Remote code execution

From Glitch City Wiki
Jump to navigation Jump to search
Arbitrary code execution in the Pokémon series

0x1500 control code arbitrary code execution (Crystal) | Cart-swap arbitrary code execution | Generation I custom map script pointer | Generation I invalid meta-map scripts | Generation I item ("8F", "ws m", "-g m", "5かい", "てへ" etc.) | Generation I move ("-", "TM42") | Generation I Trainer escape glitch text boxes | Generation II bad clone | Generation II Burned Tower Silver | Japanese Crystal Pokémon Communication Center SRAM glitches | Coin Case glitch | Generation II glitch Pokédex sortings | Pikachu off-screen glitch ACE | OAM DMA hijacking | Serial interrupt ACE | Pikachu glitch emote | Generation III glitch Pokémon summary | Generation III glitch move animation) | Remote code execution | TM/HMs outside of the TM/HM pocket | Type 0xFF mail arbitrary code execution (Japanese Crystal) | ZZAZZ glitch Trainer FC


List of arbitrary code execution programs

(view, talk, edit)
Major glitches of the Pokémon series


Arbitrary code execution

0x1500 control code arbitrary code execution (Crystal) | Cart-swap arbitrary code execution | Generation I custom map script pointer | Generation I invalid meta-map scripts | Generation I item ("8F", "ws m", "-g m", "5かい", "てへ" etc.) | Generation I move ("-", "TM42") | Generation I Trainer escape glitch text boxes | Generation II bad clone | Generation II Burned Tower Silver | Japanese Crystal Pokémon Communication Center SRAM glitches | Coin Case glitch | Generation II glitch Pokédex sortings | Pikachu off-screen glitch ACE | OAM DMA hijacking | Pikachu glitch emote | Generation III glitch Pokémon summary | Generation III glitch move animation) | Remote code execution | TM/HMs outside of the TM/HM pocket | ZZAZZ glitch Trainer FC


No further extensions

Cloning | Item duplication glitch (Generation I) | Pokémon merge glitch ("Q Glitch", Generation I) | Time Capsule exploit | Bug-Catching Contest data copy glitch (Generation II, Japan only) | Berry glitch | Battle Tower Lati@s glitch (Generation III) | (Mimic) Transform Rage glitch (Generation IV)

Transform held item glitch (Generation IV, Japan only) | Mimic glitch (Generation IV, Japan only)


Buffer overflow techniques

99 item stack glitch | LOL glitch | Rival LOL glitch | Instant LOL glitch | RAM LOL glitch | Out of bounds LOL glitch | blockoobLG | Instant encounter infinite chain glitch | LGFly | Super Glitch (Generation I) | Party remaining HP glitch | Super Glitch (Generation III) | Text pointer manipulation mart buffer overflow glitch | CoolTrainer♀-type move | Double distort CoolTrainer♀ corruption | Yami Shop glitch | Party Pokémon box data shift glitch | Unterminated name glitch item instant encounter (Japanese Red/Green)


Item stack duplication glitch (Generation I)

Generation I expanded items pack (Glitch Rocket HQ maps, Map FE (English and non-English European Yellow) | Map script pointer manipulation (arbitrary code execution | Map script pointer item ball manipulation) | Text pointer manipulation (arbitrary code execution | Item ball manipulation | Mart buffer overflow) | Trainerless instant encounter glitch


Bad clone glitch (Generation II)

????? party overloading (Type 0xD0 move glitch | ????? map corruption | Celebi trick | Celebi Egg trick | Shiny Celebi trick | Glitch move map corruption | Overloaded party map corruption | Glitch Unown (Glitch Unown map corruption) | Duplicate key items glitch (Infinite items and item creation, Expanded Balls pocket (Wrong pocket TM/HMs, Glitch Pokédex categories))


Closed menu Select glitches (Japanese Red/Green)

Dokokashira door glitch (International) | Fossil conversion glitch (international) | Second type glitch | Skip to Level 100 glitch | Trainer mutation glitch | Walk through walls (International) | Lift glitch | Badge describer glitch


Pomeg glitch (Generation III)

Pomeg data corruption glitch ("Glitzer Popping") | Charm glitch


Voiding (Generation IV)

Tweaking

Broken escalator glitch (Japan only) | Elite Four door glitch (Japan only)


2x2 block encounter glitches (Generation I)

Left-facing shore tile glitch (in-game trade shore encounter trick, Old man trick, Trade link up shore encounter trick, Fight Safari Zone Pokémon trick) | Viridian Forest no encounter grass tiles glitch


Glitch City

Safari Zone exit glitch | RAM manipulation | Out of bounds Glitch City (Generation II) | Slowpoke Well out of bounds corruption (French Gold/Silver/Crystal)


Large storage box byte shift glitch

Storage box remaining HP glitch | Generation I max stat trick


Pikachu off-screen glitch

Trainer corruption glitch


SRAM glitches

Generation I save corruption | 255 Pokémon glitch | Expanded party encounter table manipulation (Generation I) | Send party Pokémon to a new game (Generation I) | Generation II save corruption | Mailbox glitches | Mystery Gift item corruption | Trainer House glitches


Trainer escape glitch

Death-warp | Ditto trick | Experience underflow glitch | Mew trick | Text box ID matching | Meta-map script activation


Walk through walls

Ledge method | Museum guy method | Rival's effect | Select glitch method (International Select glitch method), Brock Through Walls


Surf down glitch

Grass/rock Surfing glitch (Spanish/Italian only) (adaptions: Submerge glitch (international)) | 8 8 (0x7C) grass/rock surfing glitch (English Red/Blue))

(view, talk, edit)
This article is a summary page for different variations of a glitches, etc. when talked about as a whole.

Remote code execution is a form of arbitrary code execution between two or more games or a game and a device.

This technique has been used in the Pokémon games for Generation I, Generation II and Generation III. The exploit also resulted in what was called the 'first Pokémon Red and Blue virus', which would send a save file to another game (from a game that connects to another game via Link Cable) and trap the other player in a Glitch City.

In Generation I

Remote code execution can be performed with a corrupted party through the Link Cable. This method was documented on the website vaguilar in 2015 and shared on the Glitch City Laboratories Forums by Aldrasio in 2016.

YouTube video by MrCheeze


Another way to do it is via arbitrary code execution with the effect of CoolTrainer♀-type move. Using this technique, Crystal_ created a two-player Pong game.

YouTube video by Crystal_


Remote code execution exploits for all versions of generation I and II games was demonstrated in the Poké Transporter GB release video.

In Generation II

Remote code execution can be performed with a corrupted party using the Link Cable, similar to Generation I. A proof of concept was demonstrated in a YouTube video by TheZZAZZGlitch in 2014. According to the video description, this appears to be the same issue as in Generation I.

YouTube video by TheZZAZZGlitch


In Generation III

Remote code execution on a Generation III core series game can be performed with a hacked Wii to transfer data via the Nintendo GameCube – Game Boy Advance link cable. This exploit was found by Wack0 (see GitHub). Because the Game Boy Advance hardware does not support being player 1 in this style of linking, this method of remote code execution is not wormable (it can't be used to create a "save file virus").

This article or section is a stub. You can help Glitch City Wiki by expanding it.

In Generation IV

This video demonstrates remote code execution through the Nintendo WFC, but is not wormable because it requires a pre-existing arbitrary code execution payload on the target system.

This article or section is a stub. You can help Glitch City Wiki by expanding it.

YouTube video by RETIRE


In Generation VII

Wack0 created a proof of concept (see GBATemp forums and GitHub) that allows remote execution through Quick Link.

This article or section is a stub. You can help Glitch City Wiki by expanding it.