ItemDex/Y:089: Difference between revisions
→Method 2
>Torchickens (Created page with "(↑ Back to the ItemDex index.) {{ItemInfoGenI |1=4F<br>File:Y item 59 inventory.png |2=59 |3=089 |4=FA64 |5=No |6=No |7=0 |8=N/A}} File:4F glitch item nam...") |
|||
| (10 intermediate revisions by 4 users not shown) | |||
Line 10:
|8=N/A}}
[[File:4F glitch item name.png|link=]] (hex:59) is a [[glitch item]] in {{Yellow}}. Its name is taken from lists of lift destinations.
This glitch item when used, will execute FA64 in Echo RAM. As FA64 both is in the middle of Pokémon Day Care data and can fall through to FA7F (stored Pokémon), it is ideal for [[arbitrary code execution]].
However it may be preferable to use [[ItemDex/Y:099|ws m (hex:63)]] if on a console/emulator that doesn't properly support Echo RAM.
==Bootstrapping==
{{YouTube|AxNliiLzA0Q|ChickasaurusGL}}▼
Although the possibility of 4F arbitrary code execution is previously known, the credit for convenient bootstrapping setups (method 1 and non-English Yellow) goes to Krys3000, who posted them in [https://forums.glitchcity.info/index.php?topic=8056.0 this thread].
===English games===
====Method 1====
Deposit and withdraw (or not) at the Day Care a Nidorina ('''that should not be evolved from a Nidoran♀'''), with Bite, Fury Swipes, Double Kick and Growl (the first two moves are placeholders and can be replaced with some other moves, but not just any move). Then, store in the active PC Box:
# Any lvl25 Pokémon with currently 24 HP, 33 PP currently for the first AND second move, 19 PP currently for the third move (3 PP Up used) and no fourth move or no PP currently on it
# Clefairy, Male Nidoran or Spearow (among many possibilities) with 233 HP
Using 4F will then [[Generation I item codes|execute code from the third item]].
<code><!-- TODO: Check that the translation is correct. -->
WRA1:DA64 <- 03 || inc bc<br />
WRA1:DA65 <- 78 || ld a,b<br />
WRA1:DA66 <- 2C || inc l<br />
WRA1:DA67 <- 9A || sbc d <br />
WRA1:DA68 <- 18 2D || jr DA97<br />
WRA1:DA97 <- 18 19 || jr DAB2<br />
WRA1:DAB2 <- 21 21 D3 || ld hl,D321<br />
WRA1:DAB5 <- 00 || nop<br />
WRA1:DAB6 <- 04 || inc b<br />
WRA1:DAB7 <- 00 || nop<br />
WRA1:DAB8 <- E9 || jp hl
</code>
The reason the Nidorina should not be evolved from a Nidoran♀ is that the bootstrapping code goes through the "catch rate" byte in the Pokémon's data, which is set when a Pokémon is caught, but not updated when it evolves. Therefore a Nidorina caught as a Nidoran♀ will have 0xEB (235) instead of 0x78 (120), which is an [[invalid opcode]] and may freeze the game (depending on the platform).
====Method 2====
This method requires no PC Pokémon in the current box at all and the only requirement is a specific Day Care Pokémon. It abuses a Trainer ID of 49953 (C321) and Yellow MissingNo.'s experience 15987516 when raised to Level 112 (F3 F3 3C) using a Rare Candy. When taken into Day Care, there will be bytes closely after FA64 which represent the Trainer ID, and then the experience in succession: C3 21 F3 (F3 3C); which corresponds with jp F321 (Echo RAM for D321 of item 3), where the bracketed F3 3C do not matter.
#Set up [[expanded item pack]] (e.g. with InfoManiac's [https://www.youtube.com/watch?v=EBcGPsPLZ-8 no walk through walls out of bounds Glitch City route with a PC full of 50 stacks of Antidote x1] and [[Glitch City RAM manipulation (Cut abuse)|cutting the D539 tree]] (gives the player 109 PC items), or a slight modification if the exact route won't function due to different RAM - a stack of x255 can be withdrawn from the expanded PC items using one of the x0 (x256) stacks to set up [[dry underflow glitch]] in the main inventory).
#Manipulate the player's Trainer ID to 49953 (C321) by changing item 30's quantity to 195 and placing a Thunderstone in item 31 (any quantity).
#Obtain a [[MissingNo.]] (non-fossil and non-ghost known for freezing on the opponent's side in battle). It must have been caught by the player for the 49953 Trainer ID, i.e. not a traded one etc.
#If it is over Level 112, finish a battle with it to reduce it to Level 1. Use Rare Candies to raise it to Level 51.
#Stand just outside of a Pokémon Center, and then manipulate an instant Glitch City with a tree in it (corresponding to tileblock 0x33 and MissingNo.'s level) just below Red, by changing item 33's quantity to 85 and placing a TM09 in item 34 (55D1) (item 34's quantity represents the player's y-coordinate and may not matter but use x1 to be safe to avoid an out of bounds boundary freeze).
#Cut the tree to change MissingNo.'s Level to 108 without changing its stats.
#Use four more Rare Candies to raise to Level 112.
#Bring the MissingNo. in to the Day Care but don't bring it out.
#4F is ready bootstrapped to inventory item 3. The items need to be farmed with a glitch such as [[Celadon looping map trick]] as usual.
Note that after depositing the Yellow MissingNo., its experience will increase every step and after 3268 steps its most significant experience byte is incremented. This converts its experience to 5242880 (0x500000) and destroys the setup. Therefore, the player should take the MissingNo. out of the Day Care to prevent the stored experience values from changing/set DA47 to 0x00.
This method was documented by [[User:Evie (Torchickens)]] (also known as ChickasaurusGL). Thanks TimoVM for the note regarding the experience changing after every step.
===In other European versions===
Deposit and withdraw (or not) a lvl80 Pokémon with currently 24 HP in the Day Care. The, store in the active PC Box:
# Any Pokémon with 33 PP currently for the first move, 38 PP currently for the second move, 19 PP currently for the third move (3 PP Up used) and no fourth move or no PP currently on it
# Clefairy, Male Nidoran or Spearow (among many possibilities) with 233 HP
Using 4F will then [[Generation I item codes|execute code from the third item]].
<code><!-- TODO: Check that the translation is correct. -->
WRA1:DA64 <- 00 || nop<br />
WRA1:DA65 <- 18 50 || jr DAB7<br />
WRA1:DAB7 <- 21 26 D3 || ld hl,D326<br />
WRA1:DABA <- 00 || nop<br />
WRA1:DABB <- 04 || inc b<br />
WRA1:DABC <- 00 || nop<br />
WRA1:DABD <- E9 || jp hl
</code>
{{clr}}
| |||
