Trading (8F) arbitrary code execution programs w/friends with up to 6 party Pokémon (Generation I)

Channel:
Evie (ChickasaurusGL) 🌺
Subscribers:
17,600
Published on ● Video Link: https://www.youtube.com/watch?v=GFBKwwzCwYg


Duration: 8:34
804 views
46

Say my friend has TheZZAZZGlitch's memory editor for lots of possibility (including encountering any Pokémon), and I only have a code to encounter Mew. We can adapt the codes for any possible changes for compatbility in the party (e.g. by using the CopyData to place the bytes for TheZZAZZGlitch's jump to DB01) and this also includes (for this example in which the party size is 6; manipulating D16A (end of party) to be a padding byte so that it doesn't matter when it's changed to FF.

There is support for trading programs using up to 403 bytes (entirety of your party Pokémon data except for nicknames).

This applies to 8F, but with other items like 4F (FA65 or effectively DA65 under correct emulation); you can set a jump back to the party (D163).

Note: As has been known in the past you can use more complex exploits with expanded parties (parties with over 6 Pokémon) including remote code execution. Example: https://www.youtube.com/watch?v=h5Igc18hc2Q

Pokémon Red's original code to load TheZZAZZGlitch's memory editor (stored in party) - These are harder to acquire, which is why we might want to trade it to a friend:

06 00 00 01 AE 00 16 (any) 00 21 78 D1 11 01 DB CD B5 00 C3 01 DB (...)

6 party Pokémon: The first two are 'M (00), the third is Rhydon, the fourth is MissingNo. (the specific AE one), the fifth is 'M (00), the sixth is Gyarados. It doesn't matter if the party is terminated; and it will be automatically terminated with FF anyway during the trades.

Also, as for the first 'M (00) it has to be a very specific one: It is not an unstable hybrid, its current HP is exactly 8568, its 'false level' byte is 209 (the real displayed level in the party and out of battle is for this setup is 157 taken from D18C - part of the memory editor itself; see below), its status is defined by byte 0x11 (it is burned and asleep at the same time but not poisoned or confused), its internal (but not displayed) types do not match a normal 'M; and are Type Fighting/glitch type 0xDB (you can't check on the summary screen as it will always say Bird/Normal), its catch rate or held item is 0xCD (it is holding a TM14 in Generation II or its catch rate (unaltered by rock/bait) was 205), its moves are Super Glitch 0xB5 (Powder Snow in Generation 2), Move 0x00 ("CoolTrainer"/'no move'), Super Glitch 0xC3 (Perish Song in Generation 2), and Pound. Its Trainer ID ranges between 56064 to 56319.

(This code is to move the program below to DB01 (in stored box Pokémon data) for compatibility and the ability to use any party later)

Lastly, the program below is the byte representation of: TheZZAZZGlitch's memory editor v 1.1 itself ; refer to

https://glitchcity.wiki/wiki/TheZZAZZGlitch%27s_memory_editor#v1.1_(by_ISSOtm)
and https://datacrystal.romhacking.net/wiki/Pok%C3%A9mon_Red_and_Blue/RAM_map#Player - where D178 represents the first byte in the program, D179 represents the second, and so on; up to D224 (which is party Pokémon 5's move 2 in this case).

Pokémon Blue's original code to only encounter Mew:

06 15 78 EA 59 D0 C9 FF (Which means 6 party Pokémon ; Mew, Dewgong, glitch Pokémon "A" (EA); Dragonair, glitch Pokémon D0 (PkMn PkMn T), glitch Pokémon C9 (ゥ 8) and the party is properly terminated). Unlike the example in Red, there are no other requirements.

You can get the glitch Pokémon EA, D0 and C9 with any method you desire:

See the method to obtain sections on:

https://glitchcity.wiki/wiki/GlitchDex/RB:234
https://glitchcity.wiki/wiki/GlitchDex/RB:208
https://glitchcity.wiki/wiki/GlitchDex/RB:201

Personally, I'd set up expanded inventory;

https://glitchcity.wiki/wiki/Expanded_item_pack

Which you can get with MissingNo. item duplication:

https://glitchcity.wiki/wiki/Old_man_glitch (encounter MissingNo. with item 6 x 1 to increase quantity of item 6 by 128 - 129 items; then toss two to get 127, encounter MissingNo. again to get 255)

https://glitchcity.wiki/wiki/Dry_underflow_glitch (set up the expanded inventory with the x255 stack)

Then use https://glitchcity.wiki/wiki/Celadon_looping_map_trick (and to get 8F if you don't have it already) https://www.youtube.com/watch?v=98_azamLeh4

Then place in item slot 3: Lemonade x (species ID; so x234, x208, x201 respectively), slot 4: TM34 x 100 slot 5: TM01 and item slot 41 (wMapScriptPtr) to Water Stone x 211 to make the script point to item 3 in your bag - close the menu while in Celadon - this will change party Pokémon 1 to EA, D0 or C9 but its nickname won't change, and it will revert if you put it back in Day Care as it is technically an unstable hybrid now, so avoid this), Fly/Teleport away ; and repeat with other glitch Pokémon you want - they can be stored in the PC. And to get Mew, use item 3 x21 or use the Mew glitch/Trainer-Fly glitch etc. https://glitchcity.wiki/wiki/Trainer_escape_glitch#Mew_trick



Other Videos By Evie (ChickasaurusGL) 🌺


2024-04-24Chikorita is not required to obtain the National Pokédex diploma (Ruby/Sapphire)
2024-04-24Strain 0 Pokérus glitch (Generation II/Ruby and Sapphire, Generation II version)
2024-04-24Counter works for Special Hidden Power moves (Generations II/III, Generation III version)
2024-04-11Import a graphic you made w/Game Boy Camera on to Pokémon Yellow (cart swap ACE) (face reveal lol)
2024-03-15Pokémon Yellow but I get my encounters from the Game Boy Barcode Reader from Barcode Taisen Bardigun
2024-03-10Warp to the unused Safari Zone with Coin Case glitch (Pokémon Gold/Silver EN) (Request)
2024-03-07Glitchfest where Magikarp solos Elite Four and Champion using moves+no items in battle (Green JP)
2024-03-07Another means of bootstrapping 4F arbitrary code execution w/Level 112 MissingNo. (Pokémon Yellow)
2024-02-29Trading (8F) arbitrary code execution programs w/friends with up to 6 party Pokémon (Generation I)
2024-02-27Just a boring Magikarp any% glitched clear no Trainer ID manip run ^^ (SRAM glitch) (Pokémon Yellow)
2024-01-16Different handling for additional Unown letters in the Pokémon Kristall (DE)/Cristallo (IT) intro
2024-01-16Itemfinder doesn't read nearby map connections (Generation I) (design flaw)
2024-01-13Vaporeon learnset and teach engine flaw renders Mist as a Day Care only move (Pokémon Yellow)
2024-01-13Glitches in other 'mon' games: glitch item 0xC9 walk through walls in Sanrio Timenet (サンリオタイムネット)
2024-01-13Entrances of glitch (버그) Pokémon from Pokémon Yellow (포켓몬스터 피카츄) (Wintiger's Korean fan translation)
2023-12-27Day-Care experience flaw (possibility of losing experience) (Generation II)
2023-12-27Item 0x6B arbitrary code execution h POKé (0xC3) Hall of Fame entry bootstrap (Pokémon Red/Blue)
2023-12-27Saffron City guard jingle skip (Red/Green/Blue JP)
2023-12-20Any% ZZAZZ glitch concept (Generation I silly speedrun concepts)
2023-12-20Freeze when returning to the title screen from the file menu (Red/Green JP)
2023-12-20Starter Pokédex entries owned Ivysaur oversight and a few relevant ACE exploits (Generation I)