User:Kyoufu Kawa: Difference between revisions
Kyoufu Kawa (talk | contribs) No edit summary |
Kyoufu Kawa (talk | contribs) No edit summary |
||
Line 1: | Line 1: | ||
<div class="userbox"> | <div class="userbox"> | ||
{{User en-3}}{{User nl-N}}{{User Mudkip}}{{User Headache}}{{User Sing}}{{User Dating}}{{User Favorite|025|Pikachu}}{{User FireRed}}{{User Pearl}}{{User Ketchup}}{{User Artist}}{{User Windows|XP}}{{User Computer|137}}{{User IE}}<table class="userboxitem" style="border: 1px solid #9ab;" cellspacing="0" cellpadding="0"><tr><td style="background: #fff;">[[Image:GenISuperNerd.png]]</td><td style="background: #fff; color: #300;">This user is a '''<span style="color: #203;">hacker</span>'''.</td></tr></table>{{User Advanced Generation}}{{User Pearl Code|2621 0008 4056}}{{User Broadband}}</div> | {{User en-3}}{{User nl-N}}{{User Mudkip}}{{User Headache}}{{User Sing}}{{User Dating}}{{User Favorite|025|Pikachu}}{{User FireRed}}{{User Pearl}}{{User Ketchup}}{{User Artist}}{{User Windows|XP}}{{User Computer|137}}{{User IE}}<table class="userboxitem" style="border: 1px solid #9ab;" cellspacing="0" cellpadding="0"><tr><td style="background: #fff;">[[Image:GenISuperNerd.png]]</td><td style="background: #fff; color: #300;">This user is a '''<span style="color: #203;">hacker</span>'''.</td></tr></table>{{User Advanced Generation}}{{User Pearl Code|2621 0008 4056}}{{User Broadband}}</div> | ||
Hi. I'm | Hi. I'm Kawa and I'm an experienced rom hacker and learning GBA homebrewer. For one of my [http://helmetedrodent.kickassgamers.com/openpoke/ projects], I have to know with 100% certainty what the [[:Category:Structures|structures]] are on the Advanced gen. Pokémon games so you'll see me editing those pages every once in a while when disassembly progress reveals new data. | ||
So I recently found out how the game handles the encrypted data. It doesn't. When the [[Pokémon data substructures in the GBA|substructures]] are needed, they're decrypted, read/written and re-crypted. All because I saw something flash by in the memory viewer that looked like raw data. | So I recently found out how the game handles the encrypted data. It doesn't. When the [[Pokémon data substructures in the GBA|substructures]] are needed, they're decrypted, read/written and re-crypted. All because I saw something flash by in the memory viewer that looked like raw data. | ||
And here's another fun thing to try: if you want to manipulate your opponent's Pokémon, including a wild encounter, try browsing to your party data (see [[Pokémon data structure in the GBA]]) and scroll up about 600 bytes. You see correctly. | And here's another fun thing to try: if you want to manipulate your opponent's Pokémon, including a wild encounter, try browsing to your party data (see [[Pokémon data structure in the GBA]]) and scroll up about 600 bytes. You see correctly. | ||
== Kawa's Pokémon Research == | == Kawa's Pokémon Research == | ||
Line 22: | Line 21: | ||
=== Time to Hatch === | === Time to Hatch === | ||
Silly me, I should've remembered the part where the number of steps is multiplied by 256. Turns out happiness ''is'' the number of steps required -- divided by 256! Having made a savestate one step before the happiness value decreases, I'll now try to find the step counter. Having an insight hack really helps tracking those monster properties ^^ | Silly me, I should've remembered the part where the number of steps is multiplied by 256. Turns out happiness ''is'' the number of steps required -- divided by 256! Having made a savestate one step before the happiness value decreases, I'll now try to find the step counter. Having an insight hack really helps tracking those monster properties ^^ | ||
Yeah! I found the step counter! Apparently, the hatch steps and poison steps are two seperate values, right next to each other. I'd post the offset, but in an unhacked game it moves around all the time. | |||
More research coming... whenever. | More research coming... whenever. |
Revision as of 19:29, 3 October 2008
Template:User en-3Template:User nl-N
This user lieks Mudkipz. |
This user has a chronic headache. |
♪ ♪ ♪ |
This user can sing. |
---|
This user is in a relationship. |
☆ This user's favorite Pokémon is Pikachu. ☆ |
This user is a player of Pokémon FireRed Version. |
This user is a player of Pokémon Pearl Version. |
This user loves ketchup as much as Pikachu. |
This user is an artist. |
This user contributes using Microsoft Windows XP. |
This user spends too much time on the computer. |
This user contributes using Microsoft Internet Explorer. |
File:GenISuperNerd.png | This user is a hacker. |
This user likes Pokémon the Series: Ruby and Sapphire. |
This user's DS friend code for Pokémon Pearl is 2621 0008 4056. |
This user contributes using broadband. |
Hi. I'm Kawa and I'm an experienced rom hacker and learning GBA homebrewer. For one of my projects, I have to know with 100% certainty what the structures are on the Advanced gen. Pokémon games so you'll see me editing those pages every once in a while when disassembly progress reveals new data.
So I recently found out how the game handles the encrypted data. It doesn't. When the substructures are needed, they're decrypted, read/written and re-crypted. All because I saw something flash by in the memory viewer that looked like raw data.
And here's another fun thing to try: if you want to manipulate your opponent's Pokémon, including a wild encounter, try browsing to your party data (see Pokémon data structure in the GBA) and scroll up about 600 bytes. You see correctly.
Kawa's Pokémon Research
Font and Sanity
The font byte in the Pokémon data structure can be 0, 1 or 2. 0 and 2 are both Western. 1 is the Japanese font. Also notice that the variable-width font engine can fit all ten characters in a six tile space, but the Japanese font does not. For this reason, the game automatically cuts off at the sixth character if the font is set to Japanese.
The sanity byte determines if the individual is an egg. Zero and 2 are a regular monster, 1, 3-5 are Bad EGGs but can be changed back, 6 makes the game write "EGG" instead of the monster's nickname but doesn't actually make it an egg and 7 is the actual Bad EGG. When you break the checksum, the sanity byte is set to 7. This persists! Several actions in the game (see below) make it check for Bad EGGs and keep resetting the byte to 7, for example stepping into tall grass and opening the party screen. Good luck turning the Bad EGG back into a real monster. Note that only the first few bits matter so the pattern repeats after 7.
Eggs
In the DV field, there are two bits left over. One of these determines if a given Pokémon is an Egg. Combine this with the sanity byte set to 6 to make it write EGG instead of whatever the Pokémon's nickname is.
Bad Eggs
Every time a given property of a Pokémon is read or written, this is done with four specific routines. Two of these are called by the other two if the requested property is in the substructure block. These routines are also responsible for checking if the Pokémon's checksum is correct and set a bunch of values to turn it into a Bad EGG otherwise, but only if it's a substructure property.
Time to Hatch
Silly me, I should've remembered the part where the number of steps is multiplied by 256. Turns out happiness is the number of steps required -- divided by 256! Having made a savestate one step before the happiness value decreases, I'll now try to find the step counter. Having an insight hack really helps tracking those monster properties ^^
Yeah! I found the step counter! Apparently, the hatch steps and poison steps are two seperate values, right next to each other. I'd post the offset, but in an unhacked game it moves around all the time.
More research coming... whenever.