Jump to content
This Topic

AR Code Help

liaF cipE

By liaF cipE
in RAM - NDS Help

 Share

Recommended Posts

liaF cipE

liaF cipE

Posted
Posted

As is probably evident by now, I really do not know a lot about what I am doing, mainly because my programming experience is with stuff like C++ and Java…

Yes, I do know basics like what hexadecimal is, AR codes are CPU instructions, etc. But I lack on some of the more advanced stuff and notations, and I am not sure of exactly where I stand in terms of how much I know.

For example, I don’t really know what

00013 022349D4 d h 0 Slot1 PID(W)

means, or how I can change that to give the hex address/1st chunk in an AR code line

(Is it 022349D4? Does that number need to be changed somehow?)

As such, here is a list of what (I think) I know, and what I need:

Know:

  Reveal hidden contents

Don’t know:

  Reveal hidden contents

I thank whoever helps me in advance. (Especially since it will probably be the same people, and I’m sure they are starting to get annoyed by now…)

Bond697

Bond697

Posted
Posted

everything you want to change is encrypted. since you're proficient with java/c++, your best bet is to read about how the encryption works(i think there's a wiki article) and write an app to decrypt the pkm and the re-encrypt it so you know what values you want to change to what. however, if you want to somehow reuse an ar code that does this, that's a much different vastly more challenging story. is this something just for you or something you're making for a lot of people to use? if it's the former, doing so might be a bit easier. we can just cut out the encryption.

e: well, you would need to use the cut encryption on a new game or edit all your pokes to not be encrypted. if everything isn't encrypted with the 4th gen rng, but the game tries to decrypt with it, Bad Things™ will happen. srsly.

liaF cipE

liaF cipE

Posted
  • Author
Posted (edited)
  Bond697 said:
everything you want to change is encrypted. since you're proficient with java/c++, your best bet is to read about how the encryption works(i think there's a wiki article) and write an app to decrypt the pkm and the re-encrypt it so you know what values you want to change to what. however, if you want to somehow reuse an ar code that does this, that's a much different vastly more challenging story. is this something just for you or something you're making for a lot of people to use? if it's the former, doing so might be a bit easier. we can just cut out the encryption.

e: well, you would need to use the cut encryption on a new game or edit all your pokes to not be encrypted. if everything isn't encrypted with the 4th gen rng, but the game tries to decrypt with it, Bad Things™ will happen. srsly.

This code is going to be used on just my game (although keeping the option open to spread to other games would be nice, it can be dropped if need be), and the only pokes it will apply to are ones made from Pokegen in the first place so I can get the pkm file and I can have PID (and location stuff, trainer stuff etc) remain constant. (even though the PID will disagree with the stats)

Is the .pkm file structure the same as the wiki says it is here: http://projectpokemon.org/wiki/Pokemon_NDS_Structure#Encryption ?

Also, pokegen says it can "ignore save file checksum". Would that actually change anything about the pokemon's code (maybe make this easier?), and if so would it still work in-game? I don't care if it would be illegal, but it still needs to not break the game :).

For the action replay codes I mentioned for stats (the 2nd half is 0000XXXX), I know they change the desired stat (I assume the encrypted value) to XXXX, and I can calculate XXXX to give me the right number in the stat. Am I right that the first half is the hex address, or is it something completely different? If it is different, would decrypting the .pkm file tell me what the right hex address is so I can use it in assembler?

e: at the link above, it says the stats (and level, I should probably recheck pokegen (although exp using the other stuff :() are encrypted via the PID, which might explain why I could isolate the lines that changed each stat in the pokegen code. Perhaps the ignore checksum stuff in pokegen would allow me to isolate a line that gives the check sum, and what lines give the other values I want. However, I do not know if I am right about the hex address thing in the first place....

Also in X[n+1] = (0x41C64E6D * X[n] + 0x6073) from the link, are * and + bitwise operators?

e2: nvm, the ignore checksum does not seem to change anything in the AR code.... (confirmed by Codr)

e3: better link: http://www.projectpokemon.org/wiki/Pokemon_Black/White_NDS_Structure although it does lack some info, it is for B/W :)

Edited by liaF cipE
Codr

Codr

Posted
Posted
  liaF cipE said:
Also, pokegen says it can "ignore save file checksum". Would that actually change anything about the pokemon's code (maybe make this easier?)

That option only refers to the save file checksum. It has nothing to do with the checksum involved with Pokemon data.

liaF cipE

liaF cipE

Posted
  • Author
Posted (edited)

I just looked back @ a testing code, and it turns out that 12234A44 was max HP, not attack. In fact, I noticed that all of the endings are 2 away from each other, and (when fixed) the ording will probably be consistant with the pkm structure, as there too are the stats offset 2 away from eachother, with the ordering of current hp, max hp, atk, ... (I will probably double check this). If so, then I might be able to adapt those codes and the ones I isolated from pokegen that changed 2 stats (weirdly enough with the later stat first so AAAAHHHH where A is for atk and H is for max Hp. Current hp was in the first 4 digits in its line, further being consistent) to obtain general codes to fix any offset value in the file.

If this is the case, how could recycle the code so I can get the hex addresses it writes to for the assembler code?

Edit: It turns out that execpt the 1st and last line, the 1st 8 hex digits go in order, adding 4 each time from 0x022349B4 to 0x02234A8C, or a difference of 0xD8, which hits all the pkm offsets execpt the 4 at the end in the trash bites section. (actually, the last code hits the next 4 offsets in the pkm code, so it does get all of them)

Edited by liaF cipE
liaF cipE

liaF cipE

Posted
  • Author
Posted

Alright, this is the only real important thing: By adapting the pokegen code with the encryption algorithm

I can get AR codes to change the values in the pokemon data, calculate the encrypted value, as well as unencrypt a value and know what value is what. (In say a pokegen code)

So, how can I transfer the AR code into what assembler needs to read at write to the place the code edits? :confused:

liaF cipE

liaF cipE

Posted
  • Author
Posted
  Bond697 said:
you would need to decrypt and re-encrypt the data on the fly. using the ar. in assembly. i can see this turning into a mess. i still don;t understand exactly what you're trying to do?

Basically I want to read nature, ivs, and evs, perform a calculation, then output the values into the stats via assembler. The AR codes I have plug in the encrypted value for either 2 or 4 (or 1 if I'm right) values in the 1st party pokemon data. If I can get the hex address for where those codes write to and read/write there, I can have the code get the values into variables, perform the decrypting algorithm, do the calc/logic with those values, then reencrypt the values to put into the stats.

Since PID is constant for ALL pokemon that get the code, I won't have block shuffling issues, and since the stats are encrypted via the PID I won't have issues with check sum changing. (plus I can read the check sum and PID as they are in the codes I can use)

So it might be somewhat annoying, but it should be quite doable. The only issue is getting the hex address so I can get assembler to read/write to where the line writes.

Am I right that it is the 1st 8 hex digits of a line that only writes in values?

  • 3 weeks later...
liaF cipE

liaF cipE

Posted
  • Author
Posted

During debugging the code seemed to do nothing, so I tried a simple code in assembler and in the raw hex code, but the assembler version did not work, as in it seemed to nothing.

Assembler source:

  Reveal hidden contents

raw hex output from converter and codes:

  Reveal hidden contents

manual hex code that worked:

  Reveal hidden contents

So, what is the issue with the assembler code, and if there isn't one, what in general do I do to the raw hex output to get a working code? Yeah, I know it is supposed to be

"94000130 FFFB0000(run on hitting select, can be changed to whatever)

023FE074 012FFF11

E0000000 0000XXXX(the Xs here are the number of bytes being run in total, 4 per word)

AAAAAAAA BBBBBBBB

CCCCCCCC DDDDDDDD

EEEEEEEE FFFFFFFF

GGGGGGGG E12FFF1E"

but the code had 023FE074 012FFF11 built in, and I tried to put in E12FFF1E at the end, but it didn't work.......

edit: I also tried this:

  Reveal hidden contents

note: If someone is about to go test the ar code for themselves, a lvl 100 pokemon with the PID of 1739113929 needs to be the 1st pokemon in the party, and the code should make every stat 0 for said pokemon. (I made the poke I tested with in Pokegen, so I know 100% that it has that PID)

Bond697

Bond697

Posted
Posted

where are you trying this? desmume?

e:

here:

.text

.org 0

.arm

_start:

push {r1,r12}

ldr r1, =0x4EBAA14D

ldr r12, =0x2234A40

str r1, [r12]

ldr r1, =0xB4E89F82

str r1, [r12, #0x4]

ldr r1, =0x0E6C13CE

str r1, [r12, #0x8]

ldr r1, =0xAA1A10A6

str r1, [r12, #0xC]

pop {r1,r12}

bx lr

.pool

no need for that extra space in the literal pool.

Bond697

Bond697

Posted
Posted

ok, what you want to do is something like this:

94000130 FFFB0000
023FE074 012FFF11
E0000000 00000044
E92D1002 E59F1024
E59FC024 E58C1000
E59F1020 E58C1004
E59F101C E58C1008
E59F1018 E58C100C
E8BD1002 E12FFF1E
4EBAA14D 02234A40
B4E89F82 0E6C13CE
AA1A10A6 00000000
023FE074 E3520003
D2000000 00000000

the ar just runs the code, so i think something like this should be good.

e: also, desmume/no$ don;t keep the ar code handler at its normal spot. they just handle the ar themselves, so the ar hack to create executable code doesn't work on them, i don't think? i should try that now.

also, you can use kodinator for branches and asm to ards to compile, no need for anything else.

e2: yep! the ar hack doesn't seem to work.

here's an example, the backlight adjustment code for white:

94000130 FCFB0000
023FE074 012FFF11
E0000000 000000A8
E28F0001 E12FFF10
A21AB5F0 88234C24
80138811 D02A428B
25803490 F0002000
1C06F82A F0002004
2703F826 21404007
D003420B 420B2180
E018D00C 4231210C
2F03D006 1C79D013
F0002004 E00EF816
E0094331 438E210C
2F001C31 1E79D004
F0002004 E002F80A
F0002000 BCF0F806
4718BC08 30800000
88222100 D1FC422A
80224A08 88208060
D1FC4228 80220C12
88228061 D1FC422A
21FF8860 47704008
04000130 80028802
023FE074 E3520003
D2000000 00000000

you can see, yours is set up just like this code, so it should be working.

liaF cipE

liaF cipE

Posted
  • Author
Posted
  Bond697 said:
where are you trying this? desmume?

e:

here:

.text

.org 0

.arm

_start:

push {r1,r12}

ldr r1, =0x4EBAA14D

ldr r12, =0x2234A40

str r1, [r12]

ldr r1, =0xB4E89F82

str r1, [r12, #0x4]

ldr r1, =0x0E6C13CE

str r1, [r12, #0x8]

ldr r1, =0xAA1A10A6

str r1, [r12, #0xC]

pop {r1,r12}

bx lr

.pool

no need for that extra space in the literal pool.

I am trying this in-game, (and not saving when it doesn't work xD). The weird thing is that the normal hex code works perfectly fine (consistantly too, so its not like my game got screwed up or something), whereas the asembler version doesn't, and they should be doing the exact same thing...... IDK, I'll try the edit and see if it works.

edit: Still doesn't work.... code:

  Reveal hidden contents

To get the code, I am using the Kenobi ASM to ARDS with the ARM ASM kit that creates the .bin file ASM to ARDS requires. (I also have the arm7 fixa and extractor, but I don't think they are really used here.) Do I need something else to get it to work?

Bond697

Bond697

Posted
Posted

try this to test:

94000130 FFFB0000
023FE074 012FFF11
E0000000 00000020
E92D0003 E59F000C
E59F100C E5801000
E8BD0003 E12FFF1E
0223CDCC 01111111
023FE074 E3520003
D2000000 00000000

get in-game and hit select, then look at your money and it should have changed.

it has to be on a real ards, though. the ardsi might have the address of the code handler changed, i'm not sure. i can't get my ar to work at the moment, or i would try it. if the ardsi's code handler address changed, then there ar hack to execute e-codes wouldn't work on them.

also, asm to ards doesn't require a bin file. just type the assembly in and hit compile.

liaF cipE

liaF cipE

Posted
  • Author
Posted
  Bond697 said:
try this to test:

94000130 FFFB0000
023FE074 012FFF11
E0000000 00000020
E92D0003 E59F000C
E59F100C E5801000
E8BD0003 E12FFF1E
0223CDCC 01111111
023FE074 E3520003
D2000000 00000000

get in-game and hit select, then look at your money and it should have changed.

it has to be on a real ards, though. the ardsi might have the address of the code handler changed, i'm not sure. i can't get my ar to work at the moment, or i would try it. if the ardsi's code handler address changed, then there ar hack to execute e-codes wouldn't work on them.

also, asm to ards doesn't require a bin file. just type the assembly in and hit compile.

Still didn't work :(

I am using an ardsi, so that might be the problem. Weird though, considering all other codes have worked thus far.

Also, for asm to ards, I put the code in the box and hit the asm to ards button, and it gives me an error that it can't find the file source.bin. After I use the one program to make a .bin from the asm source file, rename it to source and put it with asm to ards, putting in the code and hitting the button works just fine.

Bond697

Bond697

Posted
Posted

you know what? i just tried the backlight code on my ds with an ards. it's an ar code handler hack too. it doesn't work. i'm wondering if, when they updated the ar firmware, they changed where in ram the ar code handler sits to accomodate the new dtcm(and stacks) the ds sdk now uses so that the ar would stay well out of range of any nintendo code. that would explain it perfectly. and it means that that ar hack isn't usable any more. that code i had you test should work 100% of the time, but it doesn't. that explains it perfectly. and really screws this over.

liaF cipE

liaF cipE

Posted
  • Author
Posted
  Bond697 said:
you know what? i just tried the backlight code on my ds with an ards. it's an ar code handler hack too. it doesn't work. i'm wondering if, when they updated the ar firmware, they changed where in ram the ar code handler sits to accomodate the new dtcm(and stacks) the ds sdk now uses so that the ar would stay well out of range of any nintendo code. that would explain it perfectly. and it means that that ar hack isn't usable any more. that code i had you test should work 100% of the time, but it doesn't. that explains it perfectly. and really screws this over.

......crap :( I guess I can use manual values or something but that really kills this. hopefully someone will be able to find the new addresses or something to get asm codes to work in the future, but for now this seems doomed. Thanks for the help though.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...