isleep2late

I added some cool stuff that I mentioned to people on the PP Discord. Instead of telling, I'll just show: - Any-ability (the PK3 0x1E "sanity" byte trick) works in singles and doubles. In MULTI it is intentionally disabled - the shared-party array makes the override unsafe - and the multi receptionist now says so in-game. Everything else in multi (unban, clauses) still applies. - Deoxys forms are fully implemented: per-form stats, battle sprites, party icons, summary screen, and a PKHaX box icon; default form gets Attack/Defense/Speed correctly; trading keeps the partner version's form. - Flexible party size: Battle Tower singles 1-6, doubles 2-6 (multi stays at the legal 2) - Soul Dew un-nerf restored inside the Frontier.

Hey @SmolJoltik, this is fantastic work! That per-slot forme-check the facility scripts run on your selected team was the issue, and ripping it out lets Giratina keep its forme in the Frontier. Thank you for laying out the precise script/function/segment for every facility (367/fn90, 377/fn79, 378/fn29, 379/fn29) - that saved a ton of blind digging. I implemented your fix a slightly different way that might help anyone who'd rather not recompile scripts in DSPRE. Instead of deleting the CMD_798 segments out of each facility script one by one, I patched the command's handler directly. CMD_798 maps to the routine that reverts a single team member's forme (the one that checks species == Giratina/Rotom/Shaymin and snaps them back to base/Altered/Land, and also hands the Griseous Orb back to the bag). That routine already has a clean early-out, so flipping one branch makes it always return "nothing to revert." A single 2-byte edit and every facility (Tower, Hall, Castle, Arcade) stops reverting, no script recompile needed: overlay 5, RAM address 0x021F6DC2: change 01 D1 (bne) to C0 46 (nop) Two things I found while I was in there that build on your discovery: 1. There is a SECOND Giratina revert I don't think your script fix reaches. The battle engine itself snaps Giratina-Origin back to Altered "before the turn" when it isn't holding the Griseous Orb - which is exactly the leftover symptom you mentioned for Castle and Arcade, where the facility strips your held item. That one lives in the battle overlay and you can kill it too: overlay 16, RAM address 0x02259FBD: change D1 (bne) to E0 (b) After that, Origin stays Origin even with no orb, so the Castle/Arcade caveat goes away. 2. While I was unbanning everything I also removed the species clause and item clause at all facilities, and un-nerfed Soul Dew in the Frontier (the game secretly switches off its +50% boost there). I wrote the whole thing up in a bigger thread - and I put together a single xdelta patch so people don't have to touch a hex editor at all. I also credited you in my post for discovering this! Thanks again. -IS2L UPDATE 6.13.26 Quick follow-up now that the full Platinum build is finished and tested: - Arceus now keeps its Plate typing in EVERY facility format, including DOUBLES. There is a hidden eligibility/distinctness check that quietly bounced a Plate-Arceus out of doubles team selection; neutralizing it lets Plate-Arceus play doubles with the correct type. (Singles already worked.) - Flexible party size: the Battle Tower now accepts 1-6 in singles and 2-6 in doubles. This was done by widening the team buffer in the pokeplatinum decomp and rebuilding, not by a hex edit - a raw byte poke to the party-size limit crashes on team confirm because the team buffer is a fixed size. Multi/Castle/Arcade stay at their legal limits. - AbilityLock: if you give Shaymin or Giratina a hacked ability in PKHeX, the forme-change setter used to overwrite it back to the species default. One edit makes the setter only recompute the ability when it is the legal one, so a hacked ability now survives the Land<->Sky / Altered<->Origin swap. I packaged all of this (forme fix + unban + Species/Item Clause + Soul Dew un-nerf + Arceus typing + 6-mon + ability-lock) as a single source patch so nobody has to hex-edit. Credit to SmolJoltik for the forme-revert discovery that made it possible.

Hey @MasterKirby1982 sorry it took me ages but I finally cracked both halves of this - the PWT freeze AND the clauses - and it is tested working now. Those a/1/0/6 files (20-22 Subway, 33-36 PWT, plus the Battle Institute set) are not just a banlist. Each is a fixed 188-byte regulation STRUCTURE. I decoded the whole thing: - 0x02, 0x03 = party size, i.e. how many you bring (3 single / 4 double / 6 triple). This is the LEGAL LIMIT. Leave it alone - if you raise it you can pick too many Pokemon and the game crashes on team confirm. That is the "submitting more than 3 freezes the game" bug; the old edits were bumping this. - 0x04 = 0x32, the Lv50 cap - 0x05 = facility id (02 Institute, 03 Subway, 04 PWT) - 0x08 = the SPECIES clause (00 = enforced, 01 = duplicates allowed) - 0x09 = the ITEM clause (00 = enforced, 01 = duplicates allowed) - 0x1C to 0x77 = the species banlist bits (MeroMero's C0 / 0E / C0 07 / 98 7E / D8 03) - 0xBA = the per-mode / cup index: 0/1/2/3 for PWT single/double/triple/rotation (0/1/4 for Subway) Two separate things were tangled together: The freeze. The old "zero everything from C0 to the end" wipes 0xBA along with the bans. 0xBA is how the PWT bracket loader knows which tournament this regulation is for - zero it and it loads a broken/duplicate regulation and black-screens exactly where you saw it. Keep 0xBA and the freeze is gone. The Subway never froze because the Subway edits never touched 0xBA. The clauses. They are NOT in the banlist and NOT at 0x78 / 0xB5 / 0xB8 (I tried all of those and the "Some Pokemon are holding identical items" message kept firing). They are the two adjacent flags 0x08 (species) and 0x09 (item). Set both to 01 to drop "no duplicate Pokemon" and "no duplicate items." The game itself ships the link/wifi regulations with these at 01, so it is a known-good value. So the clean recipe, per banning file (Subway 20-22, Institute 10-14, PWT 33-36, every mode): - zero the banlist bitfield, 0x1C through 0x77 - set 0x08 = 01 (species clause off) - set 0x09 = 01 (item clause off) - LEAVE 0xBA alone (cup index - stops the PWT freeze) - LEAVE 0x02 and 0x03 alone (party size - keeps the 3/4 limit so it does NOT crash on team confirm) Same file length, no bytes added or removed. Legends unbanned + both clauses off, on all the offline facilities at once, with the party limit and tournament structure intact - no freeze, no crash. This is confirmed working in-game (Black 2 and White 2): banned legends register in Subway and PWT, you can run duplicate Pokemon and duplicate items, the team caps at the legal size, and PWT loads its bracket instead of black-screening. Thanks for documenting your freeze in such detail. I created a patch you can use on a clean black/white 2 in my Github repository. -IS2L UPDATE 6.13.26: Revisiting this with a clean, one-shot patch. I wrote a small pure-Python patcher (and prebuilt xdelta patches) that removes the ban list, Species Clause, and Item Clause from the Battle Subway, the Battle Institute, AND the PWT on both Black 2 and White 2 in one pass, while KEEPING the legal party-size limit and the PWT cup index - so it never freezes on team confirm or black-screens the bracket. It edits the regulation NARC a/1/0/6 length-preservingly. There are two honest limits for BW2 specifically: - More-than-3 Pokemon: So long as there is no decomp for gen 5, I think this is effectively not possible with our current technology, so the fixed team buffer can only be widened by ARM code injection, which needs a live debugger rig. - I also added a separate data fix so a hacked-form Arceus reads its form's type (Ghost form plays as Ghost, etc.) in BW2.

I've created a fork of PKHeX in my "Un-Nerf Compendium" repo that allows one to do what xJakub's Pikasav can do in Gen 1/Yellow (https://github.com/xJakub/PikaSav ). This PKHaX release also includes the ability to gen any ability onto a Gen 3 Pokemon in Emerald *So long as you've patched Emerald* See:

Good news everyone! I finally figured out how to remove the Species clause and Item clause and I've included the working patch/mod over at my Un-Nerf Compendium repository (click this link). The banned-species list is data (the int32[18] blob in global-metadata.dat at 0x666A32 — dex 150/151/249–251/382–386/483/484/487/489–493), but the species clause and item clause are not data — they're code, so zeroing the banlist alone leaves "no two of the same Pokémon / item" in place. Here's where all three actually live and how to lift them in one shot. Class Dpr.UI.UIBattleMatchingTeamSelect, methods GetRegulations / GetRegulation (3 overloads). Per party member, each method: - reads a regulation flag — [reg+0x2E] = no-same-Pokémon, [reg+0x2F] = no-same-item — and if set, calls a duplicate-finder whose bool (bit0 = duplicate exists) is tested by the next tbz/tbnz w0; - calls Dpr.PokeRegulation.CheckLegend(species) (bool, true = banned legendary). Replace each "bl <check>" with "mov w0,#0" (00 00 80 52) -> "no violation / not banned". 8 sites: 3 species + 3 item + 2 legend. Heads-up on dead ends I burned time on: PokeRegulation.CheckBothPoke/CheckBothItem have zero callers (reflection/dead), PokeDupeChecker. is the anti-clone box flagger (not the Tower), and EvCmd_BTWR_SUB_CHK_ENTRY_POKE is a return 1 stub. The live checks are the 8 above. pchtxt - Brilliant Diamond (build 94CEAE325C205C4B9D6F7235552F28FD) @nsobid-94CEAE325C205C4B9D6F7235552F28FD @flag offset_shift 0x100 @enabled 01BF2298 00008052 // species 01BF2324 00008052 // item 01BF2538 00008052 // species 01BF2580 00008052 // item 01BF2BE8 00008052 // species 01BF2C4C 00008052 // item 01BF220C 00008052 // legendary ban 01BF2B8C 00008052 // legendary ban pchtxt - Shining Pearl (build 38F59CBDA2EB9C44B72F94C4D25935A2) @nsobid-38F59CBDA2EB9C44B72F94C4D25935A2 @flag offset_shift 0x100 @enabled 0205AB8C 00008052 // legendary ban 0205AC18 00008052 // species 0205ACA4 00008052 // item 0205AEB8 00008052 // species 0205AF00 00008052 // item 0205B50C 00008052 // legendary ban 0205B568 00008052 // species 0205B5CC 00008052 // item Drop in <TitleID>/NoTowerClause/exefs/ (TitleID 0100000011D90000 BD / 010018E011D92000 SP), or an equivalently-named <BuildID>.ips. Diamond and Pearl are separate binaries - use the matching one. The Lv.50 cap and everything else are untouched. Reminder that Soul Dew is NOT banned because it sucks in all future gens after gen 6 lol. Hope this helps those who were still interested in this project! This was one of the MANY things I sought to figure out in the mass removal of battle tower/frontier/maison/tree banlists. And this was probably the last one I will work on/be releasing now that I've unbanned Sword/Shield, USUM, ORAS, and Emerald. Hope you all enjoy! -IS2L

This was a fun little project someone from the PH community requested. Here's the link to the patches (modded PKHaX.exe also in the release page). 1. Unrestricted Battle Frontier: Removes the banned-species list and the registration validator's level cap + species clause + item clause** (`AppendIfValid`/`CheckPartyIneligibility`), and un-nerfs Soul Dew inside the Frontier (its +50% Sp.Atk/Sp.Def for Lati@s is normally disabled there). Covers Singles/Doubles/Multi/Link and all facilities. 2. Any ability on any Pokémon: Gen 3 doesn't store an ability — only a 1-bit slot index into the species table, which is why it looked locked. This adds a real per-mon ability ID in the unused PK3 Sanity byte 0x1E (outside the checksum), and patches every site that sets a battler's ability to read it. Set it with the included patched PKHeX (Gen-3 Ability dropdown now lists all 78; pick one, save). Key offsets (clean Emerald USA/EU): banned list `0x08611C9A`; `AppendIfValid` NOPs at `0x081A3F5E` (level), `0x081A3F82` (species), `0x081A3FA8` (item); Soul Dew gate `0x080697A0`/`0x080697D6`; ability hooks read PK3 0x1E with routines in free space `0x0837F260`, hooked at `0x0806AA2A`, `0x0806B694`, `0x0804C99A`, `0x0803AD68`, `0x0806BC62`. Files: three IPS (frontier-only / ability-only / full) + `PKHeX.exe` (net10, needs .NET 10 Desktop Runtime) + source. Apply to a clean Emerald; saves are cross-compatible. This project was assisted by the developments/contributions made by pret many years ago. Patched routines verified in Unicorn, behavior confirmed in-game (Soul Dew and Huge Power both measured dealing boosted damage). Here's the full write-up and a video demonstration. -IS2L *UPDATE*: For those interested in playing with the Emerald patch, I created a custom PKHaX program with the latest source code ( https://github.com/kwsch/PKHeX ) you can find here: https://github.com/isleep2late/Un-Nerf-Compendium/releases/tag/PKHeX This version of PKHeX now only lets you edit any ability in gen 3 but also lets you modify sprites/typing in Gen 1 the same way Pikasav can do. See:

If you want the quick way to do this, here is a link to the Sword/Shield part of the Un-Nerf Compendium containing the patch and how to apply it :) Hey all! Once again, we have made some breakthroughs into ROM research, including removing Battle Tower restrictions and giving permanence / persistence to the Crowned Zacian / Crowned Zamazenta / Eternatus Eternamax formes! Ethical Disclaimer: Research was AI-assisted, but verified by me. Two small `.pchtxt` code mods for Pokémon Sword & Shield, for personal/offline use on emulator (built and confirmed on Eden v0.2.0, game v1.3.1). Both are tiny IPSwitch text patches - no ROM redistribution, you supply your own dump. Sword and Shield offsets included. --- 1) FormePersist - Crowned Zacian / Crowned Zamazenta / Eternamax Eternatus stay set Set the forme in PKHeX and it now persists through save + reload with no held item, and shows correctly on the team menu. SwSh treats these as battle-only formes and resets them to base on load; this forces the game's `IsBattleOnlyForme()` detector to return 0 so the reset paths never fire. It's the Gen-8 analogue of the Gen-6/7 Mega/Primal persistence patches. 2) NoTowerClause - Battle Tower species + item clause removed Lets you enter the Battle Tower with **two of the same Pokémon** and/or **two of the same held item**. SwSh's Tower has no banned-species list - the species clause and item clause are the entire restriction - so this lifts it fully. All other entry checks are untouched. --- **Install (Eden/Yuzu):** drop the title-id folder into `…\eden\load\`, e.g. `…\load\0100ABF008968000\NoTowerClause\exefs\noclause.pchtxt` (Sword) / `…\load\01008DB008C2C000\…` (Shield), then Properties -> Add-Ons -> tick it. (Make sure the GDB stub is off.) Patch contents (v1.3.1): FormePersist - `IsBattleOnlyForme` -> return 0: ``` Sword @nsobid-4628A512… Shield @nsobid-DBDDD138… 013AE910 00008052 013AE940 00008052 013AE914 C0035FD6 013AE944 C0035FD6 013AEC68 1F2003D5 013AEC98 1F2003D5 ``` NoTowerClause - force the per-slot duplicate-species & duplicate-item flags to 0: ``` Sword Shield 014F9654 08008052 014F96C4 08008052 014F965C 19000014 014F96CC 19000014 014F96DC 09008052 014F974C 09008052 014F96E4 1B000014 014F9754 1B000014 ``` Two Eden gotchas if you roll your own: `@enabled` is mandatory (without it Eden applies zero bytes), and use `@flag offset_shift 0x100`. Offsets are for v1.3.1 (build IDs above); a different game update needs them re-derived. Single-player/offline use - don't take these into pvp battle without your opponent's permission. (Bonus in the same folder: `DynamaxCandyAll`, a one-liner that lets you feed Dynamax Candy to the three legendaries. Actually letting them *Dynamax* is a RomFS personal-table flag - `CanNotDynamax` - i.e. the pkNX edit, not a code patch.) Here's the article explaining the in-depth reverse-engineering behind removing Battle Tower restrictions. And here's the deep dive into permanent formes for Gen 8. -IS2L *If there's any additional discoveries for Sword and Shield, I will just addend this thread so that I don't clog up the rest of the forums. Will make the title of this post reflect that.*

Chapter 5: Permanent Mega/Primals/Hoopa-Unbound Persistence through saves Before I get started, I just want to say a LOT of exciting things are happening/being discovered. If you've been following the Battle Maison/Battle Tree restriction post (click this very long hyperlink to get there), I discovered how to remove the Item/Species Clause AND specificically for ORAS, how to bypass the 510 EV limit, a feat once thought to be impossible. Now onto the real deal. I didn't want to clog the forums with literature so I'm consolidating all/most of my findings into this thread. I created a small code patch that stops Gen 6/7 from resetting battle-only / restricted formes when you load a save. Set a Mega (or Primal, Hoopa-Unbound, Necrozma Ultra-Burst, Zygarde-Complete, etc) on your party with PKHeX and it now STAYS through save + reload - on your team and in the PC. If you'd like to cut to the chase, say no more. Here's a link to the GitHub containing the patch and how to apply it. By design, X/Y, OR/AS, S/M and US/UM run "normalize formes" routines outside of battle that quietly call `ChangeFormNo(baseForme)` on your Pokémon - on save-load (Mega/Primal), on the field clock (Furfrou 5-day / Hoopa 3-day), at night (Shaymin-Sky), on PC deposit, in Pokémon refresh, and in the Day Care. That's why a PKHeX-set Mega snaps back to base the moment you boot. This patch NOPs those revert calls and leaves the forme setters untouched (you can still Mega Evolve in battle, use the Prison Bottle, etc.). Net result: the forme you store is the forme you keep. Fusions (Kyurem-B/W, Necrozma Dusk-Mane/Dawn-Wings) already persist and need nothing. In-battle stance formes (Aegislash, Wishiwashi, etc.) are handled by the battle module and aren't touched, so battles still behave normally. How to use: 1. Decrypt-dump your game (Mega/Primal-persist works on a decrypted `.cia` or `.3ds`). 2. `python formepersist.py YourGame.cia` - the Mega/Primal fix is auto-located, so it should theoretically work on any of X/Y, OR/AS, S/M, US/UM, any region/version (However, this was mostly tested on Ultra Moon and ORAS, but the patch should absolutely work on Ultra Sun because the location on Ultra Sun is in a slightly different location than Ultra Moon and was found. XY/Sun/Moon are the wildcards.) 3. Add `--full` for the complete forme set on US/UM and OR/AS (verified address tables included). 4. The script re-fixes the ExeFS/.code hashes (and TMD for `.cia`), so the build still installs and boots in Citra/Azahar/Lime3DS. Notes - This edits a decrypted personal dump - Nothing copyrighted is distributed. - It's for casual single-player use. Semi-relevant but not for this specific channel: Sword/Shield first pass (LayeredFS `.pchtxt` for Crowned Zacian/Zamazenta + Eternamax) is in testing - different mechanism (formes are derived from held item / story flag rather than reset), so it's a few NOPs in the `main` NSO rather than one. More on that once it's confirmed in-game. Feedback welcome - if a specific forme still reverts on your version, tell me which game/version and I'll add it. Here's an article for a deep dive on how this was discovered. ADDENDUM 6.13.26 Correction to my earlier note: Hoopa-Unbound did NOT actually persist with the simple ChangeFormNo NOP I first described. Hoopa reverts through a destructive multi-call reset block (several calls that tear the forme down), which is different from the single normalizer the other formes use. The fixed version auto-detects and neutralizes those blocks (AS/OR has 11, US/UM has 6). With that, Hoopa-Unbound finally persists across save/reload like the other formes. Please disregard the original "Hoopa persists" wording. New, related findings since then: - Arceus form-driven typing as a length-neutral CODE patch (a getter cave): hold the Plate -> Multitype type as normal; hold no Plate -> the PKHeX form's type (Ghost form reads Ghost, etc.); the form persists. Ships for ORAS and USUM (USUM also covers Silvally). - USUM ability un-nerfs: Prankster, Gale Wings, Parental Bond, and Soul Dew restored to pre-nerf behavior, with the in-game ability/item description text rewritten to match. - Protean on Arceus: WORKS in USUM (gen 7), does NOT in ORAS (gen 6). In gen 7 there is a literal type-lock species list {Arceus, Silvally}; clearing it lets Protean re-type them. Gen 6 has no such list - ORAS re-derives Arceus's type from its form every move as part of the Multitype machinery, and that re-derivation is fused into the move pipeline, so it overwrites Protean and could not be removed without breaking move processing. Castform and Kecleon Protean work fine in ORAS (no species block on them). So: gen-7 Protean-Arceus = solved; gen-6 Protean-Arceus = open.

Sorry I haven't followed this thread in a while - I plan on documenting how to remove the banlist restrictions for all / most of the games eventually and putting them on a repo - you will eventually see that posted on GitHub. But I have something VERY exciting to share: I discovered how to REMOVE the items and species clause in Battle Tree! The GARC location is at a/1/4/1 (RomFS) - the Battle Tree / facility rule-set table. It's a GARC of 25 rule records, 1192 (0x4A8) bytes each. Every "real" battle mode record carries two clause flags in its header: - offset +0x0E = Species Clause (no duplicate species) — `01` = on - offset +0x0F = Item Clause (no duplicate held items) — `01` = on Set both to `00` and the clause is gone (and the rules screen flips to permitted). These flags are independent of the banlist — the Normal-course records (no level cap, no banned mons) carry them too, which is why the clause applied even in Normal mode. Exact HxD edits Open a/1/4/1 in HxD and change `01` -> `00` at all 28 offsets below (14 records × 2 bytes). These file offsets are identical in both Ultra Sun and Ultra Moon (the rule table is the same in both): Record (mode) - Species Clause (+0x0E) - Item Clause (+0x0F) Super Single | `0x006F2` | `0x006F3` | Super Double | `0x014EA` | `0x014EB` | Super Multi | `0x022E2` | `0x022E3` | Super (variant)| `0x030DA` | `0x030DB` | Normal Single | `0x03A2A` | `0x03A2B` | Normal Double | `0x03ED2` | `0x03ED3` | Normal Multi | `0x0437A` | `0x0437B` | facility 06-1) | `0x04822` | `0x04823` | facility 06-2) | `0x04CCA` | `0x04CCB` | facility 06-3) | `0x05172` | `0x05173` | facility 07) | `0x0561A` | `0x0561B` | facility 08) | `0x05AC2` | `0x05AC3` | facility 09) | `0x05F6A` | `0x05F6B` | facility 0A) | `0x06412` | `0x06413` | In every case the byte currently reads 01; change it to 00. (If you only care about the main Battle Tree, the first 7 rows cover Super + Normal Single/Double/Multi; the rest are the other facility variants (not sure which facility variants these are since I haven't played the game normally in a while) - harmless to do them all, since you're only removing a restriction.) After editing, repack/rebuild as you normally would (LayeredFS drop of `a/1/4/1`, or repack the CIA and rebuild the RomFS IVFC hash tree). If you're patching a built .cia directly, find a/1/4/1 in the RomFS first, then apply the same +0x0E/+0x0F edits within it. When you open Battle Tree, you'll see "Permitted" under Items and Species rules! Hope this helps y'all! -IS2L Edit: Just wanted to link the GitHub where I have this stuff documented / patched for people who want an easy solution: https://github.com/isleep2late/Un-Nerf-Compendium MASSIVE UPDATE!!! I have figured out how to remove ALL restrictions in Pokemon ORAS, including 510 EV limit, Species Clause, and Item Clause. You can even play with 6 Pokemon on Battle Maison. See the github for the complete patch, but basically through an extensive series of trial and error I was able to nail down the additional bytes that needed to be changed (FOR ORAS): - Vaddr: 0x1E9734 -> file offset inside code: 0x0E9734 - Find: FE 01 00 00 (510, little-endian 32-bit) - Replace with: FA 05 00 00 (1530 - chosen above the 6x252 = 1512 max, so the total check can never trip while the per-stat </=252 cap still holds) That single 4-byte word is the whole fix. Optional, for completeness: the separate Battle-Spot legality validator has its own copy of this check, same FE 01 00 00 → FA 05 00 00. Its offset is title-specific (OR/AS code differ by +8 here): - Alpha Sapphire: vaddr 0x4474B8 (file offset 0x3474B8) - Omega Ruby: vaddr 0x4474C0 (file offset 0x3474C0) UPDATE 6.13.26 Status across gen 6/7 now: ORAS Battle Maison has ban list + Species Clause + Item Clause + team-size limit + the 510 EV-total cap all removed. USUM Battle Tree has ban list + Species Clause + Item Clause removed. One caveat worth stating: raising the team-size limit ABOVE the legal count (e.g. forcing 6 in a 3-slot facility) crashes USUM on team confirm because the team buffer is fixed-size, exactly like BW2 - so the gen-6/7 builds keep the legal party size.

TLDR; Scroll all the way down to the bottom of this post to see the GitHub where I provide a simple solution to how you can accomplish this. See next message for Permanent Megas & Hoopa-Unbound persistence through save restarts. THIS message applies directly to USUM, but the Permanent Mega persistence and Hoopa-Unbound/Primal Reversion/etc applies to BOTH USUM AND ORAS! Hello everyone! This post is meant to document ALL the progress I made in improving/editing the Gen 7 USUM. As of 6/2/26, you will learn how to remove the nerfs to Prankster, Gale Wings, Parental Bond, and Soul Dew in Pokemon Ultra Sun and Ultra Moon after reading this post (and if I discover anything more, I'll just reply to this thread or edit the post if need be). So full disclosure - I've spent many years trying to figure out how to crack the Gen 7 code, and with our current age of technology it was made possible. I was able to reverse engineer a lot of the USUM battle engine with heavy use of an AI assistant for some of the grunt work, including decompiling, scanning the save-state RAM, and cross-checking. I drove the project, supplied the save states, and verified every step in-game myself. What I've outlined here is reproducible, so you don't have to take my word for any of it. This post is for research purposes. Chapter 1: How to remove Dark's immunity to Prankster So my goal was to Gen 6 Prankster behavior in Ultra Sun / Ultra Moon - status moves from a Prankster user can once again affect Dark-types (no more "It doesn't affect…"). Tested and working. --- The fix (if you just want it) In Battle.cro (from the RomFS), change one byte: Offset: 0x24B14 Before: D1 FF FF 0A After: D1 FF FF EA (Only the last byte changes: 0x24B17, 0A -> EA.) That's it. This flips a conditional branch to an unconditional one so the engine stops failing Prankster-boosted status moves against Dark-types. It does not touch any other immunity (powder/Grass, trapping/Ghost, type-chart immunities all still work). Installing it - two options: LayeredFS (easy, no repacking): put the patched Battle.cro at %APPDATA%\Azahar\load\mods\00040000001B5100\romfs\Battle.cro, fully quit and relaunch Azahar. Repack the CIA: splice the patched Battle.cro back in and rebuild the RomFS IVFC hash tree + the NCCH romfs hash (signatures can stay broken; Azahar/Citra accept that). Big gotcha: test on a fresh battle after a clean boot, NOT by loading a save state. A save state is a snapshot of RAM that still contains the old unpatched code, so it'll always show the old behavior no matter how you patch the files. --- How it was found (short version) Gen 7 added: a Prankster-boosted status move that hits a Dark-type fails. I wanted that gone on the actual game, not just on a Showdown server. The hard part: the check isn't a simple if (ability == Prankster). USUM's battle engine (Battle.cro) is a Showdown-style event-dispatch system, and its handler tables are filled in by the loader at runtime meaning they're blank in the file on disk. So static analysis in Ghidra just saw zeros where the logic should be. That blocked progress for a long time (and produced several "patches" that did nothing - including one that accidentally targeted the text formatter, because `158`/Prankster also shows up as a text token). What cracked it: a Citra/Azahar save state. A .cst is a zstd-compressed snapshot of console RAM - decompress it and you get ~302 MB with all the runtime relocations already applied. From a save state of Prankster Shuckle vs. Dark Tyranitar, I could: - read the real, populated dispatch tables for the first time; - find the actual battlers in memory and diff their type fields - that pinned the type cache at battler+0x1E4/5/6, with Dark = 0x10 (Tyranitar showed 05 10 12 = Rock/Dark/none; Shuckle showed 06 05 12 = Bug/Rock/none); - locate the engine's hasType() function and find the single place in the whole binary that calls hasType(target, Dark) - that's FUN_05024868, the per-target immunity filter. Its Dark branch is basically the Showdown rule: target is Dark AND move was Prankster-boosted AND it's an opponent → "It doesn't affect…" + the move fails on that target Patching the first branch of that check to always "keep" the target removes the immunity. Confirmed in a fresh battle: Thunder Wave / Will-O-Wisp / etc. from a Prankster user now land on Dark-types. --- Notes / credits - This is one piece of a broader "restore Gen 6 abilities" project (Gale Wings, Parental Bond, Soul Dew are next). - Prankster's +1 priority is separate (it lives in `code.bin`); this patch only removes the Dark immunity, leaving the priority boost intact — i.e. true Gen 6 Prankster. - Method that made it possible, in one line: when a binary's tables are loader-relocated, stop fighting the static image and read a save state instead. If you're interested in learning more here's a thread I made on hackmons.com that details more information. --- Chapter 2: How to remove Gale Wing's HP restriction What this does: restores Gen 6 Gale Wings in Ultra Sun / Ultra Moon - its +1 priority on Flying-type moves applies at any HP, not just at full HP. Tested and working in Azahar. --- The fix (if you just want it) In Battle.cro (from the RomFS), change one instruction (4 bytes): Offset: 0xDA514 Before: 09 00 00 0A (`BEQ`) After: 00 F0 20 E3 (`NOP`) Install it exactly like the Prankster patch (LayeredFS drop, or repack the CIA + rebuild the IVFC hash tree). Same save-state gotcha: test on a fresh battle after a clean boot, not a loaded save state. The two patches are independent and can both live in the same Battle.cro. --- How it was found (short version) Showdown's Gen-7 Gale Wings is literally: if (move.type === 'Flying' && pokemon.hp === pokemon.maxhp) return priority + 1; The job was to find that "hp === maxhp" gate in the ROM and delete it. Same wall as before - the logic is event-dispatched, not a hardcoded if (ability == GaleWings), so the on-disk binary is unhelpful. This time the breakthrough came from two save states + a live hardware watchpoint: 1. Save-state static pass narrowed it down: there's no cmp #0xB1 (Gale Wings' ability ID) anywhere in the battle module, confirming it's dispatched. The priority logic turned out to live in the core executable (code.bin), reachable via a mapping I derived from the save state (blob = vaddr − 0x100000 + 0x1266A). 2. Live watchpoint (a small Python GDB-stub script) on the Gale Wings Pokémon's HP, run in a fresh battle at full HP vs. below full HP, caught every function that reads HP during the turn. Cross-referencing those against a static scan found a clean IsFullHP(mon) helper (curHP == maxHP -> bool) at 0x7663BC. 3. Of the 13 registered event-handlers that call IsFullHP, exactly one - the handler for the priority event 0x11 at 0x7B74E4 - also checks move type == Flying and adds 1 to priority. That's Gale Wings, byte-for-byte matching Showdown: bl IsFullHP ; curHP == maxHP ? cmp r0, #0 ; beq skip ; <-- the Gen-7 nerf (this branch becomes NOP) ... GetMoveType == 2 (Flying) ? ... GetPriority -> +1 -> SetPriority NOP the one branch and the +1 applies regardless of HP, while the Flying-type check stays intact. Here's a detailed breakdown of Gale Wings in the Battle Engine for more information. I will be sharing the expanded details of each of these modifications in these separate links so as not to "clog" up these forums lol --- Chapter 3: How to make Parental Bond's second hit do 50% damage instead of 25% What this does: restores Gen 6 Parental Bond in Ultra Sun / Ultra Moon - the second hit deals half damage instead of the Gen 7 quarter. Tested and working in Azahar. --- The fix (if you just want it) In `attle.cro (from the RomFS), change one byte: Offset: 0x24EAC Before: 01 0B A0 13 (`movne r0,#0x400` = 0.25×) After: 02 0B A0 13 (`movne r0,#0x800` = 0.5×) Same save-state gotcha: test in a fresh battle after a clean boot, not a loaded save state. All of these patches are independent and coexist in one Battle.cro. --- How it was found (short version) Showdown's Gen-7 Parental Bond applies chainModify(0.25) to the second hit; Gen 6 was 0.5. So the task was to find the per-hit damage multiplier and double the nerfed value. The trick was not to chase the ability ID (185 / 0xB9) - event-dispatched engines don't keep tidy "if (ability == ParentalBond)" branches, and my first attempt keyed off the wrong ability byte and did nothing in-game. Instead I chased the damage math: - The engine uses Q12 fixed-point multipliers (0x1000 = 1.0x, 0x800 = 0.5x, 0x400 = 0.25x). - In the move-execution function (@vaddr 0x701D68), on the live 2nd-hit call chain, the 2nd+ strike of a reduced multi-strike move loads 0x400 (the Gen 7 quarter) and feeds it to the damage builder (0x75BCE4); the first hit uses 0x1000. - That 0x400 is an instruction immediate at @vaddr 0x701EAC. Changing the encoded value 0x01 -> 0x02 makes it 0x800 (0.5x). The first hit (1.0x path) and ordinary multi-hit moves (Bullet Seed, etc., which take the 1.0x path) are untouched - only the reduced second strike changes. Live-confirmed: with a Parental Bond user vs a fixed target, hit 1 = 50, hit 2 = 24 (ratio ~ 0.48, i.e. half), where Gen 7 had it at a quarter. Numbers read off-screen and cross-checked against the Smogon calc. Here's a link to further documentation on how this was made possible. --- Chapter 4: How to buff Soul Dew back to Gen 3-6 mechanics This is the big one, and it's not a byte flip - Gen 7 deleted the stat logic and replaced it with a +20% Psychic/Dragon move-power effect. I disassembled the Gen-6 handler out of ORAS's DllBattle.cro, rewrote it for USUM's engine, and injected it as a new handler into a code cave in Battle.cro, then repointed Soul Dew's existing handler at it. - Mechanism: event 0x47 (damage modifier), arg 0x35 (Q12 multiplier). Offense sets 0x1800 (1.5x), defense sets 0xAAB (0.667x incoming = +50% Sp. Def). Special-category gate GetEventArg(0x1e)==2; species 0x17C/0x17D (covers Mega formes too). - Code cave: the alignment padding between .text and .rodata (file 0xFC974/vaddr 0x7D9974) - genuinely free at runtime and inside .text's executable page. (The obvious-looking interior "zero gaps" are relocated pointer tables - zero on disk, overwritten at load. That trap cost me three crashes; validate caves against the loaded RAM image, not the file.) - Verified in-game: Psychic (resisted) dealt 12 to a Lv50 Latios - below the 15-damage floor any unboosted Slowbro could deal -> Sp. Def boost proven; Oblivion Wing (non-STAB) chunked a bulky Slowbro ~50%/hit -> Sp. Atk boost proven. Here's the complete walkthrough and documentation of how Soul Dew's un-nerf was made possible. --- Last Remarks Because two of these change behavior, I also edit the matching ability/item descriptions in the message archive (a/0/3/2, English: ability descriptions = bank 102, item descriptions = bank 39) so the in-game text isn't misleading. Done with a small Gen-7 text encoder that rebuilds the archive so every other string stays byte-identical, then re-fixes IVFC. - **Gale Wings** -> "Gives priority to the Pokémon's Flying-type moves." (drops "when HP is full") - **Soul Dew** -> "…It raises its Sp. Atk and Sp. Def stats." - **Prankster / Parental Bond** -> no text change (their descriptions never stated the nerfed numbers). Here is the link to some patches I created to make life easier for people (EXPERIMENTAL): https://github.com/isleep2late/Un-Nerf-Compendium (I will be actively maintaining this repository.) Let me know if you have any questions or need help with anything! -IS2L

Hello! I haven't posted here in a while but I thought I'd share something really cool that I discovered while messing around with Pokemon Yellow. So I'm not sure how many of you know this, but there is a save file editor that actually exists on this website (though it originated elsewhere, you can find the upload by @theSLAYER here, developed by "Ritchie") that can do a lot more than what PKHeX can currently do in the Gen 1 games. This save editor lets you change a Pokemon species without changing the actual sprite of the Pokemon. What that means is that you can have a Gyarados sprite on a Pokemon with Mewtwo stats, and you can even change the typing of the pokemon so that it looks like a Gyarados, but it has Mewtwo stats, while being a Normal/Ghost type. Well as it turns out, while messing around with this, I discovered that the back sprites of some of these Pokemon look a little different. I first noticed this with Gyarados, but then I tried this on other Pokemon as well (namely Charizard, Blastoise, and Venusaur), and if you play Yellow and have a save file, you can actually replicate this phenomenon yourself. I couldn't find any documentation about these new sprites on the internet, so I don't know how many people actually know about them. Figured I'd at least share it here (year is 2025 and these games have been around for decades lol) so that someone can actually confirm whether these are in fact undiscovered sprites or if this is a well-known thing. I'm uploading screenshots of the game so that you can see what I'm talking about. Kinda neat! -IS2L

Thanks a lot @Pocket Monsters for the confirmation! Few things I want to note: I briefly skimmed through the rest of the directory that I found the banned list in. Unfortunately I did not find the segment that removes species/item clause, but I know it's in the code somewhere. If you go through the actual hex data (not using Imposter's Ordeal, but just something like HxD or another hex editor), you will find that the location of the banned list is peculiarly near some other binaries that contain what *looks* like the species clause. (In Gen 7, "0E" determines whether the species clause applies and "0F" determines whether the item clause applies). You'll see 0E and 0F within the proximity of the legendaries banlist, but zeroing them out will either give you an error or there's a likelihood that I'm just not doing it correctly. Anyway, I'm currently done with this project for the time being, but I would definitely be interested in following if anyone finds a way to remove the item/species clause. The only quality of life this provides is that it allows you to run multiple Arceus's w/ different typing, different deoxys formes in the same team (might be useful in a doubles battle). But again, I'm not gonna lose sleep if this never gets figured out. Cheers! IS2L

Hey... so I'm back from my 3-4 year slumber to put out another contribution to the ProjectPokemon community, and this one I think a small group of BDSP gamers would appreciate: I did it! I FINALLY figured out how to remove the BDSP Banlist, and it took a *very long time*. (At least, I THINK I removed it. I am just incredibly excited bc I believe this is the mod that does it). Here's a visual/proof that this method works, and then I'll share what I did. As you can see, Jirachi and Dialga are legal in my Battle Team. (I almost had a panic attack when I saw this because I actually could not believe I figured it out). OKAY, now that that's out of the way, here's the process: I used a program called "Imposter's Ordeal". Now, IDK what is allowed on this forum and what isn't. I know sharing certain things like rom's or how to hack your switch/emulation might not be allowed, so I'm going to refrain from talking about those particular things. And I'm not even sure if Imposter's Ordeal is something that is allowed here, so if it isn't, then please let me know and we can figure out another solution. I only say this because Imposter's Ordeal seems like an incredible resource that I'm surprised nobody has ever talked about on PP lol. But anyway, you're going to want to open that program and use it on your BDSP game. Open "Global Metadata Editor" and the first thing you're going to see is "Assembly-CSharp.dll", "<PrivateImplementationDetails>", and then a bunch of random letters and numbers in the third column. Scroll all the way down until you see the line of code that reads "4DBCB2BACE8C9D7E1BA528261F46...". Under the fourth column, you're going to see a bunch of binary/hex editor data. Turn all of those into "00 00 00..." while making sure you don't alter the size of the code/amount of binary data. (If you're wondering how I figured out it was this specific line of code, the answer is 'yes' lol). Close out of that window once you're done, hit "Export and Exit", and wah lah! You've created a mod that you can load onto your game and find that (at the very least) Jirachi and Dialga will show up as in the above image. Hope this information helps! I'm just so excited that I actually figured this out, I wanted to share it with the rest of the team, and hopefully this enhances your play experience, and for anyone out there who wants to create your own romhack of BDSP (as I know people like to do such of that), I hope this gives you a nice little added feature). I'm sure this line of code can be edited to fit your needs, for example if you wanted to ban other pokemon. Not sure why you'd want to do that. Last but not least, I want to give credit where credit is due. Want to thank @ABZB for helping out with the start of this project. Want to thank @Robie777 for contributing the post-game save file that I used (which also is the save that you see in the image above). That save can be found here: Want to thank Nifyr on github for hosting the Imposter's Ordeal randomizer that really helped organize the structure of the data in a way that PowerGREP or HxD couldn't. Want to thank the mods/big names out there (theSlayer, Kaphotics, etc.) who have made this rom/save editing community fantastic. After all, I'm going to look forward to using PKHeX to make some OP mon's on BDSP for funsies now lol. Want to thank Nintendo/ILCA/The Pokemon Company and the Unity engine for making possible what is probably one of my top 5 Pokemon games now. And finally, I want to thank all those who supported me during my long hiatus. Like I said, I left social media/content creation because of that toxic cyberbully from another gaming community (seems that person is now banished from multiple other groups, so I feel a lot more safe now). Will I ever come back? Idk yet, but I definitely enjoyed being part of ProjectPokemon. Anyway, let me know if you have any questions, or if there are any issues with the game. Please be aware that as I went through some of the metadata, it is VERY possible that the wrong modification could ruin your save (you have been warned). So if you're going to continue playing w/ Imposter's Ordeal and/or venture further into the binary data of BDSP, I would recommend backing up your save file and if things go wrong, just remove/undo the mod and restore your save. Cheers! -IS2L *UPDATE 1/11*: Please note that this does NOT affect the item or species clause. Those will still be in effect. After discussions in our PP discord, it's very likely that these rules can also be lifted, but I actually don't care too much about the item/species clause. It would be nice to be able to have both Deoxys A and D on your team, but it's not too big a deal. Anyone else feel free to dive into this project as I'll probably be very busy in the coming weeks/months

Hey everyone, Surprised this post hasn't been made already; am I the only one interested in doing this? I looked into some of the previous architecture and based on a post @ABZB made years ago on Pokemon Platinum there was a line of code in Platinum's arm9.bin they discovered that contained the banlist in the DS game: Now, I did not see this line of code in the BDSP games - and why would I? It's a completely different game that is 2 system generations apart. *However*, I grew very suspicious that things from BDSP were stolen from D/P/Pt when I discovered a lot of the stuff taken from diamond/pearl was claimed to have been copied over to BDSP (for example in the Glitch community they discovered that the game designers copied the memory reading from gen 4 dp, allowing a very similar exploit to the so-called "Void Glitch" in gen 4). Anyway, after dumping the romfs of Brilliant Diamond, I found a very similar segment of this code in the the resources.assets file under the romfs directory. There are exactly 6 instances of the Hex values: "7E 01 7F 01 80" (I think it actually extends beyond those values). I would try replacing the relevant binaries with "00 00..." but I also don't think I have the hardware to actually test to see if this works. On top of that, there's like a bunch of other instances of "7E 01 7F 01 80" scattered around the romfs as a 1-of instance (666 total occurences in the romfs) so I might just be throwing a needle in a haystack. If anyone else finds anything or makes any progress, please let us know! (FYI I will/have been severely limiting my online presence due to some drama/abuse from another/separate online community/individual but I will be watching closely for any new updates to this thread).

Hello, I've been looking into a project where I import certain mechanics in generation 6 into the gen 7 games. Specifically, I am interested in the following (in order of importance): Returning the ability Parental Bond to its glory and making it deal 1.5x the amount of damage instead of 1.25x Returning the ability Gale Wings to its glory and making it give priority to a flying-type move regardless of whether a pokemon is at max HP Allowing Prankster to be used against Dark-types Returning Soul Dew to boosting Latios and Latias's Special Attack and Special Defense by 50% instead of... whatever it does now Allow Sheer Cold to be used against ice-types, and to not have its accuracy lowered by non-ice users Returning Pixilate, Aerilate and Refrigerate to 130% instead of 120% (not that big a deal of this or Sheer Cold can't be done) Again, not that big a deal, but removing all the little nerfs to status conditions (confusion back to 50% from its now 33%, paralysis's speed back to 25% from 50%, burn back to 12.5% from its now 6.25%) I've been reading up on editing abilities (not just changing which Pokemon gets what ability to literally modifying abilities and what they do) and it seems like it hasn't really been done yet publicly. I've also been told that the abilities are not in any GARC but can be found in the exefs. Does anyone have any experience with any of this, or can point me in the right direction? Your help is greatly appreciated.

Ah okay, it seems my game at times wouldn't allow me to even view my party, at times would but the pokemon would show up as banned. So there were internal inconsistencies when altering the banlist with how the game was registering that a pokemon was banned (either the individual pokemon would show up as banned or the entire party box would not be selectable, depending on the battle format). But I think i solved that today after discovering how to remove *literally every* restriction, but first: @deadmza I didn't get to look through every file to check file a/1/8/9, because there is at least one instance of the infamous "C0..." banlist byte in that location if you extract an X/Y rom. It appears the structure of the game is quite different from ORAS which is worth investigating (also sorry that this is coming like 2 years late lol) SO BIG UPDATE! I figured out how to remove the 510 EV limit on all Pokemon lol. At first I truly didn't think this was possible as I edited literally everything in the ORAS file (this only applies to ORAS as that's the one game I'm interested in. USUM and presumably SM already have this restriction removed I'm pretty sure). However, I took a shot in the dark and I have no idea exactly which location the bytes are, but here's what I did: 1. Removed the pokemon species banlist using the replacement of the "C0..." bytes with all 00's. 2. Replaced all "02" and "01" with "00" (pretty sure you just need to replace 02 but I did 01 just in case) 3. It was random and arbitrary, but I did a complete swap of every hex value from 0004550 onwards to "00 00..." I know my methods are not entirely scientific, but this got the job done and I'm not sure what if any side effects/repercussions this would have, but it appears a/1/7/0 is the file solely designed to address all banlist restrictions in every which way in ORAS, ORAS/X/Y appears to be INCREDIBLY strict with their banlist vs every other generation, and for whatever reason some of these limitations (the 510 EV limit) just aren't there in Gen 7 (or Gen 5). In fact, it's also removed in Sword and Shield... and actually you can pretty much play anything you want in Sword and Shield, which is pretty great because that seemed quite intentional and is the right direction for Nintendo to be going with these casual in-game battles going forward. EDIT: Sorry, today I tested this again and it looks like I was mistaken.... no idea what happened but it appears the 510 ev limit was not bypassed.... my mind must be seeing things because i could've sworn it worked yesterday. However.... An even easier way to remove all the restrictions found in gark a/1/7/0 is to zero out everything between the two " / /"'s in the beginning of the code, making sure to leave the 5 and the stuff before it intact. Idk if i'm making sense at this point...

I just tested this in the Battle Maison (after removing the banlist restrictions). Gave Arceus Protean, moved it to battle box, and when doing a rotation battle it would not change types when using a move. Thought this was a battle box thing (or maybe a rotation battle thing) but as it turns out my Arceus with the Protean ability would not change types regardless of where it battled (even tested against wild pokemon). Double-triple confirmed that Arceus did in fact have the ability Protean while in-battle. I thought this was very suspicious and decided to test other abilities, like Wonder Guard. Sure enough, Arceus with Wonderguard is protected by non-fighting moves.... so maybe I'm going crazy, maybe I messed up my game, but the specific combination of an Arceus with Protean hacked as its ability does not work and it is making me confused lol. Does anyone know anything about this, could confirm that this is in fact true, or might have an explanation as to why this is? My theory is that, just as the ability Multitype cannot work with any other pokemon, neither can Protean be used on an Arceus due to the nature of what Arceus does. Just a very rare thing... and I'm sure many people have played with Protean Arceus in Balanced Hackmons or other Hackmons formats in this game, not knowing that this could not technically be possible in the real game.

Hey so a lot of people have over the years asked me about my save files and some of them have been made obsolete/deprecated. I had a lot of time this year to fix/polish some of my older save files, and then I got overwhelmed with all of the Pokemon files on my Desktop so I'm just going to dump all of what I have into a zip file and make it public for all of you to use. Some Pokemon players want to own every single Pokemon and have it be the best version it can possibly be (competitive movesets, shiny, events, pokerus, all ribbons, etc etc), so ever since 2015 I decided to take this to the max and basically "max out" the game for every version from Gens 1 all the way to the games today. The challenge is making sure the Pokemon has that "green checkmark" on PKHeX (which has been made a lot easier thanks to the many updates Kaphotics has made over the years). What I am attaching is years of work, some of which has been borrowed or taken from various other places, but I try my best to credit the Smogon community, Kaphotics, ProjectPokemon's database, Gridelin, etc etc but there is honestly a lot of stuff on here that it's too much for me to really document in depth... so the best thing I can do is tell you to read the ReadMe and view the "Mainstream Media" folder which should contain save files for each generation. (Sorry for the weird nicknames lol. The reason for that is because 3DS games can only have "main" without a file extension, so I needed to give random nicknames to differentiate them and it would be weird for some of those files to have ".dsv" at the end so I just decided to make them all extensionless but PKHeX should still be able to read them all). So that's about it. I really hope you all enjoy these saves... I share them to you for the love of the game. I want you to know that I do not condone cheating - these saves are purely for casual play/fun and mildly interesting purposes. I hope I am not breaking any rules by sharing my saves (again, some of these are derivative and most of the stuff in the Supplementary folder are just dumps of whatever backup files I had). Let me know if you have any questions and if you need me to take this down for any reason then I certainly will comply. Sincerely, isleep2late isleep2late's 8 Gen Gem.rar

@RedFordWhite Hey! Sorry for taking a while to get back to you, but I was able to solve your conundrum just now if you're still interested! If you go back to the original thread: You'll see that MeroMero mentioned the files within a/1/0/6 for PWT (files 33, 34, 35, and 36). Now, these files are referring to actual .bin files that you get from decompressing the actual narc file (the file with no extension named "6"). This can be done with a program called "Tinke" which you can get from the release section of their github (click on "Assets" all the way at the bottom of version 0.9.0). Open your game, go to the root directory and find a/1/0/6 (If you're on Black 2/White 2), click on the file and I think you click on "Unpack" which gives you a bunch of .bin files. Find bins 33-36, open them with the "Hexadecimal" button in Tinke and replace with 0's *almost* everything. I kept the first sequence of numbers in each of these files but pretty much everything from "C0 ....." onwards I replaced with 0's until the absolute very end of each file (make sure not to add any additional digits. Don't add any length to the files). My guess is that the Soul Dew and all the other junk is "hidden" amidst the 01's and 02's (just like it is in the Gen 6 games) which uniquely come after the species banning script MeroMero found. And since I'm too lazy to sift through what all of them mean it's just a lot easier to zero all of that out for your purposes Let me know if this method works for you! I just tested it and it appears it does exactly what you want. And if you Hex-edit the original 6 file within the Tinke program, you should be able to change the B0 0E I talked about and the other unbannings in Battle Subway (and hopefully Battle Institute as well?) will still work.

Thanks for that info @Smile! I got a chance to look even further into this and as it turns out, there's an ENTIRE set of hidden "02"'s and "01"'s (and I'm almost positive there are others) scattered around the a/1/7/0 garc that basically dictate all Battle Maison restrictions, opening a ton of more doors for additional research if anyone wants to pry them open. Following your suggestions, I think I did a flat Control + Replace (CTRL + R) on all 02 -> 00 which led to pretty much unbanning Soul Dew in the Super Double Battles, Super Triple Battles, but normal Triple Battles was somehow randomly still not even allowing any of the banned pokemon, so I was very confused..... But TL;DR: If you want to get rid of the most restrictions, do a Control + Replace on the 101 byte repetitions outlined by Kaphotics (there should be 29 iterations in ORAS) and then do a CTRL + R on all 02 -> 00 and THEN do a CTRL + R on all 01 -> 00. This leads to some pretty funny results, allowing more than 3 Pokemon to be submitted in certain formats (I think 4 in regular singles, and your entire team in super singles). I did even more screwing around and I somehow randomly got rid of the Species Clause in one of the Rotation formats.... but I can't remember exactly what I did (I'm really sorry!) But if you sift through enough of the "unique" characters and slowly get rid of them, I think you'll get there. I'll let you know if I find anything else, but I think that's it for now!

I am so sorry!! I've literally been coming back slowly to Pokemon and I did revisit this project. It took me about 20 hours, but after a million attempts at hex editing and rebuilding, I FINALLY discovered the proper way to removing the Soul Dew clause: Long story short, unbanning Soul Dew is a matter of changing a few "02"'s to "00"'s at various offsets in the a/1/7/0 garc. For my own convenience I won't list the exact offsets of every bit, but here's a list of them you need to change to 00 which you can find at the specified row (just set HxD rows to 16 and you'll find the offsets): 02 @ 00005CD0 02 @ 00005A70 02 @ 000055C0 02 @ 00005360 02 @ 00005100 02 @ 000049F0 02 @ 00004790 02 @ 000042E0 02 @ 00004080 01 @ 00003E90 02 @ 00003E20 02 @ 00003970 02 @ 00003710 02 @ 000034B0 02 @ 00003250 (set HxD to 16 per row) Again, apologies that this is only being figured out in 2020 for the very few of you that care. I didn't want to make a new post but I didn't want to necro this one either. Doing what I previously told you to do will not allow you to submit any Pokemon which causes you to have a shiny bulbasaur that auto-concedes to your opponent. Hopefully this helps out anyone in the future! BTW, the only other restrictions are Species Clause (and I think Item Clause?). I haven't fooled around with those restrictions but I don't doubt that they're possible. Removing the Pokemon Banlist and Soul Dew Item Ban list is good enough for me lol

I noticed that in Pokemon Black 2 / White 2, Pokemon that originate from the Gen 5 games will still be marked as Legal when given Contest Stats and/or the Ability Ribbons. As it turns out, I did some looking-into this stuff and from what I've read it seems there is no actual way to obtain *any* ribbons in these games, there are no contests, and therefore there shouldn't be any way to have a non-zero stat in any of the contest categories. I tried to find bug reports on this issue but it doesn't seem like anyone has brought this up. Should this be changed/fixed in a future PKHeX update? Just a suggestion, thought it might help with the legality checker, but if I am mistaken please feel free to let me know if this is actually working properly

Hello! I have a question about the World Ribbon that exists in Gen 3: PKHeX says it is legal to have in a Gen 3 game (in this case Emerald), but when I drag the .pk3 file onto a Gen 4 game it's flagged as illegal because the World Ribbon is apparently invalid: "Invalid: Invalid Ribbons: World" How can a pokemon be legal in one game but when the same Pokemon is transferred it is illegal?

Ah my bad lol. Looks like from the projectpokemon discord there are some people who still play XY and already people working on finding the GARC for that. I also want to point out that this method does not unban Soul Dew from ORAS. Soul Dew removal is possible, and it took me quite some time to figure this out. I started by continuing the search for those bytes in the rest of the GARCs, nothing. Then I went back to a/1/7/0 and slowly hex edited every piece of data to "00 00 00..."s. My Slowbro holding a Soul Dew was still banned (lol). Then I hex edited some of the stuff in the beginning of that file to all 0's and finally my slowbro was unbanned. It looks like you can start at offset 00000102 and just hold 0 until you're at the end of the file, lol (it helps to click on different parts of the file while you're holding 0.... but really it's that initial list of bytes starting early up in that file that determines that soul dew is banned.) I'm guessing this can be explained by the fact that that list of hex values are items? Not entirely sure tbh, since according to this bulbapedia article Soul Dew's hex value is E1 but that is nowhere to be found. But then again neither are the hex values of any of the legendary pokemon, so long story short everything in the game is pretty uniquely obfuscated. BTW, idk about the very first bytes in that file but it's interesting to note that in Black and White (2), changing everything to 0 in the "banlist" narc causes the game to crash. That is not the case in Gen 6. And this process is not necessary in SM (I said it right this time haha) as Soul Dew is not banned (it got a nerf wherein it only buffs psychic and dragon type moves by 20%... lame). So that's about it! Everything I ever wanted to figure out how to do has finally been figured out. I haven't tested other clauses such as item clause or species clause (i know this does not remove item clause in SM Battle Tree). I guess that would be the next logical step, but I'm pretty content with stopping here. Some people have been asking me to make a tutorial on how to do this, which I'm not opposed to doing, but everything can already be figured out from reading the past 12 posts on this thread. As an aside, I would highly discourage anyone from doing this and playing the edited ROM on a 3DS while using the internet. I don't know for a fact that this would get you banned, I just think it makes good sense to protect yourself from that risk. Please, if you try this at home, play your ROM while your 3DS's internet switch is turned OFF! EDIT 5/25/2020: See below for my corrected statement, and the exact offsets for correctly removing the Soul Dew Clause

Can confirm this works on Sun and Moon as well (I knew it would, but just confirming that it in fact does). the garc for SuMo is located at a/1/3/7. Just replace all instances of that code once again with 0's (including the "E0 01 07" bit). If you're doing a Ctrl + F or Search and Replace, I would start off with "C0" rather than the bunch of 00 00's. There are only 14 iterations of that code, which is very very unusual because there were 29 instances in ORAS and a different amount in BW2. So I guess the moral of the story is that it's all encrypted, and there is no rhyme or reason to the "number of banned pokemon" to the number of banned code reptitions. I've made a video demonstration on my channel which I will not share in this post, but here is some additional photographic proof: Next step: Edit number of pokemon and pokemon level! lol jk... Also for what it's worth, the file size in ORAS is 33 kb whereas for SuMo it's 29 kb (and it's 8 kb in Gen 5 for comparison even though i know NDS is different). I think that's rather interesting, and sheds some light into the structure of the ways these garcs are organized. Another interesting tidbit: Neither of these banlist garc locations were figured out during the initial decryption phase of R&D. In ORAS, the garc was labeled a\1\7\0 - 53 * 604 bytes Battle Video Info Markup Template from this pastebin uploaded by Kaphotics and it was labeled a\1\3\7 - com_seasand02 02_beachslope from this GBATemp repost by BelmontSlayer. I would be interested to know if a/1/7/0 does still contain a Battle Video Template, because I wasn't sure if each garc did only one specific thing or if they could do multiple things. But anyway, thank you so much Kaphotics for your help and ABZB for all your contributions! I know a lot of people have been asking about this and I'm glad the community can finally put this issue to rest. BTW, I still don't have it for X and Y and I'm not sure if anyone wants it for X/Y. I won't waste time finding the garc for XY unless someone wants me to (or you can just do it yourself )