4th Gen Mystery Gift Shiny Prevention in D/P/P

[SCV]

Mystery Gift Shiny Prevention in D/P/P with video (check fist post)

Here is a link to the video I made I will write an explanation of what is going on and post it as soon as I finish. https://rapidshare.com/files/173485208/MG.avi

I also made a video for Manaphy being able to hatch shiny. https://rapidshare.com/files/173635424/Manaphy.avi
-----------------------------------------------------------------------
Hi everyone. Just thought you might all want to know about an interesting piece of code that I found in the DS pokemon games.

There was a rumor that Mystery Gift pokemon could not be shiny. This was said by some people on smogon.

I finally got the time to study the Mystery gift pokemon generation routine.

After the PID is calculated, there is a shiny check. If the pokemon is shiny it calculates another PID and then checks again. It keeps doing this untill its not shiny.

This does not come into effect for pokemon like WCS milotic who are set to always be shiny.

But as long as it has variable nature/gender/ability it cannot be shiny.

Think of this as Nintendo's way of making shiny events more special.


What this means is that any shiny mystery gift event pokemon that someone is offering is a hack (except WCS Milotic). It doesn't matter who checked it. A hack checker is only as good as how much knowledge he/she has. Since this is a new discovery most hack checkers don't have this knowledge.

EDIT: Another interesting note is that they tried to prevent shiny manaphys was well. But I found a bug in the code that makes them possible if you trade the egg you received from the green man and the trainer you traded it to has a "proper" ID and Secret ID.

_______________________________________________________________

The video is uploaded here are some notes:

The following are used.
ID = 06218 = 0x184A
SID= 31630 = 0x7B8E

Use a hex/decimal converter to get the numbers on the right. We do this because data it is more convenient to study data in hex notation than in decimal notation.

Now the first thing I do is set up a breakpoint for the value that I figured out is the multiplier value for the special RNG (Random Number Generator) used in the generation of mystery gift pokemon.

What will happen is that when the game gets to that line of code (during the generation of the Deoxys) it will pause the game and let me look at the current data.

What happens is that the game pulls two half words (word == 4 Bytes) from two specific locations; 0x21D37B4 and 0x4000100.

It takes those two and makes a word, stored in r0.

Line 0x201BA12 reads mul r1, r0
This means that the values in r1 and r0 get multiplied. The result is store in r1.
The next line is add r0, r1, 1.
This means add 1 to r1 and store the result in r0.
This will be the the PID of the pokemon pending a successful non-shiny check.

Shortly after the game returns to 0x2042FB8, then shortly after it comes to line 0x2042FC8 : bl 2068AACh

This is the call to the (non-)shiny check function. This function check whether the pokemon fails to be shiny. (this is 29 seconds into the video)

Now when the game reaches the shiny check. The values in r0 and r1 are the "Full ID", that is a word such that the first half word (from left to right) is the ID and the second is the Secret ID, and the PID, respectively.

Now, the way shinyness is determing is that the PID is split up into two half words, we will call on HID and the other LID, the following opetation is computed:
HID xor LID xor SID xor ID
You use the associative law (which hold for this operation to compute)

Then if the result is strictly less that 8 (0 to 7) the pokemon is shiny. Otherwise it is not shiny. This is where the 8/65535 = 1/8192 shiny probability comes from.

The actual computation of xot operation is done in lines 0x2068ABC, 0x2068AC0, and 0x2068AC2. Then in line 0x2068AC4, the result is compare to 8.
In line 0x2068AC6, the game checks whether the results of the comparison was that the value calculated was greater than or equal to 8 (i.e., checks whether it is not shiny)

If it turns out to be true the function returns 0.
When it gets back to 0x2043FCC it compares the value returned to 0.

It it is 0 then the game skips the section of code from 0x2042FD0 to 0x2042FE6 and continues with the pokemon generation.

I did a second run of the Deoxys to tamper with the results for demostration purposes. What I do is change the values of the result of
HID xor LID xor SID xor ID so that the game will think it was less than 8. Then show what happens.

When this happens the game goes to line 0x2068AC8 rather than 0x2068ACC and stores 1 in r0 rather than 0 in r0.
This causes 0x2042FCE to display false and this time the =section of code from 0x2042FD0 to 0x2042FE6 is not skipped. Once again 0x201BA10 is called (to calculate the PID), this time from line 0x2042FD2 and then 0x2068AAC (to check shinyness) from line 0x2042FDC.

I then make it fail 2 more times to demostrate that it will loop and get another PID, then check again, then get another PID then check again, etc until the result of HID xor LID xor SID xor ID is greater or equal to 8.

I included the manaphy egg case to show that it does not go through the same check at time of receipt.

Feel free to ask any questions.

 

[Carrier]

Very good to know, if this is true. I'm glad I didn't spend hours SRing for shiny Darkrai earlier. :P

 

[SCV]

Very good to know, if this is true. I'm glad I didn't spend hours SRing for shiny Darkrai earlier. :P

Would making a video about it make it easier for everyone to believe?

Most people won't understand it because you have to know assembly to fully understand. But, if it will help I am willing to make it.

 

[Ripper]

I know nothing about assembly or anything, but I thought this was pretty clear cut, you can't get shiny events, except Milotic.

 

[Zebra Thunderhead]

I can provide proof of shiny Mystery Gift events, but can you do the same?

 

[Ripper]

I can provide proof of shiny Mystery Gift events, but can you do the same?

Touché

I suppose a video is a must then :D

 

[SCV]

I can provide proof of shiny Mystery Gift events, but can you do the same?

You can't because they can't be shiny. What is your proof?

If you can really prove it then there would be no point in me making a video. (You can't but if you tell me why you think you can I can point out your mistake).

By the way, it is impossible to prove that a pokemon is legit. Even if it is. It is only possible to prove (in some cases) that it is not.

 

[Zebra Thunderhead]

And what checker do you use SVC, Sabresite's? Sabresite's checker is a bad joke.

The whole irony of this issue is hilarious. You, fenzo666, are one of the reasons for hacked Pokemon. And now you're trying to tell people what's legit when you made Pokesav? What exactly are you trying to accomplish with this?

 

[SCV]

And what checker do you use SCV, Sabresite's? Sabresite's checker is a bad joke.

I used no$gba debugger.
https://nocash.emubase.de/gba-dev.htm
https://nocash.emubase.de/gbapics.htm

Like I said elsewhere, a checker is only as good as the knowledge of the coder and or the checker. This is new knowledge so most checkers don't include it.

The whole irony of this issue is hilarious. You, fenzo666, are one of the reasons for hacked Pokemon. And now you're trying to tell people what's legit when you made Pokesav? What exactly are you trying to accomplish with this?

It seems that you have quite a bit of information wrong there.
Pokesav was made by COM: https://pokesav.umimi.com/

Also, there is illegal hacked pokemon and legal hacked pokemon.

Legal hacked pokemon are no different than legit pokemon except that the legit one was generated as nintendo intended. There are alot of hacks roaming the pokemon trading communities because of the pokesav that COM created. What we try to do is give a way to at least make sure they are legal. The shiny events you are offering are illegal hacks.

Legal.exe produces the same results as loadingNOW's pAC, is that a joke too? Actually legal.exe handles more cases than pAC.


I am just trying to make sure people don't get scammed by others offering illegal hacked pokemon.

Just like loadingNOW's research led to pAC, research done by Sabresite, loadingNOW, tsanth and me, a few others as well, contributed to making legal.exe as conprehensive as it is.

 

[xLIVENUDESx]

But your legit.exe makes legit files come out hacked. I used it on numerous files which were legit by 2 other ways, and once I put them into legit.exe, they came out as hacks.

 

[SCV]

But your legit.exe makes legit files come out hacked. I used it on numerous files which were legit by 2 other ways, and once I put them into legit.exe, they came out as hacks.

There are some algorithms that have not been figured out. Like the ones for the gamecube game. I shall study those eventually. Others don't have an algorithm. Like mystery gift and hatched pokemon.

Are you sure those were legit? Did you get them yourself?

 

[xLIVENUDESx]

Yes. There was 7 GameStop Deoxys, 4 TRU Dragonites, and 2 ALAMOS Darkrais. I got all of them myself, so don't question where I got them.

 

[SCV]

Yes. There was 7 GameStop Deoxys, 4 TRU Dragonites, and 2 ALAMOS Darkrais. I got all of them myself, so don't question where I got them.

The algorithm for those was not known. So it can't check them. Now that I figured out that there is no algorithm, we know we can never them (for an IV/PID relationship)

 

[Zebra Thunderhead]

I used no$gba debugger.
https://nocash.emubase.de/gba-dev.htm
https://nocash.emubase.de/gbapics.htm

Like I said elsewhere, a checker is only as good as the knowledge of the coder and or the checker. This is new knowledge so most checkers don't include it.

The GBA Debugger doesn't say anything about checking stuff. No$gba is a software based development tool for testing and debugging of Gameboy Advance and Nintendo DS software, running on Windows 95 platforms and it doesn't have anything to do with checking events. I'm a pretty knowledgible checker as is a friend of mine and we've both checked a shiny ALAMOS Darkrai and a shiny Eigakan Shaymin and they both come out legit. I can provide screenshots if truly necessary. Care to explain how that's possible?

There's no such thing as "legal hacked Pokemon". The whole title itself is a paradox and oxymoron. As said, my shiny ALAMOS Darkrai and shiny Eigakan Shaymin both come out legit through a much more reliable hex checker. If my knowledge is correct, pAC sees anything with a Cherish Ball as hacked. The checker I used doesn't. The checker I use is the new method. So yes, pAC is a joke too.

 

[randomspot555]

I can provide proof of shiny Mystery Gift events, but can you do the same?

Please do. I'd love to see the evidence both have. The only evidence I see on this site is in the Wi-Fi Trade corner rules, which reads

These shiny events we do allow, as we have recieved reliable information that these Pokémon can indeed be shiny.

Then links to the event list, which just says "Can be shiny" when an event is said to be able to.

Looking at other communities, Serebii's trade board bans them on how unlikely it is anyone would actually trade them away, and SkittyonWailord talked to a NOA executive who confirmed that 4th gen event can't be shiny (she even specifically asked if it could be done by saving in front of the deliveryman and re-starting, like SRing for an in-game legend). I checked both Psypokes and Smogon, but they don't have any rules about event trading at all.

More so, how does one get a 4th gen event shiny from a wonder card? Re-setting? IT just comes out as such? You'd think someone would've personally obtained one by now.

EDIT: The NOA exec that Skittyonwailord talked to is Mike Liesik, where she was a judge at one of the Pokemon tournaments. They also had some type of hack checking device called (I think) Nintendo ROM Checker.

Her conversation with him:
Me: So, I was wondering, can any of the D/P events ever be shiny?
Mike: Darkrai, no. I'm not sure on the rest but I don't think so.
Me: Thank you. You saved me alot of SRing time.

EDIT#2: I can provide a link to the exact post via PM, since the site blocks most outside links to prevent advertising spam.
​

 

[SCV]

The GBA Debugger doesn't say anything about checking stuff. No$gba is a software based development tool for testing and debugging of Gameboy Advance and Nintendo DS software, running on Windows 95 platforms and it doesn't have anything to do with checking events. I'm a pretty knowledgible checker as is a friend of mine and we've both checked a shiny ALAMOS Darkrai and a shiny Eigakan Shaymin and they both come out legit. I can provide screenshots if truly necessary. Care to explain how that's possible?

no$gba debugger run perfectly on my 64-bit vista and on 32-bit XP.

no$gba debugger has a disassembler that allows you to see the games code (in THUMB and ARM ASM). You can set breakpoints in various ways and get a handle of what the game is doing. That is what I did. I had to try to find where the PID was determined.

First I found where the template pokemon was stored. Then I set a breakpoint for when the value of the PID was changed.

Then I had to go a bit backward and figure out where thee number that was put in that location gotten from. This had several levels and eventually I got to a place where I saw a shiny check. This was the end of the quest to determine whether the rumor that mystery gift pokemon could not be shiny was true or false. It was true. Then I did some more seaching to see if an algorithm would be possible. Eventually I saw that it wasn't because the IVs are calculated completely separate from the IVs. The PID uses a different PRNG than the IVs and the PID/IVs of wild pokemon.

Knowledge about hack checking can only be obtained through what I did. loadingNOW did the same thing (though it was probably harder for him since there was no precendence).

No screenshot you provide will prove that its legit. Unless you got it yourself and are willing to put your reputation on the line, you cannot affirm with 100% certainty that its legit.

There's no such thing as "legal hacked Pokemon". The whole title itself is a paradox and oxymoron. As said, my shiny ALAMOS Darkrai and shiny Eigakan Shaymin both come out legit through a much more reliable hex checker. If my knowledge is correct, pAC sees anything with a Cherish Ball as hacked. The checker I used doesn't. The checker I use is the new method. So yes, pAC is a joke too.

Just because pAC and legal.exe don't test obvious things doesn't mean they are a joke. They assume that you are competent enough to check for obvious things yourself. What would this "more reliable hex checker" be?


I will be making the video later tonigh or tomorrow morning.

 

[xLIVENUDESx]

That still didn't answer our primary question. How come the shiny ALAMOS Darkrai and shiny Eigikan Shaymin come out as legit when checked?

I also just used your nifty "legal.exe" to check both, and they both came out as legit. So please explain that, and don't jump around it.

 

[SCV]

That still didn't answer our primary question. How come the shiny ALAMOS Darkrai and shiny Eigikan Shaymin come out as legit when checked?

I also just used your nifty "legal.exe" to check both, and they both came out as legit. So please explain that, and don't jump around it.

Well when you checked them before it was because this was only a rumor, so it was not something checked for. I did say that before. This was when I talked about some algorithms not being known.

These some relevant things from the update log:

Update vB50
- Fixed a bug with mystery gifts showing as hacks when they weren't.
- Added the hatched manaphy PID. If the manaphy egg is shiny, the hatched pid will be different.
- Added a Readme.txt!
Update vB49
- Added Pokemon Ranger Manaphy Event algorithm. Thanks to SCV for finding this.
- Hatched Manaphys from Pokemon Ranger cannot be shiny. Thanks to SCV for finding this algorithm.
Update vB48
- All Mystery Gift pokemon with static Pokemon IDs will now verify against an internal list.
- Added nature/ability-class/gender output
- Redid a bit of the output formatting
- Changed values from hex to decimal
Update vB47
- Added a Shiny Check for Mystery Gift Pokemon. Pokemon from an NDS wondercard cannot be shiny.
- Added WCS Milotic to the exception list. Please redownload if your WCS Milotic comes up hacked.

Maybe when he did update vB50, he introduced another bug. Also depending on how he implemented the shiny check.

When I get some time later tonight I will look at the source and see if there is a bug. Did you use the latest version?

 

[xLIVENUDESx]

You STILL fail to answer the question. Quit jumping around and just answer it already.

I just checked both using vB50. I also took all my purposely hacked events and checked them with the new legal.exe.

They all came out as legit, so how can legal.exe even be declared a checking method.

It also said that a TCGWC Pikachu that I got MYSELF was hacked and "Genderless"

 

[SCV]

You STILL fail to answer the question. Quit jumping around and just answer it already.

I just checked both using vB50. I also took all my purposely hacked events and checked them with the new legal.exe.

They all came out as legit, so how can legal.exe even be declared a checking method.

It also said that a TCGWC Pikachu that I got MYSELF was hacked and "Genderless"

Again, nothing can tell you that something is legit. Also I am not the maker of legal.exe nor do I use it.

Legal.exe can be used to identify some hacks NOT all hacks.
I have no need to use it because I am knowledgeable enough not to need it. I already answered your question. If they did not come up as hacked then its a bug. Don't worry about the "Genderless" part, legal.exe does not have the proper database to determine genders correctly.

In order for me to determine the any bugs I would need a copy of the pokemon that is causing problems.

Remember legal.exe is still in beta.

Can you get me a screenshot of the legal.exe summary of shiny darkrai that comes out as legal?