User:Zeroman/4F (0x59) memory write arbitrary code execution

From Glitch City Wiki

Jump to navigation Jump to search

In Pokémon Red, Blue, and Yellow, 4F (0x59) will execute FA65/FA64 (Echo RAM for DA65/DA64) when used, which makes it useful for arbitrary code execution. With the correct setup at DA65/DA64 and D322, it can be used to write to memory.

bytes needed

at DA65/DA64:

C3 22 D3 (Red/Blue
C3 21 D3 (Yellow)

at D322/D321:

26 CD 2E 38 3E 01 77 C9 FF

instructions

at DA65/DA64:

jp D322 (Red/Blue
jp D321 (Yellow)

at D322/D321:

ld h, $CD
ld l, $38
ld a, $01
ld [hl],a
ret

items

4F (0x59), quantity does not matter
Master Ball (0x01), x99
Carbos (0x26), x205
X Accuracy (0x2E), x56
Lemonade (0x3E), x1
Item 0x77, x209

end of list.

In this example, we set the register "hl" as CD38 and the register "a" as 0x01.

Retrieved from "https://glitchcity.wiki/wiki/User:Zeroman/4F_(0x59)_memory_write_arbitrary_code_execution?oldid=43440"

Cookies help us deliver our services. By using our services, you agree to our use of cookies.