jojo12100 Posted January 19, 2017 Posted January 19, 2017 Hi, I'm looking for a way to save in the demo in order to extract the Lucario, the Roselia and the MimeJr. Any idea? Or will it be possible to extract them via a Memory viewer?
theSLAYER Posted January 19, 2017 Posted January 19, 2017 17 minutes ago, jojo12100 said: Hi, I'm looking for a way to save in the demo in order to extract the Lucario, the Roselia and the MimeJr. Any idea? Or will it be possible to extract them via a Memory viewer? Are you loading this on emulator or ..? If emulator, maybe start by doing state saves?
jojo12100 Posted January 19, 2017 Author Posted January 19, 2017 (edited) 19 minutes ago, theSLAYER said: Are you loading this on emulator or ..? If emulator, maybe start by doing state saves? I try on both emulator and game cardrige. Here the file I got by doing state save. If it can help. Demo.dst Edit: Cannot import the .dst on a Diamond/Pearl rom. Edited January 19, 2017 by jojo12100
Deoxyz Posted January 19, 2017 Posted January 19, 2017 I think the only way would be to extract them directly from the rom.
theSLAYER Posted January 19, 2017 Posted January 19, 2017 Just now, Deoxyz said: I think the only way would be to extract them directly from the rom. Actually I'm digging through the RAM. Since the game usually decrypts the Pokemon when game is running, and the Pokemon is in party, it's possible to find it in the RAM. 2
jojo12100 Posted January 19, 2017 Author Posted January 19, 2017 9 minutes ago, theSLAYER said: Actually I'm digging through the RAM. Since the game usually decrypts the Pokemon when game is running, and the Pokemon is in party, it's possible to find it in the RAM. Yeah that will be awesome, I'll digger too in order to help.
theSLAYER Posted January 19, 2017 Posted January 19, 2017 Just now, jojo12100 said: Yeah that will be awesome, I'll digger too in order to help. First dump arm9 or arm7 (they seem to dump the same information for me), next, search via Moves. I'm presently searching Lucario (8B017E01C6003F01) [in hex, accounted for endianness], which are the 4 moves in exact order, as seen in the summary page. It showed up around 5 times, also nearby Lucario's ID number (C001) [in hex, account for endianness]. I'm not sure if this format is similar to the NDS structure we are aware of, cause some details look different. Blocks A, B, C and D are also likely shuffled, so it'll take a while on my end. 2
jojo12100 Posted January 19, 2017 Author Posted January 19, 2017 To search Roselia 4900590140012800 and for MimeJr 70007F0166003C00
theSLAYER Posted January 19, 2017 Posted January 19, 2017 5 minutes ago, jojo12100 said: To search Roselia 4900590140012800 and for MimeJr 70007F0166003C00 It appears the Pokemon is fragmented across the ram and isn't really like a .pk4 file, but I can't say for sure. To be more accurate, it seems the format is smaller, if you want it extracted, it'll be reconstructed to match our present .pk4 format.
jojo12100 Posted January 19, 2017 Author Posted January 19, 2017 1 minute ago, theSLAYER said: It appears the Pokemon is fragmented across the ram and isn't really like a .pk4 file, but I can't say for sure. To be more accurate, it seems the format is smaller, if you want it extracted, it'll be reconstructed to match our present .pk4 format. No problem, I thought too that unfortunately we have to reconstruct them. I saw this video Apparently you can get starters and play the entire game. So maybe a comparison between a starter obtained in the demo and obtained in the game will help us to reconstruct the .pk4 ?
theSLAYER Posted January 19, 2017 Posted January 19, 2017 8 minutes ago, jojo12100 said: No problem, I thought too that unfortunately we have to reconstruct them. I saw this video Apparently you can get starters and play the entire game. So maybe a comparison between a starter obtained in the demo and obtained in the game will help us to reconstruct the .pk4 ? That isn't really the problem. I've been able to find the information in the demo, such as present PPs, used PPs, Nickname, OT, etc. So reconstruction isn't the problem. Since walk through walls is possible, I'm gonna try something, see you all in a bit. Edit: Look! Oh. At least I tried. 3
jojo12100 Posted January 19, 2017 Author Posted January 19, 2017 8 minutes ago, theSLAYER said: That isn't really the problem. I've been able to find the information in the demo, such as present PPs, used PPs, Nickname, OT, etc. So reconstruction isn't the problem. Since walk through walls is possible, I'm gonna try something, see you all in a bit. Edit: Look! Oh. At least I tried. Such an epic fail ^^ Ok let's recreate them so 1
theSLAYER Posted January 19, 2017 Posted January 19, 2017 15 minutes ago, jojo12100 said: Such an epic fail ^^ Ok let's recreate them so I probably won't do the recreation today, tho.
jojo12100 Posted January 19, 2017 Author Posted January 19, 2017 (edited) @theSLAYEROk where are the SID and IV locations? I'll try to do it Edited January 19, 2017 by jojo12100
theSLAYER Posted January 19, 2017 Posted January 19, 2017 2 minutes ago, jojo12100 said: @theSLAYEROk where are the SID and IV locations? I'll try to do it As far as I can tell, TID is (somewhere) and SID is 0. when I did a search, TID popped up, the slot next to TID is usually empty.
BlackShark Posted January 19, 2017 Posted January 19, 2017 (edited) I got them. Actually you can find their encrypted .pk4 data in party format (so 236 Bytes each) in RAM at 0x0226D1D0. Oh well the address seems to change, but they should be somewhere around there. Roselia.pk4 Lucario.pk4 MimeJr.pk4 Edited January 19, 2017 by BlackShark 6
HaxAras Posted January 19, 2017 Posted January 19, 2017 Just now, BlackShark said: I got them. Actually you can find their encrypted .pk4 data in party format (so 236 Bytes each) in RAM at 0x26D114. Roselia.pk4 Lucario.pk4 MimeJr.pk4 You guys never cease to amaze me. I don't know what to say, other than thanks! 2
theSLAYER Posted January 19, 2017 Posted January 19, 2017 11 minutes ago, BlackShark said: I got them. Actually you can find their encrypted .pk4 data in party format (so 236 Bytes each) in RAM at 0x0226D1D0. Oh well the address seems to change, but they should be somewhere around there. Roselia.pk4 Lucario.pk4 MimeJr.pk4 Yeah I should have figured to look at the encrypted ones, and my statement about the data being shift isn't right, since the game is pretty much almost the same as the final game. (I can fight gyms, and walking through walls my way to spear pillar) how did you figure out where the encrypted bytes were? Is there any sort of header/common location before that?
BlackShark Posted January 19, 2017 Posted January 19, 2017 7 minutes ago, theSLAYER said: Yeah I should have figured to look at the encrypted ones, and my statement about the data being shift isn't right, since the game is pretty much almost the same as the final game. (I can fight gyms, and walking through walls my way to spear pillar) how did you figure out where the encrypted bytes were? Is there any sort of header/common location before that? I'm not sure if there are any bytes to identify the party. I started a battle and dumped the RAM in DeSmuMEs Memory Viewer. Then I searched for the Pokemons moves, the first result was my Pokemon (Lucario) which was currently in the battle. Now from the offset of the first move id I substracted 20 (0x14) to get the offset of it's PID. Then I just had to search for the PID to find the encrypted data. 1
theSLAYER Posted January 19, 2017 Posted January 19, 2017 2 hours ago, BlackShark said: I'm not sure if there are any bytes to identify the party. I started a battle and dumped the RAM in DeSmuMEs Memory Viewer. Then I searched for the Pokemons moves, the first result was my Pokemon (Lucario) which was currently in the battle. Now from the offset of the first move id I substracted 20 (0x14) to get the offset of it's PID. Then I just had to search for the PID to find the encrypted data. Took me a while, but that did the trick!lucario encrypted It gained some experience during my run-around. I'm not sure how relevant this may be, but using the offset of the first party location, I reversed out the save of the Demo Kiosk! (however, PKHeX won't load it, but Pokegen with options does) Edit: "save" location is confirmed! Using structure as per here, write in Masterballs! If only I know how to write in Event flags. At least I probably could write in Mystery Gifts.. edit: I dunno if it changes, but so far the location of my save in ram has been consistent at 0x26D0EC (for ram dumped out) and 0x226D0EC (in Desmume viewer) 1
ReignOfComputer Posted January 20, 2017 Posted January 20, 2017 4 hours ago, theSLAYER said: (however, PKHeX won't load it, but Pokegen with options does) PKHeX seems to load it okay for me
theSLAYER Posted January 20, 2017 Posted January 20, 2017 1 hour ago, ReignOfComputer said: PKHeX seems to load it okay for me Here's the "save" I copied from the ram: kiosk save.sav Too bad can't get Arceus on this game, since entering Hall of Fame will result in the game saving. 1. Can't teleport into Hall of Origin (changing of location details crash the game) 2. Perhaps add Hall of Fame? Adding Clear data didn't help, so maybe actual entries are required. 3. Or perhaps there's a flag, gotta check that soon. 1
ReignOfComputer Posted January 20, 2017 Posted January 20, 2017 Oh, thought you were talking about the .pk4.
wejhvabewjty Posted January 20, 2017 Posted January 20, 2017 (edited) 1 hour ago, theSLAYER said: Too bad can't get Arceus on this game, since entering Hall of Fame will result in the game saving. Well, at least catching Darkrai and Shaymin is possible I think. Are the legendaries that can only be obtained after getting the national dex possible? I guess writing the item into the save would be useless but maybe trying to modify the respective flags can work (I have no idea if that's possible though). Edited January 20, 2017 by wejhvabewjty
theSLAYER Posted January 20, 2017 Posted January 20, 2017 18 hours ago, wejhvabewjty said: Well, at least catching Darkrai and Shaymin is possible I think. Are the legendaries that can only be obtained after getting the national dex possible? I guess writing the item into the save would be useless but maybe trying to modify the respective flags can work (I have no idea if that's possible though). I received my National Dex, probably because I walked all the way to Stark Mountain to catch higher level Pokemon (to fight Team Galactic at Spear Pillar). Couldn't walk into New Moon and Full Moon Island (I reached, but the walk through walls didn't allow me onto the island), Couldn't walk into Inn too. I probably could just look for and simply write in the shorter form of the event activators, as opposed to an entire wondercard, for Shay and Dark. I've got Azure flute, but it ain't activating so If only we can get other AR codes to work. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now