View Single Post
  #1    
Old May 1st, 2010, 06:35 AM
HackMew's Avatar
HackMew
Mewtwo Strikes Back
 
Join Date: Jun 2006

Brief Intro


As probably most of you are aware of already, Emerald has a faulty PRNG implementation. The game does not take care of reseeding during the startup, leading to the fact it can be easily abused to get perfect IVs and similar.

Description


While it can be useful, it's indeed a major glitch. Since the whole game randomness is affected, it definitely needs to be fixed. Taking a look at Ruby's code, I found out that the initial reseeding happens as soon as the game starts (i.e. when the boot screen shows up). R/S use their internal clook to generate a 16-bit seed. In Emerald, of course, this part is totally missing. So I decided to emulate the R/S approach by porting their reseeding routine to Emerald. Here's the outcome:

Code:
.text .align 2 .thumb .thumb_func .global EmeraldPrngFix main: push {lr} ldr r1, .GET_CLOCK bl bx_r1 lsr r1, r0, #0x10 lsl r0, r0, #0x10 lsr r0, r0, #0x10 eor r0, r1 ldr r1, .UPDATE_SEED bl bx_r1 ldr r0, .UNK_RAM1 mov r4, #0x0 strb r4, [r0, #0x0] pop {pc} bx_r1: bx r1 .align 2 .UNK_RAM1: .word 0x03002700 .GET_CLOCK: .word 0x0802F664|1 .UPDATE_SEED: .word 0x0806F5F8|1
In order to apply the fix, assemble the routine and insert it somewhere where there's enough free space (if you never done it before, you better check my ASM tutorials). Take note of the address you used, and then replace 02 24 04 70 with FE 46 00 47, and 00 27 00 03 with XX XX XX XX, where XX XX XX XX represents the pointer to the routine's address + 1. For the respective offsets, see below.

The Offsets


  • Emerald US v1.0

    Code:
    0x402 0x478

This research document is Copyright © 2010 by HackMew.
You are not allowed to copy, modify or distribute it without permission.
__________________
Reply With Quote