This is a split board - You can return to the Split List for other boards.

Notable Breakpoints

#41tsanth(Topic Creator)Posted 1/16/2008 11:39:09 AM
It's not necessarily "nothing new"; as I recall, the firmware versions on the M3 and R4 don't sync up exactly, so there may be issues since, as I understand it, the M3 firmware is always a little behind the R4's.

If there were new functionality or boot-code in the R4, I may not see that reflected on the M3.
---
Where the fear has gone there will be nothing.
Only I will remain.
#42tsanth(Topic Creator)Posted 1/18/2008 10:51:37 AM
I haven't had time the past few days to do anymore work on internals, but I did finally move my code onto Subversion and convert my module into a proper distributable module.

However, I'm holding off on releasing it since, by my understanding of how reverse-engineering is defined legally, I've created a tainted project. Since I don't relish getting sued by the Big N, I'll release the code later if I learn that my reverse-engineering efforts are kosher.
---
Where the fear has gone there will be nothing.
Only I will remain.
#43tsanth(Topic Creator)Posted 1/18/2008 11:20:35 AM
I was looking at a code from Ice's AR topic. I figured that I should disassemble it, step by step, in hopes of learning how it works:

94000130 FCFF0000
B21C4D28 00000000
B0000004 00000000
100002E0 00002B72
100002E2 00000000
200002EB 0000000B
D2000000 00000000


Now, step by step:

94000130 FCFF0000

This is a so-called "universal activator code." The DS stores its GBA-compatible keypress stuff at address 0x04000130. A 9-type code is a conditional code. In this case, it is conditional contingent upon L and R being held down. The mask for R is 0xFEFF, while the mask for L is 0xFDFF. 0xFEFF & 0xFDFF == 0xFCFF, so this conditional will be true iff L+R are held down simultaneously.

B21C4D28 00000000

This is an "offset code." It takes an address (in this case 0x021C4D28), assumes that it represents a location in memory, then loads the 32-bit doubleword Y at that location into memory as a so-called "offset." Since, up to this point, no offset has been loaded, I assume that it adds 0x021C4D28 to 0x0. (Those familiar with C/C++ will recognize this mechanism as a pointer.)

B0000004 00000000

This is where it gets tricky for me. I know at this point that our offset is Y, so according to the descriptions of the codes I've been able to find, this should take the value at 0x000000004 and add it to Y to produce a new offset Z. I'm not sure what 0x00000004 contains, but I guess it's relevant for our code. I'll test this later against no$gba to see what this is supposed to be doing.

100002E0 00002B72
100002E2 00000000
200002EB 0000000B


These are standard data-manipulation codes. The 1-series codes write a 16-bit word to a location. In the first line, it writes "2B72" (11122 decimal) to Z+0x2E0. The second line zeros-out the position in memory immediately afterwards. This implicitly suggests that money is a 32-bit doubleword, as we can verify seeing that the maximum amount of money is >65535 (IIRC, money maxes out at 999999).

The third line is a 2-series code, which writes a single 8-bit byte to an address, in this case Z+0x2EB. I'm not sure what the significance of 0x0B is. I suspect a flag, but I won't know for sure until I get time to check against no$gba later.

D2000000 00000000

This is a "terminator code." Think of this as an instruction that says, "I'm done with this set of codes, so reset everything to the way it was before: wipe offsets so that we can start with another set of codes.

...

Well, that was somewhat enlightening for me, and hopefully enlightening for someone else, too. It does give me more to test later, so that's a good thing.
---
Where the fear has gone there will be nothing.
Only I will remain.
#44MLBloomyPosted 1/18/2008 6:02:23 PM
Bringing some things over from the Pokemon swarms topic, to keep things on topic there and they fit here.

*) Honey tree pokemon nature/gender/shininess are determined at the moment they enter the tree. I have not personally tested whether stats are also pre-determined.

Just curious what you mean by "the moment they enter the tree". Do you mean this occurs when you press A while touching the tree? The species is set before then, because you can save in front of a tree and soft reset to change nature and gender, and I presume shininess and stats, but the same species is always there. When you slather a tree, does it do something similar to route availability and randomly pick a honey tree Pokemon that is always available at that spot, and touching the tree forces an encounter and there's only 1 species available?

*) All legendary and wandering pokemon stats are generated when their event is procced.

I guess some clarification is needed for what constitutes the "event" that is procced. Wandering Pokemon's stats are set when they are released, so that is the event. But is the event for a stationary legendary when you engage them in battle, or receive them from the green man in the PokeMart? Because you can soft reset for stats for both (or at least some of them). One could say, for example, Heatran's event is procced when you talk to Buck in his house after pairing up with him in Stark Mountain, as that is the final trigger for Heatran's availability. But its stats are not set at that point.
#45tsanth(Topic Creator)Posted 1/18/2008 6:16:30 PM
Thanks for the corrections, ML.

I had indeed misstated my point with the honey trees. I honestly don't remember what I was thinking, but it was probably related to egg procs. Species, PV, and IVs are all generated independently, but often in sequence. For whatever reason, I linked species and PV while I was writing. Embarrassing mistake, that. -_-

I also was not clear on which "event" I was talking about. Legendaries are set with a flag; having the flag unset means that the legendary is available for proc. For example, Palkia's event is "on" until the player turns it off by initiating battle with it; at that point, the event is flagged "off," Palkia's stats are all generated, and no more Palkia will be generated in that game. I guess that what I intended to describe is properly termed "pokemon creation." That in mind, my understanding thus far:

*) Palkia/Dialga/Heatran are created when the player enters into battle.

*) Mesprit/Cresselia are created when they start to wander.

*) Green-man pokemon are created when they are received by the player.

*) Honey tree pokemon are created when the player initiates battle with them.

What appears to be the commonality in the first three cases is that the species is pre-determined, but that the other stats are not. I'll need to do some testing myself to see whether the same applies for honey tree pokemon.

Corrections/errata are always welcome.
---
Where the fear has gone there will be nothing.
Only I will remain.
#46Cheesy_PiePosted 1/18/2008 6:54:07 PM
^
So I assume the same thing concerns Spiritomb? The moment you confront it, its stats and whatnot are created, correct? Same for Drifloon?
---
It's amazing how much of a lasting effect fire and brimstone can leave on your face.
#47tsanth(Topic Creator)Posted 1/19/2008 1:08:54 AM
That's my understanding about Drifloon and Spiritomb, yes. I take this from the fact that you can SR to get different natures/stats from them.
---
Where the fear has gone there will be nothing.
Only I will remain.
#48tsanth(Topic Creator)Posted 1/20/2008 4:59:40 PM
Earlier today, I decided to look at the IV generation stuff again. I discovered that I had been thinking far too hard about it, since the IV generation that I traced through seems very simple:

1) The PRNG returns a 16-bit word R1 for use by the program.
2) HP = R1 & 0x1F
3) Atk = (R1 & 0x3E) >> 0x5
4) Def = (R1 & 0x7C00) >> 0xA
5) PRNG returns R2
6) Spe = R2 & 0x1F
7) SpA = (R2 & 0x3E) >> 0x5
8) SpD = (R2 & 0x7C00) >> 0xA

This works for a couple of my test cases, but it makes me wonder if the game uses this algorithm all the time, since a case for R1 = 0xBFFF and R2 = 0xFFFF generates 0x1F across the board, contrary to my expectation of five 0x1F and one 0x0F.

I think I just need a bigger test set. More to come later.
---
Where the fear has gone there will be nothing.
Only I will remain.
#49tsanth(Topic Creator)Posted 1/22/2008 6:28:34 PM
Given the epiphany about the IVs, I now have a working model for how the generation routines work. My model works most of the time, but I still need verification against the actual game since it occasionally flips bits: there are some strange shufflings in the IV generation-proper which I'm not capturing. It'll be some time before I have an actual generation which verifies completely against the game.

Still need to dig into the generation routines for the PokeRadar. I'll check that stuff once I get my paid no$gba working properly in Ubuntu. Evidently, I needed the ATI fglrx stuff for no$gba to properly hook its 3D code under Wine.
---
Where the fear has gone there will be nothing.
Only I will remain.
#50shadow1515Posted 1/22/2008 6:56:12 PM
ATI fglrx

Really off-topic, but it's there and I've never gotten a good first-hand answer elsewhere so I'm going to go for it. Have you ever gotten Ubuntu to recognize an ATI graphics card properly? I tried first on my laptop with a Radeon 9700, and now on my desktop with a Radeon x1650, and I cannot get either to work with anything graphics-intensive in Ubuntu or any build of Linux. Anytime I've used fglrx, the OS will never boot up again unless I reinstall it from scratch. There was some other driver that people on Linux message boards suggested I try, but not a single one had ever actually tried them before, because it seems that I am one of only a handful of Linux users on the face of the planet who has an ATI card. I just want to run Beryl and other things that need to utilize my graphics card, is that so much to ask?
---
I make a topic in Final Fantasy 12 to ask if Tifa! They said no Tifa. Hardness gone! - gandob