YoshiOG1

Note: I could be completely wrong about this, so keep that in mind.

So I recently decided to try messing with PKHeX and EdiZon.  What happened was that I made a Python script to generate an Atmosphere cheat code that injects a given EK8 file into Box 1 Slot 1 of the PC.  It kind of worked, except I noticed that the Pokemon's Sp Def stat was glitched (with a question mark and 2 digits).  I saved the game, dumped the save, and opened it with PKHeX.  Upon viewing the glitched Pokemon in PKHeX, it didn't show anything different.  But if I export the glitched Pokemon as an EK8 again, only the last 2 bytes are different from the original EK8 used to make the cheat code.

This leads me to believe that there could be a bug with how PKHeX handles saving EK8 files.  Also, I noticed that the last 0x10 bytes of the PK8 file have the actual (calculated) stats shown in-game.  I believe this may have something to do with the issue.

Edit: If anyone wants the RAM offset for Box 1 Slot 1 in Sword, it's HEAP + 0x004293D8B0 (at least for me)

On 8/20/2017 at 10:26 PM, YoshiOG1 said:

I found which byte controls the eyelid state on the Trainer Passport picture.  

I think it's at offset 0x1266, but I only tested it by RAM editing relative to the RAM's save.  Apparently the value 0x03 makes the eyes closed, 0x02 makes them sleepy (partially closed), and 0x01 make the eyes totally open.

You're welcome.  

 

  Reveal hidden contents

 

Now that US/UM are out, I was able to find the offset for the eyelid state in Ultra Moon.  I believe it's 0x1466 from what I can see in my save dumped using JKSM.

I found which byte controls the eyelid state on the Trainer Passport picture.  

I think it's at offset 0x1266, but I only tested it by RAM editing relative to the RAM's save.  Apparently the value 0x03 makes the eyes closed, 0x02 makes them sleepy (partially closed), and 0x01 make the eyes totally open.

You're welcome.  

Are you sure that it's impossible? I thought that IVs after being generated were stored in RAM....

It would be something like the Lua Script for DeSmuMe, right?

I didn't say it was impossible. I said it's POSSIBLE.

And yeah, I guess it could be something like whatever Lua script you're talking about, if it involves link trades.

And what will do this cheat? How it will show us the opponent spread? I mean, during battle. I don't want to edit IVs, i want only to see them

Well, I do know that NTR CFW plugin development is pretty flexible, since there's already a plugin that lets you view/edit almost any portion of the RAM of a process: [link]

And although I'm sure it's possible, I don't really know how to make a plugin that checks the IVs of an opponent's Pokemon.

But speaking of which, it would really be awesome if someone made an NTR plugin that could check egg Shiny Values like InstaCheck did back before X/Y's 1.2 update. I'm just wondering if it's possible to have an NTR plugin overlay text on the screen without pausing the game that's running.

I'm starting this thread because I want to share/gather various information on RAM hacking on Generation 6 Pokemon games. (I hope no one else has already done the same)

If you have something to contribute (such as RAM addresses for values, pointers, etc.), please post it here!

(Just be sure to specify whether it's an offset for NTR-CFW or ARCode or whatever; otherwise it *could* get confusing.)

==============

Anyway, I'm going to start off by posting some notable locations for various things.

ORAS RAM addresses: (tested in Omega Ruby)

Happy hacking!

~ Yoshi

P.S. It's like 4:00 in the morning for me as of posting this thread, so I apologize if this isn't the place for this stuff.

There is a bug in this version. I will add a link to a multicheat plugin I forked on github.

Okay. Where's the link to the source code for the plugin? And could you possibly port this cheat to Pokemon X/Y?

How did I not know about this?!

This is what I'd always dreamed of when it comes to 3DS Pokemon hacking. Thank you for your awesome work!

And no, I will *not* use this hack to scam people of their hard-earned legit shinies; that would be cruel of me. Then again, any scammer could be using something as simple as PowerSaves to make Pokemon shiny and trade them away for legit shiny Pokemon.

Back on-topic, I might make a video showcasing this awesome hack. If I do, then I'll be sure to credit you.

Sorry if this is considered necroposting, but I seem to have found the flags that determine the extremely harsh sunlight in Omega Ruby! (Yeah, I played through the game again just to get to that part. lol)

Not sure if it requires un-ticking the Defeated/Captured Groudon flags, but if you set flag 2809 and un-set flag 0458 in Omega Ruby, then the extreme sunlight will return to eastern Hoenn once again. As of yet, I don't know if the same flags control the heavy rain in Alpha Sapphire. I'm about to test that soon.

Edit: Surprisingly, modifying the same flags in Alpha Sapphire makes it extremely harsh sunlight just like in Omega Ruby! Interesting... I'll have to figure out the heavy rain flags another time. (Unless you guys are willing to do that for me... Lol!)

Edit 2: I managed to get the heavy rain working! The flag to enable is 2810, I think. Enjoy getting soaked in heavy rain!

Screenshots:

P.S. I don't think it's necessary to un-set flag 458 to get the primal weather...

Sorry for bumping this thread, but I recently managed to downgrade my old3DS to 9.2.0-20U so I could use the spider exploit again. I know there's a thing that lets you load Action Replay codes from the SD card using the QR exploit (look up "3ds spider arcode"), but has anyone made an AR code to encounter 100% shiny Pokemon, or even to increase the shiny rate? It would be so awesome to encounter 5 shiny Pokemon in a horde using hax!

Ah, okay. Thanks for sharing this!

Edit: I sure hope this makes significant progress before the available homebrew exploits eventually get patched by Ninty. I'd love to be able to edit my save file on-the-go!

Hey guys.

I was wondering if Kaphotics and/or some other people would be willing to develop a 3DS homebrew application that would essentially be a version of PKHeX that can be launched on the 3DS homebrew launcher. Like, if I'm away from my computer and can't access PKHeX.exe, then I could just launch this alternative version of PKHeX from the Homebrew Launcher via TubeHax/IronHax. Anyone else think this would be a good idea?

Thanks for any consideration.

He has tweeted that PKHex works with TDVS, and I saw that he has it on his SD card, in his Tubehax/Ironhax tutorial video.

Yeah, I know that. But he hasn't released it yet. I'm just wondering if he'll be able to release it any time soon, or if someone else would be able to make an alternative before he releases TDVS.

It seems like Smealum might take a while to finish TDVS, as he said on his Twitter that he's been very busy lately. Could someone else please, by any chance, try to develop a Homebrew app to dump/inject save data from X/Y/OR/AS sooner than TDVS's eventual release? I've been getting super hyped about using PKHeX again, and I'm losing my patience. If someone can please make an alternative, then I thank you in advance. If not, then I guess I'll try to be more patient. Thanks for any consideration.

Hey guys. I was wondering: would it be possible to hack Pokemon Omega Ruby / Alpha Sapphire in-game much like Gecko codes on Wii (or like Action Replay in previous generations)? I've been curious to see if I myself could run codes that could allow me to Walk Through Walls, make encounters shiny, or other stuff like that without loading a hacked ROM. I get that the web browser exploit only injects data into the ramsav, but is live hacking in Gen 6 a thing as of yet?

Thanks in advance.

Okay, but I thought the whole web browser exploit was for RAM injection? If I can alter the horde encounter tables while in Petalburg Woods, then what else might I be able to do? Could I create/modify my own code.bin with custom code to inject onto the game from loadcode.projectpokemon.org (or whatever the link is)?

Nope. You are not understanding how it works. What AR did was apply a constant change, altering how the data worked while it was active. That is a thing of the past. And finding everything as Shiny was never so great in the first place, once you had done it for a day. Some Pokemon are just better non-Shiny, and they stop being interesting at all when that's all you find.

All any GenVI cheating does is edit the save file, which has no lasting effects, other than that which it directly alters; this obviously can not affect game-play or anything that occurs while playing.

Which, really, this is far more efficient. Just catch what you want, then mark it Shiny. Done. So long as it's of Gen VI origin and not of any restricted parameters, it would be just as Legal as if you'd caught it Shiny in the first place.

On the point of scamming people with seeming-legit hacks... not really so likely anymore, even if you wanted to, since they have to pass a Legal Check to trade online in the first place. Sure, you may have not gotten it the proper way, which is certainly more appreciated by the far majority of players, even among cheaters, but so long as it's no different than if you had, in the end, barely anyone cares and it will have the same result as if it was proper.

Ah, I see. So you're saying that it's not worth it due to the simpler option of shinifying with something like PowerSaves?

Oh well; I was just wondering if it were possible for educational purposes. Guess it's not.

Can someone guide me in making a custom code.bin or something to force all encounters to be shiny? I'm not saying I'd use it to cheat or scam people of their hard-earned shinies by trading them seemingly-legit hacks; I'm just curious as to how one would go about doing something like that. Like, imagine every encountering shiny Pokemon everywhere you go. How nifty would that be? Lol.

Also, I'm sort of new to this whole RAM injection thing being available in Gen 6, so would a code to make all encounters shiny even be possible with injection like it was with AR in previous gens?

Thanks in advance.

Okay, so the PowerSaves has this code that gives you the Shiny Charm via a hacked Wonder Card. So one day, I wondered what the effects would be of having more than one Shiny Charm on my file, and I managed to get 3 charms by using the PowerSaves code more than once. Now, I'm starting to have regrets about it, because I'm noticing that I'm finding fewer shiny Pokemon than I was when I had only one Shiny Charm.

How would I go about fixing this issue of having 3 Shiny Charms? I've tried decrypting with the save1keystream.bin, changing the values in SAVE1 & SAVE2 from 0x03 to 0x01, and then re-encrypting, and even using the Datel Checksum Fixer to restore the edited backup, but it just says that the save data is corrupted. And from what I've read here, I'm assuming that the save wasn't re-signed correctly or something.

If anyone can help me with this, let me know.

Man, I just wish I could insert Hoopa/Volcanion into my save file. Is it still impossible without a hacked 3DS (as of July 2014)? Or, would it be possible for someone else to inject Pokemon into my save file, as long as I send them the right files?

It just frustrates me that I can't edit my save file with PKHeX and re-insert it back on my cartridge. What would I have to do to be able to export the SAV in PKHeX?

Can I have the files? I want to try this out. Is there any way to modify it for gen 3/4?

I don't really know how to make it work for Gen 3 or Gen 4, but I'd be glad to share the files, including the modified LUA script and a Python script which is required for copying sprite files from one folder to another. I'll edit this once I have the files ready.

EDIT: Files are (kind of) ready, at least for B2/W2... Here:

https://drive.google.com/#folders/0By1p7rZvEVGiV3VOejZPY3VaTUU

UPDATE: I did it!

I basically just modified Kaphotics's LUA script to write the Party Pokemon's Pokedex #'s to a .txt file, and from there, I wrote a Python script to interpret that file and replace pictures in a folder with the appropriate sprites from another folder.

If anybody wants a bundle with the files for doing this, let me know. (I'll include a Readme, too, but it might be somewhat complicated)

Thanks a bunch, Kaphotics!

I did write a Lua script to view both parties during WiFi battles, the offsets were hard-coded though.

Wouldn't be hard to modify it, but there's a lot of junk to clear up.

Thanks. I'll look into modifying it for what I need.

There are no programs that have been posted.

Just open desmume's process with your program, and find the PKM data. Decrypt it then display.

Oh... So there isn't even something like a LUA script that can dump the PKM's from the RAM to a file?

Either way, thanks for the advice.

Bump.

Anyone? I need to know how I can display my current party Pokemon live based on the RAM; I've seen things like this done before, but I can't find any programs!

(i hope bumping is allowed...)