Post subject: Basic guide to doing arbitrary code execution in games?
Joined: 5/13/2013
Posts: 180
Hey my peeps, i gotta burning question. I've seen a lot of TASes that execute arbitrary code. They work their way into some kind of vulnerability by making the player character become absolutely braindead or retarded doing very specific actions that point to very specific lines of code, allowing them to write their own programs with the game's engine using nothing but button presses. Cool, I thought. If Lord Tom can do it with Mario 3, then I could do it to! So I thought I'd try my hand at Pokemon ACE. I um...didn't know exactly what to do. All the "official" guides to ACE in Pokemon say I have to work my way up to a bunch of items and certain Pokémon who have to have moves in a certain order, and I figured that might take too long in one day (which don't get me wrong i know TASing can't usually be done overnight). So...can anybody kick me off? I'd really like to record some practice encodes for my YT channel. Appreciated.
A wise man once said "Damn, that's one hell of a steak."
Masterjun
He/Him
Site Developer, Expert player (2047)
Joined: 10/12/2010
Posts: 1185
Location: Germany
I'm not Lord Tom, but I might be able to answer some things. First of all, the title is somewhat misleading considering your actual question. First I'm going to address your question in the title.
In short, reaching a state of Arbitrary Code Execution from scratch means:
    1. Figuring out what needs to change (what memory addresses, what values, etc.) to effectively give you enough control of the processor to expand the control even further. It's what our corresponding wiki page is all about. 2. Figuring how to use the in-game mechanics to actually change the things around. This step looks like what the actual question in the reply is about.
Once you get there, it's only a matter of knowing how to program to actually create content. The content might be just changing two or three addresses and start the credits, or it might be creating full games. The former is interesting for TASing, the latter is more on the level of ROM hacking and even game development itself. This can be done independently from the other two steps, as you can just use Hex Editors or Cheats to change the according bytes.
Now, advice on your actual problem in the reply. Of course, in games like Pokemon, the first step has already been established and the second step only requires knowledge of the game itself. Your best bet is to ask for more game specific advice on how to manipulate the items and all that. (Hard to give advice without knowing the exact game though) Of course, you also need actual content if you want to do something other than just display the credits. So go ahead and create your payload. Though this doesn't really have anything to do with TASing.
Warning: Might glitch to credits I will finish this ACE soon as possible (or will I?)
Joined: 5/13/2013
Posts: 180
Thanks Masterjun! I'd love to... ...but right now I don't have a computer... Man. I wish BizHawk was on Android.
A wise man once said "Damn, that's one hell of a steak."
MESHUGGAH
Other
Skilled player (1919)
Joined: 11/14/2009
Posts: 1353
Location: 𝔐𝔞𝔤𝑦𝔞𝔯
Pokémon ACE guides, elaborated and with videos: https://glitchcity.info/wiki/Arbitrary_code_execution You should also watch some videos about how ACE done on various TASes, for example SMB3: Link to video
PhD in TASing 🎓 speedrun enthusiast ❤🚷🔥 white hat hacker ▓ black box tester ░ censorships and rules...