Jump to content

Recommended Posts

Posted
12 minutes ago, BlackShark said:

Dolphin has a debugger that should have a memory viewer. You have to start it from the command line with the following command:
dolphin.exe -d

If the debugger isn't useful maybe you could try an older or newer version of Dolphin and see if that works with HxD.

Thanks but it failed anyway.

 

I found that even in the savstate the data are here but I ignore many things as:

-the offset location of the wanted Pokemon

-the format of the Pokemon in this game

-the encryption used

 

Hope someone can help us, I think we're close.

Posted
8 hours ago, BlackShark said:

PKHeX should be able to edit Battle Revolution saves but I don't have the game so I can't help.

I've never played the game and I don't own it either. What do their met locations look like in-game? I'm curious what their met locations will look like when we get them as PK4's. And does anybody have the save file in other languages? Do they have set natures and IV's?

Posted
3 minutes ago, jojo12100 said:

Thanks but it failed anyway.

 

I found that even in the savstate the data are here but I ignore many things as:

-the offset location of the wanted Pokemon

-the format of the Pokemon in this game

-the encryption used

 

Hope someone can help us, I think we're close.

To find the offset you could upload a Pokemon from NDS, use it in a battle and search for it's PID in RAM. Then use the rental team and search around the same offset.
By the way I have just seen that there are 4 additional Rental Passes that you can unlock while playing through the game. https://bulbapedia.bulbagarden.net/wiki/Rental_Pass

The BK4 file format is described in PKHeX's source https://github.com/kwsch/PKHeX/blob/master/PKHeX.Core/PKM/BK4.cs, they are 88 bytes.

For the encryption you can take a look at PKHeX's source again (BK4.cs, SAV4BR.cs, SaveUtil.cs), or refer to Tux's tool https://gist.github.com/TuxSH/6a3a6b48b8a5564f6215

Maybe those links will help.

 

28 minutes ago, HaxAras said:

I've never played the game and I don't own it either. What do their met locations look like in-game? I'm curious what their met locations will look like when we get them as PK4's. And does anybody have the save file in other languages? Do they have set natures and IV's?

Since you can't catch any Pokemon in Battle Revolution I don't thnk there's a special met location for them. I guess it's just blank or you will see it as "Faraway Place".

  • Like 1
Posted (edited)

Ok, I got the RAM offsets, thanks to a friend. When you are in a battle your team will be at the following offsets in MRAM.

0x47B100
0x47B18C
0x47B218
0x47B2A4
0x47B330
0x47B3BC

- open Dolphin in debugger mode via command line with dolphin.exe -d

- start a battle and choose 3 Pokemon, it doesn't matter which one the whole team is in RAM

- on the left side of Dolphin's main window you will find buttons to dump RAM when you are in the debugger mode, dump MRAM

- the dumped RAM will be in Dolphin\User\Dump\ram.raw

- open that ram.raw file in HxD, go to the offsets I mentioned above and copy the 136 (0x88) bytes of the Pokemon to get them in BK4 file format (they are not encrypted)

 

Unfortunately we have another problem here. PKHeX thinks the rental Pokemon are PK5 files when trying to load them. This might be caused by missing/blanked out data or something like that.

 

EDIT:

Yeah, sanity byte was missing.....
Here are the defaut Rental Passes. Have fun!

 

 

EDIT:

I got the rest of them. They are indeed all in the save file from the beginning (starting at 0x23875). I should have checked that first, lol.
PID, Gender, Nature, IVs (won't be higher then 6), Ability and TID/SID are random. Their language is always Japanese, I got them from a PAL copy which was set to English.

Rental Passes.zip

Edited by BlackShark
added the remaining Rental Pass Pokemon
  • Like 1
Posted
6 hours ago, jojo12100 said:

Do you think that the Lock Capsule is a debugging feature for the Relocator as speculated or just a scrapped event?

Note that if one day we find the BW demo we can potentially have an answer.

I never heard about the Lock Capsule beeing a debugging feature. That's interesting even though I still think it's a scrapped event like the Azure Flute was.

The BW demo is more like a cut/modified version of the final game, like the ORAS and SM demo. What you want is a debugging version like that german Ruby ROM that got leaked a few years ago. Well something like that is unlikely to be found unfortunately.

Posted
5 minutes ago, BlackShark said:

I never heard about the Lock Capsule beeing a debugging feature. That's interesting even though I still think it's a scrapped event like the Azure Flute was.

The BW demo is more like a cut/modified version of the final game, like the ORAS and SM demo. What you want is a debugging version like that german Ruby ROM that got leaked a few years ago. Well something like that is unlikely to be found unfortunately.

You're right but there is no proof of an existence of BW debug version whereas lot of pictures and videos of BW demo version exist.

Thinking about Lock Capsule I have arguments for the scrapped event: the fact that it's a very complicate event. Not confusing as Masuda say about Azure Flute but quite illogical. And there is also this Zoroark male-exclusive event with Snarl that can be distributed as a substitute.

Here I found a video speaking about it.

Posted

The YouTube let's player Chuggaconroy did a video where he was talking  about the Pokemon Platinum wifi mini-game rooms and supposedly there was a Mew room. I remember using them once and they're mentioned in the Platinum manual. Does anybody know if these were downloaded to your save temporarily (similar to those gen 5 events) or if they're physical locations in the game you can actually enter somehow? I know the fan made wiif servers are a thing but I've had no luck connecting to them and I don't know if the wifi rooms would work. 

 

 

Posted (edited)

-

Edited by Guest
Posted
7 hours ago, jojo12100 said:

@BlackShark To get: Kuikui's Rockruff from Z-Move tuto. Only with the emulator unfortunaltely.

How far would I have to play through the game until the tutorial? I never played past the catching tutorial and I don't know when I will have the time and motivation to continue playing.

It will probably be faster if someone else tries to get it or if someone can send me a save file right before the tutorial.

Posted

So it's not the same Rockruff. While the one from the catching tutorial seems to have random IVs, this one's got all set to zero. Unless there was some pretty unlucky RNG thing zeroing everything, but what are the chances of that happening?

I wonder if the natures (naughty and rash) were randomly picked or are preset as well.

Posted
7 hours ago, Ruby Genseki said:

So it's not the same Rockruff. While the one from the catching tutorial seems to have random IVs, this one's got all set to zero. Unless there was some pretty unlucky RNG thing zeroing everything, but what are the chances of that happening?

I wonder if the natures (naughty and rash) were randomly picked or are preset as well.

I was wondering about the IVs as well. I have no idea why they should have done this, but this wasn't bad luck. I just checked and got zero IVs again for Rockruff and Growlithe, natures and PID are random though. By the way there's a chance of 1:1,073,741,824 (= 32 ^ 6) for getting zero IVs randomly.

 

7 hours ago, Got_Eevees said:

Wow..

Nice work @BlackShark !

Hm... you might have the honor of something...

IT WILL ALL BE REVEALED....

SOON...

SOON™ ( ͡° ͜ʖ ͡°)

Posted

I can't test that now, sorry. But I doubt that it will be considered legal. Seeing how the developers forgot to update the level for the roaming Darkrai, I don't think they bothered to add in any legality checks.

Posted (edited)

Hello researchers! I came back from my temporary hiatus to say a few things. First, there are 2 more debuggers pokemon in JPN crystal. In one of the mobile testing options in the tcrf patched version's debug menu, which I will list when I look at the article, a script activates that first shows the title screen half-stitched, but when you hit the a button twice, a simulated mobile trade between 2 debug trainers is initiated with a gefuri and creatures venasaur and charizard being the items for trade between two debuggers. I would love to add these to my debugger pokemon collection for gens 1/2 so pokebank can love me if they allow it. 

 

On glitchcity labs where the debugger code for Japanese crystal is located, I found the option that does the fake trade:

Other (そのた)

This function is used to display a simulated mobile trade between ゲーフリ Game Freak, who trades a Venusaur with OT 08961 かびーん (does this mean something?), and クリーチャ Creatures, who trades a Charizard with OT 22020 マツミヤ Matsumiya. (Those OT IDs are 23 01 and 56 04 in hexadecimal.)

 

Also, On a French pokemon forum, I found a list of the only valid gen3/4 flawless natures and their PID and seed 0 frame times, which I will list here so that they can be added as valid rng pid's in pkhex, just so rng players are not restricted to the first valid frame, even though the rest are extremely tedious to rng even on emulators due to their massive frame count. The frame counter overflows just around under 4.3 billion frames, and the longest one here is 3 billion. I only want them on the exception list to give rng players more freedom in nature for gba emerald. I got them from here: http://shinyshunters.fr-bb.com/t6398-aide-mew-shiney-6ivs-legit

Here they are for ya:

 

Code:

     Frame                     Time                      PID           Nature
1. 176,562,489            34d 01h 25m 08s 150ms      PID 7942EF72      Timid
2. 816,994,416           157d 14h 22m 53s 600ms      PID E85091A9      Docile
3. 1,821,972,669         351d 11h 03m 31s 150ms      PID E9375A48      Calm
4. 2,324,046,137         448d 07h 28m 22s 283ms      PID F9426F72      Modest
5. 2,964,478,064         571d 20h 26m 07s 733ms      PID 685011A9      Modest
6. 3,969,456,317         765d 17h 06m 45s 283ms      PID 6937DA48      Modest

Résultats obtenus avec le logiciel RNG Reporter 9.96.5 BETA

 

Edited by St. GIGA
Debug
Posted
3 hours ago, Aurum said:

(I don't know how to resize videos in posts, sorry...)

I made this discovery about 20 minutes ago. I've attached a pk4 file for those who are interested.

491 - DARKRAI - BBA3E3989ABF.pk4

It somehow bothers me to see how you deliberarely fled that shiny Starly ._. I mean, considering the other wild Pokémon weren't shiny I'm assuming it's most likely legal.

Amazing discovery, nonetheless.

33 minutes ago, Aurum said:

I can't test that now, sorry. But I doubt that it will be considered legal. Seeing how the developers forgot to update the level for the roaming Darkrai, I don't think they bothered to add in any legality checks.

I don't think it's gonna be considered legal, though. I mean, it could still go as far as 5th gen, but I dobut Poké Bank would let it go beyond that point.

Posted
1 hour ago, Aurum said:

I can't test that now, sorry. But I doubt that it will be considered legal. Seeing how the developers forgot to update the level for the roaming Darkrai, I don't think they bothered to add in any legality checks.

I tested and it doesn't pass as expected :(

44 minutes ago, St. GIGA said:

Hello researchers! I came back from my temporary hiatus to say a few things. First, there are 2 more debuggers pokemon in JPN crystal. In one of the mobile testing options in the tcrf patched version's debug menu, which I will list when I look at the article, a script activates that first shows the title screen half-stitched, but when you hit the a button twice, a simulated mobile trade between 2 debug trainers is initiated with a gefuri and creatures venasaur and charizard being the items for trade between two debuggers. I would love to add these to my debugger pokemon collection for gens 1/2 so pokebank can love me if they allow it. 

 

On glitchcity labs where the debugger code for Japanese crystal is located, I found the option that does the fake trade:

Other (そのた)

This function is used to display a simulated mobile trade between ゲーフリ Game Freak, who trades a Venusaur with OT 08961 かびーん (does this mean something?), and クリーチャ Creatures, who trades a Charizard with OT 22020 マツミヤ Matsumiya. (Those OT IDs are 23 01 and 56 04 in hexadecimal.)

 

Amazong finding!

I'll try to check what can I do.

I definitively need a second life I mean with project Underleved I found 5 more very rare Pokemon to hunt.

Posted
1 hour ago, jojo12100 said:

I tested and it doesn't pass as expected :(

Amazong finding!

I'll try to check what can I do.

I definitively need a second life I mean with project Underleved I found 5 more very rare Pokemon to hunt.

The Venasaur's OT with the ID of 08961 (that is not Gefuri) romanizes to Kabiin, a name for a Capsule Monsters concept for dex no. 142 that resembles a proto tanuki-styled munchlax-sized snorlax in the style of a cartoon drawing of Kouji Nishino, who I suspect the Venasaur's OT was, especially as Matsumiya had the same Role of Game Scenario Designer as Nishino. This brings the total of Japanese debugger's pokemon for the 8-bit games to 29 pokemon, or 1 off from a full box of pokemon that may have been owned by the actual debuggers. I posted here a while ago that I had extracted the PK2 files for Satoru Iwata's pokemon from the Japanese Stadium GS save using a Japanese gold. Can these Japanese ones be added to satoru's debugger pokemon as pk2 files, as I spent a week extracting them on pj64.

I also discovered that we can get the missing ORAS demo pokemon via using a console that never played Kalos or the demo, and playing a new copy of A kalos game. My friend got the demo via this. MAybe we could extract the demo from the CART filesystem and install it as a CIA To run the demo when needed???

Posted (edited)

-

Edited by Guest

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...