User talk:MrMissingNo73: Difference between revisions
Latest comment: 1 year ago by TimoVM in topic what I do
Content added Content deleted
| Line 7: | Line 7: | ||
* arbitrary code execution with [[ItemDex/RB:107|glitch item 0x6B in Pokémon Red and Blue]], because of its effect pointer at CD35 and that it can be used for this by putting the bytes [C3 22 D3] at CD35, I use GameShark codes (01C335CD, 012236CD, 01D337CD) to do so. |
* arbitrary code execution with [[ItemDex/RB:107|glitch item 0x6B in Pokémon Red and Blue]], because of its effect pointer at CD35 and that it can be used for this by putting the bytes [C3 22 D3] at CD35, I use GameShark codes (01C335CD, 012236CD, 01D337CD) to do so. |
||
== item 0x6B arbitrary code execution ({{CRed|Red}}/{{CBlue|Blue}} only) == |
9== item 0x6B arbitrary code execution ({{CRed|Red}}/{{CBlue|Blue}} only) == |
||
item 0x6B executes CD35 when used, therefore I use it for arbitrary code execution.<br><br> |
item 0x6B executes CD35 when used, therefore I use it for arbitrary code execution.<br><br> |
||
the bytes (C3, 22, D3) are required at CD35.<br><br> |
the bytes (C3, 22, D3) are required at CD35.<br><br> |
||
''For Red and Blue, it is recommended to jump to items using (21, 22, D3, E9) instead:'' |
|||
<pre>21 22 D3 ld hl, D322 |
|||
E9 jp hl</pre> |
|||
''This achieves the same effect, but will set register h and l to interesting values to manipulate and ensures full compatibility with older item codes that were designed for use with 8F.'' |
|||
''Also interesting to check are glitch items [[ItemDex/RB:089 | 4F]] and [[ItemDex/RB:106 | -gm]]. They both execute data around the pokémon stored in the day-care, meaning that it's possible to set up ACE that both persists through saves and doesn't require cheats.'' --[[User:TimoVM|TimoVM]] ([[User talk:TimoVM|talk]]) 11:11, 18 May 2023 (UTC) |
|||
get any Pokémon:<br> |
get any Pokémon:<br> |
||
this setup allows me to get the Pokémon that I want.<br> |
this setup allows me to get the Pokémon that I want.<br> |
||
Revision as of 11:11, 18 May 2023
this is my "private" discussion page. Mr. MissingNo. 15:22, 10 May 2023 (UTC)
what I do
Mr. MissingNo. 15:28, 10 May 2023 (UTC)
what I do is:
- arbitrary code execution with glitch item 0x6B in Pokémon Red and Blue, because of its effect pointer at CD35 and that it can be used for this by putting the bytes [C3 22 D3] at CD35, I use GameShark codes (01C335CD, 012236CD, 01D337CD) to do so.
9== item 0x6B arbitrary code execution (Red/Blue only) ==
item 0x6B executes CD35 when used, therefore I use it for arbitrary code execution.
the bytes (C3, 22, D3) are required at CD35.
For Red and Blue, it is recommended to jump to items using (21, 22, D3, E9) instead:
21 22 D3 ld hl, D322 E9 jp hl
This achieves the same effect, but will set register h and l to interesting values to manipulate and ensures full compatibility with older item codes that were designed for use with 8F.
Also interesting to check are glitch items 4F and -gm. They both execute data around the pokémon stored in the day-care, meaning that it's possible to set up ACE that both persists through saves and doesn't require cheats. --TimoVM (talk) 11:11, 18 May 2023 (UTC)
get any Pokémon:
this setup allows me to get the Pokémon that I want.
items for this setup:
- item 0x6B, any quantity
- any item, any quantity
- Repel, x(species)
- X Speed, x14
- Ultra Ball, x64
- TM05 x72
- Lemonade x201
bytes needed at D31D:
07 6B FE 04 AC 1E FF 43 0E 02 40 CD 48 3E C9
ASM instructions:
CD35:
- jp D322
D322:
- ld e,$FF
- ld b,e
- ld c,$02
- ld b,b
- call 3E48
- ret
grass encounter data
grass encounter data spans from D887 to D89B.
here is a list of encounter data
| map | data or bytes |
|---|---|
| route 1 | 19 03 24 03 A5 03 A5 02 A5 02 24 03 24 03 24 04 A5 04 24 05 24 |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
| Example | Example |
ASM instructions
| Value (HEX) | Instruction | Meaning |
|---|---|---|
| 00 | nop | ignored |
| 01 | ld bc,$xxyy | loads the address specified by the next two bytes into bc |
| 02 | ld [bc],a | Example |
| 03 | Example | Example |
| 04 | Example | Example |
| 05 | Example | Example |
| 06 | Example | Example |
| 07 | Example | Example |
| 08 | Example | Example |
| 09 | Example | Example |
| 0A | Example | Example |
| 0B | Example | Example |
| 0C | Example | Example |
| 0D | Example | Example |
| 0E | Example | Example |
| 0F | Example | Example |
| 10 | stop | stops everything, preventing any further harm |
| 11 | Example | Example |
| 12 | Example | Example |
| 13 | Example | Example |
| 14 | Example | Example |
| 15 | Example | Example |
| 16 | Example | Example |
| 17 | Example | Example |
| 18 | Example | Example |
| 19 | Example | Example |
| 1A | Example | Example |
| 1B | Example | Example |
| 1C | Example | Example |
| 1D | Example | Example |
| 1E | Example | Example |
| 1F | Example | Example |
| 20 | Example | Example |
| 21 | Example | Example |
| 22 | Example | Example |
| 23 | Example | Example |
| 24 | Example | Example |
| 25 | Example | Example |
| 26 | Example | Example |
| 27 | Example | Example |
| 28 | Example | Example |
| 29 | Example | Example |
| 2A | Example | Example |
| 2B | Example | Example |
| 2C | Example | Example |
| 2D | Example | Example |
| 2E | Example | Example |
| 2F | Example | Example |
| 30 | Example | Example |
| 31 | Example | Example |
| 32 | Example | Example |
| 33 | Example | Example |
| 34 | Example | Example |
| 35 | Example | Example |
| 36 | Example | Example |
| 37 | Example | Example |
| 38 | Example | Example |
| 39 | Example | Example |
| 3A | Example | Example |
| 3B | Example | Example |
| 3C | Example | Example |
| 3D | Example | Example |
| 3E | Example | Example |
| 3F | ccf | inverts the carry flag |
| 40 | ld b,b | loads |
| 41 | ld b,c | loads the value of registre c into registre b |
| 42 | Example | Example |
| 43 | Example | Example |
| 44 | Example | Example |
| 45 | Example | Example |
| 46 | Example | Example |
| 47 | Example | Example |
| 48 | Example | Example |
| 49 | Example | Example |
| 4A | Example | Example |
| 4B | Example | Example |
| 4C | Example | Example |
| 4D | Example | Example |
| 4E | Example | Example |
| 4F | Example | Example |
| 50 | Example | Example |
| 51 | Example | Example |
| 52 | Example | Example |
| 53 | Example | Example |
| 54 | Example | Example |
| 55 | Example | Example |
| 56 | Example | Example |
| 57 | Example | Example |
| 58 | Example | Example |
| 59 | Example | Example |
| 5A | Example | Example |
| 5B | Example | Example |
| 5C | Example | Example |
| 5D | Example | Example |
| 5E | Example | Example |
| 5F | Example | Example |
| 60 | Example | Example |
| 61 | Example | Example |
| 62 | Example | Example |
| 63 | Example | Example |
| 64 | Example | Example |
| 65 | Example | Example |
| 66 | Example | Example |
| 67 | Example | Example |
| 68 | Example | Example |
| 69 | Example | Example |
| 6A | Example | Example |
| 6B | Example | Example |
| 6C | Example | Example |
| 6D | Example | Example |
| 6E | Example | Example |
| 6F | Example | Example |
| 70 | Example | Example |
| 71 | Example | Example |
| 72 | Example | Example |
| 73 | Example | Example |
| 74 | Example | Example |
| 75 | Example | Example |
| 76 | Example | Example |
| 77 | Example | Example |
| 78 | Example | Example |
| 79 | Example | Example |
| 7A | Example | Example |
| 7B | Example | Example |
| 7C | Example | Example |
| 7D | Example | Example |
| 7E | Example | Example |
| 7F | Example | Example |
| 80 | Example | Example |
| 81 | Example | Example |
| 82 | Example | Example |
| 83 | Example | Example |
| 84 | Example | Example |
| 85 | Example | Example |
| 86 | Example | Example |
| 87 | Example | Example |
| 88 | Example | Example |
| 89 | Example | Example |
| 8A | Example | Example |
| 8B | Example | Example |
| 8C | Example | Example |
| 8D | Example | Example |
| 8E | Example | Example |
| 8F | Example | Example |
| 90 | Example | Example |
| 91 | Example | Example |
| 92 | Example | Example |
| 93 | Example | Example |
| 94 | Example | Example |
| 95 | Example | Example |
| 96 | Example | Example |
| 97 | Example | Example |
| 98 | Example | Example |
| 99 | Example | Example |
| 9A | Example | Example |
| 9B | Example | Example |
| 9C | Example | Example |
| 9D | Example | Example |
| 9E | Example | Example |
| 9F | Example | Example |
| A0 | Example | Example |
| A1 | Example | Example |
| A2 | Example | Example |
| A3 | Example | Example |
| A4 | Example | Example |
| A5 | Example | Example |
| A6 | Example | Example |
| A7 | Example | Example |
| A8 | Example | Example |
| A9 | Example | Example |
| AA | Example | Example |
| AB | Example | Example |
| AC | Example | Example |
| AD | Example | Example |
| AE | Example | Example |
| AF | Example | Example |
| B0 | Example | Example |
| B1 | Example | Example |
| B2 | Example | Example |
| B3 | Example | Example |
| B4 | Example | Example |
| B5 | Example | Example |
| B6 | Example | Example |
| B7 | Example | Example |
| B8 | Example | Example |
| B9 | Example | Example |
| BA | Example | Example |
| BB | Example | Example |
| BC | Example | Example |
| BE | Example | Example |
| BF | Example | Example |
| C0 | Example | Example |
| C1 | Example | Example |
| C2 | Example | Example |
| C3 | jp $xxyy | jumps to the address specified by the two bytes after the C3 byte in little-endian format |
| C4 | Example | Example |
| C5 | Example | Example |
| C6 | Example | Example |
| C7 | Example | Example |
| C8 | Example | Example |
| C9 | ret | return |
| CA | Example | Example |
| CB | Example | Example |
| CC | Example | Example |
| CD | Example | Example |
| CE | Example | Example |
| CF | Example | Example |
| D0 | Example | Example |
| D1 | Example | Example |
| D2 | Example | Example |
| D3 | invalid | this opcode is invalid |
| D4 | Example | Example |
| D5 | Example | Example |
| D6 | Example | Example |
| D7 | Example | Example |
| D8 | Example | Example |
| D9 | Example | Example |
| DA | Example | Example |
| DB | invalid | this opcode is invalid |
| DC | Example | Example |
| DD | invalid | this opcode is invalid |
| DE | Example | Example |
| DF | Example | Example |
| E0 | Example | Example |
| E1 | Example | Example |
| E2 | Example | Example |
| E3 | invalid | this opcode is invalid |
| E4 | invalid | this opcode is invalid |
| E5 | Example | Example |
| E6 | Example | Example |
| E7 | Example | Example |
| E8 | Example | Example |
| E9 | Example | Example |
| EA | Example | Example |
| EB | invalid | this opcode is invalid |
| EC | invalid | this opcode is invalid |
| ED | invalid | this opcode is invalid |
| EE | Example | Example |
| EF | Example | Example |
| F0 | Example | Example |
| F1 | Example | Example |
| F2 | Example | Example |
| F3 | di | disable interrupts |
| F4 | invalid | this opcode is invalid |
| F5 | Example | Example |
| F6 | Example | Example |
| F7 | Example | Example |
| F8 | Example | Example |
| F9 | Example | Example |
| FA | Example | Example |
| FB | ei | enable interrupts |
| FC | invalid | this opcode is invalid |
| FD | invalid | this opcode is invalid |
| FE | cp $xx | copies the byte after the FE byte - incorrect assumption |
| FF | rst 38 | this is what causes bar freezes |
cp $xx stands for "compare $xx". The processor will compare the value of register a with the following byte and adjust the zero and carry flags according to the results:
- If a = $xx, set zero flag and reset carry flag
- If a > $xx, reset zero flag and reset carry flag
- if a < $xx, reset zero flag and set carry flag
cp opcodes are extremely useful when combined with conditional jp/call/ret.
For more information on how opcodes behave, I'd recommend the [Game boy CPU manual] --TimoVM (talk) 10:58, 18 May 2023 (UTC)
Corruptions from "Wild appeared!"
This is a full list of corruptions caused by "Wild appeared!." the glitch is caused when you enter a battle while having either no Pokémon or having crazy insane amounts of Pokémon that is between 7 and 255.
| Number | Address affected | Notes |
|---|---|---|
| 7 | CEEF | Example |
| 8 | CEF0 | Example |
| 9 | CEF1 | Example |
| 10 | CEF2 | Example |
| 11 | CEF3 | Example |
| 12 | CEF4 | Example |
| 13 | CEF5 | Example |
| 14 | CEF6 | Example |
| 15 | CEF7 | Example |
| 16 | CEF8 | Example |
| 17 | CEF9 | Example |
| 18 | CEFA | Example |
| 19 | CEFB | Example |
| 20 | CEFC | Example |
| 21 | CEFD | Example |
| 22 | CEFE | Example |
| 23 | CEFF | Example |
| 24 | CF00 | Example |
| 25 | CF01 | Example |
| 26 | CF02 | Example |
| 27 | CF03 | Example |
| 28 | CF04 | Example |
| 29 | CF05 | Example |
| 30 | CF06 | Example |
| 31 | CF07 | Example |
| 32 | CF08 | Example |
| 33 | CF09 | Example |
| 34 | CF0A | Example |
| 35 | CF0B | Example |
| 36 | CF0C | Example |
| 37 | CF0D | Example |
| 38 | CF0E | Example |
| 39 | CF0F | Example |
| 40 | CF10 | Example |
| 41 | CF11 | Example |
| 42 | CF12 | Example |
| 43 | CF13 | Example |
| 44 | CF14 | Example |
| 45 | CF15 | Example |
| 46 | CF16 | Example |
| 47 | CF17 | Example |
| 48 | CF18 | Example |
| 49 | CF19 | Example |
| 50 | CF1A | Example |
| 51 | CF1B | Example |
| 53 | CF1C | Example |
| 54 | CF1D | Example |
| 55 | CF1E | Example |
| 56 | CF1F | Example |
| 57 | CF20 | Example |
| 58 | CF21 | Example |
| 59 | CF22 | Example |
| 60 | CF23 | Example |
| 61 | CF24 | Example |
| 62 | CF25 | Example |
| 63 | CF26 | Example |
| 64 | CF27 | Example |
| 65 | CF28 | Example |
| 66 | CF29 | Example |
| 67 | CF2A | Example |
| 68 | CF2B | Example |
| 69 | CF2C | Example |
| 70 | CF2D | Example |
| 71 | CF2E | Example |
| 72 | CF2F | Example |
| 73 | CF30 | Example |
| 74 | CF31 | Example |
| 75 | CF32 | Example |
| 76 | CF33 | Example |
| 77 | CF34 | Example |
| 78 | CF35 | Example |
| 79 | CF36 | Example |
| 80 | CF37 | Example |
| 81 | CF38 | Example |
| 82 | CF39 | Example |
| 83 | CF3A | Example |
| 84 | CF3B | Example |
| 85 | CF3C | Example |
| 86 | CF3D | Example |
| 87 | CF3E | Example |
| 88 | CF3F | Example |
| 89 | CF40 | Example |
| 90 | CF41 | Example |
| 91 | CF42 | Example |
| 92 | CF43 | Example |
| 93 | CF44 | Example |
| 94 | CF45 | Example |
| 95 | CF46 | Example |
| 96 | CF47 | Example |
| 97 | CF48 | Example |
| 98 | CF49 | Example |
| 99 | CF4A | Example |
| 100 | CF4B | Example |
| 101 | CF4C | Example |
| 102 | CF4D | Example |
| 103 | CF4E | Example |
| 104 | CF4F | Example |
| 105 | CF50 | Example |
| 106 | CF51 | Example |
| 107 | CF52 | Example |
| 108 | CF5E | Example |
| 109 | CF54 | Example |
| 110 | CF55 | Example |
| 111 | CF56 | Example |
| 112 | CF57 | Example |
| 113 | CF58 | Example |
| 114 | CF59 | Example |
| 115 | CF5A | Example |
| 116 | CF5B | Example |
| 117 | CF5C | Example |
| 118 | CF5D | Example |
| 119 | CF5E | Example |
| 120 | CF5F | Example |
| 121 | CF60 | Example |
| 122 | CF61 | Example |
| 123 | CF62 | Example |
| 124 | CF63 | Example |
| 125 | CF64 | Example |
| 126 | CF65 | Example |
| 127 | CF66 | Example |
| 128 | CF67 | Example |
| 129 | CF68 | Example |
| 130 | CF69 | Example |
| 131 | CF6A | Example |
| 132 | CF6B | Example |
| 133 | CF6C | Example |
| 134 | CF6D | Example |
| 135 | CF6E | Example |
| 136 | CF6F | Example |
| 137 | CF70 | Example |
| 138 | CF71 | Example |
| 139 | CF72 | Example |
| 140 | CF73 | Example |
| 141 | CF74 | Example |
| 142 | CF75 | Example |
| 143 | CF76 | Example |
| 144 | CF77 | Example |
| 145 | CF78 | Example |
| 146 | CF79 | Example |
| 147 | CF7A | Example |
| 148 | CF7B | Example |
| 149 | CF7C | Example |
| 150 | CF7D | Example |
| 151 | CF7E | Example |
| 152 | CF7F | Example |
| 153 | CF80 | Example |
| 154 | CF81 | Example |
| 155 | CF82 | Example |
| 156 | CF83 | Example |
| 157 | CF84 | Example |
| 158 | CF85 | Example |
| 159 | CF86 | Example |
| 160 | CF87 | Example |
| 161 | CF88 | Example |
| 162 | CF89 | Example |
| 163 | CF8A | Example |
| 164 | CF8B | Example |
| 165 | CF8C | Example |
| 166 | CF8D | Example |
| 167 | CF8E | Example |
| 168 | CF8F | Example |
| 169 | CF90 | Example |
| 170 | CF91 | Example |
| 171 | CF92 | Example |
| 172 | CF93 | Example |
| 172 | CF94 | Example |
| 173 | CF95 | Example |
| 174 | CF96 | Example |
| 175 | CF97 | Example |
| 176 | CF98 | Example |
| 177 | CF99 | Example |
| 178 | CF9A | Example |
| 179 | CF9B | Example |
| 180 | CF9C | Example |
| 181 | CF9D | Example |
| 182 | CF9E | Example |
| 183 | CF9F | Example |
| 184 | CFA0 | Example |
| 185 | CFA1 | Example |
| 186 | CFA2 | Example |
| 187 | CFA3 | Example |
| 188 | CFA4 | Example |
| 189 | CFA5 | Example |
| 190 | CFA6 | Example |
| 191 | CFA7 | Example |
| 192 | CFA8 | Example |
| 193 | CFA9 | Example |
| 193 | CFAA | Example |
| 194 | CFAB | Example |
| 195 | CFAC | Example |
| 196 | CFAD | Example |
| 197 | CFAE | Example |
| 198 | CFAF | Example |
| 199 | CFB0 | Example |
| 200 | CFB1 | Example |
| 201 | CFB2 | Example |
| 202 | CFB3 | Example |
| 203 | CFB4 | Example |
| 204 | CFB5 | Example |
| 2O5 | CFB6 | Example |
| 206 | CFB7 | Example |
| 207 | CFB8 | Example |
| 208 | CFB9 | Example |
| 209 | CFBA | Example |
| 210 | CFBB | Example |
| 211 | CFBC | Example |
| 212 | CFBD | Example |
| 213 | CFBE | Example |
| 214 | CFBF | Example |
| 215 | CFC0 | Example |
| 216 | CFC1 | Example |
| 217 | CFC2 | Example |
| 218 | CFC3 | Example |
| 219 | CFC4 | Example |
| 220 | CFC5 | Example |
| 221 | CFC6 | Example |
| 222 | CFC7 | Example |
| 223 | CFC8 | Example |
| 224 | CFC9 | Example |
| 225 | CFCA | Example |
| 226 | CFCB | Example |
| 227 | CFCC | Example |
| 228 | CFCD | Example |
| 229 | CFCE | Example |
| 230 | CFCF | Example |
| 231 | CFD0 | Example |
| 232 | CFD1 | Example |
| 233 | CFD2 | Example |
| 234 | CFD3 | Example |
| 235 | CFD4 | Example |
| 236 | CFD5 | Example |
| 237 | CFD6 | Example |
| 238 | CFD7 | Example |
| 239 | CFD8 | Example |
| 240 | CFD9 | Example |
| 241 | CFDA | Example |
| 242 | CFDB | Example |
| 243 | CFDC | Example |
| 244 | CFDD | Example |
| 245 | CFDE | Example |
| 246 | CFDF | Example |
| 247 | CFE0 | Example |
| 248 | CFE1 | Example |
| 249 | CFE2 | Example |
| 250 | CFE3 | Example |
| 251 | CFE4 | Example |
| 252 | CFE5 | Example |
| 253 | CFE6 | Example |
| 254 | CFE7 | Example |
| 255 | CFE8 | Example |
| 256 (0) | CFE9 | Example |