Tools, Tutorials & Resources Various tools to help you develop your hacks can be found here.

Reply
 
Thread Tools
  #1    
Old September 5th, 2014 (12:42 PM). Edited January 13th, 2016 by MeroMero.
MeroMero's Avatar
MeroMero MeroMero is offline
     
    Join Date: Sep 2014
    Gender: Male
    Posts: 48
    Hi everyone.
    I'm MeroMero (yes the same MeroMero from Smogon)

    I finally jumped the gun and joined PokéCommunity just so I could share my findings.

    Be ready though, this post is going to be quite long.

    Some notes:
    When an offset is followed by an asterisk (*) ,it means that the offset differs between different regions (and sometimes between games of the same region).
    Unless specified otherwise, bytes’ endianness is usually little-endian.

    EDIT: Type-chart updated


    Changing the template’s color for ???-typed moves on the bottom screen to suit Fairy-type moves better.

    This one is easy:
    • Decompress overlay9_0006.bin
    • Go to offset 0×290
    • Change this:
    Code:
    7A 5A 17 4E B5 45 72 3D 30 31 ED 28 CB 20 FB 66
    • Into this:
    Code:
    DF 7E 3F F2 1E 6A DD 59 5B CD 17 C1 D6 B4 37 7F
    The colors will fit the Fairy-type much more now.



    Editing the Incenses-babies.

    • Decompress arm9.bin
    • Go to offset 0×FF4AE*
    • You should see this:
    Code:
      68 01 FF 00 CA 00
      2A 01 FE 00 B7 00
      B7 01 3A 01 7A 00
      B6 01 3B 01 B9 00
      BE 01 3C 01 8F 00
      CA 01 3D 01 E2 00
      96 01 3E 01 3B 01
      B8 01 3F 01 71 00
      B1 01 40 01 66 01
    Format is BB BB II II DD DD.
    BB BB is the baby produced when at least one parent holds the corresponding item.
    II II is the item that at least one parent has to hold.
    DD DD is the default baby when none of the parent holds the corresponding item.

    For example we’re going to dissect the 7th row, shall we?
    96 01 is a Pokémon ID.
    Invert the 2 bytes and you get 01 96.
    Converting from base 16 to base 10 we get 406.
    Oh, it’s Budew!
    This is the same principle with the item ID and the default baby ID.
    Item ID: 3E 01 => 01 3E => 318 => Rose Incense
    Default baby ID: 3B 01 => 01 3B => 315 => Roselia

    The instruction is as follows: If at least one of the Parents hold the Rose Incense, Budew will hatch from the egg, otherwise Roselia hatch from the egg.

    So if you have understood, it means we basically have to replace all 9 instances of DD DD by their corresponding BB BB.

    • Change the previous bytes and you should obtain this:
    Code:
      68 01 FF 00 68 01
      2A 01 FE 00 2A 01
      B7 01 3A 01 B7 01
      B6 01 3B 01 B6 01
      BE 01 3C 01 BE 01
      CA 01 3D 01 CA 01
      96 01 3E 01 96 01
      B8 01 3F 01 B8 01
      B1 01 40 01 B1 01
    Neat, now how about you go and hatch that Budew without a Rose Incense, hum?

    * Regions’ differences:
    Code:
    Language          Offset
       
    Japanese          0×FFEC2 
    English           0×FF4AE
    French            0×FF492
    German            0×FF462
    Italian           0×FF426
    Spanish HG        0×FF496 
    Spanish SS        0×FF49E 
    Korean HG         0×FFB5A
    Korean SS         0×FFB52
    Heal Bell ignores the Soundproof’s check and behaves exactly like Aromatherapy

    Disclaimer: Read all the paragraph before attempting any manipulation.

    • Decompress overlay9_0012.bin
    • Go to the very bottom of the file
    • You should see something like that:
    Code:
    2D 00 2E 00 2F 00 30 00 67 00 AD 00 FD 00 3F 01
    40 01 30 01 95 01 C0 01
    Q: What are those?
    A: Those are the very moves blocked by Soundproof.

    Each move is 2 bytes long, for example let’s try this one: 30 01.
    Invert the 2 bytes and you get 01 30.
    Now convert from hex to decimal and you get 304.
    304 is the ID number for the move Hyper Voice!

    Well what move are we trying to break already? Oh yes, Heal Bell.
    So the move Heal Bell has been assigned the ID number 215.
    Okay 215 in hexadecimal is D7, since moves are 2 bytes long instead let’s go with 00 D7.
    Invert the 2 bytes and you get D7 00.
    Time to go and check against the previous string…


    HEY! But there’s no bytes equal to D7 00 in there!

    Explanation: Actually this string lists the moves blocked by an opponent’s Soundproof! Have you ever tried to use Heal Bell against that Exploud? Believe it or not but it will work.
    When it comes to the move Heal Bell, the game will instead perform a check against all of your team members’ abilities, and if a Pokémon affected by a major status condition happens to have Soundproof, it will not be healed.

    Tough luck, huh? But this will come to an end with those simple-to-follow steps.

    • Decompress overlay9_0012.bin
    • Go to offset 0×98A0* and change the value D7 into 00
    • Do the same at offset 0×21ADE*
    • Go to offset 0×98B0* and change the value 2B into FF (anything between 7C and FF included will do the trick)
    • Do the same at offset 0×9906* and offset 0×21AE4*

    Offset 0×98A0 is the check for Heal Bell’s execution for the Pokémon on the battlefield, on the side of the Heal Bell’s user.
    Offset 0×21ADE is the check for Heal Bell’s execution for the remaining team members of the Heal Bell’s user team.

    Offset 0×98B0 is the check for Soundproof against the Heal Bell’s user.
    Offset 0×9906 is the check for Soundproof against the teammate of the Heal Bell’s user (Double battle only).
    Offset 0×21AE4 is the check for Soundproof against the remaining team members of the Heal Bell user’s team.

    Basically the new instruction is: check if [Pokémon] used move with ID 0 and check for every instance of ability with ID 255.

    You shouldn’t replace 2B by 00, because the ability with ID number 0 is used in-game when an ability gets cancelled (Gastro Acid comes to mind), whereas you can replace D7 by 00 since there is no legitimate way to get the move with ID number 0.

    * Regions’ differences:
    Code:
    Language            Offset 1               Offset 2               Offset 3               Offset 4               Offset 5
       
    Japanese            0×98A8                 0×98B8                 0×990E                 0×21AE6                0×21AEC
    Korean              0×98A4                 0×98B4                 0×990A                 0×21AE2                0×21AE8
    Others              0×98A0                 0×98B0                 0×9906                 0×21ADE                0×21AE4



    Complete type chart



    This is the type-chart:

    Code:
    000505
    000805
    0A0A05
    0A0B05
    0A0C14
    0A0F14
    0A0614
    0A0505
    0A1005
    0A0814
    0B0A14
    0B0B05
    0B0C05
    0B0414
    0B0514
    0B1005
    0D0B14
    0D0D05
    0D0C05
    0D0400
    0D0214
    0D1005
    0C0A05
    0C0B14
    0C0C05
    0C0305
    0C0414
    0C0205
    0C0605
    0C0514
    0C1005
    0C0805
    0F0B05
    0F0C14
    0F0F05
    0F0414
    0F0214
    0F1014
    0F0805
    0F0A05
    010014
    010F14
    010305
    010205
    010E05
    010605
    010514
    011114
    010814
    030C14
    030305
    030405
    030505
    030705
    030800
    040A14
    040D14
    040C05
    040314
    040200
    040605
    040514
    040814
    020D05
    020C14
    020114
    020614
    020505
    020805
    0E0114
    0E0314
    0E0E05
    0E1100
    0E0805
    060A05
    060C14
    060105
    060305
    060205
    060E14
    060705
    061114
    060805
    050A14
    050F14
    050105
    050405
    050214
    050614
    050805
    070000
    070E14
    071105
    070805
    070714
    101014
    100805
    110105
    110E14
    110714
    111105
    110805
    080A05
    080B05
    080D05
    080F14
    080514
    080805
    FEFE00
    000700
    010700
    FFFF


    Here is its format :
    AA DD EE
    _AA : attack type
    _DD : defender type
    _EE : effectiveness
    those 3 bytes are repeated consecutively for basically each type, and the table will end at the first occurrence of AA DD equal to FF FF.

    AA and DD can take one of the following values :
    _0×00 : Normal
    _0×01 : Fighting
    _0×02 : Flying
    _0×03 : Poison
    _0×04 : Ground
    _0×05 : Rock
    _0×06 : Bug
    _0×07 : Ghost
    _0×08 : Steel
    _0×09 : ???
    _0×0A : Fire
    _0×0B : Water
    _0×0C : Grass
    _0×0D : Electric
    _0×0E : Psychic
    _0×0F : Ice
    _0×10 : Dragon
    _0×11 : Dark

    EE can take one of these 4 values :
    _0×00 : ineffective
    _0×05 : not very effective
    _0×0A : normal damage
    _0×14 : super effective

    As you have guessed, EE is actually a multiplier, but before the effect is applied, EE is divided by 10, thus the origin of the coefficients ×0, ×0.5, ×1 and ×2 !

    But there's a first problem, if you try to search for 00 05 05 00 08 05 0A 0A 05, etc. in the ROM, your hex editor of choice will return no results!
    This is because the overlay that contains the table (overlay 12 here) is LZ-compressed (all overlays are compressed in HGSS anyways).
    Decompress it with Crystal Tile 2 for example.

    Okay now you search through the decompressed overlay 12 with your hex editor, and now you have found the string, great; but there's a second problem!
    Look at the table, there's no EE bytes whose value is equal to 0×0A!
    That's because 0A is the default multiplier in Gen 4 Pokémon games, which is why ???-typed moves/Pokémon deal/take neutral damage to/from everything. But unlike Gen 2 and Gen 3, thanks to the Physical-Special split, ???-typed moves are actually able to deal damage greater than 1HP (read real damage).
    How is it going to affect us?
    Well you're going to have a hard time if you want to port the Fairy type effectiveness in HGSS (for the sake of an example).
    If you try to add (DON'T !) even only one more relationship, once you get into a fight you will break the game since the arm9 code will read wrong instructions from everything in the overlay 12 that come after the type table…


    How to trick the game then?
    First you have to understand how the game works:
    Let's say you have 2 main states in Pokémon games, the overworld and the fights.
    The game needs to load the following overlays for the overworld: 1, 2, 3 and 27 (Group 1)
    And it needs to load these for the fights : 6, 7, 10, 12, and 18 (Group 2)
    Actually the overlay 10 is loaded every time you get to choose your action, the overlay 7 when you have chosen said action (and initially at the beginning of the fight too).

    Once you press continue on the menu screen, the game will load the group 1, and when you get in a fight, it will load the group 2, once you are finished with your fight the game will load again the group 1, etc.
    You can see that with the RAM Viewer around address 0×021D0E00 for those who are curious
    It's something like this:

    Overworld:
    Code:
    01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00
    03 00 00 00 01 00 00 00 1B 00 00 00 01 00 00 00
    Fight:
    Code:
    0C 00 00 00 01 00 00 00 12 00 00 00 01 00 00 00
    06 00 00 00 01 00 00 00 0A 00 00 00 01 00 00 00


    If you parse through the RAM, you'll see that when the overlays from one group are loaded, the previous overlays who happened to be there will be overwritten.

    The trick here is to find a place in the RAM that is not used during the fights and that could be used to fit in the new table.
    And such an area exists!
    It just so happen that overlay 18 and overlay 1 have the same offset in the RAM, but ovl_1 is much longer than ovl_18! That's exactly what we need.

    What does it means? It basically means that the ovl_1 leftovers is basically free space during the fights!


    Modus Operandi

    Step 1
    Open your Pokémon HeartGold or Pokémon SoulSilver ROM in Crystal Tile 2.



    Step 2
    Click the NDS icon (or alternatively click Ctrl+N).


    Expand the window if necessary.

    Step 3
    Right-click on overlay9_0012.bin and click Extract (not Export !), this will actually decompress the overlay.


    Step 4
    Do the same for overlay9_0018.bin.

    Step 5
    Open both decompressed files in a hex editor.

    Step 6
    Add your improved type-chart at the end of overlay9_0018.bin



    I advise you to make a full chart with all 324 relationships from the get-go, so that if you want to change something, you won't have to go through all the trouble again.
    Or you can take mine, which is up to date with the relationships according to Gen 6 :

    Code:
    00000A00010A00020A00030A00040A00050500060A00080500090A000A0A000B0A000C0A000D0A000E0A000F0A00100A00110A
    01001401010A01020501030501040A010514010605010814010905010A0A010B0A010C0A010D0A010E05010F1401100A011114
    02000A02011402020A02030A02040A02050502061402070A02080502090A020A0A020B0A020C14020D05020E0A020F0A02100A02110A
    03000A03010A03020A03030503040503050503060A030705030800030914030A0A030B0A030C14030D0A030E0A030F0A03100A03110A
    04000A04010A04020004031404040A04051404060504070A04081404090A040A14040B0A040C05040D14040E0A040F0A04100A04110A
    05000A05010505021405030A05040505050A05061405070A05080505090A050A14050B0A050C0A050D0A050E0A050F1405100A05110A
    06000A06010506020506030506040A06050A06060A060705060805060905060A05060B0A060C14060D0A060E14060F0A06100A061114
    07000007010A07020A07030A07040A07050A07060A07071407080A07090A070A0A070B0A070C0A070D0A070E14070F0A07100507110A
    08000A08010A08020A08030A08040A08051408060A08070A080805080914080A05080B05080C0A080D05080E0A080F1408100A08110A
    09000A09011409020A09030509040A09050A09060A09070A09080509090A090A05090B0A090C0A090D0A090E0A090F0A091014091114
    0A000A0A010A0A020A0A030A0A040A0A05050A06140A070A0A08140A090A0A0A050A0B050A0C140A0D0A0A0E0A0A0F140A10050A110A
    0B000A0B010A0B020A0B030A0B04140B05140B060A0B070A0B080A0B090A0B0A140B0B050B0C050B0D0A0B0E0A0B0F0A0B10050B110A
    0C000A0C010A0C02050C03050C04140C05140C06050C070A0C08050C090A0C0A050C0B140C0C050C0D0A0C0E0A0C0F0A0C10050C110A
    0D000A0D010A0D02140D030A0D04000D050A0D060A0D070A0D080A0D090A0D0A0A0D0B140D0C050D0D050D0E0A0D0F0A0D10050D110A
    0E000A0E01140E020A0E03140E040A0E050A0E060A0E070A0E08050E090A0E0A0A0E0B0A0E0C0A0E0D0A0E0E050E0F0A0E100A0E1100
    0F000A0F010A0F02140F030A0F04140F050A0F060A0F070A0F08050F090A0F0A050F0B050F0C140F0D0A0F0E0A0F0F050F10140F110A
    10000A10010A10020A10030A10040A10050A10060A10070A100805100900100A0A100B0A100C0A100D0A100E0A100F0A10101410110A
    11000A11010511020A11030A11040A11050A11060A11071411080A110905110A0A110B0A110C0A110D0A110E14110F0A11100A111105
    FEFE00000700010700FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF


    Step 7
    In overlay_0012:
    • search for 7CCC2602* and change it for 60BE1F02* (4 occurrences)
    • search for 7DCC2602* and change it for 61BE1F02* (3 occurrences)
    • search for 7ECC2602* and change it for 62BE1F02* (3 occurrences)
    Code:
    Language     original pointers    updated pointers
    
    Japanese     78C12602             E0B01F02
                 79C12602             E1B01F02
                 7AC12602             E2B01F02
                
    English      7CCC2602             60BE1F02
                 7DCC2602             61BE1F02
                 7ECC2602             62BE1F02
                
    French       9CCC2602             A0BA1F02
                 9DCC2602             A1BA1F02
                 9ECC2602             A2BA1F02
    
    German       5CCC2602             60BA1F02
                 5DCC2602             61BA1F02
                 5ECC2602             62BA1F02
    
    Italian      1CCC2602             20BA1F02
                 1DCC2602             21BA1F02
                 1ECC2602             22BA1F02
    
    Spanish HG   9CCC2602             A0BA1F02
                 9DCC2602             A1BA1F02
                 9ECC2602             A2BA1F02
    
    Spanish SS   BCCC2602             C0BA1F02
                 BDCC2602             C1BA1F02
                 BECC2602             C2BA1F02
    
    Korean       80D62602             A0C41F02
                 81D62602             A1C41F02
                 82D62602             A2C41F02

    As you have guessed, the pointers will point to the type table, what you did here is relocating the pointers to the new and (admittedly) more complete table.

    Step 8
    Save both files and close your hex editor.

    Step 9
    Back to Crystal Tile, right-click on overlay_0012.bin and click Compression, this will actually import the LZ-compressed of your file back into the ROM.



    Step 10
    Do the same for overlay_0018.bin, but be careful now the file is too large to be contained between ovl_17 and ovl_19 even when compressed ! But do not fret, Crystal Tile will take care of that for you.


    Just click OK.

    Step 11
    Close Crystal Tile 2, and now your ROM is ready.

    Want to make Poison super-effective against Water ? Sure thing mate.
    Want to make Ice resistant to Dragon ? Knock yourself out !
    Want to add all the Fairy type relationships ? That's the reason that drove me to think outside the box and find a way to present you this.



    Wow ! And I'm still not done, but others discoveries will be for another time, I think those will take enough of your time to swallow.

    Other discoveries include:
    • Adding a functional item (why not, the Pixie Plate)
    • Adding an item's effect ID to the list of ×1.2 type-enhancer items
    • Edit the move Judgment so it takes into account the Fairy-Type, yes the case for type 9 is not taken into account in the move's code
    • Edit Pokémon coordinates and shadow on the battlefield (not by me)

    Another notes:
    • The code for evolution methods 18, 19 and 1A was scrapped in HGSS
    • Explorer Kit was dummied out in HGSS, it will appear as a blank item
    • There's NO way to legitimately make Arceus stay in its ??? form in gen IV games without modifying the code, in the code the case for type 9 (???-type) is simply non-existant, plus even if you could get it you would have to modify the move Judgment too.


    So, what do you think?
    Reply With Quote

    Relevant Advertising!

      #2    
    Old September 9th, 2014 (4:36 AM).
    AkimotoBubble AkimotoBubble is offline
       
      Join Date: Aug 2014
      Gender: Male
      Posts: 48
      The discovery of magic, and why I didn't see a bin file
      __________________
      i am bubble,and sorry my english is not good ......
      Reply With Quote
        #3    
      Old October 3rd, 2014 (5:46 PM).
      AkimotoBubble AkimotoBubble is offline
         
        Join Date: Aug 2014
        Gender: Male
        Posts: 48
        i want know where have the overlay9_0006.bin or how can Decompress get it
        Reply With Quote
          #4    
        Old January 26th, 2016 (12:23 AM).
        walnut3072's Avatar
        walnut3072 walnut3072 is offline
        Quan Giang
           
          Join Date: Jan 2016
          Location: Vietnam
          Gender: Male
          Posts: 38
          This is huge!. Is it possible to change the ???-type icon to the pinky Fairy one. If yes, can you show us how to do that.
          Thank you for sharing. I hope you will post more of your dicoveries soon.
          __________________
          http://www.pokecommunity.com/showthread.php?t=366156
          Reply With Quote
            #5    
          Old May 26th, 2016 (11:33 AM).
          georgeamos georgeamos is offline
             
            Join Date: Nov 2015
            Gender: Male
            Nature: Quiet
            Posts: 2
            I don't understand.
            Reply With Quote
              #6    
            Old June 6th, 2016 (5:05 PM).
            DSg077's Avatar
            DSg077 DSg077 is offline
               
              Join Date: Sep 2014
              Gender: Female
              Posts: 12
              For some reason, after I make the changes the save option for Crystal Tiles is greyed out and I can't save. Is there something I'm not doing correctly. I was trying to edit a romhack if that helps.
              Reply With Quote
                #7    
              Old June 28th, 2016 (2:43 PM).
              MeroMero's Avatar
              MeroMero MeroMero is offline
                 
                Join Date: Sep 2014
                Gender: Male
                Posts: 48
                Quote:
                Originally Posted by DSg077 View Post
                For some reason, after I make the changes the save option for Crystal Tiles is greyed out and I can't save. Is there something I'm not doing correctly. I was trying to edit a romhack if that helps.
                Actually it's simple, if you modified your ROM just try to close CrystalTile and it should bring up a confirmation window (twice if you click the uppermost cross), then click Yes.
                Reply With Quote
                  #8    
                Old August 12th, 2016 (7:27 AM).
                Splash's Avatar
                Splash Splash is offline
                But nothing happened.
                   
                  Join Date: Oct 2009
                  Location: Just use an Old Rod
                  Gender: Male
                  Nature: Hasty
                  Posts: 672
                  When you say: Add your improved type-chart at the end of overlay9_0018.bin
                  Do you mean really add them therefore extending the bytes used or adding them by modifying the bytes placed near the end? It's kinda vague sorry if I don't get it at all.
                  __________________
                  ༼ つ ◕_◕ ༽つ PRAISE Splash ༼ つ ◕_◕ ༽つ
                  |VM|Flare Red Version|PM
                  |
                  Reply With Quote
                    #9    
                  Old September 15th, 2016 (10:40 AM).
                  Messiakei Messiakei is offline
                     
                    Join Date: Sep 2016
                    Gender: Male
                    Posts: 1
                    May someone just upload HeartGold with Fairy Type in game I don't want to download SunGold (Not because it's a bad hack just because I want a HeartGold with just Fairy Type added and not everything changed)
                    Reply With Quote
                      #10    
                    Old 3 Weeks Ago (9:31 PM). Edited 2 Weeks Ago by Lagniappe.
                    Lagniappe's Avatar
                    Lagniappe Lagniappe is offline
                       
                      Join Date: May 2017
                      Posts: 1
                      Thank you for the wonderful tutorial, Meromero. It was quite easy to follow and I managed to insert everything and have it function. However, I have a question. Where do I find the type icons, so I may add the fairy icon? I combed through all of the "a" folders with CrystalTile, but I can't seem to find them at all.
                      EDIT: I ended up finding it using Desmume's palette function and by searching through the hex. For anyone in the future who is curious: It's located in the a/0/0/8 file. There's another one in "batt_obj.narc" located in the pbr folder, but those are just holdovers from D/P/P and will do nothing if you change it.
                      Reply With Quote
                      Reply
                      Quick Reply

                      Sponsored Links
                      Thread Tools

                      Posting Rules
                      You may not post new threads
                      You may not post replies
                      You may not post attachments
                      You may not edit your posts

                      BB code is On
                      Smilies are On
                      [IMG] code is On
                      HTML code is Off

                      Forum Jump


                      All times are GMT -8. The time now is 5:31 PM.