Another improvement to Gen 2 save glitch.

The strategy for this run is to get out of bounds to map 0xFF00, similar to my previous Crystal save glitch TAS. This is done by resetting right after the player's coordinates are written but before the visible map cache is saved, resulting in a desynchronized map state, allowing for the map to be exited in unintentional ways. Map 0xFF00's corruption gives us access to a highly corrupted inventory and thus a seemingly easy vector for ACE.

However, this run opts to do this very early, before even talking to Mom. This poses a grave problem: you can't use wrong pocket TMs/HMs without a Pokemon in the party (as the game prevents item effects for items needing a Pokemon. Granted this is strange for wrong pocket TMs/HMs since separate code handles the correct TMs/HMs pocket). There is also the minor problem of not being able to actually use Mail to setup an ACE payload.

So without a Pokemon, it seems like this route is impossible. However, I discovered a saving grace: registered items. Registered items are not subject to the Pokemon in a party limitation (as Game Freak didn't add such code to registered item handling). So we can freely use a wrong pocket TM/HM by "registering" a wrong pocket TM/HM. An extra saving grace is HM03, which runs the daycare withdraw code, thus allowing us to get a Pokemon!

Using HM03 does have a minor downside, it results in wPokemonWithdrawDepositParameter being set to 1. This is right before wItemQuantityChange, where we normally insert a jp hl by pretending to toss 233. 1 corresponds to ld bc,$xxyy, so this would make the next byte be treated as an operand rather than opcode. This can be worked around by simply using Mail on the second Pokemon in the party, which sets wCurPartyMon to 1. This is two bytes before wPokemonWithdrawDepositParameter, so the problematic 1 gets treated as an operand, thus allowing the old dec h / jp hl bootstrap to work fine.

So with these in place, the plan is follows: