Why MissingNo Multiplies Items! 

The fact, that we're in 2020 and people are still talking about Missingno makes me very happy

this is beautiful. not only are you clever for coming to the conclusion you did, but very intelligent for your ability to communicate the behavior of the bug to an audience that knows way less about it than you do.

Every video is like watching a detective series.

I like the "how you could've found it yourself" approach as it teaches beginners how to get started in reverse engineering / research! Great Video!

as my grandpa always said :always check for array out of bound

As a fluent Z80 programmer, I could follow along perfectly with the disassembly, but you still gave some insights I could not have gotten, thank you very much. This was definitely worth the 20 minute watch.

I remember hearing that the reason those right-side tiles spawn land pokemon is because the game only uses the bottom-left 8x8 graphics tile for the "is this water?" check

I believe you were unable to rename variables because even though you disassembled the data, it was set as an undefined function. If you selected the address of the start of the function in ghidra and press f, that will define the function. After that you should be able to rename the function, variables, etc.

You're a very smart guy and very informative and great personality, i enjoy your videos.

Don't know if you plan on continuing this series but the "beat the game in 3 minutes" glitch is also pretty interesting from a technical standpoint :-)

As a pokemon fan and a software developer I must say you are an absolute madman and so admirable for exactly that, thanks for doing this!

I REALLY like that you show that you're not super knowledgeable about everything, and your process in figuring it out. Very fun to watch/listen.

You are the first person I’ve seen actually go into the code to explain the MissingNo glitch. I hadn’t even thought about why it duplicates items, I just knew it did. Keep up the good work!

I have absolutely no idea whats going on but it makes sense to me idk.

I love that both of you are doing this together. Collabs like this of this nature around similar subject need to happen more because the amount of content coming out of you two is great.

This is such an interesting approach! Although I am not much experienced with assembly (I have simply played with the basics in a CTF), this step-by-step process really helped show me both how to investigate glitches and understand what you were saying! Should the big reveal just have been given to me, I probably couldn't make out much of it! Really fun series, I have thoroughly enjoyed these past videos of yours! Keep doing this amazing stuff, LO!

You and StackSmashing breaking all this down is some of the most enjoyable content I've seen in a long time. Great analysis, thanks for making these!

7:58 The debuggers on Windows work the same way. Set a hardware breakpoint on memory access/write, causes the target be paused AFTER the access/write instruction did something to that memory (no IP register can be traced, so the debugger cannot determine what instruction is gonna do something to what memory without dynamic analysis).

Hearing you being satisfied with your findings makes me satisfied as well!

Totally agree with your points about seemingly "pointless" research. I first used Cheat Engine by following a tutorial for how to use it with the game Dink Smallwood. That made me feel like a badass programmer, so I continued on to learn all kinds of other tech stuff like Python, Arduino, Raspberry Pi, and more.

Awesome video. Enjoyed this and the corresponding MissingNo Video very much. Your explanation is very detailed and comprehensive and you really cheer one up to try to do similar research on other bugs or just simple game logic in old games. As someone who once wrote a gameboy emulator for learning purposes I can only recommend your videos for everyone who wants to become more emerged with this awesome piece of hardware.

Loved the narrative and editing. Great skills of storytelling =)

I really love videos like these even if I can barely understand them sometimes. But you do the best job at explaining without over-complicating things... Also Gen 1's spaghetti code is amazing to dissect lol.

There're so many glitches related to the workaround of hardware limitations back then, there's rarely such kind of bug now.

I love how in depth you went into the reasons the glitch effects everything. A lot of people just say "it changes these values when you talk to the old man" and didnt go into the things you can do with for instance the safari zone. I wish I knew about that years ago, would have made getting a Dratini waaaaay easier lol

Absolutely fantastic video. So satisfying to be able to follow along with the *why* this historic bug does what it does. You've been slowly kindling my interest in picking apart software to learn about it. I loved picking apart electronics and some mechanical devices to learn how things work or some tricks I could use even if I didn't understand the whole device or what specific or odd components did. Now as my journey into learning to code is continuing, instead of having to pressure myself into committing far enough into a big project or building some arduino gizmo in order to actually get some coding practice in (now that I don't have any coding assignments and am strictly self teaching and using online tutorials), I can now get some practice and learn something by just casually fooling around! Even with games!

Stunned! You made this so interesting! Thank you for your amazing work! I'm having lots of fun watching these videos!

Awesome video!! I'm so happy the time I've been spending these past two months learning about Gameboy assembly has enabled me to understand much of this video. I would have been completely lost otherwise. Really great video, thanks!!

I like how everyone is doing game boy/Pokemon/missingno videos rn, you, stacksmashing and retro game mechanics explained

The conclusion at the end is very satisfying and pleasing! Great video!

I'm impressed by the details you time and time you must have spent working on this video, thanks a lot for sharing it !

Loved this (and the previous) videos! Would love to see a similar one explaining the Super Mario Bros credits warp used in speedruns =P

Summary at the end explains the missingno bug well. Great video!

Just going to post a few more details here, don't mind me: JR LAB_rom3__76a0 is an unconditional relative jump. ADD L doesn't modify L. It adds L to A. The LD L, A does modify L, though. Yes, SRL is a logical shift right.

Used to use this hack all the time as a kid but with this video all of it is so beautiful. If only one thing had not gone wrong it would have never happened. Seems magical.

I don’t really know much with assembly (much less disassembling code), but you did a fantastic job explaining it, and the end conclusion makes sense.

I wish I could thumbs up this video multiple times. That little rant about playful research is really important for people to understand! If you're learning something, it's not a waste of time!

This made me think back to the first game I had made in C++ that had this exact problem and made the game do crazy stuff. Very cool to watch.

This is awesome work. Using a scientific approach to game hacking, you figured out exactly why a bug occurs. I didnt know about the memory bank system, thats very cool. Also high five to Ghidra for making hobbyist's lives easier

Oh boy. So far, my personal coding was some data organisation with Python and converting a few hundred text files into an Excel sheet. Still you made me (kind of) understand what was going on here. Pretty cool stuff! And pretty fascinating reverse engineering work.

As always totally excellent videos ! Keep going !!!

I have no knowledge of coding but I feel like I understood everything you said in both videos. I have no idea why but you just made so much sense.

I was trying to find a good answer to this the other day! thanks for the upload

Awesome i was waiting for this video when i found the previous yesterday c:

This was great! I know it's a while ago you did this, but I would LOVE more research-perspective game bug investigations. Perhaps you could consider doing something similar with the Ocarina of Time Wrong Warp bug? It's also pretty crazy.

im genuinely happy when i see live's new video

It’s crazy I’m working on a project right now in school where we have to reconstruct a program from assembly. Very relevant and applicable stuff. Good work on finding out this bug and satisfying all of the people who wanted to know the reason behind all this madness’

Just finished watching the first one to see this, amazing work man. Keep it up, gained a sub from me

@3:30 OMG I literally had to pause the video, I was laughing so hard. Can totally relate to that moment on so many levels - both in game and in debugging. 😆

I just discovered your channel even though i dont understand anything i still enjoy it

First video I found of yours and insta subbed.

Great video! I have always wondered why it was the 6th item when I found missingNo. Thanks guys!!

Its so cool that you are able to analyse these old games by looking at their memory allocation.. must have been a cool time as a gamedev back then

You can configure your assembly listing window to show Ghidra's IR by clicking on that window's configuration, choosing PCode ops, and "enable field". The breakdown can help you figure out what the labeled mnemonics mean without resorting to a manual. You can also right-click on the mnemonic and jump to the instruction specification in the processor manual included with Ghidra.

Epic videos my dude. You have just educated my inner child. Thank you

This video makes me really want to learn assembly... Thank you for that

I'm tore between "this is awesome" and "how could you ever let this release unnoticed", but it's still a 25+ years old game so maybe not that odd... thanks for the insight, this was really interesting!

Pretty interesting! I wonder if you'll "tackle" some of the less well-known Glitch Pokemon! Nonetheless, thanks for uploading!

Great video, very well explained. Thank you so much! Greetings from Sweden!

This was a lot of fun! Thank you!

just noticed this video was 20 minutes.. felt like 3. Amazing work.

Some people are gonna eat this up. I'm reminded why I hate assembly. Great video and good job explaining it. It's a bit hard to follow at times because I'm not up to snuff with pointers, memory, addresses and their concepts. Always good to see people with a lots of patience and competence.

Having done some SNES, N64, and PS2 ASM hacking in the past, this was an absolute joy. I audibly said... "Oh...!!" When you put together the pieces at the end. All of this time it was a simple out of bounds array, with the idea that they never intended to have 32 bytes for all possibilities of Pokemon. This was a fun mystery that you broke down. Hopefully it inspires others to follow your lead.

Awesome video! I learned a lot!

Amazing! Thank you so much for this!

Because of this serie, I started looking at the Pokemon disassembly from Pokemon red (pokered on github) and I started to learn assembly for the GB. Gbz80 assembly.

did he mention that he has never seen this assembly

It's such an elegant bug... Thanks for this extremely enjoyable explanation!

Really good Video! Keep it up!

I understand the concept of it , but I don't understand all this programming stuff , but still I love that kind of videos Thank you :)

My Brain crapped out at 16:00. But amazing video

Hey buddy, nice vid, for the grey decompiler window. This is because de function is not defined, you have to create a function here with the F keybind :) Cya

Clever analysis. I'd just assumed it was decoding the garbage sprite and cry data that resulted in the 6th item quantity being corrupted.

As always great analysis, couldn't agree more with you, that time spent fiddling around with something is worth it, since you learn so many things on your way, that otherwise only seem like abstract ideas. Nothing explains raceconditions better than injecting code into some process and having it crash hard ...sometimes... Keep it up

So just to add to this; arithmetic functions generally use the accumulation register (a) so that's why that add doesn't have , a there. Also, HL spans two registers; H and L, the gameboy has mainly 8-bit registers but also shares those to make 16-bit registers so it can do stuff with addresses.

Nice I was searching for the answer to this yesterday.

Another great video! I wonder how the save and restart glitch is working on Gold, Silver and Crystal. Do you mind making a video about it? Thanks!

You guys are great. Amazing video.

You explain this very well, you lost me in parts, but I sort of understand what's going on. I lasted until around 18:00 before I couldn't follow anymore. GG

U madman, your videos teach a lot dude

This was excellent. Thank you.

Wonderful rabbit hole! 😎

Thank you. This video was a great tutorial!

IIRC the game will place the ending "1" into the item slot, essentially adding 128 items to item stacks that do not have 128+ items in them already. The glitch will not work on any item stack that is greater than 128, and using it on an item with a stack of 127 makes that item into a stack of 255. 255 also has the same properties as the CANCEL button which lead to some of the old Pokemon Blue any% NSC routes before easy ace with maps was discovered.

Yay! A continuation!

“The seventy tooth bit”

I just started learning 6502 assembly like a week ago and am amazed, on how much I could follow with the code xD

That's a beautiful bug, it's so involved and has so many steps; that's what old school programming was all about!

I think you should check out Zelda Ocarina of Time related glitches, there are a ton of really interesting glitches like inventory manipulation or abusing cutscene pointers to warp to unintended locations. Even a few months ago, they discovered how to execute arbitrary code and functions in the game to basically do anything they like. I think it'd be really amazing if you took a look at this game!

The Game Boy (and Game Boy Color) uses an instruction-set that is mostly like the 8080 and z80. This family uses 8-bit registers (except PC and SP, which are 16-bit), but for some instructions you can use 16-bit pairs (AF, HL, ...)

This is amazing. Hits right in the childhood

15:30 you are a great editor!!!!!

Hello. I am currently reverse engineering and annotating minish cap in ghidra. These are some of the methods I use to analyze the program :) Gb and gba use a lot of bitwise functions since space was so tight back then; bitfields are used all the time! It can be frustrating trying to understand all of the shifts ands and ors etc.

Hey, at 01:16 there's on the screen that 0xff = 256, but 0xff = 255, just wanted to point that out :)

This is so cool to see in action! If you didn't know, it's actually possible to duplicate TWO sets of items by replacing the already duped item with another item that has yet to have it's bit flipped during battle. When you catch missingno, that same function must be performed in the process of updating it's Pokedex entry, but instead of listing it as "seen", it gets listed as "caught". The game then forgets that you even saw missingno since the data for that would normally be referenced in the Pokedex data, which explains why this can be repeated multiple times through various wild encounters with missingno. That's probably not 100% correct, but that's my educated guess :)

A video on your enviornments and go-to toolchains would be great!

If you also want to read the assembly for the mentioned functions (in a commented and somewhat structured form), here are some links to PokeRed: LoadEnemyMonData: (handles the pokemon encounter, calls the Flag function below) github.com/pret/pokered/blob/606df6a317df7c8d076410e8189f7e0a7782b530/engine/battle/core.asm#L6200 here's the code that handles the IndexToPokedex-conversion and set's the flag: github.com/pret/pokered/blob/606df6a317df7c8d076410e8189f7e0a7782b530/engine/battle/core.asm#L6337 IndexToPokedex: github.com/pret/pokered/blob/606df6a317df7c8d076410e8189f7e0a7782b530/engine/menu/pokedex.asm#L649 Flagging-Function (also takes in a 3rd input value, the B register, which contains clear, set or read) github.com/pret/pokered/blob/606df6a317df7c8d076410e8189f7e0a7782b530/engine/flag_action.asm#L1 predef seems to be the bank-switching function, which is structured as a macro (?) in Pokered: github.com/pret/pokered/blob/6ba3765c5932996f5da6417ae703794ff10bb1cb/home/predef.asm Thanks for these two great videos! I had a lot of fun watching and now reading the assembly.

Great explanation. I wonder if they just accidently made Cinnabar 1 tile smaller on the east coast and didn't tell whoever programed the overwrite tiles. Make me wonder if there are any instances of this near other coastlines.

I like that after all of this desassembly you make me feel like a nerd knowing that arrays start at 0.

I personally found a bug along time ago to give your pokemen unlimited hp. It could be used to further this research, if you're interested. And this bug has possibly never been released, until now. As I'm the one whobpersonally discovered this bug by pure accident back in grade 6. Though I'm not sure, this bug is probably already, but here it is; I can't remember exactly how to do it because it was like 2 decades ago, but I think the trick was a Lil sumthin like this. 1. You need to start by doing this same missing no glitch (as most of us know each save file gets its own randomly selected pokemen that can be a lvl that is over 100.) 2. Catch the bugged lvl pokemen. 3. Lvl the bugged pokemen to max lvl. (THIS IS WHERE EVERYONE THOUGHT THE GLITCHES STOPPED) 4. (this next part is the part I accidentally discovered) After steps 1-3 are done: trade the pokemen to a different game via the ol link cable, then trade it back. The pokemon will lose lots of lvls after the trades, but the hp will remain as if it didn't unlvl. 5. Lvl the pokemon back to max lvl then repeat step 4... Everytime you lvl then do the trade and trade back it allows you to infinitly?? Keep increasing the hp everytime steps 4+5 are repeated. I never knew this random bug I found 20 years ago could possibly be useful for awesome research like this my dude..