Jump to content

[SOLVED] Some progress I might've made in removing Battle Maison/Battle Tree restrictions / banlist


Recommended Posts

Not sure if this is the right place as I don't know how much of a breakthrough this is so mods please let me know if this should be moved elsewhere. There's been multiple posts asking about how to remove the banned Pokemon restrictions on Battle Maison in X/Y/ORAS (Some people are even offering bitcoin incentives to have this figured out). I've spent pretty much the entire day working on this/trying to figure this out but for the life of me could not, so to have this day not go to waste I'd like to share some of the progress/things I found out and discovered along the way. Hopefully someone out there can pick this project up and finish working on it.

So how do you remove the Battle Maison restrictions? My conclusion, after a lot of experimenting, is that you have to edit the DllBattlePartySelect.cro file. Here are my reasons:

1) After messing with that .CRO file, I rebuilt romfs using PK3DS, loaded the patch using Hans, and my game was running completely fine up until the point where the Battle Maison lady asks me to select Pokemon. The game freezes at a black screen and I'm forced to power off.

2) I messed with DllBattlePartySelect.cro by reading it through a Hex editor. Call me crazy, call this a conspiracy theory, but there are 31 instances of the Hex-value sequence "FE FF EB" in that file, and there are exactly 31 Pokemon banned in Battle Maison.

Now I know it's been said before that CRO files can't be edited, and if they do then the game just crashes, but after some research I came across this thread and heard people saying that CRO editing works with Luma3DS (I use Gateway3DS for launching Hans using homebrew). So I spent time setting up Luma and between the CRO resigner and Luma I couldn't get anything to work lol. After patching static.crr with cro_tool.exe the game wouldn't boot so I used the old static.crr, and patching the romfs into a .cia file for Luma3DS didn't work either...

So in short, editing DllBattlePartySelect.cro by modifying the 31 iterations of the "FE FF EB" hex values is my best guess at figuring out how to remove Battle Maison restriction (I am using Alpha Sapphire, sorry if that becomes relevant). The million-dollar question is figuring out how to edit CRO files using a Hex Editor without having the game crash. Maybe Kaphotics or SciresM would know how to do this. I know there are some CRO editing capabilities that Pk3DS has, but still no way to edit that golden DllBattlePartySelect.cro file.

 

Edit 9/24: Solved for ORAS. Still need to find the garc location for X/Y (if anyone really cares). As well as for SuMo's Battle Tree. 80% sure this will be the same for Ultra Sun and Moon, but it would be naive for me to say that about a game that hasn't even been released yet.

EDIT 9/25: Confirmed working for Sun and Moon. tl;dr: GARC location for ORAS is a/1/7/0, for SuMo it is a/1/3/7. Replace the bytes quoted by Kaphotics with 0's and you're good to go!

EDIT 9/26: You can now remove Soul Dew clause in Gen 6 games, rendering the banlist completely lifted! The only type of Pokemon to still be banned in Battle Maison is one whose total EVs exceed 510 (this is allowed in SM, don't ask). (REDACTED BUT EVENTUALLY SOLVED IN 2020)

EDIT 6/29/2020: garc location for X/Y found (??), Soul Dew and 510 EV limit removed in ORAS (X/Y/gen 6?). You can also apparently enter more Pokemon than normally allowed (such as 4  Pokemon in a Singles 3v3). [510 EV Limit bypass not reached... sorry my mistake)

Edited by isleep2late
Successfully lifted Soul Dew ban in ORAS
  • Like 1
  • V-Wheeeeeel!!! 1
Link to comment
Share on other sites

  • 9 months later...

Well just today I spent several hours (the whole day pretty much) revisiting this little research project. My fear is that it would be in a .CRO file, because those are obviously harder to edit and have the ROM properly function. So I went through every GARC file in the a folder, basically deleting each of them and building a new rom with a different single garc file missing every time (Citra 3DS was a godsend in allowing this to happen without a 3DS). The reason for this madness was that, IF the banlist was in a garc, I could discover this garc if one of these temporary "test dummy" roms faced a fatal error upon selecting a team of Pokemon during Battle Maison. This might have been how the narc in BW2 Battle Subway was discovered, as I tested deleting a\1\0\6 in Black 2 (thanks to this thread) and running the game. When that happened, the game would freeze at some point talking to the subway worker, so I figured the same thing should happen when talking to the maison employee when the proper garc was deleted.

Here are my results: the file in BW2 is roughly 8 kb in size, so I would expect the file, if it were to exist, to at least be 9 kb or anywhere from 10 kb to 20+ kb, but it wasn't out of the question that it could be less than 8. Therefore, I tried to be selective in my decision process as to which garcs to delete. I obviously didn't go through all of them, as this pastebin has 90% of the work cut out, and so anything that was clearly described to be unrelated to Battle Maison I skipped. I believe I had an "aha!" moment at a\1\0\1 but then I realized I reached the fatal error when opening up my party through regular means, meaning that wasn't it. And then at a\2\2\6 I discovered the SAME type of error that was reproduced in BW2 Subway, which made me believe this was truly the garc, since it fit all the criteria being a) not mentioned in the pastebin and b) about 20 kb in size.... So I tried dissecting the unpacked GARC. I can go more into detail with what I did, but suffice it to say at least some of the data involves the UI of the party selection (ironic... because as I'm typing this, that is what I thought DllBattlePartySelect.cro was for, which was the original reason why I moved away from the CRO theory). And so because this garc deals more with the actual interface and design of the Maison party selection screen, I am 95% confident that this was a red herring (Although any one reading this is more than welcome to prove me wrong if you can analyze that GARC a little further).

Finally, I decided to give up, and I am back to square one. I guess I should share my garc findings with everyone publicly, so I'll attach the word document I made containing some of the notes I've made on all the garcs (please don't expect something big from these notes... they're very disorganized and anticlimactic lol). There are probably still some garcs left unfinished, so if anyone wants to try this at home... hopefully this document will save you a bit of time.

As for what ABZB has discovered, I would say that is a very curious and suspicious finding... I am very reluctant about the FE FF EB thing as well. Now I'm starting to think it was a huge coincidence and that I really should've kept my mouth shut about those hex values or I look like an idiot lol. I've tried many different things, from changing FE FF FB to FE 00 FB or to 00 00 00 and using cro tools and/or doing it without cro tools... I'm not an experienced computer programmer nor do I have very much experience with HEX editing or any of these sort of things (though I have learned quite a bit from this venture). But hopefully everything I have just said and laid out for you guys is something that, for the next person who wants to attempt to remove Battle Maison/BattleRoyal/BattleTree (or whatever SuMo equivalent) banlist restrictions, will bring you one step closer.

 

tl;dr: The banlist might possibly be in a\2\2\6 if it is a GARC but is more than likely still in the DllBattlePartySelect.cro file after ABZB's response, even though I thought that was no longer the case. If the latter is true, then it will be a huge pain in the neck, and may or may not have anything to do with the sequence "FE FF EB". Either way, I no longer have the time to work on this (at least not for the next couple weeks before my exam :P )

documentation for battle maison readme.docx

Link to comment
Share on other sites

After some thought:

If the "FE FF FB" is how the banlist is implemented, either
a) there must be somewhere a list of index numbers that matches up somehow to those "FE FF FB"

or

 

b) There is a series of fixed length blocks, with "FE FF FB" indicating a ban and some other values in that offset (per block) indicating permitted.

 

First, I'm going to do the math and see if the offsets between the "FE FF FB" make sense for case b. If they do, I'll see if there is a consistent value for that offset in the other blocks and go from there (for example, I'd expect to see two consecutive instances early on (Mewtwo & Mew), with the next instance coming at (mew location - mewto location)*0x98+mew location (Lugia)). 


If that test fails, I will then write and try the following two programs:

 

1a) Search through every file, starting with our suspects, looking for any string that shows up in that file at n*X, where n is a positive integer and X is a 1x38 matrix whose values are the index numbers of the banned pokemon (in case the egg is not banned in the same way/location as the rest).

 

1b) same as 1a, but convert the hex to binary and look for a string of binary digits with the desired property (in this case, looking for one of the two the binary numbers 802 bits long, either the one which is 1 for the banned indices and 0 everywhere else, or vice versa.


2) Parse through all the files (starting with our suspects) looking first for instances of the index numbers of the banned pokemon (write them to a text file along with their offsets, see if there are any likely-looking clusters (as in case a)).

Also, as an aside, I know that the SM shop.cro file is editable by pk3ds, and works with Luma drag&drop, so there is presumably some working method, at least as of the date that Dio Vento released his SM mod.

Link to comment
Share on other sites

Hmm, I'm not sure if this gets us anywhere, but I was able to successfully edit DllBattlePartySelect.cro and have the game run without the game crashing. The bad news is I got rid of a segment containing "FE FF EB" without any significant changes to the game, which makes me think this is not the likely culprit. Here's what I did...

 

1) I replaced offsets 000005D0x08 through 000005E0x07 with all 0's

2) Copied and pasted the cro_tool.exe file in the romfs folder, copied and pasted static.crr from the .crr folder to the romfs folder, then clicked and dragged this file onto cro_tool.exe, which supposedly is the way you're supposed to use cro_tools (it helps to have two separate File Explorers of the same romfs folder side by side). By the way, not doing this step will cause the game to not load, which is the original problem with CRO files.

3) Built the rom, then proceeded to test each and every pokemon that is banned in battle maison to see if it was unbanned. Turns out... they're all still banned, lol

 

So in conclusion, it's possible to edit "FE FF EB" successfully, but this likely won't be the solution to removing the banlist. I tested all 31 banned pokemon plus any pokemon holding Soul Dew. All were still banned, but I did not test the egg. However, there being only 31 instances of this sequence and there being 31+egg+Soul Dew doesn't really add up....

Interestingly, the sequence "10 A0 E3" appears 66 times, and that is about how many different banned pokemon there are if you include their forms (ie. Mewtwo, Mewtwo X, Mewtwo Y, Arceus-Bug, Arceus-Ghost, etc etc). But this is again grasping at straws. The good news is that it IS possible to edit this CRO file while successfully getting the game to work. But replacing a large amount of the code with 0's will not work.... so the question is what did I actually affect when I performed Step 1 and how much of that can I do before the game decides to crash.

Still, I am interested in your findings @ABZB so keep us posted! As an aside to you btw, are there any iterations of "10 A0 E3" in the SuMo CRO? I'm starting to think that since the data in the game when looking at the Pokemon data in whatever GARC it's in has separate Pokemon identifications for different forms, so is the case for the banlist. (ie. the game distinctly recognizes Mewtwo X as a different "species" than Mewtwo in its code. That's how pk3DS works and that's also how PKHeX works when looking at the source code, and that is also how the ROM data works when unpacking the garc file.

 

PS: If my "10 A0 E3" theory is correct, and I did somehow make a change in Step 1 ("10 A0 E3" is within those offsets), then I would expect that one of the alternate Pokemon forms was unbanned. But I don't have the patience to go through every banned Pokemon form. Not tonight at least lol. Anyone else feel free to test it out. I'll leave this alone for now so it'll give me something to work on over the weekend. If this is the case, then the "FE FF EB" theory is not dead afterall, since it could very well correlate to Pokedex # (which is not the same as Pokemon species if you count megas/primordials as separate).

 

*Edited* Formatting. Also wanted to say that I am now 99% positive that DllBattlePartySelect.cro is the file that contains the banned Pokemon. This is because if you look at my previous post on this thread, the garc file that I thought was the culprit turned out to change the appearance/User Interface of the "Battle Party Select" part of the game. When messing with the garc and messing with the cro I get the same issue of crashing at the same spot, but the garc I now know is responsible for the UI, so the cro has to be dealing with the content of that segment of the game (i.e. determining the legality of a Pokemon). It also fits intuitively with what the other CRO files do (picking out a starter pokemon, etc). And finally, I just want to say that once this is figured out for ORAS, it should not be at all different from SuMo, which I am also most certainly interested in removing the banlist for as well. Baby steps, but we are definitely getting somewhere now.... It's only a matter of time ;)

Edited by isleep2late
  • Like 1
Link to comment
Share on other sites

Remember this? Have you tried editing it?

In the exefs is a 38 count list of species IDs:

.data.r:0059E870 word_59E870     DCW 150, 151, 249, 250, 251, 382, 383, 384, 385, 386, 483
.data.r:0059E870                 DCW 484, 487, 489, 490, 491, 492, 493, 494, 643, 644, 646
.data.r:0059E870                 DCW 647, 648, 649, 716, 717, 718, 719, 720, 721, 789, 790
.data.r:0059E870                 DCW 791, 792, 800, 801, 802

 

It's called by PokeRegulation::CheckLegend, which looks like this:

signed int __fastcall PokeRegulation::CheckLegend(PokeRegulation *this, int a2, unsigned __int8 a3)
{
  signed int v3; // r1@2
  __int16 *v4; // r2@5
  PokeRegulation *v5; // r12@5
  bool v6; // zf@5

  if ( this != 670 ) // floette
  {
    v3 = 0;
    while ( 1 ) // iterate until list is finished
    {
      v4 = &word_59E870[v3]; // legend list
      v5 = *v4;
      v6 = v5 == this;
      if ( v5 != this )
        v6 = v4[1] == this;
      if ( v6 ) // ???? dunno, possibly an external banlist having a bitflag set
        break; // returns true
      v3 += 2; // each species is 2 bytes (ushort)
      if ( v3 >= 38 ) // last entry exhausted
        return 0; // false
    }
    return 1; // true
  }
  if ( a2 == 5 ) // AZ Floette
    return 1; // true
  return 0; // false
}

That's probably the function it calls; simplest way for the game to check is to just check all species through a list rather than bitflags, which would be reserved for dynamic banlists (ie rulesets in the save file, in which the goal is to minimize the space used rather than speed).

Link to comment
Share on other sites

Oooh that might be exactly what we're looking for.

The program I was going to scribble was to look for data looking exactly like that...

 

Plan to test after work.

EDIT: Had some time: Looking through the ExrearedExeFS\code.bin, found that string at 49E87 through 49E8BB. replaced every value with Bulbasaur (01 00). Will test later.

Edited by ABZB
Link to comment
Share on other sites

Hmm.. Unfortunately this doesn't seem to work. I've tried editing both the entire exefs.bin as well as the code.bin, replaced those respective bytes you mentioned with all 0's (rather than 01 00), and it didn't change anything. In fact, the proof that it didn't change anything lies in the fact that when looking at the banned pokemon which in Sun and Moon is made explicit in a display list, all the Pokemon that are banned are still listed and it continues to recognize those marked as legendary as banned.

 

I did put a lot of thought into the idea that there could be a list of banned pokemon that you simply have to edit, but it looks like even though there is a recognized list of legendary pokemon, this is not what the game references when they identify banned pokemon. The good news, for me at least, is that I finally know how the files identify pokemon lol. I always knew Mewtwo and Mew were "96" and "97", but I just didn't know how the game recognized 3-digit hex index numbers based on this incredibly useful resource. Turns out the first number is made to be the second byte, so that Guzzlord's "31F" becomes under a hex editor (such as HxD) "1F 03" (this isn't banned, just being used for demonstration purposes). Now it's just a matter of figuring out which file (is it still in CRO? Is exefs off the table now?) contains these identifiers. It's not necessarily going to be all nicely adjacent to each other like in exefs.bin/code.bin

Link to comment
Share on other sites

Corroboration.

I think the next step is me writing a program which looks through every file for every instance of each of the legendary's numbers, spit back a list of the ones that have occurrences of all of them, then narrow down from there.

  • V-Wheeeeeel!!! 1
Link to comment
Share on other sites

I looked deeper into regulation and I found something interesting:

https://pastebin.com/5FwTiami

We know that the player has to select a team, and the game has to know if that pkm is allowed or not.

I assume if the sublegends/legends list wasn't directly used, then it'd be the bitflag alternative.

Since we know the legends are the only ones banned, and only species are banned... (using PKHeX's legends list and c#):

bool[] value = (new bool[808]).Select((z, i) => Legal.Legends.Contains(i)).ToArray();

byte[] data = new byte[value.Length>>3];
for (int i = 0; i < value.Length; i++)
    if (value[i])
        data[i >> 3] |= (byte)(1 << (i & 7));
		
File.WriteAllBytes(@"D:\bans", data);

This generates a 101 byte file:

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 C0 00 00 00 00 00 00 00 00 00 00 00 00 0E 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C0 
07 00 00 00 00 00 00 00 00 00 00 00 98 7E 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
D8 03 00 00 00 00 00 00 00 F0 03 00 00 00 00 00 
00 00 E0 01 07

I searched thru the decrypted ROM and found it in multiple places. Try clearing the appropriate bitflags everywhere (or maybe just replace this chunk with 101 zeroes). Stop after F0 03 for ORAS (728 bits, 91 bytes).

  • Thanks 1
Link to comment
Share on other sites

SUCCESS!!!

Replace all 29 instances of that ^ with all 0's in the garc located at a\1\7\0 and you will be able to use your Mega Mewtwo's and Primordial Groudons to your heart's desire in Battle Maison :) (Ignore the "E0 01 07" for ORAS games I guess, as well as X and Y).

Have not tested this yet for Sun and Moon but if it was as easy as it was for ORAS then it shouldn't be difficult. I'll bet it'll be the same for Ultra SuMo as well, if not similar.

  • Like 1
  • Amazed 1
Link to comment
Share on other sites

Can confirm this works on Sun and Moon as well (I knew it would, but just confirming that it in fact does). the garc for SuMo is located at a/1/3/7. Just replace all instances of that code once again with 0's (including the "E0 01 07" bit). If you're doing a Ctrl + F or Search and Replace, I would start off with "C0" rather than the bunch of 00 00's. There are only 14 iterations of that code, which is very very unusual because there were 29 instances in ORAS and a different amount in BW2. So I guess the moral of the story is that it's all encrypted, and there is no rhyme or reason to the "number of banned pokemon" to the number of banned code reptitions. I've made a video demonstration on my channel which I will not share in this post, but here is some additional photographic proof:

22014541_1873804292635316_526048485_n.jp

21984480_1873804232635322_725665466_n.jp

22053317_1873804262635319_1998232797_n.j

Next step: Edit number of pokemon and pokemon level! lol jk... Also for what it's worth, the file size in ORAS is 33 kb whereas for SuMo it's 29 kb (and it's 8 kb in Gen 5 for comparison even though i know NDS is different). I think that's rather interesting, and sheds some light into the structure of the ways these garcs are organized. 

Another interesting tidbit: Neither of these banlist garc locations were figured out during the initial decryption phase of R&D. In ORAS, the garc was labeled

a\1\7\0 - 53 * 604 bytes Battle Video Info Markup Template

from this pastebin uploaded by Kaphotics and it was labeled 

a\1\3\7 - com_seasand02 02_beachslope

from this GBATemp repost by BelmontSlayer. I would be interested to know if a/1/7/0 does still contain a Battle Video Template, because I wasn't sure if each garc did only one specific thing or if they could do multiple things. But anyway, thank you so much Kaphotics for your help and ABZB for all your contributions! I know a lot of people have been asking about this and I'm glad the community can finally put this issue to rest.

BTW, I still don't have it for X and Y and I'm not sure if anyone wants it for X/Y. I won't waste time finding the garc for XY unless someone wants me to (or you can just do it yourself :P )

  • Amazed 1
Link to comment
Share on other sites

32 minutes ago, isleep2late said:

Can confirm this works on Sun and Moon as well (I knew it would, but just confirming that it in fact does). the garc for SuMo is located at a/1/3/7. Just replace all instances of that code once again with 0's (including the "E0 01 07" bit). If you're doing a Ctrl + F or Search and Replace, I would start off with "C0" rather than the bunch of 00 00's. There are only 14 iterations of that code, which is very very unusual because there were 29 instances in ORAS and a different amount in BW2. So I guess the moral of the story is that it's all encrypted, and there is no rhyme or reason to the "number of banned pokemon" to the number of banned code reptitions. I've made a video demonstration on my channel which I will not share in this post, but here is some additional photographic proof:

22014541_1873804292635316_526048485_n.jp

21984480_1873804232635322_725665466_n.jp

22053317_1873804262635319_1998232797_n.j

Next step: Edit number of pokemon and pokemon level! lol jk... Also for what it's worth, the file size in ORAS is 33 kb whereas for SuMo it's 29 kb (and it's 8 kb in Gen 5 for comparison even though i know NDS is different). I think that's rather interesting, and sheds some light into the structure of the ways these garcs are organized. 

Another interesting tidbit: Neither of these banlist garc locations were figured out during the initial decryption phase of R&D. In ORAS, the garc was labeled


a\1\7\0 - 53 * 604 bytes Battle Video Info Markup Template

from this pastebin uploaded by Kaphotics and it was labeled 


a\1\3\7 - com_seasand02 02_beachslope

from this GBATemp repost by BelmontSlayer. I would be interested to know if a/1/7/0 does still contain a Battle Video Template, because I wasn't sure if each garc did only one specific thing or if they could do multiple things. But anyway, thank you so much Kaphotics for your help and ABZB for all your contributions! I know a lot of people have been asking about this and I'm glad the community can finally put this issue to rest.

 

BTW, I still don't have it for X and Y and I'm not sure if anyone wants it for X/Y. I won't waste time finding the garc for XY unless someone wants me to (or you can just do it yourself :P )

You made a mistake in your post, Sun/Moon are called SM for short

Link to comment
Share on other sites

Ah my bad lol. Looks like from the projectpokemon discord there are some people who still play XY and already people working on finding the GARC for that.

I also want to point out that this method does not unban Soul Dew from ORAS. Soul Dew removal is possible, and it took me quite some time to figure this out. I started by continuing the search for those bytes in the rest of the GARCs, nothing. Then I went back to a/1/7/0 and slowly hex edited every piece of data to "00 00 00..."s. My Slowbro holding a Soul Dew was still banned (lol). Then I hex edited some of the stuff in the beginning of that file to all 0's and finally my slowbro was unbanned. It looks like you can start at offset 00000102 and just hold 0 until you're at the end of the file, lol (it helps to click on different parts of the file while you're holding 0.... but really it's that initial list of bytes starting early up in that file that determines that soul dew is banned.) I'm guessing this can be explained by the fact that that list of hex values are items? Not entirely sure tbh, since according to this bulbapedia article Soul Dew's hex value is E1 but that is nowhere to be found. But then again neither are the hex values of any of the legendary pokemon, so long story short everything in the game is pretty uniquely obfuscated.

BTW, idk about the very first bytes in that file but it's interesting to note that in Black and White (2), changing everything to 0 in the "banlist" narc causes the game to crash. That is not the case in Gen 6. And this process is not necessary in SM (I said it right this time haha) as Soul Dew is not banned (it got a nerf wherein it only buffs psychic and dragon type moves by 20%... lame).

 

So that's about it! Everything I ever wanted to figure out how to do has finally been figured out. I haven't tested other clauses such as item clause or species clause (i know this does not remove item clause in SM Battle Tree). I guess that would be the next logical step, but I'm pretty content with stopping here. Some people have been asking me to make a tutorial on how to do this, which I'm not opposed to doing, but everything can already be figured out from reading the past 12 posts on this thread.

As an aside, I would highly discourage anyone from doing this and playing the edited ROM on a 3DS while using the internet. I don't know for a fact that this would get you banned, I just think it makes good sense to protect yourself from that risk. Please, if you try this at home, play your ROM while your 3DS's internet switch is turned OFF!

 

EDIT 5/25/2020: See below for my corrected statement, and the exact offsets for correctly removing the Soul Dew Clause

Edited by isleep2late
Link to comment
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • 11 months later...
  • 9 months later...

For USUM, the banlist is:

 

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 C0 00 00 00 00 00 00 00 00 00 00 00 00 0E 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C0 
07 00 00 00 00 00 00 00 00 00 00 00 98 7E 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
D8 03 00 00 00 00 00 00 00 F0 03 00 00 00 00 00 
00 00 E0 01 87

 

It occurs at the following offsets in a/1/4/1:

0760-07C4
1558-15BC
2350-23B4
3148-31AC
4890-48F4
4D38-4D9C
51E0-5244
5688-56EC
5B30-5B94
5FD8-603C
6480-64E4

 

I suppose that each instance is called by a different battle mode.

Link to comment
Share on other sites

  • 2 months later...
On 9/26/2017 at 11:42 AM, isleep2late said:

It looks like you can start at offset 00000102 and just hold 0 until you're at the end of the file, lol (it helps to click on different parts of the file while you're holding 0.... but really it's that initial list of bytes starting early up in that file that determines that soul dew is banned.)

So everything after 0x102 in a/1/7/0 is worthless? The file doesn't account for anything else?

Link to comment
Share on other sites

  • 6 months later...
On 11/14/2019 at 5:52 AM, PokeMaster99999 said:

So everything after 0x102 in a/1/7/0 is worthless? The file doesn't account for anything else?

I am so sorry!! I've literally been coming back slowly to Pokemon and I did revisit this project. It took me about 20 hours, but after a million attempts at hex editing and rebuilding, I FINALLY discovered the proper way to removing the Soul Dew clause:

Long story short, unbanning Soul Dew is a matter of changing a few "02"'s to "00"'s at various offsets in the a/1/7/0 garc. For my own convenience I won't list the exact offsets of every bit, but here's a list of them you need to change to 00 which you can find at the specified row (just set HxD rows to 16 and you'll find the offsets):

02 @ 00005CD0
02 @ 00005A70
02 @ 000055C0
02 @ 00005360
02 @ 00005100
02 @ 000049F0
02 @ 00004790
02 @ 000042E0
02 @ 00004080
01 @ 00003E90
02 @ 00003E20
02 @ 00003970
02 @ 00003710
02 @ 000034B0
02 @ 00003250
(set HxD to 16 per row)

Again, apologies that this is only being figured out in 2020 for the very few of you that care. I didn't want to make a new post but I didn't want to necro this one either. Doing what I previously told you to do will not allow you to submit any Pokemon which causes you to have a shiny bulbasaur that auto-concedes to your opponent. Hopefully this helps out anyone in the future! BTW, the only other restrictions are Species Clause (and I think Item Clause?). I haven't fooled around with those restrictions but I don't doubt that they're possible. Removing the Pokemon Banlist and Soul Dew Item Ban list is good enough for me lol

Link to comment
Share on other sites

4 hours ago, isleep2late said:

I am so sorry!! I've literally been coming back slowly to Pokemon and I did revisit this project. It took me about 20 hours, but after a million attempts at hex editing and rebuilding, I FINALLY discovered the proper way to removing the Soul Dew clause:

Long story short, unbanning Soul Dew is a matter of changing a few "02"'s to "00"'s at various offsets in the a/1/7/0 garc. For my own convenience I won't list the exact offsets of every bit, but here's a list of them you need to change to 00 which you can find at the specified row (just set HxD rows to 16 and you'll find the offsets):

02 @ 00005CD0
02 @ 00005A70
02 @ 000055C0
02 @ 00005360
02 @ 00005100
02 @ 000049F0
02 @ 00004790
02 @ 000042E0
02 @ 00004080
01 @ 00003E90
02 @ 00003E20
02 @ 00003970
02 @ 00003710
02 @ 000034B0
02 @ 00003250
(set HxD to 16 per row)

Again, apologies that this is only being figured out in 2020 for the very few of you that care. I didn't want to make a new post but I didn't want to necro this one either. Doing what I previously told you to do will not allow you to submit any Pokemon which causes you to have a shiny bulbasaur that auto-concedes to your opponent. Hopefully this helps out anyone in the future! BTW, the only other restrictions are Species Clause (and I think Item Clause?). I haven't fooled around with those restrictions but I don't doubt that they're possible. Removing the Pokemon Banlist and Soul Dew Item Ban list is good enough for me lol

After editing, I found that super double battle and super triple battle were still forbidden, so I changed 3BC0 / 4530 / 4C50 / 4EA0 / 5810 to 00, which was perfectly cancelled

Edited by Smile
  • Time Gear 1
Link to comment
Share on other sites

Thanks for that info @Smile! I got a chance to look even further into this and as it turns out, there's an ENTIRE set of hidden "02"'s and "01"'s (and I'm almost positive there are others) scattered around the a/1/7/0 garc that basically dictate all Battle Maison restrictions, opening a ton of more doors for additional research if anyone wants to pry them open. Following your suggestions, I think I did a flat Control + Replace (CTRL + R) on all 02 -> 00 which led to pretty much unbanning Soul Dew in the Super Double Battles, Super Triple Battles, but normal Triple Battles was somehow randomly still not even allowing any of the banned pokemon, so I was very confused.....

 

But TL;DR: If you want to get rid of the most restrictions, do a Control + Replace on the 101 byte repetitions outlined by Kaphotics (there should be 29 iterations in ORAS) and then do a CTRL + R on all 02 -> 00 and THEN do a CTRL + R on all 01 -> 00. This leads to some pretty funny results, allowing more than 3 Pokemon to be submitted in certain formats (I think 4 in regular singles, and your entire team in super singles). I did even more screwing around and I somehow randomly got rid of the Species Clause in one of the Rotation formats.... but I can't remember exactly what I did (I'm really sorry!) But if you sift through enough of the "unique" characters and slowly get rid of them, I think you'll get there. I'll let you know if I find anything else, but I think that's it for now!

Link to comment
Share on other sites

11 hours ago, isleep2late said:

Thanks for that info @Smile! I got a chance to look even further into this and as it turns out, there's an ENTIRE set of hidden "02"'s and "01"'s (and I'm almost positive there are others) scattered around the a/1/7/0 garc that basically dictate all Battle Maison restrictions, opening a ton of more doors for additional research if anyone wants to pry them open. Following your suggestions, I think I did a flat Control + Replace (CTRL + R) on all 02 -> 00 which led to pretty much unbanning Soul Dew in the Super Double Battles, Super Triple Battles, but normal Triple Battles was somehow randomly still not even allowing any of the banned pokemon, so I was very confused.....

 

But TL;DR: If you want to get rid of the most restrictions, do a Control + Replace on the 101 byte repetitions outlined by Kaphotics (there should be 29 iterations in ORAS) and then do a CTRL + R on all 02 -> 00 and THEN do a CTRL + R on all 01 -> 00. This leads to some pretty funny results, allowing more than 3 Pokemon to be submitted in certain formats (I think 4 in regular singles, and your entire team in super singles). I did even more screwing around and I somehow randomly got rid of the Species Clause in one of the Rotation formats.... but I can't remember exactly what I did (I'm really sorry!) But if you sift through enough of the "unique" characters and slowly get rid of them, I think you'll get there. I'll let you know if I find anything else, but I think that's it for now!

 

My Triple Battles are ok, still lift the restriction

Link to comment
Share on other sites

  • 1 month later...

Ah okay, it seems my game at times wouldn't allow me to even view my party, at times would but the pokemon would show up as banned. So there were internal inconsistencies when altering the banlist with how the game was registering that a pokemon was banned (either the individual pokemon would show up as banned or the entire party box would not be selectable, depending on the battle format). But I think i solved that today after discovering how to remove *literally every* restriction, but first:

On 11/1/2018 at 11:09 AM, deadmza said:

So there are any news about where are the files on Pokemon XY? I'm really looking foward to unban mythicals most important

@deadmza I didn't get to look through every file to check file a/1/8/9, because there is at least one instance of the infamous "C0..." banlist byte in that location if you extract an X/Y rom. It appears the structure of the game is quite different from ORAS which is worth investigating (also sorry that this is coming like 2 years late lol)

 

SO BIG UPDATE!

I figured out how to remove the 510 EV limit on all Pokemon lol. At first I truly didn't think this was possible as I edited literally everything in the ORAS file (this only applies to ORAS as that's the one game I'm interested in. USUM and presumably SM already have this restriction removed I'm pretty sure). However, I took a shot in the dark and I have no idea exactly which location the bytes are, but here's what I did:

1. Removed the pokemon species banlist using the replacement of the "C0..." bytes with all 00's.

2. Replaced all "02" and "01" with "00" (pretty sure you just need to replace 02 but I did 01 just in case)

3. It was random and arbitrary, but I did a complete swap of every hex value from 0004550 onwards to "00 00..."

I know my methods are not entirely scientific, but this got the job done and I'm not sure what if any side effects/repercussions this would have, but it appears a/1/7/0 is the file solely designed to address all banlist restrictions in every which way in ORAS, ORAS/X/Y appears to be INCREDIBLY strict with their banlist vs every other generation, and for whatever reason some of these limitations (the 510 EV limit) just aren't there in Gen 7 (or Gen 5). In fact, it's also removed in Sword and Shield... and actually you can pretty much play anything you want in Sword and Shield, which is pretty great because that seemed quite intentional and is the right direction for Nintendo to be going with these casual in-game battles going forward.

EDIT: Sorry, today I tested this again and it looks like I was mistaken.... no idea what happened but it appears the 510 ev limit was not bypassed.... my mind must be seeing things because i could've sworn it worked yesterday. However....

An even easier way to remove all the restrictions found in gark a/1/7/0 is to zero out everything between the two " / /"'s in the beginning of the code, making sure to leave the 5 and the stuff before it intact. Idk if i'm making sense at this point...

Edited by isleep2late
Link to comment
Share on other sites

  • 6 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...