Arbitrary code execution with a slower defrosted Pokémon (Generation I)

Channel:
Evie (ChickasaurusGL) 🌺
Subscribers:
17,700
Published on ● Video Link: https://www.youtube.com/watch?v=Mj9HL8WDXHA


Duration: 3:45
1,614 views
88

Notes: This was very funny. xD I literally came across this accidentally with Blaine because I wanted to see the "Fire defrosted (POKéMON)!" message, but as soon as my Onix defrosted it started using move 0x00 (CoolTrainer), apparently because the game thought it had to auto-select a move (but one had never been chosen prior).

So I just set up X Accuracy to use the move and conditioned the right data at F928 (D928, one byte before opponent's Pokémon 4).

Blaine only has three Pokémon so this data isn't overwritten. If this is possible in a speedrun though, you'd need to plan to condition that data in some way (because outside of a speedrun you could encounter any Trainer you want beforehand, a link trainer, etc.). One idea might be specific data at D9AB (Trainer names for Pokémon), because in NPC battles it will just be copies of the player's name in succession.



Other Videos By Evie (ChickasaurusGL) 🌺


2022-08-27Arbitrary code execution with Trainer 0xFF (0x37) (Generation I /JP Blue) (ポケモン青のトレーナーFF任意のコード実行 )
2022-08-22ThunderBadge (0x62) arbitrary code execution (かみなりバッヂの任意のコード実行) (Red/Green/Blue JP) (赤/緑/青)
2022-08-20How to get Shiny Treecko (+theoretically others) w/Game Boy mark guide (Generation II+)
2022-07-27The variation in Indigo Plateau signs, inaccessible signs and the unused message (Generation I)
2022-07-13The Poké Seer only reports caught origin levels modulo 64 (Pokémon Crystal)
2022-07-13Walking Pikachu's water tile corruption (Pokémon Yellow JP)
2022-07-13Route 15 binoculars tile corruption (at least Japanese Yellow)
2022-07-13Route 15 is not capitalised in a signpost (Pokémon Gold and Silver, fixed in Crystal)
2022-07-13Oak catching demonstration transition depends on map connection+rival name slot 6 (Generation I)
2022-06-24Adding prototype 'beta' Blaine back into the game with a glitched save file (Pokémon Yellow)
2022-06-23Arbitrary code execution with a slower defrosted Pokémon (Generation I)
2022-06-20PikaPicAnimGFX arbitrary code execution (Pokémon Yellow only)
2022-06-19Hall of Fame party menu pseudo-OAM buffer (CC5B) art creation exploit (Pokémon Yellow)
2022-06-19Receiving the Cerulean City Bulbasaur happiness gift, even though we never received Pikachu (Yellow)
2022-06-19Giovanni door soft-locking (similar to Cinnabar Island Blaine Door) Dokokashira door glitch (RG JP)
2022-06-19Addendum to empty party glitch (Trainer Card flashing) (Red/Green)
2022-06-07Pokémon Green (Japan) - Reverse Badge Acquisition proof-of-concept route
2022-06-05Change Fossil/Ghost MissingNo. base stats/header to all 255 arbitrary code execution (Generation I)
2022-06-04Port of the lost Test Fight debug menu to a Pokémon Yellow save file with ws m (0x63)
2022-05-24C109 (facing direction) arbitrary code execution expanded party method (Pokémon Yellow)
2022-05-14rst 38 arbitrary code execution (Pokémon Red/Green/Blue/Yellow 1.0 JP) via Map 250/FA (Red/Green JP)