Andibad Posted December 3, 2015 Posted December 3, 2015 (edited) in short sir0 is an game configuration container, so that why each sir0 file is have different structure. FARC file is have 3 main part : Header, SIR0 (as FAT), and DAT , SIR0 in here used as FAT, which is have 2 type of them, 0x4 and 0x5. i already test my tool for most farc file on SMD, is working fine to find correct offset for each file. idk if is have more than 2 type SIRO FAT on it ... but i will check it later. here for SIR0 / FARC or related on it structure : 0x0 - FARC (Magic Header)0x20 - Type of FAT SIR0* 0x24 - first SIR0 Offset as FAT 0x28 - first SIR0 Length as FAT 0x2C - first DAT offset 0x30 - first DAT Length (with first SIR0 last padding) each volume used 0x20 byte 0x0 : SIR0 magic header0x4 : game config header offset 0x8 : pointer offset (is related on 3DS Virtual Memory) 0x0 : start Offset0x4 : file count 0x8 : file name flag (0: with name, 1 : without name) 0x0 : filename offset0x4 : data offset 0x8 : data lenght 0xc : 0x0 0x0 : filename offset0x4 : data offset 0x8 : data lenght well i try encode file on message.bin (packed with FARC container). well too much character is used as code 0x0 : file offset0x4 : file name offset (is not file lenght) 0x8 : ?? (i think is attribute on text ...) here for tools : https://dl.dropboxusercontent.com/u/3122097/SIR0Reader.7z is still WIP, common FARC is can be extracted as raw file. but not working to read SIR0 Message on debug_message file since this tools used static method for read file offset on SIR0, not dynamic one (used Pointer Data). Edited December 3, 2015 by Andibad
psy_commando Posted December 3, 2015 Author Posted December 3, 2015 in short sir0 is an game configuration container, so that why each sir0 file is have different structure. FARC file is have 3 main part : Header, SIR0 (as FAT), and DAT , SIR0 in here used as FAT, which is have 2 type of them, 0x4 and 0x5. i already test my tool for most farc file on SMD, is working fine to find correct offset for each file. idk if is have more than 2 type SIRO FAT on it ... but i will check it later. I seriously doubt that SIR0 is only for configuration though. I've seen plenty of images, archives, compressed stats data, and etc that were wrapped into a SIR0 for no apparent reasons in the past. Especially in PMD:Explorers of Sky. It seems to me like its just a way to load any constant data structures at runtime directly into the 3ds's memory, and have the code use it as-is from an arbitrary memory position. (And its really easy to crash the game and writing in a lot of places you're not supposed to with that file format A single error in the encoded pointer list is enough to corrupt most pointers after they're translated, and thus write pretty much anywhere in the allocated user space memory. I made a mistake once, and the game began writing into the OAM, or maybe even the video memory, and things started looking pretty crazy on-screen ) And about the different types of FAT, 2 types sounds about right. I've only seen 2 variations so far. (for models files at least) But it depends on what you want to do. Are you writing a FARC extractor, or something else ? Because, there are probably a lot of variations of the SIR0's content around. here for SIR0 / FARC or related on it structure : well i try encode file on message.bin (packed with FARC container). well too much character is used as code here for tools : https://dl.dropboxusercontent.com/u/3122097/SIR0Reader.7z is still WIP, common FARC is can be extracted as raw file. but not working to read SIR0 Message on debug_message file since this tools used static method for read file offset on SIR0, not dynamic one (used Pointer Data). Nice work with those FARC files ! Interestingly, the message_debug.bin archive seems to contain many "string database" files that were used in GTI. They all seem to match my notes : https://dl.dropboxusercontent.com/u/13343993/my_pmd_research_files/PMD_GTI/FileFormats/string_database.txt But the message.bin seems to contain those too, only the strings that each pointers refer to isn't in the SIR0 container itself.. I wonder what this means.. (I only got the Japanese ROM right now though ) What's even more intriguing is that, the function used to load the game strings for menus still refers to the "message" directory, which is missing in PSMD. MENU:LoadMenuTextPool("message/staff.bin") So, I'd guess, they modified that to pull text from somewhere else ? Possibly involving that message.bin file ? EDIT: Also, nvm about the strings missing from the string files within the message.bin file.. Its a bit too early for me to say I guess.. There's a possibility that UTF characters don't show up properly in my hex edtior, and well, I think I'll have an easier time once I can dump my NA rom.. ^^; And the message.lst file seems to contain the file names for the "string database" files within the message.bin file ! Or at least, that's what I'm assuming.
Thunder Posted December 4, 2015 Posted December 4, 2015 I decrypted my US rom and extracted the romfs. I might not know much about 3DS hacking, but I hope I could be of some use. Judging from all the debug files, is there a chance that a usable debug menu exists? I hope so.
Andibad Posted December 4, 2015 Posted December 4, 2015 debug message is used 8 byte on header FAT, i just suspect pointer table is just table of length each file on header FAT. common.bin is have 0xc length each file which is filenameoffset, dataoffset and file lenght, on pointer table say 0xc too and pointer table length fit with file count (-1). SIR0 Pointer table on common.bin : 04 04 9C 84 14 0C 0C 0C 0C 0C 0C 0C 0C 0C 0C 0C [end with 0x10 0x00] i suspect 0x0c is not padding, but is seems length of header FAT on each file. italic one is seems an flag .. but i still not sure. sir0 on FARC is have 0x20 on it without 0xXX padding value. since i only have SMD us on my PC, maybe i need to extract GI too (us/jp version).
psy_commando Posted December 6, 2015 Author Posted December 6, 2015 debug message is used 8 byte on header FAT, i just suspect pointer table is just table of length each file on header FAT. common.bin is have 0xc length each file which is filenameoffset, dataoffset and file lenght, on pointer table say 0xc too and pointer table length fit with file count (-1). SIR0 Pointer table on common.bin : 04 04 9C 84 14 0C 0C 0C 0C 0C 0C 0C 0C 0C 0C 0C [end with 0x10 0x00] i suspect 0x0c is not padding, but is seems length of header FAT on each file. italic one is seems an flag .. but i still not sure. sir0 on FARC is have 0x20 on it without 0xXX padding value. since i only have SMD us on my PC, maybe i need to extract GI too (us/jp version). The encoded pointer list must end on a 0. It will keep going until it hits one. So, yep, that's not padding. All those 0xC are actually offsets to pointers within the SIR0 container. http://projectpokemon.org/wiki/Pmd2_SIR0#Pointer_Offsets_List
Andibad Posted December 7, 2015 Posted December 7, 2015 (edited) Also, nvm about the strings missing from the string files within the message.bin file.. Its a bit too early for me to say I guess.. There's a possibility that UTF characters don't show up properly in my hex edtior, and well, I think I'll have an easier time once I can dump my NA rom.. ^^; And the message.lst file seems to contain the file names for the "string database" files within the message.bin file ! Or at least, that's what I'm assuming. i was think is just an id for script for get an string or icon (type,item,etc). so is have weird unicode on it, so i advice just look it on hex on sir0 content (not converted text one, it might not correct to convert them). example : Use it to teach the move \x65533{591}. But you can't use it on a Pokémon that has already learned or can't learn the move. \x65533{0} is for call move string list with single value. http://pastebin.com/Pp2DbNFE Pound Karate Chop Double Slap Comet Punch Mega Punch Pay Day Fire Punch Ice Punch Thunder Punch Scratch Vice Grip Guillotine Razor Wind Swords Dance Cut Gust Wing Attack Whirlwind Fly Bind Slam Vine Whip Stomp Double Kick Mega Kick Jump Kick Rolling Kick Sand Attack Headbutt Horn Attack Fury Attack Horn Drill Tackle Body Slam Wrap Take Down Thrash Double-Edge Tail Whip Poison Sting Twineedle Pin Missile Leer Bite Growl Roar Sing Supersonic Sonic Boom Disable Acid Ember Flamethrower Mist Water Gun Hydro Pump Surf Ice Beam Blizzard Psybeam Bubble Beam Aurora Beam Hyper Beam Peck Drill Peck Submission Low Kick Counter Seismic Toss Strength Absorb Mega Drain Leech Seed Growth Razor Leaf Solar Beam Poison Powder Stun Spore Sleep Powder Petal Dance String Shot Dragon Rage Fire Spin Thunder Shock Thunderbolt Thunder Wave Thunder Rock Throw Earthquake Fissure Dig Toxic Confusion Psychic Hypnosis Meditate Agility Quick Attack Rage Teleport Night Shade Mimic Screech Double Team Recover Harden Minimize Smokescreen Confuse Ray Withdraw Defense Curl Barrier Light Screen Haze Reflect Focus Energy Bide Metronome Mirror Move Self-Destruct Egg Bomb Lick Smog Sludge Bone Club Fire Blast Waterfall Clamp Swift Skull Bash Spike Cannon Constrict Amnesia Kinesis Soft-Boiled High Jump Kick Glare Dream Eater Poison Gas Barrage Leech Life Lovely Kiss Sky Attack Transform Bubble Dizzy Punch Spore Flash Psywave Splash Acid Armor Crabhammer Explosion Fury Swipes Bonemerang Rest Rock Slide Hyper Fang Sharpen Conversion Tri Attack Super Fang Slash Substitute Struggle Sketch Triple Kick Thief Spider Web Mind Reader Nightmare Flame Wheel Snore Curse Flail Conversion 2 Aeroblast Cotton Spore Reversal Spite Powder Snow Protect Mach Punch Scary Face Feint Attack Sweet Kiss Belly Drum Sludge Bomb Mud-Slap Octazooka Spikes Zap Cannon Foresight Destiny Bond Perish Song Icy Wind Detect Bone Rush Lock-On Outrage Sandstorm Giga Drain Endure Charm Rollout False Swipe Swagger Milk Drink Spark Fury Cutter Steel Wing Mean Look Attract Sleep Talk Heal Bell Return Present Frustration Safeguard Pain Split Sacred Fire Magnitude Dynamic Punch Megahorn Dragon Breath Baton Pass Encore Pursuit Rapid Spin Sweet Scent Iron Tail Metal Claw Vital Throw Morning Sun Synthesis Moonlight Hidden Power Cross Chop Twister Rain Dance Sunny Day Crunch Mirror Coat Psych Up Extreme Speed Ancient Power Shadow Ball Future Sight Rock Smash Whirlpool Beat Up Fake Out Uproar Stockpile Spit Up Swallow Heat Wave Hail Torment Flatter Will-O-Wisp Memento Facade Focus Punch Smelling Salts Follow Me Nature Power Charge Taunt Helping Hand Trick Role Play Wish Assist Ingrain Superpower Magic Coat Recycle Revenge Brick Break Yawn Knock Off Endeavor Eruption Skill Swap Imprison Refresh Grudge Snatch Secret Power Dive Arm Thrust Camouflage Tail Glow Luster Purge Mist Ball Feather Dance Teeter Dance Blaze Kick Mud Sport Ice Ball Needle Arm Slack Off Hyper Voice Poison Fang Crush Claw Blast Burn Hydro Cannon Meteor Mash Astonish Weather Ball Aromatherapy Fake Tears Air Cutter Overheat Odor Sleuth Rock Tomb Silver Wind Metal Sound Grass Whistle Tickle Cosmic Power Water Spout Signal Beam Shadow Punch Extrasensory Sky Uppercut Sand Tomb Sheer Cold Muddy Water Bullet Seed Aerial Ace Icicle Spear Iron Defense Block Howl Dragon Claw Frenzy Plant Bulk Up Bounce Mud Shot Poison Tail Covet Volt Tackle Magical Leaf Water Sport Calm Mind Leaf Blade Dragon Dance Rock Blast Shock Wave Water Pulse Doom Desire Psycho Boost Roost Gravity Miracle Eye Wake-Up Slap Hammer Arm Gyro Ball Healing Wish Brine Natural Gift Feint Pluck Tailwind Acupressure Metal Burst U-turn Close Combat Payback Assurance Embargo Fling Psycho Shift Trump Card Heal Block Wring Out Power Trick Gastro Acid Lucky Chant Me First Copycat Power Swap Guard Swap Punishment Last Resort Worry Seed Sucker Punch Toxic Spikes Heart Swap Aqua Ring Magnet Rise Flare Blitz Force Palm Aura Sphere Rock Polish Poison Jab Dark Pulse Night Slash Aqua Tail Seed Bomb Air Slash X-Scissor Bug Buzz Dragon Pulse Dragon Rush Power Gem Drain Punch Vacuum Wave Focus Blast Energy Ball Brave Bird Earth Power Switcheroo Giga Impact Nasty Plot Bullet Punch Avalanche Ice Shard Shadow Claw Thunder Fang Ice Fang Fire Fang Shadow Sneak Mud Bomb Psycho Cut Zen Headbutt Mirror Shot Flash Cannon Rock Climb Defog Trick Room Draco Meteor Discharge Lava Plume Leaf Storm Power Whip Rock Wrecker Cross Poison Gunk Shot Iron Head Magnet Bomb Stone Edge Captivate Stealth Rock Grass Knot Chatter Judgment Bug Bite Charge Beam Wood Hammer Aqua Jet Attack Order Defend Order Heal Order Head Smash Double Hit Roar of Time Spacial Rend Lunar Dance Crush Grip Magma Storm Dark Void Seed Flare Ominous Wind Shadow Force Hone Claws Wide Guard Guard Split Power Split Wonder Room Psyshock Venoshock Autotomize Rage Powder Telekinesis Magic Room Smack Down Storm Throw Flame Burst Sludge Wave Quiver Dance Heavy Slam Synchronoise Electro Ball Soak Flame Charge Coil Low Sweep Acid Spray Foul Play Simple Beam Entrainment After You Round Echoed Voice Chip Away Clear Smog Stored Power Quick Guard Ally Switch Scald Shell Smash Heal Pulse Hex Sky Drop Shift Gear Circle Throw Incinerate Quash Acrobatics Reflect Type Retaliate Final Gambit Bestow Inferno Water Pledge Fire Pledge Grass Pledge Volt Switch Struggle Bug Bulldoze Frost Breath Dragon Tail Work Up Electroweb Wild Charge Drill Run Dual Chop Heart Stamp Horn Leech Sacred Sword Razor Shell Heat Crash Leaf Tornado Steamroller Cotton Guard Night Daze Psystrike Tail Slap Hurricane Head Charge Gear Grind Searing Shot Techno Blast Relic Song Secret Sword Glaciate Bolt Strike Blue Flare Fiery Dance Freeze Shock Ice Burn Snarl Icicle Crash Fusion Flare Fusion Bolt Flying Press Mat Block Belch Rototiller Sticky Web Fell Stinger Phantom Force Trick-or-Treat Noble Roar Ion Deluge Parabolic Charge Forest's Curse Petal Blizzard Freeze-Dry Disarming Voice Parting Shot Topsy-Turvy Draining Kiss Crafty Shield Flower Shield Grassy Terrain Misty Terrain Electrify Play Rough Fairy Wind Moonblast Boomburst Fairy Lock King's Shield Play Nice Confide Water Shuriken Mystical Fire Spiky Shield Aromatic Mist Eerie Impulse Venom Drench Powder Geomancy Magnetic Flux Electric Terrain Dazzling Gleam Baby-Doll Eyes Nuzzle Infestation Power-Up Punch Oblivion Wing Land's Wrath Origin Pulse Precipice Blades Dragon Ascent Hyperspace Fury Shadow Headbutt Drain Peripheral Attack Mow Down Shadow Casting Charging Start N Charging Start F Diamond Storm Hyperspace Hole WAZA_YOBI_03 Attack Attack Weather Ball Weather Ball Weather Ball Weather Ball Dig Razor Wind Focus Punch Sky Attack Solar Beam Fly Dive Bounce Skull Bash Curse Snore Sleep Talk Bide Revenge Avalanche Sky Drop Future Sight Doom Desire Techno Blast Techno Blast Techno Blast Techno Blast Shadow Force Freeze Shock Ice Burn Phantom Force Geomancy Charging (Near) Charging (Floor) Dig Dig Hydro Pump Hyper Beam Aeroblast Sacred Fire Water Spout Eruption Outrage Roar of Time Spacial Rend Crush Grip Shadow Force Shadow Force Judgment Fusion Flare Fusion Bolt Bolt Strike Blue Flare Glaciate Ice Burn Ice Burn Freeze Shock Freeze Shock Geomancy Geomancy Oblivion Wing Land's Wrath Extra Big Spare 13 Extra Big Spare 14 Extra Big Spare 15 Extra Big Spare 16 Extra Big Spare 17 Extra Big Spare 18 Extra Big Spare 19 Extra Big Spare 20 Extra Big Spare 21 Extra Big Spare 22 Extra Big Spare 23 Extra Big Spare 24 Extra Big Spare 25 Extra Big Spare 26 Extra Big Spare 27 Extra Big Spare 28 Extra Big Spare 29 Extra Big Spare 30 Extra Big Spare 31 Extra Big Spare 32 Extra Big Spare 33 Extra Big Spare 34 is need more them to indexed all of them (also play this game too for make sure what string is...) or you will see a lot weird character (or code) on it. like adventure results window screen if you finish the dungeon ... The encoded pointer list must end on a 0. It will keep going until it hits one. So, yep, that's not padding. All those 0xC are actually offsets to pointers within the SIR0 container. http://projectpokemon.org/wiki/Pmd2_SIR0#Pointer_Offsets_List sometimes it filled by padding on sir0 used as FAT on FARC (type:5), and sometimes is have multiple set (ex: hint_database.bin). so far i found, is have filename set, data set, configuration set, other thing is depend on structure or none. Pointer table : 04 04 D2 1C 04 04 30 04 04 30 04 04 30 04 04 30 [A] header structure : 48 4E 54 00 24 29 00 00 B0 00 00 00 (sometimes [magic header] offset - count [ex attribute], or [magic header] count - offset [ex attribute] recalculated [A] must same as (offset). (how to encode that just look on wiki). bold one is an magic header. i already done with calculate pointer stuff... EDIT: after i see on EoT/EoD/EoS, 0xAA is padding, but on 3ds sir0 is used 0x0 as padding. but is not related to pointer table. always ending with 0x0 or 0x10 ... Edited December 8, 2015 by Andibad
Silverhawke Posted December 8, 2015 Posted December 8, 2015 (edited) hi guys, i extracted the contents of pokemon_graphic.bin using the SIR0 reader in this thread (may wanna put that in the first post?), and got a lot of BIN files, most of which are BCH files (with some BGRS files interspersed which i believe ties the separated animation BCH files together with the models?). i wrote a little code to infer the name of the BCH files of pokemon models: http://pastebin.com/mmdZtU9k looks like the numbers at the end indicate [form][gender difference]. starters get 0x and 1x (without/with scarf), and some has x0 and x1 for different genders (male/female) with some exceptions. put the exe in the same folder as the BINs, pipe the output to some text file so that you can see what gets renamed to what. i hope this can be used somehow! Examples (Archen is the first portrait in the list for some reasons..): when looking at the file names i realized that it's because Archen is "aaken" in japanese. since GTI lacks Ekans (aabo) and Arbok (aabokku), Archen gets to be first =p Edited December 8, 2015 by Silverhawke
Andibad Posted December 8, 2015 Posted December 8, 2015 hi guys, i extracted the contents of pokemon_graphic.bin using the SIR0 reader in this thread (may wanna put that in the first post?), and got a lot of BIN files, most of which are BCH files (with some BGRS files interspersed which i believe ties the separated animation BCH files together with the models?). i wrote a little code to infer the name of the BCH files of pokemon models: http://pastebin.com/mmdZtU9klooks like the numbers at the end indicate [form][gender difference]. starters get 0x and 1x (without/with scarf), and some has x0 and x1 for different genders (male/female) with some exceptions. put the exe in the same folder as the BINs, pipe the output to some text file so that you can see what gets renamed to what. i hope this can be used somehow! filename of model are stored on pokemon_graphics_database.bin with header container 0x4 0x4 0x4c [filename_offset][?] [file_identification] and pokemon_motion_database.bin with header 0xc 0x4 0x4 0x4 [file_identification] ? ? ?. sir0 with own magicheader, [magic_header][offset][file_count] and must read pointer table to read them.
Silverhawke Posted December 8, 2015 Posted December 8, 2015 filename of model are stored on pokemon_graphics_database.bin with header container 0x4 0x4 0x4c [filename_offset][?] [file_identification] and pokemon_motion_database.bin with header 0xc 0x4 0x4 0x4 [file_identification] ? ? ?. sir0 with own magicheader, [magic_header][offset][file_count] and must read pointer table to read them. I'm a bit confused. How does the offsets in these three files tie together? Is there already a tool to do this?
psy_commando Posted December 8, 2015 Author Posted December 8, 2015 So, I was able to rip my own cartridge of the game today, and I ran winmerge with the japanese rom and mine on the content, and then on the script. Here are the reports : Full content compare: https://dl.dropboxusercontent.com/u/13343993/my_pmd_research_files/PSMD/PSMD_us_ja_romfs_compare_report.html Decompiled scripts compare: https://dl.dropboxusercontent.com/u/13343993/my_pmd_research_files/PSMD/PSMD_us_ja_script_compare_report.html Its interesting that more than expected changed! Especially the scripts. I'm going to work on investigating the scripts and actor and placement data for now I think. hi guys, i extracted the contents of pokemon_graphic.bin using the SIR0 reader in this thread (may wanna put that in the first post?), and got a lot of BIN files, most of which are BCH files (with some BGRS files interspersed which i believe ties the separated animation BCH files together with the models?). i wrote a little code to infer the name of the BCH files of pokemon models: http://pastebin.com/mmdZtU9k looks like the numbers at the end indicate [form][gender difference]. starters get 0x and 1x (without/with scarf), and some has x0 and x1 for different genders (male/female) with some exceptions. put the exe in the same folder as the BINs, pipe the output to some text file so that you can see what gets renamed to what. i hope this can be used somehow! when looking at the file names i realized that it's because Archen is "aaken" in japanese. since GTI lacks Ekans (aabo) and Arbok (aabokku), Archen gets to be first =p Which SIR0 reader ? There are 3 of them I think ^^; Also, I'll only add something to the first post if the author ask me to. And I don't think anyone seems to really know what BGRS files are for. At least it seems like that. How can you tell they're for animations ? And that seems to make sense. I guess that's possible its because the files were in alphabetical order i was think is just an id for script for get an string or icon (type,item,etc). so is have weird unicode on it, so i advice just look it on hex on sir0 content (not converted text one, it might not correct to convert them). example : \x65533{0} is for call move string list with single value. http://pastebin.com/Pp2DbNFE Pound Karate Chop Double Slap Comet Punch Mega Punch Pay Day Fire Punch Ice Punch Thunder Punch Scratch Vice Grip Guillotine Razor Wind Swords Dance Cut Gust Wing Attack Whirlwind Fly Bind Slam Vine Whip Stomp Double Kick Mega Kick Jump Kick Rolling Kick Sand Attack Headbutt Horn Attack Fury Attack Horn Drill Tackle Body Slam Wrap Take Down Thrash Double-Edge Tail Whip Poison Sting Twineedle Pin Missile Leer Bite Growl Roar Sing Supersonic Sonic Boom Disable Acid Ember Flamethrower Mist Water Gun Hydro Pump Surf Ice Beam Blizzard Psybeam Bubble Beam Aurora Beam Hyper Beam Peck Drill Peck Submission Low Kick Counter Seismic Toss Strength Absorb Mega Drain Leech Seed Growth Razor Leaf Solar Beam Poison Powder Stun Spore Sleep Powder Petal Dance String Shot Dragon Rage Fire Spin Thunder Shock Thunderbolt Thunder Wave Thunder Rock Throw Earthquake Fissure Dig Toxic Confusion Psychic Hypnosis Meditate Agility Quick Attack Rage Teleport Night Shade Mimic Screech Double Team Recover Harden Minimize Smokescreen Confuse Ray Withdraw Defense Curl Barrier Light Screen Haze Reflect Focus Energy Bide Metronome Mirror Move Self-Destruct Egg Bomb Lick Smog Sludge Bone Club Fire Blast Waterfall Clamp Swift Skull Bash Spike Cannon Constrict Amnesia Kinesis Soft-Boiled High Jump Kick Glare Dream Eater Poison Gas Barrage Leech Life Lovely Kiss Sky Attack Transform Bubble Dizzy Punch Spore Flash Psywave Splash Acid Armor Crabhammer Explosion Fury Swipes Bonemerang Rest Rock Slide Hyper Fang Sharpen Conversion Tri Attack Super Fang Slash Substitute Struggle Sketch Triple Kick Thief Spider Web Mind Reader Nightmare Flame Wheel Snore Curse Flail Conversion 2 Aeroblast Cotton Spore Reversal Spite Powder Snow Protect Mach Punch Scary Face Feint Attack Sweet Kiss Belly Drum Sludge Bomb Mud-Slap Octazooka Spikes Zap Cannon Foresight Destiny Bond Perish Song Icy Wind Detect Bone Rush Lock-On Outrage Sandstorm Giga Drain Endure Charm Rollout False Swipe Swagger Milk Drink Spark Fury Cutter Steel Wing Mean Look Attract Sleep Talk Heal Bell Return Present Frustration Safeguard Pain Split Sacred Fire Magnitude Dynamic Punch Megahorn Dragon Breath Baton Pass Encore Pursuit Rapid Spin Sweet Scent Iron Tail Metal Claw Vital Throw Morning Sun Synthesis Moonlight Hidden Power Cross Chop Twister Rain Dance Sunny Day Crunch Mirror Coat Psych Up Extreme Speed Ancient Power Shadow Ball Future Sight Rock Smash Whirlpool Beat Up Fake Out Uproar Stockpile Spit Up Swallow Heat Wave Hail Torment Flatter Will-O-Wisp Memento Facade Focus Punch Smelling Salts Follow Me Nature Power Charge Taunt Helping Hand Trick Role Play Wish Assist Ingrain Superpower Magic Coat Recycle Revenge Brick Break Yawn Knock Off Endeavor Eruption Skill Swap Imprison Refresh Grudge Snatch Secret Power Dive Arm Thrust Camouflage Tail Glow Luster Purge Mist Ball Feather Dance Teeter Dance Blaze Kick Mud Sport Ice Ball Needle Arm Slack Off Hyper Voice Poison Fang Crush Claw Blast Burn Hydro Cannon Meteor Mash Astonish Weather Ball Aromatherapy Fake Tears Air Cutter Overheat Odor Sleuth Rock Tomb Silver Wind Metal Sound Grass Whistle Tickle Cosmic Power Water Spout Signal Beam Shadow Punch Extrasensory Sky Uppercut Sand Tomb Sheer Cold Muddy Water Bullet Seed Aerial Ace Icicle Spear Iron Defense Block Howl Dragon Claw Frenzy Plant Bulk Up Bounce Mud Shot Poison Tail Covet Volt Tackle Magical Leaf Water Sport Calm Mind Leaf Blade Dragon Dance Rock Blast Shock Wave Water Pulse Doom Desire Psycho Boost Roost Gravity Miracle Eye Wake-Up Slap Hammer Arm Gyro Ball Healing Wish Brine Natural Gift Feint Pluck Tailwind Acupressure Metal Burst U-turn Close Combat Payback Assurance Embargo Fling Psycho Shift Trump Card Heal Block Wring Out Power Trick Gastro Acid Lucky Chant Me First Copycat Power Swap Guard Swap Punishment Last Resort Worry Seed Sucker Punch Toxic Spikes Heart Swap Aqua Ring Magnet Rise Flare Blitz Force Palm Aura Sphere Rock Polish Poison Jab Dark Pulse Night Slash Aqua Tail Seed Bomb Air Slash X-Scissor Bug Buzz Dragon Pulse Dragon Rush Power Gem Drain Punch Vacuum Wave Focus Blast Energy Ball Brave Bird Earth Power Switcheroo Giga Impact Nasty Plot Bullet Punch Avalanche Ice Shard Shadow Claw Thunder Fang Ice Fang Fire Fang Shadow Sneak Mud Bomb Psycho Cut Zen Headbutt Mirror Shot Flash Cannon Rock Climb Defog Trick Room Draco Meteor Discharge Lava Plume Leaf Storm Power Whip Rock Wrecker Cross Poison Gunk Shot Iron Head Magnet Bomb Stone Edge Captivate Stealth Rock Grass Knot Chatter Judgment Bug Bite Charge Beam Wood Hammer Aqua Jet Attack Order Defend Order Heal Order Head Smash Double Hit Roar of Time Spacial Rend Lunar Dance Crush Grip Magma Storm Dark Void Seed Flare Ominous Wind Shadow Force Hone Claws Wide Guard Guard Split Power Split Wonder Room Psyshock Venoshock Autotomize Rage Powder Telekinesis Magic Room Smack Down Storm Throw Flame Burst Sludge Wave Quiver Dance Heavy Slam Synchronoise Electro Ball Soak Flame Charge Coil Low Sweep Acid Spray Foul Play Simple Beam Entrainment After You Round Echoed Voice Chip Away Clear Smog Stored Power Quick Guard Ally Switch Scald Shell Smash Heal Pulse Hex Sky Drop Shift Gear Circle Throw Incinerate Quash Acrobatics Reflect Type Retaliate Final Gambit Bestow Inferno Water Pledge Fire Pledge Grass Pledge Volt Switch Struggle Bug Bulldoze Frost Breath Dragon Tail Work Up Electroweb Wild Charge Drill Run Dual Chop Heart Stamp Horn Leech Sacred Sword Razor Shell Heat Crash Leaf Tornado Steamroller Cotton Guard Night Daze Psystrike Tail Slap Hurricane Head Charge Gear Grind Searing Shot Techno Blast Relic Song Secret Sword Glaciate Bolt Strike Blue Flare Fiery Dance Freeze Shock Ice Burn Snarl Icicle Crash Fusion Flare Fusion Bolt Flying Press Mat Block Belch Rototiller Sticky Web Fell Stinger Phantom Force Trick-or-Treat Noble Roar Ion Deluge Parabolic Charge Forest's Curse Petal Blizzard Freeze-Dry Disarming Voice Parting Shot Topsy-Turvy Draining Kiss Crafty Shield Flower Shield Grassy Terrain Misty Terrain Electrify Play Rough Fairy Wind Moonblast Boomburst Fairy Lock King's Shield Play Nice Confide Water Shuriken Mystical Fire Spiky Shield Aromatic Mist Eerie Impulse Venom Drench Powder Geomancy Magnetic Flux Electric Terrain Dazzling Gleam Baby-Doll Eyes Nuzzle Infestation Power-Up Punch Oblivion Wing Land's Wrath Origin Pulse Precipice Blades Dragon Ascent Hyperspace Fury Shadow Headbutt Drain Peripheral Attack Mow Down Shadow Casting Charging Start N Charging Start F Diamond Storm Hyperspace Hole WAZA_YOBI_03 Attack Attack Weather Ball Weather Ball Weather Ball Weather Ball Dig Razor Wind Focus Punch Sky Attack Solar Beam Fly Dive Bounce Skull Bash Curse Snore Sleep Talk Bide Revenge Avalanche Sky Drop Future Sight Doom Desire Techno Blast Techno Blast Techno Blast Techno Blast Shadow Force Freeze Shock Ice Burn Phantom Force Geomancy Charging (Near) Charging (Floor) Dig Dig Hydro Pump Hyper Beam Aeroblast Sacred Fire Water Spout Eruption Outrage Roar of Time Spacial Rend Crush Grip Shadow Force Shadow Force Judgment Fusion Flare Fusion Bolt Bolt Strike Blue Flare Glaciate Ice Burn Ice Burn Freeze Shock Freeze Shock Geomancy Geomancy Oblivion Wing Land's Wrath Extra Big Spare 13 Extra Big Spare 14 Extra Big Spare 15 Extra Big Spare 16 Extra Big Spare 17 Extra Big Spare 18 Extra Big Spare 19 Extra Big Spare 20 Extra Big Spare 21 Extra Big Spare 22 Extra Big Spare 23 Extra Big Spare 24 Extra Big Spare 25 Extra Big Spare 26 Extra Big Spare 27 Extra Big Spare 28 Extra Big Spare 29 Extra Big Spare 30 Extra Big Spare 31 Extra Big Spare 32 Extra Big Spare 33 Extra Big Spare 34 is need more them to indexed all of them (also play this game too for make sure what string is...) or you will see a lot weird character (or code) on it. like adventure results window screen if you finish the dungeon ... I'm not really sure what you're trying to say here And the image is too small to see anything. EDIT: after i see on EoT/EoD/EoS, 0xAA is padding, but on 3ds sir0 is used 0x0 as padding. but is not related to pointer table. always ending with 0x0 or 0x10 ... Yeah, the padding bytes change from game to game. But I'm not sure what that has to do with this?
evandixon Posted December 9, 2015 Posted December 9, 2015 Its interesting that more than expected changed! Especially the scripts. I'd imagine that the parts of the scripts that changed are references to text items, the IDs of which are most likely generated when the scripts are compiled. I think that because the placement data looks like it's the same, and there's only so much the scripts can do alone.
Silverhawke Posted December 9, 2015 Posted December 9, 2015 (edited) Which SIR0 reader ? There are 3 of them I think ^^;Also, I'll only add something to the first post if the author ask me to. And I don't think anyone seems to really know what BGRS files are for. At least it seems like that. How can you tell they're for animations ? And that seems to make sense. I guess that's possible its because the files were in alphabetical order ah, I have one which I think was provided by Andibad, i better look through the thread again. that is only a guess though, since the BGRS files has plaintext in them that seems to refer to name of animations each model has. it also has the names of vertex points in the model (you can see this if you open the BCH file using Ohana3DS, exporting as SMD and opening it up in Blender) then again my filenames are guesses for Andibad's adventure result screen, here's one result screen to help with understanding what the markers mean. a lot of those are formatting markers, apparently. just a quick look at the text files outputted by the SIR0 reader (in UTF-8 encoding) and i noticed that it uses 0x0A for new line within the dialogue box, 0xED 0x84 0x80 0x20 (aka 턀) for player's name, \x60160 for a pause mid-dialogue (y'know where you gotta press A and the text goes on again on the same dialogue), and 0xEC 0x88 0x80 (aka 숀) for centering formatting. sorry if this is already known before >< EDIT: updated program to rename files in pokemon_graphic.bin since i dunno how the database bin and the actual data ties together. now it renames all files! https://dl.dropboxusercontent.com/u/40407085/Stuff/binbchren_2.zip Edited December 9, 2015 by Silverhawke
psy_commando Posted December 9, 2015 Author Posted December 9, 2015 I'd imagine that the parts of the scripts that changed are references to text items, the IDs of which are most likely generated when the scripts are compiled. I think that because the placement data looks like it's the same, and there's only so much the scripts can do alone. Well, it seems only a part of the decompiled scripts differs. And it would kinda defeat the purpose of using IDs if you'd need to change them with a different language. That's why I changed my mind on them being hashes a while ago. After looking at the changed scripts, its just some things like using a localized sprite instead of another, and function name changes. All the strings IDs stayed the same. Also, I'm making some progress messing with the game's internals. I got this messing with actors data : [ATTACH=CONFIG]12796[/ATTACH] ( I'm so predictable ) It seems changing starters isn't as easy as it was in GTI though. But I got a good lead. Its just really annoying to have to rebuild the entire rom and copy it each times you change 3 tiny files.. Hopefully hans gets updated one day to work like game patches.. @Silverhawke: Those animation names seems to match those in the scripts. And those special utf characters are interesting. In previous games, the codes for doing that were between square brackets. Its strange to see they've changed their approach And yet they're still using SIR0, ever since Red Rescue Team..
Andibad Posted December 9, 2015 Posted December 9, 2015 And those special utf characters are interesting. In previous games, the codes for doing that were between square brackets. Its strange to see they've changed their approach And yet they're still using SIR0, ever since Red Rescue Team.. unique code id is have 1 byte long, other byte is used as attribute. like Font Color started 0xC101 - 0xC10E, 0xC10F as close tag. text alignment like center (C200) per line (until 0x10 code inserted), icon replacement id (A1xx), linked page (CA00), menus, paragraph, and etc. some code is need more attribute on it like call an value like pokemon id, etc. and also in SMD still used square brackets code lol
PokemonWorldMaster1 Posted December 9, 2015 Posted December 9, 2015 could you please show a tutorial of how you changed your starter?
psy_commando Posted December 9, 2015 Author Posted December 9, 2015 could you please show a tutorial of how you changed your starter? Well, its not ready yet. That image looks good, but, the game is stuck in an infinite loop past that point.. The personality test keeps popping back, which is the game's way of crashing. It did something similar in GTI. I just have to find out what's going on.. It might have something to do with reloading the models, or maybe something else entirely.. unique code id is have 1 byte long, other byte is used as attribute. like Font Color started 0xC101 - 0xC10E, 0xC10F as close tag. text alignment like center (C200) per line (until 0x10 code inserted), icon replacement id (A1xx), linked page (CA00), menus, paragraph, and etc. some code is need more attribute on it like call an value like pokemon id, etc. and also in SMD still used square brackets code lol Good to know ! And sorry for not understanding what you meant earlier ^^;
PokemonWorldMaster1 Posted December 10, 2015 Posted December 10, 2015 Well, its not ready yet. That image looks good, but, the game is stuck in an infinite loop past that point.. The personality test keeps popping back, which is the game's way of crashing. It did something similar in GTI. I just have to find out what's going on.. It might have something to do with reloading the models, or maybe something else entirely.. Good to know ! And sorry for not understanding what you meant earlier ^^; Thank you for responding, I really appreciate it. But would it be possible to change your species once your already in the game? Like changing some bits of code in the save file?
psy_commando Posted December 10, 2015 Author Posted December 10, 2015 (edited) I was able to find the correct fork of ctrtool to decompress the exefs's code.bin in PSMD ! And I ran strings on it. And its like christmas morning! https://dl.dropboxusercontent.com/u/13343993/my_pmd_research_files/PSMD/PSMD_codebin_strings.txt So much info in there ! Its like they left debug symbols ! I can see they're using the boost c++ libs, and also that jenkins is a very sloppy employe I wonder how I can get radare2 to properly use those.. Any arm binary experts around here ? There's also a lot of lua code inside strings literals Thank you for responding, I really appreciate it. But would it be possible to change your species once your already in the game? Like changing some bits of code in the save file? Possibly with a mod. But for save game stuff, you'll have to ask evandixon. EDIT: Turns out, jenkins might just be an automated build server software : https://wiki.jenkins-ci.org/display/JENKINS/Meet+Jenkins Edited December 24, 2015 by psy_commando
evandixon Posted December 10, 2015 Posted December 10, 2015 But for save game stuff, you'll have to ask evandixon. Yeah, it's going to be a while before even money is editable with saves. Maybe once Gateway releases their in game cheat maker, we'll have cheats. But that save file is not straightforward.
psy_commando Posted December 11, 2015 Author Posted December 11, 2015 (edited) I managed to change the starter correctly this time ! [ATTACH=CONFIG]12797[/ATTACH] [ATTACH=CONFIG]12798[/ATTACH] [ATTACH=CONFIG]12799[/ATTACH] [ATTACH=CONFIG]12800[/ATTACH] The move set is all wrong though.. And I'm not sure where the game gets the movesets it give each pokes.. [ATTACH=CONFIG]12802[/ATTACH] And because of the really stupid way they're handling cutscenes, we may need a new cutscene actor for each new starters. Or maybe we can just re-use the same actor for any new starters.. We'll see.. EDIT: Spotted some more weirdness: [ATTACH=CONFIG]12803[/ATTACH] The ability was also set to something else than it should be. It seems like the level-up move list is working as expected though. Edited December 12, 2015 by psy_commando
SirLoin4 Posted December 11, 2015 Posted December 11, 2015 If no one minds my asking, would all of this editing happen to involve some sort of browser exploit? Or would some kind of tool be released to decrypt and modify the save file from an SD Card or PowerSaves file, assuming all of this goes that far.
evandixon Posted December 11, 2015 Posted December 11, 2015 If no one minds my asking, would all of this editing happen to involve some sort of browser exploit? Or would some kind of tool be released to decrypt and modify the save file from an SD Card or PowerSaves file, assuming all of this goes that far. This is research about editing the ROM, so no save editing for now. Once we've solidified things some more, you'll need a Gateway, CFW, or Homebrew (with Hans) to edit the ROM. If you have access to the browser exploit, you can install cfw and homebrew.
psy_commando Posted December 11, 2015 Author Posted December 11, 2015 This is research about editing the ROM, so no save editing for now. Once we've solidified things some more, you'll need a Gateway, CFW, or Homebrew (with Hans) to edit the ROM. If you have access to the browser exploit, you can install cfw and homebrew. You can also get ocarina of time 3d and powersave, and install oot3d hax by simply uploading a hacked save game directly into the oot3d cart using powersave. It worked flawlessly for me, with no dumb browser hax.
SirLoin4 Posted December 11, 2015 Posted December 11, 2015 You can also get ocarina of time 3d and powersave, and install oot3d hax by simply uploading a hacked save game directly into the oot3d cart using powersave. It worked flawlessly for me, with no dumb browser hax. Yes, I have access to OOT3dHAX. I suppose the only thing I can do now is wait, yes? And thanks for answering.
Andibad Posted December 13, 2015 Posted December 13, 2015 maybe this tool useful for someone for unpacking file from farc file, is still same as my first tool i share on here but with GUI. i will added source code on github later. https://dl.dropboxusercontent.com/u/3122097/unFARC_build_2.7z for temporary build for testing. for now can extract as RAW, Message Text (debug, non debug, and with code [you can add some definition on msg_code.json file, i will added it later]), potrait picture on SMD i just wondering pokemon portrait is have a text on it
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now