Unterminated name Pokémon (Generation II)

From Glitch City Wiki
Revision as of 03:44, 19 February 2019 by >Bbbbbbbbba (Created page with "In Generation II, an '''unterminated name Pokémon''' is a Pokémon which does not have a terminating hex:50 character in its first eleven characters of its nickname. In {{Cr...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

In Generation II, an unterminated name Pokémon is a Pokémon which does not have a terminating hex:50 character in its first eleven characters of its nickname.

In Pokémon Crystal, viewing such an unterminated name at some places, such as on the stats screen or in the PC, may freeze the game or corrupt data. With proper setup, though, this effect may be used for arbitrary code execution.

Obtaining

The bad clones obtained from the bad clone glitch usually have unterminated nicknames. Sometimes, a Pokémon obtained from the bad clone glitch may not be a "real" bad clone because it is not an unstable hybrid of a normal Pokémon and ????? (hex 00), but it will still have an unterminated nickname. Such a Pokémon is sometimes called a "pseudo-bad clone".

This article or section is a stub. You can help Glitch City Wiki by expanding it.

Properties

In Pokémon Crystal, when viewing the name of a Pokémon, it is usually copied to a string buffer at $d073 before printed onto the screen. The copy is limited to 11 characters, so this step will not cause memory corruption. However, when the string is printed, the subroutine will read beyond the buffer into other memory areas until a 0x50 marker is found. In this process, it may encounter control characters with various effects, or it may simply overflow the screen buffer and corrupt large areas of the RAM.

This article or section is a stub. You can help Glitch City Wiki by expanding it.

Safety

Although the arbitrary code execution effect can be useful, sometimes it may be unwanted if, for example, you just want to use the bad clone for the Celebi Egg glitch. This is especially a concern because the bad clone glitch requires a game reset, which erases 0x50 markers from the relevant memory areas. Fortunately, there are many actions that can make viewing an unterminated nickname safe. For example:

  • View the green page (moves) of the stats screen of a Pokémon whose last move has 11 or 12 characters (e.g. Smokescreen).
  • View an item list where the last visible item has 11 or 12 characters (e.g. switch PsnCureBerry to the last slot in the item pack).

Those methods use the fact that names of moves and items are 13 characters long, including the 0x50 end marker, and they are copied to the same buffer, so if their names are 11 or 12 characters long, their 0x50 markers will help terminating the unterminated Pokémon name. This may or may not work with moves and items with shorter names, because their names are copied from a 0x50 delimited list in the ROM (e.g. "LEER@BITE@GROWL@..."), so the 12th and 13th positions may or may not be 0x50.

  • Give any item to a Pokémon.
  • Buy any item at the shop, up to the point of (and including) choosing a quantity. (You don't need to actually buy it.)
  • Sell any item at the shop. (You do need to actually sell it.)

Those methods use another string buffer at $d086, which is shortly after the aforementioned buffer. Since this buffer isn't overwritten by the unterminated name, those methods work with any item.

Retrieved from "https://glitchcity.wiki/wiki/Unterminated_name_Pokémon_(Generation_II)?oldid=35667"