User:Zeroman/4F (0x59) memory write arbitrary code execution
Jump to navigation
Jump to search
In Pokémon Red, Blue, and Yellow, 4F (0x59) will execute FA65/FA64 (Echo RAM for DA65/DA64) when used, which makes it useful for arbitrary code execution. With the correct setup at DA65/DA64 and D322, it can be used to write to memory.
bytes needed
at DA65/DA64:
- C3 22 D3 (Red/Blue
- C3 21 D3 (Yellow)
at D322/D321:
- 26 CD 2E 38 3E 01 77 C9 FF
instructions
at DA65/DA64:
- jp D322 (Red/Blue
- jp D321 (Yellow)
at D322/D321:
- ld h, $CD
- ld l, $38
- ld a, $01
- ld [hl],a
- ret
items
- 4F (0x59), quantity does not matter
- Master Ball (0x01), x99
- Carbos (0x26), x205
- X Accuracy (0x2E), x56
- Lemonade (0x3E), x1
- Item 0x77, x209
end of list.
In this example, we set the register "hl" as CD38 and the register "a" as 0x01.