Jump to content

Arbitrary code execution: Difference between revisions

Arbitrary code execution (view source)

Revision as of 11:58, 8 February 2018

5,944 bytes added ,  6 years ago
no edit summary
VisualWikitext
>Torchickens
No edit summary
>Krys3000
No edit summary
Line 23:
 
====Using 8F (English Red/Blue)====
The 8F item is named 7eme etage / P7 / S7 in respectively French, Italian/Spanish and German localizations. It still executes code the same way, but the setup will be different (see below).
The 8F item doesn't run arbitrary code in at least the French versions.
 
The player's party Pokémon must be in a certain order and have certain stats :
Line 98:
 
====Using 7eme etage / P7 / S7 (French & Italian / Spanish / German Red/Blue)====
These items are the same item than the 8F of English versions (the difference in numbers is because in these countries, "first floor" refers to what is called second floor in english). Therefore, it executes code in the same way.
These items (which will be referred to as "7F" for this part) run code like 8F in English versions.
 
In these versions, 8F has the much less useful effect of returning to the overworld script even in-battle. This can be used when the Pokémon FF terminator is removed and the player is warped into a Glitch City every four steps, as this will return the player where they were.
 
The bootstrap code for 7eme etage, P7 or S7 must be slightly changed from the English version: no matter the setup, the player should replace the Onix with a Graveler.
 
When selecting Use on 7F7eme etage, P7 or S7, the game will run code depending on the item pack (starting from item #3).
 
The bootstrap code translates to the following ASM :
Line 138 ⟶ 136:
</code>
 
To make "7F"7eme etage, P7 or S7 run code starting with item 1, replace the Graveler with a Fearow.
 
====Using "ws m" (English and European-non english Yellow)====
The Pokémon in the '''current''' PC box must be in a certain order for the instruction pointer to be redirected to the item pack. In '''english games''', have:
 
# 11 Pokémon in your '''current''' PC box
Line 155 ⟶ 153:
# Finally, Seel's HP must be 233
 
Much like 8F games, the contents of the item pack (starting from item 3) will be read as ASM code. Optionally, Seel can be replaced by Butterfree or Mr. Mime.
 
The bootstrap code translates to the following ASM :
Line 171 ⟶ 169:
$DA97 <- E9 || jp (hl) ; pc = D321<br/>
<br/>
</code>
 
In '''european non-English games''', the item is the same, but the setup is different.
 
# 10 Pokémon in your '''current''' PC box
# Tangela as the 1st Pokémon in the current PC box
# Nidoking as the 2nd Pokémon in the current PC box
# Metapod as the 3rd Pokémon in the current PC box
# Spectrum as the 4th Pokémon in the current PC box
# Flareon as the 5th Pokémon in the current PC box
# Parasect as the 6th Pokémon in the current PC box
# Kadabra as the 7th Pokémon in the current PC box
# Tentacool as the 8th Pokémon in the current PC box
# Tadmorv as the 9th Pokémon in the current PC box
# Any Pokémon as 10th Pokémon in the current PC box
# Finally, Tangela's HP must be 233
 
Much like 8F, the contents of the item pack (starting from item 3) will be read as ASM code.
 
====Using 4F (English and European non-english Yellow)====
 
By using item 4F instead of "ws m", we can execute code using Daycare data. Although this possibility was previously known, it was setup by Krys3000 in [http://forums.glitchcity.info/index.php?topic=8056.0 this thread] for both English and non-English Yellow games.
 
In english games, deposit and withdraw (or not) at the Day Care a Nidorina (that should not be evolved from a Female Nidoran), with Bite, Fury Swipes, Double Kick and Growl (the first two moves are placeholders and can be replaced with some other moves, but not just any move). Then, store in the active PC Box:
 
# Any lvl25 Pokémon with currently 24 HP, 33 PP currently for the first AND second move, 19 PP currently for the third move (3 PP Up used) and no fourth move or no PP currently on it
# Clefairy, Male Nidoran or Spearow (among many possibilities) with 233 HP
 
Using 4F will then execute code from the third item, as with other setups.
 
<code>
WRA1:DA64 <- 78 || ld a,b<br />
WRA1:DA65 <- 2C || inc l<br />
WRA1:DA66 <- 9A || sbc d <br />
WRA1:DA67 <- 18 2E || jr DA97<br />
WRA1:DA97 <- 18 19 || jr DAB2<br />
WRA1:DAB2 <- 21 21 D3 || ld hl,D321<br />
WRA1:DAB5 <- 00 || nop<br />
WRA1:DAB6 <- 04 || inc b<br />
WRA1:DAB7 <- 00 || nop<br />
WRA1:DAB8 <- E9 || jp hl
</code>
 
{{youtube|AxNliiLzA0Q|ChickasaurusGL}}
 
The setup is somewhat easier in non-english games. Deposit and withdraw (or not) a lvl80 Pokémon with currently 24 HP in the Day Care. The, store in the active PC Box:
 
# Any Pokémon with 33 PP currently for the first move, 38 PP currently for the second move, 19 PP currently for the third move (3 PP Up used) and no fourth move or no PP currently on it
# Clefairy, Male Nidoran or Spearow (among many possibilities) with 233 HP
 
Using 4F will then execute code from the third item, as with other setups.
 
<code>
WRA1:DA64 <- 00 || nop<br />
WRA1:DA65 <- 18 50 || jr DAB7<br />
WRA1:DAB7 <- 21 26 D3 || ld hl,D326<br />
WRA1:DABA <- 00 || nop<br />
WRA1:DABB <- 04 || inc b<br />
WRA1:DABC <- 00 || nop<br />
WRA1:DABD <- E9 || jp hl
</code>
 
Line 267 ⟶ 325:
By using the [[Pikachu off-screen glitch]] in the Vermilion City Fan Club and making specific movements to force the non-existing sign 04 to appear at coordinates x=1, y=1, it is possible for the player to read the signpost and execute arbitrary code beginning from D221; the catch rate/held item of party Pokémon 5.
 
Once you have prepared one of the correctsetups EVsbelow, put your Pokémon in the 5th position of the party, prepare your items from item 1, get the Clefairy event in the Vermilion Fan Club, then do the following steps:
Outside of speedrunning, a Graveler with 08 c2 (2242) HP stat experience and 1d d3 (7635) Attack stat experience may be used as an applicable Pokémon 5, preferably a Graveler from Victory Road.
 
1) Go to the bottom-left walkable tile (putting Pikachu off the screen), then walk up to the top and down to the bottom of the left-most column 11 times, but for the 11th time step one tile short on the final way back down.
If you are using level 44 Graveler, make note that since you can't really predict its total exp. you may not be able to get your result dictated by items. However, saving before the last few Krabby to get different levels or keeping Rare Candies, saving before talking to the text box and using one if it didn't work last time may fix this.
 
2) Step right, step left, then walk up to the top and down to the bottom of the left-most column 10 times.
To get these specific EVs, your Pokémon needs to have encountered the following Pokémon (and no more):
 
3) Step right, then go the top-left tile you can walk to, face right and press A.
71 Krabby, 1 Farfetch'd, 1 Dugtrio, and 1 Magnemite.
 
=====Luckless setups=====
(Thanks FMK for working out what Pokémon to battle).
 
5 different setups to use for this trick have been made by Krys3000 and Torchickens/ChickasaurusGL [http://forums.glitchcity.info/index.php?topic=8063.0 in this thread]. They all execute code from item 3 in the pack, similarly to ws m or 4F setups.
====Steps====
Once you have the correct EVs, put your Pokémon in the 5th position of the party, prepare your items from item 1, get the Clefairy event in the Vermilion Fan Club, then do the following steps:
 
# The 4 moves setup involves as 5th Pokémon in the party a Nidorina or Nidorino. It has to have been traded to G/S/C, hold a Moon Stone there and then be traded back to Yellow. This Pokémon must have 2 'placeholder moves' (typically Bite and Fury Swipes, since it learns both) followed by Double Kick (also learned) and Bubblebeam (TM11). Also, the 6th Pokémon can be anything but requires currently 3 PP on its first move (with 3 PP Up used), 33 PP on the second move, and 19 PP for the third move (with 3 PP Up used also).
1) Go to the bottom-left walkable tile (putting Pikachu off the screen), then walk up to the top and down to the bottom of the left-most column 11 times, but for the 11th time step one tile short on the final way back down.
# The 2 moves + HP/Box Level setup involves as 5th Pokémon a Nidorina or Nidorino. It has to have been traded to G/S/C, hold a Moon Stone there and then be traded back to Yellow. This Pokémon must have Double Kick (learned) as first move and Take Down (TM09) as second. Also, the 6th Pokémon can be anything but must have 24 HP currently and also have been lvl24 last time it was stored in the PC. This Pokémon requires currently 3 PP on its first move (with 3 PP Up used), 33 PP on the second move, and 19 PP for the third move (with 3 PP Up used also).
# The 4 moves + Glitch Pokémon setup involves as 5th Pokémon the glitch Pokémon PKMN pゥぁ ゥぇ, that can be obtained via several glitches, Equivalent Trade or Time Capsule Exploit. This Pokémon must have Ice Punch, DoubleSlap, Double Kick and BubbleBeam (all can be learned except Bubblebeam which is TM11). Also, the 6th Pokémon can be anything but requires currently 3 PP on its first move (with 3 PP Up used), 33 PP on the second move, and 19 PP for the third move (with 3 PP Up used also).
# The Untrained Hitmonchan setup is the only tradeless/glitchless setup. 5th Pokémon would be Hitmonchan and this Pokémon must never have been trained, but must know Strength (HM), Agility, Fire Punch and Ice Punch (it requires rising it to lvl 38 with Rare Candies). This Pokémon must also have 00 PP currently at Strength, 24 at Agility, 14 at Fire Punch (Ice Punch doesn't matter). Also, 6th Pokémon can be anything but must be lvl25, requires currently 24 HP, 3 PP on its first move (with 3 PP Up used), 33 PP on the second move, and 19 PP for the third move (with 3 PP Up used also). The code can be broken at any time by Hitmonchan's IV. The best way is to reset the pick of Hitmonchan to make sure that yours work. For this setup to work, you must also check that when converted into hexadecimal, Hitmonchan's trainer ID won't trigger invalid opcodes or many-bytes opcodes
# The underflow-based setup is described [http://forums.glitchcity.info/index.php?topic=8063.msg206641#msg206641 here].
 
A video of the Hitmonchan setup has been made by ChickasarusGL
2) Step right, step left, then walk up to the top and down to the bottom of the left-most column 10 times.
{{youtube|bewkwWKf7qU|ChickasaurusGL}}
 
=====Luck-based setup=====
3) Step right, then go the top-left tile you can walk to, face right and press A.
 
Outside of speedrunning, aA Graveler with 08 c2 (2242) HP stat experience and 1d d3 (7635) Attack stat experience may be used as an applicable Pokémon 5, preferably a Graveler from Victory Road.
 
If you are using level 44 Graveler, make note that since you can't really predict its total exp. you may not be able to get your result dictated by items. However, saving before the last few Krabby to get different levels or keeping Rare Candies, saving before talking to the text box and using one if it didn't work last time may fix this.
 
To get these specific EVs, your Pokémon needs to have encountered the following Pokémon (and no more):
 
71 Krabby, 1 Farfetch'd, 1 Dugtrio, and 1 Magnemite.
 
(Thanks FMK for working out what Pokémon to battle).
 
=====Example codes (all from item 1)=====
Anonymous user
Retrieved from "https://glitchcity.wiki/wiki/Special:MobileDiff/10928"
Cookies help us deliver our services. By using our services, you agree to our use of cookies.
More information