User:Zeroman/4F (0x59) memory write arbitrary code execution: Difference between revisions

Content added Content deleted

Inline

Revision as of 13:19, 13 December 2023

In Pokémon Red, Blue, and Yellow, 4F (0x59) will execute FA65/FA64 (Echo RAM for DA65/DA64) when used, which makes it useful for arbitrary code execution. With the correct setup at DA65/DA64 and D322, it can be used to write to memory.

bytes needed

at DA65/DA64:

C3 22 D3 (Red/Blue
C3 21 D3 (Yellow

at D322/D321:

26 CD 2E 38 3E 01 77 C9 FF

instructions

at DA65/DA64:

jp D322 (Red/Blue
jp D321 (Yellow

at D322/D321:

ld h, $CD
ld l, $38
ld a, $01
ld [hl],a
ret

items

1. 4F (0x59), quantity does not matter 2. Master Ball (0x01), 0x63 3. Carbos (0x26), x205 4. X Accuracy (0x2E), x56 5. Lemonade (0x3E), x1 6. Item 0x77, x209 end of list.

@@ Line 1: / Line 1: @@
-In {{RBY}}, 4F (0x59) will execute FA65/FA64 (Echo RAM for DA65/DA64) when used, which makes it useful for arbitrary code execution. With the correct setup, it can be used to write to memory.
+In {{RBY}}, 4F (0x59) will execute FA65/FA64 (Echo RAM for DA65/DA64) when used, which makes it useful for arbitrary code execution. With the correct setup at DA65/DA64 and D322, it can be used to write to memory.
+== bytes needed ==
+at DA65/DA64:
+* C3 22 D3 ({{CRed|Red}}/{{CBlue|Blue}}
+* C3 21 D3 ({{CYellow|Yellow}}
+at D322/D321:
+* 26 CD 2E 38 3E 01 77 C9 FF
+== instructions ==
+at DA65/DA64:
+* jp D322 ({{CRed|Red}}/{{CBlue|Blue}}
+* jp D321 ({{CYellow|Yellow}}
+at D322/D321:
+* ld h, $CD
+* ld l, $38
+* ld a, $01
+* ld [hl],a
+* ret
+== items ==
+. 4F (0x59), quantity does not matter
+. Master Ball (0x01), 0x63
+. Carbos (0x26), x205
+. X Accuracy (0x2E), x56
+. Lemonade (0x3E), x1
+. Item 0x77, x209
+end of list.

User:Zeroman/4F (0x59) memory write arbitrary code execution: Difference between revisions

Revision as of 13:19, 13 December 2023

bytes needed

instructions

items

Navigation menu

Search