Pokemon G/S - Make any Pokemon shiny: Coin Case arbitrary code execution
343This video is outdated and reproducing it is no longer advised. Watching this video instead is recommended: https://www.youtube.com/watch?v=PsIb3OZaYAs
It is a detailed tutorial of a far more versatile Coin Case arbitrary code execution approach that can be used for multiple purposes, and includes examples and troubleshooting.
Help won't be offered in the comments section of this video, other than to redirect to the video linked above. This is because 90% of your ambitions or troubles with the Coin Case glitch are covered or can be avoided by following the steps explained in that other video. This is, in fact, the reason why I've made that video.
----- Old video description below -----
How to turn the first party Pokemon into a shiny Pokemon through Coin Case arbitrary code execution (particular case of the Coin Case glitch).
IMPORTANT: If you're playing on the Virtual Console, make sure to use the item list provided in the description rather than the one used in the video, where two items are different. The item list used in the video is known to cause corruption in the TM/HM pocket and/or Key Items pocket of the bag on the Virtual Console (not in a Game Boy).
If you know how the Coin Case arbitary code execution glitch works, or don't care at all, you can skip the next four paragraphs. Otherwise, be warned, as a big wall of text will ensue...
The text shown when Coin Case is used is not properly translated in the english versions of Pokemon Gold and Silver. In particular, the terminator character is wrong. This causes the game to jump to address 0xE112 when Coin Case is used, and start executing code from there. These addresses contain data related to Pokemon cries. After Machop's cry is heard, 0x33 is written into address 0xE117, which corresponds to the asm instruction inc sp. When the pocket in the bag is switched, the content of address 0xE16E becomes 0xC1,which corresponds to pop bc. Finally, a ret nc instruction is found at 0xE194, causing the game to return to address 0xE912 as a consequence of the stack manipulations from inc sp and pop bc.
The next thing we now is that we've reached the overworld data, which isn't easy to manipulate. However, by going through Oak's lab warp and moving four steps to the right, the game will succesfully reach a jp c,FA98 instruction at address 0xEC78 causing the game to jump to address 0xFA98. This address corresponds to the second byte of the third Pokemon's attack stat experience (EV) in the party.
Our goal now is to reach the fourth Pokemon's data, as manipulating the EVs of a Pokemon can be extremely tedious. Having an untrained Pokemon in the third slot of the party, the chances of reaching the fourth's Pokemon species address safely are maximized. This doesn't mean that any untrained Pokemon will work though, as if its DVs or stats translate to certain instructions the trick won't work. Say, if your Pokemon has an HP stat of 16 (0x10), it will be read as an stop instruction (figure out what it does), or if its special defense stat translates to a two-or-more byte instruction (e.g. special defense stat of 8 = ld (a16),sp) the jump instruction we are going to make (more on this in the next paragraph) won't be treated as such. There are maybe around 50% of possible DV combinations that won't work, maybe even more, so it's about trying the trick with different Pokemon until it works. As a quick advice, a Pokemon with average to low Attack and Speed DVs will have a higher chance not to match an incompatible instruction.
If everything went well, we should reach address 0xFABA; the species of the fourth Pokemon in the party. Since the next two addresses correspond to its item and first move, we can use these three bytes to make a jump instruction. Particularly, a Quagsire holding HP Up and with Sleep Talk as the first move will create a jp D61A instruction (C3 1A D6), making the game move to the quantity of the second item in the PC, that is, address D61A. That means we can make the game execute our custom code according to the items deposited in our PC.
For more information: http://forums.glitchcity.info/index.php/topic,6716.0.html or at http://glitchcity.info/wiki/index.php/Coin_Case_glitch
Apart from a Quagsire holding HP Up and with Sleep Talk as the first move in the fourth position of the party, and the untrained Pokemon in the third position, the following items in the PC are required:
(I means Item and Q means quantity. The number indicates the position where the item must be at. You'll see the item list more clearly in the video though; this is mostly in case you are interested in the asm instructions that go behind each item. Basically, we are just changing the DVs of the first party Pokemon to 14/10/10/10, so the Pokemon becomes shiny.)
Item list - https://pastebin.com/9bKmSDxx
Other Videos By Crystal_
Other Statistics
Counter-Strike: Source Statistics For Crystal_
At present, Crystal_ has 37,373 views spread across 3 videos for Counter-Strike: Source, with his channel publishing less than an hour of Counter-Strike: Source content. This makes up less than 0.63% of the total overall content on Crystal_'s YouTube channel.