Quick Research & Development Thread

Versekr Dark · Nov 16, 2016

BluRose said:
[UNTESTED. MIGHT NOT WORK BECAUSE OF FUNCTION DIFFERENCES (SPECIFICALLY THE FIRST ADDRESS, THE OTHER TWO LOOK FINE), BUT AT LEAST ADDRESSES FOR THE MODIFICATIONS ARE RIGHT.]
gen vi exp share system (em):

4A4BE - 02 21
4A594 - 01 22
4A634 - 01 20

Sorry for the ruby

destinedjagold · Nov 16, 2016

Versekr Dark said:
Sorry for the ruby

Here's one for Ruby.

Code:

[B]08020280[/B] 004A1047[COLOR="Red"]XXXXXX[/COLOR]08
[B]080201E2[/B] 02 21
[B]08020336[/B] 01 20

XXXXXX should be the address +1 of this ASM routine...

Spoiler:

It checks your bag if you have the Exp. Share. If you do, then your team will each get 50% of the experience (I suggest you turn your Exp. Share into a Key Item if you want to apply this into your Ruby hack but I really suggest you either hack Emerald or FireRed instead...). The experience gain is reduced to 50%, regardless if you have the item and who's active during the battle. (It's why I decided to remove the feature in the next beta of my hack.)

Credits go to Andrea.

Versekr Dark · Nov 17, 2016

destinedjagold said:
Here's one for Ruby.

Code:

[B]08020280[/B] 004A1047[COLOR="Red"]XXXXXX[/COLOR]08 [B]080201E2[/B] 02 21 [B]08020336[/B] 01 20

XXXXXX should be the address +1 of this ASM routine...

Spoiler:

Code:

.THUMB .ALIGN 2 PUSH {R0-R7} MOV R0, #0xB6 MOV R1, #1 BL CHECK_ITEM CMP R0, #1 BEQ RETURN POP {R0-R7} MOV R2, #1 AND R2, R0 CMP R2, #0 BNE RETURN_2 LSR R0, R0, #1 STRB R0, [R1] LDR R1, = 0x0802028D BX R1 RETURN: POP {R0-R7} RETURN_2: LDR R1, = 0x080202A1 BX R1 CHECK_ITEM: PUSH {R0} LDR R0, = 0x080A92D5 MOV R11, R0 POP {R0} BX R11

It checks your bag if you have the Exp. Share. If you do, then your team will each get 50% of the experience (I suggest you turn your Exp. Share into a Key Item if you want to apply this into your Ruby hack but I really suggest you either hack Emerald or FireRed instead...). The experience gain is reduced to 50%, regardless if you have the item and who's active during the battle. (It's why I decided to remove the feature in the next beta of my hack.)

Credits go to Andrea.

Muchas gracias :), perdonen las molestias.

Thank you very much :), sorry for the inconvenience.

mbcn10ww · Nov 17, 2016

Sagiri said:
Constant Base Power For Hidden Power [FR]

Starting with XY, Hidden Power's base power was fixed at 60. Prior to this, it varied between 30 and 70, based on the Pokemon's IVs. To force the game to read the base power from the move data table, null out the strh at 0x0802B722.

Basically, replace:

Code:

0x0802B722: 28 80

with:

Code:

0x0802B722: C0 46

After you've done that, HP will use the base power in the table as its base power. Unfortunately, in a vanilla FR it is listed as 0x01, so it will be very weak until you change it. Change the byte at 0x8251721 to 0x3C to give it a base power of 60 (as in XY).

This effects both the actual damage calculation and when you view the Known Moves screen.

(Not So) Hidden Power [FR]

By default, Hidden Power will always display as a Normal-type move. By modifying the routines for displaying the types of moves, we can force it to display as the actual type.

Unlike the earlier parts of this post, this requires some free space. Here's the code:

Spoiler:

Code:

.text .align 2 .thumb .thumb_func write_type_hook: @ r1 := move_id push {r3-r7} mov r7, lr lsl r0, r1, #2 lsl r1, r1, #3 add r0, r1 @ r0 := 12 * move_id ldr r1, move_data add r1, r0 @ [r1] := data for current move ldrb r0, [r1, #2] @ r0 := recorded type ldrb r2, [r1, #0] @ r2 := move effect id cmp r2, #0x87 @ HIDDEN_POWER_EFFECT bne return0 ldrb r0, [r5] @ r0 := slot lsl r0, #1 @ r0 := slot << 1 ldr r1, battle_slot_mapping add r0, r1 ldrb r0, [r0] @ r0 := index in party mov r1, #100 mul r0, r1 @ r0 := offset from party_player ldr r1, party_player add r0, r1 @ [r0] := pokemon bl hp_type_decode return0: mov lr, r7 pop {r3-r7} ldr r1, write_type bx r1 @ return value on r1 display_type_hook: @ r2, r5 := move_id, move_data push {r0, r3-r7} mov r7, lr lsl r0, r2, #2 lsl r1, r2, #3 add r0, r1 @ r0 := 12 * move_id add r0, r5 @ [r0] := data for current move ldrb r1, [r0, #2] @ r1 := type ldrb r2, [r0, #0] @ r2 := effect_id cmp r2, #0x87 bne return1 ldr r0, pkmn_status_data ldr r0, [r0] mov r1, #0x32 lsl r1, r1, #8 add r1, #0x90 add r0, r1 @ [r0] := pokemon bl hp_type_decode mov r1, r0 return1: mov lr, r7 pop {r0, r3-r7} ldr r2, display_type bx r2 @ uint8_t hp_type_decode(pokemon_t*) hp_type_decode: push {r4-r7, lr} mov r6, r0 @ [r6] := pokemon mov r4, #0 @ r4 := type calculation mov r7, #0 @ r7 := iv index ldr r5, pokemon_getattr b test loop: mov r0, r6 @ [r0] := pokemon mov r1, #0x27 @ GET_HP_IV add r1, r7 bl call mov r1, #1 and r0, r1 lsl r0, r7 orr r4, r0 add r7, #1 test: cmp r7, #6 bne loop floor: mov r0, #15 mul r0, r4 mov r1, #63 swi #0x6 decode: @ add 2 if below 8, 1 otherwise cmp r0, #8 blo L1 add r0, #1 L1: add r0, #1 pop {r4-r7, pc} call: bx r5 .align 2 write_type: .word 0x0803098E +1 battle_slot_mapping: .word 0x02023BCE party_player: .word 0x02024284 move_data: .word 0x08250C04 pokemon_getattr: .word 0x0803FBE8 +1 display_type: .word 0x081368D6 +1 pkmn_status_data: .word 0x0203B140

And, this is what it looks like already assembled:

Code:

F8 B4 77 46 88 00 C9 00 40 18 27 49 09 18 88 78 0A 78 87 2A 0A D1 28 78 40 00 21 49 40 18 00 78 64 21 48 43 1F 49 40 18 00 F0 1B F8 BE 46 F8 BC 1A 49 08 47 F9 B4 77 46 90 00 D1 00 40 18 40 19 81 78 02 78 87 2A 08 D1 1A 48 00 68 32 21 09 02 90 31 40 18 00 F0 05 F8 01 1C BE 46 F9 BC 14 4A 10 47 F0 B5 06 1C 00 24 00 27 10 4D 09 E0 30 1C 27 21 C9 19 00 F0 10 F8 01 21 08 40 B8 40 04 43 01 37 06 2F F3 D1 0F 20 60 43 3F 21 06 DF 08 28 00 D3 01 30 01 30 F0 BD 28 47 C0 46 8F 09 03 08 CE 3B 02 02 84 42 02 02 04 0C 25 08 E9 FB 03 08 D7 68 13 08 40 B1 03 02

As usual, insert it at an offset ending in 0x0, 0x4, 0x8, or 0xC. For simplicity, I'll refer to this offset as A.

Now, we need to modify the routines to call this new code. There are two places to modify.

Code:

0x08030984: 00 48 00 47 xx xx xx xx

Code:

0x081368CC: 00 49 08 47 yy yy yy yy

The x's are A + 0x01, in reverse hex, while the y's are A + 0x35, also in reverse hex.

This affects the type icons on the party menu (as well as when learning a new move), and the type listed when selecting an attack.

This does not affect the type displayed by the TM Case. As that's not associated with a particular Pokemon, it just reads the type from the move data table. I actually suggest changing Hidden Power's entry in the table to be ???-type (change the byte at 0x08251722 from 0x00 to 0x09), so it will show as that in the TM Case, and the actual type everywhere else.

I didn't bother to force it to calculate and display the base power for Hidden Power, as I prefer the constant base power anyway, but if this was any indication, it would be pretty easy to do.

I've found a problem, when I use this routine, the moves types in-battle shows 99999999... or nothing. For someone who found this problem, you probably have repointed the move data, simply change the offset of "move_data: .word 0x08250C04" to your move data offset.

robinjea · Nov 18, 2016

destinedjagold said:
Here's one for Ruby.

Code:

[B]08020280[/B] 004A1047[COLOR=Red]XXXXXX[/COLOR]08 [B]080201E2[/B] 02 21 [B]08020336[/B] 01 20

XXXXXX should be the address +1 of this ASM routine...

Spoiler:

Code:

.THUMB .ALIGN 2 PUSH {R0-R7} MOV R0, #0xB6 MOV R1, #1 BL CHECK_ITEM CMP R0, #1 BEQ RETURN POP {R0-R7} MOV R2, #1 AND R2, R0 CMP R2, #0 BNE RETURN_2 LSR R0, R0, #1 STRB R0, [R1] LDR R1, = 0x0802028D BX R1 RETURN: POP {R0-R7} RETURN_2: LDR R1, = 0x080202A1 BX R1 CHECK_ITEM: PUSH {R0} LDR R0, = 0x080A92D5 MOV R11, R0 POP {R0} BX R11

It checks your bag if you have the Exp. Share. If you do, then your team will each get 50% of the experience (I suggest you turn your Exp. Share into a Key Item if you want to apply this into your Ruby hack but I really suggest you either hack Emerald or FireRed instead...). The experience gain is reduced to 50%, regardless if you have the item and who's active during the battle. (It's why I decided to remove the feature in the next beta of my hack.)

Credits go to Andrea.

Any idea on how to do this for FR? Because the one posted earlier does not check for Exp. Share when distributing Exp. Points. ;-;

BluRose · Nov 18, 2016

BlackWhiteRobin said:
Any idea on how to do this for FR? Because the one posted earlier does not check for Exp. Share when distributing Exp. Points. ;-;

port addresses
i can do it in like 7 hours when i get home

Sea Dragon · Nov 18, 2016

mbcn10ww said:
The Shedinja's evolution was fixed but not registering on Pokédex.

Ok, I think I found the issue. At CE858 change 54 44 to 00 00

Spoiler:

Do the same thing for Emerald at 13E4EC.

mbcn10ww · Nov 18, 2016

Sea Dragon said:
Ok, I think I found the issue. At CE858 change 54 44 to 00 00

Spoiler:

ROM:080CE856 MOV R4, R8
ROM:080CE858 ADD R4, R10 - adds Nincada's index to 968 (remove this)
ROM:080CE85A LSLS R4, R4, #3 - 968 becomes 4b40
ROM:080CE85C ADDS R4, R4, R0 - finds offset of Shedinja's index in evolution table
ROM:080CE85E LDRH R0, [R4,#0xC] - R0 should now have Shedinja's index

Do the same thing for Emerald at 13E4EC.

Thanks man, it worked fine. xD

Versekr Dark · Nov 20, 2016

BluRose said:
port addresses
i can do it in like 7 hours when i get home

Great, i imagine that you could also export a, still thanks for helping us with these routine :), and clearly I do not ask to be exported by an Em, so there is no confusion :)

BluRose · Nov 20, 2016

Versekr Dark said:
Great, i imagine that you could also export a, still thanks for helping us with these routine :), and clearly I do not ask to be exported by an Em, so there is no confusion :)

check out this convo between blackwhiterobin and i to check progress. we just need two more addresses ported, and they are in the routine itself. if worst comes to worst, we can just port the ruby routines themselves, i'd imagine that that wouldn't be too difficult ahaha. vba's disassembly feature helps out a bit for getting a ruby version of things in fire red, this is not much to go off of

oh and if there's an idb of ruby then why the would i be saying this ahaha
someone might wanna check out the addresses in the routine that i already found because one of them was pretty sketchy i think

en español (no porque no puedes leer el ingles, porque quiero practicar y mejorar mi español)

Spoiler:

Versekr Dark · Nov 20, 2016

BluRose said:
check out this convo between blackwhiterobin and i to check progress. we just need two more addresses ported, and they are in the routine itself. if worst comes to worst, we can just port the ruby routines themselves, i'd imagine that that wouldn't be too difficult ahaha. vba's disassembly feature helps out a bit for getting a ruby version of things in fire red, this is not much to go off of

oh and if there's an idb of ruby then why the would i be saying this ahaha
someone might wanna check out the addresses in the routine that i already found because one of them was pretty sketchy i think

en español (no porque no puedes leer el ingles, porque quiero practicar y mejorar mi español)

Spoiler:

chequea la conversación encima entre de blackwhiterobin y yo para chequear lo que hemos hecho. necesitamos dos direcciónes más, y están en la rutina. si no podemos encontrar las direcciónes en la rutina, podemos hacer las rutinas de rubí para rojo fuego... yo imaginaría que no sería tan dificil, ajaja... el desmontaje de visualboyadvance debe ayudarnos al menos un poco

Thank you very much, I really thought I would not answer haha xD, I'm looking forward to finishing your work and sorry if I can not help too much. I'm very new in hexadecimal and I do not know anything about asm.

DonaldTrumpIsAGod · Nov 21, 2016

Lost Heart said:

Spoiler:

Check/Count a Specific Pokémon Species in the Party (FR/LG/Em)

So I'm not sure if there is a way to do this by scripting in these games, and I saw that trading-style thing post just a few above, but I wrote up a quick bit of ASM code to count the number of a specific species of Pokémon in the party, as a bit of practice for myself, and I thought I would share it.

The reason I wrote is so that it could be mainly used as a checkpartypokemon-like command in a script.

It works for FireRed and LeafGreen with no changes, works for Emerald by performing the changes given, and will probably work with any game as long as you find the matching offsets. ;)

Anyway, here's the ASM for FR/LG:

Code:

.text
.align 2
.thumb
.thumb_func
.global CountPartyPokemonSpecies

main:
	push {r0-r7, lr}
	mov r5, #0x0 @ This means fail
	ldr r6, var
	ldr r7, party_amount
	ldrb r4, [r7] @ Get Pokemon count from r7
	cmp r4, #0x0
	beq exit
	ldrh r3, [r6] @ Get the species to check
	cmp r3, #0x0
	beq exit @ Don't allow Missingno. This doesn't limit the species from going up, though.
	mov r7, #0x0
loop:
	ldr r0, first_pokemon @ Offset of first Pokemon
	mov r1, #0x64 @ Length of Pokemon RAM data
	mul r1, r1, r7 @ r7 holds current index
	add r0, r0, r1
	bl decrypt_poke_species @ Get this specific species.
	mov r9, r0
	pop {r0-r7}
	cmp r9, r3
	bne next
	add r5, r5, #0x1 @ Increase the counter
next:
	add r7, r7, #0x1 @ Increase party index
	cmp r7, r4 @ And compare against the number in the party
	blo loop @ I could use a bls here?
exit:
	str r5, [r6, #0x10] @ Store the result (r5) in r6 (the var -- 0x800D)
	pop {r0-r7, pc} @ Return

decrypt_poke_species:
	push {r0-r7}
	mov r1, #0xB @ This is the index for the Pokemon species.
	ldr r2, decrypt_poke @ Call the Pokemon decryption code
	bx r2
	
.align 2
party_amount:
	.word 0x02024029
first_pokemon:
	.word 0x02024284
var: @ Got this beauty from HackMew.
	.word 0x020270B8 + (0x8004 * 2)
decrypt_poke:
	.word 0x0803FBE9

And to work for Emerald, you need only change the end stuff:

Code:

.align 2
party_amount:
	.word 0x020244E9
first_pokemon:
	.word 0x020244EC
var: @ Got this beauty from HackMew.
	.word 0x020275D8 + (0x8004 * 2)
decrypt_poke:
	.word 0x0806A519

Some of it is based off some stuff from HackMew's Pokemon take away code, so yeah.

And of course, here's a sample script explaining how to use it:

Code:

#dynamic 0x800000

#include stdpoke.rbh

#org @start
lock
faceplayer
bufferpokemon 0x0 PKMN_MAGIKARP
setvar 0x8004 PKMN_MAGIKARP // Change this to the species you want
callasm 0x08XXXXXX // This is the offset of the routine + 1
compare LASTRESULT 0x1 // The count is stored in 0x800D
if B_>= goto @some // It will be 0 if there is none, or 1-6 for the count
msgbox @m1 MSG_KEEPOPEN // It also counts eggs, so yeah...
release
end

#org @some
buffernumber 0x1 LASTRESULT
msgbox @m2 MSG_KEEPOPEN
release
end

#org @m1
= You don't have any [buffer1]!

I hope someone finds this useful, even if for just an example for beginners to learn from.
Enjoy~! ^_^

EDIT: I added Emerald, although I didn't test it. ;)
EDIT 2: I tested the Emerald code, and it works. ^_^[/spoiler][/QUOTE]

Could I use this to check for specific forms of Unown?

DizzyEgg · Nov 21, 2016

DonaldTrumpIsAGod said:
Could I use this to check for specific forms of Unown?

Nope, it's a different thing.

BluRose · Nov 21, 2016

DonaldTrumpIsAGod said:
Could I use this to check for specific forms of Unown?

no
unown formes are determined by their PIDs and do not count as seperate pokémon themselves

edit: damn it dizzy

LCCoolJ95 · Nov 25, 2016

BluRose said:
check out this convo between blackwhiterobin and i to check progress. we just need two more addresses ported, and they are in the routine itself. if worst comes to worst, we can just port the ruby routines themselves, i'd imagine that that wouldn't be too difficult ahaha. vba's disassembly feature helps out a bit for getting a ruby version of things in fire red, this is not much to go off of

oh and if there's an idb of ruby then why the would i be saying this ahaha
someone might wanna check out the addresses in the routine that i already found because one of them was pretty sketchy i think

Hello, just wondering how this is going!

BluRose · Nov 25, 2016

LCCoolJ95 said:
Hello, just wondering how this is going!

research/small tangent about how this was originally going

Spoiler:

Code:

.text
.thumb
.thumb_func
.align 2

201E0:
	add r0, r1, #0x0
	add r1, r5, #0x0
	bl 1E0868 @???
	mov r2, r10
	strh r0, [r2]
	lsl r0, r0 , #0x10
	cmp r0, @0x0
	bne 201F6
	mov r0, #0x1
	strh r0, [r2]
201F6:
	ldr r0, =(0x02024DEE) @20248
	strh r6, [r0]
	ldr r2, =(0x02000000) @2024C
	ldr r3, =(0x0001600F) @20250
	add r2, r1, r3
	ldrb r0, [r2]
	add r0, #0x1
	mov r3, #0x0
	strb r0, [r2]
	ldr r2, =(0x00016018) @20254
	add r0, r1, r2
	strb r3, [r0]
	ldr r3, =(0x0001605F) @20258
	add r1, r1, r3
	mov r0, r8
	strb r0, [r1]
	ldr r0, =(0x02025A64) @2025C
	ldr r0, [r0]
	cmp r0, #0x0
	beq 20220	
	b 20996
20220:
	ldr r0, =(0x02000000) @2024C
	ldr r1, =(0x00016018) @20254
	add r0, r0, r1
	ldrb r1, [r0]
	mov r0, #0x64
	mul r0, r1
	ldr r1, =(0x02004360) @20260
	add r0, r0, r1
	mov r1, #0xC
	bl 3CB60
	lsl r0, r0, #0x10
	lsr r0, r0, #0x10
	cmp r0, #0xAF
	bne 2026C
	ldr r0, =(0x02025734) @20264
	ldr r2, =(0x00003688) @20268
	add r0, r0, r2
	ldrb r4, [r0]
	b 20274

@[pointers/constant words here. define as .equ's later or something]
@20248-2026B

2026C:
	bl A993C
	lsl r0, r0, #0x18
	lsr r4, r0, #0x18

20274:
	ldr r5, =(0x02000000) @20294
	cmp r4, #0x19
	beq 202A0
	ldr r3, =(0x0001605F) @20298
	add r1, r5, r3
	ldrb r0, [r1]
	mov r2, #0x1
	and r2, r0
	cmp r2, #0x0
	bne 202A0
	lsr r0, r0, #0x1
	strb r0, [r1]
	ldr r0, =(0x0001600F) @2029C @where andrea's function points to is right here, 2028C
	add r1, r5, r0
	b 202C8

@[more pointers/constants.  .equ's later, maybe not.]
@20294-2029F

202A0:	@where andrea's return is going to
	ldr r1, =(0x00016018) @202D4
	add r0, r5, r1
	ldrb r1, [r0]
	mov r0, #0x64
	mul r0, r1
	ldr r1, =(0x03004360) @202D8
	add r0, r0, r1
	mov r1, #0x38
	bl 3CB60
	cmp r0, #0x64
	bne 202E8
	ldr r2, =(0x0001605F) @202DC
	add r1, r5, r2
	ldrb r0, [r1]
	lsr r0, r0, #0x1
	mov r1, #0x0
	strb r0, [r1]
	ldr r3, =(0x0001600F) @202E0
	add r1, r5, r3
202C8:
	mov r0, #0x5
	strb r0, [r1]
	ldr r0, =(0x02024BEC) @202E4
	str r2m [r0]
	b 20996

@[pointers/constants]
@202D4-202E7

202E8:
	@insert function here

20996:	@i felt that this was referenced a lot, so i decided to write it down like the rest i guess
	@NOTE: this function as it is appears at least 37 times BEFORE it does here in the Ruby ROM.  It appears even more often in Fire Red.  PLEASE, don't come to me saying that you found an equivalent offset claiming 20996 in AXVE equals E8C in BPRE.
	pop {r3-r5}
	mov r8, r3
	mov r9, r4
	mov r10, r5
	pop {r4-r7}
	pop {r0}
	bx r0

@[more constants and shit]

3CB60

A993C

1E0868

it's just a matter of finding the rough same in fire red at the moment, specifically 20274. haven't even started on the other routine because all of this was really done this morning (shhhhhhh)

EDIT: accidentally disassembled the other routine referenced that we haven't found as well while disassembling what the first one references :P
coolio. meanwhile, i'm actually going to check out one of the other routines because really it doesn't seem equal ahaha

EDIT: ok i'm fucking dumb

Code:

branch point AXVE:  
        20280
return point AXVE:  
        2028C (notice how it's literally branch +0xC)

branch point BPRE:  
        21CCE
return point BPRE: (one of what we're looking for)
        21CDA

return point 2 AXVE:
        202A0
return point 2 BPRE: (other of what we're looking for)
        21CE8

magically, when looking it up in IDB, almost everything matches! imagine that :):):):):):):):):):):):):)
here's bpre's routine, credits to andrea~ and the_learner (for making it relatively easy to find two addresses; he already found them). i did practically nothing except be stupid and look for something that was literally right under my nose the whole time

- - - - - - - - -
Andrea's Gen VI Exp. Share
- - - - - - - - -
Credits to Andrea~ and The_Learner

bpre:

Spoiler:

bpee:

Spoiler:

have a nice day, this took way too long <3

robinjea · Nov 26, 2016

BluRose said:

Spoiler:

Code:

.text
.thumb
.thumb_func
.align 2

201E0:
    add r0, r1, #0x0
    add r1, r5, #0x0
    bl 1E0868 @???
    mov r2, r10
    strh r0, [r2]
    lsl r0, r0 , #0x10
    cmp r0, @0x0
    bne 201F6
    mov r0, #0x1
    strh r0, [r2]
201F6:
    ldr r0, =(0x02024DEE) @20248
    strh r6, [r0]
    ldr r2, =(0x02000000) @2024C
    ldr r3, =(0x0001600F) @20250
    add r2, r1, r3
    ldrb r0, [r2]
    add r0, #0x1
    mov r3, #0x0
    strb r0, [r2]
    ldr r2, =(0x00016018) @20254
    add r0, r1, r2
    strb r3, [r0]
    ldr r3, =(0x0001605F) @20258
    add r1, r1, r3
    mov r0, r8
    strb r0, [r1]
    ldr r0, =(0x02025A64) @2025C
    ldr r0, [r0]
    cmp r0, #0x0
    beq 20220    
    b 20996
20220:
    ldr r0, =(0x02000000) @2024C
    ldr r1, =(0x00016018) @20254
    add r0, r0, r1
    ldrb r1, [r0]
    mov r0, #0x64
    mul r0, r1
    ldr r1, =(0x02004360) @20260
    add r0, r0, r1
    mov r1, #0xC
    bl 3CB60
    lsl r0, r0, #0x10
    lsr r0, r0, #0x10
    cmp r0, #0xAF
    bne 2026C
    ldr r0, =(0x02025734) @20264
    ldr r2, =(0x00003688) @20268
    add r0, r0, r2
    ldrb r4, [r0]
    b 20274

@[pointers/constant words here. define as .equ's later or something]
@20248-2026B

2026C:
    bl A993C
    lsl r0, r0, #0x18
    lsr r4, r0, #0x18

20274:
    ldr r5, =(0x02000000) @20294
    cmp r4, #0x19
    beq 202A0
    ldr r3, =(0x0001605F) @20298
    add r1, r5, r3
    ldrb r0, [r1]
    mov r2, #0x1
    and r2, r0
    cmp r2, #0x0
    bne 202A0
    lsr r0, r0, #0x1
    strb r0, [r1]
    ldr r0, =(0x0001600F) @2029C @where andrea's function points to is right here, 2028C
    add r1, r5, r0
    b 202C8

@[more pointers/constants.  .equ's later, maybe not.]
@20294-2029F

202A0:    @where andrea's return is going to
    ldr r1, =(0x00016018) @202D4
    add r0, r5, r1
    ldrb r1, [r0]
    mov r0, #0x64
    mul r0, r1
    ldr r1, =(0x03004360) @202D8
    add r0, r0, r1
    mov r1, #0x38
    bl 3CB60
    cmp r0, #0x64
    bne 202E8
    ldr r2, =(0x0001605F) @202DC
    add r1, r5, r2
    ldrb r0, [r1]
    lsr r0, r0, #0x1
    mov r1, #0x0
    strb r0, [r1]
    ldr r3, =(0x0001600F) @202E0
    add r1, r5, r3
202C8:
    mov r0, #0x5
    strb r0, [r1]
    ldr r0, =(0x02024BEC) @202E4
    str r2m [r0]
    b 20996

@[pointers/constants]
@202D4-202E7

202E8:
    @insert function here

20996:    @i felt that this was referenced a lot, so i decided to write it down like the rest i guess
    @NOTE: this function as it is appears at least 37 times BEFORE it does here in the Ruby ROM.  It appears even more often in Fire Red.  PLEASE, don't come to me saying that you found an equivalent offset claiming 20996 in AXVE equals E8C in BPRE.
    pop {r3-r5}
    mov r8, r3
    mov r9, r4
    mov r10, r5
    pop {r4-r7}
    pop {r0}
    bx r0

@[more constants and ****]

3CB60

A993C

1E0868

it's just a matter of finding the rough same in fire red at the moment, specifically 20274. haven't even started on the other routine because all of this was really done this morning (shhhhhhh)

EDIT: accidentally disassembled the other routine referenced that we haven't found as well while disassembling what the first one references :P
coolio. meanwhile, i'm actually going to check out one of the other routines because really it doesn't seem equal ahaha

EDIT: ok i'm ****ing dumb

Code:

branch point AXVE:  
        20280
return point AXVE:  
        2028C (notice how it's literally branch +0xC)

branch point BPRE:  
        21CCE
return point BPRE: (one of what we're looking for)
        21CDA

return point 2 AXVE:
        202A0
return point 2 BPRE: (other of what we're looking for)
        21CE8

magically, when looking it up in IDB, almost everything matches! imagine that :):):):):):):):):):):):):)
here's bpre's routine, credits to andrea~ and the_learner (for making it relatively easy to find two addresses; he already found them). i did practically nothing except be stupid and look for something that was literally right under my nose the whole time
as usual, untested

Spoiler:

and because lccoolj95's going to ask for it, bpee (still untested):

Spoiler:

have a nice day, this took way too long <3

Tested EM's. Game restarts right before receiving experience points with or without EXP. Share Item. I've yet to test FR's. (And this breaks my heart.)

BluRose · Nov 26, 2016

BlackWhiteRobin said:
Tested EM's. Game restarts right before receiving experience points with or without EXP. Share Item. I've yet to test FR's. (And this breaks my heart.)

lol ok i'll have to adjust it. likely because different registers are (probably) used for the check-item routine across all three versions, and i honestly only found it because the checkitem script command references it in each version
report back with fr, please <3

EDIT: i'll do fr, but how done i was yesterday shines through in that i didn't even tell to make the pointer aligned. :P

EDIT2: works here after a few byte changes to my byte changes were made to made. updating post

EDIT3: works in em after doing the same byte changes.

happy hacking!

Zeturic · Dec 18, 2016

Powder Jar [FR]

The amount of berry powder is stored in a byte at [0x300500C] + 0xAF8. It's referred to as field_af8. It is encrypted via the Security Key.

In finding this, I found a function at 0x0815EE3C which takes a pointer and decrypts what it points to with the Security Key.

esperance · Dec 20, 2016

Door Animation Format

Door animations follow a very simple 12-byte format, which I'm sharing for anyone that needs a reference.

Code:

| Offset  | Type          | Notes                            |
|------------------------------------------------------------|
| 0-1     | Tile index    |                                  |
| 2       | Sound flag    | 00 = door, other = sliding door  |
| 3       | Tile flag     | 00 = one tile, other = two tiles |
| 4-7     | Image         | pointer, uncompressed            |
| 8-11    | Palette       | pointer                          |

The data is stored in tables, and can be found at the following offsets:

Code:

AXVE: 30F9B4
AXPE: 30F944
BPRE: 35B5D8
BPGE: 35B5B8
BPEE: 497174

Quick Research & Development Thread

More options

Versekr Dark

destinedjagold

You can contact me in PC's discord server...

Versekr Dark

mbcn10ww

robinjea

BluRose

blu rass

Sea Dragon

mbcn10ww

Versekr Dark

BluRose

blu rass

Versekr Dark

DonaldTrumpIsAGod

Banned

Check/Count a Specific Pokémon Species in the Party (FR/LG/Em)

DizzyEgg

BluRose

blu rass

LCCoolJ95

Limited Capacity

BluRose

blu rass

robinjea

BluRose

blu rass

Zeturic

esperance