Pokemon Crystal - Arbitrary Code Execution with Bad Clones 

Yeah, it would be possible in a similar manner since it's just a flag in RAM. I went this other way because you don't have to wait until the next day.

Yeah, you need to open up bank 1 of the SRAM and write 0B to BE3C. I have a box name code for this in a Pastebin that has been verified on console. pastebin.com/QKn9M506

I must be missing something between step 6 and 7. When/where do you check the Lapras' glitch name in Crystal? In the trade screen?

I think I've got a Japanese bad clone! Following Crystal_'s tidbit, I used box 8 for best results. Ended up with a bad clone of a Butterfree I generated with the patched debug function on slot 11: i.imgur.com/hu5jzxL.png

Might be different in japansese version though, depending on how box data is arranged/saved. The data is saved in three parts, and prior to each of these wram->sram(changed to box) writes there's a sram(previous box)->wram write, which is what contributes to increasing the time interval for a succesful bad clone. In the english versions at least, the first block is up to the middle of the 15th box pokemon data, the second block is up to the middle of the 8th pokemon nickname, and the third block is everything else, including OT data. So you can se slots 8 to 14 have two blocks where they'd yield a bad clone, while the rest only have one. Fun fact. trying a bad clone in slot 15 will give a "very bad clone" around half of the times instead, and trying it in slot 8 may give you a bad clone with the first name letter of the original mon correct (still no padding 0x50 though).

I got the same and screwed around with the clones a bit. I was cloning a ditto and got a bad clone. While trying to use it for this method but with another item list the bad clones would glitch out even harder. I realized I could choose what pokemon it turned into by checking out its stats, cycling down the box of other pokemon I deposited, backing out to the options you get when selecting a pokemon, then going back into stat checks and cycling back up. If I chose a pokemon that could evolve and evolved it the ditto would then turn into a bad clone of that pokemon but with transform. If I didn't evolve it however the ditto would be a hybrid of sorts. Still a ditto but could be taught all the moves the pokemon it looked like could learn. This is also the only way to add a gender to dittos and get ditto eggs.

Yes, use the memory editor code from glitch city labs thread

Rena Kunisaki nah, ACE has been around for a while to access unreleased minigame and the only way to get celebi, etc.

You don't have a lot of time. You have to turn off the game a little before you would to get a good clone, but not too early, or nothing will happen. I'm having a look at how box data gets saved, and it looks like box slot #9 is the best one to try it when it comes to the time interval for a succesful bad clone, closely followed by slots #10 to #14. Edit: Boxes 8 to 14 are essentially the same. With these you have a ~20 ms success interval. With other boxes, probably around ~10 to ~12 ms. You can see it's indeed very little time.

Oh, okay. Thank you! :3

Mewshi, you have to turn off the Game Boy or reboot the game right after 「ポケモンレポートに　かきこんでいます　でんげんを　きらないで　ください」 in Japanese or "SAVING… DON'T TURN OFF THE POWER." in English is displayed. This should at least give you a good clone.

you have the best chance of bad clone if PC box has 15-18 pokemon and it wasn't full at any time EDIT: Reboot for bad and good cloning is the same - in crystal, reset 1/4 s after the fimal period in "SAVING... DON'T TURN OFF THE POWER." appears. if you want a good clone I suggest using an empty box.

This Bad Clones ACE method would be the best one I know for Crystal

forums.glitchcity.info/index.php?topic=8126.0 the code for getting any TM is only for Gold and Silver, and the code for getting any item requires TM26 which I don't have EDIT: I got TM26 by doing ????? party overloading with Ursaring. Just like in the guide for getting Mystery Eggs but I used Ursaring instead of Bellsprout because Ursaring corresponds to TM26 item ID. EDIT2: I mass-cloned TM26 for the code and it works perfectly, but there are weird sound effects when displaying the bad clone xd

ok i have managed it in german, it is same actually because of item codes

I think the No OT bad clones are a thing if you try it in some boxes due to the saving procedure intervals, but no nickname is actually what leads to the ????? nickname. If you turn off and on the game in front of the pc with a no nickname bad clone in your current box and open it, it will display as the ????? Kingdra.

Crystal_ I've gotten these before, but they crash my game if I try to view them on the withdraw screen - how can I do this? and if I can view them (very rarely, and it has to be done with them as the 6th or later Mon in the box), it keeps scrolling and scrolling, unlike yours which is only a few lines long

You will only see the very same amoutn of '?' symbols that I see if you have the same setup that I show in the video. Bad clone names are very unstable, they can freeze/crash the game easily. For the most common bad clone exploits, you would save in front of the PC with a bad clone in your current box, then save and restart and open the PC without doing anything in between. What is shown in this video is another way of exploiting bad clones.

The thing is, I finished getting everything you show in the video - the quagsire with Return in first, slam in last, spearow holding nightmare, all the items in my PC, Max elixir in the first slot of my bag, and I've tried out several different "types" of bad clones (blank name with stable summary and same level as cloned, blank name level 0 stable summary, blank name level 0 game crashing summary, broken unown). Getting nothing but Kurt asking me to make balls. And I'm only getting " " bad clones now, no matter what I try. I used to get long winded "??????????????????? [etc.]" bad clones, but now it seems like my boxes are incapable of producing them, because they were pretty dang common on my Virtual Console injection before, and I'd never get blank named ones. I don't know what to do. Do you have any suggestions? Oh, and nothing seems to change with any of the bad clones (name wise) if I save and turn off in front of the PC, they stay blank nicknamed, never changing to ?????

Crystal_ Oh, wait, do I need all 16 badges? I only have 8.