isleep2late Posted November 8, 2016 Share Posted November 8, 2016 (edited) Not sure if this is the right place as I don't know how much of a breakthrough this is so mods please let me know if this should be moved elsewhere. There's been multiple posts asking about how to remove the banned Pokemon restrictions on Battle Maison in X/Y/ORAS (Some people are even offering bitcoin incentives to have this figured out). I've spent pretty much the entire day working on this/trying to figure this out but for the life of me could not, so to have this day not go to waste I'd like to share some of the progress/things I found out and discovered along the way. Hopefully someone out there can pick this project up and finish working on it. So how do you remove the Battle Maison restrictions? My conclusion, after a lot of experimenting, is that you have to edit the DllBattlePartySelect.cro file. Here are my reasons: 1) After messing with that .CRO file, I rebuilt romfs using PK3DS, loaded the patch using Hans, and my game was running completely fine up until the point where the Battle Maison lady asks me to select Pokemon. The game freezes at a black screen and I'm forced to power off. 2) I messed with DllBattlePartySelect.cro by reading it through a Hex editor. Call me crazy, call this a conspiracy theory, but there are 31 instances of the Hex-value sequence "FE FF EB" in that file, and there are exactly 31 Pokemon banned in Battle Maison. Now I know it's been said before that CRO files can't be edited, and if they do then the game just crashes, but after some research I came across this thread and heard people saying that CRO editing works with Luma3DS (I use Gateway3DS for launching Hans using homebrew). So I spent time setting up Luma and between the CRO resigner and Luma I couldn't get anything to work lol. After patching static.crr with cro_tool.exe the game wouldn't boot so I used the old static.crr, and patching the romfs into a .cia file for Luma3DS didn't work either... So in short, editing DllBattlePartySelect.cro by modifying the 31 iterations of the "FE FF EB" hex values is my best guess at figuring out how to remove Battle Maison restriction (I am using Alpha Sapphire, sorry if that becomes relevant). The million-dollar question is figuring out how to edit CRO files using a Hex Editor without having the game crash. Maybe Kaphotics or SciresM would know how to do this. I know there are some CRO editing capabilities that Pk3DS has, but still no way to edit that golden DllBattlePartySelect.cro file. Edit 9/24: Solved for ORAS. Still need to find the garc location for X/Y (if anyone really cares). As well as for SuMo's Battle Tree. 80% sure this will be the same for Ultra Sun and Moon, but it would be naive for me to say that about a game that hasn't even been released yet. EDIT 9/25: Confirmed working for Sun and Moon. tl;dr: GARC location for ORAS is a/1/7/0, for SuMo it is a/1/3/7. Replace the bytes quoted by Kaphotics with 0's and you're good to go! EDIT 9/26: You can now remove Soul Dew clause in Gen 6 games, rendering the banlist completely lifted! The only type of Pokemon to still be banned in Battle Maison is one whose total EVs exceed 510 (this is allowed in SM, don't ask). (REDACTED BUT EVENTUALLY SOLVED IN 2020) EDIT 6/29/2020: garc location for X/Y found (??), Soul Dew and 510 EV limit removed in ORAS (X/Y/gen 6?). You can also apparently enter more Pokemon than normally allowed (such as 4 Pokemon in a Singles 3v3). [510 EV Limit bypass not reached... sorry my mistake) Edited June 30, 2020 by isleep2late Successfully lifted Soul Dew ban in ORAS 1 1 Link to comment Share on other sites More sharing options...
ABZB Posted August 30, 2017 Share Posted August 30, 2017 In Moon, BattleRoyalResult.cro has 39 such entries of FE FF EB, which *could* be the 38 forbidden pokemon + the egg, but the Maison forbids 32 Pokemon, 31 + egg, so something does not match up. Link to comment Share on other sites More sharing options...
isleep2late Posted September 3, 2017 Author Share Posted September 3, 2017 Well just today I spent several hours (the whole day pretty much) revisiting this little research project. My fear is that it would be in a .CRO file, because those are obviously harder to edit and have the ROM properly function. So I went through every GARC file in the a folder, basically deleting each of them and building a new rom with a different single garc file missing every time (Citra 3DS was a godsend in allowing this to happen without a 3DS). The reason for this madness was that, IF the banlist was in a garc, I could discover this garc if one of these temporary "test dummy" roms faced a fatal error upon selecting a team of Pokemon during Battle Maison. This might have been how the narc in BW2 Battle Subway was discovered, as I tested deleting a\1\0\6 in Black 2 (thanks to this thread) and running the game. When that happened, the game would freeze at some point talking to the subway worker, so I figured the same thing should happen when talking to the maison employee when the proper garc was deleted. Here are my results: the file in BW2 is roughly 8 kb in size, so I would expect the file, if it were to exist, to at least be 9 kb or anywhere from 10 kb to 20+ kb, but it wasn't out of the question that it could be less than 8. Therefore, I tried to be selective in my decision process as to which garcs to delete. I obviously didn't go through all of them, as this pastebin has 90% of the work cut out, and so anything that was clearly described to be unrelated to Battle Maison I skipped. I believe I had an "aha!" moment at a\1\0\1 but then I realized I reached the fatal error when opening up my party through regular means, meaning that wasn't it. And then at a\2\2\6 I discovered the SAME type of error that was reproduced in BW2 Subway, which made me believe this was truly the garc, since it fit all the criteria being a) not mentioned in the pastebin and b) about 20 kb in size.... So I tried dissecting the unpacked GARC. I can go more into detail with what I did, but suffice it to say at least some of the data involves the UI of the party selection (ironic... because as I'm typing this, that is what I thought DllBattlePartySelect.cro was for, which was the original reason why I moved away from the CRO theory). And so because this garc deals more with the actual interface and design of the Maison party selection screen, I am 95% confident that this was a red herring (Although any one reading this is more than welcome to prove me wrong if you can analyze that GARC a little further). Finally, I decided to give up, and I am back to square one. I guess I should share my garc findings with everyone publicly, so I'll attach the word document I made containing some of the notes I've made on all the garcs (please don't expect something big from these notes... they're very disorganized and anticlimactic lol). There are probably still some garcs left unfinished, so if anyone wants to try this at home... hopefully this document will save you a bit of time. As for what ABZB has discovered, I would say that is a very curious and suspicious finding... I am very reluctant about the FE FF EB thing as well. Now I'm starting to think it was a huge coincidence and that I really should've kept my mouth shut about those hex values or I look like an idiot lol. I've tried many different things, from changing FE FF FB to FE 00 FB or to 00 00 00 and using cro tools and/or doing it without cro tools... I'm not an experienced computer programmer nor do I have very much experience with HEX editing or any of these sort of things (though I have learned quite a bit from this venture). But hopefully everything I have just said and laid out for you guys is something that, for the next person who wants to attempt to remove Battle Maison/BattleRoyal/BattleTree (or whatever SuMo equivalent) banlist restrictions, will bring you one step closer. tl;dr: The banlist might possibly be in a\2\2\6 if it is a GARC but is more than likely still in the DllBattlePartySelect.cro file after ABZB's response, even though I thought that was no longer the case. If the latter is true, then it will be a huge pain in the neck, and may or may not have anything to do with the sequence "FE FF EB". Either way, I no longer have the time to work on this (at least not for the next couple weeks before my exam ) documentation for battle maison readme.docx Link to comment Share on other sites More sharing options...
ABZB Posted September 10, 2017 Share Posted September 10, 2017 After some thought: If the "FE FF FB" is how the banlist is implemented, either a) there must be somewhere a list of index numbers that matches up somehow to those "FE FF FB" or b) There is a series of fixed length blocks, with "FE FF FB" indicating a ban and some other values in that offset (per block) indicating permitted. First, I'm going to do the math and see if the offsets between the "FE FF FB" make sense for case b. If they do, I'll see if there is a consistent value for that offset in the other blocks and go from there (for example, I'd expect to see two consecutive instances early on (Mewtwo & Mew), with the next instance coming at (mew location - mewto location)*0x98+mew location (Lugia)). If that test fails, I will then write and try the following two programs: 1a) Search through every file, starting with our suspects, looking for any string that shows up in that file at n*X, where n is a positive integer and X is a 1x38 matrix whose values are the index numbers of the banned pokemon (in case the egg is not banned in the same way/location as the rest). 1b) same as 1a, but convert the hex to binary and look for a string of binary digits with the desired property (in this case, looking for one of the two the binary numbers 802 bits long, either the one which is 1 for the banned indices and 0 everywhere else, or vice versa. 2) Parse through all the files (starting with our suspects) looking first for instances of the index numbers of the banned pokemon (write them to a text file along with their offsets, see if there are any likely-looking clusters (as in case a)). Also, as an aside, I know that the SM shop.cro file is editable by pk3ds, and works with Luma drag&drop, so there is presumably some working method, at least as of the date that Dio Vento released his SM mod. Link to comment Share on other sites More sharing options...
isleep2late Posted September 14, 2017 Author Share Posted September 14, 2017 (edited) Hmm, I'm not sure if this gets us anywhere, but I was able to successfully edit DllBattlePartySelect.cro and have the game run without the game crashing. The bad news is I got rid of a segment containing "FE FF EB" without any significant changes to the game, which makes me think this is not the likely culprit. Here's what I did... 1) I replaced offsets 000005D0x08 through 000005E0x07 with all 0's 2) Copied and pasted the cro_tool.exe file in the romfs folder, copied and pasted static.crr from the .crr folder to the romfs folder, then clicked and dragged this file onto cro_tool.exe, which supposedly is the way you're supposed to use cro_tools (it helps to have two separate File Explorers of the same romfs folder side by side). By the way, not doing this step will cause the game to not load, which is the original problem with CRO files. 3) Built the rom, then proceeded to test each and every pokemon that is banned in battle maison to see if it was unbanned. Turns out... they're all still banned, lol So in conclusion, it's possible to edit "FE FF EB" successfully, but this likely won't be the solution to removing the banlist. I tested all 31 banned pokemon plus any pokemon holding Soul Dew. All were still banned, but I did not test the egg. However, there being only 31 instances of this sequence and there being 31+egg+Soul Dew doesn't really add up.... Interestingly, the sequence "10 A0 E3" appears 66 times, and that is about how many different banned pokemon there are if you include their forms (ie. Mewtwo, Mewtwo X, Mewtwo Y, Arceus-Bug, Arceus-Ghost, etc etc). But this is again grasping at straws. The good news is that it IS possible to edit this CRO file while successfully getting the game to work. But replacing a large amount of the code with 0's will not work.... so the question is what did I actually affect when I performed Step 1 and how much of that can I do before the game decides to crash. Still, I am interested in your findings @ABZB so keep us posted! As an aside to you btw, are there any iterations of "10 A0 E3" in the SuMo CRO? I'm starting to think that since the data in the game when looking at the Pokemon data in whatever GARC it's in has separate Pokemon identifications for different forms, so is the case for the banlist. (ie. the game distinctly recognizes Mewtwo X as a different "species" than Mewtwo in its code. That's how pk3DS works and that's also how PKHeX works when looking at the source code, and that is also how the ROM data works when unpacking the garc file. PS: If my "10 A0 E3" theory is correct, and I did somehow make a change in Step 1 ("10 A0 E3" is within those offsets), then I would expect that one of the alternate Pokemon forms was unbanned. But I don't have the patience to go through every banned Pokemon form. Not tonight at least lol. Anyone else feel free to test it out. I'll leave this alone for now so it'll give me something to work on over the weekend. If this is the case, then the "FE FF EB" theory is not dead afterall, since it could very well correlate to Pokedex # (which is not the same as Pokemon species if you count megas/primordials as separate). *Edited* Formatting. Also wanted to say that I am now 99% positive that DllBattlePartySelect.cro is the file that contains the banned Pokemon. This is because if you look at my previous post on this thread, the garc file that I thought was the culprit turned out to change the appearance/User Interface of the "Battle Party Select" part of the game. When messing with the garc and messing with the cro I get the same issue of crashing at the same spot, but the garc I now know is responsible for the UI, so the cro has to be dealing with the content of that segment of the game (i.e. determining the legality of a Pokemon). It also fits intuitively with what the other CRO files do (picking out a starter pokemon, etc). And finally, I just want to say that once this is figured out for ORAS, it should not be at all different from SuMo, which I am also most certainly interested in removing the banlist for as well. Baby steps, but we are definitely getting somewhere now.... It's only a matter of time Edited September 14, 2017 by isleep2late 1 Link to comment Share on other sites More sharing options...
Kaphotics Posted September 15, 2017 Share Posted September 15, 2017 Remember this? Have you tried editing it? In the exefs is a 38 count list of species IDs: .data.r:0059E870 word_59E870 DCW 150, 151, 249, 250, 251, 382, 383, 384, 385, 386, 483 .data.r:0059E870 DCW 484, 487, 489, 490, 491, 492, 493, 494, 643, 644, 646 .data.r:0059E870 DCW 647, 648, 649, 716, 717, 718, 719, 720, 721, 789, 790 .data.r:0059E870 DCW 791, 792, 800, 801, 802 It's called by PokeRegulation::CheckLegend, which looks like this: signed int __fastcall PokeRegulation::CheckLegend(PokeRegulation *this, int a2, unsigned __int8 a3) { signed int v3; // r1@2 __int16 *v4; // r2@5 PokeRegulation *v5; // r12@5 bool v6; // zf@5 if ( this != 670 ) // floette { v3 = 0; while ( 1 ) // iterate until list is finished { v4 = &word_59E870[v3]; // legend list v5 = *v4; v6 = v5 == this; if ( v5 != this ) v6 = v4[1] == this; if ( v6 ) // ???? dunno, possibly an external banlist having a bitflag set break; // returns true v3 += 2; // each species is 2 bytes (ushort) if ( v3 >= 38 ) // last entry exhausted return 0; // false } return 1; // true } if ( a2 == 5 ) // AZ Floette return 1; // true return 0; // false } That's probably the function it calls; simplest way for the game to check is to just check all species through a list rather than bitflags, which would be reserved for dynamic banlists (ie rulesets in the save file, in which the goal is to minimize the space used rather than speed). Link to comment Share on other sites More sharing options...
ABZB Posted September 18, 2017 Share Posted September 18, 2017 (edited) Oooh that might be exactly what we're looking for. The program I was going to scribble was to look for data looking exactly like that... Plan to test after work. EDIT: Had some time: Looking through the ExrearedExeFS\code.bin, found that string at 49E87 through 49E8BB. replaced every value with Bulbasaur (01 00). Will test later. Edited September 18, 2017 by ABZB Link to comment Share on other sites More sharing options...
isleep2late Posted September 19, 2017 Author Share Posted September 19, 2017 Hmm.. Unfortunately this doesn't seem to work. I've tried editing both the entire exefs.bin as well as the code.bin, replaced those respective bytes you mentioned with all 0's (rather than 01 00), and it didn't change anything. In fact, the proof that it didn't change anything lies in the fact that when looking at the banned pokemon which in Sun and Moon is made explicit in a display list, all the Pokemon that are banned are still listed and it continues to recognize those marked as legendary as banned. I did put a lot of thought into the idea that there could be a list of banned pokemon that you simply have to edit, but it looks like even though there is a recognized list of legendary pokemon, this is not what the game references when they identify banned pokemon. The good news, for me at least, is that I finally know how the files identify pokemon lol. I always knew Mewtwo and Mew were "96" and "97", but I just didn't know how the game recognized 3-digit hex index numbers based on this incredibly useful resource. Turns out the first number is made to be the second byte, so that Guzzlord's "31F" becomes under a hex editor (such as HxD) "1F 03" (this isn't banned, just being used for demonstration purposes). Now it's just a matter of figuring out which file (is it still in CRO? Is exefs off the table now?) contains these identifiers. It's not necessarily going to be all nicely adjacent to each other like in exefs.bin/code.bin Link to comment Share on other sites More sharing options...
ABZB Posted September 24, 2017 Share Posted September 24, 2017 Corroboration. I think the next step is me writing a program which looks through every file for every instance of each of the legendary's numbers, spit back a list of the ones that have occurrences of all of them, then narrow down from there. 1 Link to comment Share on other sites More sharing options...
Kaphotics Posted September 24, 2017 Share Posted September 24, 2017 I looked deeper into regulation and I found something interesting: https://pastebin.com/5FwTiami We know that the player has to select a team, and the game has to know if that pkm is allowed or not. I assume if the sublegends/legends list wasn't directly used, then it'd be the bitflag alternative. Since we know the legends are the only ones banned, and only species are banned... (using PKHeX's legends list and c#): bool[] value = (new bool[808]).Select((z, i) => Legal.Legends.Contains(i)).ToArray(); byte[] data = new byte[value.Length>>3]; for (int i = 0; i < value.Length; i++) if (value[i]) data[i >> 3] |= (byte)(1 << (i & 7)); File.WriteAllBytes(@"D:\bans", data); This generates a 101 byte file: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 00 0E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C0 07 00 00 00 00 00 00 00 00 00 00 00 98 7E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D8 03 00 00 00 00 00 00 00 F0 03 00 00 00 00 00 00 00 E0 01 07 I searched thru the decrypted ROM and found it in multiple places. Try clearing the appropriate bitflags everywhere (or maybe just replace this chunk with 101 zeroes). Stop after F0 03 for ORAS (728 bits, 91 bytes). 1 Link to comment Share on other sites More sharing options...
isleep2late Posted September 25, 2017 Author Share Posted September 25, 2017 SUCCESS!!! Replace all 29 instances of that ^ with all 0's in the garc located at a\1\7\0 and you will be able to use your Mega Mewtwo's and Primordial Groudons to your heart's desire in Battle Maison (Ignore the "E0 01 07" for ORAS games I guess, as well as X and Y). Have not tested this yet for Sun and Moon but if it was as easy as it was for ORAS then it shouldn't be difficult. I'll bet it'll be the same for Ultra SuMo as well, if not similar. 1 1 Link to comment Share on other sites More sharing options...
isleep2late Posted September 25, 2017 Author Share Posted September 25, 2017 Can confirm this works on Sun and Moon as well (I knew it would, but just confirming that it in fact does). the garc for SuMo is located at a/1/3/7. Just replace all instances of that code once again with 0's (including the "E0 01 07" bit). If you're doing a Ctrl + F or Search and Replace, I would start off with "C0" rather than the bunch of 00 00's. There are only 14 iterations of that code, which is very very unusual because there were 29 instances in ORAS and a different amount in BW2. So I guess the moral of the story is that it's all encrypted, and there is no rhyme or reason to the "number of banned pokemon" to the number of banned code reptitions. I've made a video demonstration on my channel which I will not share in this post, but here is some additional photographic proof: Next step: Edit number of pokemon and pokemon level! lol jk... Also for what it's worth, the file size in ORAS is 33 kb whereas for SuMo it's 29 kb (and it's 8 kb in Gen 5 for comparison even though i know NDS is different). I think that's rather interesting, and sheds some light into the structure of the ways these garcs are organized. Another interesting tidbit: Neither of these banlist garc locations were figured out during the initial decryption phase of R&D. In ORAS, the garc was labeled a\1\7\0 - 53 * 604 bytes Battle Video Info Markup Template from this pastebin uploaded by Kaphotics and it was labeled a\1\3\7 - com_seasand02 02_beachslope from this GBATemp repost by BelmontSlayer. I would be interested to know if a/1/7/0 does still contain a Battle Video Template, because I wasn't sure if each garc did only one specific thing or if they could do multiple things. But anyway, thank you so much Kaphotics for your help and ABZB for all your contributions! I know a lot of people have been asking about this and I'm glad the community can finally put this issue to rest. BTW, I still don't have it for X and Y and I'm not sure if anyone wants it for X/Y. I won't waste time finding the garc for XY unless someone wants me to (or you can just do it yourself ) 1 Link to comment Share on other sites More sharing options...
nickdos Posted September 25, 2017 Share Posted September 25, 2017 32 minutes ago, isleep2late said: Can confirm this works on Sun and Moon as well (I knew it would, but just confirming that it in fact does). the garc for SuMo is located at a/1/3/7. Just replace all instances of that code once again with 0's (including the "E0 01 07" bit). If you're doing a Ctrl + F or Search and Replace, I would start off with "C0" rather than the bunch of 00 00's. There are only 14 iterations of that code, which is very very unusual because there were 29 instances in ORAS and a different amount in BW2. So I guess the moral of the story is that it's all encrypted, and there is no rhyme or reason to the "number of banned pokemon" to the number of banned code reptitions. I've made a video demonstration on my channel which I will not share in this post, but here is some additional photographic proof: Next step: Edit number of pokemon and pokemon level! lol jk... Also for what it's worth, the file size in ORAS is 33 kb whereas for SuMo it's 29 kb (and it's 8 kb in Gen 5 for comparison even though i know NDS is different). I think that's rather interesting, and sheds some light into the structure of the ways these garcs are organized. Another interesting tidbit: Neither of these banlist garc locations were figured out during the initial decryption phase of R&D. In ORAS, the garc was labeled a\1\7\0 - 53 * 604 bytes Battle Video Info Markup Template from this pastebin uploaded by Kaphotics and it was labeled a\1\3\7 - com_seasand02 02_beachslope from this GBATemp repost by BelmontSlayer. I would be interested to know if a/1/7/0 does still contain a Battle Video Template, because I wasn't sure if each garc did only one specific thing or if they could do multiple things. But anyway, thank you so much Kaphotics for your help and ABZB for all your contributions! I know a lot of people have been asking about this and I'm glad the community can finally put this issue to rest. BTW, I still don't have it for X and Y and I'm not sure if anyone wants it for X/Y. I won't waste time finding the garc for XY unless someone wants me to (or you can just do it yourself ) You made a mistake in your post, Sun/Moon are called SM for short Link to comment Share on other sites More sharing options...
isleep2late Posted September 26, 2017 Author Share Posted September 26, 2017 (edited) Ah my bad lol. Looks like from the projectpokemon discord there are some people who still play XY and already people working on finding the GARC for that. I also want to point out that this method does not unban Soul Dew from ORAS. Soul Dew removal is possible, and it took me quite some time to figure this out. I started by continuing the search for those bytes in the rest of the GARCs, nothing. Then I went back to a/1/7/0 and slowly hex edited every piece of data to "00 00 00..."s. My Slowbro holding a Soul Dew was still banned (lol). Then I hex edited some of the stuff in the beginning of that file to all 0's and finally my slowbro was unbanned. It looks like you can start at offset 00000102 and just hold 0 until you're at the end of the file, lol (it helps to click on different parts of the file while you're holding 0.... but really it's that initial list of bytes starting early up in that file that determines that soul dew is banned.) I'm guessing this can be explained by the fact that that list of hex values are items? Not entirely sure tbh, since according to this bulbapedia article Soul Dew's hex value is E1 but that is nowhere to be found. But then again neither are the hex values of any of the legendary pokemon, so long story short everything in the game is pretty uniquely obfuscated. BTW, idk about the very first bytes in that file but it's interesting to note that in Black and White (2), changing everything to 0 in the "banlist" narc causes the game to crash. That is not the case in Gen 6. And this process is not necessary in SM (I said it right this time haha) as Soul Dew is not banned (it got a nerf wherein it only buffs psychic and dragon type moves by 20%... lame). So that's about it! Everything I ever wanted to figure out how to do has finally been figured out. I haven't tested other clauses such as item clause or species clause (i know this does not remove item clause in SM Battle Tree). I guess that would be the next logical step, but I'm pretty content with stopping here. Some people have been asking me to make a tutorial on how to do this, which I'm not opposed to doing, but everything can already be figured out from reading the past 12 posts on this thread. As an aside, I would highly discourage anyone from doing this and playing the edited ROM on a 3DS while using the internet. I don't know for a fact that this would get you banned, I just think it makes good sense to protect yourself from that risk. Please, if you try this at home, play your ROM while your 3DS's internet switch is turned OFF! EDIT 5/25/2020: See below for my corrected statement, and the exact offsets for correctly removing the Soul Dew Clause Edited May 26, 2020 by isleep2late Link to comment Share on other sites More sharing options...
BlackShark Posted October 6, 2017 Share Posted October 6, 2017 Oh well I'm too late but these regulations seem to be similar to the downloadable PGL regulations whose structure has been documented by SciresM. If you want to know more: https://github.com/SciresM/MysteryGiftTool/blob/master/MysteryGiftTool/Regulation.cs Though the level cap seems to be coded somewhere else as well. Link to comment Share on other sites More sharing options...
walnut3072 Posted November 16, 2017 Share Posted November 16, 2017 For Ultra Sun & Ultra Moon, the bytes can be found in a/1/4/1 (30 kB). So happy that I can remove the ban-list in Ultra Moon now. Thank you all for finding a way to do this! Link to comment Share on other sites More sharing options...
deadmza Posted November 1, 2018 Share Posted November 1, 2018 So there are any news about where are the files on Pokemon XY? I'm really looking foward to unban mythicals most important Link to comment Share on other sites More sharing options...
ABZB Posted August 21, 2019 Share Posted August 21, 2019 For USUM, the banlist is: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 00 0E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C0 07 00 00 00 00 00 00 00 00 00 00 00 98 7E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D8 03 00 00 00 00 00 00 00 F0 03 00 00 00 00 00 00 00 E0 01 87 It occurs at the following offsets in a/1/4/1: 0760-07C4 1558-15BC 2350-23B4 3148-31AC 4890-48F4 4D38-4D9C 51E0-5244 5688-56EC 5B30-5B94 5FD8-603C 6480-64E4 I suppose that each instance is called by a different battle mode. Link to comment Share on other sites More sharing options...
PokeMaster99999 Posted November 14, 2019 Share Posted November 14, 2019 On 9/26/2017 at 11:42 AM, isleep2late said: It looks like you can start at offset 00000102 and just hold 0 until you're at the end of the file, lol (it helps to click on different parts of the file while you're holding 0.... but really it's that initial list of bytes starting early up in that file that determines that soul dew is banned.) So everything after 0x102 in a/1/7/0 is worthless? The file doesn't account for anything else? Link to comment Share on other sites More sharing options...
isleep2late Posted May 26, 2020 Author Share Posted May 26, 2020 On 11/14/2019 at 5:52 AM, PokeMaster99999 said: So everything after 0x102 in a/1/7/0 is worthless? The file doesn't account for anything else? I am so sorry!! I've literally been coming back slowly to Pokemon and I did revisit this project. It took me about 20 hours, but after a million attempts at hex editing and rebuilding, I FINALLY discovered the proper way to removing the Soul Dew clause: Long story short, unbanning Soul Dew is a matter of changing a few "02"'s to "00"'s at various offsets in the a/1/7/0 garc. For my own convenience I won't list the exact offsets of every bit, but here's a list of them you need to change to 00 which you can find at the specified row (just set HxD rows to 16 and you'll find the offsets): 02 @ 00005CD0 02 @ 00005A70 02 @ 000055C0 02 @ 00005360 02 @ 00005100 02 @ 000049F0 02 @ 00004790 02 @ 000042E0 02 @ 00004080 01 @ 00003E90 02 @ 00003E20 02 @ 00003970 02 @ 00003710 02 @ 000034B0 02 @ 00003250 (set HxD to 16 per row) Again, apologies that this is only being figured out in 2020 for the very few of you that care. I didn't want to make a new post but I didn't want to necro this one either. Doing what I previously told you to do will not allow you to submit any Pokemon which causes you to have a shiny bulbasaur that auto-concedes to your opponent. Hopefully this helps out anyone in the future! BTW, the only other restrictions are Species Clause (and I think Item Clause?). I haven't fooled around with those restrictions but I don't doubt that they're possible. Removing the Pokemon Banlist and Soul Dew Item Ban list is good enough for me lol Link to comment Share on other sites More sharing options...
Smile Posted May 26, 2020 Share Posted May 26, 2020 (edited) 4 hours ago, isleep2late said: I am so sorry!! I've literally been coming back slowly to Pokemon and I did revisit this project. It took me about 20 hours, but after a million attempts at hex editing and rebuilding, I FINALLY discovered the proper way to removing the Soul Dew clause: Long story short, unbanning Soul Dew is a matter of changing a few "02"'s to "00"'s at various offsets in the a/1/7/0 garc. For my own convenience I won't list the exact offsets of every bit, but here's a list of them you need to change to 00 which you can find at the specified row (just set HxD rows to 16 and you'll find the offsets): 02 @ 00005CD0 02 @ 00005A70 02 @ 000055C0 02 @ 00005360 02 @ 00005100 02 @ 000049F0 02 @ 00004790 02 @ 000042E0 02 @ 00004080 01 @ 00003E90 02 @ 00003E20 02 @ 00003970 02 @ 00003710 02 @ 000034B0 02 @ 00003250 (set HxD to 16 per row) Again, apologies that this is only being figured out in 2020 for the very few of you that care. I didn't want to make a new post but I didn't want to necro this one either. Doing what I previously told you to do will not allow you to submit any Pokemon which causes you to have a shiny bulbasaur that auto-concedes to your opponent. Hopefully this helps out anyone in the future! BTW, the only other restrictions are Species Clause (and I think Item Clause?). I haven't fooled around with those restrictions but I don't doubt that they're possible. Removing the Pokemon Banlist and Soul Dew Item Ban list is good enough for me lol After editing, I found that super double battle and super triple battle were still forbidden, so I changed 3BC0 / 4530 / 4C50 / 4EA0 / 5810 to 00, which was perfectly cancelled Edited May 26, 2020 by Smile 1 Link to comment Share on other sites More sharing options...
isleep2late Posted May 27, 2020 Author Share Posted May 27, 2020 Thanks for that info @Smile! I got a chance to look even further into this and as it turns out, there's an ENTIRE set of hidden "02"'s and "01"'s (and I'm almost positive there are others) scattered around the a/1/7/0 garc that basically dictate all Battle Maison restrictions, opening a ton of more doors for additional research if anyone wants to pry them open. Following your suggestions, I think I did a flat Control + Replace (CTRL + R) on all 02 -> 00 which led to pretty much unbanning Soul Dew in the Super Double Battles, Super Triple Battles, but normal Triple Battles was somehow randomly still not even allowing any of the banned pokemon, so I was very confused..... But TL;DR: If you want to get rid of the most restrictions, do a Control + Replace on the 101 byte repetitions outlined by Kaphotics (there should be 29 iterations in ORAS) and then do a CTRL + R on all 02 -> 00 and THEN do a CTRL + R on all 01 -> 00. This leads to some pretty funny results, allowing more than 3 Pokemon to be submitted in certain formats (I think 4 in regular singles, and your entire team in super singles). I did even more screwing around and I somehow randomly got rid of the Species Clause in one of the Rotation formats.... but I can't remember exactly what I did (I'm really sorry!) But if you sift through enough of the "unique" characters and slowly get rid of them, I think you'll get there. I'll let you know if I find anything else, but I think that's it for now! Link to comment Share on other sites More sharing options...
Smile Posted May 27, 2020 Share Posted May 27, 2020 11 hours ago, isleep2late said: Thanks for that info @Smile! I got a chance to look even further into this and as it turns out, there's an ENTIRE set of hidden "02"'s and "01"'s (and I'm almost positive there are others) scattered around the a/1/7/0 garc that basically dictate all Battle Maison restrictions, opening a ton of more doors for additional research if anyone wants to pry them open. Following your suggestions, I think I did a flat Control + Replace (CTRL + R) on all 02 -> 00 which led to pretty much unbanning Soul Dew in the Super Double Battles, Super Triple Battles, but normal Triple Battles was somehow randomly still not even allowing any of the banned pokemon, so I was very confused..... But TL;DR: If you want to get rid of the most restrictions, do a Control + Replace on the 101 byte repetitions outlined by Kaphotics (there should be 29 iterations in ORAS) and then do a CTRL + R on all 02 -> 00 and THEN do a CTRL + R on all 01 -> 00. This leads to some pretty funny results, allowing more than 3 Pokemon to be submitted in certain formats (I think 4 in regular singles, and your entire team in super singles). I did even more screwing around and I somehow randomly got rid of the Species Clause in one of the Rotation formats.... but I can't remember exactly what I did (I'm really sorry!) But if you sift through enough of the "unique" characters and slowly get rid of them, I think you'll get there. I'll let you know if I find anything else, but I think that's it for now! My Triple Battles are ok, still lift the restriction Link to comment Share on other sites More sharing options...
isleep2late Posted June 29, 2020 Author Share Posted June 29, 2020 (edited) Ah okay, it seems my game at times wouldn't allow me to even view my party, at times would but the pokemon would show up as banned. So there were internal inconsistencies when altering the banlist with how the game was registering that a pokemon was banned (either the individual pokemon would show up as banned or the entire party box would not be selectable, depending on the battle format). But I think i solved that today after discovering how to remove *literally every* restriction, but first: On 11/1/2018 at 11:09 AM, deadmza said: So there are any news about where are the files on Pokemon XY? I'm really looking foward to unban mythicals most important @deadmza I didn't get to look through every file to check file a/1/8/9, because there is at least one instance of the infamous "C0..." banlist byte in that location if you extract an X/Y rom. It appears the structure of the game is quite different from ORAS which is worth investigating (also sorry that this is coming like 2 years late lol) SO BIG UPDATE! I figured out how to remove the 510 EV limit on all Pokemon lol. At first I truly didn't think this was possible as I edited literally everything in the ORAS file (this only applies to ORAS as that's the one game I'm interested in. USUM and presumably SM already have this restriction removed I'm pretty sure). However, I took a shot in the dark and I have no idea exactly which location the bytes are, but here's what I did: 1. Removed the pokemon species banlist using the replacement of the "C0..." bytes with all 00's. 2. Replaced all "02" and "01" with "00" (pretty sure you just need to replace 02 but I did 01 just in case) 3. It was random and arbitrary, but I did a complete swap of every hex value from 0004550 onwards to "00 00..." I know my methods are not entirely scientific, but this got the job done and I'm not sure what if any side effects/repercussions this would have, but it appears a/1/7/0 is the file solely designed to address all banlist restrictions in every which way in ORAS, ORAS/X/Y appears to be INCREDIBLY strict with their banlist vs every other generation, and for whatever reason some of these limitations (the 510 EV limit) just aren't there in Gen 7 (or Gen 5). In fact, it's also removed in Sword and Shield... and actually you can pretty much play anything you want in Sword and Shield, which is pretty great because that seemed quite intentional and is the right direction for Nintendo to be going with these casual in-game battles going forward. EDIT: Sorry, today I tested this again and it looks like I was mistaken.... no idea what happened but it appears the 510 ev limit was not bypassed.... my mind must be seeing things because i could've sworn it worked yesterday. However.... An even easier way to remove all the restrictions found in gark a/1/7/0 is to zero out everything between the two " / /"'s in the beginning of the code, making sure to leave the 5 and the stuff before it intact. Idk if i'm making sense at this point... Edited June 30, 2020 by isleep2late Link to comment Share on other sites More sharing options...
joshNathan07 Posted January 5, 2021 Share Posted January 5, 2021 Has anyone found the GARC file for X & Y yet? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now