Jump to content

colosseum Pokémon Colosseum Bonus Disc Discussion (Wishmaker Jirachi)


Recommended Posts

Hey there!

Recently this caught my attention: tcrf.net/Pok%C3%A9mon_Colosseum#US_Bonus_Disc
I would like to reconstruct it and mess a little bit with the Main Code. I need this also for some research which I want to do.
Does anyone know what's the best way to dump the multiboot file and the best way to decompress the main code?
Would it be an good attempt to just dump the memory from VBA-M's Memory Viewer during the connection process?
Would I still have to decompress it in this case? Because the memory would still be compressed in this case I suppose...

I think there must be better ways so it would be cool to get some expert advise.
I have never done reverse engineering with anything like this, so it would be cool if someone can help me out with this one. 

Thanks in advance!

Edited by ajxpk
  • Like 2
Link to post
Share on other sites
19 minutes ago, ajxpk said:

Hey there!

Recently this caught my attention: tcrf.net/Pok%C3%A9mon_Colosseum#US_Bonus_Disc
I would like to reconstruct it and mess a little bit with the Main Code. I need this also for some research which I want to do.
Does anyone know what's the best way to dump the multiboot file and the best way to decompress the main code?
Would it be an good attempt to just dump the memory from VBA-M's Memory Viewer during the connection process?
Would I still have to decompress it in this case? Because the memory would still be compressed in this case I suppose...

I think there must be better ways so it would be cool to get some expert advise.
I have never done reverse engineering with anything like this, so it would be cool if someone can help me out with this one. 

Thanks in advance!

As ShinyQuagsire was the one who originated posted it (they sourced him of that),
you may consider asking him as well.

AFAIK he has an account on gbatemp (https://gbatemp.net/members/shinyquagsire23.318030/)

  • Like 3
Link to post
Share on other sites

So based on what you said, I went to grab the ISO of EUR Pokemon Channel, and USA Pokemon Colosseum bonus disk.

there are files that contain GBA rom headers inside (pokechan.bin and pokedownload.tgc respectively),

but I haven't managed to get them to load (think -> akin to 10anniv rom; basically cut gamecube out of the process),
but to no avail.

(I even used a program to correct the header checksum)

Link to post
Share on other sites

I managed to emulate it with Dolphin 5.0 and VBA-M WX with some little tweaks...
The emulation didn't worked so well at first but I found out a little trick.
I recognized that Dolphin tries to connect and that the frame rate synced at a specific moment.
And then somehow the connection failed. (no error message yet, it popped up later...)
While my Pokémon Game went to the Start Screen like nothing happened...
This happened most of the time, sometimes it worked but overall it was pretty instable.
Only 1 time I had a stable Emulation at 100% all the time.
Now here is what I did...

I made a savestat at Dolphin Emulator at this point... (saves a lot of time anyway)

PC6E01-1.png


And then I loaded it right after the Game Boy Advance Boot Logo when the Screen looks like this:

Pokemon - Ruby Version (USA).png


Now the connection works all the time! :) 

Edited by ajxpk
  • Like 2
Link to post
Share on other sites
54 minutes ago, ajxpk said:

I managed to emulate it with Dolphin 5.0 and VBA-M WX with some little tweaks...
The emulation didn't worked so well at first but I found out a little trick.
I recognized that Dolphin tries to connect and that the frame rate synced at a specific moment.
And then somehow the connection failed. (no error message yet, it popped up later...)
While my Pokémon Game went to the Start Screen like nothing happened...
This happened most of the time, sometimes it worked but overall it was pretty instable.
Only 1 time I had a stable Emulation at 100% all the time.
Now here is what I did...

I made a savestat at Dolphin Emulator at this point... (saves a lot of time anyway)

PC6E01-1.png


And then I loaded it right after the Game Boy Advance Boot Logo when the Screen looks like this:

Pokemon - Ruby Version (USA).png


Now the connection works all the time! :) 

there hasn't been a way to get it to purely load of VBA right?

Link to post
Share on other sites

@ajxpkNot sure why but all my notifications for this site got sent to my spam folder, so I missed them. I think you also tried to get to me at GBATemp but I completely forgot about it, sorry (usually I try to be decent about actually coming back to those things later but... yeah idk). As for doing modifications with the bonus disk stuff:

The disk might(?) have a multiboot file for GBA (usually extension .mb), I never actually looked on the disk itself, only got a .mb from someone with a large collection of Pokemon multiboot files. Thankfully I still have my IDB for this, so I can give some better specifics here:

This is the stub which actually decompresses the chunk at 0x02000278 (0x278 in the multiboot binary) out to 0x02010000:

wshmkr1.png

As for the restrictions, this is the note I left myself:

wshmkr2.png

The first BNE bad_game is the check to restrict Japanese copies from working, the second is for FRLG (so it does look fairly intentionally removed, which I thought was interesting).

For modification and actually testing it, I can't remember what I used. I may have just used my LZ77 compression/decompression I had for MEH (my map editing tool at the time), there's probably tools out there. Or you can just dump the binary from RAM with well-placed breakpoints. Decompression/recompression does kinda suck though, but nopping isn't that hard (just a 00 00). Testing can work if you boot the multiboot in VBA directly and then use the memory viewer to import the ROM to 08000000. You'll also have to import a save battery file or something like that. Once you have those in place it'll pass all the checks.

Edited by shiny quagsire
  • Like 4
Link to post
Share on other sites

This is probably a little off-topic, but it seems somewhat relevant, and if anyone would know it would be you folks. I've been trying to "replicate" patching the berry glitch using Dolphin + the ZigZagoon distribution game, and VBA with dumps of Ruby and Sapphire.  The only problem is my personal game dumps of R+S both have had the berry glitch patched, and every other v1.0 dump I've tried also seems to have it patched already as well.  To my understanding, the berry glitch has nothing to do with the game save, but with the actual ROM dump itself.  I doubt there is a way to "unpatch" the patch, but I'd like to know if anyone has had any experience in trying to replicate this, it would be much appreciated. Thanks! 

Link to post
Share on other sites

You're right in that the berry glitch fix doesn't touch the save file, but it has nothing to do with the rom.

The Berry Glitch fix sets the RTC on the cartridge 366 days forward if the RTC is between January 1 2000 and December 31st 2000, or manually sets it to January 2 2002 if the Berry Glitch is currently in effect (a.k.a. the RTC is between January 1 2001 and January 1 2002)

Ergo, you will not be able to fix the berry glitch on a cartridge that is currently affected by it using emulators. Likewise, Berry glitch likely may never even occur if playing on emulator even if you used a 1.0 rom. The only way to fix the Berry Glitch is via using real hardware, either an actual Wii/GC running the Demo disk (or Colo/XD), connecting two GBAs together using the Berry Program Update from FR/LG/E, or by using this homebrew with a GBA flashcard to alter the RTC on your cartridge manually.

Link to post
Share on other sites
1 hour ago, Ammako said:

You're right in that the berry glitch fix doesn't touch the save file, but it has nothing to do with the rom.

The Berry Glitch fix sets the RTC on the cartridge 366 days forward if the RTC is between January 1 2000 and December 31st 2000, or manually sets it to January 2 2002 if the Berry Glitch is currently in effect (a.k.a. the RTC is between January 1 2001 and January 1 2002)

Ergo, you will not be able to fix the berry glitch on a cartridge that is currently affected by it using emulators. Likewise, Berry glitch likely may never even occur if playing on emulator even if you used a 1.0 rom. The only way to fix the Berry Glitch is via using real hardware, either an actual Wii/GC running the Demo disk (or Colo/XD), connecting two GBAs together using the Berry Program Update from FR/LG/E, or by using this homebrew with a GBA flashcard to alter the RTC on your cartridge manually.

Thanks for the response! If i'm understanding this correctly, could I in theory alter the RTC using the link you provided to reinstate the glitch?

**Edit** My logic here is that if the berry glitch has nothing to do with the save or the ROM of the game, then there is no value other than the RTC that would be able to flag a cartridge as already receiving the fix.

Edited by Gridelin
Link to post
Share on other sites

In theory you could yeah. As long as your R/S is v1.0 at least ;p

Bulbapedia has a nice explanation on how and why the Berry glitch happens: http://bulbapedia.bulbagarden.net/wiki/Berry_glitch#Explanation

This also means you could "fix" the berry glitch by simply leaving the game there for a year. But no one's got time for that.

I'm not entirely sure how emulators emulate the GBA's RTC, perhaps it could be possible to replicate Berry Glitch if you set the date on your PC to somewhere in 2001, but it's also possible that it is emulated in such a way that the Berry Glitch wouldn't happen, idk. Considering that the RTC on a GBA cartridge starts at Jan. 1 2000 00:00, but a computer's clock can be set as far back as 1900. Maybe the computer's clock would need to be set to somewhere in 1901 for Berry glitch to occur on emulator? ;p In any case though, highly doubtful that any emulator would be able to alter your OS's time like this, so you couldn't really replicate the berry glitch fix on emulator.

(In the future, for questions like this, it's probably better to make your own thread if it's not entirely related to the topic at hand. We don't bite people who make new threads :p)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...