Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - merrp

Pages: [1]
TL;DR: You need to take the PID mod 24 and use that to figure out the substruct ordering, then figure out what that ordering is after corruption.

I wrote some short code to do this with comments, just scroll to the bottom (and hit RUN):

I'll also include the code of that file in case the link goes dead:
Code: [Select]
# Pokemon Emerald: PIDs for Glitzer Popping
# See
# For more info in general see

# Represent each substruct by an integer
# For a more detailed list of what each contains see
substructs = {'growth': 0, 'attacks': 1, 'evs/condition': 2, 'miscellaneous': 3}
r_substructs = {v: k for k, v in substructs.items()}  # The reverse mapping, from integers to names

# There are 24 possible substructure orderings, calculated by taking the PID mod 24
# For ordering i, substruct j appears in *position* orders[i][j]
# For example, ordering 22 has the substructs in order E M G A
# (Interestingly, if you just take the i-th lexicographic permutations of [0, 1, 2, 3],
# you can regenerate this table yourself)
orders = {0: [0, 1, 2, 3], 1: [0, 1, 3, 2], 2: [0, 2, 1, 3], 3: [0, 3, 1, 2],
          4: [0, 2, 3, 1], 5: [0, 3, 2, 1], 6: [1, 0, 2, 3], 7: [1, 0, 3, 2],
          8: [2, 0, 1, 3], 9: [3, 0, 1, 2], 10: [2, 0, 3, 1], 11: [3, 0, 2, 1],
          12: [1, 2, 0, 3], 13: [1, 3, 0, 2], 14: [2, 1, 0, 3], 15: [3, 1, 0, 2],
          16: [2, 3, 0, 1], 17: [3, 2, 0, 1], 18: [1, 2, 3, 0], 19: [1, 3, 2, 0],
          20: [2, 1, 3, 0], 21: [3, 1, 2, 0], 22: [2, 3, 1, 0], 23: [3, 2, 1, 0]}

# Corrupt a PID by ORing it with 0x40000000 (via Glitzer Popping)
# Technically with certain pokemon in the PC, corruptions that *XOR* with this value can happen.
# But if the PC area before the pokemon you want to corrupt is empty, only a logical OR can happen
# I'm pretty sure this is also the only corruption that can happen when using corruption initiators too?
# But anyway this is probably the corruption you want
def corrupt(pid):
    return pid | 0x40000000

# A PID is seedot(DOTS)-like if it swaps EVs into growth after corruption
def seedot_like(pid):
    order = pid % 24
    evs_before = orders[order][2]  # Position of EVs before corruption
    corrupted = corrupt(pid)
    c_order = corrupted % 24
    growth_after = orders[c_order][0]  # Position of growth after corruption
    return evs_before == growth_after  # Ensure they are the same

# A PID is Plusle(PLUSES)-like if it swaps EVs into attacks after corruption
# This lets you acquire any move
def plusle_like(pid):
    order = pid % 24
    evs_before = orders[order][2]  # Position of EVs before corruption
    corrupted = corrupt(pid)
    c_order = corrupted % 24
    attacks_after = orders[c_order][1]
    return evs_before == attacks_after

# Show a PID's substruct order
def show_order(pid):
    order = orders[pid % 24]
    structs = [None]*4
    for i in range(4):  # For each substruct number
        position = order[i]  # Get its position
        structs[position] = r_substructs[i][:1].upper()  # And set that position to the first letter
    return f'0x{pid:08X} (' + ' '.join(structs) + ')'

# Tells you what kind of swapping corrupting a PID will do
def corruption_type(pid):
    corrupted = corrupt(pid)
    if seedot_like(pid):
        extra = '(like DOTS)'
    elif plusle_like(pid):
        extra = '(like PLUSES)'
        extra = ''
    return f'{show_order(pid)} -> {show_order(corrupted)} {extra}'
if __name__ == '__main__':
    # PIDs to check
    dots_pid = 0x00000084
    pluses_pid = 0x0000006F
    your_pid = 0  # whatever you want really
    pids = [dots_pid, pluses_pid, your_pid]
    # Setup and display table
    print(f'{"PID":10} {"Before":12} {"Corrupted":10} After')
    for pid in pids:

You might also be interested in:
Generation III Glitch Discussion / Re: Gen 3 ACE development thread
« on: May 03, 2020, 10:41:17 am »
If you post your save file I'll take a look and see if anything is wrong :)
Is something like this what you're looking for?

This uses a single-corrupted DOTS egg with 17 HP EVs and 6 Attack EVs.
Generation III Glitch Discussion / Re: ENG Emerald 0x611 Box Code ACE
« on: April 25, 2020, 02:45:29 pm »
Would it be possible for the payload that changes 0x611 into 0x40E9 to work more generically to change Pokemon into another? I'm working on a speedrun that obtains all legendary pokemon that are in gen 4, which involves Emerald at the moment, and am very intrigued by a more consistent way to obtain pokemon like Celebi other than repeated glitzer popping.
Not really, you really have to have a lot of assumptions about the values (ie PID and TID/SID) because the checksum/encryption/data subsection order. Probably possible to get any Pokemon from a mon you know the data for (ie DOTS, or some ACE to figure out your SID lol), but it might require a lot of changes just to get the right values (limited character set).

Also, ACE is more or less just frowned about for full completionish runs (trivializes the point of full completion runs), you probably shouldn't use ACE in that sort of run and stick to glitzer popping.

Basically this. To change 0x611 into 0x40E9 I have to read the checksum but since I can't easily write an XOR instruction with English characters, changing the pokemon into another in this way requires knowing its original species (so that you can compute the value to add to the checksum). Here is the actual ASM:

Code: [Select]
SUBC r11,r1,BA01    E2C1BCBA @ r11=020644FD
BIC r12,r11,E90     E3CBCEE9 @ r12=0206406D
BIC r0,r12          E3CC0000 @ r0=xxxx406D (0x406D is 0x40E9 xor DOTS' PID)
LDRH r12,[r11+B]    E1DBC0BB @ r12=checksum of slot 1
ADC r12,D8          E2ACC0D8
ADC r12,3A00        E2ACCDE8 @ r12=checksum+0x40E9-0x0611
STRH r12,[r11+B]    E1EBC0BB @ store checksum, r11=02064508
LDRH r12,[pc+0x16]  E1DFC1B6
BIC r12,C3          E3CCC0C3 @ r12=E02CC000 EOR r12,r12,r0
STRH r12,[pc+6]     E1CFC0B6 @ write the XOR ahead of execution
LDRH r12,[r11+0x4C] E1DBC4BC @ r12=TID of slot 2
EOR r12,r12,r0      E0ECC000 @ r12=0x40E9 xor TID xor PID
STRH r12,[r11+5]    E1CBC0B4 @ store species
ADC r12,lr,C60      E2AECEC6 @ r12=08007647
ADC r12,D30000      E2ACC8D3 @ r12=8D37647
BIC r12,C00000      E3CCC8C0 @ r12=8137647
ADC r0,r12,EE       E2AC00EE @ r0=GameClear

The instruction stored in Box 14 prior to this execution will be a BX r0.

As you can see, it's a miracle this fits. It'd be pretty challenging to apply this to target any species; it's probably easier just to use glitzer popping to swap EVs -> growth.
Generation III Glitch Discussion / Re: ENG Emerald 0x611 Box Code ACE
« on: April 24, 2020, 05:42:17 am »
I'll just dump every payload I've made so far here, for reference:

As always be sure to count the number of spaces as it can hard to tell sometimes!

These are all exclusively ARM payloads with 0x611, not for the (seemingly less popular) THUMB 0x40E9 glitch species. Additionally, you must have Box 11 Slot 29 onwards empty for these to work. This means you must not have any pokemon from the last two slots of Box 11 to the end of Box 14.

Map Warps
Every 0x611 map warp I've made begins the same way:
Code: [Select]
box_01: (mFloyLRo) @ lowercase L
box_02: ( ?”m”Ro )
box_03: (?”…P-n  )
box_04: (EFQRn   )
box_05: (…TRnt ?n)
box_06: ( ?”lGEn ) @ lowercase L
box_07: (?” …?q  )
box_08: (EVTTn   )
box_09: (FMBnNJRo)
box_10: ( ?”5…Bq ) @ 5, not S

Hall of Fame
Code: [Select]
box_11: (?”“T…o  )
box_12: (E’FQm   )
box_13: (  ?”)

Faraway Island
Code: [Select]
box_11: (?”oS…o  ) @ capital S
box_12: (E4FRn   )
box_13: (’FQm)

Birth Island
Code: [Select]
box_11: (?”wS…o  ) @ capital S
box_12: (E4FRn   )
box_13: (’FQm)

Navel Rock
Code: [Select]
box_11: (?”CRlo  ) @ lowercase L
box_12: (EqFRo   )
box_13: (’FQm)

This is a game clear payload that will take you to the hall of fame screen, and respawn you in Littleroot afterwards, but does not technically beat the game.

It's the payload used in current Emerald Any% speedruns:
Code: [Select]
box_01: (mFloyLRo)
box_02: ( ?”m”Ro )
box_03: (?”LT-n  )
box_04: (EYN?n   )
box_05: (FNRoz ?n)
box_06: ( ?”FHEn )
box_07: (?” …?q  ) @ lowercase L
box_08: (E   ) @ three spaces

0x611 -> 0x40E9 morph

These might not be of much interest to anyone, but they're useful for a video I'm making that does ACE without requiring cloning.

The basic idea is to hatch an 0x611 with a Lilycove City warp, enter a new code and enter it in a contest to turn it into an 0x40E9 (which is better as it can be used just by looking at it and is more stable, but has crazy EV requirements)

Lilycove Warp/setup
Code: [Select]
box_01: (mFloyLRo) @ lowercase L
box_02: ( ?”m”Ro )
box_03: (?”…P-n  )
box_04: (EFQRn   )
box_05: (…TRnt ?n)
box_06: ( ?”     )
box_07: (?”      )
box_08: (EFGEn   )
box_09: ( …?qVTTn)
box_10: ( ?”FMBn )
box_11: (?”NJRo  )
box_12: (E5…Bq   )
box_13: (VH…o’FQm)
box_14: ( ?”)

0x611 -> 0x40E9 Contest conversion
You must have ran the above code immediately before you do this!
Additionally, the hatched 0x611 must be in your first party slot and you must have one of your own pokemon in the second slot.
Code: [Select]
box_01: (/BGnuTQo)
box_02: ( ?”  Ro )
box_03: (?”AFgm  )
box_04: (EdF?n   )
box_05: (tS?nAFwm)
box_06: ( ?”♀Gkm )
box_07: (?”IFRo  )
box_08: (E♀FUm   )
box_09: (BJgm Fxl) @ lowercase L
box_10: ( ?”’FQm )
box_11: (?”LT-n  )
box_12: (EYN?n   )
box_13: (FNRoz ?n)

0x40E9 Map Warp
You must have run the two above codes, and must not have changed Box 14's name afterwards.

Code: [Select]
box_01: (x♂zN 6FF)
box_02: (X XxC?” )
box_03: (?”…P-n  )
box_04: (EFQRn   )
box_05: (…TRnt ?n)
box_06: ( ?”VTTn )
box_07: (?”FM?n  )
box_08: (ENJRo   )
box_09: (5…Bq    )
box_10: ( ?”     )

Then, you can use any of the above codes in Box 11 onwards to warp to those maps by viewing 0x40E9's summary.

Now as for what you mentioned:
Changing player TID/SID - Pretty easily doable, it's very close to the map data I normally modify, but not all values are created equal or are easy to set, because of the limited English character set. If you have a specific value you want to change one too, or you want a code to swap TID/SID (so you can see SID!) I could do that

Game Clear - The Hall of Fame warp above will let you get the National Dex. Setting the flag to get the Johto Starter directly is probably doable with a call to FlagSet.

Early Frontier Pass - I forget if the Frontier Pass is just a Key Item or needs a flag to activate. If the former, modifying the bag to have it is probably the easiest route to do this. If it's a flag and you also need the item, you might need to run a longer code than can fit in Box names.

I'll also post Southern Island and try to work on some of the things you mentioned soon!
I've heard people have success with putting the glitch pokemon first in your party, depositing it, then releasing it, however since I haven't personally experienced this issue I'm not really sure.
Pages: [1]