or Rival LOL glitch where the player views the summary of a party Pokémon in advance), the game may never find the terminating 0x50 byte either.
• Assuming that the characters are single-length and there is no terminating byte up to B372, B372 will be written into CD6B (wJoyIgnore) which if 0xFF will lock up the controls and prevent the player from ever exiting the Pokédex entry.
• Certain corrupted SRAM (from glitch Pokémon sprites, game freezes, Hall of Fame data) might contain a byte that terminates the glitch Pokédex category, causing no corruption (except for unrelated VRAM corruption caused by the glitch Pokémon's sprite).

These fail factors can be passed by:

• Erasing the save file with Up+Select+B
• Using item duplication glitch by performing Brock Through Walls, obtaining Ditto, performing the swapping Transform moves glitch to catch MissingNo. (0x32) in Diglett's Cave with move 0x00 corruption at least twice. (The flipped sprites can be reset by viewing the status of a normal Pokémon for the first +128 duplication of item 6)
• Setting up dry underflow glitch in both the bag and the PC (by depositing a x255 quantity).
• Entering the Hall of Fame with only a Level 80 (0x50 in hex) Pokémon in slot 1 on induction number 37 (this is before the B372 which would corrupt CD6B (wJoyIgnore) with 0xFF), ideally entering the Hall of Fame on induction number 36. This should also be done in an unintended way to avoid terminating bytes earlier in the memory. The player should have never entered the Hall of Fame before, but enter it after altering the quantity of PC item 52 to x36 (D5A2=0x24), tricking the game into writing the 37th entry without overwriting entries 1 through 36.

After setting these preparations, glitch Pokémon 0xDC can be caught with Rival LOL glitch. This glitch has its own requirements, namely (for example) a six letter long rival name, Master Balls, 9F (0x5E) and 4# 8# 4# 8# #H##### (0x9E); these items can be dug up from the expanded item pack and the Celadon looping map trick can be used if the player can't find them. Additionally, the player may want to use the TM52 on Route 1 to teach a Pokémon Fly, and adjust item 29 (wObtainedBadges) to enable flying away (a Pokémon with Teleport, Dig, or the Escape Rope item can also be used; for using Escape Rope to escape from Fuchsia City, change item 37 quantity wCurMapTileset to e.g. 3).

This Dex dump glitch corrupts data before CD6B, including the current position of the cursor menu. The player can go into the Pokémon menu and simulate the expanded party, similar to this map size memory corruption glitch. One example of a use is swapping Pokémon 144 with Pokémon 10, which may give the player a lot of Pokédex entries (but not all of them).

Corruptions up to 0xBFFF (single-length characters, no terminator)

This is for glitch Pokémon 0xDC's corruption in Pokémon Red and Blue. In practice, the game may freeze (such as the previously mentioned corruption of CD6B disabling controls) but with a specifically crafted save file more powerful corruptions may be possible.

YouTube video