User talk:MrMissingNo73
this is my "private" discussion page. Mr. MissingNo. 15:22, 10 May 2023 (UTC)
what I do
Mr. MissingNo. 15:28, 10 May 2023 (UTC)
what I do is:
- arbitrary code execution with glitch item 0x6B in Pokémon Red and Blue, because of its effect pointer at CD35 and that it can be used for this by putting the bytes [C3 22 D3] at CD35, I use GameShark codes (01C335CD, 012236CD, 01D337CD) to do so.
item 0x6B arbitrary code execution (Red/Blue only)
item 0x6B executes CD35 when used, therefore I use it for arbitrary code execution.
the method I put below will work in addition to using an E9 byte over a C3 byte (sometimes when I type, it lags for few seconds before actually inputting the text I had input), I prefer to use C3 – jump to address specified by the two bytes after the C3 in little-endian format and execute code from there – instead of and E9 – what ASM instruction is represented by 0xE9? (oops I said "and E9" instead of "an E9," I input "I prefer to use C3 – jump to address specified by the two bytes after the C3 in little-endian format and execute code from there – instead of and E9 – jump to address specified by "hl" in little-endian format and execute code from there")
E9 stands for "jp hl" -> "jump to the address described by the current values of hl". Setups using glitch item 8F almost always use this approach due to necessity, meaning that a lot of old item codes make use of the assumption that hl = D322 at the start of an item code.
The main advantage is this makes it cheaper to target item ID and item quantity addresses, so codes that manipulate either of these are easier to form.--TimoVM (talk) 15:22, 18 May 2023 (UTC)
the bytes (C3, 22, D3) are required at CD35.
get any Pokémon:
this setup allows me to get the Pokémon that I want.
items for this setup:
- item 0x6B, any quantity
- any item, any quantity
- Repel, x(species)
- X Speed, x14
- Ultra Ball, x64
- TM05 x72
- Lemonade x201
bytes needed at D31D:
07 6B FE 04 AC 1E FF 43 0E 02 40 CD 48 3E C9
ASM instructions:
CD35:
- jp D322
D322:
- ld e,$FF
- ld b,e
- ld c,$02
- ld b,b
- call 3E48
- ret
grass encounter data
grass encounter data spans from D887 to D89B.
here is a list of encounter data
map | data or bytes |
---|---|
route 1 | 19 03 24 03 A5 03 A5 02 A5 02 24 03 24 03 24 04 A5 04 24 05 24 |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
ASM instructions
Value (HEX) | Instruction | Meaning |
---|---|---|
00 | nop | ignored |
01 | ld bc,$xxyy | loads the address specified by the next two bytes into bc |
02 | ld [bc],a | Example |
03 | Example | Example |
04 | Example | Example |
05 | Example | Example |
06 | Example | Example |
07 | Example | Example |
08 | Example | Example |
09 | Example | Example |
0A | Example | Example |
0B | Example | Example |
0C | Example | Example |
0D | Example | Example |
0E | Example | Example |
0F | Example | Example |
10 | stop | stops everything, preventing any further harm |
11 | Example | Example |
12 | Example | Example |
13 | Example | Example |
14 | Example | Example |
15 | Example | Example |
16 | Example | Example |
17 | Example | Example |
18 | Example | Example |
19 | Example | Example |
1A | Example | Example |
1B | Example | Example |
1C | Example | Example |
1D | Example | Example |
1E | Example | Example |
1F | Example | Example |
20 | Example | Example |
21 | Example | Example |
22 | Example | Example |
23 | Example | Example |
24 | Example | Example |
25 | Example | Example |
26 | Example | Example |
27 | Example | Example |
28 | Example | Example |
29 | Example | Example |
2A | Example | Example |
2B | Example | Example |
2C | Example | Example |
2D | Example | Example |
2E | Example | Example |
2F | Example | Example |
30 | Example | Example |
31 | Example | Example |
32 | Example | Example |
33 | Example | Example |
34 | Example | Example |
35 | Example | Example |
36 | Example | Example |
37 | Example | Example |
38 | Example | Example |
39 | Example | Example |
3A | Example | Example |
3B | Example | Example |
3C | Example | Example |
3D | Example | Example |
3E | Example | Example |
3F | ccf | inverts the carry flag |
40 | ld b,b | loads |
41 | ld b,c | loads the value of registre c into registre b |
42 | Example | Example |
43 | Example | Example |
44 | Example | Example |
45 | Example | Example |
46 | Example | Example |
47 | Example | Example |
48 | Example | Example |
49 | Example | Example |
4A | Example | Example |
4B | Example | Example |
4C | Example | Example |
4D | Example | Example |
4E | Example | Example |
4F | Example | Example |
50 | Example | Example |
51 | Example | Example |
52 | Example | Example |
53 | Example | Example |
54 | Example | Example |
55 | Example | Example |
56 | Example | Example |
57 | Example | Example |
58 | Example | Example |
59 | Example | Example |
5A | Example | Example |
5B | Example | Example |
5C | Example | Example |
5D | Example | Example |
5E | Example | Example |
5F | Example | Example |
60 | Example | Example |
61 | Example | Example |
62 | Example | Example |
63 | Example | Example |
64 | Example | Example |
65 | Example | Example |
66 | Example | Example |
67 | Example | Example |
68 | Example | Example |
69 | Example | Example |
6A | Example | Example |
6B | Example | Example |
6C | Example | Example |
6D | Example | Example |
6E | Example | Example |
6F | Example | Example |
70 | Example | Example |
71 | Example | Example |
72 | Example | Example |
73 | Example | Example |
74 | Example | Example |
75 | Example | Example |
76 | Example | Example |
77 | Example | Example |
78 | Example | Example |
79 | Example | Example |
7A | Example | Example |
7B | Example | Example |
7C | Example | Example |
7D | Example | Example |
7E | Example | Example |
7F | Example | Example |
80 | Example | Example |
81 | Example | Example |
82 | Example | Example |
83 | Example | Example |
84 | Example | Example |
85 | Example | Example |
86 | Example | Example |
87 | Example | Example |
88 | Example | Example |
89 | Example | Example |
8A | Example | Example |
8B | Example | Example |
8C | Example | Example |
8D | Example | Example |
8E | Example | Example |
8F | Example | Example |
90 | Example | Example |
91 | Example | Example |
92 | Example | Example |
93 | Example | Example |
94 | Example | Example |
95 | Example | Example |
96 | Example | Example |
97 | Example | Example |
98 | Example | Example |
99 | Example | Example |
9A | Example | Example |
9B | Example | Example |
9C | Example | Example |
9D | Example | Example |
9E | Example | Example |
9F | Example | Example |
A0 | Example | Example |
A1 | Example | Example |
A2 | Example | Example |
A3 | Example | Example |
A4 | Example | Example |
A5 | Example | Example |
A6 | Example | Example |
A7 | Example | Example |
A8 | Example | Example |
A9 | Example | Example |
AA | Example | Example |
AB | Example | Example |
AC | Example | Example |
AD | Example | Example |
AE | Example | Example |
AF | Example | Example |
B0 | Example | Example |
B1 | Example | Example |
B2 | Example | Example |
B3 | Example | Example |
B4 | Example | Example |
B5 | Example | Example |
B6 | Example | Example |
B7 | Example | Example |
B8 | Example | Example |
B9 | Example | Example |
BA | Example | Example |
BB | Example | Example |
BC | Example | Example |
BE | Example | Example |
BF | Example | Example |
C0 | Example | Example |
C1 | Example | Example |
C2 | Example | Example |
C3 | jp $xxyy | jumps to the address specified by the two bytes after the C3 byte in little-endian format |
C4 | Example | Example |
C5 | Example | Example |
C6 | Example | Example |
C7 | Example | Example |
C8 | Example | Example |
C9 | ret | return |
CA | Example | Example |
CB | Example | Example |
CC | Example | Example |
CD | Example | Example |
CE | Example | Example |
CF | Example | Example |
D0 | Example | Example |
D1 | Example | Example |
D2 | Example | Example |
D3 | invalid | this opcode is invalid |
D4 | Example | Example |
D5 | Example | Example |
D6 | Example | Example |
D7 | Example | Example |
D8 | Example | Example |
D9 | Example | Example |
DA | Example | Example |
DB | invalid | this opcode is invalid |
DC | Example | Example |
DD | invalid | this opcode is invalid |
DE | Example | Example |
DF | Example | Example |
E0 | Example | Example |
E1 | Example | Example |
E2 | Example | Example |
E3 | invalid | this opcode is invalid |
E4 | invalid | this opcode is invalid |
E5 | Example | Example |
E6 | Example | Example |
E7 | Example | Example |
E8 | Example | Example |
E9 | jp hl | jumps to the address specified by hl (stored as lower-endian in hl) and executes code from there. |
EA | Example | Example |
EB | invalid | this opcode is invalid |
EC | invalid | this opcode is invalid |
ED | invalid | this opcode is invalid |
EE | Example | Example |
EF | Example | Example |
F0 | Example | Example |
F1 | Example | Example |
F2 | Example | Example |
F3 | di | disable interrupts |
F4 | invalid | this opcode is invalid |
F5 | Example | Example |
F6 | Example | Example |
F7 | Example | Example |
F8 | Example | Example |
F9 | Example | Example |
FA | Example | Example |
FB | ei | enable interrupts |
FC | invalid | this opcode is invalid |
FD | invalid | this opcode is invalid |
FE | cp $xx | compares the byte after the FE byte to the FE byte |
FF | rst 38 | this is what causes bar freezes, the game executes the contents of address 0038, puses 0039 onto the stack (the corruption starts at DFFF, it goes downwards, it corrupts (in memory order) WRAM (technically the Echo RAM is corrupted at the same time upon the corruption of WRAM starting at DDFF), RAM, SRAM, VRAM, ROM, the inter. enable register (FFFF), the HRAM, the unusable memory, and the OAM. this is what causes the vertical bars and deleted saved data (all of SRAM and VRAM is set to 00 39). |
Corruptions from "Wild appeared!"
This is a full list of corruptions caused by "Wild appeared!." the glitch is caused when you enter a battle while having either no Pokémon or having crazy insane amounts of Pokémon that is between 7 and 255.
Number | Address affected | Notes |
---|---|---|
7 | CEEF | Example |
8 | CEF0 | Example |
9 | CEF1 | Example |
10 | CEF2 | Example |
11 | CEF3 | Example |
12 | CEF4 | Example |
13 | CEF5 | Example |
14 | CEF6 | Example |
15 | CEF7 | Example |
16 | CEF8 | Example |
17 | CEF9 | Example |
18 | CEFA | Example |
19 | CEFB | Example |
20 | CEFC | Example |
21 | CEFD | Example |
22 | CEFE | Example |
23 | CEFF | Example |
24 | CF00 | Example |
25 | CF01 | Example |
26 | CF02 | Example |
27 | CF03 | Example |
28 | CF04 | Example |
29 | CF05 | Example |
30 | CF06 | Example |
31 | CF07 | Example |
32 | CF08 | Example |
33 | CF09 | Example |
34 | CF0A | Example |
35 | CF0B | Example |
36 | CF0C | Example |
37 | CF0D | Example |
38 | CF0E | Example |
39 | CF0F | Example |
40 | CF10 | Example |
41 | CF11 | Example |
42 | CF12 | Example |
43 | CF13 | Example |
44 | CF14 | Example |
45 | CF15 | Example |
46 | CF16 | Example |
47 | CF17 | Example |
48 | CF18 | Example |
49 | CF19 | Example |
50 | CF1A | Example |
51 | CF1B | Example |
53 | CF1C | Example |
54 | CF1D | Example |
55 | CF1E | Example |
56 | CF1F | Example |
57 | CF20 | Example |
58 | CF21 | Example |
59 | CF22 | Example |
60 | CF23 | Example |
61 | CF24 | Example |
62 | CF25 | Example |
63 | CF26 | Example |
64 | CF27 | Example |
65 | CF28 | Example |
66 | CF29 | Example |
67 | CF2A | Example |
68 | CF2B | Example |
69 | CF2C | Example |
70 | CF2D | Example |
71 | CF2E | Example |
72 | CF2F | Example |
73 | CF30 | Example |
74 | CF31 | Example |
75 | CF32 | Example |
76 | CF33 | Example |
77 | CF34 | Example |
78 | CF35 | Example |
79 | CF36 | Example |
80 | CF37 | Example |
81 | CF38 | Example |
82 | CF39 | Example |
83 | CF3A | Example |
84 | CF3B | Example |
85 | CF3C | Example |
86 | CF3D | Example |
87 | CF3E | Example |
88 | CF3F | Example |
89 | CF40 | Example |
90 | CF41 | Example |
91 | CF42 | Example |
92 | CF43 | Example |
93 | CF44 | Example |
94 | CF45 | Example |
95 | CF46 | Example |
96 | CF47 | Example |
97 | CF48 | Example |
98 | CF49 | Example |
99 | CF4A | Example |
100 | CF4B | Example |
101 | CF4C | Example |
102 | CF4D | Example |
103 | CF4E | Example |
104 | CF4F | Example |
105 | CF50 | Example |
106 | CF51 | Example |
107 | CF52 | Example |
108 | CF5E | Example |
109 | CF54 | Example |
110 | CF55 | Example |
111 | CF56 | Example |
112 | CF57 | Example |
113 | CF58 | Example |
114 | CF59 | Example |
115 | CF5A | Example |
116 | CF5B | Example |
117 | CF5C | Example |
118 | CF5D | Example |
119 | CF5E | Example |
120 | CF5F | Example |
121 | CF60 | Example |
122 | CF61 | Example |
123 | CF62 | Example |
124 | CF63 | Example |
125 | CF64 | Example |
126 | CF65 | Example |
127 | CF66 | Example |
128 | CF67 | Example |
129 | CF68 | Example |
130 | CF69 | Example |
131 | CF6A | Example |
132 | CF6B | Example |
133 | CF6C | Example |
134 | CF6D | Example |
135 | CF6E | Example |
136 | CF6F | Example |
137 | CF70 | Example |
138 | CF71 | Example |
139 | CF72 | Example |
140 | CF73 | Example |
141 | CF74 | Example |
142 | CF75 | Example |
143 | CF76 | Example |
144 | CF77 | Example |
145 | CF78 | Example |
146 | CF79 | Example |
147 | CF7A | Example |
148 | CF7B | Example |
149 | CF7C | Example |
150 | CF7D | Example |
151 | CF7E | Example |
152 | CF7F | Example |
153 | CF80 | Example |
154 | CF81 | Example |
155 | CF82 | Example |
156 | CF83 | Example |
157 | CF84 | Example |
158 | CF85 | Example |
159 | CF86 | Example |
160 | CF87 | Example |
161 | CF88 | Example |
162 | CF89 | Example |
163 | CF8A | Example |
164 | CF8B | Example |
165 | CF8C | Example |
166 | CF8D | Example |
167 | CF8E | Example |
168 | CF8F | Example |
169 | CF90 | Example |
170 | CF91 | Example |
171 | CF92 | Example |
172 | CF93 | Example |
172 | CF94 | Example |
173 | CF95 | Example |
174 | CF96 | Example |
175 | CF97 | Example |
176 | CF98 | Example |
177 | CF99 | Example |
178 | CF9A | Example |
179 | CF9B | Example |
180 | CF9C | Example |
181 | CF9D | Example |
182 | CF9E | Example |
183 | CF9F | Example |
184 | CFA0 | Example |
185 | CFA1 | Example |
186 | CFA2 | Example |
187 | CFA3 | Example |
188 | CFA4 | Example |
189 | CFA5 | Example |
190 | CFA6 | Example |
191 | CFA7 | Example |
192 | CFA8 | Example |
193 | CFA9 | Example |
193 | CFAA | Example |
194 | CFAB | Example |
195 | CFAC | Example |
196 | CFAD | Example |
197 | CFAE | Example |
198 | CFAF | Example |
199 | CFB0 | Example |
200 | CFB1 | Example |
201 | CFB2 | Example |
202 | CFB3 | Example |
203 | CFB4 | Example |
204 | CFB5 | Example |
2O5 | CFB6 | Example |
206 | CFB7 | Example |
207 | CFB8 | Example |
208 | CFB9 | Example |
209 | CFBA | Example |
210 | CFBB | Example |
211 | CFBC | Example |
212 | CFBD | Example |
213 | CFBE | Example |
214 | CFBF | Example |
215 | CFC0 | Example |
216 | CFC1 | Example |
217 | CFC2 | Example |
218 | CFC3 | Example |
219 | CFC4 | Example |
220 | CFC5 | Example |
221 | CFC6 | Example |
222 | CFC7 | Example |
223 | CFC8 | Example |
224 | CFC9 | Example |
225 | CFCA | Example |
226 | CFCB | Example |
227 | CFCC | Example |
228 | CFCD | Example |
229 | CFCE | Example |
230 | CFCF | Example |
231 | CFD0 | Example |
232 | CFD1 | Example |
233 | CFD2 | Example |
234 | CFD3 | Example |
235 | CFD4 | Example |
236 | CFD5 | Example |
237 | CFD6 | Example |
238 | CFD7 | Example |
239 | CFD8 | Example |
240 | CFD9 | Example |
241 | CFDA | Example |
242 | CFDB | Example |
243 | CFDC | Example |
244 | CFDD | Example |
245 | CFDE | Example |
246 | CFDF | Example |
247 | CFE0 | Example |
248 | CFE1 | Example |
249 | CFE2 | Example |
250 | CFE3 | Example |
251 | CFE4 | Example |
252 | CFE5 | Example |
253 | CFE6 | Example |
254 | CFE7 | Example |
255 | CFE8 | Example |
256 (0) | CFE9 | Example |
glitch item 0x74's name is always interpreted wrong
The name of this item is DHNhlT4 89 ゥ N, with a lowercase L, not an uppercase I, the name data for the glitch item 0x74 is 83 87 8D A7 AB 93 FA CB CF 3D 28 09 FE FF C0 EA CB CF C3 8D, I also noticed that some parts of the glitch item's name is repeated, specifically the "CB CF" and "8D (interpreted by the printing function – 3C49– as "Uppercase N")" parts.
unused JP strings
the unused JP strings were items with index numbers 0x62 to 0x74, there are at least 20 of them. the table is a 19-by-3 table, I accidently initially inserted it as having 3 rows and 20 columns, I then re-inserted it as having 3 columns and 20 rows, I had to remove the 20th row because it was one row too many.
index | hiragana/katakana | romaji | mojibake form | unused, please remove | unused, please remove | unused, please remove |
---|---|---|---|---|---|---|
62 | かみなりバッヂ | Example | Example | unused, please remove | unused, please remove | unused, please remove |
63 | かいがらバッヂ | Example | Example | unused, please remove | unused, please remove | unused, please remove |
6B | Example | Example | Example | unused, please remove | unused, please remove | unused, please remove |
6C | Example | Example | Example | unused, please remove | unused, please remove | unused, please remove |
66 | おじぞうバッヂ | Example | Example | unused, please remove | unused, please remove | unused, please remove |
67 | はやぶさバッヂ | Example | Example | unused, please remove | unused, please remove | unused, please remove |
68 | ひんやりバッヂ | Example | Example | unused, please remove | unused, please remove | unused, please remove |
69 | なかよしバッヂ | Example | Example | unused, please remove | unused, please remove | unused, please remove |
6A | バラバッヂ | Example | Example | unused, please remove | unused, please remove | unused, please remove |
64 | ひのたまバッヂ | Example | Example | unused, please remove | unused, please remove | unused, please remove |
65 | ゴールドバッヂ | Example | Example | unused, please remove | unused, please remove | unused, please remove |
6D | ブロンズ | buronji | Example | unused, please remove | unused, please remove | unused, please remove |
6E | シルバー | shiruba | Example | unused, please remove | unused, please remove | unused, please remove |
6F | ゴールド | gorudo | Example | unused, please remove | unused, please remove | unused, please remove |
70 | プチキャプテン | puchikyaputen | Example | unused, please remove | unused, please remove | unused, please remove |
71 | キャプテン | kyaputen | Example | unused, please remove | unused, please remove | unused, please remove |
72 | プチマスター | puchimasuta | Example | unused, please remove | unused, please remove | unused, please remove |
73 | マスター | masuta | Example | unused, please remove | unused, please remove | unused, please remove |
74 | エクセレント | ekuserento | DHNhlT4 89 ゥ N | unused, please remove | unused, please remove | unused, please remove |
function | what it does |
---|---|
instant bar freeze! | sets all of WRAM, VRAM, SRAM, HRAM, OAM, the unusable memory, the inter. enable register, HRAM, ROM, and Echo RAM to 00 39 |
mass-corrupt VRAM! | sets all of VRAM (8000 to 9FFF) to random values |
mass-corrupt your Pokémon! | sets all of the memory associated with your Pokémon's structure data (D16B-D247) to random values, this also would result in instant unstable hybrids |
destroy invalid opcodes! | replaces all bytes in the memory in which their ASM instruction is an invalid opcode byte (D3, DB, DD, E3, E4, EB, EC, ED, F4, FC, FC) with ret |
destroy rst opcodes! | replaces all bytes in the memory in which their ASM instruction is an RST byte (C7, CF, D7, DF, E7, EF, F7, FF) with ret |
unlimited money! | sets three addresses (D347, D348, and D349, wPlayerMoney) to 0x99 |
change your name to MissingNo.! | sets the eleven addresses for your name (D158 to D162, wPlayerName) to 8C 88 92 92 88 8D 86 8D 8E E8 50 |
complete the Pokédex! | sets all of the Pokédex flags (D2F7 to D31C, wPokedexOwned and wPokedexSeen) to FF (except for D31C and D309, it sets those addresses to a value where all bits except bit 7 is set) |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
Example | Example |
hey TimoVM, is my glitch Pokémon gallery good?
to: TimoVM
from: myself
subject: my gallery
body: isn't it good?
you can find it by searching "User:MrMissingNo73/gallery" or going to my profile and clicking/tapping on the word "gallery"
invalid opcodes and RST opcodes
there are eleven invalid opcodes: D3, DB, DD, E3, E4, EB, EC, ED, F4, FC, and FD. attempting to execute an invalid opcode will freeze the game with a lock-up with the music stuck on the current note.
there are also eight RST opcodes: C7, CF, D7, DF, E7, EF, F7, and FF. executing an RST opcode will freeze the game with a bar freeze.