Please remember to follow the manual of style and code of conduct at all times.
Check the Bulbagarden home page for up-to-date Pokémon news and discuss it on the forums or in the Bulbagarden Discord server.

Item underflow

From Bulbapedia, the community-driven Pokémon encyclopedia.
Revision as of 02:26, 11 August 2016 by Blueapple128 (talk | contribs) (added stub on PC item underflow)
Jump to navigationJump to search
050Diglett.png This article is incomplete.
Please feel free to edit this article to add missing information and complete it.
Reason: needs name and date of discovery (look through TASvideos or GCL), comprehensive explanation of how the item bag is laid out in memory and thus how the glitch works, examples of additional exploits (e.g. those used in the current catch 'em all speedrun category); also perhaps more reference links

The item underflow glitch is a subglitch of the 255-stack variant of the item duplication glitch, whose effect is to essentially allow the player to arbitrarily read and write RAM just beyond the point where the player's items are stored in memory.

Method

The first method discovered to perform the item underflow glitch requires obtaining any single drink from the vending machines in the Celadon Department Store, while the player still has not yet unlocked passage to Saffron City.

Keeping the drink in the Bag, the player must repeatedly perform the 255-stack item duplication glitch until the topmost item becomes the acting Cancel button. As mentioned in the item duplication glitch article, at this point the number of items in the Bag and the actual items in the Bag are out of sync; the game believes that the player has 0 items in the Bag, but it also believes that the player has a drink in their Bag. At this point, the player can go to any one of the Saffron City guards and give them the drink to unlock passage to the city (as the game believes that the player has a drink in their Bag to give), but as this is the only drink in their Bag, it will also attempt to decrease the total number of item stacks in the Bag by 1. This will cause the number of items in the Bag to become -1, which underflows to 255 (hence the name of glitch).

As the game now believes that the player has 255 item slots to scroll through, the player is able to access several important regions of memory that happen to be stored just beyond the Bag's items in RAM, and manipulate these memory areas as if they were items (by swapping, tossing, etc.). This effectively gives the player arbitrary read and write access to these regions of memory. This perhaps most notably includes the player's current map data and coordinates, and so for example it is possible to instantly complete the game by warping to the Hall of Fame. Manipulating coordinates is also a relatively easy way to access glitch items such as 8F, by standing on a particular tile (such that the player's coordinates are interpreted as the item 8F) and then swapping that item to a normal Bag slot. Other values that can be arbitrarily modified include the player's money (3 bytes) and Badges (1 byte), the Rival's name (11 bytes including the terminator), the game's text speed (1 byte), and the player's Trainer ID number (2 bytes); a total of 470 bytes can be accessed in this way (corresponding to 235 extra 'item' slots and two bytes (identity and quantity) per slot).

This item underflow method can also be performed in a nearly identical manner using a Fossil and the scientist in the Pokémon Lab on Cinnabar Island who revives it and thus removes it from the inventory.

Restoring the player's Bag to normal can be easily performed by simply obtaining or purchasing an item(s) that the player does not have; this will increase the number of item stacks in the Bag back up to 0 or usual positive numbers.

Importantly, while the item underflow glitch allows nearly arbitrary read and write access to certain regions of memory, it does not allow arbitrary execution of that memory as code. Hence this glitch, while powerful, is not as powerful as arbitrary code execution glitches.

Dry item underflow

The "dry" variant of the item underflow glitch does not require a Saffron City guard to remove a drink from the player's Bag (hence the name) nor the Pokémon Lab scientist to remove a Fossil; thus it can be performed as soon as the player has access to the necessary 255-stack variant of the item duplication glitch (in theory, as soon as they can perform the Extended Mew glitch to encounter MissingNo.), before reaching Celadon City.

This method relies on a little-known feature in that using the Select button to swap two stacks of the same item in fact merges the stacks together (thus subtracting 1 from the number of item stacks in the player's inventory). This effect can occur in normal gameplay; for example, if the player buys 99 Potions and then obtains another one, they will have two separate stacks of 99 and 1 Potion(s) respectively. If the player then uses 10 Potions from the stack of 99 (to obtain stacks of 89 and 1), then swaps the two stacks of Potions with the Select button, they will be merged into one stack of 90 Potions.

With the above in mind, the method to underflow the player's item counter is as follows: [1]. The player must arrange the Bag such that there are two normal items above a stack of 255. All other items must be deposited or deleted using the 255 item stack duplication glitch. By tossing the second item, another stack of 255 will appear as normal. Then after tossing the first, the game will think the player has only one item. The player then needs to toss 253 of the first item to leave only 2. When it is swapped with the second item, the game will assume the player has 0 items, because it combines 2 and 255 to get 1. Of course, this can now be swapped with the other 255 stack to obtain 0 of it. Now the game once again assumes the Bag holds -1 or 255 items.

PC item underflow

050Diglett.png This section is incomplete.
Please feel free to edit this section to add missing information and complete it.
Reason: How to perform

Through a glitch currently undocumented on Bulbapedia, it is possible to underflow the number of items in the player's PC as well. This allows for extending the range of memory areas that can be arbitrarily modified: while underflowing the Bag grants access to a total of 470 bytes that are stored just after the Bag's items, underflowing the PC's items grants access to an additional 430 bytes, including the player's Hall of Fame data, Coin Case contents (2 bytes), and several flags that indicate the status of various disappearable sprites such as certain NPCs and stationary Pokémon.

Video

By ChickasaurusGL


References


Bulbapedia logo.png This article is a stub. You can help Bulbapedia by expanding it.


Multiple
generations 		Transform glitchesGlitch TrainersCloning glitchesError messagesArbitrary code execution
Generation I GlitchesBattle glitchesOverworld glitches
--0 ERRORBroken hidden itemsCable Club escape glitchDual-type damage misinformation
Experience underflow glitchFight Safari Zone Pokémon trickGlitch CityItem duplication glitchItem underflow
Mew glitchOld man glitchPewter Gym skip glitchPokémon merge glitchRhydon glitchRival twins glitch
Select glitches (dokokashira door glitch, second type glitch) • Super Glitch
Time Capsule exploitWalking through wallsZZAZZ glitch
Generation II GlitchesBattle glitches
Bug-Catching Contest glitchCelebi Egg glitchCoin Case glitchesExperience underflow glitch
Glitch dimensionGlitch EggTeru-samaTime Capsule exploitTrainer House glitchesGS Ball mail glitch
Generation III GlitchesBattle glitches
Berry glitchDive glitchPomeg glitchGlitzer Popping
Generation IV GlitchesBattle glitchesOverworld glitches
Acid rainGTS glitchesPomeg glitchRage glitch
Surf glitchTweakingPal Park Retire glitch
Generation V GlitchesBattle glitchesOverworld glitches
Charge Beam additional effect chance glitchCharge move replacement glitchChoice item lock glitch
Frozen Zoroark glitchSky Drop glitch
Generation VI GlitchesBattle glitchesOverworld glitches
Charge Beam additional effect chance glitchCharge move replacement glitchChoice item lock glitch
Lumiose City save glitchSymbiosis Eject Button glitchToxic sure-hit glitch
Generation VII GlitchesBattle glitches
Charge Beam additional effect chance glitchCharge move replacement glitchChoice item lock glitch
Toxic sure-hit glitchRollout storage glitch
Generation VIII Glitches
Charge Beam additional effect chance glitchCharge move replacement glitchChoice item lock glitch
Toxic sure-hit glitchRollout storage glitchParty item offset glitch
Generation IX Glitches
Glitch effects Game freezeGlitch battleGlitch song
Gen I only: Glitch screenTMTRAINER effectInverted sprites
Gen II only: Glitch dimension
Lists Glitches (GOMystery DungeonTCG GBSpin-off)
Glitch Pokémon (Gen IGen IIGen IIIGen IVGen VGen VIGen VIIGen VIII)
Glitch moves (Gen I) • Glitch types (Gen IGen II)


Project GlitchDex logo.png This article is part of Project GlitchDex, a Bulbapedia project that aims to write comprehensive articles on glitches in the Pokémon games.
Retrieved from "https://bulbapedia.bulbagarden.net/w/index.php?title=Item_underflow&oldid=2486335"