jojo12100 Posted August 23, 2017 Author Posted August 23, 2017 12 minutes ago, BlackShark said: Dolphin has a debugger that should have a memory viewer. You have to start it from the command line with the following command: dolphin.exe -d If the debugger isn't useful maybe you could try an older or newer version of Dolphin and see if that works with HxD. Thanks but it failed anyway. I found that even in the savstate the data are here but I ignore many things as: -the offset location of the wanted Pokemon -the format of the Pokemon in this game -the encryption used Hope someone can help us, I think we're close.
HaxAras Posted August 23, 2017 Posted August 23, 2017 8 hours ago, BlackShark said: PKHeX should be able to edit Battle Revolution saves but I don't have the game so I can't help. I've never played the game and I don't own it either. What do their met locations look like in-game? I'm curious what their met locations will look like when we get them as PK4's. And does anybody have the save file in other languages? Do they have set natures and IV's?
BlackShark Posted August 23, 2017 Posted August 23, 2017 3 minutes ago, jojo12100 said: Thanks but it failed anyway. I found that even in the savstate the data are here but I ignore many things as: -the offset location of the wanted Pokemon -the format of the Pokemon in this game -the encryption used Hope someone can help us, I think we're close. To find the offset you could upload a Pokemon from NDS, use it in a battle and search for it's PID in RAM. Then use the rental team and search around the same offset. By the way I have just seen that there are 4 additional Rental Passes that you can unlock while playing through the game. https://bulbapedia.bulbagarden.net/wiki/Rental_Pass The BK4 file format is described in PKHeX's source https://github.com/kwsch/PKHeX/blob/master/PKHeX.Core/PKM/BK4.cs, they are 88 bytes. For the encryption you can take a look at PKHeX's source again (BK4.cs, SAV4BR.cs, SaveUtil.cs), or refer to Tux's tool https://gist.github.com/TuxSH/6a3a6b48b8a5564f6215 Maybe those links will help. 28 minutes ago, HaxAras said: I've never played the game and I don't own it either. What do their met locations look like in-game? I'm curious what their met locations will look like when we get them as PK4's. And does anybody have the save file in other languages? Do they have set natures and IV's? Since you can't catch any Pokemon in Battle Revolution I don't thnk there's a special met location for them. I guess it's just blank or you will see it as "Faraway Place". 1
BlackShark Posted August 23, 2017 Posted August 23, 2017 (edited) Ok, I got the RAM offsets, thanks to a friend. When you are in a battle your team will be at the following offsets in MRAM. 0x47B100 0x47B18C 0x47B218 0x47B2A4 0x47B330 0x47B3BC - open Dolphin in debugger mode via command line with dolphin.exe -d - start a battle and choose 3 Pokemon, it doesn't matter which one the whole team is in RAM - on the left side of Dolphin's main window you will find buttons to dump RAM when you are in the debugger mode, dump MRAM - the dumped RAM will be in Dolphin\User\Dump\ram.raw - open that ram.raw file in HxD, go to the offsets I mentioned above and copy the 136 (0x88) bytes of the Pokemon to get them in BK4 file format (they are not encrypted) Unfortunately we have another problem here. PKHeX thinks the rental Pokemon are PK5 files when trying to load them. This might be caused by missing/blanked out data or something like that. EDIT: Yeah, sanity byte was missing..... Here are the defaut Rental Passes. Have fun! EDIT: I got the rest of them. They are indeed all in the save file from the beginning (starting at 0x23875). I should have checked that first, lol. PID, Gender, Nature, IVs (won't be higher then 6), Ability and TID/SID are random. Their language is always Japanese, I got them from a PAL copy which was set to English. Rental Passes.zip Edited August 24, 2017 by BlackShark added the remaining Rental Pass Pokemon 1
jojo12100 Posted August 25, 2017 Author Posted August 25, 2017 Do you think that the Lock Capsule is a debugging feature for the Relocator as speculated or just a scrapped event? Note that if one day we find the BW demo we can potentially have an answer.
BlackShark Posted August 25, 2017 Posted August 25, 2017 6 hours ago, jojo12100 said: Do you think that the Lock Capsule is a debugging feature for the Relocator as speculated or just a scrapped event? Note that if one day we find the BW demo we can potentially have an answer. I never heard about the Lock Capsule beeing a debugging feature. That's interesting even though I still think it's a scrapped event like the Azure Flute was. The BW demo is more like a cut/modified version of the final game, like the ORAS and SM demo. What you want is a debugging version like that german Ruby ROM that got leaked a few years ago. Well something like that is unlikely to be found unfortunately.
jojo12100 Posted August 25, 2017 Author Posted August 25, 2017 5 minutes ago, BlackShark said: I never heard about the Lock Capsule beeing a debugging feature. That's interesting even though I still think it's a scrapped event like the Azure Flute was. The BW demo is more like a cut/modified version of the final game, like the ORAS and SM demo. What you want is a debugging version like that german Ruby ROM that got leaked a few years ago. Well something like that is unlikely to be found unfortunately. You're right but there is no proof of an existence of BW debug version whereas lot of pictures and videos of BW demo version exist. Thinking about Lock Capsule I have arguments for the scrapped event: the fact that it's a very complicate event. Not confusing as Masuda say about Azure Flute but quite illogical. And there is also this Zoroark male-exclusive event with Snarl that can be distributed as a substitute. Here I found a video speaking about it.
HaxAras Posted August 25, 2017 Posted August 25, 2017 The YouTube let's player Chuggaconroy did a video where he was talking about the Pokemon Platinum wifi mini-game rooms and supposedly there was a Mew room. I remember using them once and they're mentioned in the Platinum manual. Does anybody know if these were downloaded to your save temporarily (similar to those gen 5 events) or if they're physical locations in the game you can actually enter somehow? I know the fan made wiif servers are a thing but I've had no luck connecting to them and I don't know if the wifi rooms would work.
jojo12100 Posted August 25, 2017 Author Posted August 25, 2017 @BlackShark To get: Kuikui's Rockruff from Z-Move tuto. Only with the emulator unfortunaltely.
BlackShark Posted August 26, 2017 Posted August 26, 2017 7 hours ago, jojo12100 said: @BlackShark To get: Kuikui's Rockruff from Z-Move tuto. Only with the emulator unfortunaltely. How far would I have to play through the game until the tutorial? I never played past the catching tutorial and I don't know when I will have the time and motivation to continue playing. It will probably be faster if someone else tries to get it or if someone can send me a save file right before the tutorial.
Ruby Genseki Posted August 26, 2017 Posted August 26, 2017 27 minutes ago, BlackShark said: How far would I have to play through the game until the tutorial? That tutorial is after completing the first trial, not that far from where you're right now, I guess it'd take you half an hour or so to get there.
BlackShark Posted August 26, 2017 Posted August 26, 2017 3 hours ago, Ruby Genseki said: That tutorial is after completing the first trial, not that far from where you're right now, I guess it'd take you half an hour or so to get there. Alright, I guess I can do it tonight or tomorrow. 1
BlackShark Posted August 26, 2017 Posted August 26, 2017 Done! Kukui's Rockruff as well as the wild Growlithe. 744 - Rockruff - EB02736F00E9.ek7 058 - Growlithe - C620806B30CD.ek7 1
Ruby Genseki Posted August 26, 2017 Posted August 26, 2017 So it's not the same Rockruff. While the one from the catching tutorial seems to have random IVs, this one's got all set to zero. Unless there was some pretty unlucky RNG thing zeroing everything, but what are the chances of that happening? I wonder if the natures (naughty and rash) were randomly picked or are preset as well.
Got_Eevees Posted August 26, 2017 Posted August 26, 2017 Wow.. Nice work @BlackShark ! Hm... you might have the honor of something... IT WILL ALL BE REVEALED.... SOON...
BlackShark Posted August 27, 2017 Posted August 27, 2017 7 hours ago, Ruby Genseki said: So it's not the same Rockruff. While the one from the catching tutorial seems to have random IVs, this one's got all set to zero. Unless there was some pretty unlucky RNG thing zeroing everything, but what are the chances of that happening? I wonder if the natures (naughty and rash) were randomly picked or are preset as well. I was wondering about the IVs as well. I have no idea why they should have done this, but this wasn't bad luck. I just checked and got zero IVs again for Rockruff and Growlithe, natures and PID are random though. By the way there's a chance of 1:1,073,741,824 (= 32 ^ 6) for getting zero IVs randomly. 7 hours ago, Got_Eevees said: Wow.. Nice work @BlackShark ! Hm... you might have the honor of something... IT WILL ALL BE REVEALED.... SOON... SOON™ ( ͡° ͜ʖ ͡°)
Aurum Posted August 27, 2017 Posted August 27, 2017 (I don't know how to resize videos in posts, sorry...) I made this discovery about 20 minutes ago. I've attached a pk4 file for those who are interested. 491 - DARKRAI - BBA3E3989ABF.pk4 1 2
jojo12100 Posted August 27, 2017 Author Posted August 27, 2017 2 hours ago, Aurum said: (I don't know how to resize videos in posts, sorry...) I made this discovery about 20 minutes ago. I've attached a pk4 file for those who are interested. 491 - DARKRAI - BBA3E3989ABF.pk4 Such an amazing finding, try to see if it passes through Poketransporter
Aurum Posted August 27, 2017 Posted August 27, 2017 I can't test that now, sorry. But I doubt that it will be considered legal. Seeing how the developers forgot to update the level for the roaming Darkrai, I don't think they bothered to add in any legality checks.
St. GIGA Posted August 27, 2017 Posted August 27, 2017 (edited) Hello researchers! I came back from my temporary hiatus to say a few things. First, there are 2 more debuggers pokemon in JPN crystal. In one of the mobile testing options in the tcrf patched version's debug menu, which I will list when I look at the article, a script activates that first shows the title screen half-stitched, but when you hit the a button twice, a simulated mobile trade between 2 debug trainers is initiated with a gefuri and creatures venasaur and charizard being the items for trade between two debuggers. I would love to add these to my debugger pokemon collection for gens 1/2 so pokebank can love me if they allow it. On glitchcity labs where the debugger code for Japanese crystal is located, I found the option that does the fake trade: Other (そのた) This function is used to display a simulated mobile trade between ゲーフリ Game Freak, who trades a Venusaur with OT 08961 かびーん (does this mean something?), and クリーチャ Creatures, who trades a Charizard with OT 22020 マツミヤ Matsumiya. (Those OT IDs are 23 01 and 56 04 in hexadecimal.) Also, On a French pokemon forum, I found a list of the only valid gen3/4 flawless natures and their PID and seed 0 frame times, which I will list here so that they can be added as valid rng pid's in pkhex, just so rng players are not restricted to the first valid frame, even though the rest are extremely tedious to rng even on emulators due to their massive frame count. The frame counter overflows just around under 4.3 billion frames, and the longest one here is 3 billion. I only want them on the exception list to give rng players more freedom in nature for gba emerald. I got them from here: http://shinyshunters.fr-bb.com/t6398-aide-mew-shiney-6ivs-legit Here they are for ya: Code: Frame Time PID Nature 1. 176,562,489 34d 01h 25m 08s 150ms PID 7942EF72 Timid 2. 816,994,416 157d 14h 22m 53s 600ms PID E85091A9 Docile 3. 1,821,972,669 351d 11h 03m 31s 150ms PID E9375A48 Calm 4. 2,324,046,137 448d 07h 28m 22s 283ms PID F9426F72 Modest 5. 2,964,478,064 571d 20h 26m 07s 733ms PID 685011A9 Modest 6. 3,969,456,317 765d 17h 06m 45s 283ms PID 6937DA48 Modest Résultats obtenus avec le logiciel RNG Reporter 9.96.5 BETA Edited August 27, 2017 by St. GIGA Debug
Ruby Genseki Posted August 27, 2017 Posted August 27, 2017 3 hours ago, Aurum said: (I don't know how to resize videos in posts, sorry...) I made this discovery about 20 minutes ago. I've attached a pk4 file for those who are interested. 491 - DARKRAI - BBA3E3989ABF.pk4 It somehow bothers me to see how you deliberarely fled that shiny Starly ._. I mean, considering the other wild Pokémon weren't shiny I'm assuming it's most likely legal. Amazing discovery, nonetheless. 33 minutes ago, Aurum said: I can't test that now, sorry. But I doubt that it will be considered legal. Seeing how the developers forgot to update the level for the roaming Darkrai, I don't think they bothered to add in any legality checks. I don't think it's gonna be considered legal, though. I mean, it could still go as far as 5th gen, but I dobut Poké Bank would let it go beyond that point.
jojo12100 Posted August 27, 2017 Author Posted August 27, 2017 1 hour ago, Aurum said: I can't test that now, sorry. But I doubt that it will be considered legal. Seeing how the developers forgot to update the level for the roaming Darkrai, I don't think they bothered to add in any legality checks. I tested and it doesn't pass as expected 44 minutes ago, St. GIGA said: Hello researchers! I came back from my temporary hiatus to say a few things. First, there are 2 more debuggers pokemon in JPN crystal. In one of the mobile testing options in the tcrf patched version's debug menu, which I will list when I look at the article, a script activates that first shows the title screen half-stitched, but when you hit the a button twice, a simulated mobile trade between 2 debug trainers is initiated with a gefuri and creatures venasaur and charizard being the items for trade between two debuggers. I would love to add these to my debugger pokemon collection for gens 1/2 so pokebank can love me if they allow it. On glitchcity labs where the debugger code for Japanese crystal is located, I found the option that does the fake trade: Other (そのた) This function is used to display a simulated mobile trade between ゲーフリ Game Freak, who trades a Venusaur with OT 08961 かびーん (does this mean something?), and クリーチャ Creatures, who trades a Charizard with OT 22020 マツミヤ Matsumiya. (Those OT IDs are 23 01 and 56 04 in hexadecimal.) Amazong finding! I'll try to check what can I do. I definitively need a second life I mean with project Underleved I found 5 more very rare Pokemon to hunt.
St. GIGA Posted August 27, 2017 Posted August 27, 2017 1 hour ago, jojo12100 said: I tested and it doesn't pass as expected Amazong finding! I'll try to check what can I do. I definitively need a second life I mean with project Underleved I found 5 more very rare Pokemon to hunt. The Venasaur's OT with the ID of 08961 (that is not Gefuri) romanizes to Kabiin, a name for a Capsule Monsters concept for dex no. 142 that resembles a proto tanuki-styled munchlax-sized snorlax in the style of a cartoon drawing of Kouji Nishino, who I suspect the Venasaur's OT was, especially as Matsumiya had the same Role of Game Scenario Designer as Nishino. This brings the total of Japanese debugger's pokemon for the 8-bit games to 29 pokemon, or 1 off from a full box of pokemon that may have been owned by the actual debuggers. I posted here a while ago that I had extracted the PK2 files for Satoru Iwata's pokemon from the Japanese Stadium GS save using a Japanese gold. Can these Japanese ones be added to satoru's debugger pokemon as pk2 files, as I spent a week extracting them on pj64. I also discovered that we can get the missing ORAS demo pokemon via using a console that never played Kalos or the demo, and playing a new copy of A kalos game. My friend got the demo via this. MAybe we could extract the demo from the CART filesystem and install it as a CIA To run the demo when needed???
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now