Memory editing exploit (D8BF-E1BE) by naming boxes beyond Box 14 (Generation II ACE)

Channel:
Evie (ChickasaurusGL) 🌺
Subscribers:
17,700
Published on ● Video Link: https://www.youtube.com/watch?v=v8r7zmwghds


Duration: 4:16
548 views
39

By locking the memory address CEAB with arbitrary code execution, you can trick the game into thinking you're nicknaming a different box (including glitch boxes 15-256). This allows you to corrupt up to eight memory addresses at a time based on the characters you use for the box name, plus a ninth with 0x50 (end box name).

This setup is for wrong pocket TM17 with Quagsire holding Lucky Egg w/ Attract as the first move in the second slot.

The following TM/HM quantities spell out this OAM DMA hjiacking code.

TM01 x33
TM02 x130
TM03 x255
TM04 x62
TM05 x213
TM06 x50
TM07 x 62
TM08 x 139
TM09 x 50
TM10 x 62
TM11 x 195
TM12 x 50
TM13 x 201
TM14 x 62
TM15 x XX (Replace XX with desired box number)
TM16 x 234
TM17 x 171
TM18 x 206
TM19 x 201

(21 82 FF 3E D5 32 3E 8B 32 3E C3 32 C9 3E XX EA AB CE C9)

Examples for XX,

TM15 x41 lets you corrupt DA27-DA2F (party Pokémon 5 species (byte 1) through to party Pokémon 1's moves). In this video, 559 gives us Celebi, Celebi, END, XX9 gives us Mew, Mew, END, AA9 gives us Tauros, Tauros, END)

TM15 x 93 lets you corrupt the last 9 own bytes in the Pokédex (so a total of 72 of the last Pokédex entries), "99999999(END)" will fill those except DC03 will be replaced with 0x50 (not own Lugia, Ho-Oh, Celebi, 252, 254, 000), own 253, 255 so if you had a full Pokédex it will say 250 (even though it's missing 3 valid Pokémon, because you also own 2 glitch Pokémon now).

TM15 x 18 lets you corrupt your room decorations at New Bark Town. Here we just rename the box to "AAAAAAAA(END)", heavily corrupting the room and leaving us with no way out, because the door back downstairs was replaced.



Other Videos By Evie (ChickasaurusGL) 🌺


2023-12-26Saffron City guard jingle skip (Red/Green/Blue JP)
2023-12-26Day-Care experience flaw (possibility of losing experience) (Generation II)
2023-12-26Item 0x6B arbitrary code execution h POKé (0xC3) Hall of Fame entry bootstrap (Pokémon Red/Blue)
2023-12-19Freeze when returning to the title screen from the file menu (Red/Green JP)
2023-12-19Any% ZZAZZ glitch concept (Generation I silly speedrun concepts)
2023-12-19Starter Pokédex entries owned Ivysaur oversight and a few relevant ACE exploits (Generation I)
2023-12-04Fish/Surf in S.S. Anne wall (water/coast tiles tileset oversight) (Generation I)
2023-11-07Left-facing shore tile (Cinnabar coast glitch) at beginning of game for 'M 00 (no old man, Red/Blue)
2023-11-06Manipulate any Game Corner Pokémon, can also be used for Shiny hunting (Red edition)
2023-11-05Mimic empty moves list lock-up (Generation I)
2023-10-31Memory editing exploit (D8BF-E1BE) by naming boxes beyond Box 14 (Generation II ACE)
2023-09-08Pillar position reset after opening the menu (Gold/Silver/Crystal)
2023-09-08Type 0xFF mail arbitrary code execution access point (Pokémon Crystal JP)
2023-09-08Glitches when modifying memory address D09B before viewing a text box (Red/Blue)
2023-09-08Clearing the mailbox (EN Gold/Silver)
2023-09-08Frame block copier arbitrary RAM modification (Generation I)
2023-09-08Experimental Pokédex nest buffer overflows (Generation I)
2023-09-08Cloning over/deleting a corrupted box contents w/arbitrary code execution (Gold/Silver EN request)
2023-09-08Clearing the mailbox (Japanese Crystal) (request)
2023-06-20Get any Pokémon w/any move+set of internal types (AncientPower Bulbasaur in video) (No ACE) (Yellow)
2023-06-01The uppercut invulnerability exploit (Game Freak's 1994 Pulseman) (warning: flashing lights)