Hacking Pokemon X&Y flashcard community saves

[kyogre123]

But how we will inject the save?

With this: http://gbatemp.net/threads/announcing-gateway-2-0-“omega”-private-beta.363892/page-29#post-4953653

But the code needs to be compiled. Also, just a reminder, we can only share save files created using the public dump of the games. I hope you guys are using the American version.

 

[gamesquest1]

But how we will inject the save?

just find the offset inside the rom....not sure if the tool i mentioned does this automatically....i believe it does....but it wouldnt be too hard to figure out seeing as the save is wrote to the rom, you could simply compare the rom after saves

 

[darky2003]

this sounds cool, just hoping to see a build in action replay to the gateway in future like the nds R4 Cards have.

 

[jaku]

With this: http://gbatemp.net/threads/announcing-gateway-2-0-“omega”-private-beta.363892/page-29#post-4953653

But the code needs to be compiled. Also, just a reminder, we can only share save files created using the public dump of the games. I hope you guys are using the American version.

The code is in python, it doesn't need to be compiled.

 

[kyogre123]

The code is in python, it doesn't need to be compiled.

Well, I definitely have no idea what Python is then, but as a casual PC user, I can't "run text as an executable program", so I'd like to know what you mean exactly.

 

[jaku]

Well, I definitely have no idea what Python is then, but as a casual PC user, I can't "run text as an executable program", so I'd like to know what you mean exactly.

You will need to have Python installed on your system for it to work. If you are on Linux or OS X, it should already be installed but Windows you will need something like this.

https://www.python.org/download/windows/

Basically you take the code and save it to a text file and call it something like "savedump.py" and then with Python installed you should be able to double-click the file or at least run it from the command line with "python2.7 savedump.py".

 

[Rizzorules]

With this: http://gbatemp.net/threads/announcing-gateway-2-0-“omega”-private-beta.363892/page-29#post-4953653

But the code needs to be compiled. Also, just a reminder, we can only share save files created using the public dump of the games. I hope you guys are using the American version.

just find the offset inside the rom....not sure if the tool i mentioned does this automatically....i believe it does....but it wouldnt be too hard to figure out seeing as the save is wrote to the rom, you could simply compare the rom after saves

Ok thanks i hope he uploads the save file soon

 

[ETNWIND]

The save offset is stored in the rom header, offset 0x200, 4 bytes, in media unit. But does anyone know what the size of save data is? That script uses 1MB, but not all card 2 games use the same size. I checked animal crossing, its save data size is bigger than 1 MB. I have no idea how to find the save data size, does anyone know how to find it?

 

[kyogre123]

The save offset is stored in the rom header, offset 0x200, 4 bytes, in media unit. But does anyone know what the size of save data is? That script uses 1MB, but not all card 2 games use the same size. I checked animal crossing, its save data size is bigger than 1 MB. I have no idea how to find the save data size, does anyone know how to find it?

Make a copy of your Animal Crossing rom. Trim and then untrim this copy to delete the save file. Compare the differences of the files in a hex editor.

 

[ETNWIND]

Make a copy of your Animal Crossing rom. Trim and then untrim this copy to delete the save file. Compare the differences of the files in a hex editor.

I mean find the size automatically, just like how the save offset is stored in the rom header, the save data size must be stored somewhere I guess.

By the way, I'm writing a small program to extract and inject card2 saves. This is what I'm currently doing to get the save data size. Read the rom backward from the end, find the first non 0xFF byte and subtract the save offset from its offset to get the approximate size and round it up to the neareast 2^x bytes. Not a good method, although it works, but I think there should be better way to do it.

 

[gamesquest1]

I mean find the size automatically, just like how the save offset is stored in the rom header, the save data size must be stored somewhere I guess.

By the way, I'm writing a small program to extract and inject card2 saves. This is what I'm currently doing to get the save data size. Read the rom backward from the end, find the first non 0xFF byte and subtract the save offset from its offset to get the approximate size and round it up to the neareast 2^x bytes. Not a good method, although it works, but I think there should be better way to do it.

you could just go the way of overkill and dump 3MB....that should cover it XD

 

[darklavalizard]

Somewhat on the same topic, is there any way to inject the 1.2 patch?

 

[Master X]

I was thinking that the save being stored to the rom would make replicating pokemon hard, but it's actually easy. In theory at least, I've yet to actually try it.

Local trade from legit card to a GW. Pull the memory card, save a copy of the rom. Then trade back from the GW to the legit card. Pull memory card, delete rom and replace with earlier saved copy. Trade back from GW to legit card. Repeat last two steps as many times as you'd like.

I haven't looked into wifi replication methods, but I think this could be a possible alternative for GW users.

Again, it's all theory. I'll test it later today to see if it'd actually work.

 

[ETNWIND]

Somewhat on the same topic, is there any way to inject the 1.2 patch?

No you can't, because the patch is located in the SD card not inside the rom file.

you could just go the way of overkill and dump 3MB....that should cover it XD

Good idea. I combined the search for non 0xFF method and the overkill method to save some disk spaces and time. I'm now searching for the first non 0xFF byte backwards beginning at save offset + 16MB. Animal crossing has a little more than 7MB save data, I think 16MB should be enough for all card 2 saves.

 

[gamesquest1]

No you can't, because the patch is located in the SD card not inside the rom file.


Good idea. I combined the search for non 0xFF method and the overkill method to save some disk spaces and time. I'm now searching for the first non 0xFF byte backwards beginning at save offset + 16MB. Animal crossing has a little more than 7MB save data, I think 16MB should be enough for all card 2 saves.

is the save offset always a certain distance after the end of the cci data, if you could read the cci header, then know where the game data ends, you could just figure out the start position

 

[ETNWIND]

is the save offset always a certain distance after the end of the cci data, if you could read the cci header, then know where the game data ends, you could just figure out the start position

The save offset is stored in the cci header at 0x00000200, it's in media unit, and1 media unit = 0x200 bytes, you can take the 4 bytes at 0x00000200 and multiply it by 0x200 to get the save offset.

 

[leowalle]

I dont have a Gateway or a 3DS with the compatible firmware

 

[gamesquest1]

I dont have a Gateway or a 3DS with the compatible firmware

well you could try find someone local who could trade them to you....this will at least get the pokemon into more people hands for local trading

 

[kyogre123]

I dont have a Gateway or a 3DS with the compatible firmware

You could buy a second 3DS, which actually would help as well to transfer Diancie and co to your original cartridge.

 

[gamefan5]

Once the save is dumped, can't aakt to test the theory.