Pokémon R/B/Y: Bringing arbitrary code execution to other games
8F not only gives us control over the whole game, but over the whole console. With enough trickery and cartridge swapping, it's possible to use 8F/'ws m' arbitrary code execution to affect other games than just Pokémon.
GCL thread: http://forums.glitchcity.info/index.p...
Item list for the "game reboot" proof of concept:
8F
Any item
TM43 x22
Moon Stone x1
Master Ball x147
Antidote x121
Escape Rope x176
Fire Stone x250
Parlyz Heal x21
Guard Spec. x32
TM45 x175
Great Ball x111
Carbos x1
TM33 xAny
Byte sequences for other setups. Use any generic 8F/ws m RAM writer to get the byte sequences somewhere into memory, then execute them. An example setup for this can be seen in this video: • Pokemon Blue: Running homebrew software wi...
Force boot game in GB mode:
F3 16 0B 01 FF FF 0B 79 B0 20 FB 15 20 F5 C3 00
01
Force boot game in GBC mode:
F3 16 0B 01 FF FF 0B 79 B0 20 FB 15 20 F5 3E 11
C3 00 01
Infinite Master Balls in Pokemon Crystal:
F3 16 0B 01 FF FF 0B 79 B0 20 FB 15 20 F5 3E 0A
EA 00 00 AF EA 00 40 3E 01 EA E2 AB EA E4 AB 3E
11 C3 00 01
SML2 credits warp:
F3 16 0B 01 FF FF 0B 79 B0 20 FB 15 20 F5 21 00
D0 11 E5 01 0E FF 1A 22 13 0D 20 FA AF EA 30 D0
21 37 D0 3E 3E 22 3E 01 22 3E EA 22 3E D5 22 3E
A2 22 3E C3 22 3E 1C 22 3E 02 22 21 E0 D0 3E 21
22 AF 22 3E D1 22 3E 01 22 AF 22 3E 1F 22 3E AF
22 3E 22 22 3E 0B 22 3E 79 22 3E B0 22 3E 20 22
3E F9 22 3E C3 22 AF 22 3E D0 22 C3 E0 D0
First, run SML2 and turn it off at the title screen (this is to set the SRAM data to non-crashing values).
Afterwards run the above code with 8F or similar item, then swap the cartridges. SML2 will boot to a white screen - press Start and go to any stage to trigger the credits.
ASM code for the infinite Master Balls setup:
http://pastebin.com/raw/N5BLMdmg
ASM code for the SML2 credits warp setup:
http://pastebin.com/raw/FyQX676d
![FRIDAY NIGHT FUNKIN' Vs Devourer of Gods Mod FULL WEEK [HARD]](https://images.mixrolikus.cc/video/I6n6b4XJgUA)
