This is a split board - You can return to the Split List for other boards.

Notable Breakpoints

#21tsanth(Topic Creator)Posted 1/9/2008 9:14:26 PM
Proof of concept:
Trainer ID: 31337
Secret ID: 21527
Personality Value: B98797FC
IV: 0C2960D8 (HP 24, Atk 6, Def 24, Spe 18, SpA 2, SpD 6)


It looks, smells, and walks like the real thing, but it's a fraud. This is an shiny adamant-natured male pokemon with the first ability. What's interesting about this is that it doesn't trip the shiny-checker on pAC; I can't decide if that's a feature or a bug.

Despite having a proof-of-concept of what pAC checks and doesn't check, I still feel a sense of loss. It's not as thrilling when I didn't code the entire algorithm myself, so I'll keep working at it until I code the whole algorithm from start to finish.

Besides, I still need to figure out a way to generate IV sets from a given PV, and that's a far more interesting exercise than generating shinies.

Yay?
---
Where the fear has gone there will be nothing.
Only I will remain.
#22shadow1515Posted 1/9/2008 9:14:28 PM
Aside on that: knowing that the game procs an encounter every time you turn on an encounter-capable square is good information, because it explains how one can "cheat" the safari zone by waiting in a patch of grass and turning around in circles in the same square.

I'd been wondering about that ever since the first time I got an encounter on a turn in Red, but I never got around to trying it because in Red I got all of my Safari Zone pokes by the time I got the HM at the end, and then I didn't play another Pokemon game besides Yellow and Gold until the current generation. That's kind of cool that it actually works.
#23tsanth(Topic Creator)Posted 1/10/2008 11:48:13 AM
Something that didn't occur to me earlier, but that I just realized after stepping through the IV generation routine: the PRNG returns a word in r0, but stores the actual dword elsewhere in memory. The calculations that the game's been doing to calculate the PVs and IVs have been working only on the high word of the generated random dwords.

What this means is that to generate a full-31 or full-0 pokemon, you need to find a single number in the range 0x0..0xFFFFFFFF which, when put through the PRNG, will generate a number whose two next successors are of the form 0xFFFF????.

Of course, that's easier said than done. Looks like this'll take a while to search.
---
Where the fear has gone there will be nothing.
Only I will remain.
#24tsanth(Topic Creator)Posted 1/10/2008 5:08:07 PM
I discovered earlier that the PV and IV generators proc the PRNG twice each. I'm not certain that came through in my previous post, but I have more thoughts:

1) To generate a full-31 pokemon, the first proc of the PRNG needs to generate a number X which, when run through the PRNG again, will generate a number which can meet two criteria: a) generate 31s in HP, Attack, and Defense, and b) will itself generate a number which can generate 31s in Speed, Special Attack, and Special Defense.

2) The form of the number that comes out of the PRNG, as mentioned previously, is in the range 0x0000..0xFFFF. Out of those sixteen bits, a certain number of them are significant in determining what three IVs are. I have tested and verified that forcing 0xFFFF will generate three 31-IVs.

More to come later.
---
Where the fear has gone there will be nothing.
Only I will remain.
#25tsanth(Topic Creator)Posted 1/10/2008 5:40:40 PM
Success! Proof of concept #2, a brave, non-shiny female with its first species ability, if applicable. The kicker is that she verifies as legitimate:

PV: 9B28AB06
IVs: 0-0-0-0-0-0


What Nintendo needs to do, IMO, is to include a few more values to at least make the pokemon-generating job harder: I'd suggest a hash generated from the encounter code, a better PRNG, and maybe even something sinister like a checksum of a checksum.

I liked when Nintendo used to do passwords for their games, like Kid Icarus and Metroid. Now those were interesting applications of boolean operators.
---
Where the fear has gone there will be nothing.
Only I will remain.
#26tsanth(Topic Creator)Posted 1/11/2008 1:45:38 PM
Yet another proof-of-concept today; it should have occurred to me earlier, but I would have had a much easier time with all this if I'd simply written a program to run the PRNG backwards. I've done so; the code needs cleaning up, but here's some of the output which verified my last post about the 0-EV pokemon:

9b2808e0 -> 67d3 -> df4a -> c1a3fef5 -> d10094c4
ab068201 -> 9b2808e0 -> 67d3 -> df4a -> c1a3fef5


Yay for zero-EV pokemon!

Really, though, Game Freak really ought to code a better PRNG, because theirs... sucks. It's not very processor-intensive, but they really pay for that by having a fairly predictable number stream.
---
Where the fear has gone there will be nothing.
Only I will remain.
#27MLBloomyPosted 1/11/2008 2:16:04 PM
I don't think it is unreasonable for Nintendo to think that people should not be looking at the code the way you are. A bit naive, but not unreasonable.
#28tsanth(Topic Creator)Posted 1/11/2008 2:24:29 PM
That's something I've often wondered about, though. Ever since the Game Genie days, it's been self-evident that people do look at the code. I'm assuming this based on codes that have come out: more than a few of them are actual changes to assembly instructions held in-memory, since in many cases it's more beneficial to change a conditional branch to a nop or unconditional branch instead of just pinning a value to 0xFF or 0x63.

Does Datel/Galoob/whoever makes Game Genie-type devices hire people who grok assembly, give them hardware debuggers, and ask them to make codes? I'm honestly curious.

All that being said, I do think you're right: my amateur's inspection is probably a corner-case. In a business sense, it may not make sense for them to code a more secure PRNG when Everyday Joe isn't going to be affected by it.
---
Where the fear has gone there will be nothing.
Only I will remain.
#29ChocoboMog123Posted 1/11/2008 4:52:22 PM
Five (started out as two) things:
1) Tag for WIN!
2) Could you check exactly how the Pokeradar generates shiny pokemon? (if this hasn't already been done)
3) How are Trainer ID and Secret ID linked to shinyness? I got a bit of it from your "proof of concept" post, though I can't understand all this code, but I'm curious.
4) There's a glitch with the HP EV removing berries that will allow you a pokemon to go into negative current HP. I don't remember it all exactly, but it might be worth looking into. I don't know if there's any information about this on the Emerald board, but it's an old glitch that's now done differently.
5) I know the basics of Java, C++, Python, and vBASIC (think introductory course). I'm in college now, and programming is really one of few things I still look forward to. There's really no other real programming courses, it's all data analysis and statistics, do you have any suggestions as to what I could do to learn more?
---
http://youtube.com/ChocoboMog123
"Listen to Chocobomog, he is " ~ kr3wbro428
#30tsanth(Topic Creator)Posted 1/11/2008 5:20:30 PM
I originally wanted to see how the Pokeradar generates shinies. From what I can tell, it sets a flag, but the actual generation is done elsewhere. Since I've been working on the PV/IV generation routines lately, I haven't made time to see where the Pokeradar hooks into all of that. It's on my list, but I work slowly. =/

Shininess is determined by three things: the pokemon's personality value, the trainer ID, and the secret ID. The relationship between all those is: ([top word of PV] XOR [bottom word of PV]) XOR (TrainerID XOR SecretID)

A given pokemon will be shiny if that expression evaluates to less than 8. Implicitly, one can "make" any pokemon a shiny by just changing the secret ID to an appropriate value, since that's not a value that can be seen normally in-game, but the only thing is that your pokemon will then behave as if it weren't originally yours.

I've read about that HP glitch, but haven't experienced it myself. I haven't even begun to dive into the battle code, except for the catch routine. I'll definitely put that on the list for later.

If you're interested in learning more about programming, I highly recommend doing little projects as a hobby. As an example, one of the projects I put on my resume is an old Minesweeper clone I made for my then-girlfriend (now wife). It took a few days for me to make it, but I was pretty proud of it, and I learned a lot about Swing and AWT along the way. When I wanted to learn more, what worked for me was finding some interesting problem and tackling it using code.

Reference: http://bulbapedia.bulbagarden.net/wiki/Personality_value
---
Where the fear has gone there will be nothing.
Only I will remain.