suloku

Box 18, Slot 30--make sure there's no PKMN in that slot otherwise it will be overwritten. Press Select.

Code is for Platinum.

Code for a legally obtained Mew from my pokemon ranch (spanish)

[HGSSSPRITE]151[/HGSSSPRITE]

94000130 FFFB0000
B21C4D28 00000000
B0000004 00000000
E001E1C8 00000088
BF97264C D2C40000
50A608BE 25BAD46A
D7AB888F 89C35ED7
467157FF 0F7FB85F
0AD547E8 73B47A53
5136C27A 81BD4C68
4FCC0B44 DBA2D603
52BADD65 13A7B9B1
9C011FA6 79435033
0FAA5A59 BFFB40F7
5229A7A9 22526D8C
E3C22340 DD99CCA4
45583ABB 60DE732E
E4FFE482 E4296736
9B07422B 65C98505
DF37DF7D FCB7C175
E9A38854 68F84223
D2000000 00000000

Code for a legally obtained Mew from my pokemon ranch (spanish)

Diamond/Pearl code:

94000130 FFFB0000
B21C4D28 00000000
B0000004 00000000
E001E1C8 00000088
BF97264C D2C40000
50A608BE 25BAD46A
D7AB888F 89C35ED7
467157FF 0F7FB85F
0AD547E8 73B47A53
5136C27A 81BD4C68
4FCC0B44 DBA2D603
52BADD65 13A7B9B1
9C011FA6 79435033
0FAA5A59 BFFB40F7
5229A7A9 22526D8C
E3C22340 DD99CCA4
45583ABB 60DE732E
E4FFE482 E4296736
9B07422B 65C98505
DF37DF7D FCB7C175
E9A38854 68F84223
D2000000 00000000

If you have a diamond, you can install my pokemon ranch on your wii and transfer 1000 pokemon to the ranch, then deposit an egg and you will be asked for the trade. You can modify the wii's clock so you don't have to wait 6 days for the ranch to reach level 25.

RanchMew.pkm

Source code is included, someone (or yourself) can compile for other OS. Or you can use a windows virtual machine.

It seems you missed this thread: http://projectpokemon.org/forums/showthread.php?44253-My-Pokemon-Ranch-Savedata-Exctractor-0-1

Use the extractor, the .pkm filenames contain the trainer id and secret id of the trainer that deposited the pokemon in the ranch. If you need the name, open the .pkm file with pokegen.

For extracting the ranch savefile use savegame manager gx on your wii. You will need hombrew channel on your wii to use savegame manager gx, there are plenty of tutorials out there.

As another option dolphin emulator can "install" savefiles copied to the sd from the system menu, the you can get savedata.bin in you computer, but since the savefile is protected you still need a homebrew enabled wii to do so and run an app like "banana saves".

Thank you, I've looked at it, but I don't know visual basic (in fact, I know very little programming).

I've taken advantage of MPKR making a backup of the savefile to compare what happens when I withdraw a pokemon and deposit a different one. The result was that the only changes to the file are the ones shown in the following image (and obviously the 136 bytes correponding to the pokemon I deposited, which now take the place of the one I withdrawed):

EDIT: I also tried to just enter the ranch and save 2 times in a row, then extract the savedata. The only difference between the two savedata were the bytes marked in red in the image (0x00-0x19 and 0x63).

I also tried withdrawing the first pokemon deposited at the ranch, then depositing a different one, which shifts the whole pokemon data 164 bytes. But same result. Removing a pokemon has the same changes to the header (well, the pokemon start offset is updated, as stated below).

The checksum is definitely one of those, maybe 0x60-0x63 is the header checksum and 0x00-0x19 is the savedata header.

Also, I noticed some values in the header are offsets in the file:

- Underlined in the image, they seem to be just some index values

- In a black square I've marked the values of the offsets of different sections in the savegame:

0x00-0x19: SHA-1 hash of all the following data in the file

0x24-0x27: start offset of mii data entries in the ranch

0x2C-0x2F: start offset of "mii-trainer" data entries in the ranch

0x34-0x37: start offset of pokemon data

0x3C-0x3F: ending offset of pokemon data (after this the savegame is all 0x00)

[ATTACH=CONFIG]11917[/ATTACH]

UPDATE: found it! 0x00-0x19 is a SHA-1 checksum of the rest of the savedata. 0x60-0x63 might be a time value, since in subsecuent savefiles it only increases.

Thankully this is a very common checksum, so I will be able to update the id changer app myself!

UPDATE_2: I successfully edited my pokemon ranch savefile and could download all pokemon to a different diamond/pearl savegame, without modifying the nds savegame.

It required some extra tweaking, like adding TID, SID, Name to one of the mii-trainer entries (this one was expected). I need more testing, because in my successful attemp i just changed all the trainer data existing in the savefile (which only had had one trainer ever) to the new one and I don't know if changing them all is required, as my save had 3 consecutive TID, SID, Name for no apparent reason. Maybe it is a log of the last trainers that connected to the ranch for the ranch and wiiconnect features?

I'll do more testing tomorrow, but the big part is done.

UPDATE_3: The process is now automatic. I updated the id-changer and coded a program that updates the hash. I coded it as a separate application because that way one can manually modify the savefile, for example, to change a pokemon for other, and add event pokemon to the ranch for example.

With the information in this thread one could write a full save editor, that changes the trainers in the ranch and the pokemon they have stored. It would be nice for people who don't have access to AR or nds flashcarts to mingle with pearl/diamond savegames, but I'm not going to code it, and since my pokemon ranch is only for diamond/pearl I doubt anyone will take that much interest as to code it.

I'll update first post with new binaries and the info I've gathered later.

UPDATE_4: First post updated. I doubt I will work on this anymore, source and all the information I gathered is available in the rar attached to the first post.

UPDATE_5: updated first post with new information and a tool to change the savegame region/language setting

UPDATE 4: About Japanesse My Pokemon Ranch:

- Region code seems to be 0x00 for normal japanesse my pokemon ranch. Seems totally compatible with the other versions (NTSC and PAL using regionchanger).

About the Platinum update savegame:

- savedata.bin is bigger, seems that space was added for 500 player pokemon and 500 hayley's pokemon (a total of 3000 pokemon in the ranch). Some more Ranch data is added as well (for the new features I guess, like song changing, that setting may be saved as well).

- The start offset of mii data has changed, since some more data for the ranch save was added, the start offset of mii data has changed. Since I wrote these tools with a hardcoded offset instead of reading the offset from the header (because I discovered that later) the only tools that will work with the platinum update savegame are hashupdater and regionchanger. I may rewrite my tools to clean the code and add compatibility with the platinum update savegame.

- For platinum update the region code seems to be 0x40. I think that these region codes are actually only bitmasks, since my pal savegame was updated to 0x60 (bit 6 was enabled) and not 0x40.

- A platinum update savegame will NOT work on any non platinum update game. The game will say the save is corrupted (but it is not, it must make some kind of filesize check).

UPDATE 3: I tested a little with dolphin and found the header value that defines de region/language of the savegame. I've updated the post with the new information, and I've also attached a new file with the updated information and a new app: PR-regionchanger.exe, which has a region selector (jap, NTSC-U, PAL: english, dutch, french, german, spanish, italian) and also updates the file's hash.

UPDATE 2: I made a quick test with a pal savedata I found. The PAL ranch save seems to be language locked and the "connect to wii" option will only appear in the DS games of the same language (english, deutch, french, italian and spanish). I couldn't find any obvious value in the savefile storing the language setting. The lack of a language setting in the NTSC-U savefile might be what prevents the save from loading on the PAL game. I could create several new savefiles in different languages and compare them, but as I said I'm not working on this anymore.

UPDATE: Released extractor, id changer and hash updater!

Only tested with PAL and NTSC-U savefiles.

FAQ:

- What are these for?

With these tools you can extract the .pkm files from My Pokemon Ranch savedata and take ownership of all the pokemon in the ranch, so you can withdraw them with any NDS cart.

- How do I get the savefile from my wii?

You will need a homebrew enabled wii (aka Homebrew Channel) and you'll need to use Savegame Manager Gx.

- Can I use the savegame copied from the system menu?

No, you can't. Either way, if you can copy it it means your wii is homebrew enabled, since you aren't supposed to be able to copy that savegame.

- Can I know my secret trainer ID with these tools?

Yes you can. Each .pkm file extracted with PR-extractor contains in its filename the TID and SID of the trainer that deposited the pokemon in decimal (normal numbers, not hex like the .tnr files).

Alternative method for pokemon extracting:

If you use PR-extractor, you can check data of the trainer that deposited the pokemon (TID and SID). You can check the name at My pokemon Ranch screen or using pokegen and opening the .pkm file (only if the pokemon belonged to this same trainer).

If you edit your NDS savegame so it matches the TID, SID and name of the trainer that deposited the pokemon, you can withdraw them.

Quick Instructions:

I'll briefly explain the process of changing all pokemon from a savefile to a specified trainer.

0.- Connect to My Pokemon Ranch with your DS trainer and deposit a pokemon. If the ranch is full see side notes*

1.- Use Savegame Manager Gx to extract your savegame (extract, not copy).

2.- Put savedata.bin in the same folder as the PR tools.

3.- Run PR-extractor.exe. Sort by number.

4.- Get the .tnr file of the LAST pokemon extracted. This file contains the hex data from your trainer (TID, SID and Name).

5.- Drag and drop your .tnr file to "Insert_tnr_and_update_hash.bat". The file "savedata_hashed.bin" will be created. The program will ask you if the trainer had connected to the ranch, select YES if the new trainer information matches any of the ranch trainers.

6.- Delete savedata.bin inside the folder you extracted with Savegame Manager Gx (0001000157424d50 for PAL savefile, 0001000157424d45 for NTSC-U savefile).

7.- Copy savedata_hashed.bin to that folder and rename it as savedata.bin.

8.- Restore your savegame to your wii with Savegame Manager Gx.

9.- You should now be able to extract all the pokemon with the specified trainer

-----------

Side notes:

*: if the ranch is full, backup the savefile, then erase it and start a new game in my pokemon ranch, deposit a pokemon and extract this new savefile (in another location, don't overwrite the save with the pokemon you want to obtan!). The use this savefile to obtain your .tnr file. If you do that, select NO in step 5.

If you want to change the savegame's region/language, drag and drop savedata_hashed.bin on PR-regionchange.exe after step 5 and use the new created file instead in further steps.

Savedata structure information:

This is the thread that originated it all: http://projectpokemon.org/forums/showthread.php?28382-Reading-My-Pokemon-Ranch-save)

Original post:

PR-tools_v2.zip

Wow, this is great, I used some AR codes because it seemed easier than looking at the saves/memory, but this is awesome, thank you very much!

I've looked at 3 different ranch savedata.bin files and in each file the stored pokemon start at different offsets. This seems to be because of the amount of Mii in the savefile doesn't have a constant allocated space.

The actual data starts at 0x22AC, and each Mii takes up 40 bytes. 0x22AF value indicates how many Mii are registered (probably it is a 4 byte variable, taking from 0x22AC to 0x22AF). After the mii data there are 8 bytes more of data, here's data from two different save files:

Savefile 1: 00 00 00 2C 00 00 00 01
Savefile 2: 00 00 00 2C 00 00 00 01

After this come the entries linking the Mii's and the trainers, I think the 00 00 00 01 is a 4-byte value indicating how many trainer id's follow. The two savefiles I have only have one trainer, I may check later to confirm this. Each entry is 44 bytes long, then, 4 unknown bytes and then 4 bytes which value is the number of pokemon stored. Then the pokemon start.

I think it is worth mentioning that the 0x1C (28 in decimal) bytes that follow the 136 byte pokemon are 4 bytes, then TID (2 bytes), SID (two bytes), trainer name (16 bytes) and 4 more unknown bytes. All this data is unencrypted.

First come Hayley's pokemon, including the ones that may have been traded with her. You can identify them because the 0x1C bytes that follow them are blank, they don't have any trainer ID assigned (so you can't take them out of the ranch). Any pokemon traded with hayley are here too, even eggs.

I don't know how many pokemon can Hayley take to the ranch. Because of the amount of blank savedata after my last pokemon (and I have 990+ in this savefile) I pressume that this number is as high as 1000 more pokemon brought in by hayley. I guess nobody got that far to confirm.

Then come the pokemon stored at the ranch by DS cartriges.

I have found the end of the pokemon in the ranch marked by "00 00 00 28" in two different save files.

Summary:

- My goal is to code an app that can extract all pokemon into .pkm files

- Extracting Hayley's pokemon will be optional

- Another use of the app will be to change the TID, SID and Name of all stored pokemon, so instead of editing the diamond/pearl savegame the pokemon ranch savegame is edited.

Information so far:

0x22AC-0x22AF: number of mii stored
Variable: mii data, each mii takes 40 bytes.
4 bytes:  00 00 00 2C
4 bytes: number of trainer-Mii links
Variable: trainer-mii entries, 44 bytes long each entry
4 bytes: unknown data; 00 00 00 A4 in two different savegames
4 bytes: number of pokemon in the ranch

POKEMON ENTRIES (164 bytes each), structured as following:
-136 bytes: encrypted .pkm file (readable by pokegen)
-28 bytes: 4 bytes (*read below), then TID (2 bytes), SID (two bytes), trainer name (16 bytes) and 4 more unknown bytes. This data is unencrypted.

End of file mark? (4 bytes): 00 00 00 28

* These value seems to be 01 00 00 00 for trainers, 05 00 00 00 for pokemon traded to Hayley, 04 00 00 00 for Hayley's pokemon, and 04 00 00 02 for pokemon that are tradeable with the player (check here for those pokemon: http://bulbapedia.bulbagarden.net/wiki/Hayley%27s_trades).

EDIT:

I have already coded a program that extracts all pokemon and should work with all pokemon ranch savefiles (well, maybe it doesn't with the japanesse platinum update).

I also coded a program that changes the trainer of every pokemon in the ranch (except Hayley's) to the inputed TID, SID and trainer name. This needs testing and I can't do it right now, so we'll have to wait some hours to see if it works (if there's no checksums it should work).

EDIT2: As expected, the ranch savefile seems to have a header with a checksum for the savefile, so changing the data without recalculating the checksum won't work. I don't know how checksums work, anyone would lend a hand?