ROM Hack Pokemon shuffle

mid-kid

GBAtemp spamBOT
Member
Joined
Aug 2, 2012
Messages
879
Trophies
0
Age
25
XP
1,163
Country
But from my RAM dump observations, this game uses memory shuffling, so it doesn't work with fixed offsets. You might have to search for nearby data that is always the same and then calculate the correct offset.

I've just done a CheatEngine-esque search over 4 RAM dumps with each a different amount of hearts.
But I don't understand how you observed that the game uses memory shuffling.
 

PewnyPL

Well-Known Member
Member
Joined
Feb 2, 2014
Messages
771
Trophies
1
XP
2,147
Country
Poland
I've just done a CheatEngine-esque search over 4 RAM dumps with each a different amount of hearts.
But I don't understand how you observed that the game uses memory shuffling.

Well, I tried to run the file you compiled, and I can say that it didn't work. Browser crashed and such, but no hearts given.
But I do wonder, Nintendo has to be aware of gpuhax by now, I wouldn't be surprised if this stuff was in a memory segment that gpu has no access to.
 

yodamerlin

Bok bok.
Member
Joined
Apr 1, 2014
Messages
322
Trophies
0
XP
1,050
Country
United Kingdom
He probably dumped the RAM, searched for the coin value, spent/gained coins, dumped the RAM, searched for the new value, etc.

Edit: but with hearts, not coins.
I get that, but there are a lot of values to keep track of manually. I was wondering if there was a program for this.
 

LoneGrenade

IT Technician/Rookie Coder
Member
Joined
Mar 14, 2009
Messages
157
Trophies
0
Age
33
Location
~/ #
XP
256
Country
Canada
I get that, but there are a lot of values to keep track of manually. I was wondering if there was a program for this.


This is true, I'm not really sure how some people can find specific memory locations for these things tbh. I'd like to know as well.
 

PewnyPL

Well-Known Member
Member
Joined
Feb 2, 2014
Messages
771
Trophies
1
XP
2,147
Country
Poland
Well, I tried myself, but I don't have good news sadly.
I made 4 RAM dumps (3MB is the most we are getting with spider huh?), first 2 in one play session, the other two after restarting the game, and then in HxD I compared them, checking for differences. Sadly, I didn't see anything that could look like a changed hearts value (3 in one dump, 2 in another, then 2 to 1 in the final 2 dumps). The dumps were very similair however, not many changes and a lot of them seemed like a repeating pattern (perhaps home menu colors or some other animation that was on a different frame between dumps?).
So either that amount is outside the range available to spider/gpuhax, or it's actually not stored in it as-is.

I'm attaching those 4 dumps, in case someone more patient/skilled wants to take a look.
dumps.zip
mem1.bin - 3 hearts
mem2.bin - 2 hearts
mem3.bin - 2 hearts
mem4.bin - 1 hearts
mem1 and mem2 are first session, mem3 and mem4 are second. In all cases there is 800 coins (if anyone wants to look for that)
 

mid-kid

GBAtemp spamBOT
Member
Joined
Aug 2, 2012
Messages
879
Trophies
0
Age
25
XP
1,163
Country
I get that, but there are a lot of values to keep track of manually. I was wondering if there was a program for this.

Searching for 1byte-long (max = 255) values with any programming language isn't very difficult.
Beware of the horrible python code:
Code:
print("Opening file one")
one = open("one.bin", "rb").read()
one_find = 1
print("Opening file two")
two = open("two.bin", "rb").read()
two_find = 2
print("Opening file three")
three = open("three.bin", "rb").read()
three_find = 3
 
matches = []
 
print("Scanning file one for matches")
for x in range(len(one)):
    if one[x] == one_find:
        matches.append(x)
        #print("Position:", x)
 
rem = []
print("Scanning file two and removing stuff that isn't correct")
for x in range(len(matches)):
    if two[matches[x]] != two_find:
        rem.append(x)
        #print("Removing:", matches[x])
matches = [v for i, v in enumerate(matches) if i not in rem]
 
rem = []
print("Scanning file three and removing stuff that isn't correct")
for x in range(len(matches)):
    if three[matches[x]] != three_find:
        rem.append(x)
        #print("Removing:", matches[x])
matches = [v for i, v in enumerate(matches) if i not in rem]
 
print("Remaining matches:", matches)
Basically, it finds all the locations of one value in the first file, then checks the second file if it has the required value (two_find) on the same locations as in the first file, etc.

But since the game shuffles it's memory, this is pretty much useless.

Well, I tried myself, but I don't have good news sadly.
I made 4 RAM dumps (3MB is the most we are getting with spider huh?), first 2 in one play session, the other two after restarting the game, and then in HxD I compared them, checking for differences. Sadly, I didn't see anything that could look like a changed hearts value (3 in one dump, 2 in another, then 2 to 1 in the final 2 dumps). The dumps were very similair however, not many changes and a lot of them seemed like a repeating pattern (perhaps home menu colors or some other animation that was on a different frame between dumps?).
So either that amount is outside the range available to spider/gpuhax, or it's actually not stored in it as-is.

I'm attaching those 4 dumps, in case someone more patient/skilled wants to take a look.
dumps.zip
mem1.bin - 3 hearts
mem2.bin - 2 hearts
mem3.bin - 2 hearts
mem4.bin - 1 hearts
mem1 and mem2 are first session, mem3 and mem4 are second. In all cases there is 800 coins (if anyone wants to look for that)

How did you make those dumps (MemoryDump.dat)? I've made mine with the example I've posted earlier in the thread. That dumps 100Mb each (by default).
I believe MemoryDump.dat only dumps the browser's memory, but I could be wrong (since I don't understand assembly, and I have no idea what the starting offset is).
 

PewnyPL

Well-Known Member
Member
Joined
Feb 2, 2014
Messages
771
Trophies
1
XP
2,147
Country
Poland
How did you make those dumps (MemoryDump.dat)? I've made mine with the example I've posted earlier in the thread. That dumps 100Mb each (by default).
I believe MemoryDump.dat only dumps the browser's memory, but I could be wrong (since I don't understand assembly, and I have no idea what the starting offset is).

Yeah, I did it with MemoryDump.dat, the default one. I tried messing around with it, and shoving different sizes (ie. Smea said gpu has access to memory from offsets 0×20000000-0×26800000. So I tried to set the DUMPSIZE from 0x00300000 to 0x06800000 and then to 0x00D00000 (0x06800000 / 8)) but either it makes an empty file, a 3MB file, or just freezes the console completely.
If anyone has another memory dump for spider that dumps more memory, I'd be glad if they shared. Sadly, as I'm on 9.5, using the old ones is out of the question.
 

mid-kid

GBAtemp spamBOT
Member
Joined
Aug 2, 2012
Messages
879
Trophies
0
Age
25
XP
1,163
Country
Changing approach: Let's look for values that changed between two saves, and stayed the same in the next save.
What I mean is, I have save1 and save2, between them, I changed the gem count from 1 to zero and the coins count from 530 to 3530. Between save2 and save3 I change the heart count from 2 to 1, and the coins from 3530 to 3230. If I look which bytes have changed between save1 and save2, BUT stayed the same between save2 and save3, I should get the location where the gems are stored.
Right? Wrong!
The changes between the files have some kind of pattern, but they're always at different locations.
This is weird.

P.S. I've dumped my saves by copying the .sav file on the SD card under the game's title id (which is 0004000000141000), generating xorpads only on the first save, then padxoring them.
P.P.S. Has anyone noticed this game also has extdata on the SD card?
 

SciresM

Developer
Developer
Joined
Mar 21, 2014
Messages
972
Trophies
3
Age
33
XP
8,253
Country
United States
You're taking the wrong approach.

Values like hearts, gems, coins etc are all referenced multiple times -- even if you update the display value, it'll be quickly set back to the actual value.

Gotta take the oblique approach.

Or you could just wait for me to release my thing once I'm done testing it.

eLuTQHg.jpg

TrHAPmB.jpg
 

PewnyPL

Well-Known Member
Member
Joined
Feb 2, 2014
Messages
771
Trophies
1
XP
2,147
Country
Poland
You're taking the wrong approach.

Values like hearts, gems, coins etc are all referenced multiple times -- even if you update the display value, it'll be quickly set back to the actual value.

Gotta take the oblique approach.

Or you could just wait for me to release my thing once I'm done testing it.

eLuTQHg.jpg

TrHAPmB.jpg

Well, I'm going to wait for sure. I do have a question however, how are you searching for those values exactly? Do you use spidertools to dump the RAM, or something else?
 

SciresM

Developer
Developer
Joined
Mar 21, 2014
Messages
972
Trophies
3
Age
33
XP
8,253
Country
United States
Well, I'm going to wait for sure. I do have a question however, how are you searching for those values exactly? Do you use spidertools to dump the RAM, or something else?


-I made a dump of the ROM and figured out how to extract the archives in the romfs so that I'd have an idea of what data I wanted to be looking for.

-I then used KazoWAR's memdump (posted earlier in the thread) to make a bunch of RAM dumps.

-I just used ctrl-f to find what I wanted to edit. In cases where I'm editing data stored in memory that isn't in the romfs, I would just write a custom thing in c# to compare the files. Dunno if there are any existing tools for that kind of thing -- it's less effort for me to write one for a specific task than try to find a general case tool.
 

PewnyPL

Well-Known Member
Member
Joined
Feb 2, 2014
Messages
771
Trophies
1
XP
2,147
Country
Poland
-I made a dump of the ROM and figured out how to extract the archives in the romfs so that I'd have an idea of what data I wanted to be looking for.

-I then used KazoWAR's memdump (posted earlier in the thread) to make a bunch of RAM dumps.

-I just used ctrl-f to find what I wanted to edit. In cases where I'm editing data stored in memory that isn't in the romfs, I would just write a custom thing in c# to compare the files. Dunno if there are any existing tools for that kind of thing -- it's less effort for me to write one for a specific task than try to find a general case tool.

So there is another, better RAM dumper. I see it now, will compile it and try it myself then. And thank you for the tips.
 

LoneGrenade

IT Technician/Rookie Coder
Member
Joined
Mar 14, 2009
Messages
157
Trophies
0
Age
33
Location
~/ #
XP
256
Country
Canada
Just curious, those of you that are dumping RAM from Pokemon Shuffle, did you transfer your ticket.db over from emuNAND or do you have another method of running spiderhax from emuNAND?
 

SciresM

Developer
Developer
Joined
Mar 21, 2014
Messages
972
Trophies
3
Age
33
XP
8,253
Country
United States
Just curious, those of you that are dumping RAM from Pokemon Shuffle, did you transfer your ticket.db over from emuNAND or do you have another method of running spiderhax from emuNAND?


I'm not doing it in emuNAND for the same reason that OR/AS's web browser injection cannot be done in emuNAND.

In this specific case, patching the RomFS to achieve the same effect is very easy, though, if you know what you're doing.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
  • ZeroT21 @ ZeroT21:
    it wasn't a question, it was fact
  • BigOnYa @ BigOnYa:
    He said he had 3 different doctors apt this week, so he prob there. Something about gerbal extraction, I don't know.
    +1
  • ZeroT21 @ ZeroT21:
    bored, guess i'll spread more democracy
  • LeoTCK @ LeoTCK:
    @K3Nv2 one more time you say such bs to @BakerMan and I'll smack you across the whole planet
  • K3Nv2 @ K3Nv2:
    Make sure you smack my booty daddy
    +1
  • LeoTCK @ LeoTCK:
    telling him that my partner is luke...does he look like someone with such big ne
    eds?
  • LeoTCK @ LeoTCK:
    do you really think I could stand living with someone like luke?
  • LeoTCK @ LeoTCK:
    I suppose luke has "special needs" but he's not my partner, did you just say that to piss me off again?
  • LeoTCK @ LeoTCK:
    besides I had bigger worries today
  • LeoTCK @ LeoTCK:
    but what do you know about that, you won't believe me anyways
  • K3Nv2 @ K3Nv2:
    @BigOnYa can answer that
  • BigOnYa @ BigOnYa:
    BigOnYa already left the chat
  • K3Nv2 @ K3Nv2:
    Biginya
  • BigOnYa @ BigOnYa:
    Auto correct got me, I'm on my tablet, i need to turn that shit off
  • K3Nv2 @ K3Nv2:
    With other tabs open you perv
  • BigOnYa @ BigOnYa:
    I'm actually in my shed, bout to cut 2-3 acres of grass, my back yard.
  • K3Nv2 @ K3Nv2:
    I use to have a guy for that thanks richard
  • BigOnYa @ BigOnYa:
    I use my tablet to stream to a bluetooth speaker when in shed. iHeartRadio, FlyNation
  • K3Nv2 @ K3Nv2:
    While the victims are being buried
  • K3Nv2 @ K3Nv2:
    Grave shovel
  • BigOnYa @ BigOnYa:
    Nuh those goto the edge of the property (maybe just on the other side of)
  • K3Nv2 @ K3Nv2:
    On the neighbors side
    +1
  • BigOnYa @ BigOnYa:
    Yup, by the weird smelly green bushy looking plants.
    K3Nv2 @ K3Nv2: https://www.the-sun.com/news/10907833/self-checkout-complaints-new-target-dollar-general-policies...