Jump to content

Diamond/Pearl Kiosk Demo


jojo12100

Recommended Posts

17 minutes ago, jojo12100 said:

Hi,

I'm looking for a way to save in the demo in order to extract the Lucario, the Roselia and the MimeJr.

Any idea?

Or will it be possible to extract them via a Memory viewer?

Are you loading this on emulator or ..?

If emulator, maybe start by doing state saves?

Link to comment
Share on other sites

19 minutes ago, theSLAYER said:

Are you loading this on emulator or ..?

If emulator, maybe start by doing state saves?

I try on both emulator and game cardrige.

 

Here the file I got by doing state save. If it can help.

Demo.dst

 

Edit: Cannot import the .dst on a Diamond/Pearl rom.

Edited by jojo12100
Link to comment
Share on other sites

Just now, Deoxyz said:

I think the only way would be to extract them directly from the rom.

Actually I'm digging through the RAM.

Since the game usually decrypts the Pokemon when game is running, and the Pokemon is in party,
it's possible to find it in the RAM.

 

  • Like 2
Link to comment
Share on other sites

9 minutes ago, theSLAYER said:

Actually I'm digging through the RAM.

Since the game usually decrypts the Pokemon when game is running, and the Pokemon is in party,
it's possible to find it in the RAM.

 

Yeah that will be awesome, I'll digger too in order to help.

Link to comment
Share on other sites

Just now, jojo12100 said:

Yeah that will be awesome, I'll digger too in order to help.

First dump arm9 or arm7 (they seem to dump the same information for me),
next, search via Moves.
I'm presently searching Lucario (8B017E01C6003F01) [in hex, accounted for endianness],
which are the 4 moves in exact order, as seen in the summary page.

It showed up around 5 times, also nearby Lucario's ID number (C001) [in hex, account for endianness].

I'm not sure if this format is similar to the NDS structure we are aware of, cause some details look different.
Blocks A, B, C and D are also likely shuffled, so it'll take a while on my end.

  • Like 2
Link to comment
Share on other sites

5 minutes ago, jojo12100 said:

To search Roselia 4900590140012800 and for MimeJr 70007F0166003C00

It appears the Pokemon is fragmented across the ram and isn't really like a .pk4 file, but I can't say for sure.
To be more accurate, it seems the format is smaller, if you want it extracted, it'll be reconstructed to match our present .pk4 format.

Link to comment
Share on other sites

1 minute ago, theSLAYER said:

It appears the Pokemon is fragmented across the ram and isn't really like a .pk4 file, but I can't say for sure.
To be more accurate, it seems the format is smaller, if you want it extracted, it'll be reconstructed to match our present .pk4 format.

No problem, I thought too that unfortunately we have to reconstruct them.

I saw this video

Apparently you can get starters and play the entire game. So maybe a comparison between a starter obtained in the demo and obtained in the game will help us to reconstruct the .pk4 ?

Link to comment
Share on other sites

8 minutes ago, jojo12100 said:

No problem, I thought too that unfortunately we have to reconstruct them.

I saw this video

Apparently you can get starters and play the entire game. So maybe a comparison between a starter obtained in the demo and obtained in the game will help us to reconstruct the .pk4 ?

That isn't really the problem.

I've been able to find the information in the demo, such as present PPs, used PPs, Nickname, OT, etc.

So reconstruction isn't the problem.

Since walk through walls is possible,
I'm gonna try something, see you all in a bit.

Edit:
Look!
Capture.PNG

 

 

Oh.
Capture.PNG

At least I tried.

  • Like 3
Link to comment
Share on other sites

8 minutes ago, theSLAYER said:

That isn't really the problem.

I've been able to find the information in the demo, such as present PPs, used PPs, Nickname, OT, etc.

So reconstruction isn't the problem.

Since walk through walls is possible,
I'm gonna try something, see you all in a bit.

Edit:
Look!
Capture.PNG

 

 

Oh.
Capture.PNG

At least I tried.

Such an epic fail ^^

Ok let's recreate them so

  • Like 1
Link to comment
Share on other sites

11 minutes ago, BlackShark said:

I got them. Actually you can find their encrypted .pk4 data in party format (so 236 Bytes each) in RAM at 0x0226D1D0. Oh well the address seems to change, but they should be somewhere around there.

Roselia.pk4

Lucario.pk4

MimeJr.pk4

Yeah I should have figured to look at the encrypted ones,
and my statement about the data being shift isn't right, since the game is pretty much almost the same as the final game.

(I can fight gyms, and walking through walls my way to spear pillar)

how did you figure out where the encrypted bytes were?
Is there any sort of header/common location before that?

Link to comment
Share on other sites

7 minutes ago, theSLAYER said:

Yeah I should have figured to look at the encrypted ones,
and my statement about the data being shift isn't right, since the game is pretty much almost the same as the final game.

(I can fight gyms, and walking through walls my way to spear pillar)

how did you figure out where the encrypted bytes were?
Is there any sort of header/common location before that?

I'm not sure if there are any bytes to identify the party.

I started a battle and dumped the RAM in DeSmuMEs Memory Viewer. Then I searched for the Pokemons moves, the first result was my Pokemon (Lucario) which was currently in the battle. Now from the offset of the first move id I substracted 20 (0x14) to get the offset of it's PID.
Then I just had to search for the PID to find the encrypted data.

  • Like 1
Link to comment
Share on other sites

2 hours ago, BlackShark said:

I'm not sure if there are any bytes to identify the party.

I started a battle and dumped the RAM in DeSmuMEs Memory Viewer. Then I searched for the Pokemons moves, the first result was my Pokemon (Lucario) which was currently in the battle. Now from the offset of the first move id I substracted 20 (0x14) to get the offset of it's PID.
Then I just had to search for the PID to find the encrypted data.

Took me a while, but that did the trick!
lucario encrypted


It gained some experience during my run-around.

I'm not sure how relevant this may be,
but using the offset of the first party location,
I reversed out the save of the Demo Kiosk!

(however, PKHeX won't load it, but Pokegen with options does)

Capture.PNG

 

Edit:
"save" location is confirmed!
Capture.PNG

Using structure as per here, write in Masterballs!
If only I know how to write in Event flags.
At least I probably could write in Mystery Gifts..

 

edit:
I dunno if it changes,
but so far the location of my save in ram has been consistent at 0x26D0EC (for ram dumped out)
and 0x226D0EC (in Desmume viewer)

  • Like 1
Link to comment
Share on other sites

1 hour ago, ReignOfComputer said:

PKHeX seems to load it okay for me :o

Here's the "save" I copied from the ram: kiosk save.sav

Too bad can't get Arceus on this game, since entering Hall of Fame will result in the game saving.
1. Can't teleport into Hall of Origin (changing of location details crash the game)
2. Perhaps add Hall of Fame? Adding Clear data didn't help, so maybe actual entries are required.
3. Or perhaps there's a flag, gotta check that soon.

  • Like 1
Link to comment
Share on other sites

1 hour ago, theSLAYER said:

Too bad can't get Arceus on this game, since entering Hall of Fame will result in the game saving.

Well, at least catching Darkrai and Shaymin is possible I think. Are the legendaries that can only be obtained after getting the national dex possible? I guess writing the item into the save would be useless but maybe trying to modify the respective flags can work (I have no idea if that's possible though).

Edited by wejhvabewjty
Link to comment
Share on other sites

18 hours ago, wejhvabewjty said:

Well, at least catching Darkrai and Shaymin is possible I think. Are the legendaries that can only be obtained after getting the national dex possible? I guess writing the item into the save would be useless but maybe trying to modify the respective flags can work (I have no idea if that's possible though).

I received my National Dex, probably because I walked all the way to Stark Mountain to catch higher level Pokemon (to fight Team Galactic at Spear Pillar).

Couldn't walk into New Moon and Full Moon Island (I reached, but the walk through walls didn't allow me onto the island),
Couldn't walk into Inn too.

I probably could just look for and simply write in the shorter form of the event activators, as opposed to an entire wondercard, for Shay and Dark.


I've got Azure flute, but it ain't activating so :/


If only we can get other AR codes to work.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...