*Gen III Ace : Some Technical information for Code Execution

1. Gen III ACE : Some technical information for Code Execution
2.  
3. Summary :
4. 5.0) Data
5. 5.1) Glitch Moves and Boostrap Codes
6. 5.2) Bootstrap Pokémon Procedure
7. 5.2.1) Bootstrap Pokémon Procedure for RS ACE
8. 5.3) Obtain a Pokémon that stores a "copy-paste and overwrite" Code
9. 5.3.1) Obtain Additional Pokémon N°1 (Pokémon storing the adress of a NPC Script)
10. 5.3.2) Obtain Additional Pokémon N°2 (Pokémon storing the adress of PC Item N°1)
11. 5.3.4) Obtain Additional Pokémon N°3 and N°4 (Pokémon storing the adress for code storage)
12. 5.4) List of main codes to execute
13. 5.5) DMA Translation check to perform ACE
14. 5.5.1) DMA Translation on Emerald non Jpn
15. 5.5.1.1) DMA Translation on Emerald non Jpn (Old)
16. 5.5.2) DMA Translation on Emerald Jpn
17. 5.5.3) DMA Translation on FrLg non Jpn
18. 5.5.4) DMA Translation on FrLg Jpn
19. - Notes -
20.  
21. For the main list of codes to execute, see https://pastebin.com/42RPYDQA
22.  
23.  
24.  
25. 5.0) Data
26. In-game traded Pokémon :
27. Emerald :
28. Seedot : PID 0x00000084, TID 0x00009746, PID xor TID : 0x000097C2
29. Plusle : PID 0x0000006F, TID 0x0001210C, PID xor TID : 0x00012163
30. Meowth : PID 0x0000008B, TID 0x00016559, PID xor TID : 0x000165D2
31. Horsea : PID 0x0000007F, TID 0x0000B4CD, PID xor TID : 0x0000B4B2
32.  
33. Starting adresses : (DMA translation of 0)
34. Emerald :
35. - PC Item Slot 1 : 0x02025E98
36. - Pyramid Bag Slot 1 : 0x02025880
37. - Box 12 Slot 18 : 0x0203047C / 0x0203049C (1st byte of the 1st substructure)
38. Emerald Jp :
39. - PC Item Slot 1 : 0x02025B3C
40. - Pyramid Bag Slot 1 : 0x02025524
41. - Box 12 Slot 15 : 0x02030030 / 0x02030050 (1st byte of the 1st substructure)
42. FrLg (non Jp) :
43. - PC Item Slot 1 : 0x020257C4
44. - Box 12 Slot 24 : 0x02030168 / 0x02030188 (1st byte of the 1st substructure)
45. FrLg Jp :
46. - PC Item Slot 1 : 0x02025724
47. - Box 12 Slot 26 : 0x02030140 / 0x02030160 (1st byte of the 1st substructure)
48.  
49. General form of the Bootstrap Code : 03 xx yy 02 02 FF 00 08 / 02yyxx03 080FF02 (32-bit format)
50.  
51. -- Useable Glitch Moves with Animation Pointers that point to PC adresses :
52. -Emer US, Fr, Spa, Ita, Ger :
53. 0x02030400 (0x1608), 0x02030208 (0x392C), 0x02030120 (0x4871), 0x02030008 (0x41A7)
54. -Emer Jap :
55. 0x02330000 (0x3110)
56. -Fire Red US, Fr, Spa, Ita, Ger :
57. 0x023F0084 (0x0713), 0x02030400 (0x161F), 0x023F0074 (0x1359)
58. -Fire Red Jap :
59. 0x023F0084 (0x0713), 0x023F0074 (0x1359)
60. -Leaf Green US, Fr, Spa, Ita, Ger :
61. 0x023F0084 (0x0713), 0x02030400 (0x161F)
62. -RS Fr :
63. 0x02039360 (0x804C),(0x8053), 0x02133F00 (0x3CBE)
64.  
65. -- Script engine subroutine adresses :
66. Emer US : 0x08098EF9 / Emer Fr : 0x08098F09 / Emer Ita : 0x08098F0D / Emer Spa : 0x08098F0D / Emer Ger : 0x08098F15 / Emer Jap : 0x08098881
67. FrLg US : 0x08069AE5 / FrLg Fr : 0x08069B95 / FrLg Ita : 0x08069AC1 / FrLg Spa : 0x08069BA9 / FrLg Ger : 0x08069AD5 / FrLg Jap : 0x080693A5
68. Ruby US : 0x080655B9 / Ruby Jap : 0x080628F9 / Ruby Fr : 0x080659E5 /
69. Sapp US : 0x080655BD / Sapp Jap : 0x080628FD / Sapp Fr : 0x080659E9 / Sapp Ita : 0x08065911
70.  
71.  
72. 5.1) Glitch Moves and Boostrap Codes
73. -- Game : Emerald (except Jap)
74. Starting adress : 0x02030400 (0x1608)
75. Pokémon used : Horsea : PID 0x0000007F, TID 0x0000B4CD, PID xor TID : 0x0000B4B2
76. DMA : At Box 12 Slot 15, translation of 18 double-words. (0x48 bytes)
77. - Target adress : PC Items Slot 1 (0x02025EE0 with translation)
78. New Code : 025EE103 0800B402
79. XORed : 025E55B1 080000B0 - Works.
80.  
81. - Target adress : Box 12 Slot 18, Substructure 1 (0x020304E4 with translation)
82. New Code : 0304E503 0800B402
83. XORed : 030451B1 080000B0 - Works.
84.  
85. - Target adress : Pyramid Bag Items Slot 1 (0x020258C8 with translation)
86. New Code : 0258C903 0800B402
87. XORed : 02587DB1 080000B0 - Works.
88.  
89.  
90. -- Game : Emerald Jap
91. Starting adress : 0x02030000 (0x3110)
92. Pokémon used : Horsea : PID 0x0000007F, TID 0x0000B4CD, PID xor TID : 0x0000B4B2
93. DMA : At Box 12 Slot 13, translation of 17 double-words. (0x44 bytes)
94. - Target adress : PC Items Slot 1 (0x02025B80 with translation)
95. New Code : 025B8103 0800B402
96. XORed : 025B35B1 080000B0 - Works.
97.  
98. - Target adress : Box 12 Slot 15, Substructure 1 (0x02030094 with translation)
99. New Code : 03009503 0800B402
100. XORed : 030021B1 080000B0 - Works.
101.  
102. - Target adress : Pyramid Bag Items Slot 1 (0x02025568 with translation)
103. New Code : 02556903 0800B402
104. XORed : 0255DDB1 080000B0 - Works (with a modified setup).
105.  
106.  
107. -- Game : FrLg (except Jap)
108. Starting adress : 0x023F0084 (0x0713)
109. Pokémon used : Horsea : PID 0x0000007F, TID 0x0000B4CD, PID xor TID : 0x0000B4B2
110. DMA : At Box 12 Slot 20, translation of 12 double-words. (0x30 bytes)
111. - Target adress : PC Items Slot 1 (0x020257F4 with translation)
112. New Code : 0257F503 0800B402
113. XORed : 025741B1 080000B0 - Works.
114.  
115. - Target adress : Box 12 Slot 24, Substructure 1 (0x020301B8 with translation)
116. New Code : 0301B903 0800B402
117. XORed : 03010DB1 080000B0 - Works.
118.  
119.  
120. -- Game : FrLg (Jap)
121. Starting adress : 0x023F0084 (0x0713)
122. Pokémon used : Horsea : PID 0x0000007F, TID 0x0000B4CD, PID xor TID : 0x0000B4B2
123. DMA : At Box 12 Slot 22, translation of 22 double-words. (0x58 bytes)
124. - Target adress : PC Items Slot 2 (0x02025780 with translation)
125. New Code : 02578103 0800B402
126. XORed : 025735B1 080000B0 - Can be obtained.
127.  
128. - Target adress : Box 12 Slot 26, Substructure 1 (0x020301B8 with translation)
129. New Code : 0301B903 0800B402
130. XORed : 03010DB1 080000B0 - Can be obtained.
131.  
132.  
133. 5.2) Bootstrap Pokémon Procedure
134. To obtain HHHHJJKK 0800LLMM (XORed form)
135. - Make a Pokéblock with an Oran Berry, 2 NPCs, a maximal RPM lower than 23.3 RPM. (takes 10 boring minutes to do)
136. Pokéblock with 08 Beauty, 00 Coolness.
137. - Have an in-game traded Horsea clone with no EVs and less than 65.536 exp.
138. - Obtain Glitch Item 0xHHHH.
139. - Give Horsea :
140. Emer US : 16 Atk, 1 HP EVs and Return as 4th Move.
141. Emer Fr : 16 Atk, 17 HP EVs and no 4th Move.
142. Emer Spa : 16 Atk, 5 HP EVs and Hidden Power as 4th Move.
143. Emer Ita : 16 Atk, 49 HP EVs and Waterfall as 4th Move.
144. Emer Ger : 16 Atk, 20 HP EVs and Surf as 4th Move.
145. Emer Jp : 16 Atk, 9 HP EVs and Surf as 4th Move.
146. - Double corrupt Horsea into a Glitch Pokémon using unmarked Caterpie as corruption initiator.
147. That Glitch Pokémon won't be at Lv100 with 0x05060000 exp, so he can still gain EVs.
148. - Give the Pokéblock to the Poké.
149. - Give Pomeg, Hondew, Grepa Berries to the Poké to decrease its HP, SpAtk, SpDef EVs to 0.
150. 12 Pomeg Berries will be enough. Up to 26 Hondew and Grepa Berries can be required (depending on Horsea's exp)
151. - Give the Poké 0xJJ Atk, 0xKK HP EVs, 0xLL SpDef, 0xMM SpAtk. (Less than 510 in total)
152. - Double corrupt the Poké using Heart Caterpie as corruption initiator.
153. For this corruption, do it the old way (once you have an Egg, don't touch/lift it and try to corrupt that Egg only)
154. It becomes Glitch Pokémon 0xJJKK.
155. - Give Item 0xHHHH to the new Pokémon.
156. - Perform a single corruption to corrupt its PID and turn it into an Egg. (Store it to not hatch it)
157. - Trade it to the version you want.
158. - Deposit it in the required PC Slot.
159. End.
160.  
161.  
162. 5.2.1) Bootstrap Pokémon Procedure for RS ACE
163. For HHHHJJKK 26E0LLMM
164. JJ + KK + LL + MM must be lower than 510. HHHH can be anything. E0 26 is a 50 bytes jump.
165. - Make the Pokéblock recipe :
166. Oran + 2 NPC + Normal RPM : 10 Dry, 10 Bitter, 20 Feel x3
167. Oran + 2 NPC + 7-23.3 RPM : 8 Dry, 8 Bitter, 20 Feel (takes 10 boring minutes to do)
168. Spelon + 3 NPC + 100-109.9 RPM : 51 Spicy, 12 Bitter, 32 Feel x4
169. - Have an in-game traded Horsea clone with no EVs and less than 65.536 exp.
170. - Obtain Glitch Item 0xHHHH.
171. - Give Horsea :
172. Emer US : 16 Atk, 1 HP EVs and Return as 4th Move.
173. Emer Fr : 16 Atk, 17 HP EVs and no 4th Move.
174. Emer Spa : 16 Atk, 5 HP EVs and Hidden Power as 4th Move.
175. Emer Ita : 16 Atk, 49 HP EVs and Waterfall as 4th Move.
176. Emer Ger : 16 Atk, 20 HP EVs and Surf as 4th Move.
177. Emer Jap : 16 Atk, 9 HP EVs and Surf as 4th Move.
178. - Double corrupt Horsea into a Glitch Pokémon using unmarked Caterpie as corruption initiator.
179. That Glitch Pokémon won't be at Lv100 with 0x05060000 exp, so he can still gain EVs.
180. - Give the Pokéblock to the Poké.
181. - Give Pomeg, Hondew, Grepa Berries to the Poké to decrease its HP, SpAtk, SpDef EVs to 0.
182. 12 Pomeg Berries will be enough. Up to 26 Hondew and Grepa Berries can be required (depending on Horsea's exp)
183. - Give the Poké 0xJJ Atk, 0xKK HP EVs, 0xLL SpDef, 0xMM SpAtk. (Less than 510 in total)
184. - Double corrupt the Poké using Heart Caterpie as corruption initiator.
185. For this corruption, do it the old way (once you have an Egg, don't touch/lift it and try to corrupt that Egg only)
186. It becomes Glitch Pokémon 0xJJKK.
187. - Give Item 0xHHHH to the new Pokémon.
188. - Perform a singoe corruption to corrupt its PID and turn it into an Egg. (Store it to not hatch it)
189. - Trade it to the version you want.
190. - Deposit it in the required PC Slot.
191. End.
192.  
193. 5.3) Obtain a Pokémon that stores a "copy-paste and overwrite" Code
194. [...]
195.  
196. 5.3.1) Obtain Additional Pokémon N°1 (Pokémon storing the adress of a NPC Script) (to verify) [...]
197. Clone the in-game traded Meowth (it must have no EVs). Mark the Meowth with Square + Triangle.
198. If you want to perform ACE on multiple games, clone Square+Triangle Meowth multiple times (look at the EV-training list below to see how many clones you will need) and ev-train them one by one (leave the others in the PC to not mistake them).
199.  
200. - EV-train Square+Triangle Meowth : (npc_script_adress) (3rd substructure, so 17=0x11 double-words later)
201. Emerald (non Jp) : 02 Speed EVs, Def EVs, Atk EVs, HP EVs
202. Emerald Jp :
203. FrLg (non Jp) :
204. FrLg Jp :
205.  
206. - Once a Square+Triangle Meowth is EV-trained, give a Heart mark to that Meowth in order to indicate that his EV-training is done.
207. If you wanted to perform ACE on multiple Emerald games or on multiple FrLg games, clone that Meowth.
208. (Ex : I want to perform ACE on Fr,US,Ita Emerald so I give Speed, Def, Atk, HP EVs to Meowth and then I clone it 2 times)
209. Give each Square+Triangle+Heart Meowth an Item, depending on the game where you want to send him :
210. Emer Fr : | Emer US : | Emer Ita : | Emer Spa : | Emer Ger : | Emer Jp : | FrLg Fr : | FrLg US : | FrLg Ita : | FrLg Spa : | FrLg Ger : | FrLg Jp : |
211. This way, you will know for which game this Meowth is destined.
212.  
213. - Deposit Square+Triangle+Heart Meowth in safety in PC.
214. You have obtained Additional Pokémon N°1.
215. [...]
216.  
217. 5.3.2) Obtain Additional Pokémon N°2 (Pokémon storing the adress of PC Item N°1) (to verify) [...]
218. Clone the in-game traded Meowth (it must have no EVs). Mark the Meowth with Square + Triangle.
219. If you want to perform ACE on multiple games, clone Square+Triangle Meowth multiple times (look at the EV-training list below to see how many clones you will need) and ev-train them one by one (leave the others in the PC to not mistake them).
220.  
221. - EV-train Square+Triangle Meowth : (block_base) (3rd substructure, so 17=0x11 double-words later)
222. Emerald (non Jp) : 02 Speed EVs, 03 Def EVs, 59 Atk EVs, 50 HP EVs
223. Emerald Jp : 02 Speed EVs, 03 Def EVs, 62 Atk EVs, 82 HP EVs
224. FrLg (non Jp) : 02 Speed EVs, 03 Def EVs, 50 Atk EVs, 38 HP EVs
225. FrLg Jp : 02 Speed EVs, 03 Def EVs, 50 Atk EVs, 82 HP EVs
226.  
227. - Once a Square+Triangle Meowth is EV-trained, give a Heart mark to that Meowth in order to indicate that his EV-training is done.
228. If you wanted to perform ACE on multiple Emerald games or on multiple FrLg games, clone that Meowth.
229. (Ex : I want to perform ACE on Fr,US,Ita Emerald so I give 02 Speed,03 Def, 59 Atk, 50 HP EVs to Meowth and then I clone it 2 times)
230. Give each Square+Triangle+Heart Meowth an Item, depending on the game where you want to send him :
231. Emer Fr : | Emer US : | Emer Ita : | Emer Spa : | Emer Ger : | Emer Jp : | FrLg Fr : | FrLg US : | FrLg Ita : | FrLg Spa : | FrLg Ger : | FrLg Jp : |
232. This way, you will know for which game this Meowth is destined.
233.  
234. - Deposit Square+Triangle+Heart Meowth in safety in PC.
235. You have obtained Additional Pokémon N°1.
236. [...]
237.  
238. 5.3.3) Obtain Additional Pokémon N°3 and N°4 (Pokémon storing the adress for code storage) (to verify) [...]
239. Clone the in-game traded Meowth (it must have no EVs). Mark the Meowth with Square + Triangle.
240. If you want to perform ACE on multiple games, clone Square+Triangle Meowth multiple times (look at the EV-training list below to see how many clones you will need) and ev-train them one by one (leave the others in the PC to not mistake them).
241.  
242. - EV-train Square+Triangle Meowth : (bytecode_base) (3rd substructure, so 17=0x11 double-words later)
243. Emerald (non Jp) : 02 Speed EVs, Def EVs, Atk EVs, HP EVs
244. Emerald Jp :
245. FrLg (non Jp) :
246. FrLg Jp :
247.  
248. - Once a Square+Triangle Meowth is EV-trained, give a Heart mark to that Meowth in order to indicate that his EV-training is done.
249. If you wanted to perform ACE on multiple Emerald games or on multiple FrLg games, clone that Meowth.
250. (Ex : I want to perform ACE on Fr,US,Ita Emerald so I give Speed, Def, Atk, HP EVs to Meowth and then I clone it 2 times)
251. Give each Square+Triangle+Heart Meowth an Item, depending on the game where you want to send him :
252. Emer Fr : | Emer US : | Emer Ita : | Emer Spa : | Emer Ger : | Emer Jp : | FrLg Fr : | FrLg US : | FrLg Ita : | FrLg Spa : | FrLg Ger : | FrLg Jp : |
253. This way, you will know for which game this Meowth is destined.
254.  
255. - Clone Square+Triangle+Heart Meowth.
256. - Deposit the clones Square+Triangle+Heart Meowth in safety in PC.
257. You have obtained Additional Pokémon N°3 and Additional Pokémon N°4.
258. [...]
259.  
260.  
261.  
262. 5.4) List of main codes to execute
263. - Bootstrap code :
264. ; Launch task
265. dcb 0x03
266. ; At address 0x02025EE0 in THUMB mode
267. dcd 0x02025EE0 ; adress of PC Item #1 with a DMA translation of 18 double-words (for Emer non Jap)
268. ; Priority 180, not 255 because 180 give an easier code to store on a Pokemon
269. dcb 0xB4, 0x00
270. ; End script
271. dcb 0x08
272.  
273. Code : 03 E1 5E 02 02 B4 00 08
274. Code : 03 V4 V3 V2 V1 B4 00 08 (Tells the game to execute code at adress 0xU1U2U3U4, with 0xU1U2U3U4 + 0x00000001 = 0xV1V2V3V4)
275.  
276.  
277. - Call to the Overworld Script subroutine : (There is a better alternative)
278. ; fasmarm syntax
279. processor cpu32_v4t ; ARMv4t (GBA cpu)
280. thumb ; we don't want an ARM-mode payload
281. ; code starts below
282. ; all addresses / offsets are for US FireRed.
283.  
284. ldr r0,[block_base + 100] ; the block_base value is stored 40 bytes = 10 double-words after the script
285. ldr r1,[bytecode_base]
286. movs r2,#0xff ; copy 0x1fe bytes. Less bytes can be copied if needed.
287. svc #0xb ; CpuSet
288. ldr r0,[bytecode_base]
289. ldr r1,[script_run + 20] ; the script_run value is stored 20 bytes = 5 double-words after the script
290. bl _call_via_r1
291. pop {r4-r7, r15}
292.  
293. _call_via_r1:
294. bx r1
295.  
296. bytecode_base: dw 0x200D084 ; works well
297. script_run: dw 0x08069AE5 ;adress of overworld script subroutine for FrLg US
298. block_base: dw 0x020257F4 ;adress of PC Item #1 with a DMA translation of 22 double-words (for FrLg non Jap)
299.  
300. Code : 11 48 C0 46 04 49 FF 22 0B DF 03 48 08 49 00 F0 01 F8 F0 BD 08 47 C0 46 84 D0 00 02 | E5 9A 06 08 | F4 57 02 02
301. Code : PP 48 C0 46 04 49 RR 22 0B DF 03 48 QQ 49 00 F0 01 F8 F0 BD 08 47 C0 46 S4 S3 S2 S1 | T4 T3 T2 T1 | U4 U3 U2 U1
302. (bytecode_base = 0xS1S2S3S4 | script_run = 0xT1T2T3T4 | block_base = 0xU1U2U3U4 )
303. (Copies 0xRR words from 0xU1U2U3U4 to 0xS1S2S3S4. Then calls the script at 0xT1T2T3T4 and make it execute the data at 0xS1S2S3S4.)
304. (0xU1U2U3U4 is stored P1 double-words after the script, and 0xPP= 0xP1+ 0x07. 0xT1T2T3T4 is stored Q1 double-words after the script, and 0xQQ=0xQ1 + 0x03.)(Ex : P1 = 10 (decimal), so 0xPP = 0x0A + 0x07 = 0x11 )
305. (For ACE, P1 = Q1 + 20, Q1 = )
306. Lenght : 28 + 4 + 4 bytes
307.  
308. 0x4811 | 0x46C0 | 0x4904 | 0x22FF | 0xDF0B | 0x4803 | 0x4908 | 0xF000 | 0xF801 | 0xBDF0 | 0x4708 | 0x46C0 | 0xD084 | 0x0200 |
309. 0x46C04811 | 0x22FF4904 | 0x4803DF0B | 0xF0004908 | 0xBDF0F801 | 0x46C04708 | 0x0200D084 |
310. Storing from 3rd Lv 50 Item : Double-corrupted : ADEC,DEAC,CDAE
311.  
312. Storing from 5th Lv 50 Item : Non double-corrupted : ACDE,EADC
313. (DEAC double-corrupted Horsea seems better because Growth isn't in the way)
314. Storing from 7th Lv 50 Item : No working order
315.  
316.  
317.  
318. - Execute overworld scripts with an NPC : (Better alternative than the previous code)
319. processor cpu32_v4t ; ARMv4t (GBA cpu)
320. processor cpu32_v4t ; ARMv4t (GBA cpu)
321. thumb
322. ldr r0,[adress2]
323. ldr r1,[adress1]
324. movs r2,#0xFF ; copy 0xFF words from adress 1 to adress 2 ; You can copy-paste a word or double-word by changing 0xFF to 0x01 or 0x02
325. svc 0xb
326. ldr r0,[adress1]
327. ldr r1,[adress3]
328. str r0, [r1]
329. pop {r4-r7, r15}
330. adress1: dw 0x020257F4 ; block_base, adress of PC Item #1 with a DMA translation of 22 double-words (for FrLg non Jp)
331. adress2: dw 0x0200D084 ; bytecode_base, works well
332. adress3: dw 0x020269E4 ; npc_script_adress, adress of overworld NPC Script with a DMA translation of 22 double-words (for FrLg non Jp)
333.  
334. (bytecode_base = 0xS1S2S3S4 | block_base = 0xT1T2T3T4 | npc_script_adress = 0xU1U2U3U4 )
335. Code : 03 48 04 49 FF 22 0B DF 02 48 03 49 08 60 F0 BD E8 5B 02 02 84 D0 00 02 00 5F 02 02
336. Code : 03 48 04 49 FF 22 0B DF 02 48 03 49 08 60 F0 BD S4 S3 S2 S1 T4 T3 T2 T1 U4 U3 U2 U1
337. Lenght : 28 bytes
338.  
339. (Copies 0xRR words from 0xU1U2U3U4 to 0xS1S2S3S4. Overwrites the double-word at 0xT1T2T3T4 with the double-word 0xS1S2S3S4.)
340. [...] Needs to take account of code strage in PC Pokémon data.
341.  
342.  
343. - "Copy-Paste and Overwrite" Code, Version to store on a PC Pokémon data : (need to recompile)
344. processor cpu32_v4t ; ARMv4t (GBA cpu)
345. processor cpu32_v4t ; ARMv4t (GBA cpu)
346. thumb
347. ldr r0,[adress3]
348. ldr r1,[adress2]
349. movs r2,#0x0A ; copy 0x0A words from adress 3 to adress 2 ;
350. svc 0xb
351. ldr r0,[adress4]
352. ldr r1,[adress1]
353. str r0, [r1]
354. pop {r4-r7, r15}
355. adress1: dw 0x020269E4 ; npc_script_adress, adress of overworld NPC Script with a DMA translation of 22 double-words (for FrLg non Jp)
356. adress2: dw 0x020257F4 ; block_base, adress of PC Item #1 with a DMA translation of 22 double-words (for FrLg non Jp)
357. adress3: dw 0x0200D084 ; bytecode_base, works well
358. adress4: dw 0x0200D084 ; bytecode_base, works well
359.  
360. Code : 1D 48 03 49 0A 22 0B DF 01 48 35 49 08 60 F0 BD 84 D0 00 02
361. (Copies 0x0A words from adress3 and pastes them at adress2. Overwrites the double-word stored at adress 1 with the double-word adress4.)
362. Lenght : 20 bytes
363. [...] Need to change the offset for storage of bytecode_base and npc_script_adress.
364.  
365.  
366. - Overwrites a byte :
367. processor cpu32_v4t ; ARMv4t (GBA cpu)
368. thumb
369. ldr r0, [adress1]
370. ; The byte we want to write, in double-word format
371. ldr r1, [adress2]
372. ; Store the value of R0 to dword at R1
373. strb r0, [r1]
374. ; Return
375. pop {r4-r7, r15}
376. adress1: dw 0x00000078
377. adress2: dw 0x0200D084 ; This is where the destination RAM address is loaded from
378.  
379. Code : 01 48 02 49 08 70 F0 BD 78 56 34 12 84 D0 00 02
380. Code : 01 48 02 49 08 70 F0 BD TT XX XX XX U4 U3 U2 U1 (0xU1U2U3U4 is the destination adress, 0xTT is the desired byte, 0xXXXXXX is whatever we want)
381. Lenght : 16 bytes
382.  
383. - Overwrites a word :
384. processor cpu32_v4t ; ARMv4t (GBA cpu)
385. thumb
386. ldr r0, [adress1]
387. ; The word we want to write, in double-word format
388. ldr r1, [adress2]
389. ; Store the value of R0 to dword at R1
390. strh r0, [r1]
391. ; Return
392. pop {r4-r7, r15}
393. adress1: dw 0x00005678
394. adress2: dw 0x0200D084 ; This is where the destination RAM address is loaded from
395.  
396. Code : 01 48 02 49 08 70 F0 BD 78 56 34 12 84 D0 00 02
397. Code : 01 48 02 49 08 80 F0 BD T2 T1 XX XX U4 U3 U2 U1 (0xU1U2U3U4 is the destination adress, 0xT1T2 is the desired word, 0xXXXX is whatever we want)
398. Lenght : 16 bytes
399.  
400.  
401. - Overwrites a double-word :
402. processor cpu32_v4t ; ARMv4t (GBA cpu)
403. thumb
404. ldr r0, [adress1]
405. ; The double-word we want to write
406. ldr r1, [adress2]
407. ; Store the value of R0 to dword at R1
408. str r0, [r1]
409. ; Return
410. pop {r4-r7, r15}
411. adress1: dw 0x12345678
412. adress2: dw 0x02028B4C ; This is where the destination RAM address is loaded from
413.  
414. Code : 01 48 02 49 08 60 F0 BD 78 56 34 12 4C 8B 02 02
415. Code : 01 48 02 49 08 60 F0 BD T4 T3 T2 T1 U4 U3 U2 U1 (0xU1U2U3U4 is the destination adress, 0xT1T2T3T4 is the desired double-word)
416. Lenght : 16 bytes
417.  
418.  
419. - Overwrites a double-word, Pyramid Bag stored :
420. processor cpu32_v4t ; ARMv4t (GBA cpu)
421. thumb
422. ldr r0, [adress1+16]
423. ; The double-word we want to write
424. ldr r1, [adress2+8]
425. ; Store the value of R0 to dword at R1
426. str r0, [r1]
427. ; Return
428. pop {r4-r7, r15}
429. adress1: dw 0x12345678
430. adress2: dw 0x02028B4C ; This is where the destination RAM address is loaded from
431.  
432. Code : 05 48 04 49 08 60 F0 BD 78 56 34 12 4C 8B 02 02
433. Code : 05 48 04 49 08 60 F0 BD ... T4 T3 T2 T1 U4 U3 U2 U1 (0xT1T2T3T4 is the destination adress, 0xU1U2U3U4 is the desired double-word)
434. Lenght : 8+8 bytes = 4+4 Items
435.  
436.  
437. - Copy-paste a string of words :
438. processor cpu32_v4t ; ARMv4t (GBA cpu)
439. thumb
440. ldr r0,[adress1]
441. nop
442. ldr r1,[adress2]
443. movs r2,#0xFF ; copy 0xFF words from adress 1 to adress 2
444. ;You can copy-paste a word or double-word by changing 0xFF to 0x01 or 0x02
445. svc 0xb
446. pop {r4-r7, r15}
447. adress1: dw 0x02025BE8
448. adress2: dw 0x0200D084
449.  
450. Code : 02 48 C0 46 02 49 FF 22 0B DF F0 BD E8 5B 02 02 84 D0 00 02
451. Code : 02 48 C0 46 02 49 SS 22 0B DF F0 BD T4 T3 T2 T1 U4 U3 U2 U1 (Copies 0xSS words from 0xT1T2T3T4 to 0xU1U2U3U4)
452. Lenght : 20 bytes
453.  
454.  
455. 5.5) DMA Translation check to perform ACE
456. 5.5.1) DMA Translation on Emerald non Jpn
457. Emerald (except Jap) : A check for a DMA Translation of 18 double-words is required.
458. - Set up your save for an ACE. (Bootstrap Pokémon, PC Items/Pyramid Items, ACE Glitch Move,..)
459. - Catch a wild Pochyena at Route 101 and nickname it : "C","O","D","E","D","S","D","empty space","h","empty space".
460. (the full nickname needs to be "CODEDSD h " with the last empty space and not "CODEDSD h")
461. - Clone this Pokémon and move it outside Boxes 1/2.
462. This Pokémon will be consumed during the procedure.
463.  
464. - Remove any Pokémon from Box 13 Slots 1 and 2.
465.  
466. - But at least 90 Fluffy Tails, and a dozen of Revives.
467.  
468. - Obtain the Glitch Pokémon :
469. Emer Fr : Poké 0xFAFC (250 Atk, 252 HP)(Party Slot 228)
470. Emer US : Poké 0x96F9 (150 Atk, 249 HP)(Party Slot 240)
471. Emer Spa : Poké 0x94D1 (148 Atk, 209 HP)(Party Slot 240)
472. Emer Ita : Poké 0xE354 (227 Atk, 84 HP)(Party Slot 228)
473. Emer Ger : Poké 0xE368 (227 Atk, 104 HP)(Party Slot 236)
474.  
475. - Clone this Pokémon with Battle Tower cloning glitch.
476. It is possible to lose this Pokémon later in the procedure, so keep a clone to be able to perform other ACE.
477.  
478. - Set up your save for an ACE (Bootstrap Pokémon, PC Items/Pyramid Items, ACE Glitch Move,..) if you haven't done it previously.
479.  
480. - Once you are ready for the ACE, move the "CODEDSD h " Pokémon to :
481. Emer Fr : Box 1 Slot 20
482. Emer US : Box 2 Slot 5
483. Emer Spa : Box 2 Slot 5
484. Emer Ita : Box 1 Slot 20
485. Emer Ger : Box 1 Slot 30
486.  
487. - Move other Pokémon from the PC slots near the "CODEDSD h " Pokémon. (leave a 2 PC slots space before and after this Pokémon)
488. These PC Slots can turn into Bad Eggs in the process.
489.  
490. - Make a party with : Alive Pokémon - KO Glitch Pokémon - KO Pokémon with the ACE Glitch Move - KO Pokémon with Fly.
491. Where "Glitch Pokémon" is the Glitch Pokémon :
492. Emer Fr : 0xFAFC | Emer US : 0x96F9 | Emer Spa : 0x94D1 | Emer Ita : 0xE354 | Emer Ger : 0xE368 |
493. that was previously obtained.
494.  
495.  
496. - Open the PC.
497. - Generate an Invisible Bad Egg with a Cloning Glitch Pokémon. (If you don't have one already)
498. Try to grab the Cloning Glitch Pokémon, and this will generate an Invisible Bad Egg.
499. Deposif the Invisible Bad Egg.
500. - Close the PC and reopen it.
501. - Perform a Decaswitch in order to have a fully KO party.
502. Grab a Pokémon in the PC and deposit it. (a Pokémon that is not a Bad Egg and not a Glitch Pokémon)
503. Grab the Invisible Bad Egg.
504. Swap it with the Alive Pokémon in the party.
505. - Close the PC.
506. Your party is now : Invisible Bad Egg - KO Glitch Pokémon - KO Pokémon with the ACE Glitch Move - KO Pokémon with Fly.
507. - Fly to Slateport, and enter the PokéFan Club.
508. - Go in front of the journalist.
509. - Open the options, and make sure Battle Animations are ON.
510. ! If the Battle Animations are OFF, you will not have any Code Execution. !
511. - Save.
512. ! You will retry from here if the ACE messes up, or if you mess up something. !
513.  
514. - Talk to the journalist.
515.  
516. - Go to an area where you can make wild battles. (Route 110,118 or any other route)
517. - Make a wild battle.
518. You will send out a Bad Egg.
519. /!\ Do not look at the moves of this Bad Egg, there is an important chance that this would freeze the game or make you lose the battle. /!\
520.  
521. - Look at the Level and Max HP values of the Bad Egg.
522. -- If the Bad Egg is not at Lv 190 or if he doesn't have ../220 HP, use a Fluffy Tail and do another wild battle.
523. /!\Do not try to flee as the Bad Egg can be unable to flee due to a very low speed. /!\
524. -- If the Bad Egg is at Lv 190 and has .../220 HP, your DMA pattern is okay for ACE. (1/32 chance)
525. - Use a Revive/Max Revive on the Pokémon with Glitch Move 0x1608.
526. - Switch to the Pokémon with Glitch Move 0x1608.
527. - Use Glitch Move 0x1608 to perform ACE.
528. - Use a Fluffy Tail to end the battle.
529.  
530.  
531. 5.5.1.1) DMA Translation on Emerald non Jpn (Old)
532. Emerald (except Jap) : A check for a DMA Translation of 18 double-words is required.
533. - Obtain in-game traded Meowth.
534. Clone it and keep a clone in safety. (like every other in-game traded Pokémon)
535. - Make 5 clones of Meowth.
536. - Give 5 Def and 5 Speed EVs to a clone of Meowth.
537. - Place the non EV-trained clones at Box 2 Slots 11,14,17,20.
538. Place the EV-trained clone at Box 2 Slot 23.
539. - Prepare yourself for ACE.
540. Obtain a Pokémon with Glitch Move 0x1608. (Plusle with 22 Atk, 8 HP EVs)
541. Obtain the Bootstrap Pokémon from in-game traded Horsea.
542. Set up PC Items / Pyramid Bag Items.
543. - Prepare yourself for Pomeg Glitch.
544. Don't do Instant Pomeg Glitch, a Pomeg Glitch with a wild battle is required.
545. Include a Pokémon with Glitch Move 0x1608 between Fly Pokémon and 1 HP Pokémon.
546. ( Poké - KO Fly Poké - KO Poké with Glitch Move - 1 HP Poké)
547. For more convenience, perform Decaswitch.
548. Once you are prepared, save.
549. - Turn the Battle animations On.
550. - Save.
551. - Perform Pomeg Glitch.
552. - After hitting B to close the summary of the Fly Pokémon (the Pokémon in the second party slot), count your Up pushes.
553. At each Up push, look closely at the first party slot for red highlights.
554. You need to see :
555. Up Push N°1 : NO red highlight
556. Up Push N°2 : Red highlight on the Quit button
557. Up Push N°3 : The Pokéball behind the Fly Pokémon (Pokémon in the second party slot) must not be bright and opened a bit.
558. That Pokéball must look like the other Pokéballs behind the Pokémon in party slot 3.
559. Up Push N°4 : Red highlight on first party slot
560. Up Push N°5 : NO red highlight on first party slot
561. Up Push N°6 : Red highlight on first party slot
562. Up Push N°7 : NO red highlight on first party slot
563. Up Push N°8 : Red highlight on first party slot
564. Up Push N°9 : Red highlight on first party slot
565. Up Push N°10 : Red highlight on first party slot
566. Up Push N°11 : NO red highlight on first party slot
567. Up Push N°12 : NO red highlight on first party slot
568. Up Push N°13 : Red highlight on first party slot
569. Up Push N°14 : NO red highlight on first party slot
570. - If you saw the exact same highlights/things as described, your DMA translation if of 18 double-words.
571. If you are unsure of your Up pushes, you can hit B and retry. (open party, open Fly Pokémon summary, hit B,..)
572. Check the video related to the procedure in order to clearly see what you need to see.
573. - Hit B.
574. Use a Revive on the Pokémon with Glitch Move 0x1608.
575. Use Glitch Move 0x1608 to perform ACE.
576.  
577.  
578. 5.5.2) DMA Translation on Emerald Jpn
579. - Turn on the Battle Animations.
580. - Obtain the in-game traded Seedot and Meowth.
581. Clone them and keep a clone in safety.
582. - Obtain a Cloning Glitch Pokémon for your version. (0x2660, 38 Atk, 96 HP)
583. - Buy and X Special/X Accuracy
584. - Mark a clone of Meowth with the Triangle mark, and place it in your party.
585. - Make a fight against a Poochyena on Route 101.
586. - Decrease Meowth's friendship to 0.
587. Send Meowth to the fight, use X Special/Accuracy until it takes a hit.
588. Use an Energy Root.
589. Repeat until X Energy Roots have been used.
590. Damage Meowth one more time and flee. (0 Friendship)
591. - Fly at Odale Town.
592. - Enter Pokemon center and open Bag right next to the PC.
593. (Meowth may have gained 1 Frienship due to a step cycle)
594. - Give 1 Energy Root to Meowth
595. - Deposit Triangle Meowth in PC.
596. This Meowth has 0 Friendship.
597. - Clone Triangle Meowth once.
598. Keep a clone in safety.
599. - Place a clone of Triangle Meowth at Box 2 Slot 11.
600. - Clone Seedot three times.
601. - Place clones of Seedot at Box 2 Slots 14,17,20,23.
602. - Save.
603. - Generate an Invisible Bad Egg in PC.
604. Place it in a Box other than Boxes 1/2.
605. Everything is now in place. The Pomeg Glitch to check the DMA Value and to trigger the ACE can be performed.
606. - Make a party with :
607. KO Poké - KO Fly Poké - KO Poké with ACE Glitch Move - Non-KO Poké
608. - Fly to Odale Town.
609. - Save.
610. ! You will retry from here if the DMA value isn't the wanted one. !
611.  
612. - Make a wild battle and flee.
613. - Go back to the Pokémon Center.
614. - Open the PC.
615. Grab the KO Pokémon, and swap it with the Invisible Bad Egg.
616. Swap the Invisible Bad Egg with the Non-KO Pokémon.
617. Deposit the Non-KO Pokémon. (Not in Boxes 1/2)
618. Close the PC.
619. - Make another wild battle.
620. An empty slot is sent to the fight.
621. - Open the party.
622. - Open the summary of the Fly Pokémon.
623. - Hit B.
624. - After hitting B to close the summary of the Fly Pokémon (the Pokémon in the second party slot), count your Up pushes.
625. At each Up push, look closely at the first party slot for red highlights.
626. You need to see : (Emerald Jap)
627. Up Push N°1 : NO red highlight
628. Up Push N°2 : Red highlight on the Quit button
629. Up Push N°3 : NO red highlight
630. Up Push N°4 : NO red highlight
631. Up Push N°5 : The Pokéball behind the Fly Pokémon (Pokémon in the second party slot) must be bright and opened a bit.
632. That Pokéball must NOT look like the other Pokéballs behind the Pokémon in party slot 3.
633. Up Push N°6 : red highlight on first party slot
634. Up Push N°7 : NO red highlight on first party slot
635. Up Push N°8 : Red highlight on first party slot
636. Up Push N°9 : NO red highlight on first party slot
637. Up Push N°10 : Red highlight on first party slot
638. Up Push N°11 : NO red highlight on first party slot
639. Up Push N°12 : NO red highlight on first party slot
640. Up Push N°13 : no Red highlight on first party slot
641.  
642. - If you saw the exact same highlights/things as described, your DMA translation is the DMA translation required here.
643. If you didn't see the exact same highlights/things as described, your DMA translation will not work. Reset and try again.
644. For certain DMA values, the game may freeze during your Up pushes. However, don't worry, it won't happen when you will be on the right DMA value.
645. If you are unsure of your Up pushes, you can hit B and retry. (open party, open Fly Pokémon summary, hit B,..)
646.  
647. - Once you checked the DMA translation and have the required value, hit B to close the party.
648. - Use a Revive on the Pokémon with the ACE Glitch Move, and send that Pokémon to the fight.
649. - Use the ACE Glitch Move to perform ACE.
650. This Glitch Move has the effet of ...., so it can be safely used.
651. Your game should normally not freeze here. If your game froze, then there is an issue in either the ACE Glitch Move, the Bootstrap Pokémon, or the Code you've written.
652. - Use a Fluffy Tail to end the battle.
653.  
654.  
655. 5.5.3) DMA Translation on FrLg non Jpn
656. FrLg (except Jap) : A check for a DMA Translation of 12 double-words is required.
657. - Obtain in-game traded Horsea and Seedot in Emerald.
658. Clone them and keep a clone in safety.
659. - Obtain a cloning Glitch Pokémon for your FrLg version :
660. - On Emerald, fly to Artisan Cave.
661. Save.
662. Reset and make a wild encounter. Catch the Smeargle you've met.
663. Calculate Smeargle's IVs : http://www.psypokes.com/dex/iv.php
664. Find the frame that generated Smeargle using RNG Reporter (Method 2, Max Results 10.000, Starting Frame 1, Seed 0)
665. With that generating frame, you obtain Smeargle's PID. Convert that value in decimal.
666. Calculate the remainder of Smeargle's PID in the euclidian division by 24.
667. That value must be 1,5,6,11,12,17,18 or 23. If not, reset and try again.
668. - Trade Horsea, Seedot, Cloning Glitch Pokémon for FrLg, Smeargle to your FrLg game.
669. - Using the Cloning Glitch Pokémon, make a clone of everyone and put it in safety.
670. Horsea, Seedot, Smeargle will be corrupted during the procedure.
671. - Clone Horsea once, Smeargle once, Seedot three times.
672. - Place a Horsea clone at Box 2 Slot 18.
673. Place Seedot clones at Box 2 Slots 21,24,30.
674. Place a Smeargle clone at Box 2 Slot 27.
675. - Prepare yourself for ACE.
676. Obtain a Pokémon with Glitch Move 0x0713. (Plusle with 7 Atk, 19 HP EVs)
677. Obtain the Bootstrap Pokémon from in-game traded Horsea.
678. Set up PC Item.
679. - Prepare yourself for Pomeg Glitch.
680. Include a Pokémon with Glitch Move 0x0713 between Fly Pokémon and 1 HP Pokémon.
681. ( Poké - KO Fly Poké - KO Poké with Glitch Move - 1 HP Poké)
682. For more convenience, perform Decaswitch.
683. Once you are prepared, save.
684. - Perform Pomeg Glitch.
685. - After hitting B to close the summary of the Fly Pokémon (the Pokémon in the second party slot), count your Up pushes.
686. At each Up push, look closely at the first party slot for red highlights.
687. You need to see :
688. Up Push N°1 : NO red highlight
689. Up Push N°2 : Red highlight on the Quit button
690. Up Push N°3 : The Pokéball behind the Fly Pokémon (Pokémon in the second party slot) must not be bright and opened a bit.
691. That Pokéball must look like the other Pokéballs behind the Pokémon in party slot 3.
692. Up Push N°4 : NO Red highlight on first party slot
693. Up Push N°5 : Red highlight on first party slot
694. Up Push N°6 : NO red highlight on first party slot
695. Up Push N°7 : NO red highlight on first party slot
696. Up Push N°8 : Red highlight on first party slot
697. Up Push N°9 : NO red highlight on first party slot
698. Up Push N°10 : Red highlight on first party slot
699. Up Push N°11 : NO red highlight on first party slot
700. Up Push N°12 : NO red highlight on first party slot
701. Up Push N°13 : Red highlight on first party slot
702. Up Push N°14 : NO red highlight on first party slot
703. - If you saw the exact same highlights/things as described, your DMA translation if of 12 double-words.
704. If you are unsure of your Up pushes, you can hit B and retry. (open party, open Fly Pokémon summary, hit B,..)
705. Check the video related to the procedure in order to clearly see what you need to see.
706. - Hit B.
707. Use a Revive on the Pokémon with Glitch Move 0x0713.
708. Use Glitch Move 0x0713 to perform ACE.
709.  
710. 5.5.4) DMA Translation on FrLg Jpn
711. - Make a setup for ACE (see Notes or other pastes)
712. - Turn on the Battle Animations.
713. - Obtain in-game traded Horsea and Seedot in Emerald.
714. Clone them and keep a clone in safety.
715. - Obtain a cloning Glitch Pokémon for your FrLg version. (see Notes)
716. - Clone Horsea once, Seedot five times.
717. - Save.
718. - Place a Horsea clone at Box 2 Slot 23.
719. Place Seedot clones at Box 2 Slots 13,17,20,26,29.
720. - Generate an Invisible Bad Egg.
721. Leave it in a PC Box, except Boxes 1/2/3.
722. - Save.
723. Everything is now in place. The Pomeg Glitch to check the DMA Value and to trigger the ACE can be performed.
724.  
725. - Make a party with :
726. KO Poké - KO Fly Poké - KO Poké with ACE Glitch Move - Non-KO Poké
727. - Fly to Vermilion City.
728. - Save.
729. ! You will retry from here if the DMA value isn't the wanted one. !
730.  
731. - Make a wild battle and flee.
732. - Go back to the Pokémon Center.
733. - Open the PC.
734. Grab the KO Pokémon, and swap it with the Invisible Bad Egg.
735. Swap the Invisible Bad Egg with the Non-KO Pokémon.
736. Deposit the Non-KO Pokémon. (Not in Boxes 1/2)
737. Close the PC.
738. - Make another wild battle.
739. An empty slot is sent to the fight.
740. - Open the party.
741. - Open the summary of the Fly Pokémon.
742. - Hit B.
743. - After hitting B to close the summary of the Fly Pokémon (the Pokémon in the second party slot), count your Up pushes.
744. At each Up push, look closely at the first party slot for red highlights.
745. You need to see : (FrLg Jap)
746. Up Push N°1 : NO red highlight
747. Up Push N°2 : Red highlight on the Quit button
748. Up Push N°3 : NO red highlight
749. Up Push N°4 : NO Red highlight on first party slot
750. Up Push N°5 : Red highlight on first party slot
751. Up Push N°6 : NO red highlight on first party slot
752. Up Push N°7 : red highlight on first party slot
753. Up Push N°8 : Red highlight on first party slot
754. Up Push N°9 : NO red highlight on first party slot
755. Up Push N°10 : Red highlight on first party slot
756. Up Push N°11 : NO red highlight on first party slot
757. Up Push N°12 : red highlight on first party slot
758. Up Push N°13 : NO Red highlight on first party slot
759. Up Push N°14 : red highlight on first party slot
760. Up Push N°15 : red highlight on first party slot
761. Up Push N°16 : NO Red highlight on first party slot
762. Up Push N°17 : red highlight on first party slot
763. Up Push N°18 : red highlight on first party slot
764. Up Push N°19 : NO red highlight on first party slot
765.  
766. - If you saw the exact same highlights/things as described, your DMA translation is the DMA translation required here.
767. If you didn't see the exact same highlights/things as described, your DMA translation will not work. Reset and try again.
768. If you are unsure of your Up pushes, you can hit B and retry. (open party, open Fly Pokémon summary, hit B,..)
769.  
770. Check the video related to the procedure in order to clearly see what you need to see. (see Notes)
771. - Once you checked the DMA translation and have the required value, hit B to close the party.
772. - Use a Revive on the Pokémon with the ACE Glitch Move, and send that Pokémon to the fight.
773. - Use the ACE Glitch Move to perform ACE.
774. This Glitch Move has the effet of ...., so it can be safely used. However, it only has an accuracy of 4%, so you will need to use it many times until it doesn't misses. You can use some X Accuracy to increase your chance to hit.
775.  
776. - Once the ACE Glitch Move has not missed, use a Fluffy Tail to end the battle.
777. Your game should normally not freeze here. If your game froze, then there is an issue in either the ACE Glitch Move, the Bootstrap Pokémon, or the Code you've written.
778.  
779.  
780.  
781. - Notes -
782.  
783. - Gen III ACE, Obtain many Glitch Items : http://pastebin.com/qQ91bzuM
784. - Gen III ACE, Obtain a Bootstrap Pokémon : https://pastebin.com/2aEzxFU4
785. - Gen III ACE, Obtain a Bootstrap Pokémon (Emer Jpn, Pyramid Bag Code Execution) : https://pastebin.com/5PCe14AQ
786. - Gen III ACE, Setting Pyramid Bag Items in Emerald : https://pastebin.com/tQSDqkdU
787. - Gen III ACE, Setting PC Items in Emerald : https://pastebin.com/Ke3wUsZX
788. - Gen III ACE, Setting PC Items in FrLg : https://pastebin.com/yHBhvbLh
789. - Gen III ACE, Preparing your games for Arbitrary Code Execution : https://pastebin.com/0NMAtJ9j
790. - Gen III ACE, List of Codes to execute : https://pastebin.com/42RPYDQA
791.  
792. - List of links for all procedures : https://pastebin.com/YaZaMQ4G
793.  
794. - EV-training data :
795. - Macho Brace : Doubles the EVs won in a battle.
796. - Exp.Share : The holder also receives EVs when Pokémon are KOed.
797. - PokéRus : Doubles the EVs won in a battle. /!\ AVOID IT /!\ (Obtaining odd EVs with PokéRus is a problem)
798. - HP : HP Up : +10 HP (Up to 100 HP) | Marill (Route 102,111) : +2 HP | Wishmur (Rusturf Tunnel) : +1 HP.
799. - Attack : Protein : +10 Atk (Up to 100 Atk) | Mighthyena (Route 120,121) : +2 Atk | Poochyena (Route 101,102,120,121) : +1 Atk.
800. - Defense : Iron :+10 Def (Up to 100 Def) | Graveler & Torkoal (Magma Hideout) : +2 Def | Silcoon & Cascoon (Petalburg Woods) : +2 Def | Geodude (Magma Hideout) : +1 Def. | Clamperl (Underwater) : +1 Def.
801. - Speed : Carbon : +10 Spd (Up to 100 Speed) | Linoone (Route 119) : +2 Spd | Magikarp (Old Rod, Route 102) : +1 Spd | Zigzagoon (Route 103,119) : +1 Spd | Wingull (Route 103) : +1 Spd.
802. - Special Attack : Calcium : +10 SpAtk (Up to 100 SpAtk) | Spinda & Slugma (Route 113) : +1 SpAtk.
803. - Special Defense : Zinc : +10 SpDef (Up to 100 SpDef) | Lombre (Route 114) : +2 SpDef | Swablu & Lotad (Route 114) : +1 SpDef | Tentacool (Route 103) : +1 SpDef.
804.  
805. -4th Move for a Fast Double Corruption :
806. Emer Fr : --/Frustration | Emer Us : Flash/Return | Emer Spa : Hidden Power | Emer Ita : Nature Power/Waterfall | Emer Jp : Rock Smash/Thunder Wave/Surf | Emer Ger : Flash/Surf | Fr US,Fr,Ger,Ita,Spa : Growth | Lg US,Fr,Ger,Ita,Spa : Hidden Power | FrLg Jap : Frustration |
807.  
808. - Cloning Glitch Pokémon :
809. Emer Fr : 0x2890 (40 Atk,144 HP) | Emer Us : 0x288A (40 Atk,138 HP) | Emer Spa : 0x2890 (40 Atk,144 HP) | Emer Ita : 0x2718 (39 Atk, 24 HP) | Emer Jp : 0x2660 (38 Atk, 96 HP) | Emer Ger : 0x2891 (40 Atk,145HP) | FrLg FR : 0x320B (50 Atk,11 HP) | FrLg US : 0x3200 (50 Atk,00 HP) | FrLg Spa : 0x3210 (50 Atk,16 HP) | FrLg Ita : 0x320A (50 Atk,10 HP) | FrLg Ger : 0x320F (50 Atk, 15 HP) | FrLg Jap : 0x4F90 (79 Atk, 144 HP) |
810.  
811. - Instant Pomeg Glitch Pokémon :
812. Emer Fr: 0x29C8 (41 Atk,200 HP) | Emer US : 0x29C0 (41 Atk,192 HP) | Emer Spa : 0x948C (148 Atk,140 HP) | Emer Ger : 0x29C9 (41 Atk, 201 HP) | Emer Jp : 0x4360 (67 Atk,96 HP) | Emer Ita : 0x9481 (148 Atk,129 HP) |
813.  
814. By Metarkrai