Kaphotics

Move1 and Move2 are empty, but Move3 is Flamethrower.

Shenanigans on "not tampering with anything".

KeySAV2 - now supports ORAS (BV or digital SAV)!

KeySAV2 is a conglomeration of two tools (KeySAV and KeyBV) that combines the features and includes more.

Retail Games are supported via: SD Card Battle Videos // PowerSaves/Cyber Gadget

Digital Games are supported via: SD Card Battle Videos & SD Card Save Games

Features:

Extra:

0x0 - 16 byte ID number (0x10-0x1F from SAV/BV)

0x100 - My Team Key
0x800 - Opponent Team Key (if broken successfully)

0x10 - 0xE0-0xE3 Blank Data (SAV)
0x1C - Box1 Offset (dynamic for ORAS)
0x100 - Key1 Data
0x40000 - Key2 Data

TUTORIALS:

Recommended: Extract KeySAV2 to its own folder somewhere -- it needs to make subfolders!

Follow the same breaking process as KeySAV/KeyBV by using the Options Tab of KeySAV2.

Source Code on my GitHub.

ALTERNATE (X/Y only) BUILD - Contains more features, by ViolentSpatula.

ALTERNATE (ORAS/XY) BUILDS:

Cu3PO42's BUILD & GUIDE (double saving not required)

Kaisonic's BUILD (double saving not required)

Download Link:

KeySAV2.zip

KeySAV2 (ORAS).zip

How did you achieve this? Is there something I'm missing?

Try this method. Even though it fully decrypts the savegame data, it won't decrypt the header data needed for re-signing the save. That can only be done by decrypting with the 3DS's AES engine with the proper key.

scripts don't set the trainer music, it's dependent on trainer class (nobody knows how to change it currently).

drayano added/edited scripts via raw hex.

http://projectpokemon.org/forums/showthread.php?29456-B2W2-Scripting-Thread

pretty sure drayano added them beyond the list of default trainers.

http://projectpokemon.org/forums/showthread.php?29170-Adding-New-Trainers-to-List-in-BWTE

post the following info to receive help:

AR code

what game you're doing this on

Download Link At Bottom of Post

Drag & Drop tool that emulates:

• Any official transfer method
• Fakes non-official transfer methods (backwards conversion)

Converts a pkm/3gpkm file to any of the forward generation formats, depending on what the user selects.

Download Page

Source Code

So then is there a known way to "take care" of the AES MAC or any way to fully decrypt the game. In PKHeX it shows a button saying "Export SAV" but it is blanked out and doesn't work, on the PKHeX thread it says "Saving changes to a SAV is only available if you can dump your own XORpad and have a 100% decrypted save."

In order for anyone to 100% decrypt a save, they would have to do either of the following:

1. dump the specific AES Key for their savegame, feed it to a hacked 3DS to generate the XORpad, and re-sign/xor when edits are applied.

2. dump the decrypted save in the RAM, then piece back together the save and have the 3DS ignore the bad AES MAC (or re-sign it with custom code).

PKHeX can detect if a save is 100% decrypted or not; if you can't do either of the above methods yourself, then you can't 100%decrypt or inject. You need more than just a Powersaves device... it's not a simple thing.

Thanks for the help, this isn't 100% decryption, so can I not inject these back? Because I've been trying to do that, and it's fail after re-trying 4 times. I did get at least this working though

Unless you can take care of the AES MAC at the top of the save, there is no 100% decryption or re-injection.

These tricks in the thread allow decryption of the savedata; insertion is not possible.

just re-save ingame; there is a backup and main save file in every 512KB save.

be sure the target game is set properly when loading any files.

PokeGen doesn't load gen3 pkm files (afaik).

Gen4 files have to be loaded with the target game as a generation 4 first, then the target game is changed to a genV game.

save files should be 512KB.

06/28/14 - New Update:

• Fixed: Translation not translating last elements of UI dropdowns.
  
• Fixed: SAV related buttons are now disabled when no data for them is loaded.
  
• Fixed: Pokerus infection/curing logic.
  
• Fixed: Memory loading now doesn't error out with no data, and has all memory types and locations.
  
• Added: DE/FR (early) language translations.
  
• Added: Shiny/PKRS Cured/Pentagon sprites to marking.
  
• Added: Ribbon sprites from ingame; Expert Battler (Super Maison ribbon) now has proper sprite. Also added the 40/8 complete Memory ribbons.
  
• Added: Base friendships for Kalos Pokemon.
  
• Added: Clicking Friendship Label now toggles between Base & Max; pressing with Control resets it.
  
• Added/Fixed: Clicking IsEgg will now set the Hatch Counter to 1 (GTS still tampers with it...).
  
• Added: Clicking PPups Label now sets all 4 PPUps to 3; pressing with Control sets them back to 0.
  
• Changed: Gender labels for Pokemon and Trainers now use ♂♀. Clicking will toggle between.
  
• Changed: Markings no longer display check boxes; instead they act like Ribbons which can be toggled by clicking.
  
• Changed: When a PID is shiny, it will now display the shiny marking instead of text.
  
• Changed: Setting a nickname to species name will now depend on the Pokemon's language, not the UI language. Changing the species will also auto fill the nickname the same way.
  

Source code is now available.

google'd "TID frlg rng" and got this as the first result. Scan through and there's a section that covers the TID generation.

1. get all of the badges

2. be the OT of the pokemon (OT/ID/SID)

foreign traded pokemon will not obey unless you have proven yourself ingame (obtained appropriate badges)

forward slash, not backslash

\XXXX not /XXXX

copy the animation from missingno

more info

http://www.smogon.com/forums/threads/past-gen-rng-research.61090/page-39#post-4370060

60% DWF -> offspring (no ditto)

80% female(dual) -> offspring (no ditto)

50% (with ditto)

B2W2: 100% nonDWF -> offspring (no ditto, everstone)

I did write a Lua script to view both parties during WiFi battles, the offsets were hard-coded though.

Wouldn't be hard to modify it, but there's a lot of junk to clear up.

There are no programs that have been posted.

Just open desmume's process with your program, and find the PKM data. Decrypt it then display.

Out of curiosity, would this be enough, in addition to the GTS hack, or is more still needed?

the authentication addresses are hard coded into the ROM using specific HTTPS urls, so there's no way you can bypass the checks unless you change how it authenticates (with an AR or ROM Hack). If you are capable of changing the ingame code, you are capable of writing to it anyways (save / memory editing).

These buttons are grey for me. What do I do?

Nothing; reread the red words at the bottom of the first post. The buttons are only usable if you provide a fully decrypted save file to edit from; you can't save a proper save file without a proper save file to start with.

I'm having a really hard time with this. After I finish editing stuff on the save file, how do I save these edits?

Click the Export SAV button in the SAV tab. Unless you are capable of getting past the AES-MAC signature check; saving with this program will do you no good unless you are capable of dealing with this issue.

--

06/09/14 - New Update:

• Fixed: Wrong/missing mini-sprites in box interface.
  
• Fixed: Nidoran gender symbols appearing incorrectly when viewed.
  
• Added: Splash screen on load to let users with slow computers that the program is setting up.
  
• Added: Detection of bad checksum data when loading it to tabs (hardly anyone will encounter this).
  
• Added: Translation support of all fields/combobox for every in-game language. This includes memories and characteristics. Also...
  
• Added: Translation support of interface via supplied .txt files. With the above change and this, the program can be fully localized (besides Encounter Types, 3DS Country Names, savegame related UI or popup messages.)
  
• Added: Appending the exe's file name with -en or any other supported language (ja, ko, de, it, es, fr) will auto-load the program with the language.
  
• Added: Mass Import / Export of box contents by either dragging a folder into the window or loading/saving-to a folder. PKHeX will allow users to create a database in the same directory as the executable to store all dumped pk6 files, or allow users to specify where to dump/load from.
  

Reminder: Stuff still cannot be injected to your game yet, unless you can decrypt your save and re-sign it, or inject directly into the RAM.

If anyone is able to find out what offsets 0x16/0x17 are used for (can view via Extra Bytes), please let everyone know!

Is somebody working at resigning? And can we manage editing AND inserting via hex editing(on save)?

It's not a priority for anyone, as only Datel can re-sign retail saves. Flashcarts can inject directly to the game instead. You can't just hex edit a save file, the signatures have to be correct. PKHeX can insert to the save file, but the signature will alwayss have to be done by the 3DS. The save interface of PKHeX is still useful to help users see their decrypted data.

So I can't have a 5th trainer because of the way Download Tournaments are structured?

Correct, there is only space for 4 custom trainers; if you set the custom trainers to ensure they face you on a given round, you'll never face the 5-8 trainers.

The rest (8 trainers) aren't generated at all; you are only given opponents from the 4 in the Download Tournament file.

(2 first rounders being 3rd/4th place -- you get a random one of these, followed by the 2nd place player in the semis, followed by the first place player in the finals)