TheZZAZZGlitch | Pokemon Emerald: Arbitrary code execution! @TheZZAZZGlitch | Uploaded May 2014 | Updated October 2024, 4 days ago.
Read the description for more information.
Some of the 'decamarks' (glitch Pokemon in Gen III with index numbers bigger than 0x019C) cause a buffer overflow upon viewing their summary screens, overwriting a memory location called the IRQ vector. In practice, that means the game will eventually start executing code from a seemingly random, but controllable location. Decamark with hex ID 0x065C causes a jump to $E003300 - in the middle of saved game data.
The obvious thing to do is to prepare a save file which would contain the code and give a way to run it. This is what happens in the video. You can download the example save file at sites.google.com/site/thezzazzglitch/home/PokemonEmeraldArbitraryCode.sav
Instructions:
1. Load the save file
2. View the summary screen of the only Pokemon in your party.
3. ????
4. Profit!
Since it is now possible to obtain every Pokemon through the 'access Pokemon beyond the sixth slot' glitch, arbitrary code execution might be possible without hacking and/or special save files.
1. Obtain the Pokemon with ID 0x065C
2. Manipulate the save data to contain the code (work in progress)
3. View the summary screen.
4. ????
5. Profit!
In theory, the maximum size for a program executed through this method is 57344 bytes.
Read the description for more information.
Some of the 'decamarks' (glitch Pokemon in Gen III with index numbers bigger than 0x019C) cause a buffer overflow upon viewing their summary screens, overwriting a memory location called the IRQ vector. In practice, that means the game will eventually start executing code from a seemingly random, but controllable location. Decamark with hex ID 0x065C causes a jump to $E003300 - in the middle of saved game data.
The obvious thing to do is to prepare a save file which would contain the code and give a way to run it. This is what happens in the video. You can download the example save file at sites.google.com/site/thezzazzglitch/home/PokemonEmeraldArbitraryCode.sav
Instructions:
1. Load the save file
2. View the summary screen of the only Pokemon in your party.
3. ????
4. Profit!
Since it is now possible to obtain every Pokemon through the 'access Pokemon beyond the sixth slot' glitch, arbitrary code execution might be possible without hacking and/or special save files.
1. Obtain the Pokemon with ID 0x065C
2. Manipulate the save data to contain the code (work in progress)
3. View the summary screen.
4. ????
5. Profit!
In theory, the maximum size for a program executed through this method is 57344 bytes.