Bond697

This will run the RNG forward and backward, check a poke's PID/IVs for the proper relationship, or list compatible PIDs for given IVs: http://pokemon.thundaga.com/research/apps/pokegc_13.exe http://pokemon.thundaga.com/research/apps/pokegc_13_src.7z e: the source isn't great because it was ripped out of another project, but it works and is fairly readable. This is the proper version of shaym.in, fully restored from its butchering: http://hack.thundaga.com/doc.html e: or have a look at ToastPlusOne's awesome web app: http://dl.dropbox.com/u/18231634/PokemonWebApps/Pages/XDLegit.html It's lightweight and is currently in development to cover as much as possible with regards to Colo/XD.

i'm not sure if the worst part of this is that you a. ripped off shaym.in entirely(http://shaym.in/apps/iv_checker - have a look) b. deleted both the author's credits and copyright c. after changing a very small bit of the javascript, you tried to make someone else's code unreadable after it was released openly in shaym.in(hint: minify is not obfuscation) d. put this crap tucked away in the middle of the shaym.in guy's source: // This calculator is a modified version of Alex Smith's Method 1/J/K PIDIV calculator. It may only be used by Kaphotics' Dropbox. // http://dl.dropbox.com/u/12206225/RNG/xdc-legal.html // If this is uploaded to another site, then you are an asshole and a good for nothing. I will hunt you down. i'm also not at all sure what has to be wrong with you to do that, but here's a fully open version with all functions readable and everything restored as it should be: http://hack.thundaga.com/doc.html

here: 94000130 FFFB0000 DC000000 0223C074 90000000 FFFB0000 DA000000 00000000 D4000000 00000004 D7000000 00000000 D0000000 00000000 D3000000 00000000 94000130 FFFB0000 2223D1D0 00000003 D2000000 00000000 94000130 FFFB0000 D5000000 FFFFFFFF C0000000 00000013 D6000000 0223D1D4 D2000000 00000000 94000130 FFFB0000 0223D224 0000003F 0223D228 8FFFFFFF 0223D22C FFFFFFFF 0223D230 FFFFFFFF 0223D234 F7FAFFFF 0223D238 FFFFFFFF 0223D23C FFFFFFFF 0223D240 FFFFFFFF 0223D244 FFFCDFFF 0223D248 FFFFFFFF 0223D24C FDFFFFFF 0223D250 FFFFFFFF 0223D254 F7FFFFFF 0223D258 6FFFFFFF 0223D25C FF7FFFFF 0223D260 DFFFFFFF 0223D264 FFFFFF7F 0223D268 FFFFFFFF 0223D26C FFFFFFE7 0223D270 FFFFFFFF 0223D274 FFCFFFFF 0223D278 0000003F 0223D27C 7FFFFFFF 0223D280 FFFFFFFC 0223D284 FFFCFFFF 0223D288 7E7FF9E7 0223D28C FF9C7EF7 0223D290 FFFFFFFF 0223D294 FFFFFEFF 0223D298 F8E3E6FF 0223D29C FFFFFFFF 0223D2A0 FEFFFFF7 0223D2A4 FF3CFFFF 0223D2A8 081FFFFF 0223D2AC DFFFFFFC 0223D2B0 FFE7FFFF 0223D2B4 39FFDFFF 0223D2B8 FFFFC090 0223D2BC F9FFFFFF 0223D2C0 FFFFFFFF 0223D2C4 FE3FFFFF 0223D2C8 1FF39FBF 0223D2CC 00000000 0223D2D0 8FFFFFFF 0223D2D4 FFFFFFFF 0223D2D8 FFFFFFFF 0223D2DC F7FAFFFF 0223D2E0 FFBFFFFF 0223D2E4 FFFFFFFF 0223D2E8 FFFFFFFF 0223D2EC FBFCDFFF 0223D2F0 FFFFFFFF 0223D2F4 FDFFFFFF 0223D2F8 FFFFFFFF 0223D2FC F7FFFFFF 0223D300 6FFFFFFE 0223D304 FF7FFFFF 0223D308 DFFFFFFF 0223D30C FFFFDD7F 0223D310 FFFFFFFF 0223D314 FFFFFFE7 0223D318 FFFFFFFF 0223D31C FFCFFFFF 0223D320 00000033 0223D324 7FFFFFFF 0223D328 FFFFFFFC 0223D32C FFFCFFFF 0223D330 7E7FF9E7 0223D334 FF9C7EF7 0223D338 FFFFFFFF 0223D33C FFFFFEFF 0223D340 F8E3E6FF 0223D344 FFFFFFFF 0223D348 FEFFFFF7 0223D34C FF3CFFFF 0223D350 081FFFFF 0223D354 DFFFFFFC 0223D358 FFE7FFFF 0223D35C 39FFDFFF 0223D360 FFFFC090 0223D364 F9FFFFFF 0223D368 FFFFFFFF 0223D36C FE3FFFFF 0223D370 1FF39FBF 0223D374 00000000 0223D378 8FFFFFFF 0223D37C FFFFFFFF 0223D380 FFFFFFFF 0223D384 F7FAFFFF 0223D388 FFFFFFFF 0223D38C FFFFFFFF 0223D390 FFFFFFFF 0223D394 FFFCDFFF 0223D398 FFFFFFFF 0223D39C FDFFFFFF 0223D3A0 FFFFFFFF 0223D3A4 F7FFFFFF 0223D3A8 6FFFFFFF 0223D3AC FF7FFFFF 0223D3B0 DFFFFFFF 0223D3B4 F87FFF7F 0223D3B8 E7FEE68F 0223D3BC 13FB74E5 0223D3C0 C5CCB923 0223D3C4 FE4EEFEF 0223D3C8 0000003F 0223D3CC 70000000 0223D3D0 00000000 0223D3D4 00000000 0223D3D8 08050000 0223D3DC 00000000 0223D3E0 00000000 0223D3E4 00000000 0223D3E8 00032000 0223D3EC 00000000 0223D3F0 02000000 0223D3F4 00000000 0223D3F8 08000000 0223D3FC 90000000 0223D400 00800000 0223D404 20000000 0223D408 07800080 0223D40C 18011970 0223D410 EC048B1A 0223D414 3A3346DC 0223D418 01B11010 D2000000 00000000 94000130 FFFB0000 D5000000 00000000 C0000000 00000029 D6000000 0223D41C D2000000 00000000 94000130 FFFB0000 D5000000 00000000 C0000000 00000014 D6000000 0223FB58 D2000000 00000000 94000130 FFFB0000 D5000000 FFFFFFFF C0000000 00000069 D6000000 0223D4EC D2000000 00000000 94000130 FFFB0000 0223D698 07FFFFFF 0223D4C8 FFFFFFFF 0223D4CC FFFFFFFF 2223D4D0 000000F3 2223D4D1 000000FF 1223D4D2 0000FFFF 0223D4D4 FFFFFFFF 1223D4D8 0000F3FF 1223D4DA 00000001 0223D4DC 54151000 1223D4E0 00004512 2223D4E2 00000050 2223D4E3 00000000 0223D4E4 00000000 0223D4E8 00000000 D2000000 00000000 646 seen/caught, no crashes, nothing shiny that shouldn't be. pokemon white english, etcetc. works on both a real ar and desmume. made from pokegen's, so credit to codr/pokegen, really. e: open the dex then press select. e2: if anyone wants to adpot this to another version, it's really easy. look at what i changed and just make the same changes.

that obviously was a joke. it's for english white and it's missing stuff intermittently, not the last 25 or so.

http://projectpokemon.org/forums/showthread.php?14900-Complete-Pokedex-Cheat-Causes-Dream-World-Game-Sync-Error-Code-13204-FIX-HERE&p=135890&viewfull=1#post135890

you're gonna want this: http://projectpokemon.org/forums/showthread.php?14900-Complete-Pokedex-Cheat-Causes-Dream-World-Game-Sync-Error-Code-13204-FIX-HERE&p=135840&viewfull=1#post135840

you would need to decrypt and re-encrypt the data on the fly. using the ar. in assembly. i can see this turning into a mess. i still don;t understand exactly what you're trying to do?

not that it matters a whole lot because that code is total crap, but that isn't exactly how it works. let's use the white english version as an exmaple: 94000130 FFFB0000 0223D1D0 00001803 D5000000 FFFFFFFF C0000000 00000131 D6000000 0223D1D4 D2000000 00000000 94000130 FFFB0000 activator(FFFB is select), whatever 0223D1D0 00001803 constant 32-bit write of "00001803" to 223d1d0 D5000000 FFFFFFFF set the ar's data register(aka. 'Dx' or i sometimes call it 'rD') to FFFFFFFF, as that is the value we'll be (stupidly) writing over and over C0000000 00000131 the loop statement- we can make a for-loop out of this and we will at the end D6000000 0223D1D4 called post-increment addressing in arm, the ar does 223d1d4(+offset) = FFFFFFFF, 223d1d4 + (offset += 4) (the 4 here isn't being added straight to 223d1d4, it's being added to another ar register called the "offset" and that is being added to 221d1d4) D2000000 00000000 loop execute/terminator- keeps running the loop starting at C0000000 00000131 or terminates the ar code and pus everything back as it should if the loop is done. each time it hits this line, it does 0x131 - 1. well not 131 every time, but the original is 131 then -1 on the first loop, etc. we can do it like this, really: if(press select) { *(0x0223D1D0 + offset) =0x00001803; rD = 0xFFFFFFFF; for (int i=0; i<0x131; i++) { *(0x0223D1D4 + offset) = rD; offset += 4; } } what i'm saying is that that part you have labelled as affecting 80-some pokes at a time actually doesn't. try tweaking the number of loops.

everything you want to change is encrypted. since you're proficient with java/c++, your best bet is to read about how the encryption works(i think there's a wiki article) and write an app to decrypt the pkm and the re-encrypt it so you know what values you want to change to what. however, if you want to somehow reuse an ar code that does this, that's a much different vastly more challenging story. is this something just for you or something you're making for a lot of people to use? if it's the former, doing so might be a bit easier. we can just cut out the encryption. e: well, you would need to use the cut encryption on a new game or edit all your pokes to not be encrypted. if everything isn't encrypted with the 4th gen rng, but the game tries to decrypt with it, Bad Things™ will happen. srsly.

http://www.neoflash.com/forum/index.php/topic,7152.0.html the sms4 can now dump 3ds saves as well.

it's probably not a huge deal(because, really, who's using a debug console with an ar? and i doubt most people realize you can throw desmume or no$ into nds debug 8mb mode), but it probably does cut down on a very small percentage of people who can use a given code. also, i dunno if you're aware of it, but pp has a decent collection of worthwhile breakpoints for dppt/hgss/bw and the gen 3 games. some are pretty useful for making codes or just figuring out how stuff works in general: http://projectpokemon.org/wiki/Notable_Breakpoints and i see what you're talking about with plat: 02017B9C B510 push {r4,r14} ;1N+1ND+1SD 02017B9E B084 add sp,-#0x10 ;1S [b]02017BA0 4A39 ldr r2,=#0x27FFFA8 ;1S+1ND+1I[/b] 02017BA2 2002 mov r0,#0x2 ;1S 02017BA4 8811 ldrh r1,[r2] ;1S+1ND+1I 02017BA6 0380 lsl r0,r0,#0xE ;1S 02017BA8 4008 and r0,r1 ;1S 02017BAA 13C0 asr r0,r0,#0xF ;1S 02017BAC D009 beq #0x2017BC2 ;1N+2S 02017BAE 4837 ldr r0,=#0x21BF67C ;1S+1ND+1I 02017BB0 2100 mov r1,#0x0 ;1S 02017BB2 6481 str r1,[r0,#0x48] ;1N+1ND 02017BB4 6441 str r1,[r0,#0x44] ;1N+1ND 02017BB6 64C1 str r1,[r0,#0x4C] ;1N+1ND 02017BB8 4835 ldr r0,=#0x21BF6BC ;1S+1ND+1I 02017BBA B004 add sp,#0x10 ;1S 02017BBC 8401 strh r1,[r0,#0x20] ;1N+1ND 02017BBE 8441 strh r1,[r0,#0x22] ;1N+1ND 02017BC0 BD10 pop {r4,r15} ;1N+2S+1ND+1SD+1I 02017BC2 4834 ldr r0,=#0x4000130 ;1S+1ND+1I 02017BC4 8801 ldrh r1,[r0] ;1S+1ND+1I 02017BC6 8810 ldrh r0,[r2] ;1S+1ND+1I 02017BC8 4301 orr r1,r0 ;1S 02017BCA 4833 ldr r0,=#0x2FFF ;1S+1ND+1I 02017BCC 4041 eor r1,r0 ;1S 02017BCE 4008 and r0,r1 ;1S probably just how the dsi sdk organizes data.

totally, it's just mirrored memory. actually, you could also use 23FFFA8, but that would ruin compatibility with anything using 8mb of ram.(a debug console, no$/desmume in debug mode)

i'm wondering if possibly nintendo's sdk has changed default spots, then. RAM:02035F50 ; =============== S U B R O U T I N E ======================================= RAM:02035F50 RAM:02035F50 RAM:02035F50 keypressHandler__ ; CODE XREF: sub_20360C0+8p RAM:02035F50 STMFD SP!, {R3-R5,LR} RAM:02035F54 MOV R5, R0 RAM:02035F58 BL sub_2035234 RAM:02035F5C LDR R3, =0x2FFFFA8 ; This for new(NDS-only) buttons RAM:02035F60 MOV R4, R0 RAM:02035F64 LDRH R0, [R3] RAM:02035F68 AND R0, R0, #0x8000 RAM:02035F6C MOVS R0, R0,ASR#15 RAM:02035F70 BEQ keypressGBA__ RAM:02035F74 MOV R0, #0 RAM:02035F78 STR R0, [R4,#0x1C] RAM:02035F7C STR R0, [R4,#0x18] RAM:02035F80 STR R0, [R4,#0x20] RAM:02035F84 STR R0, [R4,#0x28] RAM:02035F88 STR R0, [R4,#0x24] RAM:02035F8C STR R0, [R4,#0x2C] RAM:02035F90 LDMFD SP!, {R3-R5,PC} RAM:02035F94 ; --------------------------------------------------------------------------- RAM:02035F94 RAM:02035F94 keypressGBA__ ; CODE XREF: keypressHandler__+20j RAM:02035F94 LDR R0, =0x4000130 ; This is for all buttons that carried over from the GBA RAM:02035F98 LDR R2, [R4,#0xC] RAM:02035F9C LDRH R1, [R0] RAM:02035FA0 LDRH R0, [R3] RAM:02035FA4 ORR R0, R1, R0 RAM:02035FA8 EOR R0, R0, R3,LSR#12 RAM:02035FAC AND R0, R0, R3,LSR#12 (a piece of)the actual keypress handler from b/w. or the dsi sdk uses it by default to leave room around 27XXXXX.

the ds ram is mirrored. 27FFFA8 is not more common than 2FFFFA8. they're the same thing. not to mention, the game uses 2FFFFA8, not 27FFFA8: RAM:02088180 ; S U B R O U T I N E ======================================= RAM:02088180 RAM:02088180 RAM:02088180 getParams__ ; CODE XREF: Seed.Create__+14p RAM:02088180 ; sub_20595A0+14p RAM:02088180 STMFD SP!, {R4-R6,LR} RAM:02088184 LDR R1, VCOUNT ; VCOUNT @ =0x4000006 RAM:02088188 MOV R5, R0 RAM:0208818C LDRH R6, [R1] ; *VCOUNT into R6 RAM:02088190 LDR R4, =0x2FFFC00 ; base value used for grabbing loads of values RAM:02088194 BL getTimer0__ RAM:02088198 ORR R0, R0, R6,LSL#16 ;(*VCOUNT << 16) | *timer0 RAM:0208819C STR R0, [R5] RAM:020881A0 LDR R0, =0x2151358 RAM:020881A4 LDRH R1, [R4,#0xF8] RAM:020881A8 LDR R2, [R0] RAM:020881AC LDR R3, [R0,#4] RAM:020881B0 EOR R1, R2, R1,LSL#16 RAM:020881B4 STR R1, [R5,#4] RAM:020881B8 LDR R2, [R0] RAM:020881BC LDR R2, GxStat ; GxStat @ =0x4000600 RAM:020881C0 LDR R1, [R0,#4] RAM:020881C4 LDR R0, [R4,#0xF4] RAM:020881C8 LDR R3, [R4,#0x3C] RAM:020881CC EOR R0, R1, R0 RAM:020881D0 EOR R3, R3, R0 RAM:020881D4 STR R3, [R5,#8] RAM:020881D8 LDR R1, [R2] RAM:020881DC ADD R0, R4, #0x300 RAM:020881E0 EOR R1, R3, R1 RAM:020881E4 STR R1, [R5,#8] RAM:020881E8 LDR R1, [R4,#0x1E8] ; grab the date RAM:020881EC SUB R2, R2, #0x4D0 ; gxstat(4000600)-4D0 = 4000130(gba-compatible controller input) RAM:020881F0 STR R1, [R5,#0xC] RAM:020881F4 LDR R3, [R4,#0x1EC] ; grab the time [b][u][i]RAM:020881F8 ADD R1, R4, #0x3A8 ; 2FFFFA8 - nds-compatible input[/i][/u][/b] RAM:020881FC STR R3, [R5,#0x10] RAM:02088200 LDRH R12, [R0,#0x94] RAM:02088204 LDR R3, [R4,#0x390] RAM:02088208 EOR R3, R3, R12,LSL#16 RAM:0208820C STR R3, [R5,#0x14] RAM:02088210 LDRH R4, [R0,#0xAA] RAM:02088214 LDRH R3, [R0,#0xAC] RAM:02088218 ORR R3, R3, R4,LSL#16 RAM:0208821C STR R3, [R5,#0x18] RAM:02088220 LDRH R2, [R2] ; get gba-compatible input RAM:02088224 LDRH R1, [R1] ; get nds-only input RAM:02088228 LDRH R3, [R0,#0x98] RAM:0208822C ORR R0, R2, R1 ; OR the inputs together to make 1 number: (3FF | 2C00) = 2FFF, etc RAM:02088230 ORR R0, R0, R3,LSL#16 RAM:02088234 STR R0, [R5,#0x1C] RAM:02088238 LDMFD SP!, {R4-R6,PC} RAM:02088238 ; End of function getParams__ RAM:02088238 RAM:02088238 ; --------------------------------------------------------------------------- RAM:0208823C dword_208823C DCD ; DATA XREF: getParams__+4r RAM:02088240 dword_2088240 DCD 0x2FFFC00 ; DATA XREF: getParams__+10r RAM:02088244 dword_2088244 DCD 0x2151358 ; DATA XREF: getParams__+20r RAM:02088248 dword_2088248 DCD ; DATA XREF: getParams__+3Cr RAM:0208824C also, i did some reading and you seem to have missed the part where 4000136 is only used for nds-compatible input by the arm7, not the arm9. obviously that's why i didn't see it and why it works with the ar. the ar hooks the arm7 by default. e: and considering that 4000136 is arm7-only, while 2FFFFA8 is the same for both cpus, there's a good reason to stay consistent and use 2FFFFA8 and not 4000136.

i just checked, no they don't. every bit of documentation i've ever read says that 2FFFFA8 is the x/y input location.

you're kidding right? he linked you to an article stating exactly what you need.

x/y/touchscreen don't run off of 4000130. they run off of 2FFFFA8. keep that in mind if you're going to use one of them. gonna fix that wiki article, too... e: for further clarification, 4000130 was also used in the gba for input. it retains the classic(gba) button map, but doesn't handle the new(nds-only) map. e: article partially fixed.

this is in the wrong place. the spots you're trying to edit are the pokemon(pkm files) in memory: 00013 022349D4 d h 0 Slot1 PID(W) 00014 02234AB0 d h 0 Slot2 PID(W) 00015 02234B8C d h 0 Slot3 PID(W) 00016 02234C68 d h 0 Slot4 PID(W) 00017 02234D44 d h 0 Slot5 PID(W) 00018 02234E20 d h 0 Slot6 PID(W) (from my ram watch file) the pid is right at the beginning of the pkm. are the numbers you found the current hp/atk/etc or the ivs, or the evs? i'm pretty sure they're unencrypted at that point, so that shouldn;t be a problem. e: i think i see. you're trying to edit the party stats in ram. each stat is a short, so 2 bytes. keep in mind, though arm cpus can run in big or little-endian, the nds uses little endian. you'll have to reverse what you're seeing in memory if you have the memory viewer set to 8-bit.

what you might want to try, then, is this hack for the ar: 023FE074 012FFF11 that makes the ar execute data using the "E" code type, not patch it. so you could do.. 94000130 FFFB0000(run on hitting select, can be changed to whatever) 023FE074 012FFF11 E0000000 0000XXXX(the Xs here are the number of bytes being run in total, 4 per word) AAAAAAAA BBBBBBBB CCCCCCCC DDDDDDDD EEEEEEEE FFFFFFFF GGGGGGGG E12FFF1E you can make it as long as you want, that's just an example. that will execute the arm assembly(must be arm, not thumb) you put in the code every time you hit select. that way you can just run it from the ar and you won't need to worry about finding free memory, etc.

well, the first thing you need to decide on is how often your code needs to run. if it's a constant write, you'll need to hook an irq handler or something. if it's once, then you can maybe hook the pass from the arm9 bootup code to the main loop and then pass off to the main loop. i dunno, something that runs once. you probably want to read this: http://crackerscrap.com/ddoc.php?p=dshooking.html&n=1 you can probably use something like asm to ards to translate your code to hex for running on the ar. i'm really not sure how the nature/stat thing works aside from that it's multiplied and saved somewhere as the stat is needed for whatever it's used in. also, a lot of the area before the arm9 binary is never used. roughly 2000100->2003FFC is unused, i think. you could use some of that.

that data has to be written to ram from rom, so i'm sure it's possible. you would need to find it, though, and make a VERY specific ar code to trigger when it shows up.

you would need to do it in assembly and write it into the ram using the ar. you would also need to find a place to hook the routine and make sure you don;t wreck any registers. e: something like... push {r0, r1} ldr r0, [a] ldr r1, add r0, r0, r1 lsr r0, #0x1 add r0, r0, #0x7 ldr r1, [c] mul r0, r0, r1 str r0, [d] pop {r0, r1} bx lr that's really simplistic, though, and doesn't account for the work of finding an open area that won;t be written over, finding a hook spot, etc.

all the pokes with a form/multiple forms have similar data. frankly, i wouldn't put too much stock in this until you actually see a kyurem form sometime down the line. there's no proof whatsoever that it isn't just cut content.

b/w were made from the dppt line, not hgss. i would also imagine that bw and hgss were developed in tandem for awhile by separate teams, which would explain why bw doesn't have stuff like pokemon following the trainer.

what do you mean, exactly?