Jump to content
Sign in to follow this  
jojo12100

Diamond/Pearl Kiosk Demo

Recommended Posts

Hi,

I'm looking for a way to save in the demo in order to extract the Lucario, the Roselia and the MimeJr.

Any idea?

Or will it be possible to extract them via a Memory viewer?

Share this post


Link to post
Share on other sites
17 minutes ago, jojo12100 said:

Hi,

I'm looking for a way to save in the demo in order to extract the Lucario, the Roselia and the MimeJr.

Any idea?

Or will it be possible to extract them via a Memory viewer?

Are you loading this on emulator or ..?

If emulator, maybe start by doing state saves?

Share this post


Link to post
Share on other sites
19 minutes ago, theSLAYER said:

Are you loading this on emulator or ..?

If emulator, maybe start by doing state saves?

I try on both emulator and game cardrige.

 

Here the file I got by doing state save. If it can help.

Demo.dst

 

Edit: Cannot import the .dst on a Diamond/Pearl rom.

Edited by jojo12100

Share this post


Link to post
Share on other sites
Just now, Deoxyz said:

I think the only way would be to extract them directly from the rom.

Actually I'm digging through the RAM.

Since the game usually decrypts the Pokemon when game is running, and the Pokemon is in party,
it's possible to find it in the RAM.

 

  • Like 2

Share this post


Link to post
Share on other sites
9 minutes ago, theSLAYER said:

Actually I'm digging through the RAM.

Since the game usually decrypts the Pokemon when game is running, and the Pokemon is in party,
it's possible to find it in the RAM.

 

Yeah that will be awesome, I'll digger too in order to help.

Share this post


Link to post
Share on other sites
Just now, jojo12100 said:

Yeah that will be awesome, I'll digger too in order to help.

First dump arm9 or arm7 (they seem to dump the same information for me),
next, search via Moves.
I'm presently searching Lucario (8B017E01C6003F01) [in hex, accounted for endianness],
which are the 4 moves in exact order, as seen in the summary page.

It showed up around 5 times, also nearby Lucario's ID number (C001) [in hex, account for endianness].

I'm not sure if this format is similar to the NDS structure we are aware of, cause some details look different.
Blocks A, B, C and D are also likely shuffled, so it'll take a while on my end.

  • Like 2

Share this post


Link to post
Share on other sites
5 minutes ago, jojo12100 said:

To search Roselia 4900590140012800 and for MimeJr 70007F0166003C00

It appears the Pokemon is fragmented across the ram and isn't really like a .pk4 file, but I can't say for sure.
To be more accurate, it seems the format is smaller, if you want it extracted, it'll be reconstructed to match our present .pk4 format.

Share this post


Link to post
Share on other sites
1 minute ago, theSLAYER said:

It appears the Pokemon is fragmented across the ram and isn't really like a .pk4 file, but I can't say for sure.
To be more accurate, it seems the format is smaller, if you want it extracted, it'll be reconstructed to match our present .pk4 format.

No problem, I thought too that unfortunately we have to reconstruct them.

I saw this video

Apparently you can get starters and play the entire game. So maybe a comparison between a starter obtained in the demo and obtained in the game will help us to reconstruct the .pk4 ?

Share this post


Link to post
Share on other sites
8 minutes ago, jojo12100 said:

No problem, I thought too that unfortunately we have to reconstruct them.

I saw this video

Apparently you can get starters and play the entire game. So maybe a comparison between a starter obtained in the demo and obtained in the game will help us to reconstruct the .pk4 ?

That isn't really the problem.

I've been able to find the information in the demo, such as present PPs, used PPs, Nickname, OT, etc.

So reconstruction isn't the problem.

Since walk through walls is possible,
I'm gonna try something, see you all in a bit.

Edit:
Look!
Capture.PNG

 

 

Oh.
Capture.PNG

At least I tried.

  • Like 3

Share this post


Link to post
Share on other sites
8 minutes ago, theSLAYER said:

That isn't really the problem.

I've been able to find the information in the demo, such as present PPs, used PPs, Nickname, OT, etc.

So reconstruction isn't the problem.

Since walk through walls is possible,
I'm gonna try something, see you all in a bit.

Edit:
Look!
Capture.PNG

 

 

Oh.
Capture.PNG

At least I tried.

Such an epic fail ^^

Ok let's recreate them so

  • Like 1

Share this post


Link to post
Share on other sites
11 minutes ago, BlackShark said:

I got them. Actually you can find their encrypted .pk4 data in party format (so 236 Bytes each) in RAM at 0x0226D1D0. Oh well the address seems to change, but they should be somewhere around there.

Roselia.pk4

Lucario.pk4

MimeJr.pk4

Yeah I should have figured to look at the encrypted ones,
and my statement about the data being shift isn't right, since the game is pretty much almost the same as the final game.

(I can fight gyms, and walking through walls my way to spear pillar)

how did you figure out where the encrypted bytes were?
Is there any sort of header/common location before that?

Share this post


Link to post
Share on other sites
7 minutes ago, theSLAYER said:

Yeah I should have figured to look at the encrypted ones,
and my statement about the data being shift isn't right, since the game is pretty much almost the same as the final game.

(I can fight gyms, and walking through walls my way to spear pillar)

how did you figure out where the encrypted bytes were?
Is there any sort of header/common location before that?

I'm not sure if there are any bytes to identify the party.

I started a battle and dumped the RAM in DeSmuMEs Memory Viewer. Then I searched for the Pokemons moves, the first result was my Pokemon (Lucario) which was currently in the battle. Now from the offset of the first move id I substracted 20 (0x14) to get the offset of it's PID.
Then I just had to search for the PID to find the encrypted data.

  • Like 1

Share this post


Link to post
Share on other sites
2 hours ago, BlackShark said:

I'm not sure if there are any bytes to identify the party.

I started a battle and dumped the RAM in DeSmuMEs Memory Viewer. Then I searched for the Pokemons moves, the first result was my Pokemon (Lucario) which was currently in the battle. Now from the offset of the first move id I substracted 20 (0x14) to get the offset of it's PID.
Then I just had to search for the PID to find the encrypted data.

Took me a while, but that did the trick!
lucario encrypted


It gained some experience during my run-around.

I'm not sure how relevant this may be,
but using the offset of the first party location,
I reversed out the save of the Demo Kiosk!

(however, PKHeX won't load it, but Pokegen with options does)

Capture.PNG

 

Edit:
"save" location is confirmed!
Capture.PNG

Using structure as per here, write in Masterballs!
If only I know how to write in Event flags.
At least I probably could write in Mystery Gifts..

 

edit:
I dunno if it changes,
but so far the location of my save in ram has been consistent at 0x26D0EC (for ram dumped out)
and 0x226D0EC (in Desmume viewer)

  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, ReignOfComputer said:

PKHeX seems to load it okay for me :o

Here's the "save" I copied from the ram: kiosk save.sav

Too bad can't get Arceus on this game, since entering Hall of Fame will result in the game saving.
1. Can't teleport into Hall of Origin (changing of location details crash the game)
2. Perhaps add Hall of Fame? Adding Clear data didn't help, so maybe actual entries are required.
3. Or perhaps there's a flag, gotta check that soon.

  • Like 2

Share this post


Link to post
Share on other sites
1 hour ago, theSLAYER said:

Too bad can't get Arceus on this game, since entering Hall of Fame will result in the game saving.

Well, at least catching Darkrai and Shaymin is possible I think. Are the legendaries that can only be obtained after getting the national dex possible? I guess writing the item into the save would be useless but maybe trying to modify the respective flags can work (I have no idea if that's possible though).

Edited by wejhvabewjty

Share this post


Link to post
Share on other sites
18 hours ago, wejhvabewjty said:

Well, at least catching Darkrai and Shaymin is possible I think. Are the legendaries that can only be obtained after getting the national dex possible? I guess writing the item into the save would be useless but maybe trying to modify the respective flags can work (I have no idea if that's possible though).

I received my National Dex, probably because I walked all the way to Stark Mountain to catch higher level Pokemon (to fight Team Galactic at Spear Pillar).

Couldn't walk into New Moon and Full Moon Island (I reached, but the walk through walls didn't allow me onto the island),
Couldn't walk into Inn too.

I probably could just look for and simply write in the shorter form of the event activators, as opposed to an entire wondercard, for Shay and Dark.


I've got Azure flute, but it ain't activating so :/


If only we can get other AR codes to work.

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...