Research & Development Got a well-founded knack with ROM hacking? Love reverse-engineering the Pokémon games? Or perhaps you love your assembly language. This is the spot for polling and gathering your ideas, and then implementing them! Share your hypothesis, get ideas from others, and collaborate to create!

Reply
 
Thread Tools
  #101    
Old January 13th, 2011 (5:17 PM).
Diegoisawesome's Avatar
Diegoisawesome Diegoisawesome is offline
Oh god the bees
  • Silver Tier
 
Join Date: Dec 2007
Location: :noitacoL
Age: 20
Gender: Male
Nature: Naive
Posts: 1,032
0x291FC0 contains the script for egg hatching through walking in Emerald.
And yes, it IS a script.
__________________


My other resources:
My Website
diegoisawesome's MEGA-HUGE XSE Scripting Tutorial
diegoisawesome's Miscellaneous Finds
The Ruins of Alph Puzzles
Diego's Miscellaneous Patches
GBA Intro Manager
The Secret Sauce: Triple-Layer Tiles
Reply With Quote

Relevant Advertising!

  #102    
Old January 13th, 2011 (11:09 PM). Edited January 13th, 2011 by NintendoBoyDX.
NintendoBoyDX NintendoBoyDX is offline
     
    Join Date: Jul 2010
    Gender: Male
    Posts: 94
    Knizz, do you know at what part of the whiteout routine are the two texts displayed, and where it cuts off the sound?
    "[player] scurried to the pokemon center, shielding the pokemon from further harm..."
    and
    "first, let's heal your pokemon back to full health"

    I've been looking for those for quite a bit with no luck.
    Reply With Quote
      #103    
    Old January 14th, 2011 (8:06 AM).
    knizz's Avatar
    knizz knizz is offline
       
      Join Date: Aug 2007
      Posts: 192
      Can you give me the offsets of the texts?
      __________________
      Firered IDA 6.6 DB: https://www.dropbox.com/s/d856o3pyndyr5sr/firered.idb
      VBA-M with lua scripting support
      Reply With Quote
        #104    
      Old January 14th, 2011 (6:27 PM). Edited January 14th, 2011 by NintendoBoyDX.
      NintendoBoyDX NintendoBoyDX is offline
         
        Join Date: Jul 2010
        Gender: Male
        Posts: 94
        Here are the offsets:
        "First, you should restore your POKéMON to full health." - 0x1A5E89

        There are actually 2 for this one, one for home returns and one for returns to the pokemon center.

        "[PLAYER] scurried to a POKéMON CENTER,
        protecting the exhausted and fainted
        POKéMON from further harm[...]" - 0x41B554

        "[PLAYER] scurried back home, protecting
        the exhausted and fainted POKéMON from
        further harm[...]: - 0x41B5B6

        I'd guess that the part where the music cut's off would be near the routine that uses these strings, but it's just a guess.

        EDIT:

        I think I found where it loads the text that is on the black screen
        Spoiler:
        Code:
        080566a4  b500 push {lr}
        080566a6  b081 add sp, -#0x4
        080566a8  4917 ldr r1, [$08056708] (=$030030f0)
        080566aa  2087 mov r0, #0x87
        080566ac  00c0 lsl r0, r0, #0x03
        080566ae  1809 add r1, r1, r0
        080566b0  7808 ldrb r0, [r1, #0x0]
        080566b2  3001 add r0, #0x1
        080566b4  7008 strb r0, [r1, #0x0]
        080566b6  0600 lsl r0, r0, #0x18
        080566b8  0e00 lsr r0, r0, #0x18
        080566ba  2877 cmp r0, #0x77
        080566bc  d921 bls $08056702
        080566be  f000 bl $080569bc
        080566c2  f01b bl $08071a94
        080566c6  f7ff bl $08056420
        080566ca  f7fe bl $08054bc8
        080566ca  f7fe bl $08054bc8
        080566ce  2002 mov r0, #0x2
        080566d0  f7ff bl $080559f8
        080566d4  f013 bl $08069a80
        080566d8  f013 bl $0806994c
        080566dc  490b ldr r1, [$0805670c] (=$03005020)
        080566de  480c ldr r0, [$08056710] (=$0807f5f1)
        080566e0  6008 str r0, [r1, #0x0]
        080566e2  4669 mov r1, sp
        080566e4  2000 mov r0, #0x0
        080566e6  7008 strb r0, [r1, #0x0]
        080566e8  4668 mov r0, sp
        080566ea  f000 bl $08056e5c
        080566ee  f0bb bl $08112364
        080566ee  f0bb bl $08112364
        080566f2  f000 bl $08056a04
        080566f6  4807 ldr r0, [$08056714] (=$08056535)
        080566f8  f7ff bl $080565e0
        080566fc  4806 ldr r0, [$08056718] (=$080565b5)
        080566fe  f7a9 bl $08000544
        08056702  b001 add sp, #0x4
        08056704  bc01 pop {r0}
        08056706  4700 bx r0


        Was right at the end of the whiteout routine, which I wasn't expecting. Still looking for the other parts.
        Reply With Quote
          #105    
        Old January 15th, 2011 (4:46 AM).
        knizz's Avatar
        knizz knizz is offline
           
          Join Date: Aug 2007
          Posts: 192
          Here's what the code looks like from my perspecive:
          Spoiler:

          Code:
          080566A4 @ =============== S U B R O U T I N E =======================================
          080566A4
          080566A4
          080566A4 c2_whiteout_maybe:                      @ DATA XREF: sub_0807FB40+2Ao
          080566A4                                         @ sub_0807FB40:off_0807FB7Co ...
          080566A4
          080566A4 var_8           = -8
          080566A4
          080566A4                 PUSH    {LR}
          080566A6                 SUB     SP, SP, #4
          080566A8                 LDR     R1, =callback1
          080566AA                 MOVS    R0, 0x438
          080566AE                 ADDS    R1, R1, R0
          080566B0                 LDRB    R0, [R1]
          080566B2                 ADDS    R0, #1
          080566B4                 STRB    R0, [R1]
          080566B6                 LSLS    R0, R0, #0x18
          080566B8                 LSRS    R0, R0, #0x18
          080566BA                 CMP     R0, #0x77
          080566BC                 BLS     loc_08056702
          080566BE                 BL      sub_080569BC
          080566C2                 BL      sub_08071A94
          080566C6                 BL      clear_flag_x800_2
          080566CA                 BL      sub_08054BC8
          080566CE                 MOVS    R0, #2
          080566D0                 BL      sub_080559F8
          080566D4                 BL      script_start_3
          080566D8                 BL      script_pause
          080566DC                 LDR     R1, =unk_03005020
          080566DE                 LDR     R0, =(run_c3_whiteout+1)
          080566E0                 STR     R0, [R1]
          080566E2                 MOV     R1, SP
          080566E4                 MOVS    R0, #0
          080566E6                 STRB    R0, [R1,#8+var_8]
          080566E8                 MOV     R0, SP
          080566EA                 BL      sub_08056E5C
          080566EE                 BL      sub_08112364
          080566F2                 BL      sub_08056A04
          080566F6                 LDR     R0, =(c1_overworld+1)
          080566F8                 BL      set_callback1
          080566FC                 LDR     R0, =(c2_overworld+1) @ func
          080566FE                 BL      set_callback2
          08056702
          08056702 loc_08056702:                           @ CODE XREF: c2_whiteout_maybe+18j
          08056702                 ADD     SP, SP, #4
          08056704                 POP     {R0}
          08056706                 BX      R0
          08056706 @ End of function c2_whiteout_maybe
          08056706
          08056706 @ ---------------------------------------------------------------------------
          run_c3_whiteout:
          Code:
          0807F5F0 @ =============== S U B R O U T I N E =======================================
          0807F5F0
          0807F5F0
          0807F5F0 run_c3_whiteout:                        @ DATA XREF: c2_whiteout_maybe+3Ao
          0807F5F0                                         @ ROM:off_08056710o
          0807F5F0                 PUSH    {LR}
          0807F5F2                 BL      script_play
          0807F5F6                 BL      fill_unfaded_pal
          0807F5FA                 LDR     R0, =(c3_whiteout+1)
          0807F5FC                 MOVS    R1, #0xA
          0807F5FE                 BL      add_to_callback3_list
          0807F602                 LSLS    R0, R0, #0x18
          0807F604                 LSRS    R0, R0, #0x18
          0807F606                 LDR     R2, =callback3
          0807F608                 LSLS    R1, R0, #2
          0807F60A                 ADDS    R1, R1, R0
          0807F60C                 LSLS    R1, R1, #3
          0807F60E                 ADDS    R1, R1, R2
          0807F610                 MOVS    R0, #0
          0807F612                 STRH    R0, [R1,#c3entry.args.arg1]
          0807F614                 POP     {R0}
          0807F616                 BX      R0
          0807F616 @ End of function run_c3_whiteout
          0807F616
          0807F616 @ ---------------------------------------------------------------------------
          c3_whiteout:
          Code:
          0807F45C @ =============== S U B R O U T I N E =======================================
          0807F45C
          0807F45C
          0807F45C c3_whiteout:                            @ DATA XREF: run_c3_whiteout+Ao
          0807F45C                                         @ ROM:off_0807F618o
          0807F45C                 PUSH    {R4-R7,LR}
          0807F45E                 LSLS    R0, R0, #0x18
          0807F460                 LSRS    R6, R0, #0x18
          0807F462                 LDR     R1, =callback3
          0807F464                 LSLS    R0, R6, #2
          0807F466                 ADDS    R0, R0, R6
          0807F468                 LSLS    R0, R0, #3
          0807F46A                 ADDS    R0, R0, R1
          0807F46C                 MOVS    R2, #c3entry.args.arg1
          0807F46E                 LDRSH   R0, [R0,R2]
          0807F470                 MOVS    R2, R1
          0807F472                 CMP     R0, #6
          0807F474                 BLS     loc_0807F478
          0807F476                 B       loc_0807F5E4
          0807F478 @ ---------------------------------------------------------------------------
          0807F478
          0807F478 loc_0807F478:                           @ CODE XREF: c3_whiteout+18j
          0807F478                 LSLS    R0, R0, #2
          0807F47A                 LDR     R1, =off_0807F48C
          0807F47C                 ADDS    R0, R0, R1
          0807F47E                 LDR     R0, [R0]
          0807F480                 MOV     PC, R0
          0807F480 @ ---------------------------------------------------------------------------
          0807F482                 .byte    0
          0807F483                 .byte    0
          0807F484 off_0807F484:   .long callback3         @ DATA XREF: c3_whiteout+6r
          0807F488 off_0807F488:   .long off_0807F48C      @ DATA XREF: c3_whiteout+1Er
          0807F48C off_0807F48C:   .long loc_0807F4A8,loc_0807F538,loc_0807F588@ 0
          0807F48C                                         @ DATA XREF: c3_whiteout+1Eo
          0807F48C                                         @ c3_whiteout:off_0807F488o
          0807F48C                 .long loc_0807F5B6,loc_0807F540,loc_0807F588@ 3
          0807F48C                 .long loc_0807F5D0      @ 6
          0807F4A8 @ ---------------------------------------------------------------------------
          0807F4A8
          0807F4A8 loc_0807F4A8:                           @ DATA XREF: c3_whiteout:off_0807F48Co
          0807F4A8                 LDR     R0, =unk_083C68E4
          0807F4AA                 BL      textbox_mega_func
          0807F4AE                 LSLS    R0, R0, #0x18
          0807F4B0                 LSRS    R5, R0, #0x18
          0807F4B2                 LDR     R1, =callback3
          0807F4B4                 LSLS    R4, R6, #2
          0807F4B6                 ADDS    R0, R4, R6
          0807F4B8                 LSLS    R0, R0, #3
          0807F4BA                 ADDS    R7, R0, R1
          0807F4BC                 STRH    R5, [R7,#0xA]
          0807F4BE                 MOVS    R0, #0xF0
          0807F4C0                 BL      sub_080F77CC
          0807F4C4                 MOVS    R0, R5
          0807F4C6                 MOVS    R1, #0
          0807F4C8                 BL      sub_0800445C
          0807F4CC                 MOVS    R0, R5
          0807F4CE                 BL      sub_08003FA0
          0807F4D2                 MOVS    R0, R5
          0807F4D4                 MOVS    R1, #3
          0807F4D6                 BL      sub_08003F20
          0807F4DA                 MOVS    R0, #1
          0807F4DC                 BL      sub_080BFCB0
          0807F4E0                 MOVS    R3, R0
          0807F4E2                 LDR     R0, =saveblock1
          0807F4E4                 LDR     R2, [R0]
          0807F4E6                 LDRH    R0, [R2,#0x1C]
          0807F4E8                 LDRH    R5, [R3]
          0807F4EA                 CMP     R0, R5
          0807F4EC                 BNE     loc_0807F524
          0807F4EE                 MOVS    R1, #0x1E
          0807F4F0                 LDRSB   R1, [R2,R1]
          0807F4F2                 MOVS    R0, #1
          0807F4F4                 NEGS    R0, R0
          0807F4F6                 CMP     R1, R0
          0807F4F8                 BNE     loc_0807F524
          0807F4FA                 MOVS    R0, #0x20
          0807F4FC                 LDRSH   R1, [R2,R0]
          0807F4FE                 MOVS    R5, #2
          0807F500                 LDRSH   R0, [R3,R5]
          0807F502                 CMP     R1, R0
          0807F504                 BNE     loc_0807F524
          0807F506                 MOVS    R0, #0x22
          0807F508                 LDRSH   R1, [R2,R0]
          0807F50A                 MOVS    R2, #4
          0807F50C                 LDRSH   R0, [R3,R2]
          0807F50E                 CMP     R1, R0
          0807F510                 BNE     loc_0807F524
          0807F512                 MOVS    R0, #4
          0807F514                 STRH    R0, [R7,#c3entry.args.arg1]
          0807F516                 B       loc_0807F5E4
          0807F516 @ ---------------------------------------------------------------------------
          0807F518 off_0807F518:   .long unk_083C68E4      @ DATA XREF: c3_whiteout:loc_0807F4A8r
          0807F51C off_0807F51C:   .long callback3         @ DATA XREF: c3_whiteout+56r
          0807F520 off_0807F520:   .long saveblock1        @ DATA XREF: c3_whiteout+86r
          0807F524 @ ---------------------------------------------------------------------------
          0807F524
          0807F524 loc_0807F524:                           @ CODE XREF: c3_whiteout+90j
          0807F524                                         @ c3_whiteout+9Cj ...
          0807F524                 LDR     R0, =callback3
          0807F526                 ADDS    R1, R4, R6
          0807F528                 LSLS    R1, R1, #3
          0807F52A                 ADDS    R1, R1, R0
          0807F52C                 MOVS    R0, #1
          0807F52E                 STRH    R0, [R1,#c3entry.args.arg1]
          0807F530                 B       loc_0807F5E4
          0807F530 @ ---------------------------------------------------------------------------
          0807F532                 .byte    0
          0807F533                 .byte    0
          0807F534 off_0807F534:   .long callback3         @ DATA XREF: c3_whiteout:loc_0807F524r
          0807F538 @ ---------------------------------------------------------------------------
          0807F538
          0807F538 loc_0807F538:                           @ DATA XREF: c3_whiteout:off_0807F48Co
          0807F538                 LDR     R1, =a1ScurriedToAPokMonCenterProtec @ "?1 scurried to a POK\x1BMON CENTER, protec"...
          0807F53A                 B       loc_0807F542
          0807F53A @ ---------------------------------------------------------------------------
          0807F53C off_0807F53C:   .long a1ScurriedToAPokMonCenterProtec
          0807F53C                                         @ DATA XREF: c3_whiteout:loc_0807F538r
          0807F53C                                         @ "?1 scurried to a POK\x1BMON CENTER, protec"...
          0807F540 @ ---------------------------------------------------------------------------
          0807F540
          0807F540 loc_0807F540:                           @ DATA XREF: c3_whiteout:off_0807F48Co
          0807F540                 LDR     R1, =a1ScurriedBackHomeProtectingThe @ "?1 scurried back home, protecting the e"...
          0807F542
          0807F542 loc_0807F542:                           @ CODE XREF: c3_whiteout+DEj
          0807F542                 MOVS    R0, R6
          0807F544                 MOVS    R2, #2
          0807F546                 MOVS    R3, #8
          0807F548                 BL      sub_0807F3A4
          0807F54C                 LSLS    R0, R0, #0x18
          0807F54E                 CMP     R0, #0
          0807F550                 BEQ     loc_0807F5E4
          0807F552                 LDR     R0, =walkrun_state
          0807F554                 LDRB    R1, [R0,#walkrun.npcid]
          0807F556                 LSLS    R0, R1, #3
          0807F558                 ADDS    R0, R0, R1
          0807F55A                 LSLS    R0, R0, #2
          0807F55C                 LDR     R1, =npc_states
          0807F55E                 ADDS    R0, R0, R1
          0807F560                 MOVS    R1, #2
          0807F562                 BL      sub_0805F218
          0807F566                 LDR     R1, =callback3
          0807F568                 LSLS    R0, R6, #2
          0807F56A                 ADDS    R0, R0, R6
          0807F56C                 LSLS    R0, R0, #3
          0807F56E                 ADDS    R0, R0, R1
          0807F570                 LDRH    R1, [R0,#8]
          0807F572                 ADDS    R1, #1
          0807F574                 STRH    R1, [R0,#8]
          0807F576                 B       loc_0807F5E4
          0807F576 @ ---------------------------------------------------------------------------
          0807F578 off_0807F578:   .long a1ScurriedBackHomeProtectingThe
          0807F578                                         @ DATA XREF: c3_whiteout:loc_0807F540r
          0807F578                                         @ "?1 scurried back home, protecting the e"...
          0807F57C off_0807F57C:   .long walkrun_state     @ DATA XREF: c3_whiteout+F6r
          0807F580 off_0807F580:   .long npc_states        @ DATA XREF: c3_whiteout+100r
          0807F584 off_0807F584:   .long callback3         @ DATA XREF: c3_whiteout+10Ar
          0807F588 @ ---------------------------------------------------------------------------
          0807F588
          0807F588 loc_0807F588:                           @ DATA XREF: c3_whiteout:off_0807F48Co
          0807F588                 LSLS    R4, R6, #2
          0807F58A                 ADDS    R4, R4, R6
          0807F58C                 LSLS    R4, R4, #3
          0807F58E                 ADDS    R4, R4, R2
          0807F590                 LDRB    R5, [R4,#0xA]
          0807F592                 MOVS    R0, R5
          0807F594                 BL      sub_080040B8
          0807F598                 MOVS    R0, R5
          0807F59A                 MOVS    R1, #1
          0807F59C                 BL      sub_08003F20
          0807F5A0                 MOVS    R0, R5
          0807F5A2                 BL      sub_08003E3C
          0807F5A6                 BL      fill_unfaded_pal
          0807F5AA                 BL      sub_0807DC00
          0807F5AE                 LDRH    R0, [R4,#8]
          0807F5B0                 ADDS    R0, #1
          0807F5B2                 STRH    R0, [R4,#8]
          0807F5B4                 B       loc_0807F5E4
          0807F5B6 @ ---------------------------------------------------------------------------
          0807F5B6
          0807F5B6 loc_0807F5B6:                           @ DATA XREF: c3_whiteout:off_0807F48Co
          0807F5B6                 BL      sub_0807E418
          0807F5BA                 CMP     R0, #1
          0807F5BC                 BNE     loc_0807F5E4
          0807F5BE                 MOVS    R0, R6
          0807F5C0                 BL      sub_08077508
          0807F5C4                 LDR     R0, =scr_081A8D97
          0807F5C6                 BL      script_start_1
          0807F5CA                 B       loc_0807F5E4
          0807F5CA @ ---------------------------------------------------------------------------
          0807F5CC off_0807F5CC:   .long scr_081A8D97      @ DATA XREF: c3_whiteout+168r
          0807F5D0 @ ---------------------------------------------------------------------------
          0807F5D0
          0807F5D0 loc_0807F5D0:                           @ DATA XREF: c3_whiteout:off_0807F48Co
          0807F5D0                 BL      sub_0807E418
          0807F5D4                 CMP     R0, #1
          0807F5D6                 BNE     loc_0807F5E4
          0807F5D8                 MOVS    R0, R6
          0807F5DA                 BL      sub_08077508
          0807F5DE                 LDR     R0, =scr_081A8DD8
          0807F5E0                 BL      script_start_1
          0807F5E4
          0807F5E4 loc_0807F5E4:                           @ CODE XREF: c3_whiteout+1Aj
          0807F5E4                                         @ c3_whiteout+BAj ...
          0807F5E4                 POP     {R4-R7}
          0807F5E6                 POP     {R0}
          0807F5E8                 BX      R0
          0807F5E8 @ End of function c3_whiteout
          0807F5E8
          0807F5E8 @ ---------------------------------------------------------------------------
          scr_081A8D97:
          Code:
          081A8D97 scr_081A8D97:   .byte lockall           @ DATA XREF: c3_whiteout+168o
          081A8D97                                         @ c3_whiteout:off_0807F5CCo
          081A8D98                 .byte change_text_color
          081A8D99                 .byte 1
          081A8D9A                 .byte load_message
          081A8D9B                 .byte 0
          081A8D9C                 .long aFirstYouShouldRestoreYourPokMo @ "First, you should restore your POK\x1BMON "...
          081A8DA0                 .byte callstd
          081A8DA1                 .byte 4
          081A8DA2                 .byte call
          081A8DA3                 .long scr_081A65CE
          081A8DA7                 .byte checkflag
          081A8DA8                 .short 0x4B0
          081A8DAA                 .byte if_call
          081A8DAB                 .byte 0
          081A8DAC                 .long scr_081A8DC6
          081A8DB0                 .byte checkflag
          081A8DB1                 .short 0x4B0
          081A8DB3                 .byte if_call
          081A8DB4                 .byte 1
          081A8DB5                 .long scr_081A8DCF
          081A8DB9                 .byte execute_movement
          081A8DBA                 .short 0x800F
          081A8DBC                 .long unk_081A666C
          081A8DC0                 .byte waitmove
          081A8DC1                 .short 0
          081A8DC3                 .byte fade_to_default
          081A8DC4                 .byte release
          081A8DC5                 .byte end
          081A8DC6 scr_081A8DC6:   .byte load_message      @ DATA XREF: ROM:081A8DACo
          081A8DC7                 .byte 0
          081A8DC8                 .long aYourPokMonHaveBeenHealedToPerf @ "Your POK\x1BMON have been healed to perfec"...
          081A8DCC                 .byte callstd
          081A8DCD                 .byte 4
          081A8DCE                 .byte return
          081A8DCF scr_081A8DCF:   .byte load_message      @ DATA XREF: ROM:081A8DB5o
          081A8DD0                 .byte 0
          081A8DD1                 .long aYourPokMonHaveBeenHealedToPe_0 @ "Your POK\x1BMON have been healed to perfec"...
          081A8DD5                 .byte callstd
          081A8DD6                 .byte 4
          081A8DD7                 .byte return
          ...
          081A65CE scr_081A65CE:   .byte execute_movement  @ DATA XREF: ROM:081A8DA3o
          081A65CF                 .short 0x800F
          081A65D1                 .long unk_081A75E7
          081A65D5                 .byte waitmove
          081A65D6                 .short 0
          081A65D8                 .byte execute_HM
          081A65D9                 .short 0x19
          081A65DB                 .byte checkarray_HM_animation
          081A65DC                 .short 0x19
          081A65DE                 .byte execute_movement
          081A65DF                 .short 0x800F
          081A65E1                 .long unk_081A75ED
          081A65E5                 .byte waitmove
          081A65E6                 .short 0
          081A65E8                 .byte special_call
          081A65E9                 .short 0
          081A65EB                 .byte return
          scr_081A8DD8:
          Code:
          081A8DD8 scr_081A8DD8:   .byte lockall           @ DATA XREF: c3_whiteout+182o
          081A8DD8                                         @ ROM:off_0807F5ECo
          081A8DD9                 .byte change_text_color
          081A8DDA                 .byte 1
          081A8DDB                 .byte execute_movement
          081A8DDC                 .short 1
          081A8DDE                 .long unk_081A75ED
          081A8DE2                 .byte waitmove
          081A8DE3                 .short 0
          081A8DE5                 .byte load_message
          081A8DE6                 .byte 0
          081A8DE7                 .long aMom1WelcomeHome__itSoundsLikeY @ "MOM: ?1! Welcome home._It sounds like y"...
          081A8DEB                 .byte callstd
          081A8DEC                 .byte 4
          081A8DED                 .byte call
          081A8DEE                 .long scr_081A6C26
          081A8DF2                 .byte load_message
          081A8DF3                 .byte 0
          081A8DF4                 .long aMomOhGoodYouAndYourPokMonAreLo @ "MOM: Oh, good! You and your POK\x1BMON are"...
          081A8DF8                 .byte callstd
          081A8DF9                 .byte 4
          081A8DFA                 .byte fade_to_default
          081A8DFB                 .byte release
          081A8DFC                 .byte end
          ...
          081A6C26 scr_081A6C26:   .byte screen_special_effect @ DATA XREF: ROM:081A8DEEo
          081A6C27                 .byte 1
          081A6C28                 .byte play_fanfare
          081A6C29                 .short 0x100
          081A6C2B                 .byte wait_fanfare
          081A6C2C                 .byte special_call
          081A6C2D                 .short 0
          081A6C2F                 .byte screen_special_effect
          081A6C30                 .byte 0
          081A6C31                 .byte return
          __________________
          Firered IDA 6.6 DB: https://www.dropbox.com/s/d856o3pyndyr5sr/firered.idb
          VBA-M with lua scripting support
          Reply With Quote
            #106    
          Old January 21st, 2011 (11:19 PM).
          NintendoBoyDX NintendoBoyDX is offline
             
            Join Date: Jul 2010
            Gender: Male
            Posts: 94
            Quote:
            Originally Posted by diegoisawesome View Post
            Hm... Turns out, the checkflag routine (the actual one that does the calculations) is run a lot of times in the OW (I know, duh, the people event flags) so I got the flag location (or at least, the memory pointer to it). In Emerald, it's at the address pointed at by 0x03005D8C plus 0x1270.
            Now, I have to find the bit that designates the badge flags..
            EDIT: 0x0809C7EC in Emerald contains the surf-check-routine... at least for the tile. I'm not sure about the PKMN menu one.
            EDIT2: 0x081B54E8 (again, in Emerald) contains the badge-check-routine for the menu. I'm trying to find out where the numbers to add to the first badge are obtained from...
            EDIT3: Well, apparently they're loaded from 0x02000020, but I can't find how it gets the value...
            Anybody, feel free to help me out with this. :/
            EDIT4: Well, I hacked the routine and made it load different flag numbers for each of the old badge+base number. And it works! :D
            To get all of the flags to work out on the field, however, you'll need to edit all of the scripts for, say, Rock Smash, Strength, and Cut so that they have the new flags. And then you'll need to hack the surf routine, like I said above.
            Also, with the Set Disobedience findings, all we need to control the badges completely is to find out where the Attack/Defense... stats are increased.Even though that doesn't matter much, it would still be cool to be able to control the badges completely.
            Do you or anyone else have the addresses for the seven HM routines and the badge check routine for the menu in FR? Been searching for a while and can't find them, if they are found I'd guess it'd be simple enough to make all HMs usable without giving the badges.
            Reply With Quote
              #107    
            Old January 22nd, 2011 (6:22 AM).
            Diegoisawesome's Avatar
            Diegoisawesome Diegoisawesome is offline
            Oh god the bees
            • Silver Tier
             
            Join Date: Dec 2007
            Location: :noitacoL
            Age: 20
            Gender: Male
            Nature: Naive
            Posts: 1,032
            Quote:
            Originally Posted by altariaking View Post
            I think what he means is something similar to the routine I found in Emerald; the one that checks for flags before allowing the move to be used from the menu. What you have posted, however, is NOT what he's looking for.
            __________________


            My other resources:
            My Website
            diegoisawesome's MEGA-HUGE XSE Scripting Tutorial
            diegoisawesome's Miscellaneous Finds
            The Ruins of Alph Puzzles
            Diego's Miscellaneous Patches
            GBA Intro Manager
            The Secret Sauce: Triple-Layer Tiles
            Reply With Quote
              #108    
            Old January 22nd, 2011 (1:00 PM). Edited January 23rd, 2011 by NintendoBoyDX.
            NintendoBoyDX NintendoBoyDX is offline
               
              Join Date: Jul 2010
              Gender: Male
              Posts: 94
              Exactly, I've been looking for the routine to checks the badge/HM flags in the menu, then allows you to use them if they are set. That way all that need be done is skip that check and allow use of HMs no matter if the flags are set or not. The problem is that because flags are DMA protected I can't simply set a break on read on their addresses. I've been looking for some sort of routine to calculate their locations, but I haven't been able to find anything.

              EDIT: I've allowed menu use of all HMs without needing any badges(not quite sure exactly why it works), but haven't found a way to allow "quick" use by just pressing the A button to use surf or waterfall. Flash and fly don't need quick use, and I'm assuming that the scripts will take care of quick use for cut, rock smash, and strength.

              EDIT 2: Found the surf check routine, and made a hack to allow "quick command" surfing even before the command is set, I just skip a check if the player has the correct flag set.

              As a sidenote, each of these routines loads a flag like a variable, then calls 0x0806e6d0(passing r0 as an argument, for example, flag 720 would be 00000720), I believe this calculates addresses of flags then stores it's bit , but don't quote me on this.

              EDIT 3: Did the same as in the 2nd edit for waterfall. It's now completely functional, allowing use of any HM before you receive any badge, and allowing "quick" use of waterfall and surf by pressing the A button at a waterfall or water respectively.
              Reply With Quote
                #109    
              Old January 24th, 2011 (2:46 PM).
              Shiny Quagsire's Avatar
              Shiny Quagsire Shiny Quagsire is offline
              I'm Still Alive, Elsewhere
                 
                Join Date: May 2009
                Location: Hoenn Safari Zone
                Age: 19
                Gender: Male
                Nature: Jolly
                Posts: 700
                Has anyone managed to hack what gym badges are linked to which HMs? It's always bugged me, and I still haven't been able to locate this.
                __________________



                Reply With Quote
                  #110    
                Old January 24th, 2011 (3:47 PM).
                Diegoisawesome's Avatar
                Diegoisawesome Diegoisawesome is offline
                Oh god the bees
                • Silver Tier
                 
                Join Date: Dec 2007
                Location: :noitacoL
                Age: 20
                Gender: Male
                Nature: Naive
                Posts: 1,032
                Quote:
                Originally Posted by shiny quagsire View Post
                Has anyone managed to hack what gym badges are linked to which HMs? It's always bugged me, and I still haven't been able to locate this.
                In Emerald? I have; search this thread for the info.
                __________________


                My other resources:
                My Website
                diegoisawesome's MEGA-HUGE XSE Scripting Tutorial
                diegoisawesome's Miscellaneous Finds
                The Ruins of Alph Puzzles
                Diego's Miscellaneous Patches
                GBA Intro Manager
                The Secret Sauce: Triple-Layer Tiles
                Reply With Quote
                  #111    
                Old January 25th, 2011 (4:47 AM).
                TheDarkShark TheDarkShark is offline
                Metal Headed Hacker
                   
                  Join Date: May 2010
                  Location: Germany
                  Gender: Male
                  Nature: Calm
                  Posts: 56
                  Quote:
                  Originally Posted by NintendoBoyDX View Post
                  Exactly, I've been looking for the routine to checks the badge/HM flags in the menu, then allows you to use them if they are set. That way all that need be done is skip that check and allow use of HMs no matter if the flags are set or not. The problem is that because flags are DMA protected I can't simply set a break on read on their addresses. I've been looking for some sort of routine to calculate their locations, but I haven't been able to find anything.

                  EDIT: I've allowed menu use of all HMs without needing any badges(not quite sure exactly why it works), but haven't found a way to allow "quick" use by just pressing the A button to use surf or waterfall. Flash and fly don't need quick use, and I'm assuming that the scripts will take care of quick use for cut, rock smash, and strength.

                  EDIT 2: Found the surf check routine, and made a hack to allow "quick command" surfing even before the command is set, I just skip a check if the player has the correct flag set.

                  As a sidenote, each of these routines loads a flag like a variable, then calls 0x0806e6d0(passing r0 as an argument, for example, flag 720 would be 00000720), I believe this calculates addresses of flags then stores it's bit , but don't quote me on this.

                  EDIT 3: Did the same as in the 2nd edit for waterfall. It's now completely functional, allowing use of any HM before you receive any badge, and allowing "quick" use of waterfall and surf by pressing the A button at a waterfall or water respectively.
                  How about sharing info what you changed to make this work?
                  Reply With Quote
                    #112    
                  Old January 25th, 2011 (7:30 AM).
                  Shiny Quagsire's Avatar
                  Shiny Quagsire Shiny Quagsire is offline
                  I'm Still Alive, Elsewhere
                     
                    Join Date: May 2009
                    Location: Hoenn Safari Zone
                    Age: 19
                    Gender: Male
                    Nature: Jolly
                    Posts: 700
                    Quote:
                    Originally Posted by diegoisawesome View Post
                    In Emerald? I have; search this thread for the info.
                    No, in Fire Red version. I'm not much of an emerald hacker. :\
                    __________________



                    Reply With Quote
                      #113    
                    Old January 25th, 2011 (11:12 PM).
                    Incineroar's Avatar
                    Incineroar Incineroar is offline
                    the spirit of the fighter
                    • Moderator
                    • Platinum Tier
                    • Developer
                     
                    Join Date: May 2009
                    Location: Iki Town
                    Age: 22
                    Gender: Male
                    Nature: Brave
                    Posts: 13,453
                    So, today, I've been exploring a Pokemon Diamond rom looking for something specific. I never did find it, but I've come across some rather interesting things.

                    1. overlay_0013.bin
                    Code:
                    NINTENDO-DS.€....................................................................Ý!.ÙÜ!.....À¨.°ÿÿÿ.À¨.ÈÀ¨. ........................................ˆø#.............WARP....char/jtNull.nsc.l...char/jb2HlAp.nsc.l..char/jb4HlIp.nsc.l..char/jb4HlWep.nsc.l.char/jb4HlUsb.nsc.l.char/jb4HlDns1.nsc.l....char/jb4HlSsid.nsc.l....char/jb5HlMove.nsc.l....char/jb2HlWiFi.nsc.l....char/jb5HlInfo.nsc.l....char/jb4HlMask.nsc.l....char/jb4HlSet2.nsc.l....char/jb4HlDns0.nsc.l....char/jb4HlSet3.nsc.l....char/jb4HlSet1.nsc.l....char/jb3HlList1.nsc.l...char/jb3HlList2.nsc.l...char/jb3HlList3.nsc.l...char/jb5HlErase.nsc.l...char/jb5HlOption.nsc.l..char/jb4HlGateway.nsc.l.àù#.Hù#.ˆú#. ú#.¸ú#.pú#.(ú#.Xú#.„ù#.°ù#.pù#.\ù#..ú#..û#.@ú#.˜ù#.èú#.øù#.Ðú#.Èù#.char/jbBgHl.ncg.l....ü#.¤û#.Ôû#.4ü#.˜ü#.üü#.................!@#$%^&*()_+QWERTYUIOP{}ASDFGHJKL:"~ZXCVBNM<>?|.1234567890-=QWERTYUIOP[]ASDFGHJKL;'`ZXCVBNM,./\.1234567890-=qwertyuiop[]asdfghjkl;'`zxcvbnm,./\.1.2.3.4.5.6.7.8.9.0.-.=.q.w.e.r.t.y.u.i.o.p.[.].a.s.d.f.g.h.j.k.l.;.'.`.z.x.c.v.b.n.m.,.../.\. .....!.@.#.$.%.^.&.*.(.)._.+.Q.W.E.R.T.Y.U.I.O.P.{.}.A.S.D.F.G.H.J.K.L.:.".~.Z.X.C.V.B.N.M.<.>.?.|. .....1.2.3.4.5.6.7.8.9.0.-.=.Q.W.E.R.T.Y.U.I.O.P.[.].A.S.D.F.G.H.J.K.L.;.'.`.Z.X.C.V.B.N.M.,.../.\. .....dwc:/move/child.srl.dwc:/move/banner.plt....dwc:/move/banner.char...`ý#.........Œý#.tý#.Y.......msg/spa.bmg.l...msg/jap.bmg.l...msg/ger.bmg.l...msg/fre.bmg.l...msg/eng.bmg.l...msg/ita.bmg.l...Ðý#..þ#.ðý#.àý#..þ#.Àý#.msg/usa.bmg.l...char/jtMain.nce.l...char/jbMain.nce.l...char/jtBgMain.ncg.l.char/jtBgMain.ncl.l.char/jtObjMain.ncg.l....char/xtObjMain.ncl.l....char/jbBgStep1.ncg.l....char/jbBgStep1.ncl.l....char/jbObjMain.ncg.l....char/ybObjMain.ncl.l....char/jtTop.nsc.l....char/jtStep1.nsc.l..char/jbBgStep1.ncg.l....char/jbBgStep1.ncl.l....char/jb2Menu.nsc.l..char/yb5Multi.nsc.l.char/yb5Multi.nsc.l.%.0.2.X.-.%.0.2.X.-.%.0.2.X.-.%.0.2.X.-.%.0.2.X.-.%.0.2.X...%.0.4.d.-.%.0.4.d.-.%.0.4.d.-.%.0.4.d...-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-...char/jb5Info.nsc.l..char/jbBgOption.ncg.l...char/jb5OptMenu.nsc.l...char/yb5Multi.nsc.l.char/yb5Multi.nsc.l.char/yb5Multi.nsc.l.char/yb5Multi.nsc.l.char/jb5Move.nsc.l..char/yb5Multi.nsc.l.char/jbBgStep3.ncg.l....char/ybBgStep3.ncl.l....char/xb4Multi.nsc.l.char/xb4Multi.nsc.l.char/jb4ApList.nsc.l....char/ybObjMain.ncl.l....char/ybObjKb.ncl.l..char/jbBgStep3.ncg.l....char/ybBgStep3.ncl.l....char/xb4Edit.nsc.l..char/ybObjMain.ncl.l....char/ybObjKb.ncl.l..char/jbBgStep3.ncg.l....char/ybBgStep3.ncl.l....char/xb4EditAddr.nsc.l..  0.%.d.....char/jb4Error.nsc.l.%.3.d...%.3.d...%.3.d...%.3.d...char/ybObjMain.ncl.l....char/ybObjKb.ncl.l..char/jbBgStep2.ncg.l....char/jbBgStep21.ncg.l...char/jb3List.nsc.l..char/jbBgStep3.ncg.l....char/ybBgStep3.ncl.l....char/xb4None.nsc.l..char/xb4Multi.nsc.l.char/xb4Multi.nsc.l.char/xb4Multi.nsc.l.char/jbBgStep3.ncg.l....char/ybBgStep3.ncl.l....char/xb4Multi.nsc.l.char/jbBgStep3.ncg.l....char/ybBgStep3.ncl.l....char/xb4Multi.nsc.l.char/ybObjMain.ncl.l....char/ybObjWay.ncl.l.char/jbBgStep1.ncg.l....char/jbBgStep1.ncl.l....char/jb2Ap.nsc.l....char/jbBgStep2.ncg.l....char/ybBgStep2.ncl.l....char/jb3Way.nsc.l...char/jbBgStep3.ncg.l....char/ybBgStep3.ncl.l....char/xb4Multi.nsc.l.char/xb4Multi.nsc.l.char/xb4None.nsc.l..char/xb4Multi.nsc.l.char/jbBgStep2.ncg.l....char/ybBgStep2.ncl.l....char/xb3Multi.nsc.l.char/jbBgStep3.ncg.l....char/ybBgStep3.ncl.l....char/jb4Usb.nsc.l...%3d%3d%3d%3d....sound/sound_data.sdat.l.char/jtTop.nsc.l....char/jtStep1.nsc.l..char/jtStep2.nsc.l..char/jtStep3.nsc.l..char/jtOption.nsc.l...$...$.0.$.D.$.ô.$.DWCi_MOV_WH_SYSSTATE_STOP...DWCi_MOV_WH_SYSSTATE_IDLE...DWCi_MOV_WH_SYSSTATE_BUSY...DWCi_MOV_WH_SYSSTATE_ERROR..DWCi_MOV_WH_SYSSTATE_SCANNING...DWCi_MOV_WH_SYSSTATE_CONNECTED..DWCi_MOV_WH_SYSSTATE_KEYSHARING.DWCi_MOV_WH_SYSSTATE_DATASHARING....DWCi_MOV_WH_SYSSTATE_CONNECT_FAIL...DWCi_MOV_WH_SYSSTATE_MEASURECHANNEL.l.$.ˆ.$.Ü.$.¤.$.ü.$.<.$...$.„.$.`.$.À.$.already DWCi_MOV_WH_SYSSTATE_IDLE...DWCi_MOV_WH_Finalize, state = %d....DWCi_MOV_WH_StepDataSharing - Warning No Child..DWCi_MOV_WH_StepDataSharing - Warning No DataSet....recv buffer size = %d...send buffer size = %d...unknown connect mode %d.....decided channel = %d....channel %d bratio = %x..unknown indicate, state = %d....DWCi_MOV_WH_StateInEndParent failed.....DWCi_MOV_WH_StateInStartParentKeyShare failed...StartParent - new child (aid %x) connected..StartParent - child (aid %x) disconnected...%s -> ..%s...l..rom:/...rom:/dwc/utility.bin....%s:/......$...$.msg/lc_m.NFTR.l.msg/lc_s.NFTR.l.........................
                    It seems there are debugging settings here, and some other various things.

                    2. overlay_0028.bin
                    Code:
                    icon[%d] REF[%d]....------------.... icon[%d] Default... icon[%d] ReaLike... icon[%d] ReaHate... icon[%d] TcgLike... icon[%d] TchHate... icon[%d] Reset!!.......
                    I don't get what this could be fore, but RESET!! looks interesting.

                    3. overlay_0065.bin
                    Code:
                    data/porucase_pal.resdat....data/porucase_chr.resdat....data/porucase_canm.resdat...data/porucase_cell.resdat...data/porucase_celact.cldat
                    There are no files like this anywhere in the game. Could be either save data, temporary files, or unused files.

                    4. overlay_0066.bin
                    Code:
                    data/tmap_block.dat.data/tmapn_pal.resdat...data/tmapn_chr.resdat...data/tmapn_canm.resdat..data/tmapn_cell.resdat..data/tmapn_celact.cldat
                    Same as overlay_0065.bin.

                    5. overlay_0074.bin
                    Code:
                    data/btower_pal.resdat..data/btower_chr.resdat..data/btower_cell.resdat.data/btower_canm.resdat.data/btower_celact.cldat
                    Same as above.

                    6. overlay_0079.bin
                    Code:
                    AdeqWo3voLeC5r16DYv....&hash=..&data=..error: check sum      ..error: pid            ..error: data length    ..error: token not found..error: token expired  ..error: incorrect hash ..%s?pid=%d...bufferIn != NULL....ghttpBuffer.c...len != NULL.buffer..%d..: ......data....dataLen >= 0....connection->encryptor.mEngine != GHTTPEncryptionEngine_None.connection..userBuffer..size > 0....initialSize > 0.sizeIncrement > 0...connection..ghttpCallbacks.c....ú...}...connection..ghttpConnection.c...connection->redirectURL.request >= 0....request < ghiConnectionsLen.connection->request >= 0....connection->request < ghiConnectionsLen.connection->inUse...ghiNumConnections == ghiConnectionsLen..ghttpMain.c.URL && URL[0]...bufferSize >= 0.!buffer || bufferSize...connection..ghiRequestToConnection(connection->request) == connection...connection..ghttpPost.c.connection->post....connection->postingState.states.ArrayLength(connection->post->data) == ArrayLength(connection->postingState.states).connection->postingState.index >= 0.connection->postingState.index <= ArrayLength(connection->postingState.states)..postState...connection->completed && connection->result...--Qr4G823s23d---<<><><<<>--7d118e0536--...state->data->type == GHIString..%s=.&%s=....--Qr4G823s23d---<<><><<<>--7d118e0536.....--Qr4G823s23d---<<><><<<>--7d118e0536.....%sContent-Disposition: form-data; name="%s".....%sContent-Disposition: form-data; name="%s"; filename="%s"..Content-Type: %s........0...state->data->type == GHIFileMemory..state->pos >= 0.state->pos < state->data->data.fileMemory.len...state->pos < state->state.fileDisk.len..state->pos == (int)ftell(state->state.fileDisk.file)....state->pos < state->data->data.string.len...abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_@-.*.(c / 16) < 16...0123456789ABCDEF....post....--Qr4G823s23d---<<><><<<>--7d118e0536...state...data->type == GHIString.....multipart/form-data; boundary=Qr4G823s23d---<<><><<<>--7d118e0536...application/x-www-form-urlencoded...............Location:...http://%s:%d%s..Content-Length:.Transfer-Encoding: chunked..connection..ghttpProcess.c..data....len > 0.0...len >= 0....len.%x......connection->recvBuffer.len > 0..HTTP/%d.%d %d%n.connection->completed && connection->result.POST ...HEAD ...GET .... HTTP/1.1...Host....Host: ..User-Agent..GameSpyHTTP/1.0.Connection..Keep-Alive..close...%d..Content-Length..Content-Type....https://....connection->URL.http://.:/../.......
                    Could be used for accessing online functions. And what is this I see? GameSpy?

                    7. overlay_0080.bin
                    Code:
                    http://gamestats2.gs.nintendowifi.net/pokemondpds/worldexchange/post.asp....http://gamestats2.gs.nintendowifi.net/pokemondpds/worldexchange/post_finish.asp.http://gamestats2.gs.nintendowifi.net/pokemondpds/worldexchange/get.asp.http://gamestats2.gs.nintendowifi.net/pokemondpds/worldexchange/result.asp..http://gamestats2.gs.nintendowifi.net/pokemondpds/worldexchange/delete.asp..http://gamestats2.gs.nintendowifi.net/pokemondpds/worldexchange/return.asp..http://gamestats2.gs.nintendowifi.net/pokemondpds/worldexchange/search.asp..http://gamestats2.gs.nintendowifi.net/pokemondpds/worldexchange/exchange.asp....http://gamestats2.gs.nintendowifi.net/pokemondpds/worldexchange/exchange_finish.asp.http://gamestats2.gs.nintendowifi.net/pokemondpds/worldexchange/info.asp
                    These must be for online accessing, like Mystery Gift, and the GTS.

                    8. overlay_0082.bin
                    Code:
                    http://gamestats2.gs.nintendowifi.net/pokemondpds/battletower/roomnum.asp...http://gamestats2.gs.nintendowifi.net/pokemondpds/battletower/download.asp..http://gamestats2.gs.nintendowifi.net/pokemondpds/battletower/upload.asp....http://gamestats2.gs.nintendowifi.net/pokemondpds/battletower/info.asp
                    They must use a gamestats server for their data.

                    9. overlay_0083.bin
                    Code:
                    `...AXVJ....AXVE....AXVF....AXVD....AXVS....AXVI....AXPJ....AXPE....AXPF....AXPD....AXPS....AXPI....BPRJ....BPRE....BPRF....BPRD....BPRS....BPRI....BPGJ....BPGE....BPGF....BPGD....BPGS....BPGI....BPEJ....BPEE....BPEF....BPED....BPES....BPEI
                    These must be internal names for the Pal Park function and any other GBA insertion.
                    Code:
                    EB5BEC5BED5BEE5BEF5BEG5BEH5BEI5BEJ5BEK5BEL5BEM5BEP5BEQ5BER5BES5BET5BEU5BEV5BEW5B....mywh_SYSSTATE_IDLE..mywh_SYSSTATE_BUSY..mywh_SYSSTATE_STOP..mywh_SYSSTATE_ERROR.mywh_SYSSTATE_SCANNING..mywh_SYSSTATE_CONNECTED.mywh_SYSSTATE_KEYSHARING....mywh_SYSSTATE_DATASHARING...mywh_SYSSTATE_CONNECT_FAIL..mywh_SYSSTATE_MEASURECHANNEL.....·#.ð¶#.@·#..·#.X·#.Œ·#.p·#.Ä·#.¨·#.,·#.%s -> ..%s..not my parent ggid (%d != %d)...ADAE....Sx439tCkbrWyR8X2................
                    This, I don't even know...

                    10. overlay_0084.bin (This one is full of goodies!)
                    Code:
                    Wayport2FREESPOTNINTENDOWFC
                    lolwut?
                    Code:
                    Content-Disposition: form-data; name="..Content-Type: application/octet-stream..Content-Transfer-Encoding: binary....Êš;.áõ.€–˜.@B.. †...'..è...d...................pokemondpds.1vTlwb..о ..................... N..https://nas.test.nintendowifi.net/ac....acctcreate..action..login...gsbrcd..Y...iswfc...ingamesn....Date....httpresult..returncd....token...locator.challenge...datetime....Set-Cookie..ALLOC bmwork....FREE bmwork.https://nas.nintendowifi.net/ac.FREE DWCauth....ALLOC DWCauth...%03d%03d....sdkver..userid..passwd..bssid...apinfo..gamecd..makercd.unitcd..macadr..lang....birth...devtime.devname.ssid....Nitro WiFi SDK/%d.%d....User-Agent..HTTP_X_GAMECD...%013llu.%03u....%02x....%02x%02x....%02d%02d%02d%02d%02d%02d....%02d:0000000-00..Ï .ìÍ .ÌÐ .¨Ñ .„Æ . É ..Ê .ÐÇ .ÔÌ .´Ë .ÌÊ .FREE array_entry[i].label...FREE array_entry[i].value........... ...httpresult..200.....: ..=...&...ALLOC result->entry[i].label....ALLOC result->entry[i].value....FREE result->entry[i].label.FREE result->entry[i].value.http://.https://....:.../...ALLOC newptr....FREE buf->buffer....ALLOC buf->buffer...%s..%s=.&%s=....%s: %s......POST /%s HTTP/1.0..Content-type: application/x-www-form-urlencoded..Host: %s........GET /%s HTTP/1.0..Host: %s......FREE http->lowrecvbuf...FREE http->lowsendbuf...Content-Length: ....Connection..close...%d..Content-Length..ALLOC http->lowrecvbuf..ALLOC http->lowsendbuf..pà .http://conntest.nintendowifi.net/...ALLOC DWCnetcheck->body_302.FREE DWCnetcheck->body_302..ALLOC url...ALLOC data_len..ALLOC wait_len..ALLOC DWCnetcheck->body_wayport.httpresult..https://nas.nintendowifi.net/ac.action..message.HotSpotResponse.FREE DWCnetcheck->body_wayport..parse...HTML....returncd....url.data....wait....FREE url....FREE data...FREE wait...FREE DWChttp....FREE DWCnetcheck....ALLOC DWCnetcheck...ALLOC DWChttp...Dec.Jul.Oct.Sep.Aug.Nov.Jun.May.Apr.Mar.Feb.Jan.LÅ .HÅ .DÅ .@Å .<Å .8Å .$Å .0Å .,Å .(Å .4Å . Å .Fri, 03 Mar 2006 01:28:13 GMT...Date....httpresult..returncd....svchost.servicetoken....statusdata..https://nas.nintendowifi.net/ac.action..SVCLOC..svc.FREE intwork....ALLOC intwork...<Æ .ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
                    This isn't the first time I've seen the alphabet written. Why is it needed half a million times?
                    Code:
                    GlobalSign nv-sa, Root CA, GlobalSign Root
                    What is it signing?
                    Code:
                    IE, Baltimore, CyberTrust, Baltimore CyberTrust Root
                    This game loves Baltimore for some reason. Baseball, perhaps? XD
                    Code:
                    US, GTE Corporation, GTE CyberTrust Solutions, Inc., GTE CyberTrust Global Root.
                    Code:
                    US, GTE Corporation, GTE CyberTrust Root.
                    I have no clue what GTE Cybertrust is.
                    Code:
                    US, Washington, Nintendo of America Inc, NOA, Nintendo CA, [email protected]
                    Why is NoA's email embedded in the game?
                    Code:
                    Western Cape, Cape Town, Thawte Consulting cc, Certification Services Division, Thawte Premium Server CA, [email protected]....èÌ .€...hÍ .....ÐÌ .ZA, Western Cape, Cape Town, Thawte Consulting cc, Certification Services Division, Thawte Server CA, [email protected]
                    No idea.
                    Code:
                    gUS, VeriSign, Inc., Class 3 Public Primary Certification Authority - G2, (c) 1998 VeriSign, Inc. - For authorized use only, VeriSign Trust Network......,Ï .....ÈÏ ......Ï .US, VeriSign, Inc., VeriSign Trust Network, (c) 1999 VeriSign, Inc. - For authorized use only, VeriSign Class 3 Public Primary Certification Authority
                    Code:
                    US, VeriSign, Inc., Class 3 Public Primary Certification Authority
                    Verisign? It sounds familiar.
                    Code:
                    US, RSA Data Security, Inc., Secure Server Certification Authority
                    No idea.
                    Code:
                    https://nas.test.nintendowifi.net/ac....https://nas.dev.nintendowifi.net/ac.https://nas.nintendowifi.net/ac.....0000....9000....https:///download...https://%s/download.
                    This must be used to verify if the game can connect to the internet? IDK.
                    Code:
                    I have authorized your request to add me to your list
                    whatisthisidonteven... have me on any list.
                    Code:
                    wc_eval....dwc_pid.numplayers..maxplayers..dwc_mtype...dwc_mresv...dwc_mver........VER.FME.MDF.%s%dv%s.GPCM....MAT./%u.%s = %d and %s != %u and maxplayers = %d and numplayers < %d and %s = %d and %s != %s...%s and (%s).%s = %u.SCM.SCN.Init state..Server full.Unknown connect attempt
                    maximum players? IDK.
                    Code:
                    vailable.gs.nintendowifi.net....fn..darray.c....(n >= 0) && (n < array->count)..comparator..(n >= 0) && (n <= array->count).array...elemSize....array->list.fn..hashtable.c.table...hashFn..compFn..elemSize....nBuckets....table->buckets..%02x........OS_IsTickAvailable() == TRUE....nonport.c...localhost...The connection has already been disconnected....\sesskey\...\final\.No callback.....Invalid message.....Invalid statusString....Invalid locationString..\status\....\statstring\....\locstring\.Invalid status..Invalid index...buddyStatus.gp.c....Invalid reason..\addbuddy\..\newprofileid\..\reason\........Invalid func....(iconnection->connectState == GPI_NOT_CONNECTED) || (iconnection->connectState == GPI_CONNECTING) || (iconnection->connectState == GPI_NEGOTIATING) || (iconnection->connectState == GPI_CONNECTED) || (iconnection->connectState == GPI_DISCONNECTED)..gpi.c...0...CM..There was an error reading from the server..\final\.CMD: %s.....Out of memory...\id\....No matching operation found for id %d...\bm\....\ka\....Received an unrecognized, unsolicited message...The server has closed the connection.........*************.gpiInitialize....Invalid profile.....\delbuddy\..\sesskey\...\delprofileid\..\final\.index >= 0..gpiBuddy.c..iconnection->profileList.numBuddies >= 0....\bm\....\t\.\msg\...Unexpected data was received from the server....\f\.\date\..Out of memory...|signed|....|s|.|ss|....|ls|....|ip|....|p|.|l|.1...\authadd\...\fromprofileid\.\sig\...\msg\...\m\.\len\...outputBuffer != NULL....gpiBuffer.c.len >= 0....pos >= 0....pos <= len..sock != INVALID_SOCKET..inputBuffer != NULL.bytesRead != NULL...connClosed != NULL..Out of memory...There was an error reading from a socket....RECVXXXX(%s): Connection closed.....RECVTOTL(%s): %d....%d..peer->outputBuffer.buffer != NULL...PT..There was an error sending on a socket..SENDXXXX(%s): Connection closed.....string != NULL..stringLen >= 0..data->callback.callback != NULL.gpiCallback.c...data->arg != NULL...Out of memory...iconnection != NULL.result != GP_NO_ERROR...(fatal == GP_FATAL) || (fatal == GP_NON_FATAL)..gpcm.gs.nintendowifi.net........................................\logout\\sesskey\...\final\.CM..The server has refused the connection...state == GPI_CONNECTED..gpiConnect.c....\pid\...\fatal\.\lc\1...Unexpected data was received from the server....\challenge\.\nur\...\userid\....Unexepected data was received from the server...\profileid\.\lc\2...\sesskey\...\uniquenick\....\lt\....%s@%s...%s%s%s%s%s%s....                                                ....\proof\.Could not authenticate server...Out of memory...\newuser\...\email\.\nick\..\passwordenc\...\productid\.\gamename\..\namespaceid\...\cdkeyenc\..\id\1...\login\.\authtoken\.\user\..@...\response\..\firewall\1.\port\..Invalid connection..Invalid firewall....There was an error creating a socket....There was an error making a socket non-blocking.....There was an error binding a socket.....There was an error listening on a socket....There was an error getting a socket's addres....Could not resolve connection mananger host name.....address.sin_addr.s_addr != 0....There was an error connecting a socket..ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789..Out of memory...\getprofile\\sesskey\...\profileid\.\id\....\final\.%d..Invalid info....\birthday\..Invalid value...\nick\..\uniquenick\....\email\.\password\..\firstname\.\lastname\..\homepage\..\zipcode\...Invalid countrycode.....\countrycode\...0...1...2...\sex\...\icquin\....\videocard1string\..\videocard2string\..\osstring\..\aim\...\pic\...\occ\...\ind\...\inc\...\mar\...\chc\...\i1\....Invalid zipcode.....Invalid sex.....\cpubrandid\....\cpuspeed\..\memory\....\videocard1ram\.\videocard2ram\.\connectionid\..\connectionspeed\...\hasnetwork\....\updatepro\\sesskey\....\updateui\\sesskey\.\pi\....Unexpected data was received from the server....profileid > 0...gpiInfo.c...\lon\...\lat\...\loc\...\pmask\.\o1\....\conn\..\sig\...gpiIsValidDate(d, m, y).Invalid date....gpiProcessOperation was passed an operation with an invalid type (%d)...0...gpiOperation.c..iconnection->numSearches >= 0...Out of memory...connection != NULL..*connection != NULL.operation != NULL...peer != NULL....gpiPeer.c.......\len\%d\msg\....transferID..\m\%d\xfer\%d %u %u.message != NULL.\m\.\len\...\msg\...Error connecting to a peer..There was an error creating a socket....There was an error making a socket non-blocking.....There was an error connecting a socket..0...Tried to remove peer not in list....peer->state != GPI_PEER_NOT_CONNECTED...PR..Out of memory...1...peer->state == GPI_PEER_WAITING.\final\.\auth\..\pid\...\nick\..\sig\...%s%d%d..\anack\.\aack\..Error getting buddy authorization...Error parsing buddy message.....id > 0..gpiProfile.c....\npr\...Unexpected data was received from the server....\profileid\.Out of memory...gpsp.gs.nintendowifi.net........................................Out of memory...num < iconnection->numSearches..gpiSearch.c.SM..Could not connect to the search manager.....\search\....\sesskey\...\profileid\.\namespaceid\...\nick\..\uniquenick\....\email\.\firstname\.\lastname\..\icquin\....\skip\..\valid\.\nicks\.\pass\..\pmatch\....\productid\.\check\.\newuser\...\productID\.\cdkey\.\others\....\uniquesearch\..\preferrednick\.0...\gamename\..\final\.There was an error reading from the server..bsrdone.more....bsr.nick....uniquenick..firstname...lastname....email...Error reading from the search server....vr..nr..ndone...psrdone.psr.status..statuscode..cur.\pid\...nur.others..odone...o...first...last....us..usdone..count == arg->numSuggestedNicks.No search criteria..There was an error creating a socket....There was an error making a socket non-blocking.....Could not resolve search mananger host name.....address.sin_addr.s_addr != 0....There was an error connecting a socket..\xfer\..%d %u %u........\version\%d\result\%d...\rn\....Unexpected data was received from the server....Out of memory...buffer != NULL..gpiUtility.c....key != NULL.value != NULL...Parse Error.....Error connecting....There was an error checking for a completed connection..Connection rejected.....Connection accepted.....command != NULL.len > 0.\error\.\err\...\errmsg\....\fatal\.dest != NULL....src != NULL.ÿÿÿÿÜí ..ameSpy3D........rojectAphex....\pauthr\....\getpidr\...\getpdr\....\setpdr\....setpdr..pid.lid.mod.getpdr..length..\data\......getpidr.pauthr..errmsg..\...3b8dd8995f7c40a9a5c5b7dd5b481341....buffer..gt2Auth.c...start <= buffer->len....gt2Buffer.c.shortenBy <= (buffer->len - start)..(buffer->len + len) <= buffer->size.(buffer->len + 2) <= buffer->size...buffer->len < buffer->size..socket..gt2Callback.c...connection..socket && connection....connection..gt2Main.c...þþ..time....len > 0.gt2Message.c........len < GTI2_STACK_HOSTLEN_MAX....gt2Utility.c....%s:%d...%s..:%d.ýü.fj²..natneg1.gs.nintendowifi.net.natneg2.gs.nintendowifi.net.%s.%s...dð .ÿÿÿÿ............................................................................................................................................................................................................................................................................localip%d...localport...natneg..1...0...statechanged....gamename....publicip....publicport..final\\queryid\1.1..unknown.....%s%d....%08X%04X....255.255.255.255.%d..No challenge value was received from the master server..%s.master.gs.nintendowifi.net.......pid_....team_...ping_...score_..team_t..skill_..mapname.deaths_.gamever.player_.score_t.groupid.gamename....hostport....password....hostname....numteams....gamemode....teamplay....gametype....roundtime...fraglimit...timelimit...numplayers..maxplayers..gamevariant.timeelapsed.roundelapsed....teamfraglimit
                    Have fun reading this.
                    Code:
                    \final\.\basic\\info\...\status\....final...queryid.%s%d........ping....server..sb_server.c.%d..\%s..ø .Query Error: ...slist->inbufferlen >= 0.sb_serverlist.c.inlen >= 0..ÿÿÿÿ....0...slist->state == sl_disconnected.....%s.ms%d.gs.nintendowifi.net.slist != NULL...callback != NULL....val != NULL.....àø .€...0ù .....Èø .US, Washington, Nintendo of America Inc, NOA, Nintendo CA, [email protected].³Íy—w]Š¯†¨è×s.w...öÄrBI½.DhNóÚ.æMØùYˆÜ®>›8.Ê.ÿÜ$¢DxxI“Ô„@.¸ì>Û-“È.Èýx-a.1®†&°ýZ?¡=¿âKIìÎf˜X&.Àûôwe.êûË.àŒË.£N^Œê›Nitro WiFi SDK/%d.%d....Ìø .contents....offset..num.User-Agent..gamecd..rhgamecd....passwd..token...userid..macadr..action..attr1...attr2...attr3...apinfo..HTTPSTATUSCODE..returncd....Content-Length..http://.https://....HTTPSTATUSCODE..GET ....POST ...HEAD .../... HTTP/1.1...Host: ......: ..Content-Type: multipart/form-data; boundary=....Content-Type: application/x-www-form-urlencoded.....Content-Length: ...."...--......=...&...HTTP/...Content-Length..Connection..Keep-Alive..Transfer-Encoding...chunked
                    And this.

                    11. overlay_0005.bin
                    Code:
                    data/area01light.txt....data/area00light.txt....data/area02light.txt....sea.rhana...hamabe..asasea..lakep.1.dun_sea
                    .txt? coolbeans.
                    Code:
                    /data/dp_areawindow.NCGR..../data/dp_areawindow.NCLR....fielddata/build_model/build_model_matshp.dat
                    This must initiate the text box we all read from.

                    12. overlay_0006.bin
                    Code:
                    data/shop_h.cldat...data/shop_chr.resdat....data/shop_pal.resdat....data/shop_cell.resdat...data/shop_canm.resdat
                    I don't remember there being an online shop...

                    Now, what I was looking for is the list of what is loaded on initiation of the game. What file is it in Pokemon Diamond?
                    __________________
                    Reply With Quote
                      #114    
                    Old January 26th, 2011 (7:25 AM).
                    Shiny Quagsire's Avatar
                    Shiny Quagsire Shiny Quagsire is offline
                    I'm Still Alive, Elsewhere
                       
                      Join Date: May 2009
                      Location: Hoenn Safari Zone
                      Age: 19
                      Gender: Male
                      Nature: Jolly
                      Posts: 700
                      Verisign is an SSL certificate signer. It's probably used for the GTS servers, which has been hacked before using a custom DNS server. I don't think there's any mystery gift stuff in there, which I wish was there. I think it'd be cool to hack mystery gift.
                      __________________



                      Reply With Quote
                        #115    
                      Old January 26th, 2011 (8:04 AM).
                      Incineroar's Avatar
                      Incineroar Incineroar is offline
                      the spirit of the fighter
                      • Moderator
                      • Platinum Tier
                      • Developer
                       
                      Join Date: May 2009
                      Location: Iki Town
                      Age: 22
                      Gender: Male
                      Nature: Brave
                      Posts: 13,453
                      Quote:
                      Originally Posted by shiny quagsire View Post
                      Verisign is an SSL certificate signer. It's probably used for the GTS servers, which has been hacked before using a custom DNS server. I don't think there's any mystery gift stuff in there, which I wish was there. I think it'd be cool to hack mystery gift.
                      I'll see if I can. That'd prove interesting.
                      __________________
                      Reply With Quote
                        #116    
                      Old January 27th, 2011 (6:06 AM). Edited August 12th, 2012 by knizz.
                      knizz's Avatar
                      knizz knizz is offline
                         
                        Join Date: Aug 2007
                        Posts: 192
                        I uploaded my private offset list here: REMOVED
                        Check the my signature for updates.
                        __________________
                        Firered IDA 6.6 DB: https://www.dropbox.com/s/d856o3pyndyr5sr/firered.idb
                        VBA-M with lua scripting support
                        Reply With Quote
                          #117    
                        Old February 19th, 2011 (8:00 AM). Edited February 19th, 2011 by knizz.
                        knizz's Avatar
                        knizz knizz is offline
                           
                          Join Date: Aug 2007
                          Posts: 192
                          0x9C (doanimation) is a command like "special" which takes a halfword for choosing the action.
                          It uses it's own scripting language. The animation-tableis at 081D96AC. The commands of this sub-language are at 083CBE30. The most common commands are 0x03, 0x04 and 0x07. 0x03 starts ASM code. 0x04 ends the execution. Idk more about 0x07.

                          I created the list in the spoiler by overwriting the script of the girl in the hometown with
                          eb 0816575C 0x9C
                          eb 0816575D <number>
                          eb 0816575E 0x00
                          eb 0816575F 0x02

                          Disable the badge-check for HMs:
                          eb 0812462E 0

                          I assume that most of these 0x9C-animations do more than what I wrote down here. I just tested them in one situation. For example if the game thinks I'm currently in the air it won't show the take off animation just the landing animation. Etc.

                          Spoiler:
                          00 -
                          01 show pokeball & black pokemon bar & leaf spiral
                          02 show pokeball & black pokemon bar
                          03 -
                          04 -
                          05 -
                          06 show black shiny-pokemon bar
                          07 -
                          08 buggy surf-pokemon-sprite appears on map
                          09 show pokeball & black pokemon bar & surf
                          0A -
                          0B -
                          0C -
                          0D -
                          0E -
                          0F -
                          10 -
                          11 -
                          12 -
                          13 -
                          14 -
                          15 -
                          16 -
                          17 -
                          18 -
                          19 pokecenter
                          1A -
                          1B -
                          1C -
                          1D -
                          1E Bird-pokemon enter and leave the screen
                          1F -
                          20 -
                          21 -
                          22 Land
                          23 Fly & Crash (Probably because the destination isn't set)
                          24 -
                          25 show pokeball & black pokemon bar
                          26 show pokeball & black pokemon bar & slow teleport to last poke center
                          27 -
                          28 show pokeball & black pokemon bar
                          29 -
                          2A -
                          2B freeze
                          2C show black pokemon bar & freeze
                          2D buggy textbox in the top left corner
                          2E -
                          2F -
                          30 -
                          31 -
                          32 -
                          33 show pokeball & black pokemon bar & screen turns red (probably "sweet scent")
                          34 -
                          35 -
                          36 -
                          37 -
                          38 -
                          39 -
                          3A leaf spiral
                          3B show black shiny-pokemon bar
                          3C -
                          3D -
                          3E different pokecenter
                          3F show pokeball & black pokemon bar & fast teleport to last used warp
                          40 -
                          41 show cell-phone & freeze
                          42 -
                          43 -
                          44 -
                          45 white flash





                          If you want to fly callasm 080BFEDC, 080BFF50 or 080C4EF8. (I don't know the difference between those yet)




                          Flying uses animations 1f, 3b, 06, 03 and 20. Not all of them are called directly. Animation 3B for example is called by animation 1f (if I'm not mistaken).
                          __________________
                          Firered IDA 6.6 DB: https://www.dropbox.com/s/d856o3pyndyr5sr/firered.idb
                          VBA-M with lua scripting support
                          Reply With Quote
                            #118    
                          Old March 13th, 2011 (7:42 PM).
                          lmdst's Avatar
                          lmdst lmdst is offline
                          Blast From the Past
                             
                            Join Date: Nov 2008
                            Age: 27
                            Posts: 13
                            Hey, it turns out I can do more than ask questions!


                            I don't know if this deserves its own thread or not, so I'm posting it here. You guys tell me otherwise.

                            Okay here's the thing, I've seen before how to alter the order of the Pokémon in the Sinnoh Pokédex in D/P, but I nobody knew how to change the numbers around - the Pokémon still kept their original Sinnoh dex numbers, meaning an Abra would be 020 no matter his position, Turtwig would be 001, and Pokémon not in the Sinnoh dex would be 000. This obviously meant that the numbers are stored elsewhere. So I decided to look for them.

                            What I figured is that the code kept a list of the Pokémon, in their internal order, and one or two bytes determined their number. For example, the list would start at Bulbasaur, who is not in the dex, so it would say "00". That would go on until the first Kanto pokémon you can find in Sinnoh, Pikachu, shows up. At this point the code would say "68", which is hex for his Sinnoh dex number, 104. Raichu would follow with 69, and so on.

                            With this method, when the list reached the Gen IV Pokémon, it would start with 01 (Turtwig) and go on until Luxray (19 in the Sinnoh dex, which is 13 in hex). After that, there would be a gap to account for Abra and Magikarp's evolutionary lines, then would follow into Budew (number 25, or 19 in hex).

                            So what I did was search the rom for the hex string "13001900". Turns out, I was right!

                            Okay so, long story short, the Sinnoh Pokédex numbers (not the order) in Diamond and Pearl starts at 385CE46, with Bulbasaur. Each Pokémon's info is two bytes long, with the first being the Pokémon's Sinnoh dex number in hex and the second being typically a 00. However, I believe it could be changed to 01 to account for numbers above 255, Which means that one could potentially increase the size of the Sinnoh Pokédex.
                            Reply With Quote
                              #119    
                            Old March 14th, 2011 (9:31 AM). Edited August 12th, 2012 by knizz.
                            knizz's Avatar
                            knizz knizz is offline
                               
                              Join Date: Aug 2007
                              Posts: 192
                              Quote:
                              Originally Posted by lmdst View Post
                              ... starts at 385CE46, with Bulbasaur. ...
                              Posting offsets for DS-Games isn't ideal because the ROMs have a filesystem.
                              I wrote a tool to convert offsets to paths.
                              C-Code and Mac-EXE: REMOVED
                              EXE: http://www.pokecommunity.com/showpost.php?p=5805522&postcount=10

                              I ran this tool on all occurances of "13001900". (Which are: 0440dbC 1c2ed66 1c2ed88 2f7b8a3 3155614 317b2b4 32af774 33c28d5 33c38b9 33dc999 385d166) This is the output:
                              Code:
                              Start    End      Position    Length     Name
                              00440200 00441314 00000BBC of 00001114 | tmap_block.dat < data < 
                              01C2ED64 01C2ED6C 00000002 of 00000008 | 53. < trpoke.narc < trainer < poketool < 
                              01C2ED80 01C2ED94 00000008 of 00000014 | 56. < trpoke.narc < trainer < poketool < 
                              02F79ABC 02F7C4B4 00001DE7 of 000029F8 | 211 < land_data_release.narc < land_data < fielddata < 
                              0314AC14 03155980 0000AA00 of 0000AD6C | 337 < land_data_release.narc < land_data < fielddata < 
                              03174818 0317B4E6 00006A9C of 00006CCE | 344 < land_data_release.narc < land_data < fielddata < 
                              032A8604 032AFAEE 00007170 of 000074EA | 401 < land_data_release.narc < land_data < fielddata < 
                              033BA0B4 033C5250 00008821 of 0000B19C | 431 < land_data_release.narc < land_data < fielddata < 
                              033BA0B4 033C5250 00009805 of 0000B19C | 431 < land_data_release.narc < land_data < fielddata < 
                              033DA264 033E4B46 00002735 of 0000A8E2 | 435 < land_data_release.narc < land_data < fielddata < 
                              0385CE3C 0385D218 0000032A of 000003DC | 0. < pokezukan.narc < poketool <
                              Of course all land_data_release lines are false matches because we know that they contain 3d-models

                              Please correct me if I'm wrong about something.
                              __________________
                              Firered IDA 6.6 DB: https://www.dropbox.com/s/d856o3pyndyr5sr/firered.idb
                              VBA-M with lua scripting support
                              Reply With Quote
                                #120    
                              Old March 14th, 2011 (2:23 PM).
                              Iacobus's Avatar
                              Iacobus Iacobus is offline
                              sǝɯɐɾ
                                 
                                Join Date: Dec 2003
                                Location: Belgium
                                Age: 25
                                Gender: Male
                                Posts: 62
                                Quote:
                                Originally Posted by lmdst View Post
                                Hey, it turns out I can do more than ask questions!

                                I don't know if this deserves its own thread or not, so I'm posting it here. You guys tell me otherwise.

                                Okay here's the thing, I've seen before how to alter the order of the Pokémon in the Sinnoh Pokédex in D/P, but I nobody knew how to change the numbers around -...
                                Sorry to say this, but it was one of the first things documented when Diamond and Pearl got dumped.
                                Link
                                __________________
                                Reply With Quote
                                  #121    
                                Old April 30th, 2011 (4:25 AM).
                                r0bert's Avatar
                                r0bert r0bert is offline
                                Quitifyingly awesome.
                                   
                                  Join Date: Jul 2010
                                  Location: kewl places
                                  Gender: Male
                                  Nature: Naughty
                                  Posts: 370
                                  1st of all,I can revive this thread,right?
                                  2nd; if this is in the wrong place I'm sorry.
                                  after browsing every offset in my firered ROM looking for the PALS A-map uses,I've found some of them:
                                  PAL0___EA1B68
                                  PAL1___EA1B88
                                  PAL2___EA1BA8
                                  PAL3___EA1BC8
                                  PAL4___EA1BE8
                                  PAL5___EA1C08
                                  PAL6___EA1C28
                                  But a question:why are the offsets always 20 apart?
                                  __________________
                                  Reply With Quote
                                    #122    
                                  Old April 30th, 2011 (5:43 AM).
                                  DrFuji's Avatar
                                  DrFuji DrFuji is offline
                                  Heiki Hecchara‌‌
                                  • Crystal Tier
                                   
                                  Join Date: Sep 2009
                                  Location: Downia-upside
                                  Age: 24
                                  Gender: Male
                                  Nature: Jolly
                                  Posts: 1,328
                                  Quote:
                                  Originally Posted by r0bert View Post
                                  1st of all,I can revive this thread,right?
                                  2nd; if this is in the wrong place I'm sorry.
                                  after browsing every offset in my firered ROM looking for the PALS A-map uses,I've found some of them:
                                  PAL0___EA1B68
                                  PAL1___EA1B88
                                  PAL2___EA1BA8
                                  PAL3___EA1BC8
                                  PAL4___EA1BE8
                                  PAL5___EA1C08
                                  PAL6___EA1C28
                                  But a question:why are the offsets always 20 apart?
                                  Because each pallet is comprised of sixteen colours, which are translated from two bytes. For example, black is represented as 00 00, while white is 7F FF. As each colour takes up two bytes, the sixteen of them will take up thirty two bytes in total - Which can be translated to a space of twenty in HEX.
                                  __________________
                                  Reply With Quote
                                    #123    
                                  Old April 30th, 2011 (6:11 AM).
                                  Full Metal's Avatar
                                  Full Metal Full Metal is offline
                                  C(++) Developer.
                                  • Silver Tier
                                   
                                  Join Date: Jan 2008
                                  Location: In my mind.
                                  Age: 21
                                  Gender: Male
                                  Nature: Timid
                                  Posts: 806
                                  Heyhey, this has probably been found but...
                                  0202557A - Y co-ordinates of the player
                                  02025578 - X co-ordinates of the player
                                  ( I finally figured out how to use cheat search~ :D )
                                  ( they are 16-bit values )
                                  __________________

                                  ★ full metal.

                                  I like to push it,
                                  and push it,
                                  until my luck is over.
                                  Reply With Quote
                                    #124    
                                  Old May 19th, 2011 (4:33 PM). Edited May 20th, 2011 by knizz.
                                  knizz's Avatar
                                  knizz knizz is offline
                                     
                                    Join Date: Aug 2007
                                    Posts: 192
                                    I think I made the first html-only rom-research tool: http://chna.kilu.de/jsgba/ (You need Google Chrome for that)
                                    It's a port of my old BL Finder.
                                    __________________
                                    Firered IDA 6.6 DB: https://www.dropbox.com/s/d856o3pyndyr5sr/firered.idb
                                    VBA-M with lua scripting support
                                    Reply With Quote
                                      #125    
                                    Old May 24th, 2011 (9:51 PM).
                                    skishore skishore is offline
                                       
                                      Join Date: May 2011
                                      Gender: Male
                                      Posts: 1
                                      I think I've found a way to prevent the three original legendary birds from fleeing when you encounter them in Gold and Silver. At offset 0x03C560, there's a list of hex codes which includes Articuno, Zapdos, and Moltres; changing their three codes to 0x00 does the trick.

                                      I think this question was being asked when Bright Gold was in development. Anyway, I'm working on a similar hack, so I hope this helps.
                                      Reply With Quote
                                      Reply
                                      Quick Reply

                                      Sponsored Links
                                      Thread Tools

                                      Posting Rules
                                      You may not post new threads
                                      You may not post replies
                                      You may not post attachments
                                      You may not edit your posts

                                      BB code is On
                                      Smilies are On
                                      [IMG] code is On
                                      HTML code is Off

                                      Forum Jump


                                      All times are GMT -8. The time now is 4:48 AM.