Low Lines
Graphical Artist/Programmer
- 14
- Posts
- 15
- Years
- Seen Jan 15, 2011
Okay, I've been working at hacking the save data of my Pokemon Ranch, so basically I can put a couple of those event pokemon which unlock stuff on certain games onto my DS Game, since I live in rural place and haven't a hope at ever getting them physically.
I have a fairly good understanding of the structure of the WiiWare games save data and at the moment I am trying to decrypt a pokemon that was transferred to it from your DS.
The attached file is the Ranch Pokemon Data for a Lv50 Japanese Movie Darkrai. Note that pokemon stored on the Ranch have 164 bytes allocated to them, the first 136 bytes being (and I'm pretty sure on this) the pokemon file structure (with bytes 0x8-0x87 encrypted). And the last 28 bytes of the file are used by the ranch (such as locking a Pokemon to a specific DS game card). Also the Wii stores data in Big Endian format which is the opposite to the DS games.
Now I can't seem to decrypt the Pokemon Data, so I assume my PRNG code is wrong. Can someone who understands Linear Congruential Generator Alogarithms somewhat check or rather help me work out how I'd go about writing the function in Java?
Bulbapedia has documentation (see Pokémon data structure in the DS) but I haven't played with Mathimatical Functions in several years so it's a bit of a nightmare at the moment for me.
Any help is appriciated!!
[edit]
OK the first thing I'm not sure about is generating the PRNG.
According to Bulbapedia, it can be represented in the form:
Where X[n] is the Checksum.
So say using the Darkrai I mentioned earlier, the checksum would be 0x9ED1. What I hate is I know I did this sort of thing at school and it was fairly easy to do, but now I've forgotten :(
[edit2]
After a little more work, I think that Ranch has a different PRNG values.
An XOR comparison with the first 3 WORDS in the file...
It's a shame there isn't a Wii/WiiWare equivalent Emulator with Debugging like No$GBA :p
[edit3]
Heh, just worked it out on my own, the Pokemon Data is a straight copy from the DS Game Card (meaning it's in Little Endian), I realised that when I figured out what part of the PRNG I was doing wrong. I ought to be able to hack Pokemon now on Ranch ^_^
I have a fairly good understanding of the structure of the WiiWare games save data and at the moment I am trying to decrypt a pokemon that was transferred to it from your DS.
The attached file is the Ranch Pokemon Data for a Lv50 Japanese Movie Darkrai. Note that pokemon stored on the Ranch have 164 bytes allocated to them, the first 136 bytes being (and I'm pretty sure on this) the pokemon file structure (with bytes 0x8-0x87 encrypted). And the last 28 bytes of the file are used by the ranch (such as locking a Pokemon to a specific DS game card). Also the Wii stores data in Big Endian format which is the opposite to the DS games.
Now I can't seem to decrypt the Pokemon Data, so I assume my PRNG code is wrong. Can someone who understands Linear Congruential Generator Alogarithms somewhat check or rather help me work out how I'd go about writing the function in Java?
Bulbapedia has documentation (see Pokémon data structure in the DS) but I haven't played with Mathimatical Functions in several years so it's a bit of a nightmare at the moment for me.
Any help is appriciated!!
[edit]
OK the first thing I'm not sure about is generating the PRNG.
According to Bulbapedia, it can be represented in the form:
Code:
[I]X[n+1] = (0x41C64E6D * X[n] + 0x6073)[/I]So say using the Darkrai I mentioned earlier, the checksum would be 0x9ED1. What I hate is I know I did this sort of thing at school and it was fairly easy to do, but now I've forgotten :(
[edit2]
After a little more work, I think that Ranch has a different PRNG values.
An XOR comparison with the first 3 WORDS in the file...
Code:
1000000001111111 0x807F (POKE ID ENCRYPTED)
0000000111101011 0x01EB (POKE ID #491)
1000000110010100 0x8194 (XOR)
1110100111001001 0xE9C9 (ITEM ENCRYPTED)
0000000000000000 0x0000 (ITEM #0)
0001100111001001 0xE9C9 (XOR)
1000100000001011 0x880B (OT ID ENCRYPTED)
0100110010010011 0x4C93 (OT ID #19603)
1100010010011000 0xC498 (XOR)[edit3]
Heh, just worked it out on my own, the Pokemon Data is a straight copy from the DS Game Card (meaning it's in Little Endian), I realised that when I figured out what part of the PRNG I was doing wrong. I ought to be able to hack Pokemon now on Ranch ^_^
Last edited:
