quantumsource

excellent tool!

thanks

Hey I am wondering the same thing. I have extracted the data and tried to decode or open with many different image formats but can't figure anything out yet. Have you made any progress

If the wondercard (notice no 's', as I think mew is the only one so far) is not stored in the save file, do we have any idea where it is stored?

Is it presumed that its in memory only?

I have noticed that when you get the mystery gift the Pokemon immediately gets added to your dex and your box. There is no collecting the Pokemon from delivery man or anything in this game, so there may be a problem injecting mystery gift files even if we did find a way to dump them.

I hope there will be a way to get Mystery-gifts dumped and injected in Sword and Shield. Firstly, as I want the dual bundle bonus, but found it way cheaper to buy desperately through amazon with 10$ credit for each.

But I digress. If the card is inject-able somehow I would like to know?

Has someone found the updates for Ultra sun and ultra moon.

what I mean is I was able to use the code in the first page, but the resultant video file when opened in pkhex(even though it doesn't complain) shows no Pokemon

Seriously no mention of a national dex again?!?!

If you gen this into your vc rby save will it transfer to bank (unlike the glitch catch)

25 minutes ago, HaxAras said:

Would it have changed since then? Did it change from ORAS/XY? 

I just checked it didn't change as long as you play video from 1.1, but sadly videos taken in 1.0 won't play in 1.1. however I was still able to extract video gfiles saved with jksm and load them in pkhex just fine.

Has the mem address changed since 1.1 in sun and moon?

1 minute ago, Kaphotics said:

Might want to think about WHY that isn't a feature. If you remember Battle Analyzer from 2013 you'd stay away from developing cheating functionality for public use. Even though you may have the morals to use it responsibly, anyone on the internet can use it  / modify for nefarious purposes.

you make a good point, I'll try to be more careful about possible uses for my curiosity work

Eskuero, love your work, I am trying to apply the logic you use to my own fork of pkmn-ntr so I can use that app to view pokemon data directly. Let me know if you wanna help or get a copy. in the mean time one of the other functions I noticed that pkmnntr lacks(sadly by design) is the abillity to read pokemon team while in link or online battle. I figured you migh t be able to help me figure out the mem locations and maybe some logic to figure that out.

What is the difference between WC6 and WC6Full?

Time ago I asked if this was possible and it indeed was so I spent some time documenting how it worked, but since I did in a painful way that implied dumping heavy pieces of RAM and using an hex editor to choose the correct bytes corresponding to the battle video I just decided to play a bit more around it to document which offsets contains the correct data and how to dump them easier. All of this was done on a New3DS running NTR CFW and doing the dumps over an Alpha Sapphire card, but it should work the same for Old3DS and other versions of six generation games.

Sorry if the formatting with spoilers is annoying, I find it much more cleaner this way

How to recognize a battle video:

After doing a few memory dumps and diving into them using and hex editor I found five regions, I refer to them as slots, that were likely to contain data related to battle videos.

Offsets based on a 0x08000000 region dump of a Pokemon game: 1FBA70, 208E40, 2E74AC, 8D6D30 and 8DED48.

Every battle video has always a size of 2E60 and they always start with the following hex values: 0X 81 E2 00 00

As far as I know X can be anything between 0-9.

Experimenting:

1 - Clean boot of the game without any battle video uploaded and five stored on extdata:

Slot 1 contains data similar to the latest video locally saved but the game crashes trying to read it. Slot 2 contains always a clean 1:1 of the battle video.

Only Slot 2 data can be read by pkhex. Slot 3 and 5 are almost empty while Slot 4 contains lots of unknown data.

2 - Writting a battle code and waiting on preview:

Slot 1 and 2 remains the same. Battle video is almost 1:1 copied to slot 4 and 5. Slot 3 contains traces of the video but PKHeX is unable to read it and the VS. Recorder cannot as well.

3 - Watching the battle video from the code:

Slot 1 and 3 remains the same. Slot 4 and 5 are bloated with unknown data. Slot 2 now stores the clean 1:1 copy of the battle video playing.

4 - Going back with the preview still there:

All remains the same.

5 - Closing the preview:

All remains the same.

6 - Previewing a stored video:

All remains the same.

7 - Watching a stored video:

All remains the same except that the video currently played is now copied onto slot 2.

8 - Closing Vs. Recorder and opening again:

All is back to the initial state except that now Slot 5 contains unknown data.

9 - Reading another battle code and staying on preview:

All is the same as step 2.

10 - Playing the video:

Slot 4 is full of crap. Everything remains the same except that Slot 2 now also contains a 1:1 copy of the video.

11 - Opening preview of another battle code:

Slot 1 stays same as always. Slot 2 still contains copy of the most recent video played. Slot 4 and 5 are identical and readable with PKHeX.

Slot 3 contains references to the actual preview but is no readable by anything.

12 - Watching the video:

Slot 4, Unknown data, Slot 5, 3 and 1 the same. Slot 2 is a clean copy of the battle video.

13 - Uploading a stored battle video, closing and opening VS. Recorder:

No difference in comparisson with step 1.

Conclusion:

Slot 1 -Always stays the same and stores a file similar to the most recent battle video stored on extdata but it's structure makes it unreadable for both VS. Recorder and PKHeX. Contains ekx data.

Slot 2 - Stores a 1:1 copy of the currently played video. Stores that battle video until a new one is started. Of course this contains ekx data.

Slot 3 - Contains several references to battle currently previewed/watched. While is unreadable by PKHeX and by the VS. Recorder it contains ekx data.

Slot 4 and 5 - Sometimes stores nothing, sometimes stores almost 1:1 copies of the battle video previewed that can be read by PKHeX, not by VS. Recorder and sometimes apparently contains PSS passenger data. Not a trustable source.

*I actually doubt this two ones are the only ones with this behaviour.*

So the most trustable way to dump a battle video from a code is dumping Slot 2 while the video is actually playing. This will generate a 1:1 copy of the original file that can be read with PKHeX and even injected onto your own extdata.

Commands for NTR Debugger:

Slot 1 - data(0x81FBA70, 0x2E60, filename='Video1', pid=0x29)

Slot 2 - data(0x8208E40, 0x2E60, filename='Video2', pid=0x29)

Slot 3 - data(0x82E74AC, 0x2E60, filename='Video3', pid=0x29)

Slot 4 - data(0x88D6D30, 0x2E60, filename='Video4', pid=0x29)

Slot 5 - data(0x88DED48, 0x2E60, filename='Video5', pid=0x29)

The pid may vary a lot. For me it's usually either 29 o 2b but the easier way to know is run the command listprocess() and search for pid that corresponds the process named "sango-X" on the list.

SO GREAT, thanks

I made a much better explaination of how to just dump the specific battle video without using an HeX editor here:

https://projectpokemon.org/forums/showthread.php?48749-Dump-online-battle-videos-from-codes

It also provides info about how to get the process pid at any running time.

Thanks so much, reading it now to get a better handle

I managed to succesfully extract it from RAM and after selecting the exact bits I was able to read the file PkHeX. So I will leave what I did

Here's the results of my research:

I did this with a 10.5 New3DS running Reinand CFW and after aplying NTR CFW patches to dump memory of a EUR physical copy of Alpha Saphire.

You ofc need to be connected to the internet, sign-in the Vs. Recorder and write the code of the battle you would like to dump, once it shows the preview of the teams and the trainers teams we're ready to go. Open the NTR Menu > Process Manager > Search on the ProcessList for 0000002d > dump > And choose address 0x08000000.

After pressing A button to choose this option the game will likely trigger that press and attempt to load the battle crashing to a black screen but this is "normal" (in the sense that it always happens and cannot figure a fix for it).

Just wait until a message in the botton screen appears saying that "dump finished at addr: whatever"

Now you will probably have to force the 3ds to shutdown by keeping pressed the Power button until it does.

A new file named "dump_pid2d_0.dmp" will be on the SDCard. Copy that to computer and open it with any hex editor. HxD is really recommended.

There're multiple offsets in this file where your desired battle is stored. Usually it will cloned at many places. They are usually stored at 1FBA70, 208E40, 2E74AC, 8D6D30 and 8DED48.

However if you struggle finding them there and you do not plan making any automated app to import those bits you need to know that the video files always starts with the following hex values "0X 01 81 E2 00 00" where X usually is a 0, I also had a few examples when it was a 5 or a 7. Anyway you need to select every bit after the 0X one I mentioned (included) until you get a length value of 2E60.

Now you open a new file with HxD and copy everything you selected there and save with any desired extension-less name. If you did everything right you should be able to open this with PkHeX to see the 12 Pokemon used in the battle.

Notice that if you have uploaded battles in the past when you enter the Vs. Recorder while connected to internet it will detect those and copy them to RAM.

In my case I had one battle I uploaded in the past, so that was copied to the 1FBA70 offset and the other four I mentioned before were filled with copies of the one I read from the code. You can guess which one is the one you want by looking a bit down after looking for the starting offsets, the name of the trainers involved in the battle should I appear close to it.

[ATTACH=CONFIG]12886[/ATTACH]

Really amazing work, and I think I am quite close to getting this to work for my self, but for one I am on a o3dsxl, but ntr works, and I have a usa version of the game AlphaSaphire, every time I try the debug menu I get inconsistent process ids. first time I got 2e, and guessed it was right seemed to work but only got my own sd card ones. next time I removed all the videos and the last two ids were 28 and 29, tried 28 it worked one time(back before the sd card ones were removed) but when I got the dump file it didn't have the video data. is there a more consistent way to figure out which process it is?

Any help you could provide with the ids or anything here would be greatly appreciated

Is there any information on how to modify the save file to gain this ability for people who don't have sysnand high enough to get the game and had to get it on emunand via shop. Has anyone made a simple program for editing the main file extracted with savdatafiler?

When you use rsavout, it only makes a copy of your save from the system's RAM and places it on the SD card. Other than that, it doesn't write anything to the SD card or to the cartridge.

In fact, using rsavin doesn't actually write anything to the cartridge (or the SD card if you're using a digital copy) - it only loads the save into RAM. Once you actually save the game, THAT's when things get permanent.

I know this because I used the PC box importer to create a few Pokemon in my boxes. After running the exploit and going back into the game, the Pokemon were in my boxes. But then I quit without saving, re-loaded, and the Pokemon were not there.

Now the second part of your question is a tricky subject - it's my understanding that save files are tied to cartridges, so it's impossible to transfer saves between cartridges (including trying to restore your save to a new cartridge if your old one was lost or broken). Unless the new RAM-editing web injection technique changed something, I would avoid backing up and restoring saves to different cartridges. Instead, just use the old box importer/exporter (PCEdit) to transfer Pokemon.

Actually Since the save data copied form ram is already decrypted it should work on other cartridges, this was never possible with powersaves because they were encrypted. But The community saves for games that are inserted into games using savdatafiler work on any copy (except cia versions). So I can not confirm this but I am pretty sure it will work. One with a powersaves should be able to try this safely

I tried something like this a while back and had a problem getting the fonts to load correctly, especially the non english text and symbols. Does it work on yours?

Question (I would try this my self but, at work)

Has anyone tried adding both acro and mach bikes to the keyitems list so one does not need to go to mauville to change bikes in the field?

I am pretty sure it changes the pokemons original trainer secret id to that of the pokemons egg shiney value, therefor making it seem like someone with its shiney value hatched it, but still have all same stats and your tid but not your secret tid

Same percent chance (1:4096); nothing in regards to the PKX struct changed.

I thought it was 1 in 8192 unless you have mausuda method or shiny charm (in which case it would be 1 in 4096)

Why the 3ds has to be 4.1-4.5 when the gateway can support the newest version, can someone explain this to me, please?

The System has to be in 4.1-4.5 to use CFW or to use GW emunand. Gateway only supports newest fw in emunand. the systemnand must still be 4.1-4.5

I know its more about ftpony but I thought I'd ask:

I have GW emunand 9.2 and installed ftpony via cia (though it looks like snes blarg) I installed the cia with bbb tile manager. Its really glitchy and unstable, Sometimes I can't connect and when I can I can't upload or download files. I use filezilla on my windows 7x64 to connect. Also I am having trouble closing the app, home button does nothing most times. Maybe this is cause its a bad cia file, I don't know. but It would be so helpful if I could edit the save and move things without powering off the 3ds to remove the sd card every time I want to edit a save

With save file injection on gen 5 and poke transporter, gen'd pokemon and such are still possible, but its hard to be sure without pokecheck? It would be nice if they released the code for their checking, hell even in python or js, or any language really it would be great to at least help me debug pokmon I gen.

Demo Version 0.2 - Gen 1 PKM only

Attached is a working demo with full GUI interface. If your computer has Java installed, double-clicking the .JAR file should open the program. This is mainly to test compatibility - it would be really helpful to know whether you are able to run this and if an update of Java is required :wink:

Don't get too excited - currently only Generation I PKM files are supported, but the demo will give you an idea of what to expect from the full program. I've coded lots more behind the scenes, including full read/write support for Gen 2, Gen 3 and conversion scripts. The full version will support batch migration as opposed to opening up an editor for individual PKM files, again this is all coded but I need some time to design the user interface.

Included is a sample PKM file, but others from existing Generation I editors should load in too. Please try and break it and let me know what you did!! Try setting the move PP and experience to 999999 and see what happens - the validation is designed to be foolproof and prevent any glitches whatsoever from being introduced. Note that Struggle is unavailable on the dropdown and Pokemon with duplicate moves will have them fixed. Try deleting all of your Pokemon's moves etc.

In the next version, Gen 2 will be supported, though again PKM only at this stage and the "Convert to Gen 2" button will work. The program will detect which sort of PKM file was selected and open up the appropriate editor window.

Thanks for the help and feedback everyone.

Metropolis

Attached where?

does anyone who has powersaves could make some pokemons of mine be shiny?I would appreciate it a lot.

I would be willing to help you out, just pm me and we can exchange info