isleep2late

I added some cool stuff that I mentioned to people on the PP Discord. Instead of telling, I'll just show: - Any-ability (the PK3 0x1E "sanity" byte trick) works in singles and doubles. In MULTI it is intentionally disabled - the shared-party array makes the override unsafe - and the multi receptionist now says so in-game. Everything else in multi (unban, clauses) still applies. - Deoxys forms are fully implemented: per-form stats, battle sprites, party icons, summary screen, and a PKHaX box icon; default form gets Attack/Defense/Speed correctly; trading keeps the partner version's form. - Flexible party size: Battle Tower singles 1-6, doubles 2-6 (multi stays at the legal 2) - Soul Dew un-nerf restored inside the Frontier.

Hey @SmolJoltik, this is fantastic work! That per-slot forme-check the facility scripts run on your selected team was the issue, and ripping it out lets Giratina keep its forme in the Frontier. Thank you for laying out the precise script/function/segment for every facility (367/fn90, 377/fn79, 378/fn29, 379/fn29) - that saved a ton of blind digging. I implemented your fix a slightly different way that might help anyone who'd rather not recompile scripts in DSPRE. Instead of deleting the CMD_798 segments out of each facility script one by one, I patched the command's handler directly. CMD_798 maps to the routine that reverts a single team member's forme (the one that checks species == Giratina/Rotom/Shaymin and snaps them back to base/Altered/Land, and also hands the Griseous Orb back to the bag). That routine already has a clean early-out, so flipping one branch makes it always return "nothing to revert." A single 2-byte edit and every facility (Tower, Hall, Castle, Arcade) stops reverting, no script recompile needed: overlay 5, RAM address 0x021F6DC2: change 01 D1 (bne) to C0 46 (nop) Two things I found while I was in there that build on your discovery: 1. There is a SECOND Giratina revert I don't think your script fix reaches. The battle engine itself snaps Giratina-Origin back to Altered "before the turn" when it isn't holding the Griseous Orb - which is exactly the leftover symptom you mentioned for Castle and Arcade, where the facility strips your held item. That one lives in the battle overlay and you can kill it too: overlay 16, RAM address 0x02259FBD: change D1 (bne) to E0 (b) After that, Origin stays Origin even with no orb, so the Castle/Arcade caveat goes away. 2. While I was unbanning everything I also removed the species clause and item clause at all facilities, and un-nerfed Soul Dew in the Frontier (the game secretly switches off its +50% boost there). I wrote the whole thing up in a bigger thread - and I put together a single xdelta patch so people don't have to touch a hex editor at all. I also credited you in my post for discovering this! Thanks again. -IS2L UPDATE 6.13.26 Quick follow-up now that the full Platinum build is finished and tested: - Arceus now keeps its Plate typing in EVERY facility format, including DOUBLES. There is a hidden eligibility/distinctness check that quietly bounced a Plate-Arceus out of doubles team selection; neutralizing it lets Plate-Arceus play doubles with the correct type. (Singles already worked.) - Flexible party size: the Battle Tower now accepts 1-6 in singles and 2-6 in doubles. This was done by widening the team buffer in the pokeplatinum decomp and rebuilding, not by a hex edit - a raw byte poke to the party-size limit crashes on team confirm because the team buffer is a fixed size. Multi/Castle/Arcade stay at their legal limits. - AbilityLock: if you give Shaymin or Giratina a hacked ability in PKHeX, the forme-change setter used to overwrite it back to the species default. One edit makes the setter only recompute the ability when it is the legal one, so a hacked ability now survives the Land<->Sky / Altered<->Origin swap. I packaged all of this (forme fix + unban + Species/Item Clause + Soul Dew un-nerf + Arceus typing + 6-mon + ability-lock) as a single source patch so nobody has to hex-edit. Credit to SmolJoltik for the forme-revert discovery that made it possible.

Hey @MasterKirby1982 sorry it took me ages but I finally cracked both halves of this - the PWT freeze AND the clauses - and it is tested working now. Those a/1/0/6 files (20-22 Subway, 33-36 PWT, plus the Battle Institute set) are not just a banlist. Each is a fixed 188-byte regulation STRUCTURE. I decoded the whole thing: - 0x02, 0x03 = party size, i.e. how many you bring (3 single / 4 double / 6 triple). This is the LEGAL LIMIT. Leave it alone - if you raise it you can pick too many Pokemon and the game crashes on team confirm. That is the "submitting more than 3 freezes the game" bug; the old edits were bumping this. - 0x04 = 0x32, the Lv50 cap - 0x05 = facility id (02 Institute, 03 Subway, 04 PWT) - 0x08 = the SPECIES clause (00 = enforced, 01 = duplicates allowed) - 0x09 = the ITEM clause (00 = enforced, 01 = duplicates allowed) - 0x1C to 0x77 = the species banlist bits (MeroMero's C0 / 0E / C0 07 / 98 7E / D8 03) - 0xBA = the per-mode / cup index: 0/1/2/3 for PWT single/double/triple/rotation (0/1/4 for Subway) Two separate things were tangled together: The freeze. The old "zero everything from C0 to the end" wipes 0xBA along with the bans. 0xBA is how the PWT bracket loader knows which tournament this regulation is for - zero it and it loads a broken/duplicate regulation and black-screens exactly where you saw it. Keep 0xBA and the freeze is gone. The Subway never froze because the Subway edits never touched 0xBA. The clauses. They are NOT in the banlist and NOT at 0x78 / 0xB5 / 0xB8 (I tried all of those and the "Some Pokemon are holding identical items" message kept firing). They are the two adjacent flags 0x08 (species) and 0x09 (item). Set both to 01 to drop "no duplicate Pokemon" and "no duplicate items." The game itself ships the link/wifi regulations with these at 01, so it is a known-good value. So the clean recipe, per banning file (Subway 20-22, Institute 10-14, PWT 33-36, every mode): - zero the banlist bitfield, 0x1C through 0x77 - set 0x08 = 01 (species clause off) - set 0x09 = 01 (item clause off) - LEAVE 0xBA alone (cup index - stops the PWT freeze) - LEAVE 0x02 and 0x03 alone (party size - keeps the 3/4 limit so it does NOT crash on team confirm) Same file length, no bytes added or removed. Legends unbanned + both clauses off, on all the offline facilities at once, with the party limit and tournament structure intact - no freeze, no crash. This is confirmed working in-game (Black 2 and White 2): banned legends register in Subway and PWT, you can run duplicate Pokemon and duplicate items, the team caps at the legal size, and PWT loads its bracket instead of black-screening. Thanks for documenting your freeze in such detail. I created a patch you can use on a clean black/white 2 in my Github repository. -IS2L UPDATE 6.13.26: Revisiting this with a clean, one-shot patch. I wrote a small pure-Python patcher (and prebuilt xdelta patches) that removes the ban list, Species Clause, and Item Clause from the Battle Subway, the Battle Institute, AND the PWT on both Black 2 and White 2 in one pass, while KEEPING the legal party-size limit and the PWT cup index - so it never freezes on team confirm or black-screens the bracket. It edits the regulation NARC a/1/0/6 length-preservingly. There are two honest limits for BW2 specifically: - More-than-3 Pokemon: So long as there is no decomp for gen 5, I think this is effectively not possible with our current technology, so the fixed team buffer can only be widened by ARM code injection, which needs a live debugger rig. - I also added a separate data fix so a hacked-form Arceus reads its form's type (Ghost form plays as Ghost, etc.) in BW2.

I've created a fork of PKHeX in my "Un-Nerf Compendium" repo that allows one to do what xJakub's Pikasav can do in Gen 1/Yellow (https://github.com/xJakub/PikaSav ). This PKHaX release also includes the ability to gen any ability onto a Gen 3 Pokemon in Emerald *So long as you've patched Emerald* See:

Good news everyone! I finally figured out how to remove the Species clause and Item clause and I've included the working patch/mod over at my Un-Nerf Compendium repository (click this link). The banned-species list is data (the int32[18] blob in global-metadata.dat at 0x666A32 — dex 150/151/249–251/382–386/483/484/487/489–493), but the species clause and item clause are not data — they're code, so zeroing the banlist alone leaves "no two of the same Pokémon / item" in place. Here's where all three actually live and how to lift them in one shot. Class Dpr.UI.UIBattleMatchingTeamSelect, methods GetRegulations / GetRegulation (3 overloads). Per party member, each method: - reads a regulation flag — [reg+0x2E] = no-same-Pokémon, [reg+0x2F] = no-same-item — and if set, calls a duplicate-finder whose bool (bit0 = duplicate exists) is tested by the next tbz/tbnz w0; - calls Dpr.PokeRegulation.CheckLegend(species) (bool, true = banned legendary). Replace each "bl <check>" with "mov w0,#0" (00 00 80 52) -> "no violation / not banned". 8 sites: 3 species + 3 item + 2 legend. Heads-up on dead ends I burned time on: PokeRegulation.CheckBothPoke/CheckBothItem have zero callers (reflection/dead), PokeDupeChecker. is the anti-clone box flagger (not the Tower), and EvCmd_BTWR_SUB_CHK_ENTRY_POKE is a return 1 stub. The live checks are the 8 above. pchtxt - Brilliant Diamond (build 94CEAE325C205C4B9D6F7235552F28FD) @nsobid-94CEAE325C205C4B9D6F7235552F28FD @flag offset_shift 0x100 @enabled 01BF2298 00008052 // species 01BF2324 00008052 // item 01BF2538 00008052 // species 01BF2580 00008052 // item 01BF2BE8 00008052 // species 01BF2C4C 00008052 // item 01BF220C 00008052 // legendary ban 01BF2B8C 00008052 // legendary ban pchtxt - Shining Pearl (build 38F59CBDA2EB9C44B72F94C4D25935A2) @nsobid-38F59CBDA2EB9C44B72F94C4D25935A2 @flag offset_shift 0x100 @enabled 0205AB8C 00008052 // legendary ban 0205AC18 00008052 // species 0205ACA4 00008052 // item 0205AEB8 00008052 // species 0205AF00 00008052 // item 0205B50C 00008052 // legendary ban 0205B568 00008052 // species 0205B5CC 00008052 // item Drop in <TitleID>/NoTowerClause/exefs/ (TitleID 0100000011D90000 BD / 010018E011D92000 SP), or an equivalently-named <BuildID>.ips. Diamond and Pearl are separate binaries - use the matching one. The Lv.50 cap and everything else are untouched. Reminder that Soul Dew is NOT banned because it sucks in all future gens after gen 6 lol. Hope this helps those who were still interested in this project! This was one of the MANY things I sought to figure out in the mass removal of battle tower/frontier/maison/tree banlists. And this was probably the last one I will work on/be releasing now that I've unbanned Sword/Shield, USUM, ORAS, and Emerald. Hope you all enjoy! -IS2L

This was a fun little project someone from the PH community requested. Here's the link to the patches (modded PKHaX.exe also in the release page). 1. Unrestricted Battle Frontier: Removes the banned-species list and the registration validator's level cap + species clause + item clause** (`AppendIfValid`/`CheckPartyIneligibility`), and un-nerfs Soul Dew inside the Frontier (its +50% Sp.Atk/Sp.Def for Lati@s is normally disabled there). Covers Singles/Doubles/Multi/Link and all facilities. 2. Any ability on any Pokémon: Gen 3 doesn't store an ability — only a 1-bit slot index into the species table, which is why it looked locked. This adds a real per-mon ability ID in the unused PK3 Sanity byte 0x1E (outside the checksum), and patches every site that sets a battler's ability to read it. Set it with the included patched PKHeX (Gen-3 Ability dropdown now lists all 78; pick one, save). Key offsets (clean Emerald USA/EU): banned list `0x08611C9A`; `AppendIfValid` NOPs at `0x081A3F5E` (level), `0x081A3F82` (species), `0x081A3FA8` (item); Soul Dew gate `0x080697A0`/`0x080697D6`; ability hooks read PK3 0x1E with routines in free space `0x0837F260`, hooked at `0x0806AA2A`, `0x0806B694`, `0x0804C99A`, `0x0803AD68`, `0x0806BC62`. Files: three IPS (frontier-only / ability-only / full) + `PKHeX.exe` (net10, needs .NET 10 Desktop Runtime) + source. Apply to a clean Emerald; saves are cross-compatible. This project was assisted by the developments/contributions made by pret many years ago. Patched routines verified in Unicorn, behavior confirmed in-game (Soul Dew and Huge Power both measured dealing boosted damage). Here's the full write-up and a video demonstration. -IS2L *UPDATE*: For those interested in playing with the Emerald patch, I created a custom PKHaX program with the latest source code ( https://github.com/kwsch/PKHeX ) you can find here: https://github.com/isleep2late/Un-Nerf-Compendium/releases/tag/PKHeX This version of PKHeX now only lets you edit any ability in gen 3 but also lets you modify sprites/typing in Gen 1 the same way Pikasav can do. See:

If you want the quick way to do this, here is a link to the Sword/Shield part of the Un-Nerf Compendium containing the patch and how to apply it :) Hey all! Once again, we have made some breakthroughs into ROM research, including removing Battle Tower restrictions and giving permanence / persistence to the Crowned Zacian / Crowned Zamazenta / Eternatus Eternamax formes! Ethical Disclaimer: Research was AI-assisted, but verified by me. Two small `.pchtxt` code mods for Pokémon Sword & Shield, for personal/offline use on emulator (built and confirmed on Eden v0.2.0, game v1.3.1). Both are tiny IPSwitch text patches - no ROM redistribution, you supply your own dump. Sword and Shield offsets included. --- 1) FormePersist - Crowned Zacian / Crowned Zamazenta / Eternamax Eternatus stay set Set the forme in PKHeX and it now persists through save + reload with no held item, and shows correctly on the team menu. SwSh treats these as battle-only formes and resets them to base on load; this forces the game's `IsBattleOnlyForme()` detector to return 0 so the reset paths never fire. It's the Gen-8 analogue of the Gen-6/7 Mega/Primal persistence patches. 2) NoTowerClause - Battle Tower species + item clause removed Lets you enter the Battle Tower with **two of the same Pokémon** and/or **two of the same held item**. SwSh's Tower has no banned-species list - the species clause and item clause are the entire restriction - so this lifts it fully. All other entry checks are untouched. --- **Install (Eden/Yuzu):** drop the title-id folder into `…\eden\load\`, e.g. `…\load\0100ABF008968000\NoTowerClause\exefs\noclause.pchtxt` (Sword) / `…\load\01008DB008C2C000\…` (Shield), then Properties -> Add-Ons -> tick it. (Make sure the GDB stub is off.) Patch contents (v1.3.1): FormePersist - `IsBattleOnlyForme` -> return 0: ``` Sword @nsobid-4628A512… Shield @nsobid-DBDDD138… 013AE910 00008052 013AE940 00008052 013AE914 C0035FD6 013AE944 C0035FD6 013AEC68 1F2003D5 013AEC98 1F2003D5 ``` NoTowerClause - force the per-slot duplicate-species & duplicate-item flags to 0: ``` Sword Shield 014F9654 08008052 014F96C4 08008052 014F965C 19000014 014F96CC 19000014 014F96DC 09008052 014F974C 09008052 014F96E4 1B000014 014F9754 1B000014 ``` Two Eden gotchas if you roll your own: `@enabled` is mandatory (without it Eden applies zero bytes), and use `@flag offset_shift 0x100`. Offsets are for v1.3.1 (build IDs above); a different game update needs them re-derived. Single-player/offline use - don't take these into pvp battle without your opponent's permission. (Bonus in the same folder: `DynamaxCandyAll`, a one-liner that lets you feed Dynamax Candy to the three legendaries. Actually letting them *Dynamax* is a RomFS personal-table flag - `CanNotDynamax` - i.e. the pkNX edit, not a code patch.) Here's the article explaining the in-depth reverse-engineering behind removing Battle Tower restrictions. And here's the deep dive into permanent formes for Gen 8. -IS2L *If there's any additional discoveries for Sword and Shield, I will just addend this thread so that I don't clog up the rest of the forums. Will make the title of this post reflect that.*

Chapter 5: Permanent Mega/Primals/Hoopa-Unbound Persistence through saves Before I get started, I just want to say a LOT of exciting things are happening/being discovered. If you've been following the Battle Maison/Battle Tree restriction post (click this very long hyperlink to get there), I discovered how to remove the Item/Species Clause AND specificically for ORAS, how to bypass the 510 EV limit, a feat once thought to be impossible. Now onto the real deal. I didn't want to clog the forums with literature so I'm consolidating all/most of my findings into this thread. I created a small code patch that stops Gen 6/7 from resetting battle-only / restricted formes when you load a save. Set a Mega (or Primal, Hoopa-Unbound, Necrozma Ultra-Burst, Zygarde-Complete, etc) on your party with PKHeX and it now STAYS through save + reload - on your team and in the PC. If you'd like to cut to the chase, say no more. Here's a link to the GitHub containing the patch and how to apply it. By design, X/Y, OR/AS, S/M and US/UM run "normalize formes" routines outside of battle that quietly call `ChangeFormNo(baseForme)` on your Pokémon - on save-load (Mega/Primal), on the field clock (Furfrou 5-day / Hoopa 3-day), at night (Shaymin-Sky), on PC deposit, in Pokémon refresh, and in the Day Care. That's why a PKHeX-set Mega snaps back to base the moment you boot. This patch NOPs those revert calls and leaves the forme setters untouched (you can still Mega Evolve in battle, use the Prison Bottle, etc.). Net result: the forme you store is the forme you keep. Fusions (Kyurem-B/W, Necrozma Dusk-Mane/Dawn-Wings) already persist and need nothing. In-battle stance formes (Aegislash, Wishiwashi, etc.) are handled by the battle module and aren't touched, so battles still behave normally. How to use: 1. Decrypt-dump your game (Mega/Primal-persist works on a decrypted `.cia` or `.3ds`). 2. `python formepersist.py YourGame.cia` - the Mega/Primal fix is auto-located, so it should theoretically work on any of X/Y, OR/AS, S/M, US/UM, any region/version (However, this was mostly tested on Ultra Moon and ORAS, but the patch should absolutely work on Ultra Sun because the location on Ultra Sun is in a slightly different location than Ultra Moon and was found. XY/Sun/Moon are the wildcards.) 3. Add `--full` for the complete forme set on US/UM and OR/AS (verified address tables included). 4. The script re-fixes the ExeFS/.code hashes (and TMD for `.cia`), so the build still installs and boots in Citra/Azahar/Lime3DS. Notes - This edits a decrypted personal dump - Nothing copyrighted is distributed. - It's for casual single-player use. Semi-relevant but not for this specific channel: Sword/Shield first pass (LayeredFS `.pchtxt` for Crowned Zacian/Zamazenta + Eternamax) is in testing - different mechanism (formes are derived from held item / story flag rather than reset), so it's a few NOPs in the `main` NSO rather than one. More on that once it's confirmed in-game. Feedback welcome - if a specific forme still reverts on your version, tell me which game/version and I'll add it. Here's an article for a deep dive on how this was discovered. ADDENDUM 6.13.26 Correction to my earlier note: Hoopa-Unbound did NOT actually persist with the simple ChangeFormNo NOP I first described. Hoopa reverts through a destructive multi-call reset block (several calls that tear the forme down), which is different from the single normalizer the other formes use. The fixed version auto-detects and neutralizes those blocks (AS/OR has 11, US/UM has 6). With that, Hoopa-Unbound finally persists across save/reload like the other formes. Please disregard the original "Hoopa persists" wording. New, related findings since then: - Arceus form-driven typing as a length-neutral CODE patch (a getter cave): hold the Plate -> Multitype type as normal; hold no Plate -> the PKHeX form's type (Ghost form reads Ghost, etc.); the form persists. Ships for ORAS and USUM (USUM also covers Silvally). - USUM ability un-nerfs: Prankster, Gale Wings, Parental Bond, and Soul Dew restored to pre-nerf behavior, with the in-game ability/item description text rewritten to match. - Protean on Arceus: WORKS in USUM (gen 7), does NOT in ORAS (gen 6). In gen 7 there is a literal type-lock species list {Arceus, Silvally}; clearing it lets Protean re-type them. Gen 6 has no such list - ORAS re-derives Arceus's type from its form every move as part of the Multitype machinery, and that re-derivation is fused into the move pipeline, so it overwrites Protean and could not be removed without breaking move processing. Castform and Kecleon Protean work fine in ORAS (no species block on them). So: gen-7 Protean-Arceus = solved; gen-6 Protean-Arceus = open.

Sorry I haven't followed this thread in a while - I plan on documenting how to remove the banlist restrictions for all / most of the games eventually and putting them on a repo - you will eventually see that posted on GitHub. But I have something VERY exciting to share: I discovered how to REMOVE the items and species clause in Battle Tree! The GARC location is at a/1/4/1 (RomFS) - the Battle Tree / facility rule-set table. It's a GARC of 25 rule records, 1192 (0x4A8) bytes each. Every "real" battle mode record carries two clause flags in its header: - offset +0x0E = Species Clause (no duplicate species) — `01` = on - offset +0x0F = Item Clause (no duplicate held items) — `01` = on Set both to `00` and the clause is gone (and the rules screen flips to permitted). These flags are independent of the banlist — the Normal-course records (no level cap, no banned mons) carry them too, which is why the clause applied even in Normal mode. Exact HxD edits Open a/1/4/1 in HxD and change `01` -> `00` at all 28 offsets below (14 records × 2 bytes). These file offsets are identical in both Ultra Sun and Ultra Moon (the rule table is the same in both): Record (mode) - Species Clause (+0x0E) - Item Clause (+0x0F) Super Single | `0x006F2` | `0x006F3` | Super Double | `0x014EA` | `0x014EB` | Super Multi | `0x022E2` | `0x022E3` | Super (variant)| `0x030DA` | `0x030DB` | Normal Single | `0x03A2A` | `0x03A2B` | Normal Double | `0x03ED2` | `0x03ED3` | Normal Multi | `0x0437A` | `0x0437B` | facility 06-1) | `0x04822` | `0x04823` | facility 06-2) | `0x04CCA` | `0x04CCB` | facility 06-3) | `0x05172` | `0x05173` | facility 07) | `0x0561A` | `0x0561B` | facility 08) | `0x05AC2` | `0x05AC3` | facility 09) | `0x05F6A` | `0x05F6B` | facility 0A) | `0x06412` | `0x06413` | In every case the byte currently reads 01; change it to 00. (If you only care about the main Battle Tree, the first 7 rows cover Super + Normal Single/Double/Multi; the rest are the other facility variants (not sure which facility variants these are since I haven't played the game normally in a while) - harmless to do them all, since you're only removing a restriction.) After editing, repack/rebuild as you normally would (LayeredFS drop of `a/1/4/1`, or repack the CIA and rebuild the RomFS IVFC hash tree). If you're patching a built .cia directly, find a/1/4/1 in the RomFS first, then apply the same +0x0E/+0x0F edits within it. When you open Battle Tree, you'll see "Permitted" under Items and Species rules! Hope this helps y'all! -IS2L Edit: Just wanted to link the GitHub where I have this stuff documented / patched for people who want an easy solution: https://github.com/isleep2late/Un-Nerf-Compendium MASSIVE UPDATE!!! I have figured out how to remove ALL restrictions in Pokemon ORAS, including 510 EV limit, Species Clause, and Item Clause. You can even play with 6 Pokemon on Battle Maison. See the github for the complete patch, but basically through an extensive series of trial and error I was able to nail down the additional bytes that needed to be changed (FOR ORAS): - Vaddr: 0x1E9734 -> file offset inside code: 0x0E9734 - Find: FE 01 00 00 (510, little-endian 32-bit) - Replace with: FA 05 00 00 (1530 - chosen above the 6x252 = 1512 max, so the total check can never trip while the per-stat </=252 cap still holds) That single 4-byte word is the whole fix. Optional, for completeness: the separate Battle-Spot legality validator has its own copy of this check, same FE 01 00 00 → FA 05 00 00. Its offset is title-specific (OR/AS code differ by +8 here): - Alpha Sapphire: vaddr 0x4474B8 (file offset 0x3474B8) - Omega Ruby: vaddr 0x4474C0 (file offset 0x3474C0) UPDATE 6.13.26 Status across gen 6/7 now: ORAS Battle Maison has ban list + Species Clause + Item Clause + team-size limit + the 510 EV-total cap all removed. USUM Battle Tree has ban list + Species Clause + Item Clause removed. One caveat worth stating: raising the team-size limit ABOVE the legal count (e.g. forcing 6 in a 3-slot facility) crashes USUM on team confirm because the team buffer is fixed-size, exactly like BW2 - so the gen-6/7 builds keep the legal party size.

TLDR; Scroll all the way down to the bottom of this post to see the GitHub where I provide a simple solution to how you can accomplish this. See next message for Permanent Megas & Hoopa-Unbound persistence through save restarts. THIS message applies directly to USUM, but the Permanent Mega persistence and Hoopa-Unbound/Primal Reversion/etc applies to BOTH USUM AND ORAS! Hello everyone! This post is meant to document ALL the progress I made in improving/editing the Gen 7 USUM. As of 6/2/26, you will learn how to remove the nerfs to Prankster, Gale Wings, Parental Bond, and Soul Dew in Pokemon Ultra Sun and Ultra Moon after reading this post (and if I discover anything more, I'll just reply to this thread or edit the post if need be). So full disclosure - I've spent many years trying to figure out how to crack the Gen 7 code, and with our current age of technology it was made possible. I was able to reverse engineer a lot of the USUM battle engine with heavy use of an AI assistant for some of the grunt work, including decompiling, scanning the save-state RAM, and cross-checking. I drove the project, supplied the save states, and verified every step in-game myself. What I've outlined here is reproducible, so you don't have to take my word for any of it. This post is for research purposes. Chapter 1: How to remove Dark's immunity to Prankster So my goal was to Gen 6 Prankster behavior in Ultra Sun / Ultra Moon - status moves from a Prankster user can once again affect Dark-types (no more "It doesn't affect…"). Tested and working. --- The fix (if you just want it) In Battle.cro (from the RomFS), change one byte: Offset: 0x24B14 Before: D1 FF FF 0A After: D1 FF FF EA (Only the last byte changes: 0x24B17, 0A -> EA.) That's it. This flips a conditional branch to an unconditional one so the engine stops failing Prankster-boosted status moves against Dark-types. It does not touch any other immunity (powder/Grass, trapping/Ghost, type-chart immunities all still work). Installing it - two options: LayeredFS (easy, no repacking): put the patched Battle.cro at %APPDATA%\Azahar\load\mods\00040000001B5100\romfs\Battle.cro, fully quit and relaunch Azahar. Repack the CIA: splice the patched Battle.cro back in and rebuild the RomFS IVFC hash tree + the NCCH romfs hash (signatures can stay broken; Azahar/Citra accept that). Big gotcha: test on a fresh battle after a clean boot, NOT by loading a save state. A save state is a snapshot of RAM that still contains the old unpatched code, so it'll always show the old behavior no matter how you patch the files. --- How it was found (short version) Gen 7 added: a Prankster-boosted status move that hits a Dark-type fails. I wanted that gone on the actual game, not just on a Showdown server. The hard part: the check isn't a simple if (ability == Prankster). USUM's battle engine (Battle.cro) is a Showdown-style event-dispatch system, and its handler tables are filled in by the loader at runtime meaning they're blank in the file on disk. So static analysis in Ghidra just saw zeros where the logic should be. That blocked progress for a long time (and produced several "patches" that did nothing - including one that accidentally targeted the text formatter, because `158`/Prankster also shows up as a text token). What cracked it: a Citra/Azahar save state. A .cst is a zstd-compressed snapshot of console RAM - decompress it and you get ~302 MB with all the runtime relocations already applied. From a save state of Prankster Shuckle vs. Dark Tyranitar, I could: - read the real, populated dispatch tables for the first time; - find the actual battlers in memory and diff their type fields - that pinned the type cache at battler+0x1E4/5/6, with Dark = 0x10 (Tyranitar showed 05 10 12 = Rock/Dark/none; Shuckle showed 06 05 12 = Bug/Rock/none); - locate the engine's hasType() function and find the single place in the whole binary that calls hasType(target, Dark) - that's FUN_05024868, the per-target immunity filter. Its Dark branch is basically the Showdown rule: target is Dark AND move was Prankster-boosted AND it's an opponent → "It doesn't affect…" + the move fails on that target Patching the first branch of that check to always "keep" the target removes the immunity. Confirmed in a fresh battle: Thunder Wave / Will-O-Wisp / etc. from a Prankster user now land on Dark-types. --- Notes / credits - This is one piece of a broader "restore Gen 6 abilities" project (Gale Wings, Parental Bond, Soul Dew are next). - Prankster's +1 priority is separate (it lives in `code.bin`); this patch only removes the Dark immunity, leaving the priority boost intact — i.e. true Gen 6 Prankster. - Method that made it possible, in one line: when a binary's tables are loader-relocated, stop fighting the static image and read a save state instead. If you're interested in learning more here's a thread I made on hackmons.com that details more information. --- Chapter 2: How to remove Gale Wing's HP restriction What this does: restores Gen 6 Gale Wings in Ultra Sun / Ultra Moon - its +1 priority on Flying-type moves applies at any HP, not just at full HP. Tested and working in Azahar. --- The fix (if you just want it) In Battle.cro (from the RomFS), change one instruction (4 bytes): Offset: 0xDA514 Before: 09 00 00 0A (`BEQ`) After: 00 F0 20 E3 (`NOP`) Install it exactly like the Prankster patch (LayeredFS drop, or repack the CIA + rebuild the IVFC hash tree). Same save-state gotcha: test on a fresh battle after a clean boot, not a loaded save state. The two patches are independent and can both live in the same Battle.cro. --- How it was found (short version) Showdown's Gen-7 Gale Wings is literally: if (move.type === 'Flying' && pokemon.hp === pokemon.maxhp) return priority + 1; The job was to find that "hp === maxhp" gate in the ROM and delete it. Same wall as before - the logic is event-dispatched, not a hardcoded if (ability == GaleWings), so the on-disk binary is unhelpful. This time the breakthrough came from two save states + a live hardware watchpoint: 1. Save-state static pass narrowed it down: there's no cmp #0xB1 (Gale Wings' ability ID) anywhere in the battle module, confirming it's dispatched. The priority logic turned out to live in the core executable (code.bin), reachable via a mapping I derived from the save state (blob = vaddr − 0x100000 + 0x1266A). 2. Live watchpoint (a small Python GDB-stub script) on the Gale Wings Pokémon's HP, run in a fresh battle at full HP vs. below full HP, caught every function that reads HP during the turn. Cross-referencing those against a static scan found a clean IsFullHP(mon) helper (curHP == maxHP -> bool) at 0x7663BC. 3. Of the 13 registered event-handlers that call IsFullHP, exactly one - the handler for the priority event 0x11 at 0x7B74E4 - also checks move type == Flying and adds 1 to priority. That's Gale Wings, byte-for-byte matching Showdown: bl IsFullHP ; curHP == maxHP ? cmp r0, #0 ; beq skip ; <-- the Gen-7 nerf (this branch becomes NOP) ... GetMoveType == 2 (Flying) ? ... GetPriority -> +1 -> SetPriority NOP the one branch and the +1 applies regardless of HP, while the Flying-type check stays intact. Here's a detailed breakdown of Gale Wings in the Battle Engine for more information. I will be sharing the expanded details of each of these modifications in these separate links so as not to "clog" up these forums lol --- Chapter 3: How to make Parental Bond's second hit do 50% damage instead of 25% What this does: restores Gen 6 Parental Bond in Ultra Sun / Ultra Moon - the second hit deals half damage instead of the Gen 7 quarter. Tested and working in Azahar. --- The fix (if you just want it) In `attle.cro (from the RomFS), change one byte: Offset: 0x24EAC Before: 01 0B A0 13 (`movne r0,#0x400` = 0.25×) After: 02 0B A0 13 (`movne r0,#0x800` = 0.5×) Same save-state gotcha: test in a fresh battle after a clean boot, not a loaded save state. All of these patches are independent and coexist in one Battle.cro. --- How it was found (short version) Showdown's Gen-7 Parental Bond applies chainModify(0.25) to the second hit; Gen 6 was 0.5. So the task was to find the per-hit damage multiplier and double the nerfed value. The trick was not to chase the ability ID (185 / 0xB9) - event-dispatched engines don't keep tidy "if (ability == ParentalBond)" branches, and my first attempt keyed off the wrong ability byte and did nothing in-game. Instead I chased the damage math: - The engine uses Q12 fixed-point multipliers (0x1000 = 1.0x, 0x800 = 0.5x, 0x400 = 0.25x). - In the move-execution function (@vaddr 0x701D68), on the live 2nd-hit call chain, the 2nd+ strike of a reduced multi-strike move loads 0x400 (the Gen 7 quarter) and feeds it to the damage builder (0x75BCE4); the first hit uses 0x1000. - That 0x400 is an instruction immediate at @vaddr 0x701EAC. Changing the encoded value 0x01 -> 0x02 makes it 0x800 (0.5x). The first hit (1.0x path) and ordinary multi-hit moves (Bullet Seed, etc., which take the 1.0x path) are untouched - only the reduced second strike changes. Live-confirmed: with a Parental Bond user vs a fixed target, hit 1 = 50, hit 2 = 24 (ratio ~ 0.48, i.e. half), where Gen 7 had it at a quarter. Numbers read off-screen and cross-checked against the Smogon calc. Here's a link to further documentation on how this was made possible. --- Chapter 4: How to buff Soul Dew back to Gen 3-6 mechanics This is the big one, and it's not a byte flip - Gen 7 deleted the stat logic and replaced it with a +20% Psychic/Dragon move-power effect. I disassembled the Gen-6 handler out of ORAS's DllBattle.cro, rewrote it for USUM's engine, and injected it as a new handler into a code cave in Battle.cro, then repointed Soul Dew's existing handler at it. - Mechanism: event 0x47 (damage modifier), arg 0x35 (Q12 multiplier). Offense sets 0x1800 (1.5x), defense sets 0xAAB (0.667x incoming = +50% Sp. Def). Special-category gate GetEventArg(0x1e)==2; species 0x17C/0x17D (covers Mega formes too). - Code cave: the alignment padding between .text and .rodata (file 0xFC974/vaddr 0x7D9974) - genuinely free at runtime and inside .text's executable page. (The obvious-looking interior "zero gaps" are relocated pointer tables - zero on disk, overwritten at load. That trap cost me three crashes; validate caves against the loaded RAM image, not the file.) - Verified in-game: Psychic (resisted) dealt 12 to a Lv50 Latios - below the 15-damage floor any unboosted Slowbro could deal -> Sp. Def boost proven; Oblivion Wing (non-STAB) chunked a bulky Slowbro ~50%/hit -> Sp. Atk boost proven. Here's the complete walkthrough and documentation of how Soul Dew's un-nerf was made possible. --- Last Remarks Because two of these change behavior, I also edit the matching ability/item descriptions in the message archive (a/0/3/2, English: ability descriptions = bank 102, item descriptions = bank 39) so the in-game text isn't misleading. Done with a small Gen-7 text encoder that rebuilds the archive so every other string stays byte-identical, then re-fixes IVFC. - **Gale Wings** -> "Gives priority to the Pokémon's Flying-type moves." (drops "when HP is full") - **Soul Dew** -> "…It raises its Sp. Atk and Sp. Def stats." - **Prankster / Parental Bond** -> no text change (their descriptions never stated the nerfed numbers). Here is the link to some patches I created to make life easier for people (EXPERIMENTAL): https://github.com/isleep2late/Un-Nerf-Compendium (I will be actively maintaining this repository.) Let me know if you have any questions or need help with anything! -IS2L

Hello! I haven't posted here in a while but I thought I'd share something really cool that I discovered while messing around with Pokemon Yellow. So I'm not sure how many of you know this, but there is a save file editor that actually exists on this website (though it originated elsewhere, you can find the upload by @theSLAYER here, developed by "Ritchie") that can do a lot more than what PKHeX can currently do in the Gen 1 games. This save editor lets you change a Pokemon species without changing the actual sprite of the Pokemon. What that means is that you can have a Gyarados sprite on a Pokemon with Mewtwo stats, and you can even change the typing of the pokemon so that it looks like a Gyarados, but it has Mewtwo stats, while being a Normal/Ghost type. Well as it turns out, while messing around with this, I discovered that the back sprites of some of these Pokemon look a little different. I first noticed this with Gyarados, but then I tried this on other Pokemon as well (namely Charizard, Blastoise, and Venusaur), and if you play Yellow and have a save file, you can actually replicate this phenomenon yourself. I couldn't find any documentation about these new sprites on the internet, so I don't know how many people actually know about them. Figured I'd at least share it here (year is 2025 and these games have been around for decades lol) so that someone can actually confirm whether these are in fact undiscovered sprites or if this is a well-known thing. I'm uploading screenshots of the game so that you can see what I'm talking about. Kinda neat! -IS2L

Thanks a lot @Pocket Monsters for the confirmation! Few things I want to note: I briefly skimmed through the rest of the directory that I found the banned list in. Unfortunately I did not find the segment that removes species/item clause, but I know it's in the code somewhere. If you go through the actual hex data (not using Imposter's Ordeal, but just something like HxD or another hex editor), you will find that the location of the banned list is peculiarly near some other binaries that contain what *looks* like the species clause. (In Gen 7, "0E" determines whether the species clause applies and "0F" determines whether the item clause applies). You'll see 0E and 0F within the proximity of the legendaries banlist, but zeroing them out will either give you an error or there's a likelihood that I'm just not doing it correctly. Anyway, I'm currently done with this project for the time being, but I would definitely be interested in following if anyone finds a way to remove the item/species clause. The only quality of life this provides is that it allows you to run multiple Arceus's w/ different typing, different deoxys formes in the same team (might be useful in a doubles battle). But again, I'm not gonna lose sleep if this never gets figured out. Cheers! IS2L

Hey... so I'm back from my 3-4 year slumber to put out another contribution to the ProjectPokemon community, and this one I think a small group of BDSP gamers would appreciate: I did it! I FINALLY figured out how to remove the BDSP Banlist, and it took a *very long time*. (At least, I THINK I removed it. I am just incredibly excited bc I believe this is the mod that does it). Here's a visual/proof that this method works, and then I'll share what I did. As you can see, Jirachi and Dialga are legal in my Battle Team. (I almost had a panic attack when I saw this because I actually could not believe I figured it out). OKAY, now that that's out of the way, here's the process: I used a program called "Imposter's Ordeal". Now, IDK what is allowed on this forum and what isn't. I know sharing certain things like rom's or how to hack your switch/emulation might not be allowed, so I'm going to refrain from talking about those particular things. And I'm not even sure if Imposter's Ordeal is something that is allowed here, so if it isn't, then please let me know and we can figure out another solution. I only say this because Imposter's Ordeal seems like an incredible resource that I'm surprised nobody has ever talked about on PP lol. But anyway, you're going to want to open that program and use it on your BDSP game. Open "Global Metadata Editor" and the first thing you're going to see is "Assembly-CSharp.dll", "<PrivateImplementationDetails>", and then a bunch of random letters and numbers in the third column. Scroll all the way down until you see the line of code that reads "4DBCB2BACE8C9D7E1BA528261F46...". Under the fourth column, you're going to see a bunch of binary/hex editor data. Turn all of those into "00 00 00..." while making sure you don't alter the size of the code/amount of binary data. (If you're wondering how I figured out it was this specific line of code, the answer is 'yes' lol). Close out of that window once you're done, hit "Export and Exit", and wah lah! You've created a mod that you can load onto your game and find that (at the very least) Jirachi and Dialga will show up as in the above image. Hope this information helps! I'm just so excited that I actually figured this out, I wanted to share it with the rest of the team, and hopefully this enhances your play experience, and for anyone out there who wants to create your own romhack of BDSP (as I know people like to do such of that), I hope this gives you a nice little added feature). I'm sure this line of code can be edited to fit your needs, for example if you wanted to ban other pokemon. Not sure why you'd want to do that. Last but not least, I want to give credit where credit is due. Want to thank @ABZB for helping out with the start of this project. Want to thank @Robie777 for contributing the post-game save file that I used (which also is the save that you see in the image above). That save can be found here: Want to thank Nifyr on github for hosting the Imposter's Ordeal randomizer that really helped organize the structure of the data in a way that PowerGREP or HxD couldn't. Want to thank the mods/big names out there (theSlayer, Kaphotics, etc.) who have made this rom/save editing community fantastic. After all, I'm going to look forward to using PKHeX to make some OP mon's on BDSP for funsies now lol. Want to thank Nintendo/ILCA/The Pokemon Company and the Unity engine for making possible what is probably one of my top 5 Pokemon games now. And finally, I want to thank all those who supported me during my long hiatus. Like I said, I left social media/content creation because of that toxic cyberbully from another gaming community (seems that person is now banished from multiple other groups, so I feel a lot more safe now). Will I ever come back? Idk yet, but I definitely enjoyed being part of ProjectPokemon. Anyway, let me know if you have any questions, or if there are any issues with the game. Please be aware that as I went through some of the metadata, it is VERY possible that the wrong modification could ruin your save (you have been warned). So if you're going to continue playing w/ Imposter's Ordeal and/or venture further into the binary data of BDSP, I would recommend backing up your save file and if things go wrong, just remove/undo the mod and restore your save. Cheers! -IS2L *UPDATE 1/11*: Please note that this does NOT affect the item or species clause. Those will still be in effect. After discussions in our PP discord, it's very likely that these rules can also be lifted, but I actually don't care too much about the item/species clause. It would be nice to be able to have both Deoxys A and D on your team, but it's not too big a deal. Anyone else feel free to dive into this project as I'll probably be very busy in the coming weeks/months