Help with My Pokemon Ranch

[Larsenv]

We have cracked open My Pokemon Ranch around a year ago and have fully translated the Japanese exclusive Platinum version. However, there’s a problem with it that prevents it from being released, which is figuring out how to get the Japanese ROM that the Platinum version of the game sends over to the DS to transfer Pokemon to work with the US Platinum version of the game. The version that comes with the regular version of the game will give a message saying that the ROM only works with Diamond and Pearl version of the game. Unfortunately, any kind of patches we’ve done to the ARM9 will either give the game a black or white screen, and we are not sure what can be done to properly get past the check. Also, the transfer tool only will work on flash cart, because Twilight doesn’t support that feature, and the ROM is RSA signed. HaxxStation won’t work to distribute a patched version of the ROM as that targets the DS Download Station application.

Here is some technical information for the people which can help. This was not written by me.

The Glossary:
MPR = My Pokemon Ranch
EOO = Acronym unknown, a .dat executable file that lives within the DPPt ROM. It appears to be responsible for driving interactions with the Wii, such as downloading ROMs and booting to them. (I think Battle Revolution has it's own special version?)
SRL = Acronym unknown, basically a .nds file. Used colloquially to refer to the ROM MPR sends to the Nintendo DS to upload Pokemon to Ranch, a-la DS Download Play.
zukan = Japanese for Pokedex(?) - An important file in the SRLs
GameID = The unique ID associated with each Pokemon game version (Diamond = 10 (0x0A), Pearl = 11 (0x0B), Platinum = 12 (0x0C))
LanguageID = Same as GameID, a unique ID associated to each language
"DPPt Only" = A very common error thrown by the SRL, halting any progress
Vanilla = Unmodified from original game code

So, from what we can tell, a basic flowchart of the DS <-> Ranch communication works as follows:

When "Connect to DS" is selected in MPR, the wireless signal begins to broadcast. At the minimum, this includes Ranch's game code (WMBJ, WMBE, etc.), wherein the fourth character represents the region.
When the DS game boots to the main menu (where the save file is selected), it detects the communications for the Wii.
If the region character matches the DS game's region, the "Connect to Wii" option appears.
When selecting "Connect to Wii" this is where we suspect, possibly only in part, we start executing eoo.dat. The Wii will start uploading the SRL to the DS.
The DS then boots the SRL, as it would any other DS cartridge, thus performing all the same signature checks (Unconfirmed, I think? But vanilla DPPt can't boot a modified SRL)
At this point, the DS is now running the downloaded SRL, and following its logic.

Generic properties of the SRL itself:

- Ranch performs some sort of signature check on the SRL, and will crash if it does not match what is expected. We know for a fact the SRL header is included in these checks, but are not sure what, if anything else, may be included. This causes problems as you can problem guess, as the SRL includes the ROM size and where arm7.bin and arm9.bin start & end, meaning we're limited in what we can change in terms of filesizes unless we crack the header checks and can rewrite them.
- The ROM contains some minimal text data in some strange encoding (@larsenv#0 is more familiar, he found the "DPPt Only" message) 
- Speaking of, the "DPPt Only" error is the bug bear. It appears to throw whenever there's anything the SRL doesn't like. Crucially, if English DPPt tries to run the vanilla Japanese Plat Update SRL, this error is thrown, though in Japanese.
- The SRL makes references to most .narc files from DPPt, and in some select cases, actively appears to be running existence checks or loading the data to memory. As @specialagentape#0 mentioned, it's reusing a lot of content from the game itself.
- There are a three clear iterations of the SRL: The original JP release, the US/EU release, and the Pt Update JP Release.
- The original JP SRL is compressed in the same weird format as most Ranch files, the latter two are uncompressed.
- While EU/US appear to be on the same or similar logic, they are not identical. As you would expect, EU contains large switch statement blocks to handle the various languages, while US and all JP releases are mono-language.

Important .narc files:

- personal.narc/personal_pearl.narc/personal_pl.narc: As the names imply, these correspond to Diamond/Pearl/Platinum respectively (though curiously, Platinum has both personal.narc and personal_pl.narc). The SRL references all three of these in logic that also refers to the GameIDs of those respective versions. Overwriting the SRL to force it to return a specific GameID following these checks though has no impact, and continues to result in the DPPt Only message regardless of version.
- zukan.narc: This is the only file that _specifically_ moves due to regional differences. Between the D/P/Pt versions, we find some files come and go, such as the personal.narcs, but these are consistent across all regions. zukan.narc is the only file that is always in a different location (and file size) for EU/US versus JP. The Pt Update JP SRL attempts to call a function on the JP file path, and then a function on the international file path, despite never seeing an international release. This call happens in the same place as a check on the personal.narc files. When swapping the filepaths however, the game whitescreens.

I won't go too much into the things I've tried, as I think a fresh mind is sorely needed, or at least, that's the excuse I'm giving because I've forgotten most of it. I'm also a Software Engineer by trade rather than a Reverse Engineer, so a lot of my approaches, assumptions, and assertions have probably been a bit naff anyway.

But as mentioned above, changing GameIDs and filepaths on what seem to be checks against these things hasn't had any effect, or it's white screened.
I was hoping finding where that DPPt Only message lived would help as we could trace it back, when trying to build a mental stack trace (we sadly don't have the tools to create crash reports due to using real hardware), I came to a dead end on some routes, and ultimately mental madness: https://transfer.archivete.am/EbEwt/ZazsonasVeryMessyStackTraceNotes.txt

Now for the people who want to know how we cracked it open, My Pokemon Ranch uses a special version of ASH to compress its files. ASH is a compression algorithm which is based on Huffman which is used also on the following, but uses a different version.

- Animal Crossing: City Folk
- Super Mario Maker
- Wii Menu

Turns out the reason why My Pokemon Ranch ASH could not be extracted properly is because of the bit length of the leaf node.

We have a decompressor that can extract My Pokemon Ranch files made by NWPlayer123. You will have to go to their GitHub Gist to find it because due to forum rules I don’t think we can link it because it’s based on info from the Wii SDK. A compressor also was made, but it works by using ASH Compressor by conanac to post process the file.

Edited May 28 by Larsenv