AR Code Help

[liaF cipE]

As is probably evident by now, I really do not know a lot about what I am doing, mainly because my programming experience is with stuff like C++ and Java…

Yes, I do know basics like what hexadecimal is, AR codes are CPU instructions, etc. But I lack on some of the more advanced stuff and notations, and I am not sure of exactly where I stand in terms of how much I know.

For example, I don’t really know what

00013 022349D4 d h 0 Slot1 PID(W)

means, or how I can change that to give the hex address/1st chunk in an AR code line

(Is it 022349D4? Does that number need to be changed somehow?)

As such, here is a list of what (I think) I know, and what I need:

Know:

-The main portion of the code will be from assembler, which will read and write values from hex addresses on the cart’s RAM, dictated by setting the Hex address for a value as the absolute address in the assembler code

-The assembler code will also read and write values on to the AR itself, (like R1 and stuff) which should have the right value when used with a complier designed for the AR.

(I’m not entirely sure about this bit, and I suspect I will have to temporarily store values somewhere on the game’s ram, like the output of a sum that I need to modify more before it goes into another spot on the cart) (If anyone knows a good assembler compilier for the AR/BW, I would be glad to know )

-I am using this nice code from Bond697 to run the assembler code on the AR:

94000130 FFFB0000(run on hitting select, can be changed to whatever)

023FE074 012FFF11

E0000000 0000XXXX(the Xs here are the number of bytes being run in total, 4 per word)

AAAAAAAA BBBBBBBB

CCCCCCCC DDDDDDDD

EEEEEEEE FFFFFFFF

GGGGGGGG E12FFF1E

Which runs the code from the AR memory, so there are no issues with storing the function somewhere

-Lines in the AR code that change a value at a hex address like 12234A44 0000XXXX change the value at the hex address 12234A44 to 0000XXXX, so I can have 12234A44 as the absolute address in assembler and have the assembler code read and write to the same place as the AR code.

(I’m not 100% on this. If the 12234A44 value needs to be modified to give the hex address, please tell me what the formula/algorithm is to transfer from 12234A44 to the proper hex address)

-How to write to the values of the 1st pokemon in the party for current and max HP, Atk, Spl Atk, Def, Spl Def, and Speed, which is done by inputing the number I want xored with the value for 0 (got it from pokegen) at the following hex addresses I got from Delta Blast Burn (in AR code form):

12234A42 current hp (lucky guess on my part)

12234A44 atk.

12234A46 (max) hp

12234A48 def.

12234A4A sp. atk.

12234A4C speed

12234A4E spl def

-(I will be fine with the writing of the assembler code and the algorithm of the code once I have the info I need. I don’t know all the syntax off the top of my head, but I know where to get any help I’ll need with the stuff pertaining only to assembler)

Don’t know:

Note: If some sort of short hand notation/formula is used as an answer, that’s great, but please also include how I go from the short hand/formula to the thing I need, like the hex address.

Also, a resource where I can get the information from is fine as an answer.

(As you may see, I need a lot of hex addresses. I thought I could use pokegen, which worked fine for the stats, but for most of the values I wanted changing one of them altered the same 30 lines of AR code each time, so I had no idea how to isolate each individual variable. Ie: happiness, nature, ivs and evs all changed the exact same 30 lines... :confused:)

-The hex address (read) of the nature value for the 1st party pokemon, and how to transform the raw number into something more usable. (Is it the encryption thing with the PRNG?) (I found something that says it is the 41h value, but I have no idea what to do with that)

(I think the fixed numbers should look like this:

0x00Hardy

0x01Lonely

0x02Brave

0x03Adamant

0x04Naughty

0x05Bold

0x06Docile

0x07Relaxed

0x08Impish

0x09Lax

0x0ATimid

0x0BHasty

0x0CSerious

0x0DJolly

0x0ENaive

0x0FModest

0x10Mild

0x11Quiet

0x12Bashful

0x13Rash

0x14Calm

0x15Gentle

0x16Sassy

0x17Careful

0x18Quirky

)

-The hex address (write) for the happiness value of the 1st pokemon in the party, and how to change the value I want before it is written to that address.

-The hex addresses (read) for the iv’s and ev’s of the 1st pokemon in the party, and how to transform the value to give the proper number. (ie 31 or 252, not 0x8F72 or something like that) (Does this use the encryption?)

(I also found stuff here: http://www.projectpokemon.org/wiki/Pokemon_NDS_Structure#Unencrypted_bytes

but I do not know what to do with those to get the 1st party pokemon hex addresses)

- The hex address (read) for level, how to tranform the value into the actual level, etc..

If it helps, the code will only be used on pokemon made in Pokegen, so things like location and PID will be constant. The code just needs to be flexible wrt level, iv, ev, and nature.

I thank whoever helps me in advance. (Especially since it will probably be the same people, and I’m sure they are starting to get annoyed by now…)

[Bond697]

everything you want to change is encrypted. since you're proficient with java/c++, your best bet is to read about how the encryption works(i think there's a wiki article) and write an app to decrypt the pkm and the re-encrypt it so you know what values you want to change to what. however, if you want to somehow reuse an ar code that does this, that's a much different vastly more challenging story. is this something just for you or something you're making for a lot of people to use? if it's the former, doing so might be a bit easier. we can just cut out the encryption.

e: well, you would need to use the cut encryption on a new game or edit all your pokes to not be encrypted. if everything isn't encrypted with the 4th gen rng, but the game tries to decrypt with it, Bad Things™ will happen. srsly.

[liaF cipE]

everything you want to change is encrypted. since you're proficient with java/c++, your best bet is to read about how the encryption works(i think there's a wiki article) and write an app to decrypt the pkm and the re-encrypt it so you know what values you want to change to what. however, if you want to somehow reuse an ar code that does this, that's a much different vastly more challenging story. is this something just for you or something you're making for a lot of people to use? if it's the former, doing so might be a bit easier. we can just cut out the encryption.

e: well, you would need to use the cut encryption on a new game or edit all your pokes to not be encrypted. if everything isn't encrypted with the 4th gen rng, but the game tries to decrypt with it, Bad Things™ will happen. srsly.

This code is going to be used on just my game (although keeping the option open to spread to other games would be nice, it can be dropped if need be), and the only pokes it will apply to are ones made from Pokegen in the first place so I can get the pkm file and I can have PID (and location stuff, trainer stuff etc) remain constant. (even though the PID will disagree with the stats)

Is the .pkm file structure the same as the wiki says it is here: http://projectpokemon.org/wiki/Pokemon_NDS_Structure#Encryption ?

Also, pokegen says it can "ignore save file checksum". Would that actually change anything about the pokemon's code (maybe make this easier?), and if so would it still work in-game? I don't care if it would be illegal, but it still needs to not break the game .

For the action replay codes I mentioned for stats (the 2nd half is 0000XXXX), I know they change the desired stat (I assume the encrypted value) to XXXX, and I can calculate XXXX to give me the right number in the stat. Am I right that the first half is the hex address, or is it something completely different? If it is different, would decrypting the .pkm file tell me what the right hex address is so I can use it in assembler?

e: at the link above, it says the stats (and level, I should probably recheck pokegen (although exp using the other stuff ) are encrypted via the PID, which might explain why I could isolate the lines that changed each stat in the pokegen code. Perhaps the ignore checksum stuff in pokegen would allow me to isolate a line that gives the check sum, and what lines give the other values I want. However, I do not know if I am right about the hex address thing in the first place....

Also in X[n+1] = (0x41C64E6D * X[n] + 0x6073) from the link, are * and + bitwise operators?

e2: nvm, the ignore checksum does not seem to change anything in the AR code.... (confirmed by Codr)

e3: better link: http://www.projectpokemon.org/wiki/Pokemon_Black/White_NDS_Structure although it does lack some info, it is for B/W

Edited September 25, 2011 by liaF cipE

[Codr]

Also, pokegen says it can "ignore save file checksum". Would that actually change anything about the pokemon's code (maybe make this easier?)

That option only refers to the save file checksum. It has nothing to do with the checksum involved with Pokemon data.

[liaF cipE]

I just looked back @ a testing code, and it turns out that 12234A44 was max HP, not attack. In fact, I noticed that all of the endings are 2 away from each other, and (when fixed) the ording will probably be consistant with the pkm structure, as there too are the stats offset 2 away from eachother, with the ordering of current hp, max hp, atk, ... (I will probably double check this). If so, then I might be able to adapt those codes and the ones I isolated from pokegen that changed 2 stats (weirdly enough with the later stat first so AAAAHHHH where A is for atk and H is for max Hp. Current hp was in the first 4 digits in its line, further being consistent) to obtain general codes to fix any offset value in the file.

If this is the case, how could recycle the code so I can get the hex addresses it writes to for the assembler code?

Edit: It turns out that execpt the 1st and last line, the 1st 8 hex digits go in order, adding 4 each time from 0x022349B4 to 0x02234A8C, or a difference of 0xD8, which hits all the pkm offsets execpt the 4 at the end in the trash bites section. (actually, the last code hits the next 4 offsets in the pkm code, so it does get all of them)

Edited September 26, 2011 by liaF cipE

[liaF cipE]

Alright, this is the only real important thing: By adapting the pokegen code with the encryption algorithm

I can get AR codes to change the values in the pokemon data, calculate the encrypted value, as well as unencrypt a value and know what value is what. (In say a pokegen code)

So, how can I transfer the AR code into what assembler needs to read at write to the place the code edits? :confused:

[Bond697]

you would need to decrypt and re-encrypt the data on the fly. using the ar. in assembly. i can see this turning into a mess. i still don;t understand exactly what you're trying to do?

[liaF cipE]

you would need to decrypt and re-encrypt the data on the fly. using the ar. in assembly. i can see this turning into a mess. i still don;t understand exactly what you're trying to do?

Basically I want to read nature, ivs, and evs, perform a calculation, then output the values into the stats via assembler. The AR codes I have plug in the encrypted value for either 2 or 4 (or 1 if I'm right) values in the 1st party pokemon data. If I can get the hex address for where those codes write to and read/write there, I can have the code get the values into variables, perform the decrypting algorithm, do the calc/logic with those values, then reencrypt the values to put into the stats.

Since PID is constant for ALL pokemon that get the code, I won't have block shuffling issues, and since the stats are encrypted via the PID I won't have issues with check sum changing. (plus I can read the check sum and PID as they are in the codes I can use)

So it might be somewhat annoying, but it should be quite doable. The only issue is getting the hex address so I can get assembler to read/write to where the line writes.

Am I right that it is the 1st 8 hex digits of a line that only writes in values?

[Delta Blast Burn]

The document I'm attching should help you when it comes to the codes themselves. Make sure Word Wrap is off, because reading it with word wrap on can be a little confusing. Just make the window large.

ARDS Code Types..txt

Edited September 26, 2011 by Delta Blast Burn
forgot something

[liaF cipE]

looks great! but, what does 'offset' mean....

E: nvm, it looks like it does not really matter unless I do that offset adder thingy

[Bond697]

you're gonna want this:

http://projectpokemon.org/forums/showthread.php?14900-Complete-Pokedex-Cheat-Causes-Dream-World-Game-Sync-Error-Code-13204-FIX-HERE&p=135840&viewfull=1#post135840

[liaF cipE]

Alright looks good, the hex addresses were what I hoped, so I can actually make the code now. Thanks!

[liaF cipE]

During debugging the code seemed to do nothing, so I tried a simple code in assembler and in the raw hex code, but the assembler version did not work, as in it seemed to nothing.

Assembler source:

.text

.org 0

.arm

_start:

push {r1,r12}

ldr r12, =0x2234A40

ldr r1, =0x4EBAA14D

str r1, [r12]

ldr r12, =0x2234A44

ldr r1, =0xB4E89F82

str r1, [r12]

ldr r12, =0x2234A48

ldr r1, =0x0E6C13CE

str r1, [r12]

ldr r12, =0x2234A4C

ldr r1, =0xAA1A10A6

str r1, [r12]

pop {r1,r12}

bx lr

.pool

raw hex output from converter and codes:

023FE074 012FFF11

E0000000 0000005C

E92D1002 E59FC030

E59F1030 E58C1000

E59FC02C E59F102C

E58C1000 E59FC028

E59F1028 E58C1000

E59FC024 E59F1024

E58C1000 E8BD1002

E12FFF1E 02234A40

4EBAA14D 02234A44

B4E89F82 02234A48

0E6C13CE 02234A4C

AA1A10A6 00000000

023FE074 E3520003

codes:

94000130 FFFB0000

023FE074 012FFF11

E0000000 0000005C

E92D1002 E59FC030

E59F1030 E58C1000

E59FC02C E59F102C

E58C1000 E59FC028

E59F1028 E58C1000

E59FC024 E59F1024

E58C1000 E8BD1002

E12FFF1E 02234A40

4EBAA14D 02234A44

B4E89F82 02234A48

0E6C13CE 02234A4C

AA1A10A6 00000000

023FE074 E3520003

94000130 FFFB0000

023FE074 012FFF11

E0000000 0000005C

E92D1002 E59FC030

E59F1030 E58C1000

E59FC02C E59F102C

E58C1000 E59FC028

E59F1028 E58C1000

E59FC024 E59F1024

E58C1000 E8BD1002

E12FFF1E 02234A40

4EBAA14D 02234A44

B4E89F82 02234A48

0E6C13CE 02234A4C

AA1A10A6 E12FFF1E

(the same 2 above with d2000000 00000000, the first one with 00000000 E12FFF1E at the end, as well as other weirder tries that aren't really worth mentioning)

manual hex code that worked:

94000130 fffB0000

02234a40 4ebaa14d

02234a44 b4e89f82

02234a48 0e6c13ce

02234a4c aa1a10a6

d2000000 00000000

So, what is the issue with the assembler code, and if there isn't one, what in general do I do to the raw hex output to get a working code? Yeah, I know it is supposed to be

"94000130 FFFB0000(run on hitting select, can be changed to whatever)

023FE074 012FFF11

E0000000 0000XXXX(the Xs here are the number of bytes being run in total, 4 per word)

AAAAAAAA BBBBBBBB

CCCCCCCC DDDDDDDD

EEEEEEEE FFFFFFFF

GGGGGGGG E12FFF1E"

but the code had 023FE074 012FFF11 built in, and I tried to put in E12FFF1E at the end, but it didn't work.......

edit: I also tried this:

94000130 fffb0000

023fe074 012fff11

e0000000 0000005c

e92d1002 e59fc030

e59f1030 e58c1000

e59fc02c e59f102c

e58c1000 e59fc028

e59f1028 e58c1000

e59fc024 e59f1024

e58c1000 e8bd1002

e12fff1e 00000000 (or 00000000 E12FFF1E)

02234a40 4ebaa14d

02234a44 b4e89f82

02234a48 0e6c13ce

02234a4c aa1a10a6

023fe074 e3520003 (or d2000000 00000000)

note: If someone is about to go test the ar code for themselves, a lvl 100 pokemon with the PID of 1739113929 needs to be the 1st pokemon in the party, and the code should make every stat 0 for said pokemon. (I made the poke I tested with in Pokegen, so I know 100% that it has that PID)

[Bond697]

where are you trying this? desmume?

e:

here:

.text

.org 0

.arm

_start:

push {r1,r12}

ldr r1, =0x4EBAA14D

ldr r12, =0x2234A40

str r1, [r12]

ldr r1, =0xB4E89F82

str r1, [r12, #0x4]

ldr r1, =0x0E6C13CE

str r1, [r12, #0x8]

ldr r1, =0xAA1A10A6

str r1, [r12, #0xC]

pop {r1,r12}

bx lr

.pool

no need for that extra space in the literal pool.

[Bond697]

ok, what you want to do is something like this:

94000130 FFFB0000
023FE074 012FFF11
E0000000 00000044
E92D1002 E59F1024
E59FC024 E58C1000
E59F1020 E58C1004
E59F101C E58C1008
E59F1018 E58C100C
E8BD1002 E12FFF1E
4EBAA14D 02234A40
B4E89F82 0E6C13CE
AA1A10A6 00000000
023FE074 E3520003
D2000000 00000000

the ar just runs the code, so i think something like this should be good.

e: also, desmume/no$ don;t keep the ar code handler at its normal spot. they just handle the ar themselves, so the ar hack to create executable code doesn't work on them, i don't think? i should try that now.

also, you can use kodinator for branches and asm to ards to compile, no need for anything else.

e2: yep! the ar hack doesn't seem to work.

here's an example, the backlight adjustment code for white:

94000130 FCFB0000
023FE074 012FFF11
E0000000 000000A8
E28F0001 E12FFF10
A21AB5F0 88234C24
80138811 D02A428B
25803490 F0002000
1C06F82A F0002004
2703F826 21404007
D003420B 420B2180
E018D00C 4231210C
2F03D006 1C79D013
F0002004 E00EF816
E0094331 438E210C
2F001C31 1E79D004
F0002004 E002F80A
F0002000 BCF0F806
4718BC08 30800000
88222100 D1FC422A
80224A08 88208060
D1FC4228 80220C12
88228061 D1FC422A
21FF8860 47704008
04000130 80028802
023FE074 E3520003
D2000000 00000000

you can see, yours is set up just like this code, so it should be working.

[liaF cipE]

where are you trying this? desmume?

e:

here:

.text

.org 0

.arm

_start:

push {r1,r12}

ldr r1, =0x4EBAA14D

ldr r12, =0x2234A40

str r1, [r12]

ldr r1, =0xB4E89F82

str r1, [r12, #0x4]

ldr r1, =0x0E6C13CE

str r1, [r12, #0x8]

ldr r1, =0xAA1A10A6

str r1, [r12, #0xC]

pop {r1,r12}

bx lr

.pool

no need for that extra space in the literal pool.

I am trying this in-game, (and not saving when it doesn't work ). The weird thing is that the normal hex code works perfectly fine (consistantly too, so its not like my game got screwed up or something), whereas the asembler version doesn't, and they should be doing the exact same thing...... IDK, I'll try the edit and see if it works.

edit: Still doesn't work.... code:

94000130 fff30000

023fe074 012fff11

e0000000 00000044

e92d1002 e59f1024

e59fc024 e58c1000

e59f1020 e58c1004

e59f101c e58c1008

e59f1018 e58c100c

e8bd1002 e12fff1e

4ebaa14d 02234a40

b4e89f82 0e6c13ce

aa1a10a6 00000000

023fe074 e3520003

d2000000 00000000

To get the code, I am using the Kenobi ASM to ARDS with the ARM ASM kit that creates the .bin file ASM to ARDS requires. (I also have the arm7 fixa and extractor, but I don't think they are really used here.) Do I need something else to get it to work?

[Bond697]

try this to test:

94000130 FFFB0000
023FE074 012FFF11
E0000000 00000020
E92D0003 E59F000C
E59F100C E5801000
E8BD0003 E12FFF1E
0223CDCC 01111111
023FE074 E3520003
D2000000 00000000

get in-game and hit select, then look at your money and it should have changed.

it has to be on a real ards, though. the ardsi might have the address of the code handler changed, i'm not sure. i can't get my ar to work at the moment, or i would try it. if the ardsi's code handler address changed, then there ar hack to execute e-codes wouldn't work on them.

also, asm to ards doesn't require a bin file. just type the assembly in and hit compile.

[liaF cipE]

try this to test:

94000130 FFFB0000
023FE074 012FFF11
E0000000 00000020
E92D0003 E59F000C
E59F100C E5801000
E8BD0003 E12FFF1E
0223CDCC 01111111
023FE074 E3520003
D2000000 00000000

get in-game and hit select, then look at your money and it should have changed.

it has to be on a real ards, though. the ardsi might have the address of the code handler changed, i'm not sure. i can't get my ar to work at the moment, or i would try it. if the ardsi's code handler address changed, then there ar hack to execute e-codes wouldn't work on them.

also, asm to ards doesn't require a bin file. just type the assembly in and hit compile.

Still didn't work

I am using an ardsi, so that might be the problem. Weird though, considering all other codes have worked thus far.

Also, for asm to ards, I put the code in the box and hit the asm to ards button, and it gives me an error that it can't find the file source.bin. After I use the one program to make a .bin from the asm source file, rename it to source and put it with asm to ards, putting in the code and hitting the button works just fine.

[Bond697]

you know what? i just tried the backlight code on my ds with an ards. it's an ar code handler hack too. it doesn't work. i'm wondering if, when they updated the ar firmware, they changed where in ram the ar code handler sits to accomodate the new dtcm(and stacks) the ds sdk now uses so that the ar would stay well out of range of any nintendo code. that would explain it perfectly. and it means that that ar hack isn't usable any more. that code i had you test should work 100% of the time, but it doesn't. that explains it perfectly. and really screws this over.

[liaF cipE]

you know what? i just tried the backlight code on my ds with an ards. it's an ar code handler hack too. it doesn't work. i'm wondering if, when they updated the ar firmware, they changed where in ram the ar code handler sits to accomodate the new dtcm(and stacks) the ds sdk now uses so that the ar would stay well out of range of any nintendo code. that would explain it perfectly. and it means that that ar hack isn't usable any more. that code i had you test should work 100% of the time, but it doesn't. that explains it perfectly. and really screws this over.

......crap I guess I can use manual values or something but that really kills this. hopefully someone will be able to find the new addresses or something to get asm codes to work in the future, but for now this seems doomed. Thanks for the help though.