26
edits
Coin Case glitches: Difference between revisions
→Arbitrary code execution: new section
No edit summary |
RbyerCrystal (talk | contribs) (→Arbitrary code execution: new section) |
||
| Line 903: | Line 903: | ||
{{Project GlitchDex notice|no}} | {{Project GlitchDex notice|no}} | ||
[[Category:Glitches]] | [[Category:Glitches]] | ||
== Arbitrary code execution == | |||
When the game jumps to $E112, it starts executing data related to Pokemon cries as machine instructions. In particular, when Coin Case is used after hearing Machop's cry, the game will eventually reach address $E912. Data around that address is related to the overworld, and, while difficult, can be manipulated through moving around in different patterns. In particular, by exiting Professor Elm's Laboratoy and moving four steps to the right (prior to using the Coin Case after hearing to a Machop's cry), the game will jump to address $FA98, which is in the middle of the data of the third Pokemon in the player's party. By choosing our Pokemon carefully, we can force the game to execute certain code based on the attributes of our Pokemon, such as species, item held, or moves. The most practical thing is, however, to force the game to jump to the memory area that stores the items deposited in the player's PC. This can be achieved by having an specific species of Pokemon in the fourth slot of the party with an specific held item and first move, so that these three memory addresses are translated to the appropriate jump instruction. If the player's PC memory area is successfully reached, it's possible to make the game execute machine code based on the identifiers of the items deposited in the PC and the quantity of each of the items. | |||