Information Consolidation of all of my posts:
Battle Video Card Structure
- VS Recorder data in the 5th gen is stored a little bit differently compared to the known Platinum convention (research done by NulMyre).
- 512 KB Save File offsets:
- 0x0004A000 - Native Battle Video
- 0x0004C000 - First Battle Video
- 0x0004E000 - Second Battle Video
- 0x00050000 - Third Battle Video
- Example Videos, extracted from the save file with HxD (Offset Range Copy), Decrypted are from RAM dumps.
- Each video is 8KB spaced, but occupies 6420 Bytes (down from 7520 in last gen).
- Jenn - Video 1 || (Decrypted Jenn Video)
- James - Video 2 || (Decrypted James Video)
- Frank - Video 3 || (Decrypted Frank Video)
- Native Video 1 || (Decrypted Native Video 1)
- Native Video 2 || (Decrypted Native Video 2)
- Native Video 3 || (Decrypted Native Video 3)
- I cropped the remaining FFs from the end of the videos, as they aren't used. Down from 8192 bytes.
- Research RAR
Battle Process StructureSpoiler
PKM Data Structure (.bpkm)Spoiler
Trainers BattlingSpoilerClosingSpoilerSpoiler
My posts before the last edit date may not be current information.
Last edited by Kaphotics; Jun 14th, 2011 at 05:13 PM.
OLD
Did some looking into in the RAM (I know it's not save related but does give some insight as to what is inside the saved video).
VS. Recorder Screenshots of the Battles and Trainer Profiles (data stored on card)
RAM Offsets of Important Information (PKM and Trainer):Spoiler
Team Lineup and OT Trainers of Jenn.vrd in the RAM:Spoiler
Pokemon Data in the RAM -- woo!Spoiler
Spoiler
Last edited by Kaphotics; Jun 14th, 2011 at 12:28 AM.
OLD
Alrighty, after spending more time with the RAM and a few battle videos I have found out how it operates. The Pokemon Data in the RAM was only the tip of the iceberg on what was contained within
Upon clicking on a battle video, the entire encrypted battle video (which I have a few uploaded in the first post) is loaded into the RAM at offsets (0x0226BA0????).
It remains there in its entirety for a split second (one or two frames, 1/60th of a second), in which it is decrypted and left there for easy access.
If you dump the memory and copy the offsets for where the encrypted/decrypted battle video was (like in HxD), you can then just separate it out like I did from the save file. The Encrypted battle video is exactly the same, and the Decrypted battle video is the same size as well.
I would upload a decrypted battle video, but I am only able to post currently (I will upload stuff when I can).
Approximate Layout:
===========Code:Trainer Profile FFFFFFFF Battle Video Summary == Battle Moves/Etc PKM Trainers Closing
Pokemon Data occupies 112 bytes of data for each PKM. Strangely, it includes the ingame Stats. In the decrypted battle video, they start at 0xD00. They are there for 6 Trainer#1 PKMs, then there is a 4 byte (Max/Current PKMs Present) gap in between, then the Trainer#2(opponent) PKMs are there.
===========
Battle videos can be copied on top of the others. If you copy Frank's video onto another save file's appropriate offset (to overwrite the previous video), it can be viewed in game as there is no overall checksum on the save file to check (heh). I was able to make Frank's battle video occupy all 3 slots on the "Other Videos" menu (and viewing worked of course).
===========
Confirmed the native battle video locations via battle subway.
===========
I'll have more things (offsets/structure of bpkm) when I am able to upload stuff
I don't know how to make programs/make something to decrypt
Last edited by Kaphotics; Jun 14th, 2011 at 12:28 AM.
Interesting stuff here. Did NulMyre's program decrypt the videos or just backup/restore them?
It would have to decrypt it if you can extract the pokemon from each video.Originally Posted by Poryhack
NDS and GBA Save Converters
Number 8 in the List of members sorted by post count.
(Newsbot doesn't count, because it doesn't have as many posts as what is listed)
Research RAR'd up, includes battle pkms, more encrypted videos and everything else that follows and more.
This was done without using NulMyre's program as the structure is entirely different, all that I used from it was the decompiled java just to see how it worked in Platinum.
Decrypted Jenn Video
Overwriting Battle VideosSpoiler
Reading the BPKM data from the RAM (identical to the decrypted data)Spoiler
Code:A little tutorial on accessing data within a Battle Video: Upon loading the battle video, the game loads the entire VRD at 0x0226AFAC. The video is loaded in its encrypted form, occupying 0x0226AFAC-0x0226C8BF Guess what, it gets decrypted by the game. Huzzah! While in DeSmuME, Open Memory Viewer at the Battle Video Screen. Dump All. Open .bin in HxD copy the offsets: 0x0226AFAC-0x0226C8BF Into a new file. Bam, decrypted VRD, aka DBV (decrypted battle video) Now to make sense of what the data is inside! Program Implications: There are no checksums on the entire save file in regards to Battle Videos. If you overwrite one video in the save with another downloaded one, it will be viewable instead! Backup and Share them!Code:Battle Video Structure: Surface Summaries Moves Pokemon Trainers Closing Summaries (???)Some Offsets within the Battle Video that define visual cues:Code:Battle Video PKMs are 112 bytes long (not all data is present!!!) Offsets in Decrypted Battle Video: 0XCFC: Max Present PKM 0xCFE: Currently Present PKM PID 0xD00 + 0x70*pkm Species 0xD06 + 0x70*pkm Held Item 0xD08 + 0x70*pkm Trainer ID 0xD0C + 0x70*pkm Trainer SID 0xD0E + 0x70*pkm Happiness 0xD14 + 0x70*pkm Ability 0xD15 + 0x70*pkm HP-EV 0xD16 + 0x70*pkm Atk-EV 0xD17 + 0x70*pkm Def-EV 0xD18 + 0x70*pkm SpA-EV 0xD19 + 0x70*pkm SpD-EV 0xD1A + 0x70*pkm SpE-EV 0xD1B + 0x70*pkm Move 1 0xD1C + 0x70*pkm Move 2 0xD1E + 0x70*pkm Move 3 0xD20 + 0x70*pkm Move 4 0xD22 + 0x70*pkm PP 1 0xD24 + 0x70*pkm PP 2 0xD25 + 0x70*pkm PP 3 0xD26 + 0x70*pkm PP 4 0xD27 + 0x70*pkm IVs 0xD2C + 0x70*pkm Gender Forme 0xD30 + 0x70*pkm NickName Field 0xD32 + 0x70*pkm OTName Field 0xD48 + 0x70*pkm PokeBall 0xD58 + 0x70*pkm Origin 0xD59 + 0x70*pkm (01 is Japan, 02 is English) Level 0xD60 + 0x70*pkm BatlStat(maxHP) 0xD62 + 0x70*pkm BatlStat(curHP) 0xD64 + 0x70*pkm BatlStat(AtK) 0xD66 + 0x70*pkm BatlStat(Def) 0xD68 + 0x70*pkm BatlStat(SpA) 0xD6A + 0x70*pkm BatlStat(SpD) 0xD6C + 0x70*pkm BatlStat(SpE) 0xD6E + 0x70*pkm For Enemy Pokemon, add 4 to the base offset as the max/current PKM present shifts it as well.
Code:0x00-0x0F - Trainer Profile (Owner of Video) 0x10-0x25 -- Trainer Profile Data 0x10-0x13 - Trainer PID 0x14 - Trainer Gender (00 Male 01 Female) 0x15 - Trainer Birth Month 0x16 - Trainer Avatar 0x17 - Trainer Nation 0x18 - Trainer SubLocale 0x1C - Trainer Pokemon Displayed (Half Word) 0x1D-0x25 - ??? 0x26-0x6F -- FF Pads 0x70-0x7B -- Unused/Unknown 0x80-0xAX -- Battle Overview Data 0x80-0x8B - Team#1 0x8C-0x97 - Team#2 0xA4 - Battle # (Subway Streak) 0xA6 - Battle Mode(???) 0xA7 - Game Modes (Launcher?) 0xB8-0xBC - Battle Video ID(???)
Copying the Native Video onto the Other Videos works:
Spoiler
Comes with it's own blank trainer profile!
SpoilerCode:Viewing your own native video has the game load the encrypted one too, it then generates your Profile when it decrypts. Static Locations The value at 0xA8 must match the decrypted value at 0x189C, which is (always) 81 E2. This signifies "end data"? The value at 0xAA must be 00 64. The value at 0x18A6 must match the value at 0x1900. The value at 0x18A4 is battle video # (1-native/1/2/3) The Value at 0x1904 is 01 00 00 00 14 19 00 00 27 35 05 31 (decryption vars?) The value at 0x00C0 is a checksum The Value at 0x18A0 is a checksum The Value at 0x18A6 is a checksum The Value at 0x1900 is a checksum The value at 0x1912 is a checksum Encrypted Region The first value different between Encrypted/Decrypted is 0xC4 The first value that is the same after 0xC4 is 0x18A0
The region 0xC4-0x189F of the decrypted battle video CRC16-CCITT checksum is at 0x18A0.
This spans the only region of data that is different between Encrypted and Decrypted.
Any idea how to decrypt this without the use of an emulator?
well you need the save file to get the video on file.
No idea how to decrypt without an emulator.
I see. No problem.
I looked at the decrypted data, but the only thing I could identify was the value at 0xF0. This seems to be controlling the battle BGM.
Did you make any progress? I really would like to know more about the Battle Process Structure.
Nah I haven't been looking at Battle Videos, trying to finish up on some RNG things for the Smogon Community
BGM = background music? If you could go a little more in depth with what you've found / how to abuse it, we might start to get some Video modding codes like in the HGSS era of display modding.
I will shift my focus back to this after that is done, thanks for your interest/help!
When you are at the point where you can press play on the video, you can modify the values of the decrypted battle video.
0xF8 - Battle Duration (Hex Length)
Moves are (almost) immediately after, obviously.
Turns appear to be 0xB long.
Moves:
I messed around with 0x14D, and was able to change the move the Pokemon did.
0x0226B0CD = mymove on move 3
0x0226B0F9 = mymove on move 6
These may be different depending on the battle video in question.
Some more decrypted battle videos:
http://dl.dropbox.com/u/12206225/Bat...af%20Blade.DBV
http://dl.dropbox.com/u/12206225/Bat...aze%20Kick.DBV
http://dl.dropbox.com/u/12206225/Bat...Earthquake.DBV
save states
They are all from the same battle, except with different endings.
For the first one (Leaf Blade), I did not switch and used Leaf Blade to finish off the Pokemon.
For the second one (Blaze Kick), I switched to Blaziken. The next turn, I used Blaze Kick to finish off the Pokemon.
For the third one (Earthquake), I switched to Gyarados. The next turn, I used Earthquake to finish off the Pokemon.
Here's when I modified the 6th turn move:
Spoiler
Here's when I modified the 3rd turn move:
Spoiler
Fooling around with the RAM part 1, translates to the Battle Video data...
Spoiler
Last edited by Kaphotics; Jul 24th, 2011 at 04:41 AM.
Figured out how to change the background / pads of the Battle!
0x0226B08C, whole word controls the background. Still haven't figured out how to control it to my desires...
Spoiler
Background Decimal Numbers (assorted good looking)
Last edited by Kaphotics; Jul 24th, 2011 at 05:45 AM.
Posting Permissions
View Profile
View Forum Posts
Private Message
Visit Homepage
Reply With Quote
Bookmarks