Metropolis Posted August 23, 2016 Share Posted August 23, 2016 The offsets in the first post for the mystery gift section don't add up properly - take a look at it to see what I mean. Link to comment Share on other sites More sharing options...
Cockatoo2 Posted August 23, 2016 Share Posted August 23, 2016 The offsets in the first post for the mystery gift section don't add up properly - take a look at it to see what I mean. I agree they don't seem right. Attached is a sav for FireRed 1.1 and I added the Aurora ticket acording to the post on the first page. I may have added it wrong though. And so far it does corrupt the save, becuase when I do load the save, it says The save file is corrupt, using the last save file. So hopefully I added it right. [ATTACH]13658[/ATTACH] Link to comment Share on other sites More sharing options...
Cockatoo2 Posted August 23, 2016 Share Posted August 23, 2016 The offsets in the first post for the mystery gift section don't add up properly - take a look at it to see what I mean. Metro, try this save as well. When I was going through the old posts of the thread. BlackShark said the mystery gift script checksum was at 0x8B0 and the first post said 0x79C, a difference of 0x114. So I took the 0x460 of the wondercard checksum and added the 0x114 to it, and changed where I put the wondercard data. So here is another FireRed 1.1 save with the wondercard data added, but in a new spot at 0x574. [ATTACH]13659[/ATTACH] Link to comment Share on other sites More sharing options...
Cockatoo2 Posted August 23, 2016 Share Posted August 23, 2016 I don't know what the four header bytes are supposed to be either, hence why they're manually editable.I'm going to look through example SAV files to see what headers they have there and check that the offsets/checksum is coded properly. It's fair to assume that using 0 for the four bytes won't work though. One last thing. This is just me trying to figure something out, but I might have a solution to the header bytes if these values work. Can you try putting in a FireRed1.1 save. And as the header bytes put E8 in the first one, 03 in the second, FF in the third, and FF in the fourth. And then for the mystery gift to upload, use the Aurora ticket. If this works, then I have solved the header bytes, if it doesn't, well back to the drawing board. Link to comment Share on other sites More sharing options...
Cockatoo2 Posted August 23, 2016 Share Posted August 23, 2016 The offsets in the first post for the mystery gift section don't add up properly - take a look at it to see what I mean. Sorry I'm giving you so much to test, but I think saves 1 and 2 are bad, check them anyways, but I am going to upload saves 3-6 if you could test them as well. I might post a 7 and 8, in a little bit if I do. [ATTACH]13662[/ATTACH] is at offset 0x79C [ATTACH]13661[/ATTACH] is at offset 0x8B0 [ATTACH]13663[/ATTACH] is at offset 0x7A1 [ATTACH]13664[/ATTACH] is at offset 0x8B5 Link to comment Share on other sites More sharing options...
Metropolis Posted August 23, 2016 Share Posted August 23, 2016 Even after correcting the checksums on those saves I get heavy corruption in the party Pokemon - I think you messed up inserting the data in those. I'll try the different offsets suggested by BlackShark. Link to comment Share on other sites More sharing options...
Cockatoo2 Posted August 23, 2016 Share Posted August 23, 2016 Okay, try those and see if anything changes then Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
Metropolis Posted August 23, 2016 Share Posted August 23, 2016 Here it is.The Eon Ticket is in an area (Section 4 0x810 - 0xBFB) where theoretically any custom script up to 1004 bytes could be saved. Those could even be assigned to a different NPC. More about that here: http://forums.glitchcity.info/index.php?topic=7114.0 Since the values needed for record mixing are right after this area I thought I could just extract them too. That's why this file has 1012 bytes. Ah-ha this post is what I needed - section 4 means the block-shuffling algorithm must be implemented. I've coded this in Java before so can implement the same section detection in Javascript then update the online tool I posted earlier to calculate the offsets in the same way. Expect a working version in the next few weeks. Link to comment Share on other sites More sharing options...
Cockatoo2 Posted August 23, 2016 Share Posted August 23, 2016 Ah-ha this post is what I needed - section 4 means the block-shuffling algorithm must be implemented.I've coded this in Java before so can implement the same section detection in Javascript then update the online tool I posted earlier to calculate the offsets in the same way. Expect a working version in the next few weeks. Why would it take a few weeks? Not trying to be pushy but why so long? Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
Metropolis Posted August 23, 2016 Share Posted August 23, 2016 Why would it take a few weeks? Not trying to be pushy but why so long?Sent from my iPhone using Tapatalk I have a full time job, a social life and other commitments! These games have been out over a decade now, is three weeks such a wait?! The routine for identifying the save indices, jumping to the correct offsets and checksumming different data lengths is tricky to code too. Link to comment Share on other sites More sharing options...
Cockatoo2 Posted August 23, 2016 Share Posted August 23, 2016 I'm sorry, we have just been waiting for so long, but it could be worse. Thank you for your work so far too Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
Guest Posted August 24, 2016 Share Posted August 24, 2016 What's this all about? Why you guys start this research all over again? All the work is done already. Regarding the Mystery Gift checksum routine, there's a reason why we keep it as a secret for now. It's very important that it doesn't falls into wrong hands and that's why we didn't made it public. Otherwise we might have serious trouble when it comes to collecting the missing official Events. I'm very busy recently but I'm trying really hard to get the missing Mystery Gifts together. Instead of reading only demands it would be really nice if more people would try to contribute to the project. You can do this for example by contacting people who potentially attended to Events and make them aware of the project. The more soon we get things together, the more secure the release of the Tool will be. That's all I can say for now. Everything else is not entirely in my hands. We sacrifice our time for this for free and everything needs time. Link to comment Share on other sites More sharing options...
Cockatoo2 Posted August 24, 2016 Share Posted August 24, 2016 I'm very busy recently but I'm trying really hard to get the missing Mystery Gifts together. Instead of reading only demands it would be really nice if more people would try to contribute to the project. You can do this for example by contacting people who potentially attended to Events and make them aware of the project. Okay, I might be able to find some people who have some of the missing events. Is there any order of importance the rest of the events we need are? What's this all about?Regarding the Mystery Gift checksum routine, there's a reason why we keep it as a secret for now. It's very important that it doesn't falls into wrong hands and that's why we didn't made it public. Otherwise we might have serious trouble when it comes to collecting the missing official Events. And when the tool is released and we have collected all the events, will the checksum routine then be public, or are we still going to keep it hidden? I only ask because once the tool is working and we have all the events, we will be able to know which events are real and which are fake, since we have them all. Link to comment Share on other sites More sharing options...
Guest Posted August 24, 2016 Share Posted August 24, 2016 (edited) Okay, I might be able to find some people who have some of the missing events. Is there any order of importance the rest of the events we need are? That would be really cool! We're still looking for what you see in the first post. Specifically the American Mystic Tickets. So if you know or find someone on the Internet who attended to one of the Events it would be great if you could contact that person. They were distributed at the Nintendo World Store in New York, TCG World Championship and Pokémon Rocks America all in 2005. Regarding the Egg Events, I have almost given up on them, since we would need every single one of them. Which IMO is impossible to archieve, would still be nice if we have at least one of those just to check them out. And when the tool is released and we have collected all the events, will the checksum routine then be public, or are we still going to keep it hidden? I only ask because once the tool is working and we have all the events, we will be able to know which events are real and which are fake, since we have them all. Well... the checksum routine... if we ever make the checksum routine public... we're thinking about that... I just don't see a useful reason for it now, since it would give people the ability to do literally everything they want... Imagine if we published it earlier... it would have been way tougher to confirm what's legit and what's not... Because we don't have a real distribution rom and can only work with the information we have from the received Mystery Gifts... There are some small details who can be used about an indicator about what's real and what's not. We're actually really lucky that we're one of the only people who can hack Mystery Gifts ect! This is something lostaddict and me realized and so we decided to make this research non-public from that moment on. When he left and suloku started to working with me, I gave him the informations about the routine since he's part of the Team now. Edit: I mean if requested Metropolis could also try to make a Java version of the Tool, similar to like what lostaddict did. I still have the (nonfunctional) Alpha Version of his Tool somewhere. Edited August 24, 2016 by ajxpkm Link to comment Share on other sites More sharing options...
Cockatoo2 Posted August 24, 2016 Share Posted August 24, 2016 That would be really cool!We're still looking for what you see in the first post. Specifically the American Mystic Tickets. So if you know or find someone on the Internet who attended to one of the Events it would be great if you could contact that person. They were distributed at the Nintendo World Store in New York, TCG World Championship and Pokémon Rocks America all in 2005. Regarding the Egg Events, I have almost given up on them, since we would need every single one of them. Which IMO is impossible to archieve, would still be nice if we have at least one of those just to check them out. Well... the checksum routine... if we ever make the checksum routine public... we're thinking about that... I just don't see a useful reason for it now, since it would give people the ability to do literally everything they want... Imagine if we published it earlier... it would have been way tougher to confirm what's legit and what's not... Because we don't have a real distribution rom and can only work with the information we have from the received Mystery Gifts... There are some small details who can be used about an indicator about what's real and what's not. We're actually really lucky that we're one of the only people who can hack Mystery Gifts ect! This is something lostaddict and me realized and so we decided to make this research non-public from that moment on. When he left and suloku started to working with me, I gave him the informations about the routine since he's part of the Team now. Edit: I mean if requested Metropolis could also try to make a Java version of the Tool, similar to like what lostaddict did. I still have the (nonfunctional) Alpha Version of his Tool somewhere. If you still have the copy of the nonfunctional tool, it would be interesting to look at the code of it. Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
Guest Posted August 24, 2016 Share Posted August 24, 2016 It's early phase and doesn't has much interesting to it unfortunately. But it could still be used in case someone wants to craft a Java version. lostaddict said he will provide us with the source code of the latest beta but unfortunately he didn't. suloku's Tool however is way more progressed and a lot of way more interesting functionality. So it's better to wait for this one. Link to comment Share on other sites More sharing options...
Metropolis Posted August 24, 2016 Share Posted August 24, 2016 If you still have the copy of the nonfunctional tool, it would be interesting to look at the code of it.Sent from my iPhone using Tapatalk Here's the tool: Mystery Gift Editor Tested on an Emerald and Leaf Green save, it correctly identified and checksummed all the save sections. Opening a file then downloading it is an easy way to fix broken checksums on a section level. Still no progress with the mystery gift specific checksum. The region read/written from is as suggested by BlackShark. Source code can be found here and using Chrome Debugger on the site to see the sources. Link to comment Share on other sites More sharing options...
Metropolis Posted August 25, 2016 Share Posted August 25, 2016 Here's my implementation of Morfeo's algorithm in Javascript: Can't get a matching checksum for the mystery gift data yet, so either the seed, tabs or code is wrong: var tabs = [0x0000, 0x0001, 0x0fcf, 0xe017, 0x3001, 0x0f00, 0xb019, 0x302d, 0x0001, 0xc017, 0xfdb0, 0x1bf0, 0x6770, 0x51f0, 0x19f0, 0x01f0, 0xbbf0, 0x9037, 0xfe30, 0x0f00, 0x6e00, 0x0200, 0x5700, 0x5b40, 0x6130, 0x640f, 0x7800, 0xe0ce, 0x101d, 0xf012, 0x1001, 0xee00, 0xe029, 0xeeee, 0x0001, 0x0eb0, 0x16e0, 0xee30, 0x1677, 0xee00, 0x20b0, 0x2f40, 0x170e, 0xc017, 0x201b, 0x301a, 0xfdd0, 0x4bb0, 0x1cf0, 0x19f0, 0x0170, 0xf330, 0xe0f0, 0x20d0, 0xff30, 0x0b50, 0xdff0, 0xe2b0, 0xc010, 0xc310, 0xdb00, 0x7810, 0x02ef, 0x30eb, 0x0009, 0x0012, 0x0e10, 0xa2d0, 0x8810, 0x23f0, 0xb800, 0x00d0, 0x0000, 0xdddd, 0xd0dd, 0x2cdd, 0xddc0, 0x16dd, 0x0016, 0x1001, 0x00dd, 0x770d, 0xa018, 0x202b, 0x0001, 0x0dc0, 0x3020, 0x1b30, 0x1afb, 0xc031, 0xc01c, 0xf019, 0xd1c6, 0x2117, 0x0f50, 0x0621, 0xffff, 0x010c, 0x2003, 0x0020, 0xc117, 0x3107, 0x3101, 0x0003, 0x2113, 0xff00, 0xfc31, 0x1311, 0xa950, 0xf390, 0x0b70, 0xfb00, 0xe700, 0xd0fe, 0x0002, 0xe00f, 0x1012, 0x90ac, 0x10d6, 0xf0bc, 0x2001, 0xcc0b, 0x00c0, 0xcccc, 0xc013, 0xc010, 0x1330, 0x011f, 0x0000, 0x0cf0, 0x1720, 0x17d0, 0x33f0, 0x1980, 0x64ff, 0xf01b, 0xf13b, 0xc13b, 0x4006, 0xf137, 0x2137, 0x412f, 0x1119, 0xff10, 0x0640, 0x0ad1, 0x3731, 0x1760, 0xfa00, 0x0721, 0x2301, 0x0cfd, 0x1006, 0x0010, 0x01ed, 0x101c, 0x512f, 0xc1fc, 0xc021, 0x1fde, 0x00bd, 0x700f, 0xc021, 0x2f11, 0x3210, 0x1560, 0x18cc, 0x33cc, 0x0c90, 0x0fb0, 0x01b0, 0xbbf0, 0x1300, 0x1322, 0xbbbb, 0x1001, 0x00bb, 0x0bb0, 0x17b0, 0xef50, 0x17d0, 0x3230, 0x17bb, 0xb02f, 0xf01e, 0xf019, 0x6462, 0xfff1, 0x6310, 0x1111, 0x5c41, 0x4611, 0x3b12, 0x8c41, 0x3f41, 0x3bfc, 0x1129, 0x412d, 0xb006, 0xf253, 0x5253, 0x1127, 0x00cc, 0x7f0c, 0x312e, 0x0241, 0x0004, 0x1007, 0x5123, 0x8253, 0x20ba, 0xff91, 0x0021, 0x1b01, 0x0400, 0x0200, 0xd340, 0x1c90, 0x0ff0, 0xff40, 0xaaf0, 0x1200, 0xaa00, 0xa0aa, 0xaa8f, 0x0001, 0x0aaa, 0xaa80, 0x1500, 0x1340, 0x1600, 0x20bf, 0xa02f, 0xa030, 0x1720, 0x1af0, 0x4c40, 0x1af0, 0x19e6, 0xc7ff, 0xb167, 0x400a, 0xf2c7, 0x52c3, 0x42c7, 0x4178, 0xf183, 0x6183, 0xff11, 0x6df1, 0x7fb2, 0xb342, 0xaf71, 0x7b60, 0x06f1, 0x7771]; var mysteryChecksum = function (bytes) { var seed = 0x8530; var i, current, tabIndex, tabValue, reverseTab; for (i = 0; i < bytes.length; i += 1) { current = bytes; tabIndex = (current ^ seed) & 0xFF; tabValue = tabs[tabIndex]; reverseTab = ((tabValue & 0xff) << 8) + (tabValue >> 8); seed = reverseTab ^ (seed >> 16); } seed = (~seed) & 0xffff; return seed; }; var bytes = [123, 45, 6]; var checksum = mysteryChecksum(bytes); console.log('Calculated mystery checksum:'); console.log(checksum & 0xff); console.log(checksum >> 8); Link to comment Share on other sites More sharing options...
suloku Posted August 26, 2016 Share Posted August 26, 2016 Ok, seems like time to try feeding some info into this thread. I know this seems a long wait, but we want the OFFICIAL events. If you only want the legit pokemon, one can do so with Morpheo's codes, then erase the wondercard. The result is exactly the same as with the official one. For eon ticket you can just put your savegame on the USA rom and use the eon ticket e-card, or mix records with a usa game with the eon ticket e-card if you want to keep the savegame clean. As axjpkm stated, all this delay and keeping the wondercard algorythm closed has the only purpose of minimizing the chances of getting faked wondercards contributed. This doesn't mean we can't get fooled, but now that we are only missing 6 events (two if not counting different versions of USA mistyc ticket we are missing) the chances are lower. Anyone with enough ASM skills could get what is needed, and it actually has been done before, but no one made it public. My personal opinion is that by providing a way to fully customize wondercards people won't feel the need to go and fake them. I doubt anyone will go trough the trouble of asm reverse engineering the checksum function just to scam us (or make profit trough ebay or something), but if the algorythm is available it would only need a basic coding knowledge to make fake wondercards. I haven't worked on the actual tool for a while since we are just waiting for the missing tickets (even though I expect bugs to appear, but overall it should do it's job with no problem), but I guess I can tell all of you that the nds(original/lite) and gc/wii injection tools have already been coded. They are basic and simple, but do the job. Also, I recently (two days ago) got a spanish FRLG savegame with Aurora ticket from the actual event, the one we already had was received by sending the cartridge to nintendo spain back when the service was still running. The wondercards are exactly the same, so I bet it was the same machine as in the events. And I don't remember if I already posted this, but technically speaking I'm pretty sure USA mistyc tickets could be received in european cartridges, even for european emerald, which would have had a narrow ~36h window from european release to fly to the USA event and receive the wondercard, but it still makes those events probably legit in european languages other than english. This is based in the following: - We know the USA aurora ticket distro device is compatible with european games (english WC is sent) - Non-jap game can send the wondercard (if edited to be shareable) to any non-jap game, regardless of language (WC text and script remains in original language, but the point is that the transfer is not region locked). Of course a mistyc ticket distribution device would be the best to confirm this, but we don't have one and doesn't seem to be anyone on the net that owns one. Link to comment Share on other sites More sharing options...
Invader TAK Posted August 26, 2016 Share Posted August 26, 2016 Ok, seems like time to try feeding some info into this thread.My personal opinion is that by providing a way to fully customize wondercards people won't feel the need to go and fake them. I doubt anyone will go trough the trouble of asm reverse engineering the checksum function just to scam us (or make profit trough ebay or something), but if the algorythm is available it would only need a basic coding knowledge to make fake wondercards. Couldn't agree more. Plus it'll be fun to mess around with the unused features. I haven't worked on the actual tool for a while since we are just waiting for the missing tickets (even though I expect bugs to appear, but overall it should do it's job with no problem), but I guess I can tell all of you that the nds(original/lite) and gc/wii injection tools have already been coded. They are basic and simple, but do the job. Nice! Can't wait to add that to the flash cart with the Gen 4 and 5 Distro ROMs. Link to comment Share on other sites More sharing options...
Metropolis Posted August 28, 2016 Share Posted August 28, 2016 FRLG/Emerald Mystery Gift injector To respect the wishes of the users here working hard to acquire legit wonder cards, I have dropped custom wonder card editing (inc the checksum) from the tool. Two 128K save files are required - the first is a SAV in which the wonder card, wonder news and mystery gift script are to be injected. The second is another save file that contains the mystery card/news/gift to be copied across. There are at least two valid saves attached to earlier posts on this thread. This has been tested on a FireRed save (copying over a legit German AuroraTicket from LeafGreen) and an Emerald save (copying over a legit English AuroraTicket from Emerald). In both cases the Wonder Card appeared correctly, the ticket could be received from the Green man in The Pokemon Center and functioned correctly allowing Birth Island access. The tool can also be used as a quick way to correct section checksums corrupted by hex editing - simply load the file in then download and the existing save is preserved but with the checksums corrected. Link to comment Share on other sites More sharing options...
LordHelix Posted August 29, 2016 Share Posted August 29, 2016 FRLG/Emerald Mystery Gift injectorTo respect the wishes of the users here working hard to acquire legit wonder cards, I have dropped custom wonder card editing (inc the checksum) from the tool. Two 128K save files are required - the first is a SAV in which the wonder card, wonder news and mystery gift script are to be injected. The second is another save file that contains the mystery card/news/gift to be copied across. There are at least two valid saves attached to earlier posts on this thread. This has been tested on a FireRed save (copying over a legit German AuroraTicket from LeafGreen) and an Emerald save (copying over a legit English AuroraTicket from Emerald). In both cases the Wonder Card appeared correctly, the ticket could be received from the Green man in The Pokemon Center and functioned correctly allowing Birth Island access. The tool can also be used as a quick way to correct section checksums corrupted by hex editing - simply load the file in then download and the existing save is preserved but with the checksums corrected. It works good. Thank you. Link to comment Share on other sites More sharing options...
dasrin Posted August 31, 2016 Share Posted August 31, 2016 Hi everyone, may i have one save with eon ticket emerald version and anothe of old sea map emerald version please. I can not find the saves files. Link to comment Share on other sites More sharing options...
LordHelix Posted August 31, 2016 Share Posted August 31, 2016 Hi everyone, may i have one save with eon ticket emerald version and anothe of old sea map emerald version please. I can not find the saves files. You can get easly Eon ticket on your own Emerald save file by mixing records with Ruby/Saphire save file that contains Eon ticket. In this thread you can find a video (you can search on YT too) that explains how to get Eon ticket on Ruby/Saphire. But you can get Old Ticket only on Japanese save files using Japanese injecting tools. You can get unofficial cards with Morfeo codes. Link to comment Share on other sites More sharing options...
Invader TAK Posted August 31, 2016 Share Posted August 31, 2016 You can get easly Eon ticket on your own Emerald save file by mixing records with Ruby/Saphire save file that contains Eon ticket. In this thread you can find a video (you can search on YT too) that explains how to get Eon ticket on Ruby/Saphire. But you can get Old Ticket only on Japanese save files using Japanese injecting tools. You can get unofficial cards with Morfeo codes. There's also Trigger's PC for getting the Eon Ticket, but that requires entering the Hall of Fame. Link to comment Share on other sites More sharing options...
Recommended Posts