View Single Post
  #1    
Old January 31st, 2010, 07:12 AM
HackMew's Avatar
HackMew
Mewtwo Strikes Back
 
Join Date: Jun 2006

Brief Intro


I'm gonna deliberately quote Bulbapedia here:
[jq]The Running Shoes were introduced in Ruby and Sapphire, and used in all Generation III and Generation IV games. They are typically received shortly after the beginning of the game, and allow the player to run instead of walk, by holding the B button and pressing the D-pad in any direction. The speed at which players can run is about twice as that of walking, yet slower than any of the bicycles. In Generation IV, the player can use Running Shoes inside of all structures instead of being limited to certain buildings in past games.[/jq]To be honest, I always disliked the fact you could not run indoors. Eventually, Game Freak realized that too someday.
Now we will fix the annoying issue, letting the player use Running Shoes everywhere, through a simple byte change!

Description


The game does some checks when pressing the B button. Below, part of the routine involved, disassembled from FireRed US v1.0:

Code:
080bd490 7e41 ldrb r1, [r0, #0x19] 080bd492 2002 mov r0, #0x2 080bd494 4008 and r0, r1 080bd496 2800 cmp r0, #0x0 080bd498 d006 beq $080bd4a8
I'll explain briefly what happens. First of all, the "Show name on entering" byte is loaded into r1 and r0 is set to 0x2. Then r0 is ANDed with r1. Here are the possible results:

Code:
0x2 AND 0x0 = 0x0 0x2 AND 0x1 = 0x0 0x2 AND 0x2 = 0x2 0x2 AND 0x3 = 0x2 0x2 AND 0x4 = 0x0 0x2 AND 0x5 = 0x0 0x2 AND 0x6 = 0x2 0x2 AND 0x7 = 0x2 0x2 AND 0x8 = 0x0 0x2 AND 0x9 = 0x0 0x2 AND 0xA = 0x2 0x2 AND 0xB = 0x2 0x2 AND 0xC = 0x0 0x2 AND 0xD = 0x0 0x2 AND 0xE = 0x2 0x2 AND 0xF = 0x2
As you can see, a specific pattern is repeating itself. Going on with the routine, we can see r0 is compared with 0x0. If equal, no Running Shoes :(

Now, if we could change the "and r0, r1" instruction with a "and r0, r0" one, what would happen?
The register r0 is set to 0x2 the instruction before, so it would always be 0x2 AND 0x2 = 0x2. And since 0x2 is not 0x0, we can run anytime.
Regardless of the map header settings :)

That's for FR/LG. In Emerald, things are pretty similar, here's the routine from Emerald US v1.0:

Code:
0811a1e4 7e81 ldrb r1, [r0, #0x1a] 0811a1e6 2004 mov r0, #0x4 0811a1e8 4008 and r0, r1 0811a1ea 2800 cmp r0, #0x0 0811a1ec d006 beq $0811a1fc
Nothing much to say, really. The main difference is that r0 is set to 0x4 instead of 0x2, which means different patterns.
Not that we really care about that, since we already know all we need to do is to replace the "and r0, r1" instruction there.

In Ruby and Sapphire, things are quite different instead:

Code:
080e5dfc 4802 ldr r0, [$080e5e08] (=$0202e828) 080e5dfe 7dc0 ldrb r0, [r0, #0x17] 080e5e00 2808 cmp r0, #0x8 080e5e02 d103 bne $080e5e0c
The above code, extracted from Ruby US v1.0 will load the "Map Type" byte into r0 at first. Then it's compared with 0x8, which means indoors.
When being not equal, you can run. Otherwhise you cannot, indeed. Now, if we change the "cmp r0, #0x8" with "cmp r0, #0x0", we are always allowed to run.
In fact, no map in the game use the value 0x0.

Whatever game you're using, in hex that means replacing 08 with 00. Offsets are below.

The Offsets


  • FireRed US v1.0

    Code:
    0xBD494
  • LeafGreen US v1.0

    Code:
    0xBD468
  • Ruby US v1.0

    Code:
    0xE5E00
  • Sapphire US v1.0

    Code:
    0xE5E00
  • Emerald US v1.0

    Code:
    0x11A1E8

This research document is Copyright © 2010 by HackMew.
You are not allowed to copy, modify or distribute it without permission.
__________________

Last edited by HackMew; February 3rd, 2010 at 03:13 AM.
Reply With Quote