Please remember to follow the manual of style and code of conduct at all times.
Check the Bulbagarden home page for up-to-date Pokémon news and discuss it on the forums or in the Bulbagarden Discord server.

Arbitrary code execution

From Bulbapedia, the community-driven Pokémon encyclopedia.
Revision as of 18:18, 18 January 2016 by Blueapple128 (talk | contribs)
Jump to navigationJump to search
050Diglett.png This article is incomplete.
Please feel free to edit this article to add missing information and complete it.
Reason: needs loads of links to documented examples of exploits, images, much more explanation of what's going on, possible links to TASvideos, etc.

Arbitrary code execution is an advanced glitch present in various Pokémon games that, when performed, allows the player to theoretically run any code they desire on the console.

Cause

050Diglett.png This section is incomplete.
Please feel free to edit this section to add missing information and complete it.
Reason: Probably could be expanded with a thorough accessible explanation of what machine code is, what assembly language is, how it is possible to use the game's RAM to spell it, what a program counter/jump instruction/etc. is...

Arbitrary code execution is fundamentally caused whenever faulty code of any kind happens to cause the processor's program counter to jump to a location in RAM whose value can be controlled by the player (as opposed to ordinary code locations, which are in ROM (read-only memory) and cannot be modified). From here, the player may be able to modify these controllable values and values after it to spell out desirable or exploitable code.

Any number of glitch items, moves, etc. may potentially allow arbitrary code execution, as their effects are never intended by the developers and are thus faulty code by definition.

As the glitch literally enables the player to do anything the console's hardware is capable of, it has enormous potential and can be thought of as "jailbreaking" the console; extremely elaborate setups have been performed and documented where players have coded new graphics, music, or even entire new games onto the platform.

Methods

Before performing the initial step to jump the program counter to an exploitable place, it is common for most arbitrary code execution setups to first spell out code there that will jump to another location in memory that is particularly easy for the player to modify. Examples of such locations can include party data, Bag contents, Box names, and Pokémon nicknames. Once this has been done, the player may readily fill the latter memory area with arbitrary code for the console to execute, and then perform the initial jump (by using the glitch item, glitch move, etc.) which will cause the filled code to be run.

More advanced setups may jump the program counter to controller input, allowing a theoretically unlimited amount of code to be run on the fly without having to store it beforehand.

Pokémon Red and Blue

050Diglett.png This section is incomplete.
Please feel free to edit this section to add missing information and complete it.
Reason: explain 5かい for Japanese R/G, w sm for Yellow

The item 8F causes the program counter to jump to the RAM location that stores the number of Pokémon in the player's party. This value (as well as values after it, such as the contents of the player's party and their Bag) is particularly easy to modify right off the bat, and as such 8F may be considered one of the easiest arbitrary code execution setups to perform once the item has been obtained.[1]

To have maximum possible control over the values in memory corresponding to the Bag, heavy use of the item duplication glitch is recommended.

The current simplest known way to obtain the 8F item is through the item underflow glitch.

Numerous other arbitrary code execution exploits exist in these games, such as situational use of the glitch move --.

Pokémon Gold and Silver

050Diglett.png This section is incomplete.
Please feel free to edit this section to add missing information and complete it.
Reason: hugely more explanation, maybe transfer some stuff from one article into the other (either direction) or even merge the two articles together

In English releases of Pokémon Gold and Silver, the Coin Case glitches are in fact a subset of arbitrary code execution glitches.

Pokémon Emerald

Certain glitch Pokémon are known to cause the program counter to jump to values in RAM (as opposed to ROM) when their summaries are viewed. These glitch Pokémon can be obtained through Glitzer Popping, a sub-glitch of the Pomeg glitch. Due to its difficulty to perform, currently known applications of arbitrary code execution in this game are limited.

History/Other

050Diglett.png This section is incomplete.
Please feel free to edit this section to add missing information and complete it.
Reason: discuss history of how ACE was discovered; iirc it was first done in Super Mario World with the Yoshi's Island 3 spinning platform stack overflow credits warp, and then the full extent of its arbitrariness demonstrated rather spectacularly in Pokémon Yellow; link to TASvideos; maybe even link to AGDQ demonstrations

References

  1. http://forums.glitchcity.info/index.php/topic,6638.0.html
Bulbapedia logo.png This article is a stub. You can help Bulbapedia by expanding it.


Multiple
generations 		Transform glitchesGlitch TrainersCloning glitchesError messagesArbitrary code execution
Generation I GlitchesBattle glitchesOverworld glitches
--0 ERRORBroken hidden itemsCable Club escape glitchDual-type damage misinformation
Experience underflow glitchFight Safari Zone Pokémon trickGlitch CityItem duplication glitchItem underflow
Mew glitchOld man glitchPewter Gym skip glitchPokémon merge glitchRhydon glitchRival twins glitch
Select glitches (dokokashira door glitch, second type glitch) • Super Glitch
Time Capsule exploitWalking through wallsZZAZZ glitch
Generation II GlitchesBattle glitches
Bug-Catching Contest glitchCelebi Egg glitchCoin Case glitchesExperience underflow glitch
Glitch dimensionGlitch EggTeru-samaTime Capsule exploitTrainer House glitchesGS Ball mail glitch
Generation III GlitchesBattle glitches
Berry glitchDive glitchPomeg glitchGlitzer Popping
Generation IV GlitchesBattle glitchesOverworld glitches
Acid rainGTS glitchesPomeg glitchRage glitch
Surf glitchTweakingPal Park Retire glitch
Generation V GlitchesBattle glitchesOverworld glitches
Charge Beam additional effect chance glitchCharge move replacement glitchChoice item lock glitch
Frozen Zoroark glitchSky Drop glitch
Generation VI GlitchesBattle glitchesOverworld glitches
Charge Beam additional effect chance glitchCharge move replacement glitchChoice item lock glitch
Lumiose City save glitchSymbiosis Eject Button glitchToxic sure-hit glitch
Generation VII GlitchesBattle glitches
Charge Beam additional effect chance glitchCharge move replacement glitchChoice item lock glitch
Toxic sure-hit glitchRollout storage glitch
Generation VIII Glitches
Charge Beam additional effect chance glitchCharge move replacement glitchChoice item lock glitch
Toxic sure-hit glitchRollout storage glitchParty item offset glitch
Generation IX Glitches
Glitch effects Game freezeGlitch battleGlitch song
Gen I only: Glitch screenTMTRAINER effectInverted sprites
Gen II only: Glitch dimension
Lists Glitches (GOMystery DungeonTCG GBSpin-off)
Glitch Pokémon (Gen IGen IIGen IIIGen IVGen VGen VIGen VIIGen VIII)
Glitch moves (Gen I) • Glitch types (Gen IGen II)


Project GlitchDex logo.png This article is part of Project GlitchDex, a Bulbapedia project that aims to write comprehensive articles on glitches in the Pokémon games.
Retrieved from "https://bulbapedia.bulbagarden.net/w/index.php?title=Arbitrary_code_execution&oldid=2382775"