Anonymous user
Pomeg data corruption glitch: Difference between revisions
→Arbitrary code execution
No edit summary |
|||
Line 271:
===Arbitrary code execution===
Pomeg data corruption glitch ultimately allows for [[arbitrary code execution]]
Some methods require favourable DMA, such as:
1. By viewing the summary of Decamark 0x097D with a specific nickname Pokémon from the bottom-right corner of box 3 after saving twice. This trick may not work with certain save files.{{why?}} (See video; below)▼
▲1. By viewing the summary of Decamark 0x097D with a specific nickname Pokémon from the bottom-right corner of box 3 after saving twice. This trick may not work with certain save files; saving repeatedly affects the memory but never lands the correct allocations.{{why?}} (See video; below)
{{Youtube|m9pvNYdhldo|TheZZAZZGlitch}}
Line 282 ⟶ 283:
{{Youtube|1pb-6hMDQBs|TheZZAZZGlitch}}
If a [[nop slide]] is involved (such as from Decamark animations, where the program counter (code execution) lands in an empty space of the box), this can work around the DMA problem.
In Pokémon Ruby and Sapphire, memory shifting does not occur in contexts of the party or Pokémon Storage System. Hence, ChickasaurusGL's ([[User:Evie (Torchickens)|Evie]]'s) glitch move $0F4A method can be used to run a battle command (the battle command code execution exploit in general was previously documented by TheZZAZZGlitch) at 02038208, which will read the same location in the middle of box 14, slot 25 (the right Pokémon can be traded from Pokémon Emerald){{clarify}}, so that they 'translate' to commands such as 1F ED A0 0B 08 00 08 (which will run the unused sound test in English Pokémon Ruby v1.0). The method of activating the glitch move without fail or a freeze currently requires a Pokémon (usually Smeargle) with Assist, Spore and Lock-On.
==Mechanics==
| |||