Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - FroggestSpirit

Pages: [1]
Has anyone made a better bootstrap code using something like wack0's gameshark code?
I was able to have a JP D53B stored as the last 3 bytes of my trainers name (this only works if your name is short enough)
The only downside is that I had my 6th pokemon turn into ID F9, so when I arranged my party like:
6 pokemon:
ID F9 pokemon

it works well, taking you to the first item in the PC, however it messes up battle sprites due to the missingno
Edit:also irrelevant, but I did this on the VC re-release
Getting a bad egg relies purely on the checksum. The ball you catch a pokemon in does not matter (though it just happened that the way your poke'mon data was encrypted resulted in it changing, based on the PID TID combo).

Basically... the PID of the pokemon and your TID (including secret ID) get Xor'ed together. That result is Xor'ed throughout the 4 groups of data (GAME for example). When doing the double corrupt, the encryption needs to happen, so that NONE of the bits in that data get changed (meaning they are already set after the encryption takes place) If any of them change, it wont match the checksum anymore, and the game will turn it into a bad egg.

The double corruption will turn it into a bad egg the first time. As long as you don't look at it in the PC, (or even hover over it with the cursor) you can still use the second corruption to "fix" the checksum back, and switch the data structure.

PID: 0x82FD5C3F corrupted to 0x87FD5C3F
SubStructure 7 corrupted to 15
Attacks turned into EV's/Contest stats
Growl/splash/mist/raindance (all with max pp-ups except raindance to keep that feel low)

EV's to Growth (to stantler, and holding a leichi berry)

Growth to attacks (glitch move from exp or something. Sacred fire from holding lax incense)

My trainer ID also had to comply with the changed bits in the pokemon's PID (which thankfully it did)
It also took time to find one with a sub structure of 7 (because the morph I was planning would change it to 15, shuffling in the correct order)

ALSO! Since the PID and TID got corrupted as bits 0 and 2, there would be a bit 6 corruption along the data (I think it was somewhere in the attacks area). The 6th bit NEEDED to be set by default (which thanks to encryption, it was) so that the checksum wouldnt be messed with there.

All these calculations are the reason it took hours to set up

Now, I have a bigger problem... winning all ribbons possible with that stantler... battle ribbons aswell
I don't know french, but I did manage to get that Stantler I wanted. I had to corrupt a wailmer with a very specific PID 2 times correctly (so I had to use an emulator and savestates) but it ended up giving it Sacred Fire (because of my held item choice) and a glitch move. I used the daycare to rid of the glitch move (swapped it to first slot in battle). The stantler has high contest stats, and low feel, so i can hopefully max them out from there. It was also holding a leichi berry. Took a lot of calculations, but I feel it was worth it.
Pokémon Discussion / Pokemon Colosseum Shadow bit
« on: July 15, 2014, 09:39:15 am »
I'm sorry if this is in the wrong section, but I was wondering if anyone knows what bit in the data tells Colosseum/XD if the pokemon is still a shadow pokemon
contests and amie are back
I got a bad egg with move ID 0x0556 (this is possibly incorrect due to encryption) I believe it was a corrupt thunderwave with 0/2 bits being set. This changes the battle type after being viewed, so that pressing the B button immediately ends the battle. This was done on real hardware, and thought it's worth mentioning for speedrunners

EDIT: After looking in an emulator, I want to say that the set bits are affected by the surrounding bytes. As for my pokemon, I'm not sure how practical it would be, seen as how if the PID is changed to change the sub-structure order, the Encryption for the pokemon will change aswell (unless I'm overlooking something) That being said.. the same bits would have to be applied to not only the PID, but the TID for the pokemon aswell (and if the set bits are affected by surrounding bytes, there may be a better way to manipulate this) Are the daycare parents easy to manipulate?

EDIT 2: I think I finally understand it now. The (only reliable) way for the corruption to prodoce something other than a bad egg, is if it's PID's most significant byte has it's 6th bit set. The corrupted bits appear to be about every 44 bytes, and alternate between setting bit 6, and bits 0/2. The reason that people get stuff that doesnt add up, is because the encryption key for the pokemon's data changes when the PID is affected. If what I said above were to happen, it should allow it to pass the checksum check, even though the data will be altered because of the encryption key changing (every 4 bytes should change). This would also make sense as to why it sets everything into an "in egg status" which I theorize that filling a box with "good" eggs to corrupt will xor the flag back to "hatched".

an example could be PID of 0x0000006F (plusle) and the corruption would have to be 0x4000006F. Even though this changes the encryption key after XORing it with the TID, it will still add up correctly in the checksum due to the bytes overflowing.

Edit 3:The thought crossed my mind of corrupting 2 times, if we can corrupt the same byte of the PID as the TID, then the encryption key would remain the same. Hitting the right byte could be determined by a nickname corruption on neighboring pokemon thanks to the "stair pattern in the box" (It should be about an 8 byte offset, since corruption is about every 44 bytes, and a pokemon in the box is 80)

EDIT 4:Apparently, the bytes that get corrupted are aligned, so the only byte of the PID that can be corrupted is the Most Significant Byte... this is very limiting. Also, with my above method with corrupting 2 times, it needs to be set up where the Pokemon wont have it's encrypted data altered during both corruptions (and dont even hover over it in the box, I think that changes a byte of experience) Though it is possible, as testing with memory editing gave me good results
Is it possible for it to not end up in an egg? since the M section stays in place, would that work, even if it's a small chance?
If I understand this correctly, this should work with the traded plusle...
-attack 1 becomes the species, maybe a held item too (leichi berry)
-PP up bonuses, friendship, (hopefully unknown is 0?) will set some contest stats, maxing 2, and setting feel to 0
-EV's can be manipulated to set a few moves, making contests easier to win.

After all is said and done, I can rid of the illegal moves and keep the ribbons won....
I'm a bit new to this glitch, but I was wondering how plausible it would be to corrupt a pokemon to have max contest stats (or maybe pokeblocks). Would it also be possible to corrupt ribbons onto a pokemon? Where can I look into this? I can analyze some addresses if needed
Pages: [1]