Jump to content

Wokann

New Member
  • Posts

    8
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by Wokann

  1. In addition to the B5EE byte, the game program will also verify a 128-byte RSA signature in the slot2 file. I have checked all the language ROMs of GEN4 (DPPT, HGSS), the result is that all the Japanese versions of GEN4 do not perform signature verification, while all the overseas versions of GEN4 require signature verification. After I tried to remove the signature verification and changed B5EJ to B5EE, the slot2 file can be received as a distribution normally for English peral. At the same time, the files in dechi.bin do not contain language flags, which means whatever language of pcd file you inject to dechi.bin, it all can be recognized by gen4 rom after changed B5EJ and skip signature check(which is different from the language setting in the Deoxys distribution ROM)
  2. The special missions of ranger1 have difference in jp version and non-jp version. For non-jp version, the missions are all included in rom, so after you first clean your game, the ranger net will open with one mission, and you can enter password to open manapphy mission. For jp versjon, the mission aren't included in rom, the mission data got from distrubition are stored in sav file. So that a jp version ranger1 without mission distributed will have no chance to get manapphy. You can use this tool to inject mission to your ranger1 jp sav. https://projectpokemon.org/home/files/file/5273-pokemon-ranger-net-mission-distribution-tool-prnmdtool/
  3. Sorry that It seems I have no permission to post this tool on partition "Tools/Save Editing", so I post it on "Saves and RAM edits/User Contributed RAM edits and cheat files". If anyone can help adjust the partition, that would be very grateful.
  4. Version 1.0.0

    294 downloads

    Pokemon Ranger Net Mission Distribution Tool (PRNMDTool) made by wokann 宝可梦巡护员网络任务配信器——卧看微尘制作 This tool currently has two language interfaces (Chinese, English) (it also supports additional multi-language display, see i18n.h for details in source code) Feature Distribute Missions for r1(jp), r2(jp&oversea), r3(jp&oversea) which already have game progress. Create Initial save files which contain Missions for r1(jp), r2(jp&oversea), r3(jp&oversea). Reset Manaphy mission from egg sent to egg not received or egg received but not sent. (Now only support Ranger1 jp&oversea) Note: r1(oversea) don't need to be distributed, cause missions are already in game and can be played or unlocked after finishing game. If you drag save files of r1(oversea) on tool, tool will show you the codes to unlock manapphy mission in difference regions. Usage Drag save file(s) onto this tool PRNMDTool.exe support multiple files in one time. (Corresponding to feature 1 and 3) Using command line. (Corresponding to feature 1 and 3) PRNMDTool.exe [filename1] [filename2] [filename3] ... Double-click tp open PRNMTool.exe to generate initial distribution save. (Corresponding to feature 2) Credit 1. ranger1 save decrypt/encrypt and ram research: @ajxpk @BlackShark @DeadSkullzJr Reference Source code:https://github.com/Wokann/PokemonRangerNetMissionDistributionTool
  5. As we all know, if you want to migrate pokemon from Ruby/Sapphire/FireRed/LeafGreen/Emerald to Gen4, you need to use Pal Park to migrate. You have to insert Diamon/Pearl/Platinum/HeartGold/SoulSilver into slot1 of NDS(L), and insert Gen3 cartridges into slot2. Then from the start menu of Gen4 game you can find an option to migrate pokemon from Gen3. What needs to be noted is that: 1.For jap/eng/fra/ita/ger/spa Gen4 rom, Gen3 rom must have the same language as Gen4 rom to migrate. 2.For kor Gen4 rom, it can migrate both from jap Gen3 rom and eng Gen3 rom. So is there anyway for Gen4 rom to migrate from any region of Gen3 rom? The following are several methods for Gen3 Region Unlock (Reading this Guide requires some basic knowledge of hexadecimal and RomHack experience): Method 1: Hack GBA Rom header (Emu or GBA flashcart) Principle: Changer the Language code of Romheader. Practice: Take jap Gen4 & eng Gen3 as an example. 1.Open the eng Gen3 with a hex editor, you can see ‘POKEMON RUBYAXVE’ at address 0xA0. Below ‘AXVE’ you can see ‘0x41’ at address 0xBD。 2.Change language code: Since jap Gen4 is where we need to receive pokemon, we should make eng Gen3 rom like jap Gen3 rom. The ‘E’ of ‘AXVE’ is language code, so we change it to ‘J’-‘AXVJ’. 3.Change header checksum: While ‘E’ changed to ‘J’, it hex value also changed from ’0x45’ to ‘0x4A’, which 0x45 + 0x5 = 0x4A. So we need to change header checksum at address 0xBD, let ‘0x41’ minus 0x5, which 0x41 – 0x5 = 0x3C. So change checksum from ‘0x41’ to ‘0x3C’. 4.After that, this hacked eng Gen3 rom can be recognized by jap Gen4 rom through emulator or flashcart. Here are other language code (note capitalization): Japanese-J, English-E, French-F, Italian-I, German-D, Spanish-S. Method 2: Hack NDS language value (Emu or NDS flashcart) Principle: Let the language values which NDS use for checking GBA rom all change to the values matching NDS language. Practice: Take jap Gen4 (Diamond) & eng Gen3 as an example. 1. Use CrystalTile2 to open Diamond rom, search for ‘AXVJ’, you can find several columns of similar characters, 5 Gen3 versions, and 6 languages. Versions: Ruby-AXV, Sapphire-AXP, Fire Red-BPR, LeafGreen-BPG, Emerald-BPE. Languages: Japanese-J, English-E, French-F, Italian-I, German-D, Spanish-S. Combine a total of 30 corresponding Gen3 game codes. The following analyzes the structure of this table, using ‘AXVJ’ as an example, every 8 bytes in groups: ‘41 58 56 4A 00 00 01 00’ The first 4 bytes are the Ascii code corresponding to ‘AXVJ’, and the second half only needs to pay attention to the 7th byte, ‘0x01’, here as the language value Japanese to judge. The correspondence of language values: Japanese-0x01, English-0x02, French-0x03, Italian-0x04, German-0x05, Spanish-0x07。 When the Gen3 cartridge is inserted, the NDS side compares the first 4 bytes of the game code with gba haeder, and when it finds a value that matches, it returns the 7th byte (language value), and only when the language value matches the language value of the NDS game, the Migration option will be opened. 2. According to the above, you can know that as long as all the language values returned by 30 game codes are changed to the language values of nds, then Gen 3 games in all languages are compatible. In this ezample, the Jap Gen4 (Diamond) needs to change all 30 language values to 0x01 Japanese. 3. After saving edit, you can make this Jap Gen4 (Diamond) recognize the Gen 3 cartridge in all languages. It should be reminded that in the Rom of Diamond/Pearl/Platinum, these game code and language value are uncompressed, while in HeartGold/SoulSilver, this part of the content is compressed and cannot be directly searched to find, you need to decompress ‘overlay 9_0074.bin’ file (this file name is unpacked from CT2, the name may be different if you use other tools to unpack) to find the corresponding data, and after hacking, you also need to compress it. Method 3: Hack NDS asm code (Emu or NDS flashcart) Principle: Hack the function mechanism of Migration judgment. Practice: 1. At the beginning of the guide, it was mentioned that jap/eng/fra/ita/ger/spa Gen4 rom can only receive the same language of Gen3 rom, but Kor Gen4 can receive jap&eng of Gen3 rom. Therefore, there are essentially two Migration judgment mechanisms in Gen4 game. In Gen4 ROM, the file where the Migration judgment function is located is: Diamond/Pearl: overlay9_0083 Platinum: overlay9_0097 Heart Gold/Soul Silver: overlay9_0074 (1) Codes for Jap/Eng/Fra/Ita/Ger/Spa version (taking the pret project Eng HeartGold as an example): see this file and line number ‘/asm/overlay_74_thumb.s #L832’ (the following is the assembly code, If you don't understand it, you can skip it directly, see the description below). ——————————————————————————————————————— _0222767E: 0x0222767E 1C20 add r0, r4, #0 0x02227680 FF16F5F2 bl sub_0201A4B0 0x02227684 68A8 ldr r0, [r5, #8] 0x02227686 FF69F602 bl Pokedex_GetNatDexFlag 0x0222768A 2800 cmp r0, #0 0x0222768C D00B beq _022276A6 0x0222768E F99BF00C bl PmAgbCartridge_GetLanguage 0x02227692 4905 ldr r1, _022276A8 ; =gGameLanguage 0x02227694 7809 ldrb r1, [r1] 0x02227696 4281 cmp r1, r0 0x02227698 D105 bne _022276A6 0x0222769C FF98FF00C bl PmAgbCartridge_GetVersionInternal 0x0222769E 1C40 add r0, r0, #1 0x022276A0 6268 str r0, [r5, #0x24] 0x022276A2 FCE7F00E bl ov74_02236074 _022276A6: 0x022276A6 BD38 pop {r3, r4, r5, pc} .balign 4, 0 _022276A8: 0x022276A8 020F5670 .word gGameLanguage ——————————————————————————————————————— The code here roughly means about migration: 1) whether to obtain the national pokedex, if passed, go to 2, and if do not pass, ends; 2) Check whether the GBA Rom language value is equal and compare with the NDS Rom language value, if it is equal, go to 3, and if not equal, ends; 3) Check the GBA Rom version, which is displayed in the menu when migrate. (2) Codes for Kor version (taking the Kor HeartGold as an example, some function naming is modeled on the naming of the pret project) :(the following content is assembly code, if you can't understand it, you can skip it directly, see the description below). ——————————————————————————————————————— _0222807E: 0x0222807E 1C20 add r0, r4, #0 0x02228080 F9E2F5F2 bl #0x201a448 0x02228084 68A8 ldr r0, [r5, #8] 0x02228086 FBB3F602 bl #0x202a7f0 ;Pokedex_GetNatDexFlag 0x0222808A 2800 cmp r0, #0 0x0222808C D00D beq _022280AA 0x0222808E F9A1F00C bl #0x22343d4 ;PmAgbCartridge_GetLanguage 0x02228092 2801 cmp r0, #1 0x02228094 D003 beq _0222809E 0x02228096 F99DF00C bl #0x22343d4 ;PmAgbCartridge_GetLanguage 0x02228098 2802 cmp r0, #2 0x0222809C D105 bne _022280AA _0222809E: 0x0222809E F993F00C bl #0x22343c8 ;PmAgbCartridge_GetVersionInternal 0x022280A2 1C40 adds r0, r0, #1 0x022280A4 6268 str r0, [r5, #0x24] 0x022280A6 FCDFF00E bl #0x2236a68 _022280AA: 0x022280AA BD38 pop {r3, r4, r5, pc} ——————————————————————————————————————— The code here roughly means about migration: 1) whether to obtain the national pokedex, if passed, go to 2, and if do not pass, ends; 2) Check whether the GBA Rom language value is 1 (i.e. Japanese), go to 4 if it is equal, and go to 3 if not equal; 3) Continue to check whether the GBA language value is 2 (i.e. English), if it is equal, go to 4, and if not equal, ends; 4) Check the GBA Rom version, which is displayed in the menu when migrate. 2. So what we need to do is to change ‘if not equal, ends’ to ‘if not equal ,continue’ . In two cases above, you only need to change 0xD105 to 0xD1FF, that is, you only need to change one byte 0x05→0xFF. After that the region restriction will be unlocked. The following is a list of the addresses where 0x05 needs to be changed to 0xFF in each language version of Gen4 rom: Version language ROM address RAM address Assisted search code Diamond/Pearl Jap 0x0030169A 0x0223083A E0 04 24 00 E0 03 Diamond/Pearl Eng 0x002F1718 0x0222D6D8 (ibid) Diamond/Pearl Fra 0x002F1918 0x0222D8D8 (ibid) Diamond/Pearl Ita 0x002F1918 0x0222D838 (ibid) Diamond/Pearl Ger 0x002F1918 0x0222D898 (ibid) Diamond/Pearl Spa 0x002F1918 0x0222D8F8 (ibid) Diamond/Pearl Kor 0x002F2D1C 0x0222D83C (ibid) Platinum Jap 0x0038D918 0x0222A378 (ibid) Platinum Eng 0x0038F518 0x0222AF78 (ibid) Platinum Fra 0x0038F318 0x0222B158 (ibid) Platinum Ita 0x0038F318 0x0222B0D8 (ibid) Platinum Ger 0x0038F318 0x0222B118 (ibid) Platinum Spa 0x0038F518 0x0222B178 (ibid) Platinum Kor 0x0039051C 0x0222BE7C (ibid) HeartGold/SoulSilver Jap 0x00235D09 0x02226BD8 (ibid) HeartGold/SoulSilver Eng 0x00236B0E 0x02227698 (ibid) HeartGold/SoulSilver Fra 0x00236B10 0x022276B8 (ibid) HeartGold/SoulSilver Ita 0x0023670E 0x02227638 00 04 24 00 E0 03 HeartGold/SoulSilver Ger 0x00236910 0x02227678 E0 04 24 00 00 E0 HeartGold/SoulSilver Spa 0x00236B0F 0x022276B8 E0 04 24 00 E0 03 HeartGold/SoulSilver Kor 0x00237113 0x0222809C E0 04 24 00 E0 00 * Assisted search code is used in fan translated ROM which the address may changes to help find the location of the migration function and 0x05 more quickly. Method 4: Cheat code hack NDS asm code (Can use for Cartridge) Principle: Same as Method 3, but don’t need to change the ROM while this method change the RAM. Practice: 1. For codes of migration function will be loaded to RAM, so we can use cheat codes to edit RAM without edit ROM. It means we can apply this region unlock hack on Real Gen4 cartridges by using tools like Aciton Replay, NitroHax etc. (see video link Jap HeartGold migrate from Eng Emerald (Pal Park region unlock) ) I’ve made the region unlock codes written in Action Replay format for NitroHax and can also be used for emulator. You can download this file ‘cheats.xml’. Pal Park region unlock code: Diamond/Pearl: Platinum: HeartGold/SoulSilver: cheats.xml
  6. gen4 (jp、en、fr、it、de、sp) can only migrate pokemon from the same language of gen3 cartridges. gen4 (kr) can only migrate pokemon from jp and en gen3 cartridges.
  7. In fact, Mirage Island Value has a one-to-one correspondence the elapsed days since the creation of the save file ( the elapsed days started from 0 after you set clock at the begining of game ). It means if you start game at 2000/01/01(rtc) and play to 2099/12/31, you can meet 36525 Mirage Island values in total (removing duplicate values, the number is reduced to 27925). Which also means if you catch a wild Pokémon, its PID must landed in 27925/65536 and those PID landed in 37611/65536 will never let you get to Mirage Island. If you start game laterly, the number of Mirage Island values will decrease less than 36525 (27925). And this can make a list to check what Mirage Island Value you'll meet in which day.《幻之岛值与经过RTC天数的标准对应表》 Like Mirage Island Value 0x0000, it will appears in 0, 1 and 7410 days after you set your clock in game. If you have a pokemon with PID xxxx0000, you can use it in whole time on dry battery RSE or the first and second days on powered battery RSE to launch Mirage Island. I've checked wheather there is a pokemon from in game trade or gift pokemon who has this PID in GEN3, however it didn't exist. So I created a totally new method last year which different from the past method cheating or rng abusing etc. and can be used on cartidge. It's a little complicated, so I just describe it in simple and you can see whole theory in links or just follow steps in video. I also made a web calculator to help use this method( theory and video links are also posted in web calculator). (GEN3 Mirage island calculator v1.3) There are two important things: PID value and MIrage Island value. The porblem is how we get it. First, PID value. Normally, we cant get it without dumping sav or use other tools to check internal data. However in GEN3, there is a pokemon who can help us —— Spindas. We can calculate it PID value through it dots. and there also web calculator to check it. Second, MIrage Island value. Through the list I have already made (the link above and it's also added to my web calculator), you can check when will Spindas' PID launch Mirage Island. Then using RTCread( a tool normally used to fix berry glitch and new battery glitch, it wont do change to sav) jump to this time. (you need to know when you start your game in RTC and the elapsed days , it can also calculator without dump or cheat). Then you can take your Spinda and get to Route 130 to launch Mirange Island.
×
×
  • Create New...