Evie (ChickasaurusGL) 🌺 | 255 Pokémon Trainer battle corruption introduction (Generation II) @ChickasaurusGL | Uploaded June 2021 | Updated October 2024, 13 hours ago.
Notes: 255 Pokémon corruption was documented by CasualPokéPlayer, but it's likely someone else had found it before too, just this is obscure. Use arbitrary code execution one step before a Trainer battle to change DA22 (total Pokémon) to FF for Gold, or change DCD7 to FF for Crystal. In Pokémon Gold, you can cause arbitrary code execution at CB5E by doing this glitch and selecting Fight (for at least in this case with setting 255 Pokémon just before Elite Four Will with this party; it may be unknown how it works yet). The memory from this location is like;
00:cb5e wEnemyFuryCutterCount
00:cb5f wEnemyProtectCount
00:cb60 wPlayerDamageTaken
00:cb62 wEnemyDamageTaken
00:cb64 wBattleReward
00:cb67 wBattleAnimParam
00:cb67 wPresentPower
00:cb67 wKickCounter
(...)
Hence it may be exploitable with specific variables around here, but no setup has been found yet, and the stack is corrupted, so must be fixed. Furthermore, I'm not sure if we know how to get 255 Pokémon without arbitrary code execution itself yet, as withdrawing that many Pokémon with the withdraw over 7 Pokémon glitch may freeze the game.
In this attempt for Gold, some gameplay was cut off by accident but it was either just a freeze or forced reset anyway.
In both versions, it can corrupt the player roster and name, roster, and for Gold tiles on the screen. In Gold, is a fun 'distorted Elite Four theme', which I'll upload the music of in full later.
Notes: 255 Pokémon corruption was documented by CasualPokéPlayer, but it's likely someone else had found it before too, just this is obscure. Use arbitrary code execution one step before a Trainer battle to change DA22 (total Pokémon) to FF for Gold, or change DCD7 to FF for Crystal. In Pokémon Gold, you can cause arbitrary code execution at CB5E by doing this glitch and selecting Fight (for at least in this case with setting 255 Pokémon just before Elite Four Will with this party; it may be unknown how it works yet). The memory from this location is like;
00:cb5e wEnemyFuryCutterCount
00:cb5f wEnemyProtectCount
00:cb60 wPlayerDamageTaken
00:cb62 wEnemyDamageTaken
00:cb64 wBattleReward
00:cb67 wBattleAnimParam
00:cb67 wPresentPower
00:cb67 wKickCounter
(...)
Hence it may be exploitable with specific variables around here, but no setup has been found yet, and the stack is corrupted, so must be fixed. Furthermore, I'm not sure if we know how to get 255 Pokémon without arbitrary code execution itself yet, as withdrawing that many Pokémon with the withdraw over 7 Pokémon glitch may freeze the game.
In this attempt for Gold, some gameplay was cut off by accident but it was either just a freeze or forced reset anyway.
In both versions, it can corrupt the player roster and name, roster, and for Gold tiles on the screen. In Gold, is a fun 'distorted Elite Four theme', which I'll upload the music of in full later.
