I am releasing the source code for the @gamesdonequick.com
2026 Pokemon Heartgold/Soulsilver ACE demo:
github.com/DevreeseJori...
Expect an update to the ReadMe with some installation details soon.
Was a pleasure working with you as always Swift ❤️
I made the custom sprites for this! Huge thanks to RETIRE for being able to put all this together, here’s a picture of when I was actively working on the sprites too :D
... Yeah, we're pretty sure that's actually never happened before. #AGDQ2026
Incentive is met! Everyone, enjoy the show :)
Thank you Matt! I happened to catch your donation in passing ❤️
Let's meet the HGSS Arbitrary Code Execution Demonstration together! I promise, from unbiased source, that it will be worth it! #AGDQ2026
www.twitch.tv/gamesdonequi...
It's that time of the year again. I have cooked something special for @gamesdonequick.com :)
Autocorrected, not walkable*
So there is no actual control. There happen to be 8 manipulations for getting a grass mud tile, and one of them just happens to meet these ridiculous requirements. Note that I was not actively looking for this arrangement, I just tested all 8 results manually and found the spinner bug as a result.
Thing is, while we have 'tile manipulation' to get tiles in the void, this is really just a luck of the draw. You read uncontrollable texture data, and I just wrote a brute forcers that found all texture data/chunk allocations and returns a list of maps to reload in and get the desired tiles.
Now, after the mud tile you'd then need another tile with a collision value that makes it in walkable, so you stop spinning and stay in the mud tile.
The odds of that are 1/(265 * 2 * 256 * 2), or roughly double that depending on how the spinner tiles bug glitch operates.
Thing is, these do not allow you to enter them while you are on a bike. There is however a unique glitch that can get around this. A spinner tiles can force you into any tile. Not sure if this is because it always moves one tile, or because it only checks collision values and not unique properties.
The requirements for this setup are really tight. Usually all encounter tiles fail to function with the Pal Park menu, as they are checking for gen 3 Pokémon to migrate. One exception to this is the is mud grass tiles from Great Marsh. You can wiggle in them to get an encounter.
Found a 1 in 262.144 chance to exist setup that allows us to get wild encounters while having the Pal Park menu AND on the bike.
My goal is to use this to load battle data to read for the new speedrun ACE setup, this would save 10 minutes and be faster than the current TAS ACE setup too.
Cuts out getting cacturne, noctowl, machoke, link searcher (-3 gyms), silk scarf, watching the contest cutscene... Maybe even dot artist if we really want to go all out on speed. (Probably not outside of speedrunning).
Will require a specific playername and a longer void route (except for JP rev 5)
The rule of releasing a setup is that you obsolete it within 3 hours of its creation right? Pretty sure I can create a setup taking less than 90 minutes from a fresh save. Aka, Speedrun + 40 minutes or so, based on the TAS setup with this new Item bootstrap.
Gotta probably run the brute forcers for pearl details, but here's the new setup.
www.craft.me/s/330jTbOzhF...
Couple weeks, on and off. Most time was spent writing brute forcers
The jumps finally reach somewhere I control, dot artist, and execute that at the end. So yes
I wrote a brute forcer to manipulate in-game trades with specific held items/levels and met dates to get their encrypted data to read a jump instruction, reading the next Pokemon's PID as a fully controllable jump.
To get around the ASLR issue, I spawn a new script process on top of the current one, and that one won't be affected by ASLR and its entry point can be controlled to some degree as you can give the script index to use. Then with some luck I can jump to box data, last 2 bytes of a pokemon.
The main difference is what data gets executed, it completely removes hall of fame entries in favor of item data allocated when you have a trainer battle in certain maps. This was already used for TAS, but could not be made consistent due to ASLR... Until now.
Had tried to get this to work: github.com/keystone-eng...
But I'm being bottlenecked by ref and ffi being impossible to compile on modern node. Probably need to update to ref-napi and whatever ffi alternative there is.
Trying to get keystone's NodeJS bindings to function with a non-ancient, undocumented and deprecated version. Anyone have alternatives for JavaScript ARM (vt5/thumb) assemblers?
Give me a few days to iron out the details further, for now you can use the old setup if you want: www.craft.me/s/HTe6sst8Gf...
I sadly obsoleted Pokemon League :p RIP muted nurse Joy
New setup... 100% chance of working from a fresh save file. 1.5 hours saved over the previous setup. Also made it so the bootstrap installs Mystery Gift ACE immediately.
It will also cut out RNG/external trades entirely, and no longer cause sequence breaks.
Due to how encryption works, as long as the checksum and input data at an offset is the same, the output is too. So I can create 1 setup, with the only difference being the trademon details for each language.
Creating an ASE setup cutting out ~3 hours of setup time.
Instead of using jumps, it spawns a new script process with a custom event index with item data.
It then reads encrypted pokemon data as the script offset. This data is manipulated through brute forcing modifications to in-game trades.
