liaF cipE Posted September 25, 2011 Posted September 25, 2011 As is probably evident by now, I really do not know a lot about what I am doing, mainly because my programming experience is with stuff like C++ and Java… Yes, I do know basics like what hexadecimal is, AR codes are CPU instructions, etc. But I lack on some of the more advanced stuff and notations, and I am not sure of exactly where I stand in terms of how much I know. For example, I don’t really know what 00013 022349D4 d h 0 Slot1 PID(W) means, or how I can change that to give the hex address/1st chunk in an AR code line (Is it 022349D4? Does that number need to be changed somehow?) As such, here is a list of what (I think) I know, and what I need: Know: -The main portion of the code will be from assembler, which will read and write values from hex addresses on the cart’s RAM, dictated by setting the Hex address for a value as the absolute address in the assembler code -The assembler code will also read and write values on to the AR itself, (like R1 and stuff) which should have the right value when used with a complier designed for the AR. (I’m not entirely sure about this bit, and I suspect I will have to temporarily store values somewhere on the game’s ram, like the output of a sum that I need to modify more before it goes into another spot on the cart) (If anyone knows a good assembler compilier for the AR/BW, I would be glad to know ) -I am using this nice code from Bond697 to run the assembler code on the AR: 94000130 FFFB0000(run on hitting select, can be changed to whatever) 023FE074 012FFF11 E0000000 0000XXXX(the Xs here are the number of bytes being run in total, 4 per word) AAAAAAAA BBBBBBBB CCCCCCCC DDDDDDDD EEEEEEEE FFFFFFFF GGGGGGGG E12FFF1E Which runs the code from the AR memory, so there are no issues with storing the function somewhere -Lines in the AR code that change a value at a hex address like 12234A44 0000XXXX change the value at the hex address 12234A44 to 0000XXXX, so I can have 12234A44 as the absolute address in assembler and have the assembler code read and write to the same place as the AR code. (I’m not 100% on this. If the 12234A44 value needs to be modified to give the hex address, please tell me what the formula/algorithm is to transfer from 12234A44 to the proper hex address) -How to write to the values of the 1st pokemon in the party for current and max HP, Atk, Spl Atk, Def, Spl Def, and Speed, which is done by inputing the number I want xored with the value for 0 (got it from pokegen) at the following hex addresses I got from Delta Blast Burn (in AR code form): 12234A42 current hp (lucky guess on my part) 12234A44 atk. 12234A46 (max) hp 12234A48 def. 12234A4A sp. atk. 12234A4C speed 12234A4E spl def -(I will be fine with the writing of the assembler code and the algorithm of the code once I have the info I need. I don’t know all the syntax off the top of my head, but I know where to get any help I’ll need with the stuff pertaining only to assembler) Don’t know: Note: If some sort of short hand notation/formula is used as an answer, that’s great, but please also include how I go from the short hand/formula to the thing I need, like the hex address. Also, a resource where I can get the information from is fine as an answer. (As you may see, I need a lot of hex addresses. I thought I could use pokegen, which worked fine for the stats, but for most of the values I wanted changing one of them altered the same 30 lines of AR code each time, so I had no idea how to isolate each individual variable. Ie: happiness, nature, ivs and evs all changed the exact same 30 lines... :confused:) -The hex address (read) of the nature value for the 1st party pokemon, and how to transform the raw number into something more usable. (Is it the encryption thing with the PRNG?) (I found something that says it is the 41h value, but I have no idea what to do with that) (I think the fixed numbers should look like this: 0x00Hardy 0x01Lonely 0x02Brave 0x03Adamant 0x04Naughty 0x05Bold 0x06Docile 0x07Relaxed 0x08Impish 0x09Lax 0x0ATimid 0x0BHasty 0x0CSerious 0x0DJolly 0x0ENaive 0x0FModest 0x10Mild 0x11Quiet 0x12Bashful 0x13Rash 0x14Calm 0x15Gentle 0x16Sassy 0x17Careful 0x18Quirky ) -The hex address (write) for the happiness value of the 1st pokemon in the party, and how to change the value I want before it is written to that address. -The hex addresses (read) for the iv’s and ev’s of the 1st pokemon in the party, and how to transform the value to give the proper number. (ie 31 or 252, not 0x8F72 or something like that) (Does this use the encryption?) (I also found stuff here: http://www.projectpokemon.org/wiki/Pokemon_NDS_Structure#Unencrypted_bytes but I do not know what to do with those to get the 1st party pokemon hex addresses) - The hex address (read) for level, how to tranform the value into the actual level, etc.. If it helps, the code will only be used on pokemon made in Pokegen, so things like location and PID will be constant. The code just needs to be flexible wrt level, iv, ev, and nature. I thank whoever helps me in advance. (Especially since it will probably be the same people, and I’m sure they are starting to get annoyed by now…)
Bond697 Posted September 25, 2011 Posted September 25, 2011 everything you want to change is encrypted. since you're proficient with java/c++, your best bet is to read about how the encryption works(i think there's a wiki article) and write an app to decrypt the pkm and the re-encrypt it so you know what values you want to change to what. however, if you want to somehow reuse an ar code that does this, that's a much different vastly more challenging story. is this something just for you or something you're making for a lot of people to use? if it's the former, doing so might be a bit easier. we can just cut out the encryption. e: well, you would need to use the cut encryption on a new game or edit all your pokes to not be encrypted. if everything isn't encrypted with the 4th gen rng, but the game tries to decrypt with it, Bad Things will happen. srsly.
liaF cipE Posted September 25, 2011 Author Posted September 25, 2011 (edited) everything you want to change is encrypted. since you're proficient with java/c++, your best bet is to read about how the encryption works(i think there's a wiki article) and write an app to decrypt the pkm and the re-encrypt it so you know what values you want to change to what. however, if you want to somehow reuse an ar code that does this, that's a much different vastly more challenging story. is this something just for you or something you're making for a lot of people to use? if it's the former, doing so might be a bit easier. we can just cut out the encryption.e: well, you would need to use the cut encryption on a new game or edit all your pokes to not be encrypted. if everything isn't encrypted with the 4th gen rng, but the game tries to decrypt with it, Bad Things will happen. srsly. This code is going to be used on just my game (although keeping the option open to spread to other games would be nice, it can be dropped if need be), and the only pokes it will apply to are ones made from Pokegen in the first place so I can get the pkm file and I can have PID (and location stuff, trainer stuff etc) remain constant. (even though the PID will disagree with the stats) Is the .pkm file structure the same as the wiki says it is here: http://projectpokemon.org/wiki/Pokemon_NDS_Structure#Encryption ? Also, pokegen says it can "ignore save file checksum". Would that actually change anything about the pokemon's code (maybe make this easier?), and if so would it still work in-game? I don't care if it would be illegal, but it still needs to not break the game . For the action replay codes I mentioned for stats (the 2nd half is 0000XXXX), I know they change the desired stat (I assume the encrypted value) to XXXX, and I can calculate XXXX to give me the right number in the stat. Am I right that the first half is the hex address, or is it something completely different? If it is different, would decrypting the .pkm file tell me what the right hex address is so I can use it in assembler? e: at the link above, it says the stats (and level, I should probably recheck pokegen (although exp using the other stuff ) are encrypted via the PID, which might explain why I could isolate the lines that changed each stat in the pokegen code. Perhaps the ignore checksum stuff in pokegen would allow me to isolate a line that gives the check sum, and what lines give the other values I want. However, I do not know if I am right about the hex address thing in the first place.... Also in X[n+1] = (0x41C64E6D * X[n] + 0x6073) from the link, are * and + bitwise operators? e2: nvm, the ignore checksum does not seem to change anything in the AR code.... (confirmed by Codr) e3: better link: http://www.projectpokemon.org/wiki/Pokemon_Black/White_NDS_Structure although it does lack some info, it is for B/W Edited September 25, 2011 by liaF cipE
Codr Posted September 25, 2011 Posted September 25, 2011 Also, pokegen says it can "ignore save file checksum". Would that actually change anything about the pokemon's code (maybe make this easier?) That option only refers to the save file checksum. It has nothing to do with the checksum involved with Pokemon data.
liaF cipE Posted September 25, 2011 Author Posted September 25, 2011 (edited) I just looked back @ a testing code, and it turns out that 12234A44 was max HP, not attack. In fact, I noticed that all of the endings are 2 away from each other, and (when fixed) the ording will probably be consistant with the pkm structure, as there too are the stats offset 2 away from eachother, with the ordering of current hp, max hp, atk, ... (I will probably double check this). If so, then I might be able to adapt those codes and the ones I isolated from pokegen that changed 2 stats (weirdly enough with the later stat first so AAAAHHHH where A is for atk and H is for max Hp. Current hp was in the first 4 digits in its line, further being consistent) to obtain general codes to fix any offset value in the file. If this is the case, how could recycle the code so I can get the hex addresses it writes to for the assembler code? Edit: It turns out that execpt the 1st and last line, the 1st 8 hex digits go in order, adding 4 each time from 0x022349B4 to 0x02234A8C, or a difference of 0xD8, which hits all the pkm offsets execpt the 4 at the end in the trash bites section. (actually, the last code hits the next 4 offsets in the pkm code, so it does get all of them) Edited September 26, 2011 by liaF cipE
liaF cipE Posted September 26, 2011 Author Posted September 26, 2011 Alright, this is the only real important thing: By adapting the pokegen code with the encryption algorithm I can get AR codes to change the values in the pokemon data, calculate the encrypted value, as well as unencrypt a value and know what value is what. (In say a pokegen code) So, how can I transfer the AR code into what assembler needs to read at write to the place the code edits? :confused:
Bond697 Posted September 26, 2011 Posted September 26, 2011 you would need to decrypt and re-encrypt the data on the fly. using the ar. in assembly. i can see this turning into a mess. i still don;t understand exactly what you're trying to do?
liaF cipE Posted September 26, 2011 Author Posted September 26, 2011 you would need to decrypt and re-encrypt the data on the fly. using the ar. in assembly. i can see this turning into a mess. i still don;t understand exactly what you're trying to do? Basically I want to read nature, ivs, and evs, perform a calculation, then output the values into the stats via assembler. The AR codes I have plug in the encrypted value for either 2 or 4 (or 1 if I'm right) values in the 1st party pokemon data. If I can get the hex address for where those codes write to and read/write there, I can have the code get the values into variables, perform the decrypting algorithm, do the calc/logic with those values, then reencrypt the values to put into the stats. Since PID is constant for ALL pokemon that get the code, I won't have block shuffling issues, and since the stats are encrypted via the PID I won't have issues with check sum changing. (plus I can read the check sum and PID as they are in the codes I can use) So it might be somewhat annoying, but it should be quite doable. The only issue is getting the hex address so I can get assembler to read/write to where the line writes. Am I right that it is the 1st 8 hex digits of a line that only writes in values?
Delta Blast Burn Posted September 26, 2011 Posted September 26, 2011 (edited) The document I'm attching should help you when it comes to the codes themselves. Make sure Word Wrap is off, because reading it with word wrap on can be a little confusing. Just make the window large. ARDS Code Types..txt Edited September 26, 2011 by Delta Blast Burn forgot something
liaF cipE Posted September 26, 2011 Author Posted September 26, 2011 looks great! but, what does 'offset' mean.... E: nvm, it looks like it does not really matter unless I do that offset adder thingy
Bond697 Posted September 26, 2011 Posted September 26, 2011 you're gonna want this: http://projectpokemon.org/forums/showthread.php?14900-Complete-Pokedex-Cheat-Causes-Dream-World-Game-Sync-Error-Code-13204-FIX-HERE&p=135840&viewfull=1#post135840
liaF cipE Posted September 26, 2011 Author Posted September 26, 2011 Alright looks good, the hex addresses were what I hoped, so I can actually make the code now. Thanks!
liaF cipE Posted October 16, 2011 Author Posted October 16, 2011 During debugging the code seemed to do nothing, so I tried a simple code in assembler and in the raw hex code, but the assembler version did not work, as in it seemed to nothing. Assembler source: .text .org 0 .arm _start: push {r1,r12} ldr r12, =0x2234A40 ldr r1, =0x4EBAA14D str r1, [r12] ldr r12, =0x2234A44 ldr r1, =0xB4E89F82 str r1, [r12] ldr r12, =0x2234A48 ldr r1, =0x0E6C13CE str r1, [r12] ldr r12, =0x2234A4C ldr r1, =0xAA1A10A6 str r1, [r12] pop {r1,r12} bx lr .pool raw hex output from converter and codes: 023FE074 012FFF11 E0000000 0000005C E92D1002 E59FC030 E59F1030 E58C1000 E59FC02C E59F102C E58C1000 E59FC028 E59F1028 E58C1000 E59FC024 E59F1024 E58C1000 E8BD1002 E12FFF1E 02234A40 4EBAA14D 02234A44 B4E89F82 02234A48 0E6C13CE 02234A4C AA1A10A6 00000000 023FE074 E3520003 codes: 94000130 FFFB0000 023FE074 012FFF11 E0000000 0000005C E92D1002 E59FC030 E59F1030 E58C1000 E59FC02C E59F102C E58C1000 E59FC028 E59F1028 E58C1000 E59FC024 E59F1024 E58C1000 E8BD1002 E12FFF1E 02234A40 4EBAA14D 02234A44 B4E89F82 02234A48 0E6C13CE 02234A4C AA1A10A6 00000000 023FE074 E3520003 94000130 FFFB0000 023FE074 012FFF11 E0000000 0000005C E92D1002 E59FC030 E59F1030 E58C1000 E59FC02C E59F102C E58C1000 E59FC028 E59F1028 E58C1000 E59FC024 E59F1024 E58C1000 E8BD1002 E12FFF1E 02234A40 4EBAA14D 02234A44 B4E89F82 02234A48 0E6C13CE 02234A4C AA1A10A6 E12FFF1E (the same 2 above with d2000000 00000000, the first one with 00000000 E12FFF1E at the end, as well as other weirder tries that aren't really worth mentioning) manual hex code that worked: 94000130 fffB0000 02234a40 4ebaa14d 02234a44 b4e89f82 02234a48 0e6c13ce 02234a4c aa1a10a6 d2000000 00000000 So, what is the issue with the assembler code, and if there isn't one, what in general do I do to the raw hex output to get a working code? Yeah, I know it is supposed to be "94000130 FFFB0000(run on hitting select, can be changed to whatever) 023FE074 012FFF11 E0000000 0000XXXX(the Xs here are the number of bytes being run in total, 4 per word) AAAAAAAA BBBBBBBB CCCCCCCC DDDDDDDD EEEEEEEE FFFFFFFF GGGGGGGG E12FFF1E" but the code had 023FE074 012FFF11 built in, and I tried to put in E12FFF1E at the end, but it didn't work....... edit: I also tried this: 94000130 fffb0000 023fe074 012fff11 e0000000 0000005c e92d1002 e59fc030 e59f1030 e58c1000 e59fc02c e59f102c e58c1000 e59fc028 e59f1028 e58c1000 e59fc024 e59f1024 e58c1000 e8bd1002 e12fff1e 00000000 (or 00000000 E12FFF1E) 02234a40 4ebaa14d 02234a44 b4e89f82 02234a48 0e6c13ce 02234a4c aa1a10a6 023fe074 e3520003 (or d2000000 00000000) note: If someone is about to go test the ar code for themselves, a lvl 100 pokemon with the PID of 1739113929 needs to be the 1st pokemon in the party, and the code should make every stat 0 for said pokemon. (I made the poke I tested with in Pokegen, so I know 100% that it has that PID)
Bond697 Posted October 16, 2011 Posted October 16, 2011 where are you trying this? desmume? e: here: .text .org 0 .arm _start: push {r1,r12} ldr r1, =0x4EBAA14D ldr r12, =0x2234A40 str r1, [r12] ldr r1, =0xB4E89F82 str r1, [r12, #0x4] ldr r1, =0x0E6C13CE str r1, [r12, #0x8] ldr r1, =0xAA1A10A6 str r1, [r12, #0xC] pop {r1,r12} bx lr .pool no need for that extra space in the literal pool.
Bond697 Posted October 16, 2011 Posted October 16, 2011 ok, what you want to do is something like this: 94000130 FFFB0000 023FE074 012FFF11 E0000000 00000044 E92D1002 E59F1024 E59FC024 E58C1000 E59F1020 E58C1004 E59F101C E58C1008 E59F1018 E58C100C E8BD1002 E12FFF1E 4EBAA14D 02234A40 B4E89F82 0E6C13CE AA1A10A6 00000000 023FE074 E3520003 D2000000 00000000 the ar just runs the code, so i think something like this should be good. e: also, desmume/no$ don;t keep the ar code handler at its normal spot. they just handle the ar themselves, so the ar hack to create executable code doesn't work on them, i don't think? i should try that now. also, you can use kodinator for branches and asm to ards to compile, no need for anything else. e2: yep! the ar hack doesn't seem to work. here's an example, the backlight adjustment code for white: 94000130 FCFB0000 023FE074 012FFF11 E0000000 000000A8 E28F0001 E12FFF10 A21AB5F0 88234C24 80138811 D02A428B 25803490 F0002000 1C06F82A F0002004 2703F826 21404007 D003420B 420B2180 E018D00C 4231210C 2F03D006 1C79D013 F0002004 E00EF816 E0094331 438E210C 2F001C31 1E79D004 F0002004 E002F80A F0002000 BCF0F806 4718BC08 30800000 88222100 D1FC422A 80224A08 88208060 D1FC4228 80220C12 88228061 D1FC422A 21FF8860 47704008 04000130 80028802 023FE074 E3520003 D2000000 00000000 you can see, yours is set up just like this code, so it should be working.
liaF cipE Posted October 16, 2011 Author Posted October 16, 2011 where are you trying this? desmume?e: here: .text .org 0 .arm _start: push {r1,r12} ldr r1, =0x4EBAA14D ldr r12, =0x2234A40 str r1, [r12] ldr r1, =0xB4E89F82 str r1, [r12, #0x4] ldr r1, =0x0E6C13CE str r1, [r12, #0x8] ldr r1, =0xAA1A10A6 str r1, [r12, #0xC] pop {r1,r12} bx lr .pool no need for that extra space in the literal pool. I am trying this in-game, (and not saving when it doesn't work ). The weird thing is that the normal hex code works perfectly fine (consistantly too, so its not like my game got screwed up or something), whereas the asembler version doesn't, and they should be doing the exact same thing...... IDK, I'll try the edit and see if it works. edit: Still doesn't work.... code: 94000130 fff30000 023fe074 012fff11 e0000000 00000044 e92d1002 e59f1024 e59fc024 e58c1000 e59f1020 e58c1004 e59f101c e58c1008 e59f1018 e58c100c e8bd1002 e12fff1e 4ebaa14d 02234a40 b4e89f82 0e6c13ce aa1a10a6 00000000 023fe074 e3520003 d2000000 00000000 To get the code, I am using the Kenobi ASM to ARDS with the ARM ASM kit that creates the .bin file ASM to ARDS requires. (I also have the arm7 fixa and extractor, but I don't think they are really used here.) Do I need something else to get it to work?
Bond697 Posted October 16, 2011 Posted October 16, 2011 try this to test: 94000130 FFFB0000 023FE074 012FFF11 E0000000 00000020 E92D0003 E59F000C E59F100C E5801000 E8BD0003 E12FFF1E 0223CDCC 01111111 023FE074 E3520003 D2000000 00000000 get in-game and hit select, then look at your money and it should have changed. it has to be on a real ards, though. the ardsi might have the address of the code handler changed, i'm not sure. i can't get my ar to work at the moment, or i would try it. if the ardsi's code handler address changed, then there ar hack to execute e-codes wouldn't work on them. also, asm to ards doesn't require a bin file. just type the assembly in and hit compile.
liaF cipE Posted October 16, 2011 Author Posted October 16, 2011 try this to test: 94000130 FFFB0000 023FE074 012FFF11 E0000000 00000020 E92D0003 E59F000C E59F100C E5801000 E8BD0003 E12FFF1E 0223CDCC 01111111 023FE074 E3520003 D2000000 00000000 get in-game and hit select, then look at your money and it should have changed. it has to be on a real ards, though. the ardsi might have the address of the code handler changed, i'm not sure. i can't get my ar to work at the moment, or i would try it. if the ardsi's code handler address changed, then there ar hack to execute e-codes wouldn't work on them. also, asm to ards doesn't require a bin file. just type the assembly in and hit compile. Still didn't work I am using an ardsi, so that might be the problem. Weird though, considering all other codes have worked thus far. Also, for asm to ards, I put the code in the box and hit the asm to ards button, and it gives me an error that it can't find the file source.bin. After I use the one program to make a .bin from the asm source file, rename it to source and put it with asm to ards, putting in the code and hitting the button works just fine.
Bond697 Posted October 17, 2011 Posted October 17, 2011 you know what? i just tried the backlight code on my ds with an ards. it's an ar code handler hack too. it doesn't work. i'm wondering if, when they updated the ar firmware, they changed where in ram the ar code handler sits to accomodate the new dtcm(and stacks) the ds sdk now uses so that the ar would stay well out of range of any nintendo code. that would explain it perfectly. and it means that that ar hack isn't usable any more. that code i had you test should work 100% of the time, but it doesn't. that explains it perfectly. and really screws this over.
liaF cipE Posted October 17, 2011 Author Posted October 17, 2011 you know what? i just tried the backlight code on my ds with an ards. it's an ar code handler hack too. it doesn't work. i'm wondering if, when they updated the ar firmware, they changed where in ram the ar code handler sits to accomodate the new dtcm(and stacks) the ds sdk now uses so that the ar would stay well out of range of any nintendo code. that would explain it perfectly. and it means that that ar hack isn't usable any more. that code i had you test should work 100% of the time, but it doesn't. that explains it perfectly. and really screws this over. ......crap I guess I can use manual values or something but that really kills this. hopefully someone will be able to find the new addresses or something to get asm codes to work in the future, but for now this seems doomed. Thanks for the help though.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now