• Our software update is now concluded. You will need to reset your password to log in. In order to do this, you will have to click "Log in" in the top right corner and then "Forgot your password?".
  • Forum moderator applications are now open! Click here for details.
  • Welcome to PokéCommunity! Register now and join one of the best fan communities on the 'net to talk Pokémon and more! We are not affiliated with The Pokémon Company or Nintendo.

Quick Research & Development Thread

redriders180

Mastermind of Pokemon Glazed
314
Posts
13
Years
Hmm the pointer to the egg script lies at 0x6d71c, the only data string that is just before that pointed to a script with the line 'fadesong 0x9AOD' which as far as I know doesn't exist - so looks like egg hatching is controlled by ASM.

Does anyone know where Egg-Step information is stored?

//

Been looking for possibly Egg-Step info, can't seem to find it anywhere o_o nobody lists it with species/etc. data, and I have looked around the areas with it to no avail (For example, I'm assuming Pikachu will have a value of '15' somewhere in it's data to signify 21 cycles for hatching. If that value was momentarily set to 0, I wonder if the egg would insta-hatch.

I think the egg to hatch is stored in a variable...I think it's 0x8004, but I don't know for sure. You wouldn't use special2, because that just specifies where the output goes, not what the input is. I believe the slot number of the egg is stored to 0x8004, and the egg hatch special is called.
 

sonic1

ASM is my life now...
77
Posts
15
Years
I understand completely what you mean :) I had planned to make the script something with a maybe 4 or 5 inputs...I wanted complete control over species, IVs, moves, item held, and possibly nickname. How do you recommend I make this work, however? Would I have to make an ASM that just puts the ram offset into R1, then call the normal nicknaming special?
As for this, now i'm outta time, but i'll try to do something to you. Thing is, there's a routine in the rom, a powerful one, that has ENTIRE access to a pokemon's data, and can change anything about it!
List of things discovered that the routine can change (don't mind the hex numbers):
Spoiler:


This brings up something else...If I just use the nickname keyboard, the text says "[pokemon's] Nickname?". If it's not hard, I'd like to make it say something else on it, otherwise I'm sure I could live with it.

Well, i explained this in the last post. Its the naming type, which is gonna through r0. But that can be easily changed, i think, so this is the least of our worries.

My main worry is how you're gonna convert the letters bytes into usable codes.
 
10,078
Posts
15
Years
  • Age 32
  • UK
  • Seen Oct 17, 2023
I understand completely what you mean :) I had planned to make the script something with a maybe 4 or 5 inputs...I wanted complete control over species, IVs, moves, item held, and possibly nickname. How do you recommend I make this work, however? Would I have to make an ASM that just puts the ram offset into R1, then call the normal nicknaming special?

This brings up something else...If I just use the nickname keyboard, the text says "[pokemon's] Nickname?". If it's not hard, I'd like to make it say something else on it, otherwise I'm sure I could live with it.

I think the egg to hatch is stored in a variable...I think it's 0x8004, but I don't know for sure. You wouldn't use special2, because that just specifies where the output goes, not what the input is. I believe the slot number of the egg is stored to 0x8004, and the egg hatch special is called.

You are right, 0x8004 0x1 hatches an egg that is 2nd in the party, etc.

The only trouble now is identifying where the egg is. I've had a look at JPAN's Pokemon data decryption thread from years ago, in which he has a routine that can return a species, even in egg form - but that can't give a permission.

Ideally something like

Check (egg) species -> Locate species -> setvar 0x8004 to position

Especially if it's a one of pokemon, so there can't be more than one, so there is no trouble in accidentally hatching a normal pokemon instead. Anything to identify where the egg is would be a great start ><.
 

droomph

weeb
4,285
Posts
12
Years
Especially if it's a one of pokemon, so there can't be more than one, so there is no trouble in accidentally hatching a normal pokemon instead. Anything to identify where the egg is would be a great start ><.
I don't know what you mean by "identify where the egg is", but every Party Pokémon is 100 bytes long, meaning you just take variable 0x8004 into a register and
Code:
ldr rd, #0x02024284
mul rm, #0x64
add rm, #0x20
add rd, rm
it, and so on.

Or maybe something like this, but with str instead of ldr: (it's far from finished)
Spoiler:
 
Last edited:

redriders180

Mastermind of Pokemon Glazed
314
Posts
13
Years
You are right, 0x8004 0x1 hatches an egg that is 2nd in the party, etc.

The only trouble now is identifying where the egg is. I've had a look at JPAN's Pokemon data decryption thread from years ago, in which he has a routine that can return a species, even in egg form - but that can't give a permission.

Ideally something like

Check (egg) species -> Locate species -> setvar 0x8004 to position

Especially if it's a one of pokemon, so there can't be more than one, so there is no trouble in accidentally hatching a normal pokemon instead. Anything to identify where the egg is would be a great start ><.

You actually don't need ASM for this one. I quote from the list of specials, courtesy of JPAN:
JPAN said:
[Special 0x]147 checks your pokemon in position referenced by 0x8004 and returns to the given variable its pokemon number. returns 0x19c if an egg.
So all you need to do is use set the variable 0x8004 to 0x0, special2 LASTRESULT 0x147, compare LASTRESULT 0x19C, if 0x1 goto @hatch, if 0x0, add 0x1 to 0x8004, and repeat. You also need to build in a failsafe for if they don't have an egg, so the script won't loop you forever.


As for this, now i'm outta time, but i'll try to do something to you. Thing is, there's a routine in the rom, a powerful one, that has ENTIRE access to a pokemon's data, and can change anything about it!
List of things discovered that the routine can change (don't mind the hex numbers):
Spoiler:




Well, i explained this in the last post. Its the naming type, which is gonna through r0. But that can be easily changed, i think, so this is the least of our worries.

My main worry is how you're gonna convert the letters bytes into usable codes.
My first problem is that the method you posted earlier is that it stores the value in only five variables, which basically means two letter per variable, and this is NOT what I want...I want one letter per variable. I'm sure I could whip up a seperation script, though. After doing this, the game applies a cipher, and applies my method of conversion, which I won't reveal right here, so I don't have someone who's playing my rom hack in the future stumble upon it, and suddenly find him or herself able to create a team of six level 100 Arceus. If you really want/need to know, feel free to PM me. And thanks for your help!

Oh yea...thanks for that routine...but after a quick glance, it seems to all be stuff I can already access.
 
Last edited:

sonic1

ASM is my life now...
77
Posts
15
Years
My first problem is that the method you posted earlier is that it stores the value in only five variables, which basically means two letter per variable, and this is NOT what I want...I want one letter per variable. I'm sure I could whip up a seperation script, though. After doing this, the game applies a cipher, and applies my method of conversion, which I won't reveal right here, so I don't have someone who's playing my rom hack in the future stumble upon it, and suddenly find him or herself able to create a team of six level 100 Arceus. If you really want/need to know, feel free to PM me. And thanks for your help!


Well about the method, it isn't my fault, it's how the keyboard works, and i can't do anything about it without breaking compatibility to all other things that use it (at least me, i'm sure that there are many people out there who know a lot more ASM than me).

But yeah, a separation script is totally possible, just use copybyte to copy a byte to other variable while using writebytetooffset to clear the other 8bits (1-byte) of the variable.

The cipher... Well, i'm a student of asm for about 2 years from now, and i'm willing to try to learn everything about it. I'm not asking to see your cipher specifically, but an example of one would be nice for me to learn how to deal with those things.

Oh yea...thanks for that routine...but after a quick glance, it seems to all be stuff I can already access.
Well, if you say so... But yeah, the things i posted are the only ones that i know what it does, that routine is actually able to change everything, but i don't know what to pass as arguments to actually change everything, just those.
 

sonic1

ASM is my life now...
77
Posts
15
Years
To anyone who is interested, callasm 0x09FC91 to name yourself in overworld.
FireRed Only.

~Sonic1
 

NarutoActor

The rocks cry out to me
1,974
Posts
15
Years
You are right, 0x8004 0x1 hatches an egg that is 2nd in the party, etc.

The only trouble now is identifying where the egg is. I've had a look at JPAN's Pokemon data decryption thread from years ago, in which he has a routine that can return a species, even in egg form - but that can't give a permission.

Ideally something like

Check (egg) species -> Locate species -> setvar 0x8004 to position

Especially if it's a one of pokemon, so there can't be more than one, so there is no trouble in accidentally hatching a normal pokemon instead. Anything to identify where the egg is would be a great start ><.
Well what you can do is have a series of checks that check each pokemon in the party's catch level (Which would be zero since it didn't hatch yet)that way you can tell where the egg is in the party, and if there is even one in said party.


Also isn't egg hacking based on the amount of steps the player takes. You can just add a certain amount of steps to the area where the amount of steps are stored, then start the routine for the egg check. Just my brain storming, I didn't actually try it myself, so tell me how it goes.
 

sonic1

ASM is my life now...
77
Posts
15
Years
After a quick research, i discovered that in R/S/E, the scripting command 0x2E, Resetvars, doesn't reset vars.
In Firered does, but in those versions it sets 8000 to the current clock hours, 8001 to minutes and 8002 to seconds. The reason FIRERED resets those vars is because it doesn't have Real Time Clock.
 

Agastya

Grinding failed. Item Grind level dropped by 3.
73
Posts
14
Years
  • Age 33
  • Seen Mar 19, 2023
As I've been doing a Fakemon hack in Emerald, the Frontier was obviously a mess. Things weren't very well documented outside of the normal structures for the Tents and regular Pokemon (which is very well documented on Bulbapedia - for brevity they will not be discussed here, go to bulbapedia.bulbagarden.net/wiki/Battle_Frontier_data_structures_in_Generation_III if interested), but this still left things like the Brains and wild spawns in the Pyramid/Pike up in the air. After a bit of snooping around, I've found some stuff. I really doubt this warrants its own thread, so I'll put it here.

Frontier Brain info:
Spoiler:


Battle Pyramid wild spawns:
Spoiler:


I haven't looked at the wild spawns in the Pike yet, but they probably share a similar format to the wilds in the Pyramid. Hopefully this can help out with Frontier hacking.
 
Last edited:

knizz

192
Posts
16
Years
  • Seen Oct 28, 2020

As for this, now i'm outta time, but i'll try to do something to you. Thing is, there's a routine in the rom, a powerful one, that has ENTIRE access to a pokemon's data, and can change anything about it!
List of things discovered that the routine can change (don't mind the hex numbers):
Spoiler:




Well, i explained this in the last post. Its the naming type, which is gonna through r0. But that can be easily changed, i think, so this is the least of our worries.

My main worry is how you're gonna convert the letters bytes into usable codes.

:O
Is this 0803FBE8?
Thanks!
 
Last edited:

sonic1

ASM is my life now...
77
Posts
15
Years
:O
Is this 0803FBE8?
Thanks!

Well, actually that's the routine that retrieves the pokemon data.

The one that i'm talking about is at 804037C, name's 'set_pokemon_data'

Pass adress at r0, pass index number r1, and the address which is located the data to set at r2. Thats why i was asking you about the stack. Game usually passes SP to R2, and the game uses the data present at the stack.
 

knizz

192
Posts
16
Years
  • Seen Oct 28, 2020


Well, actually that's the routine that retrieves the pokemon data.

The one that i'm talking about is at 804037C, name's 'set_pokemon_data'

Pass adress at r0, pass index number r1, and the address which is located the data to set at r2. Thats why i was asking you about the stack. Game usually passes SP to R2, and the game uses the data present at the stack.

I updated my DB to include this and an enumeration with all numbers get/set_pokemon_data uses and the pokemon-properties they represent.

Also smaller changes and fixes.

Download link in the signature.
 
6
Posts
14
Years
  • Seen Nov 7, 2023
Hi!

I thought this question might just fit in this thread. I've recently
developed a map editor for Red/Blue (out of pure curiousity) and now I've turned my sight for FR/LG. the difference compared to my
previous project though, is that I seem to be unable to find an
in-depth guide/format description of the map structure that LG/FR
uses. Now correct me if I'm wrong but does it not resemble the
format used in ruby/sapphire? At least that's what I've read.

If this statement is true, how close does this format description
match the FR/LG one (since it describes ruby's):
pokecommunity.com/showthread.php?p=6646782

Any hint or help would be greatly appreciated!
(sorry for the feeble reply, written on my cellphone...)

Note: I have tried to search for answers but without succes.
 

redriders180

Mastermind of Pokemon Glazed
314
Posts
13
Years
I'm happy to be posting here something that might help someone, actually! But then again, someone probably already posted this somewhere else. v.v

Anyways, in Diego's tutorial, it discusses applymovement, and lists many commands that can be used. It lists from 0x0 up to 0x66, skipping 0x45 and everything from 0x5A to 0x5F. I decided to try every possible byte as an applymovement command, to see if there's anything else besides the listed commands...and there was! I found almost 67 unmentioned movements, and a fair majority of them actually work. Most of these are useful, because they access frames besides the first eight. I'll list the ones not mentioned in the tutorial here...These are for Firered/Leafgreen:

Spoiler:


A note: The ones that say "loop forever" can be un-looped, of course. The commands in question simply won't trigger the "waitmovement" command, so the script is waiting for a movement to end, causing the loop. I'll leave it up to you to figure it out ;)
 
Last edited:

Jambo51

Glory To Arstotzka
736
Posts
14
Years
  • Seen Jan 28, 2018
I've decided to post a couple of useful hacks on here today, both related to battle scripting.

First, here's my "callasm" scripting command. It does exactly what its namesake in overworld scripting does.

Spoiler:


In order to insert this command, you need to repoint and extend the battle script command table which is at 0x0825011C and add a new entry pointing to the routine I just gave you. If you insert it directly after the end of the table, it will become command 0xF8.

Usage is thus:
Code:
F8 XX XX XX 08
Where XX XX XX 08 is the pointer to the ASM to call + 1 for THUMB mode, or not incremented for ARM mode.

Second up, this is the battle string loader hack I made. It intercepts the "failed" part of the loader. That is, it branches out from what the loader would otherwise consider to be a bad number to load from and skip.

Spoiler:


As you can see, it has checks to try and catch a "bad" location given in the RAM location I set aside for the new functionality. All it can catch, sadly, is if you leave the RAM location empty, or if you try to use an invalid ROM location. The rest, I have to leave to the user.

I've written the routine such that it supports 32MB ROMs as well, so you don't have to worry about that either.

To insert the actual routine, navigate to 0xD77BE and change the code to 03 49 08 47, then go to 0xD77CC and change the pointer to the insert location of the routine, plus 1 for THUMB mode of course.

Now, using it. It's as easy as this: Using the storebyte command of the battle script functionality (0x2E), store the bytes of the ROM pointer in little endian ordering, into the RAM address 0x0203C020. Then, you call the battle string printer as such:
Code:
10 84 01 39 40 00

The routines will take care of the rest!
 

Agastya

Grinding failed. Item Grind level dropped by 3.
73
Posts
14
Years
  • Age 33
  • Seen Mar 19, 2023
I think I've found the Battle Pike wilds. I say think, because despite the fact I have edited them in a hex editor (and multiple hex editors showing the changes), I personally can't get any changes to show up in-game. I'm only really posting these because they make sense compared to what's shown on the Bulbapedia page, and maybe somebody else can help out with this to say if they get results, if this is somehow completely wrong, or if it's just VBA getting tired of allowing me to have nice things.

Spoiler:


It'd be nice if these actually were the offsets though, because then after that it's figuring out what determines the Pokemon selected by each facility. Outside of the list being a in a "general sliding scale of difficulty" there's not really much other leads on selection.
 

redriders180

Mastermind of Pokemon Glazed
314
Posts
13
Years
Hi there! I was designing a berry tree system for my game (Firered), and while I figured out a way to make a tree give a berry a day, I realized that there was something else in the game that does pretty much the same thing; the regenerating berries in Berry Forest, and regenerating trinkets on treasure beach. Does anyone have any info on these regenerating items, and how I might be able to expand the list to cover all my berry trees? Additionally, does anyone know where I might find the offsets for the flags/variables for hidden items?
 

ipatix

Sound Expert
145
Posts
15
Years
Hey guys,

I have some questions about the SSEQ file format:

I read in the SDAT specs of kiwi.ds that the delay and note length parameters are expressed with a variable anmount of bytes.
But these parameters aren't described and I want to know how these work.

What I noticed so far is that if you have more than one byte, the last byte is positive and the others are negative.
But what do I have to do with these values?
Do I have to read them out in Little Endian or do I have to add all these values?

Hope you can help me out with this ;-)
 
Back
Top