User:Zeroman/4F (0x59) memory write arbitrary code execution: Difference between revisions
Jump to navigation
Jump to search
Content added Content deleted
(started this memory write ACE for 4F (0x59)) |
No edit summary |
||
| Line 22: | Line 22: | ||
== items == |
== items == |
||
# 4F (0x59), quantity does not matter |
|||
# Master Ball (0x01), x99 |
|||
# Carbos (0x26), x205 |
|||
# X Accuracy (0x2E), x56 |
|||
# Lemonade (0x3E), x1 |
|||
# Item 0x77, x209 |
|||
end of list. |
end of list. |
||
Revision as of 13:20, 13 December 2023
In Pokémon Red, Blue, and Yellow, 4F (0x59) will execute FA65/FA64 (Echo RAM for DA65/DA64) when used, which makes it useful for arbitrary code execution. With the correct setup at DA65/DA64 and D322, it can be used to write to memory.
bytes needed
at DA65/DA64:
- C3 22 D3 (Red/Blue
- C3 21 D3 (Yellow
at D322/D321:
- 26 CD 2E 38 3E 01 77 C9 FF
instructions
at DA65/DA64:
- jp D322 (Red/Blue
- jp D321 (Yellow
at D322/D321:
- ld h, $CD
- ld l, $38
- ld a, $01
- ld [hl],a
- ret
items
- 4F (0x59), quantity does not matter
- Master Ball (0x01), x99
- Carbos (0x26), x205
- X Accuracy (0x2E), x56
- Lemonade (0x3E), x1
- Item 0x77, x209
end of list.