ThunderBadge (0x62) arbitrary code execution (かみなりバッヂの任意のコード実行) (Red/Green/Blue JP) (赤/緑/青)

Channel:
Evie (ChickasaurusGL) 🌺
Subscribers:
17,700
Published on ● Video Link: https://www.youtube.com/watch?v=fZselV2ER-Y


Game:
Pokémon Red and Blue (1996)
Duration: 1:19
1,250 views
44

日本語 :

ここを参照です。

  / 1562220212321230848  

1. 「かみなりバッヂ」(62h) を取得します ( 闇ショップバグ ? , セレクトバグ, 拡張されたプレーヤーのどうぐ) ( 等 ))。

2. プレイヤー名 (ASM)でどうぐを使用です。

例: アてルめ (add b jp D2A6) (どうぐのアイテム3です)。

参照 「てへ」(7Bh):    • "てへ" and "-g m" arbitrary code execut...  

3. D0E1~D11D コードがプレーヤーの名前から悪用される前に、これらのアドレスの内容は安全でなければなりません。マサラタウンの自宅から再スタートです。成功は運次第です (事前に内容を知らなければ)。

日本の『 ポケットモンスター青』も D0E1 をコードとして実行することに注意してください。 ただし、日本語『 ピカチュウ』バージョンの機能は異なります。 プログラムカウンターはリビジョン(Rev0~Rev3)によって異なるようです。

English:
This subject was raised by my friend Alice, the owner of the Pokémon blog (including glitches) Wonderland Seeker.
https://alice-wreath.hatenablog.com/e...

Alice noted that the execution pointer of the ThunderBadge (0x62) (which runs 0xD0E1 in RAM) could possibly be exploited, so we looked into it together.

  / 1562220212321230848  

We found a way to do it. This is just one potential method. Acquire the item (with a glitch such as with Yami Shop glitch(?), Select glitch, expanded inventory) and then you can make it read from the player's name, to bootstrap it to the inventory. For instance, having the name アてルめ will redirect to item 3. However, in order for this to work the game must span through D0E1~D11D without issues first. At a glance, you only have a chance of the glitch working when you restart at your house in Pallet Town, sometimes the game will freeze (possibly because the game wasn't able to reach D11D or you corrupted the stack, etc.) unless you knew the data in advance (and more research is perhaps needed regarding what these memory addresses correspond to).

Previously, the arbitrary code execution items in Japan have been restricted to items like 5かい (0x5A) or なかよしバッジ (0x67) or てヘ (0x7B). てヘ is similar to this glitch technique, because it relies on the player's name. The luck element is removed, but unlike かみなりバッヂ (0x62) you will have to watch the old man's catching demonstration in Viridian City if the wild encounter table (minus the encounter rate) doesn't match the player's name.

Note, Japanese Pokémon Blue also runs D0E1. However, Japanese Yellow functions differently. The execution pointer seems to vary based on the revision (Rev 0~Rev 3).



Other Videos By Evie (ChickasaurusGL) 🌺


2022-09-22Reset SRAM glitch party count from 255 to 1 w/one withdraw+have MissingNo. as 'starter' (Red/Blue)
2022-09-21Reduce the expanded party count in the SRAM glitch from 255 to 3 (Pokémon Yellow)
2022-09-21Mobile command 15 08 as the player name mystery (Pokémon Crystal JP)
2022-09-21Berry trees can give non-Berry items (Generation II version) (short)
2022-09-21Another Shiny wild Pokémon glitch, w original species (Pokémon Gold/Silver TM/HM pocket) (request)
2022-09-11Cable Club Link Battle desynchronisation caused by two leading ????? (FF) in the party (Gold/Silver)
2022-09-11Placeholder OT/Trainer ID data within Odd Egg before hatching it (Crystal) (+how normal Eggs apply)
2022-09-11Unlock Mobile System GB +get (unredeemable) Egg Ticket, Battle Tower w/ACE (Crystal JP) (request)
2022-08-27Additional steps to Event Mew from beginning of the game glitch to make it Shiny (Yellow) (request)
2022-08-27Arbitrary code execution with Trainer 0xFF (0x37) (Generation I /JP Blue) (ポケモン青のトレーナーFF任意のコード実行 )
2022-08-22ThunderBadge (0x62) arbitrary code execution (かみなりバッヂの任意のコード実行) (Red/Green/Blue JP) (赤/緑/青)
2022-08-20How to get Shiny Treecko (+theoretically others) w/Game Boy mark guide (Generation II+)
2022-07-27The variation in Indigo Plateau signs, inaccessible signs and the unused message (Generation I)
2022-07-13The Poké Seer only reports caught origin levels modulo 64 (Pokémon Crystal)
2022-07-13Walking Pikachu's water tile corruption (Pokémon Yellow JP)
2022-07-13Route 15 binoculars tile corruption (at least Japanese Yellow)
2022-07-13Route 15 is not capitalised in a signpost (Pokémon Gold and Silver, fixed in Crystal)
2022-07-13Oak catching demonstration transition depends on map connection+rival name slot 6 (Generation I)
2022-06-24Adding prototype 'beta' Blaine back into the game with a glitched save file (Pokémon Yellow)
2022-06-23Ghost Bicycle glitch blackout method (Pokémon Red/Green/Blue/Yellow JP)
2022-06-23Arbitrary code execution with a slower defrosted Pokémon (Generation I)


Other Statistics

Pokémon Red and Blue Statistics For Evie (ChickasaurusGL) 🌺

Currently, Evie (ChickasaurusGL) 🌺 has 1,628,633 views for Pokémon Red and Blue across 241 videos. There's over 1 day worth of watchable video for Pokémon Red and Blue published on his channel, or 21.83% of the total watchable video on Evie (ChickasaurusGL) 🌺's YouTube channel.