Go Back   The PokéCommunity Forums > ROM Hacking > Tools, Tutorials & Resources
Reload this Page [Tutorial] HGSS : Enlarge the type chart without breaking the code (+ some other things)

Notices
For all updates, view the main page.

Tools, Tutorials & Resources Various tools to help you develop your hacks can be found here.
New threads in this forum are to be approved by a moderator before they are displayed.



Reply
 
Thread Tools
  #1    
Old September 5th, 2014 (12:42 PM). Edited October 10th, 2014 by MeroMero.
MeroMero's Avatar
MeroMero MeroMero is offline
 
Join Date: Sep 2014
Gender: Male
Posts: 8
Hi everyone.
I'm MeroMero (yes the same MeroMero from Smogon)

I finally jumped the gun and joined PokéCommunity just so I could share my findings.

Be ready though, this post is going to be quite long.

Some notes:
When an offset is followed by an asterisk (*) ,it means that the offset differs between different regions (and sometimes between games of the same region).
Unless specified otherwise, bytes’ endianness is usually little-endian.

EDIT: Type-chart updated


Changing the template’s color for ???-typed moves on the bottom screen to suit Fairy-type moves better.

This one is easy:
  • Decompress overlay9_0006.bin
  • Go to offset 0×290
  • Change this:
Code:
7A 5A 17 4E B5 45 72 3D 30 31 ED 28 CB 20 FB 66
  • Into this:
Code:
DF 7E 3F F2 1E 6A DD 59 5B CD 17 C1 D6 B4 37 7F
The colors will fit the Fairy-type much more now.



Editing the Incenses-babies.

  • Decompress arm9.bin
  • Go to offset 0×FF4AE*
  • You should see this:
Code:
  68 01 FF 00 CA 00
  2A 01 FE 00 B7 00
  B7 01 3A 01 7A 00
  B6 01 3B 01 B9 00
  BE 01 3C 01 8F 00
  CA 01 3D 01 E2 00
  96 01 3E 01 3B 01
  B8 01 3F 01 71 00
  B1 01 40 01 66 01
Format is BB BB II II DD DD.
BB BB is the baby produced when at least one parent holds the corresponding item.
II II is the item that at least one parent has to hold.
DD DD is the default baby when none of the parent holds the corresponding item.

For example we’re going to dissect the 7th row, shall we?
96 01 is a Pokémon ID.
Invert the 2 bytes and you get 01 96.
Converting from base 16 to base 10 we get 406.
Oh, it’s Budew!
This is the same principle with the item ID and the default baby ID.
Item ID: 3E 01 => 01 3E => 318 => Rose Incense
Default baby ID: 3B 01 => 01 3B => 315 => Roselia

The instruction is as follows: If at least one of the Parents hold the Rose Incense, Budew will hatch from the egg, otherwise Roselia hatch from the egg.

So if you have understood, it means we basically have to replace all 9 instances of DD DD by their corresponding BB BB.

  • Change the previous bytes and you should obtain this:
Code:
  68 01 FF 00 68 01
  2A 01 FE 00 2A 01
  B7 01 3A 01 B7 01
  B6 01 3B 01 B6 01
  BE 01 3C 01 BE 01
  CA 01 3D 01 CA 01
  96 01 3E 01 96 01
  B8 01 3F 01 B8 01
  B1 01 40 01 B1 01
Neat, now how about you go and hatch that Budew without a Rose Incense, hum?

* Regions’ differences:
Code:
Language          Offset
   
Japanese          0×FFEC2 
English           0×FF4AE
French            0×FF492
German            0×FF462
Italian           0×FF426
Spanish HG        0×FF496 
Spanish SS        0×FF49E 
Korean HG         0×FFB5A
Korean SS         0×FFB52
Heal Bell ignores the Soundproof’s check and behaves exactly like Aromatherapy

Disclaimer: Read all the paragraph before attempting any manipulation.

  • Decompress overlay9_0012.bin
  • Go to the very bottom of the file
  • You should see something like that:
Code:
2D 00 2E 00 2F 00 30 00 67 00 AD 00 FD 00 3F 01
40 01 30 01 95 01 C0 01
Q: What are those?
A: Those are the very moves blocked by Soundproof.

Each move is 2 bytes long, for example let’s try this one: 30 01.
Invert the 2 bytes and you get 01 30.
Now convert from hex to decimal and you get 304.
304 is the ID number for the move Hyper Voice!

Well what move are we trying to break already? Oh yes, Heal Bell.
So the move Heal Bell has been assigned the ID number 215.
Okay 215 in hexadecimal is D7, since moves are 2 bytes long instead let’s go with 00 D7.
Invert the 2 bytes and you get D7 00.
Time to go and check against the previous string…


HEY! But there’s no bytes equal to D7 00 in there!

Explanation: Actually this string lists the moves blocked by an opponent’s Soundproof! Have you ever tried to use Heal Bell against that Exploud? Believe it or not but it will work.
When it comes to the move Heal Bell, the game will instead perform a check against all of your team members’ abilities, and if a Pokémon affected by a major status condition happens to have Soundproof, it will not be healed.

Tough luck, huh? But this will come to an end with those simple-to-follow steps.

  • Decompress overlay9_0012.bin
  • Go to offset 0×98A0* and change the value D7 into 00
  • Do the same at offset 0×21ADE*
  • Go to offset 0×98B0* and change the value 2B into FF (anything between 7C and FF included will do the trick)
  • Do the same at offset 0×9906* and offset 0×21AE4*

Offset 0×98A0 is the check for Heal Bell’s execution for the Pokémon on the battlefield, on the side of the Heal Bell’s user.
Offset 0×21ADE is the check for Heal Bell’s execution for the remaining team members of the Heal Bell’s user team.

Offset 0×98B0 is the check for Soundproof against the Heal Bell’s user.
Offset 0×9906 is the check for Soundproof against the teammate of the Heal Bell’s user (Double battle only).
Offset 0×21AE4 is the check for Soundproof against the remaining team members of the Heal Bell user’s team.

Basically the new instruction is: check if [Pokémon] used move with ID 0 and check for every instance of ability with ID 255.

You shouldn’t replace 2B by 00, because the ability with ID number 0 is used in-game when an ability gets cancelled (Gastro Acid comes to mind), whereas you can replace D7 by 00 since there is no legitimate way to get the move with ID number 0.

* Regions’ differences:
Code:
Language            Offset 1               Offset 2               Offset 3               Offset 4               Offset 5
   
Japanese            0×98A8                 0×98B8                 0×990E                 0×21AE6                0×21AEC
Korean              0×98A4                 0×98B4                 0×990A                 0×21AE2                0×21AE8
Others              0×98A0                 0×98B0                 0×9906                 0×21ADE                0×21AE4



Complete type chart



This is the type-chart:

Code:
000505
000805
0A0A05
0A0B05
0A0C14
0A0F14
0A0614
0A0505
0A1005
0A0814
0B0A14
0B0B05
0B0C05
0B0414
0B0514
0B1005
0D0B14
0D0D05
0D0C05
0D0400
0D0214
0D1005
0C0A05
0C0B14
0C0C05
0C0305
0C0414
0C0205
0C0605
0C0514
0C1005
0C0805
0F0B05
0F0C14
0F0F05
0F0414
0F0214
0F1014
0F0805
0F0A05
010014
010F14
010305
010205
010E05
010605
010514
011114
010814
030C14
030305
030405
030505
030705
030800
040A14
040D14
040C05
040314
040200
040605
040514
040814
020D05
020C14
020114
020614
020505
020805
0E0114
0E0314
0E0E05
0E1100
0E0805
060A05
060C14
060105
060305
060205
060E14
060705
061114
060805
050A14
050F14
050105
050405
050214
050614
050805
070000
070E14
071105
070805
070714
101014
100805
110105
110E14
110714
111105
110805
080A05
080B05
080D05
080F14
080514
080805
FEFE00
000700
010700
FFFF


Here is its format :
AA DD EE
_AA : attack type
_DD : defender type
_EE : effectiveness
those 3 bytes are repeated consecutively for basically each type, and the table will end at the first occurrence of AA DD equal to FF FF.

AA and DD can take one of the following values :
_0×00 : Normal
_0×01 : Fighting
_0×02 : Flying
_0×03 : Poison
_0×04 : Ground
_0×05 : Rock
_0×06 : Bug
_0×07 : Ghost
_0×08 : Steel
_0×09 : ???
_0×0A : Fire
_0×0B : Water
_0×0C : Grass
_0×0D : Electric
_0×0E : Psychic
_0×0F : Ice
_0×10 : Dragon
_0×11 : Dark

EE can take one of these 4 values :
_0×00 : ineffective
_0×05 : not very effective
_0×0A : normal damage
_0×14 : super effective

As you have guessed, EE is actually a multiplier, but before the effect is applied, EE is divided by 10, thus the origin of the coefficients ×0, ×0.5, ×1 and ×2 !

But there's a first problem, if you try to search for 00 05 05 00 08 05 0A 0A 05, etc. in the ROM, your hex editor of choice will return no results!
This is because the overlay that contains the table (overlay 12 here) is LZ-compressed (all overlays are compressed in HGSS anyways).
Decompress it with Crystal Tile 2 for example.

Okay now you search through the decompressed overlay 12 with your hex editor, and now you have found the string, great; but there's a second problem!
Look at the table, there's no EE bytes whose value is equal to 0×0A!
That's because 0A is the default multiplier in Gen 4 Pokémon games, which is why ???-typed moves/Pokémon deal/take neutral damage to/from everything. But unlike Gen 2 and Gen 3, thanks to the Physical-Special split, ???-typed moves are actually able to deal damage greater than 1HP (read real damage).
How is it going to affect us?
Well you're going to have a hard time if you want to port the Fairy type effectiveness in HGSS (for the sake of an example).
If you try to add (DON'T !) even only one more relationship, once you get into a fight you will break the game since the arm9 code will read wrong instructions from everything in the overlay 12 that come after the type table…


How to trick the game then?
First you have to understand how the game works:
Let's say you have 2 main states in Pokémon games, the overworld and the fights.
The game needs to load the following overlays for the overworld: 1, 2, 3 and 27 (Group 1)
And it needs to load these for the fights : 6, 7, 10, 12, and 18 (Group 2)
Actually the overlay 10 is loaded every time you get to choose your action, the overlay 7 when you have chosen said action (and initially at the beginning of the fight too).

Once you press continue on the menu screen, the game will load the group 1, and when you get in a fight, it will load the group 2, once you are finished with your fight the game will load again the group 1, etc.
You can see that with the RAM Viewer around address 0×021D0E00 for those who are curious
It's something like this:

Overworld:
Code:
01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00
03 00 00 00 01 00 00 00 1B 00 00 00 01 00 00 00
Fight:
Code:
0C 00 00 00 01 00 00 00 12 00 00 00 01 00 00 00
06 00 00 00 01 00 00 00 0A 00 00 00 01 00 00 00


If you parse through the RAM, you'll see that when the overlays from one group are loaded, the previous overlays who happened to be there will be overwritten.

The trick here is to find a place in the RAM that is not used during the fights and that could be used to fit in the new table.
And such an area exists!
It just so happen that overlay 18 and overlay 1 have the same offset in the RAM, but ovl_1 is much longer than ovl_18! That's exactly what we need.

What does it means? It basically means that the ovl_1 leftovers is basically free space during the fights!


Modus Operandi

Step 1
Open your Pokémon HeartGold or Pokémon SoulSilver ROM in Crystal Tile 2.



Step 2
Click the NDS icon (or alternatively click Ctrl+N).


Expand the window if necessary.

Step 3
Right-click on overlay9_0012.bin and click Extract (not Export !), this will actually decompress the overlay.


Step 4
Do the same for overlay9_0018.bin.

Step 5
Open both decompressed files in a hex editor.

Step 6
Add your improved type-chart at the end of overlay9_0018.bin



I advise you to make a full chart with all 324 relationships from the get-go, so that if you want to change something, you won't have to go through all the trouble again.
Or you can take mine, which is up to date with the relationships according to Gen 6 :

Code:
00000A00010A00020A00030A00040A00050500060A00080500090A000A0A000B0A000C0A000D0A000E0A000F0A00100A00110A
01001401010A01020501030501040A010514010605010814010905010A0A010B0A010C0A010D0A010E05010F1401100A011114
02000A02011402020A02030A02040A02050502061402070A02080502090A020A0A020B0A020C14020D05020E0A020F0A02100A02110A
03000A03010A03020A03030503040503050503060A030705030800030914030A0A030B0A030C14030D0A030E0A030F0A03100A03110A
04000A04010A04020004031404040A04051404060504070A04081404090A040A14040B0A040C05040D14040E0A040F0A04100A04110A
05000A05010505021405030A05040505050A05061405070A05080505090A050A14050B0A050C0A050D0A050E0A050F1405100A05110A
06000A06010506020506030506040A06050A06060A060705060805060905060A05060B0A060C14060D0A060E14060F0A06100A061114
07000007010A07020A07030A07040A07050A07060A07071407080A07090A070A0A070B0A070C0A070D0A070E14070F0A07100507110A
08000A08010A08020A08030A08040A08051408060A08070A080805080914080A05080B05080C0A080D05080E0A080F1408100A08110A
09000A09011409020A09030509040A09050A09060A09070A09080509090A090A05090B0A090C0A090D0A090E0A090F0A091014091114
0A000A0A010A0A020A0A030A0A040A0A05050A06140A070A0A08140A090A0A0A050A0B050A0C140A0D0A0A0E0A0A0F140A10050A110A
0B000A0B010A0B020A0B030A0B04140B05140B060A0B070A0B080A0B090A0B0A140B0B050B0C050B0D0A0B0E0A0B0F0A0B10050B110A
0C000A0C010A0C02050C03050C04140C05140C06050C070A0C08050C090A0C0A050C0B140C0C050C0D0A0C0E0A0C0F0A0C10050C110A
0D000A0D010A0D02140D030A0D04000D050A0D060A0D070A0D080A0D090A0D0A0A0D0B140D0C050D0D050D0E0A0D0F0A0D10050D110A
0E000A0E01140E020A0E03140E040A0E050A0E060A0E070A0E08050E090A0E0A0A0E0B0A0E0C0A0E0D0A0E0E050E0F0A0E100A0E1100
0F000A0F010A0F02140F030A0F04140F050A0F060A0F070A0F08050F090A0F0A050F0B050F0C140F0D0A0F0E0A0F0F050F10140F110A
10000A10010A10020A10030A10040A10050A10060A10070A100805100900100A0A100B0A100C0A100D0A100E0A100F0A10101410110A
11000A11010511020A11030A11040A11050A11060A11071411080A110905110A0A110B0A110C0A110D0A110E14110F0A11100A111105
FEFE00000700010700FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF


Step 7
In overlay_0012:
  • search for 7CCC2602* and change it for 60BE1F02* (4 occurrences)
  • search for 7DCC2602* and change it for 61BE1F02* (3 occurrences)
  • search for 7ECC2602* and change it for 62BE1F02* (3 occurrences)
Code:
Language     original pointers    updated pointers

Japanese     78C12602             E0B01F02
             79C12602             E1B01F02
             7AC12602             E2B01F02
            
English      7CCC2602             60BE1F02
             7DCC2602             61BE1F02
             7ECC2602             62BE1F02
            
French       9CCC2602             A0BA1F02
             9DCC2602             A1BA1F02
             9ECC2602             A2BA1F02

German       5CCC2602             60BA1F02
             5DCC2602             61BA1F02
             5ECC2602             62BA1F02

Italian      1CCC2602             20BA1F02
             1DCC2602             21BA1F02
             1ECC2602             22BA1F02

Spanish HG   9CCC2602             A0BA1F02
             9DCC2602             A1BA1F02
             9ECC2602             A2BA1F02

Spanish SS   BCCC2602             C0BA1F02
             BDCC2602             C1BA1F02
             BECC2602             C2BA1F02

Korean       80D62602             A0C41F02
             81D62602             A1C41F02
             82D62602             A2C41F02

As you have guessed, the pointers will point to the type table, what you did here is relocating the pointers to the new and (admittedly) more complete table.

Step 8
Save both files and close your hex editor.

Step 9
Back to Crystal Tile, right-click on overlay_0012.bin and click Compression, this will actually import the LZ-compressed of your file back into the ROM.



Step 10
Do the same for overlay_0018.bin, but be careful now the file is too large to be contained between ovl_17 and ovl_19 even when compressed ! But do not fret, Crystal Tile will take care of that for you.


Just click OK.

Step 11
Close Crystal Tile 2, and now your ROM is ready.

Want to make Poison super-effective against Water ? Sure thing mate.
Want to make Ice resistant to Dragon ? Knock yourself out !
Want to add all the Fairy type relationships ? That's the reason that drove me to think outside the box and find a way to present you this.



Wow ! And I'm still not done, but others discoveries will be for another time, I think those will take enough of your time to swallow.

Other discoveries include:
  • Adding a functional item (why not, the Pixie Plate)
  • Adding an item's effect ID to the list of ×1.2 type-enhancer items
  • Edit the move Judgment so it takes into account the Fairy-Type, yes the case for type 9 is not taken into account in the move's code
  • Edit Pokémon coordinates and shadow on the battlefield (not by me)

Another notes:
  • The code for evolution methods 18, 19 and 1A was scrapped in HGSS
  • Explorer Kit was dummied out in HGSS, it will appear as a blank item
  • There's NO way to legitimately make Arceus stay in its ??? form in gen IV games without modifying the code, in the code the case for type 9 (???-type) is simply non-existant, plus even if you could get it you would have to modify the move Judgment too.


So, what do you think?
Reply With Quote
  #2    
Old September 9th, 2014 (04:36 AM).
AkimotoBubble AkimotoBubble is offline
 
Join Date: Aug 2014
Gender: Male
Posts: 27
The discovery of magic, and why I didn't see a bin file
__________________
i am bubble,and sorry my english is not good ......
Reply With Quote
  #3    
Old October 3rd, 2014 (05:46 PM).
AkimotoBubble AkimotoBubble is offline
 
Join Date: Aug 2014
Gender: Male
Posts: 27
i want know where have the overlay9_0006.bin or how can Decompress get it
Reply With Quote
Reply
Quick Reply

Sponsored Links

You may also like.. (Beta)
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are UTC -8. The time now is 07:11 AM.