ItemDex/Y:089

From Glitch City Wiki
< ItemDex
Revision as of 17:57, 22 March 2019 by >Bbbbbbbbba (→‎European Non-English games: Changed the section name for the purpose of linking.)

(↑ Back to the ItemDex index.)

Name (transcribed): 4F

Identifier (HEX): 59
Identifier (DEC): 089
Effect pointer: FA64
Unterminated name glitch item?: No
Tossable/Sellable?: No
Buy Price: 0
Sell Price: N/A
Name bytes: {{{9}}}

(hex:59) is a glitch item in Pokémon Yellow. Its name is taken from lists of lift destinations.

This glitch item when used, will execute FA64 in Echo RAM. As FA64 both is in the middle of Pokémon Day Care data and can fall through to FA7F (stored Pokémon), it is ideal for arbitrary code execution.

However it may be preferable to use ws m (hex:63) if on a console/emulator that doesn't properly support Echo RAM.

Bootstrapping

Although the possibility of 4F arbitrary code execution is previously known, the credit for convenient bootstrapping setups goes to Krys3000, who posted them in this thread for both English and non-English Yellow games.

English games

Deposit and withdraw (or not) at the Day Care a Nidorina (that should not be evolved from a Nidoran♀), with Bite, Fury Swipes, Double Kick and Growl (the first two moves are placeholders and can be replaced with some other moves, but not just any move). Then, store in the active PC Box:

  1. Any lvl25 Pokémon with currently 24 HP, 33 PP currently for the first AND second move, 19 PP currently for the third move (3 PP Up used) and no fourth move or no PP currently on it
  2. Clefairy, Male Nidoran or Spearow (among many possibilities) with 233 HP

Using 4F will then execute code from the third item.

WRA1:DA64 <- 03 || inc bc
WRA1:DA65 <- 78 || ld a,b
WRA1:DA66 <- 2C || inc l
WRA1:DA67 <- 9A || sbc d
WRA1:DA68 <- 18 2D || jr DA97
WRA1:DA97 <- 18 19 || jr DAB2
WRA1:DAB2 <- 21 21 D3 || ld hl,D321
WRA1:DAB5 <- 00 || nop
WRA1:DAB6 <- 04 || inc b
WRA1:DAB7 <- 00 || nop
WRA1:DAB8 <- E9 || jp hl

The reason the Nidorina should not be evolved from a Nidoran♀ is that the bootstrapping code goes through the "catch rate" byte in the Pokémon's data, which is set when a Pokémon is caught, but not updated when it evolves. Therefore a Nidorina caught as a Nidoran♀ will have 0xEB (235) instead of 0x78 (120), which is an invalid opcode and may freeze the game (depending on the platform).

YouTube video by ChickasaurusGL


In other European versions

Deposit and withdraw (or not) a lvl80 Pokémon with currently 24 HP in the Day Care. The, store in the active PC Box:

  1. Any Pokémon with 33 PP currently for the first move, 38 PP currently for the second move, 19 PP currently for the third move (3 PP Up used) and no fourth move or no PP currently on it
  2. Clefairy, Male Nidoran or Spearow (among many possibilities) with 233 HP

Using 4F will then execute code from the third item.

WRA1:DA64 <- 00 || nop
WRA1:DA65 <- 18 50 || jr DAB7
WRA1:DAB7 <- 21 26 D3 || ld hl,D326
WRA1:DABA <- 00 || nop
WRA1:DABB <- 04 || inc b
WRA1:DABC <- 00 || nop
WRA1:DABD <- E9 || jp hl


This article or section is a stub. You can help Glitch City Wiki by expanding it.  
Retrieved from "https://glitchcity.wiki/wiki/ItemDex/Y:089?oldid=26379"