Hacking Pokémon X/Y Dumper and Editor

[kyogre123]

Probably not but will this setup works? Except for an old Android phone this is all I have now

                Internet
                  |
  PC--Ethernet--Router---Wifi--3DS

I guess that could work if you are using the Ethernet port to connect to your router and the unused wireless adapter to create a hotspot.

Well I tried it with a connectify network, but couldn't find anything that had 232 bytes of data
With the display filter I get one packet with a data length of 947 bytes and I can see the Pokemon but how can I extract it?

Use a hex editor. If you want to freely edit the numbers, copy the data to notepad first. Basically, if you have 16 columns in display like in the picture of my first post, you will need to copy about 14 lines, 14*16=224, then you will only have 8 bytes left to copy. Remember than the first 4 bytes look regular, those must be followed by 2 bytes equal to 0.

 

[codemonke85]

Hi everyone. Just for clarification, I have no good knowledge regarding the extraction or insertion of PKX data to / from the games. All I really did was take my existing save hacking library and add a couple files concerning Gen VI, and make a bare-bones editor for experimentation in these early stages. If there is any feedback regarding the current functionality of the application, feel free to contact me on Google+ or the Project Pokemon forums / IRC (or basically search Google for Codemonkey85 and you'll find me).

I suck at hex stuff, I wish there was something more ez then this.

Make your own. Or:

I don't think editing is currently possible, but datamining is finally possible, i'm working on my own editor,



maybe helpful:

from the 989 Byte UDB packet:
0x2A byte = udp header // note: do NOT post this data, it contains your 3DS mac address.
0x21 byte = ead header

EAD header:
uint magic; //0x0301D0EA // EA D0 01 03
ushort size; // without EAD header
ushort unk1; // wondertrade: 0x1111, gts = 0xAFA1
ushort unk2; // wondertrade: 0x08E2, gts = 0x00E2
ushort unk3;
ushort packetId;
ubyte checksum[16];
ushort unk4; // 02 01
ubyte encryptedFlag; // 00 = plaintext (wondertrade), 01 = encrypted (gts)

Data:
ubyte data[size];

if it's wondertrade:
byte unk[0x1C];

byte pkx[0xE8];

Where on earth did you get the data you are using (like the Strange Souvenir item index)? Any chance you'd be willing to share with, say, veekun? Also, what platform / language are you developing in?

 

[Falo]

Where on earth did you get the data you are using (like the Strange Souvenir item index)? Any chance you'd be willing to share with, say, veekun? Also, what platform / language are you developing in?

Most of my data is collected from GEN V, black 2/white 2, the rest comes from serebii and data dumps from the Pokemon Global Link website.

example: Strange Souvenir (704) is encoded: 6c35c0 -> http://3ds.pokemon-gl.com/share/images/item/6c35c0.png

calculation:

        private string GenerateID(int id, int formID) // formID is only for pokemon, always 0 on items
        {
            return ((0x159a55e5 * (id + formID * 0x10000)) & 0xFFFFFF).ToString("X6").ToLower();
        }

these (new) items are dumped from the PGL website: every id from 000- 626 is the same as in GEN V.
639;Weakness Policy
640;Assault Vest
644;Pixie Plate
645;Ability Capsule
646;Whipped Dream
647;Sachet
648;Luminous Moss
649;Snowball
650;Safety Goggles
652;Rich Mulch
653;Surprise Mulch
654;Boost Mulch
655;??? Mulch
686;Roseli Berry
687;Kee Berry
688;Maranga Berry
699;??? Ticket
704;Strange Souvenir
708;Lumiose Galette
709;Lumiose Cookie???
710;Jaw Fossil
711;Sail Fossil
715;Fairy Gem

 

[SanicX]

I hope this is going to work. Because i dont want to start with the crappy VI generation starter.
Gen 1 en 2 starters are good to go.

the Gen VI starters are in no way crappy.

 

[MopSec]

Okay so I succeeded in editing a Pokemon. Is it already possible to get them onto the 3DS or do I have to wait?

 

[gamefan5]

^ What a kid. Hilarious, really.

Okay so I succeeded in editing a Pokemon. Is it already possible to get them onto the 3DS or do I have to wait?

Well, you u need to put the hex data of your edited pokemon. After that, u should start your wonder trade and get your edited pokemon, I think.

 

[frogboy]

There's another thread elsewhere for bickering about hacking vs. legit. This is not that thread.

EDIT: Ah, I see they've been deleted. Excellent.

 

[MopSec]

Well that's pretty obvious but I don't know how to send that manipulated packet onto the 3DS ^^ I mean I can't just let it sit as Aron.bin on my PC and go into WOndertrade and expect it to be traded

 

[gamefan5]

There's another thread elsewhere for bickering about hacking vs. legit. This is not that thread.

EDIT: Ah, I see they've been deleted. Excellent.

Indeed, let's keep it on topic.

To OP:
So, after editing the pokemon, you replace the old hex data with the new of the edited pokemon and start wonder trade?

 

[MopSec]

You know, Wireshark can only read the traffic coming in but not manipulate it.

 

[kyogre123]

Well that's pretty obvious but I don't know how to send that manipulated packet onto the 3DS ^^ I mean I can't just let it sit as Aron.bin on my PC and go into WOndertrade and expect it to be traded

How about opening Aron.bin on a hex editor? Copy the numbers and replace the hex data corresponding to the original Pokémon received with the hex data of Aron.bin. I would like a response of someone who had tried this because a lot of people are claiming that it's not possible to inject the data, but still they are not giving details about it.
There are programs that can inject data, have you tried HexInject?

Indeed, let's keep it on topic.

To OP:
So, after editing the pokemon, you replace the old hex data with the new of the edited pokemon and start wonder trade?

That's right.

 

[gamefan5]

How about opening Aron.bin on a hex editor? Copy the numbers and replace the hex data corresponding to the original Pokémon received with the hex data of Aron.bin. I would like a response of someone who had tried this because a lot of people are claiming that it's not possible to inject the data, but still they are not giving details about it.
There are programs that can inject data, have you tried HexInject?



That's right.

Saw your edit. Thx XD
If someone succeeds, the should make a visual guide, it would help a lot for those still having questions.

 

[MopSec]

How about opening Aron.bin on a hex editor? Copy the numbers and replace the hex data corresponding to the original Pokémon received with the hex data of Aron.bin. I would like a response of someone who had tried this because a lot of people are claiming that it's not possible to inject the data, but still they are not giving details about it.

I am trying my best to explain it. I captured the packet from wonder trade with Wireshark, then used a hex editor to export the Pokemon out of the Hex code. Then I edited it and saved the file. I opened the newly saved file with my hexeditor and copied everything into the corresponding place in the original packet.

EDIT: Well I looked at some of those programms but I don't have any idea how to deal with those ^^

 

[gamefan5]

I am trying my best to explain it. I captured the packet from wonder trade with Wireshark, then used a hex editor to export the Pokemon out of the Hex code. Then I edited it and saved the file. I opened the newly saved file with my hexeditor and copied everything into the corresponding place in the original packet.

EDIT: Well I looked at some of those programms but I don't have any idea how to deal with those ^^

Do u think you could make the explanation a bit more visual? Like printscreen? If you can't or don't want, I understand. XD But it helps. XD

 

[MopSec]

Here is the screenshot, I tried my best XD

On the left you can see the modified bin file of the Pokemon, on the right is the packet I got from Wireshark and pasted the modified hex values (in the right place of course)

 

[kyogre123]

Here is the screenshot, I tried my best XD
-snip- -snip-
On the left you can see the modified bin file of the Pokemon, on the right is the packet I got from Wireshark and pasted the modified hex values (in the right place of course)

Hey I can see Zaneris was right after all:

The encrypted pokemon is at offset 0x3d -> 0x124 within the data portion of the packet.

The weird part is that this doesn't apply to his own hex data showed on the first post.

 

[XXLANCEXX]

Ok So How Do I Do This
can i have some instructions

 

[gamefan5]

Here is the screenshot, I tried my best XD
snip
On the left you can see the modified bin file of the Pokemon, on the right is the packet I got from Wireshark and pasted the modified hex values (in the right place of course)

On the right, it starts at which offset man? I can't see it. Going blind!. XD

 

[Roxas75]

I don't get why i cannot find any packet similar to that structure in Wireshark...
Or i'm just new to this kind of works...
I have this already seen structure, any help?
Internet
|
PC--Ethernet--Router---Wifi--3DS

 

[kyogre123]

I don't get why i cannot find any packet similar to that structure in Wireshark...
Or i'm just new to this kind of works...
I have this already seen structure, any help?
Internet
|
PC--Ethernet--Router---Wifi--3DS

Try to post the hex data here in text format. By the way, I can't understand your structure. Using the Ethernet port for the Internet connection and your internal wireless card as a hotspot should work as well.

On the right, it starts at which offset man? I can't see it. Going blind!. XD

I already posted it in a reply.