Jump to content

research Gen 3 Event Generation Algorithm Research (10ANNIV, etc)


Recommended Posts

I was reading posts on the Pokemon ribbons discord server and something about Japan not having an E-reader Eon ticket came up.

Originally I was thinking of the possibility of mixing records between an English and Japanese Emerald and a Japanese Ruby. Using 2 link cables and 3 GBA's. But then it crossed my mind. If that works, could you send an English Eon ticket to the Japanese games?

 

The reason this crossed my mind was the possibility of sending Regi dolls easier. I don't know how the games handle the situation of 1 compatible game and one incompatible.

Link to comment
Share on other sites

I cracked the PCNYabcd algorithm! It uses a variation of BACD algorithm with unrestricted seeds. PIDH is xor'd against PIDL, TID, and SID.

This algorithm makes antishiny detection easier (PIDH is less than 8 before alterations)  and presumably if the pokemon becomes shiny, it could be easily modified. I don't have any specimens that require antishiny though.

 

A few factors prevented this from being detected earlier. Mainly it was a bug in my check code from 2013. The check code didn't matter prior though cause it turns out almost all of the PCNY I received from people were hacks. The pokemon from Pokemon Secure are mostly hacks too.

And of course the pokemon from GameFAQs on the box save are all completely legit. This is despite Pokemon Secure and others saying they werent.

  • Like 7
  • Thanks 1
  • V-Wheeeeeel!!! 1
  • Amazed 1
  • Proud 2
Link to comment
Share on other sites

13 hours ago, Sabresite said:

And of course the pokemon from GameFAQs on the box save are all completely legit. This is despite Pokemon Secure and others saying they werent.

B|

 

They sat untouched for 11 years before I found them. I met one other person who knew they existed. He claimed they were fakes. He was also from Pokemon Secure. Which is even more hilarious since theirs were more fake than anything. He claimed he got in contact with the original uploader: who apparently couldn't remember if they were fakes or not. 

Edited by HaxAras
  • Like 1
  • Hahaha 3
Link to comment
Share on other sites

On 9/7/2017 at 3:51 PM, Sabresite said:

@Purin,

If the distribution carts were loaded in-house (literally at the office with a dev kit), then it would make sense to have multiple identifiers, but not all will be unique. That is because they would have compiled the ROM on each computer using the dev kit, which makes a specific build identifier, and used that to load the carts.  With 3-5 PCs, you can load 500+ carts in a few hours and you would have 3-5 separate identifiers.

Still not traceable though.  Engineers are notoriously lazy too (personal experience here with myself too).  They delete files they don't want anymore.  They don't migrate files to new PCs cause they don't want to deal with legacy stuff.  They throw projects onto tape drives and literally store them in a closet to rot.  And they never keep track of their own code let alone project builds.  And back in 2003 I doubt they used control systems for compiled ROMs.  Code maybe (CVS), but not ROMs.

There is LOTS of evidence (especially in the code) that the distribution carts were the worst hack job in the world.  They didn't even test them thoroughly.  Literally some junior copy/pasted some code they found. redeemed a single pokemon and declared victory.  Even in 2005/2006, a late mew distribution used jirachi code and mew code together, despite having the aura mew code available.  Probably because the guy making the standard library (gcea/misturin/10 aniv/etc) was not the same guy who was asked to make the other mew.  So the guy used legacy code he found somewhere from 2003, most likely the ruby debug commands (as we know mystry mew also uses old as shit generation).

I think your talking about the AGB gang writer? Yea it could flash multiple from what I've read. All the pictures I've seen of it have 404, but it's similar to the N64 gang writer for flashing the prototype long carts. At least this is what I've determined. Insert one cart copies to the other or some sort. Below is apparently the N64 one. GBA had a similar one as the AGB gang writer. But I think this is the concept we are working with here, a gang writer was used.

gang writer.jpg

well at least the original ones that were copied. LOL "Original" ones, but since all of them are all copies of one... the only "legitimate" part of it would be whose copying it and if they used the official hardware. For example if I were to copy a ROM onto a GBA prototype it's "illegitimate" but that is what was originally done by the developer? So the only difference is who copies it.

Anwho i think these devices are very hard to find, and the original software used to copy and dump very had to find

probably long gone to find the original gang writer and software

probably different bits from different batches or something

IDK just figured I'd share about the gang writer.

Edited by YoshiMoshi
  • Like 2
Link to comment
Share on other sites

  • 1 month later...

It's coincidence. 80 isn't really a high number considering there are 25 Natures, the chance to get 1 of them is 1:25... 
So with 80 different examples it's not too surprising that 1 or 2 Natures are missing, you can do your math.

We really need to know what kind of data it takes from the RAM and what it does with it. Then we can force these Seeds + we need it to generate legal seeds. Who knows what kind of surprises we might find... Like impossible Seeds. It really depends on what the algorithm is.
I even managed to force Seeds about a year ago, but it was a pain without knowing the complete algo and I don't recommend to try it at this point...
It can be achieved by manipulating the save file with an hex editor, but It's not like Wishmaker Jirachi and more complicated.

 

Edit: 
I would like to share some examples...
I thought I had it and managed to get the Seeds 0x0000-0x0007. Then I wasn't able to get 0x0008 and stopped looking further.
Would be more efficient to have a look at the asm and see what actually happens.
 

 

 

0x0000.pk3

0x0001.pk3

0x0002.pk3

0x0003.pk3

0x0004.pk3

0x0005.pk3

0x0006.pk3

0x0007.pk3

Edited by ajxpk
Link to comment
Share on other sites

2 hours ago, ajxpk said:

It's coincidence. 80 isn't really a high number considering there are 25 Natures, the chance to get 1 of them is 1:25... 
So with 80 different examples it's not too surprising that 1 or 2 Natures are missing, you can do your math.

We really need to know what kind of data it takes from the RAM and what it does with it. Then we can force these Seeds + we need it to generate legal seeds. Who knows what kind of surprises we might find... Like impossible Seeds. It really depends on what the algorithm is.
I even managed to force Seeds about a year ago, but it was a pain without knowing the complete algo and I don't recommend to try it at this point...
It can be achieved by manipulating the save file with an hex editor, but It's not like Wishmaker Jirachi and more complicated.

 

Edit: 
I would like to share some examples...
I thought I had it and managed to get the Seeds 0x0000-0x0007. Then I wasn't able to get 0x0008 and stopped looking further.
Would be more efficient to have a look at the asm and see what actually happens.
 

 

 

0x0000.pk3

0x0001.pk3

0x0002.pk3

0x0003.pk3

0x0004.pk3

0x0005.pk3

0x0006.pk3

0x0007.pk3

This is for 10 ANNIV? I wonder how it reseeds then.  Because that changes how antishiny works, as a save file's content doesn't change during generation. @Bond697, any insight into this since you have dived into it?  Also if you still have the IDB, please send it to me and I'll look into it too.

  • Like 1
Link to comment
Share on other sites

Yep. 10ANNIV. All downloaded from the English European Distribution Rom. 
I messed with the save files data, mainly TID and SID to get the result I wanted and it worked.
It definitely uses data from the save files but in a different way than Wishmaker... about how... I really don't know...
I made some notes but it turned out being wrong when I failed to hit the Seed 0x0008 and others too...
Anti-Shiny would be important to know as well.

Link to comment
Share on other sites

On 11/1/2017 at 10:19 AM, ajxpk said:

Yep. 10ANNIV. All downloaded from the English European Distribution Rom. 
I messed with the save files data, mainly TID and SID to get the result I wanted and it worked.
It definitely uses data from the save files but in a different way than Wishmaker... about how... I really don't know...
I made some notes but it turned out being wrong when I failed to hit the Seed 0x0008 and others too...
Anti-Shiny would be important to know as well.

We know when a shiny PID comes up, it reseeds the RNG.

EDIT: We found out that it rerolls if it is shiny.

  • Like 1
Link to comment
Share on other sites

  • 1 month later...

I would like to announce that there's a little christmas gift from @Deoxyz to be found on the Internet and also want to take this opportunity to thank him once again, what he is doing for us is amazing and can't be thanked well enough.

Merry Christmas!

Edit: Also thanks to everyone else involved. Together we have really come far this year when it comes to Gen 3 Events.

Edited by ajxpk
  • Like 2
  • Amazed 1
  • Proud 1
  • Time Gear 3
Link to comment
Share on other sites

  • 3 weeks later...

I think we will need to re-analyze Negaiboshi and it's derivatives. This is due to the fact that the distro roms use R/S's RTC, and do not rely on a master RTC. This involves rewriting legality checking code, and rechecking pokemon files.

Edited by St. GIGA
Link to comment
Share on other sites

25 minutes ago, St. GIGA said:

I think we will need to re-analyze Negaiboshi and it's derivatives. This is due to the fact that the distro roms use R/S's RTC, and do not rely on a master RTC. This involves rewriting legality checking code, and rechecking pokemon files.

Already has been done. Seeds start at 5A0 (Day 1, Hour 1, Minute 1) and increment from there by 1 every minute.

Link to comment
Share on other sites

Yeah, I even uploaded 5 Jirachis yesterday, so you should know... @St. GIGA :D

Btw. Didn't announced it public yet but we know the common seeding procedures now. And no worries in terms of legality checking. 

Edit2: Except for Japanese Events between BGF and Hadou Mew. A lot of things are still unknown about them in terms of Seeds.

Edited by ajxpk
  • Like 1
  • Amazed 1
  • Speechless 1
Link to comment
Share on other sites

Yeah, no flawless Berry Glitch Fix Zigzagoon.
It's ss + mm + hh after all. So the lowest is 0 and the highest is 59 seconds + 59 min  + 23 hours = 141.


Here is a "timed" (can we even call it RNG? lol) Japanese Zigzagoon. Generated on the initial seed 0x00.

 

263 ★ - ジグザグマ - 495100005281.pk3

 

Edited by ajxpk
I wrote days instead of hours. fixed*
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...