Remote code execution
0x1500 control code arbitrary code execution (Crystal) | Cart-swap arbitrary code execution | Generation I custom map script pointer | Generation I invalid meta-map scripts | Generation I item ("8F", "ws m", "-g m", "5かい", "てへ" etc.) | Generation I move ("-", "TM42") | Generation I Trainer escape glitch text boxes | Generation II bad clone | Generation II Burned Tower Silver | Japanese Crystal Pokémon Communication Center SRAM glitches | Coin Case glitch | Generation II glitch Pokédex sortings | Pikachu off-screen glitch ACE | OAM DMA hijacking | Serial interrupt ACE | Pikachu glitch emote | Generation III glitch Pokémon summary | Generation III glitch move animation) | Remote code execution | TM/HMs outside of the TM/HM pocket | Type 0xFF mail arbitrary code execution (Japanese Crystal) | ZZAZZ glitch Trainer FC
List of arbitrary code execution programs
0x1500 control code arbitrary code execution (Crystal) | Cart-swap arbitrary code execution | Generation I custom map script pointer | Generation I invalid meta-map scripts | Generation I item ("8F", "ws m", "-g m", "5かい", "てへ" etc.) | Generation I move ("-", "TM42") | Generation I Trainer escape glitch text boxes | Generation II bad clone | Generation II Burned Tower Silver | Japanese Crystal Pokémon Communication Center SRAM glitches | Coin Case glitch | Generation II glitch Pokédex sortings | Pikachu off-screen glitch ACE | OAM DMA hijacking | Pikachu glitch emote | Generation III glitch Pokémon summary | Generation III glitch move animation) | Remote code execution | TM/HMs outside of the TM/HM pocket | ZZAZZ glitch Trainer FC
Cloning | Item duplication glitch (Generation I) | Pokémon merge glitch ("Q Glitch", Generation I) | Time Capsule exploit | Bug-Catching Contest data copy glitch (Generation II, Japan only) | Berry glitch | Battle Tower Lati@s glitch (Generation III) | (Mimic) Transform Rage glitch (Generation IV)
Transform held item glitch (Generation IV, Japan only) | Mimic glitch (Generation IV, Japan only)
99 item stack glitch | LOL glitch | Rival LOL glitch | Instant LOL glitch | RAM LOL glitch | Out of bounds LOL glitch | blockoobLG | Instant encounter infinite chain glitch | LGFly | Super Glitch (Generation I) | Party remaining HP glitch | Super Glitch (Generation III) | Text pointer manipulation mart buffer overflow glitch | CoolTrainer♀-type move | Double distort CoolTrainer♀ corruption | Yami Shop glitch | Party Pokémon box data shift glitch | Unterminated name glitch item instant encounter (Japanese Red/Green)
Item stack duplication glitch (Generation I)
Generation I expanded items pack (Glitch Rocket HQ maps, Map FE (English and non-English European Yellow) | Map script pointer manipulation (arbitrary code execution | Map script pointer item ball manipulation) | Text pointer manipulation (arbitrary code execution | Item ball manipulation | Mart buffer overflow) | Trainerless instant encounter glitch
Bad clone glitch (Generation II)
????? party overloading (Type 0xD0 move glitch | ????? map corruption | Celebi trick | Celebi Egg trick | Shiny Celebi trick | Glitch move map corruption | Overloaded party map corruption | Glitch Unown (Glitch Unown map corruption) | Duplicate key items glitch (Infinite items and item creation, Expanded Balls pocket (Wrong pocket TM/HMs, Glitch Pokédex categories))
Closed menu Select glitches (Japanese Red/Green)
Dokokashira door glitch (International) | Fossil conversion glitch (international) | Second type glitch | Skip to Level 100 glitch | Trainer mutation glitch | Walk through walls (International) | Lift glitch | Badge describer glitch
Pomeg glitch (Generation III)
Pomeg data corruption glitch ("Glitzer Popping") | Charm glitch
Voiding (Generation IV)
Broken escalator glitch (Japan only) | Elite Four door glitch (Japan only)
2x2 block encounter glitches (Generation I)
Left-facing shore tile glitch (in-game trade shore encounter trick, Old man trick, Trade link up shore encounter trick, Fight Safari Zone Pokémon trick) | Viridian Forest no encounter grass tiles glitch
Safari Zone exit glitch | RAM manipulation | Out of bounds Glitch City (Generation II) | Slowpoke Well out of bounds corruption (French Gold/Silver/Crystal)
Large storage box byte shift glitch
Storage box remaining HP glitch | Generation I max stat trick
Generation I save corruption | 255 Pokémon glitch | Expanded party encounter table manipulation (Generation I) | Send party Pokémon to a new game (Generation I) | Generation II save corruption | Mailbox glitches | Mystery Gift item corruption | Trainer House glitches
Death-warp | Ditto trick | Experience underflow glitch | Mew trick | Text box ID matching | Meta-map script activation
Ledge method | Museum guy method | Rival's effect | Select glitch method (International Select glitch method), Brock Through Walls
Grass/rock Surfing glitch (Spanish/Italian only) (adaptions: Submerge glitch (international)) | 8 8 (0x7C) grass/rock surfing glitch (English Red/Blue))
This article is a summary page for different variations of a glitches, etc. when talked about as a whole. |
Remote code execution is a form of arbitrary code execution between two or more games or a game and a device.
This technique has been used in the Pokémon games for Generation I, Generation II and Generation III. The exploit also resulted in what was called the 'first Pokémon Red and Blue virus', which would send a save file to another game (from a game that connects to another game via Link Cable) and trap the other player in a Glitch City.
In Generation I
Remote code execution can be performed with a corrupted party through the Link Cable. This method was documented on the website vaguilar in 2015 and shared on the Glitch City Laboratories Forums by Aldrasio in 2016.
| |
Another way to do it is via arbitrary code execution with the effect of CoolTrainer♀-type move. Using this technique, Crystal_ created a two-player Pong game.
| |
Remote code execution exploits for all versions of generation I and II games was demonstrated in the Poké Transporter GB release video.
In Generation II
Remote code execution can be performed with a corrupted party using the Link Cable, similar to Generation I. A proof of concept was demonstrated in a YouTube video by TheZZAZZGlitch in 2014. According to the video description, this appears to be the same issue as in Generation I.
| |
In Generation III
Remote code execution on a Generation III core series game can be performed with a hacked Wii to transfer data via the Nintendo GameCube – Game Boy Advance link cable. This exploit was found by Wack0 (see GitHub). Because the Game Boy Advance hardware does not support being player 1 in this style of linking, this method of remote code execution is not wormable (it can't be used to create a "save file virus").
This article or section is a stub. You can help Glitch City Wiki by expanding it. |
In Generation IV
This video demonstrates remote code execution through the Nintendo WFC, but is not wormable because it requires a pre-existing arbitrary code execution payload on the target system.
This article or section is a stub. You can help Glitch City Wiki by expanding it. |
| |
In Generation VII
Wack0 created a proof of concept (see GBATemp forums and GitHub) that allows remote execution through Quick Link.
This article or section is a stub. You can help Glitch City Wiki by expanding it. |