Jump to content

Gen 3 Event Generation Algorithm Research (10ANNIV, etc)

Invader TAK
 Share

Recommended Posts

  • Replies 418
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Sabresite
Sabresite

I cracked the PCNYabcd algorithm! It uses a variation of BACD algorithm with unrestricted seeds. PIDH is xor'd against PIDL, TID, and SID. This algorithm makes antishiny detection easier (PIDH is

HaxAras
HaxAras

I'll be paying serious money for any and all carts that I buy in the future as well. I don't care about the perceived value of something in somebody elses collection or the value to some seller. Infor

Soniktts
Soniktts

edit

Posted Images

HaxAras

HaxAras

Posted
Posted
4 hours ago, Sabresite said:

IIRC Stamp Pokemon have all IVs of 0? Can someone confirm it for me?  And reading through the code for NegaiBoshi, I wouldn't be surprised if something like that did happen since setting the flag to the wrong value would indicate you are providing IVs, when you might have meant to generate them.


EDIT: I might be thinking about E-card pokemon.

The Colosseum E-reader mons have 0 IV's in all stats. Set genders and natures but they can be shiny. 

  • Like 1
Link to comment
Share on other sites
  • evandixon unpinned this topic
  • 2 months later...
Guest

Guest

Posted
Posted

I want to give an small update on the research but before that I want to mention something that boggles my mind for a while and I just had been given an ok to talk about this in public.
I was talking with a former employee from Nintendo. The one I mentioned before who had a copy of an Aurora Ticket cartridge that was identical to what was leaked end of last year.
There is no such a thing as an individual "fingerprint" as I already said before. What people believe are fingerprints is not unique per cartridge. It's likely an identifier that is only unique per rom version.
But there are quite a few copies of each version as we already know. We are not sure how many of them exist at this point, but that's not too important. 
The point is there is no way Nintendo would care or be able to use this information to trace back where and who these cartridges leaked and if they wanted to do so they already would have done that.
It also must be said that this has been over 10 years ago... so why would Nintendo care about something that happened a long time ago and doesn't affect their daily business?

Speaking of the research, there are still some unsolved questions when it comes to seeding procedures.
It looks like some Events I collected having incremented seeds, which could indicate that there are more Distribution cartridges with an RTC.
I'm actually pretty sure that this is the case. Is there anyone here who knows about this? 

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

There definitely is an individual fingerprint in most distribution systems including the devcart DS ones.
This was already confirmed independently, so please don't spread false information...

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

So then how do you want to explain why the rom I saw was identical to the one that was leaked last year?
And it came from an completely independent source. I'm very curious about how you want to prove that these cartridges are unique. 
The thing is after it was leaked last year I was asked if I know about it, simply because it was exactly the same rom. 

Edit:
Also I heard different things about DS distribution carts, but I can't say much about this at this point. Since I haven't seen it myself.
The reason I was posting it is because since this rumor was spread there seem to be insecurities about wether a copy of an distribution cartridge is legit or fake.
I just wanted to say that these bytes are nothing but an identifier that's unique per rom version, not per cartridge. That's a huge difference.

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

I've seen byte differences across multiple Auroraticket cartridges, even years ago. And this includes the leaked one.
My theory is that the "completely independent source" is either part (or a victim) of the repro cart scam that was going on.

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

That's impossible since the source is an former Nintendo employee as I already said.
He got these cartridges firsthand. It's someone I was getting in touch with during the Mystery Gift Research.
Can you say what multiple means in terms of numbers? Just approximately...

Edit:
Sorry that I can't say much about that person.
I hope you can understand.

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

If the leaked Auroraticket rom and the one your employee source has is in fact a 100% match, then there's definitely something fishy going on...
I've seen the data of two distinct cartridges in person, and got confirmation for one other.

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

Yeah, that's the thing. If the identifier would be this unique then this would be impossible, right?
By the way, according to this person the cartridge was never traded or sold, always kept in the same private hand.
I saw it and I had to make an agreement that I won't share it or talk about it back then.
But I think it is something that should be talked about. Especially since people blame each other after the leaks.

Link to comment
Share on other sites
Sabresite

Sabresite

Posted
Posted
1 hour ago, Purin said:

If the leaked Auroraticket rom and the one your employee source has is in fact a 100% match, then there's definitely something fishy going on...
I've seen the data of two distinct cartridges in person, and got confirmation for one other.

2 independent sources own 10 anniv / aurora ticket carts and dumped their roms. I compared them and they were the same to each other (respectively). While It is possible someone got a fake copy, this was at a time before it was public.  Both source thought they were the only ones with the physical cart.

 

I asked @Bond697 about those 12 bytes and he pointed me to a site outlying rom section formats for the GBA dev kit. And iirc that field was described as an identifier. I can see the confusion in thinking it could be a hardware or serial identifier, but that is not what that means. If I am remembering correctly it was a code section identifier or something like that.

You have to also think about the manufacturing process. If only a few are made, you can't just swap the roms out mid-production. But if you make let's say 1500 for best buy, and 2000 for toys r us, then maybe you will tag it for each company. MAYBE. Usually it is too expensive to do even that.

  • Like 3
Link to comment
Share on other sites
Guest

Guest

Posted
Posted

Well, the same pattern is also true with 10ANNIV and Aura Mew. Multiple cartridges from the very same events NEVER had the exact same bytes. I didn't see this even once.
What's more, we already know there's at least one person out there making fake reproductions...

But feel free and believe what you want. I've seen, with my own eyes, more than enough proof to convince me for active per-cartridge fingerprinting.

Link to comment
Share on other sites
Sabresite

Sabresite

Posted
Posted
1 hour ago, Purin said:

Well, the same pattern is also true with 10ANNIV and Aura Mew. Multiple cartridges from the very same events NEVER had the exact same bytes. I didn't see this even once.
What's more, we already know there's at least one person out there making fake reproductions...

But feel free and believe what you want. I've seen, with my own eyes, more than enough proof to convince me for active per-cartridge fingerprinting.

Even if it is, I don't think anyone cares or has records 10+ yrs later.

Link to comment
Share on other sites
HaxAras

HaxAras

Posted
Posted
1 hour ago, Purin said:

Well, the same pattern is also true with 10ANNIV and Aura Mew. Multiple cartridges from the very same events NEVER had the exact same bytes. I didn't see this even once.
What's more, we already know there's at least one person out there making fake reproductions...

But feel free and believe what you want. I've seen, with my own eyes, more than enough proof to convince me for active per-cartridge fingerprinting.

Weren't there multiple 10th anniversary carts? Top 10 distribution and the original? What are the chances of also having seen a Nintendo of Italy cart compared to Nintendo of North America or Germany? I don't know all the branches of Nintendo.

Link to comment
Share on other sites
Sabresite

Sabresite

Posted
Posted

@Purin,

If the distribution carts were loaded in-house (literally at the office with a dev kit), then it would make sense to have multiple identifiers, but not all will be unique. That is because they would have compiled the ROM on each computer using the dev kit, which makes a specific build identifier, and used that to load the carts.  With 3-5 PCs, you can load 500+ carts in a few hours and you would have 3-5 separate identifiers.

Still not traceable though.  Engineers are notoriously lazy too (personal experience here with myself too).  They delete files they don't want anymore.  They don't migrate files to new PCs cause they don't want to deal with legacy stuff.  They throw projects onto tape drives and literally store them in a closet to rot.  And they never keep track of their own code let alone project builds.  And back in 2003 I doubt they used control systems for compiled ROMs.  Code maybe (CVS), but not ROMs.

There is LOTS of evidence (especially in the code) that the distribution carts were the worst hack job in the world.  They didn't even test them thoroughly.  Literally some junior copy/pasted some code they found. redeemed a single pokemon and declared victory.  Even in 2005/2006, a late mew distribution used jirachi code and mew code together, despite having the aura mew code available.  Probably because the guy making the standard library (gcea/misturin/10 aniv/etc) was not the same guy who was asked to make the other mew.  So the guy used legacy code he found somewhere from 2003, most likely the ruby debug commands (as we know mystry mew also uses old as shit generation).

  • Like 1
  • Hahaha 1
Link to comment
Share on other sites
HaxAras

HaxAras

Posted
Posted

I was reading posts on the Pokemon ribbons discord server and something about Japan not having an E-reader Eon ticket came up.

Originally I was thinking of the possibility of mixing records between an English and Japanese Emerald and a Japanese Ruby. Using 2 link cables and 3 GBA's. But then it crossed my mind. If that works, could you send an English Eon ticket to the Japanese games?

 

The reason this crossed my mind was the possibility of sending Regi dolls easier. I don't know how the games handle the situation of 1 compatible game and one incompatible.

Link to comment
Share on other sites
Sabresite

Sabresite

Posted
Posted

I cracked the PCNYabcd algorithm! It uses a variation of BACD algorithm with unrestricted seeds. PIDH is xor'd against PIDL, TID, and SID.

This algorithm makes antishiny detection easier (PIDH is less than 8 before alterations)  and presumably if the pokemon becomes shiny, it could be easily modified. I don't have any specimens that require antishiny though.

 

A few factors prevented this from being detected earlier. Mainly it was a bug in my check code from 2013. The check code didn't matter prior though cause it turns out almost all of the PCNY I received from people were hacks. The pokemon from Pokemon Secure are mostly hacks too.

And of course the pokemon from GameFAQs on the box save are all completely legit. This is despite Pokemon Secure and others saying they werent.

  • Like 6
  • Thanks 1
  • V-Wheeeeeel!!! 1
  • Amazed 1
  • Proud 2
Link to comment
Share on other sites
HaxAras

HaxAras

Posted
Posted (edited)
13 hours ago, Sabresite said:

And of course the pokemon from GameFAQs on the box save are all completely legit. This is despite Pokemon Secure and others saying they werent.

B|

 

They sat untouched for 11 years before I found them. I met one other person who knew they existed. He claimed they were fakes. He was also from Pokemon Secure. Which is even more hilarious since theirs were more fake than anything. He claimed he got in contact with the original uploader: who apparently couldn't remember if they were fakes or not. 

Edited by HaxAras
  • Like 1
  • Hahaha 2
Link to comment
Share on other sites
YoshiMoshi

YoshiMoshi

Posted
Posted (edited)
On 9/7/2017 at 3:51 PM, Sabresite said:

@Purin,

If the distribution carts were loaded in-house (literally at the office with a dev kit), then it would make sense to have multiple identifiers, but not all will be unique. That is because they would have compiled the ROM on each computer using the dev kit, which makes a specific build identifier, and used that to load the carts.  With 3-5 PCs, you can load 500+ carts in a few hours and you would have 3-5 separate identifiers.

Still not traceable though.  Engineers are notoriously lazy too (personal experience here with myself too).  They delete files they don't want anymore.  They don't migrate files to new PCs cause they don't want to deal with legacy stuff.  They throw projects onto tape drives and literally store them in a closet to rot.  And they never keep track of their own code let alone project builds.  And back in 2003 I doubt they used control systems for compiled ROMs.  Code maybe (CVS), but not ROMs.

There is LOTS of evidence (especially in the code) that the distribution carts were the worst hack job in the world.  They didn't even test them thoroughly.  Literally some junior copy/pasted some code they found. redeemed a single pokemon and declared victory.  Even in 2005/2006, a late mew distribution used jirachi code and mew code together, despite having the aura mew code available.  Probably because the guy making the standard library (gcea/misturin/10 aniv/etc) was not the same guy who was asked to make the other mew.  So the guy used legacy code he found somewhere from 2003, most likely the ruby debug commands (as we know mystry mew also uses old as shit generation).

I think your talking about the AGB gang writer? Yea it could flash multiple from what I've read. All the pictures I've seen of it have 404, but it's similar to the N64 gang writer for flashing the prototype long carts. At least this is what I've determined. Insert one cart copies to the other or some sort. Below is apparently the N64 one. GBA had a similar one as the AGB gang writer. But I think this is the concept we are working with here, a gang writer was used.

gang writer.jpg

well at least the original ones that were copied. LOL "Original" ones, but since all of them are all copies of one... the only "legitimate" part of it would be whose copying it and if they used the official hardware. For example if I were to copy a ROM onto a GBA prototype it's "illegitimate" but that is what was originally done by the developer? So the only difference is who copies it.

Anwho i think these devices are very hard to find, and the original software used to copy and dump very had to find

probably long gone to find the original gang writer and software

probably different bits from different batches or something

IDK just figured I'd share about the gang writer.

Edited by YoshiMoshi
  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...