ItemDex/RB:106: Difference between revisions

← Older edit

ItemDex/RB:106 (view source)

Revision as of 19:26, 25 December 2022

4,111 bytes added , 1 year ago

m

Update info

VisualWikitext

Anonymous user

glitchcitywiki>Pizdex

Revision as of 19:55, 14 November 2017 (view source) >Torchickens No edit summary ← Older edit		Latest revision as of 19:26, 25 December 2022 (view source) glitchcitywiki>Pizdex m (Update info)
(13 intermediate revisions by 3 users not shown)
Line 4: \|2=6A \|3=106 \|4=01:da47 (WRAM1) ~~\|4=DA47~~ \|5=No \|6=No \|7=918480 \|8=~~N/A}}~~459240 \|9=$09, $e3, $a6, $13, $19, $ac, $10, $50}} [[File:RBItem6A.png\|link=]] (hex:6A), or '''-gm''' for short, is a [[glitch item]] in {{RB}}. Its name is taken from the untranslated string "ゴールドバッヂ" (GoldBadge) from the Japanese versions, resulting in [[mojibake]] in English versions. ゴールドバッヂ is also the name of the hex:6A glitch item in Japanese versions. This glitch item's effect pointer is DA47 in WRAM, which stores the number of Safari Balls remaining, followed by the Day Care data and stored Pokémon data, similar to Japanese Red/Green/Blue's [[ItemDexJP/RGB:103\|なかよしバッヂ]]. However, it is slightly harder to use for [[arbitrary code execution]] than its Japanese counterpart, because in the English version, none of the characters available for Pokémon nicknames corresponds to a useful jump instruction. Using this glitch item will cause [[arbitrary code execution]] at DA47. This is ideal for arbitrary code execution from Day Care data, Safari Zone data and stored Pokémon data, where a payload can be prepared to the inventory or elsewhere. Regardless, using the Day Care data for bootstrapping can result in a quicker and less obtrusive setup than other ACE items like [[ItemDex/RB:093\|8F]] (whose bootstrapping setup takes up space in the party). A setup, designed by luckytyphlosion, gets around the character set problem by nicknaming the Day Care Pokémon with a glitch character (corresponding to a jump instruction) ''after'' the 0x50 terminator, which is achieved through manipulation of a text buffer.<ref>[https://pastebin.com/e3MRpspZ -gm ACE setup (Pokémon Red/Blue EN, FR, ES, HR, IT)] by luckytyphlosion</ref> ==Bootstrapping== Bootstrapping for -gm can work from the Day Care status (1 means a Pokémon is in the Day Care) and the Day Care Pokémon nickname, which are stored immediately after the Safari Ball count. In the setups below, the Safari Ball count is assumed to be 0, which can be achieved by running out of steps, balls or using an Escape Rope/Dig in the Safari Zone. '''The Safari Ball count is not reset when leaving early''', so to be safe, the player should make sure to do one of the above before attempting to use -gm with these setups. ===General procedure=== The player needs to have another glitch item ("Item2") for text buffer manipulation. For the English versions, this can be [[ItemDex/RB:157\|#Q r# 4ァ h ェエ##]]. 1. Go to the Game Corner with enough coins to buy an Abra (180 coins in Red, 120 coins in Blue). 2. Open the item menu, and press A on Item2 to bring up the Use/Toss options. Press B to cancel. (Don't actually use it.) 3. Immediately close the menu and buy an Abra. * This also works with other in-game events that give the player a Pokémon, including other Game Corner prizes, Eevee, Magikarp, and the Hitmons. The Fossil Pokémon are an exception because the text just before receiving them overwrites the text buffer at CF4B. In general Abra is the most convenient, because it is cheap and infinite. 4. Give Abra a specific nickname for the bootstrap, '''without ever entering a name longer than specified at any point'''. * Entering a name longer than specified will usually irreversibly mess up the setup. For example, if the player enters a 7th character for the nickname, then the 8th character in the buffer at CF4B becomes a 0x50 terminator, overwriting a byte from the name of Item2. Even if the 7th character is then deleted, the 8th character remains 0x50. If this happens, the easiest fix is to retry the setup from the beginning, getting another Abra. 5. Store Abra in the Day Care. If the setup is correct, using -gm thereafter will execute code at the desired jump target. The setup will work for as long as Abra remains in the Day Care. ===Bag Items, hl=D320{{Anchor\|Initial luckytyphlosion bootstrap}}=== Item2: [[ItemDex/RB:157\|#Q r# 4ァ h ェエ##]]. Nickname: MMCA♀ᴘᴋ (ᴘᴋ is the PK symbol) Jump target: D320 (second item in item pack) Note: This setup is slightly unconventional in that it jumps to the second item in item pack instead of the third. However, it does set hl to the jump target, so most stock [[Generation I item codes\|item codes]] should work with minimal to no modification. ASM Translation: ; Initial a = 47, de = 0001 $DA47 <- 00 \|\| nop $DA48 <- 01 8C 8C \|\| ld bc, 8C8C $DA4B <- 82 \|\| add d ; a = 47 $DA4C <- 80 \|\| add b ; a = D3, f = 20 $DA4D <- F5 \|\| push af $DA4E <- E1 \|\| pop hl ; hl = D320 $DA4F <- 50 \|\| ld d, b $DA50 <- E9 \|\| jp hl ; pc = D320 ===Bag Items, hl=D322{{Anchor\|Complete luckytyphlosion bootstrap}}=== After setting up the above bootstrap, an item code can be run to change the jump target to the ''third'' item in item pack. See [[Generation I item codes#Fix -gm bootstrap]] for the detail. ==References== <references /> ~~{{clr}}~~ [[Category:Glitch items]] [[Category:Pokémon Red and Blue glitch items]]