[ΩDonut]

Game Freak went to a lot of trouble to encrypt the date\time\MAC Address for the non-C-Gear seeds. But no amount of encryption can stop someone with a debugger. :)

tl;dr We can now predict non-C-Gear seeds, given a date\time\DS MAC address. This will be incorporated into RNG Reporter within the next day or two, and there will be a short beta period to make sure this works perfectly for real carts. EDIT: Apparently not quite yet, there are still some issues.

Non-C-Gear seeds are MUCH easier to work with than the C-Gear; you don't have to get millisecond-precision timing, all you need is to hit the right time down to the second. What's more, the same seed is used for both RNGs, so both IVs and nature\shininess\etc. can be predicted.

Encrypting the Date\Time\MAC Address, SHA-1 Preprocessing

---

Code:

This isn't so much encrypting the number as it is putting each pair of bytes in reverse order.

Example: 
AD535958
becomes
585953AD

This is done to 16 4-byte numbers, which are strung together to make the SHA-1 message. Thankfully, 12 of these numbers are constant (at least, I hope they stay that way). The rest of the values are the date, time, and the two halves of the MAC address.

Also note that Date\Time is stored in a different number format than the last gen. This will be covered in another post.

Code:

02215F30, 0221602C, 0221602C, 0221602C -> 305F2102, 2C602102, 2C602102, 78602102
02216078, [ DSID ], [MACpt1], [MACpt2] -> 78602102, ????????, ????????, ????????
[ Date ], [ Time ], 00000000, 00000000 -> ????????, ????????, 00000000, 00000000
00002FFF, 00000080, 00000000, A0010000 -> FF2F0000, 80000000, 00000000, 000001A0

Note: I haven't yet determined how exactly the two parts of MAC address is placed, since No$GBA has a set MAC address of 0.

EDIT: I have since discovered that one of the inputs is actually some ID unique to the DS.  I hope this won't be too difficult to find without an AR.

Final message:
305F21022C6021022C60210278602102786021023E0318000000C3310709BF16????????????????????????????????FF2F00008000000000000000000001A0

Encrypting the Encryption with SHA-1

---

Copied from Wikipedia. The message-generation step is not included because we did that in the previous step.

Code:

    Initialize hash value for this chunk:
    a = h0
    b = h1
    c = h2
    d = h3
    e = h4

    Main loop:
    [27]
    for i from 0 to 79
        if 0 ≤ i ≤ 19 then
            f = (b and c) or ((not b) and d)
            k = 0x5A827999
        else if 20 ≤ i ≤ 39
            f = b xor c xor d
            k = 0x6ED9EBA1
        else if 40 ≤ i ≤ 59
            f = (b and c) or (b and d) or (c and d) 
            k = 0x8F1BBCDC
        else if 60 ≤ i ≤ 79
            f = b xor c xor d
            k = 0xCA62C1D6

        if i >= 16
            w[i] = (w[i-3] xor w[i-8] xor w[i-14] xor w[i-16]) leftrotate 1

        temp = (a leftrotate 5) + f + e + k + w[i]
        e = d
        d = c
        c = b leftrotate 30
        b = a
        a = temp

    Add this chunk's hash to result so far:
    h0 = h0 + a
    h1 = h1 + b 
    h2 = h2 + c
    h3 = h3 + d
    h4 = h4 + e

Jumbling up the SHA-1 Hash

---

Same reversing of values as in step 1.

Code:

For each 4-byte value in the SHA-1 hash, put each pair of bytes in reverse order.

Example: 
AD535958
becomes
585953AD

Generating the Final Seed

---

Code:

temp = 0x6C078965 * [first 4 bytes of jumbled-up SHA-1]
temp = temp + (0x6C078965 * [second 4 bytes of jumbled-up SHA-1] * 0x100000000)
seed = temp + (0x5D588B65 * [first 4 bytes of jumbled-up SHA-1] * 0x100000000)

Relevant Assembly Code

---

I commented most of the lines up until the point I figured out what was going on.

Step 1: Reversing numbers

Code:

02081DA0 E92D5FF0 stmfd   r13!,{r4-r12,r14}
02081DA4 E1A0B000 mov     r11,r0
02081DA8 E24DD040 sub     r13,r13,#0x40
02081DAC E1A0C00D mov     r12,r13
02081DB0 E3E03CFF mvn     r3,#0xFF00			; k = 0xFFFF00FF
02081DB4 E28B8014 add     r8,r11,#0x14
02081DB8 E1A0100C mov     r1,r12
02081DBC E8B800F0 ldmia   r8!,{r4-r7}
02081DC0 E3A09010 mov     r9,#0x10
02081DC4 E0242864 eor     r2,r4,r4,ror #0x10		; temp = a ^ (a rightrotate 16)
02081DC8 E0032422 and     r2,r3,r2,lsr #0x8		; temp = k & (temp >> 8)
02081DCC E0224464 eor     r4,r2,r4,ror #0x8		; a = temp ^ (a rightrotate 8)
02081DD0 E0252865 eor     r2,r5,r5,ror #0x10		; temp = b ^ (b rightrotate 16)
02081DD4 E0032422 and     r2,r3,r2,lsr #0x8		; temp = k & (temp >> 8)
02081DD8 E0225465 eor     r5,r2,r5,ror #0x8		; b = temp ^ (b rightrotate 8)
02081DDC E0262866 eor     r2,r6,r6,ror #0x10		; temp = c ^ (c rightrotate 16)
02081DE0 E0032422 and     r2,r3,r2,lsr #0x8		; temp = k & (temp >> 8)
02081DE4 E0226466 eor     r6,r2,r6,ror #0x8
02081DE8 E0272867 eor     r2,r7,r7,ror #0x10
02081DEC E0032422 and     r2,r3,r2,lsr #0x8
02081DF0 E0227467 eor     r7,r2,r7,ror #0x8

Step 2: SHA-1

Code:

02081E04 E89B01F0 ldmia   r11,{r4-r8}
02081E08 E51FC080 ldr     r12,=#0x5A827999  	; k = 5A827999 [2081D90]
02081E0C E3A09000 mov     r9,#0x0		; i = 0
02081E10 E005A006 and     r10,r5,r6		; (b and c)
02081E14 E1E0E005 mvn     r14,r5		; (not b)
02081E18 E00EE007 and     r14,r14,r7		; ((not b) and d)
02081E1C E18AA00E orr     r10,r10,r14		; f = (b and c) or ((not b) and d)
02081E20 E08AA00C add     r10,r10,r12		; temp = f + k
02081E24 E209E00F and     r14,r9,#0xF		; j = i mod 16
02081E28 E79DE10E ldr     r14,[r13,r14,lsl #0x2]; retrieve w[i]
02081E2C E08AA008 add     r10,r10,r8		; temp = temp + e 
02081E30 E08AA00E add     r10,r10,r14		; temp = temp + r14 (w[i]?)
02081E34 E08AADE4 add     r10,r10,r4,ror #0x1B  ; temp = temp + (a left-rotate 5)
02081E38 E1A08007 mov     r8,r7			; (e = d)
02081E3C E1A07006 mov     r7,r6			; (d = c)
02081E40 E1A06165 mov     r6,r5,ror #0x2	; (c = b left-rotate 30)
02081E44 E1A05004 mov     r5,r4			; (b = a)
02081E48 E1A0400A mov     r4,r10		; (a = temp)
02081E4C E2899001 add     r9,r9,#0x1		; i++
02081E50 E3590010 cmp     r9,#0x10		; loop while (i < 15)
02081E54 1AFFFFED bne     #0x2081E10
02081E58 E005A006 and     r10,r5,r6		; (b and c)
02081E5C E1E0E005 mvn     r14,r5		; (not b)
02081E60 E00EE007 and     r14,r14,r7		; ((not b) and d)
02081E64 E18AA00E orr     r10,r10,r14		; f = (b and c) or ((not b) and d)
02081E68 E08AA00C add     r10,r10,r12		; f + k
02081E6C E2492010 sub     r2,r9,#0x10		; r2 = i - 16	
02081E70 E202200F and     r2,r2,#0xF
02081E74 E249E00E sub     r14,r9,#0xE		; r14 = i - 14
02081E78 E20EE00F and     r14,r14,#0xF
02081E7C E79D3102 ldr     r3,[r13,r2,lsl #0x2]  ; load w[i-16] into r3
02081E80 E79D110E ldr     r1,[r13,r14,lsl #0x2]	; load w[i-14] into r1
02081E84 E249E008 sub     r14,r9,#0x8		; r14 = i - 8
02081E88 E0233001 eor     r3,r3,r1		; w[i-14] XOR w[i-16]
02081E8C E20EE00F and     r14,r14,#0xF		; 
02081E90 E79D110E ldr     r1,[r13,r14,lsl #0x2] ; load w[i-8] into r1
02081E94 E2492003 sub     r2,r9,#0x3		; r14 = i - 3
02081E98 E0233001 eor     r3,r3,r1		; w[i-8] XOR w[i-16] XOR w[i-14] 
02081E9C E202200F and     r2,r2,#0xF		;
02081EA0 E79D1102 ldr     r1,[r13,r2,lsl #0x2]	; load w[i-3] into r1
02081EA4 E209200F and     r2,r9,#0xF
02081EA8 E0233001 eor     r3,r3,r1		; w[i-3] XOR w[i-8] XOR w[i-16] XOR w[i-14]
02081EAC E1A03FE3 mov     r3,r3,ror #0x1F	; left-rotate 1
02081EB0 E78D3102 str     r3,[r13,r2,lsl #0x2]
02081EB4 E209E00F and     r14,r9,#0xF
02081EB8 E79DE10E ldr     r14,[r13,r14,lsl #0x2]
02081EBC E08AA008 add     r10,r10,r8
02081EC0 E08AA00E add     r10,r10,r14
02081EC4 E08AADE4 add     r10,r10,r4,ror #0x1B
02081EC8 E1A08007 mov     r8,r7
02081ECC E1A07006 mov     r7,r6
02081ED0 E1A06165 mov     r6,r5,ror #0x2
02081ED4 E1A05004 mov     r5,r4
02081ED8 E1A0400A mov     r4,r10
02081EDC E2899001 add     r9,r9,#0x1
02081EE0 E3590014 cmp     r9,#0x14		; while (i < 20)
02081EE4 1AFFFFDB bne     #0x2081E58		; else
02081EE8 E51FC15C ldr     r12,=#0x6ED9EBA1	; constant used in second phase
02081EEC E025A006 eor     r10,r5,r6		; b xor c
02081EF0 E02AA007 eor     r10,r10,r7		; b xor c xor d
02081EF4 E08AA00C add     r10,r10,r12		; f + k
02081EF8 E2492010 sub     r2,r9,#0x10
02081EFC E202200F and     r2,r2,#0xF
02081F00 E249E00E sub     r14,r9,#0xE
02081F04 E20EE00F and     r14,r14,#0xF
02081F08 E79D3102 ldr     r3,[r13,r2,lsl #0x2]
02081F0C E79D110E ldr     r1,[r13,r14,lsl #0x2]
02081F10 E249E008 sub     r14,r9,#0x8
02081F14 E0233001 eor     r3,r3,r1
02081F18 E20EE00F and     r14,r14,#0xF
02081F1C E79D110E ldr     r1,[r13,r14,lsl #0x2]
02081F20 E2492003 sub     r2,r9,#0x3
02081F24 E0233001 eor     r3,r3,r1
02081F28 E202200F and     r2,r2,#0xF
02081F2C E79D1102 ldr     r1,[r13,r2,lsl #0x2]
02081F30 E209200F and     r2,r9,#0xF
02081F34 E0233001 eor     r3,r3,r1
02081F38 E1A03FE3 mov     r3,r3,ror #0x1F
02081F3C E78D3102 str     r3,[r13,r2,lsl #0x2]
02081F40 E209E00F and     r14,r9,#0xF
02081F44 E79DE10E ldr     r14,[r13,r14,lsl #0x2]
02081F48 E08AA008 add     r10,r10,r8
02081F4C E08AA00E add     r10,r10,r14
02081F50 E08AADE4 add     r10,r10,r4,ror #0x1B
02081F54 E1A08007 mov     r8,r7
02081F58 E1A07006 mov     r7,r6
02081F5C E1A06165 mov     r6,r5,ror #0x2
02081F60 E1A05004 mov     r5,r4
02081F64 E1A0400A mov     r4,r10
02081F68 E2899001 add     r9,r9,#0x1
02081F6C E3590028 cmp     r9,#0x28		; while (i < 40)
02081F70 1AFFFFDD bne     #0x2081EEC
02081F74 E51FC1E4 ldr     r12,=#0x8F1BBCDC
02081F78 E005A006 and     r10,r5,r6
02081F7C E005E007 and     r14,r5,r7
02081F80 E18AA00E orr     r10,r10,r14
02081F84 E006E007 and     r14,r6,r7
02081F88 E18AA00E orr     r10,r10,r14
02081F8C E08AA00C add     r10,r10,r12
02081F90 E2492010 sub     r2,r9,#0x10
02081F94 E202200F and     r2,r2,#0xF
02081F98 E249E00E sub     r14,r9,#0xE
02081F9C E20EE00F and     r14,r14,#0xF
02081FA0 E79D3102 ldr     r3,[r13,r2,lsl #0x2]
02081FA4 E79D110E ldr     r1,[r13,r14,lsl #0x2]
02081FA8 E249E008 sub     r14,r9,#0x8
02081FAC E0233001 eor     r3,r3,r1
02081FB0 E20EE00F and     r14,r14,#0xF
02081FB4 E79D110E ldr     r1,[r13,r14,lsl #0x2]
02081FB8 E2492003 sub     r2,r9,#0x3
02081FBC E0233001 eor     r3,r3,r1
02081FC0 E202200F and     r2,r2,#0xF
02081FC4 E79D1102 ldr     r1,[r13,r2,lsl #0x2]
02081FC8 E209200F and     r2,r9,#0xF
02081FCC E0233001 eor     r3,r3,r1
02081FD0 E1A03FE3 mov     r3,r3,ror #0x1F
02081FD4 E78D3102 str     r3,[r13,r2,lsl #0x2]
02081FD8 E209E00F and     r14,r9,#0xF
02081FDC E79DE10E ldr     r14,[r13,r14,lsl #0x2]
02081FE0 E08AA008 add     r10,r10,r8
02081FE4 E08AA00E add     r10,r10,r14
02081FE8 E08AADE4 add     r10,r10,r4,ror #0x1B
02081FEC E1A08007 mov     r8,r7
02081FF0 E1A07006 mov     r7,r6
02081FF4 E1A06165 mov     r6,r5,ror #0x2
02081FF8 E1A05004 mov     r5,r4
02081FFC E1A0400A mov     r4,r10
02082000 E2899001 add     r9,r9,#0x1
02082004 E359003C cmp     r9,#0x3C
02082008 1AFFFFDA bne     #0x2081F78
0208200C E51FC278 ldr     r12,=#0xCA62C1D6
02082010 E025A006 eor     r10,r5,r6
02082014 E02AA007 eor     r10,r10,r7
02082018 E08AA00C add     r10,r10,r12
0208201C E2492010 sub     r2,r9,#0x10
02082020 E202200F and     r2,r2,#0xF
02082024 E249E00E sub     r14,r9,#0xE
02082028 E20EE00F and     r14,r14,#0xF
0208202C E79D3102 ldr     r3,[r13,r2,lsl #0x2]
02082030 E79D110E ldr     r1,[r13,r14,lsl #0x2]
02082034 E249E008 sub     r14,r9,#0x8
02082038 E0233001 eor     r3,r3,r1
0208203C E20EE00F and     r14,r14,#0xF
02082040 E79D110E ldr     r1,[r13,r14,lsl #0x2]
02082044 E2492003 sub     r2,r9,#0x3
02082048 E0233001 eor     r3,r3,r1
0208204C E202200F and     r2,r2,#0xF
02082050 E79D1102 ldr     r1,[r13,r2,lsl #0x2]
02082054 E209200F and     r2,r9,#0xF
02082058 E0233001 eor     r3,r3,r1
0208205C E1A03FE3 mov     r3,r3,ror #0x1F
02082060 E78D3102 str     r3,[r13,r2,lsl #0x2]
02082064 E209E00F and     r14,r9,#0xF
02082068 E79DE10E ldr     r14,[r13,r14,lsl #0x2]
0208206C E08AA008 add     r10,r10,r8
02082070 E08AA00E add     r10,r10,r14
02082074 E08AADE4 add     r10,r10,r4,ror #0x1B
02082078 E1A08007 mov     r8,r7
0208207C E1A07006 mov     r7,r6
02082080 E1A06165 mov     r6,r5,ror #0x2
02082084 E1A05004 mov     r5,r4
02082088 E1A0400A mov     r4,r10
0208208C E2899001 add     r9,r9,#0x1
02082090 E3590050 cmp     r9,#0x50
02082094 1AFFFFDD bne     #0x2082010
02082094 1AFFFFDD bne     #0x2082010
02082098 E89B060E ldmia   r11,{r1-r3,r9,r10}
0208209C E0811004 add     r1,r1,r4
020820A0 E0822005 add     r2,r2,r5
020820A4 E0833006 add     r3,r3,r6
020820A8 E0899007 add     r9,r9,r7
020820AC E08AA008 add     r10,r10,r8
020820B0 E88B060E stmia   r11,{r1-r3,r9,r10} ; stored in 2FE36CC, 2FE36D0, 2FE36D4, 2FE36D8, 2FE36DC
020820B4 E28DD040 add     r13,r13,#0x40
020820B8 E8BD9FF0 ldmfd   r13!,{r4-r12,r15}
020820BC E92D4008 stmfd   r13!,{r3,r14}
020820C0 EB000EE6 bl      #0x2085C60

Step 3

Code:

020814BC E8941020 ldmia   r4,{r5,r12}
020814C0 E1A01C25 mov     r1,r5,lsr #0x18		; right shift 24 (first 32bits of SHA-1)
020814C4 E20170FF and     r7,r1,#0xFF			; 
020814C8 E1A01006 mov     r1,r6				; 
020814CC E1A06C05 mov     r6,r5,lsl #0x18		; left shift 24 (first 32bits of SHA-1)
020814D0 E206E4FF and     r14,r6,#0xFF000000
020814D4 E1A06405 mov     r6,r5,lsl #0x8		; left shift 8 (first 32bits of SHA-1)
020814D8 E1A05425 mov     r5,r5,lsr #0x8		; right shift 8 (first 32bits of SHA-1)
020814DC E2055CFF and     r5,r5,#0xFF00
020814E0 E20668FF and     r6,r6,#0xFF0000
020814E4 E1875005 orr     r5,r7,r5
020814E8 E1865005 orr     r5,r6,r5
020814EC E18E5005 orr     r5,r14,r5			; list pairs in reverse order (WWXXYYZZ becomes ZZYYXXWW)
020814F0 E1A06C2C mov     r6,r12,lsr #0x18		; right shift 24 (second 32bits of SHA-1)
020814F4 E5845000 str     r5,[r4]			; store 1st 32bits, reordered
020814F8 E1A0542C mov     r5,r12,lsr #0x8		; right shift 8 (second 32bits of SHA-1)
020814FC E5943008 ldr     r3,[r4,#0x8]			; load third 32bits
02081500 E20660FF and     r6,r6,#0xFF			
02081504 E2055CFF and     r5,r5,#0xFF00			
02081508 E1866005 orr     r6,r6,r5
0208150C E1A05C23 mov     r5,r3,lsr #0x18		; right shift 24 (third 32bits of SHA-1)
02081510 E205E0FF and     r14,r5,#0xFF
02081514 E1A05C0C mov     r5,r12,lsl #0x18		; left shift 24 (second 32bits of SHA-1)
02081518 E20574FF and     r7,r5,#0xFF000000
0208151C E1A0540C mov     r5,r12,lsl #0x8		; left shift 8 (second 32bits of SHA-1)
02081520 E20558FF and     r5,r5,#0xFF0000
02081524 E1855006 orr     r5,r5,r6
02081528 E1876005 orr     r6,r7,r5
0208152C E1A05423 mov     r5,r3,lsr #0x8		; right shift 8 (third 32bits of SHA-1)
02081530 E2055CFF and     r5,r5,#0xFF00
02081534 E594200C ldr     r2,[r4,#0xC]			; load fourth 32bits
02081538 E5846004 str     r6,[r4,#0x4]			; store 2nd 32bits, reordered
0208153C E1A06C22 mov     r6,r2,lsr #0x18		; right shift 24 (fourth 32bits of SHA-1)
02081540 E18EE005 orr     r14,r14,r5			
02081544 E1A05422 mov     r5,r2,lsr #0x8		; right shift 8 (fourth 32bits of SHA-1)
02081548 E5940010 ldr     r0,[r4,#0x10]			; load fifth 32bits
0208154C E20660FF and     r6,r6,#0xFF
02081550 E2055CFF and     r5,r5,#0xFF00
02081554 E186C005 orr     r12,r6,r5
02081558 E1A05C20 mov     r5,r0,lsr #0x18		; right shift 24 (fifth 32bits of SHA-1)
0208155C E20560FF and     r6,r5,#0xFF
02081560 E1A05C03 mov     r5,r3,lsl #0x18		; left shift 24 (third 32bits of SHA-1)
02081564 E1A03403 mov     r3,r3,lsl #0x8		; left shift 8 (third 32bits of SHA-1)
02081568 E20338FF and     r3,r3,#0xFF0000
0208156C E20554FF and     r5,r5,#0xFF000000
02081570 E183300E orr     r3,r3,r14
02081574 E1853003 orr     r3,r5,r3
02081578 E5843008 str     r3,[r4,#0x8]			; store 3rd 32bits, reordered
0208157C E1A03402 mov     r3,r2,lsl #0x8		; left shift 8 (fourth 32bits of SHA-1)
02081580 E1A02C02 mov     r2,r2,lsl #0x18		; left shift 24 (fourth 32bits of SHA-1)
02081584 E202E4FF and     r14,r2,#0xFF000000
02081588 E20328FF and     r2,r3,#0xFF0000
0208158C E182200C orr     r2,r2,r12
02081590 E18E3002 orr     r3,r14,r2
02081594 E1A05420 mov     r5,r0,lsr #0x8		; right shift 8 (fifth 32bits of SHA-1)
02081598 E1A0C400 mov     r12,r0,lsl #0x8		; left shift 8 (fifth 32bits of SHA-1)
0208159C E2052CFF and     r2,r5,#0xFF00
020815A0 E1A0EC00 mov     r14,r0,lsl #0x18		; left shift 24 (fifth 32bits of SHA-1)
020815A4 E1860002 orr     r0,r6,r2
020815A8 E20C58FF and     r5,r12,#0xFF0000
020815AC E20E24FF and     r2,r14,#0xFF000000
020815B0 E1850000 orr     r0,r5,r0
020815B4 E1825000 orr     r5,r2,r0
020815B8 E1A00004 mov     r0,r4
020815BC E3A02014 mov     r2,#0x14
020815C0 E584300C str     r3,[r4,#0xC]			; store 4th 32bits, reordered
020815C4 E5845010 str     r5,[r4,#0x10]			; store 5th 32bits, reordered
020815C8 EB0005A6 bl      #0x2082C68

Step 4: Final Seed

Code:

0209BF78 E92D4030 stmfd   r13!,{r4,r5,r14}
0209BF7C E0845290 umull   r5,r4,r0,r2
0209BF80 E0244390 mla     r4,r0,r3,r4
0209BF84 E0244192 mla     r4,r2,r1,r4
0209BF88 E1A01004 mov     r1,r4
0209BF8C E1A00005 mov     r0,r5
0209BF90 E8BD4030 ldmfd   r13!,{r4,r5,r14}
0209BF94 E12FFF1E bx      r14
0209BF98 E212203F ands    r2,r2,#0x3F
0209BF9C 012FFF1E bxeq    r14
0209BFA0 E2523020 subs    r3,r2,#0x20
0209BFA4 AA000004 bge     #0x209BFBC

To-Do List:

• Find out how far the *very* initial seed is advanced to become the seed for the nature\PID RNG
• Determine encounter slots
• Determine when a wild Pokemon PID is XOR'd with 0x10000 and when it's XOR'd with 0x80010000
• Find the "shiny check" assembly code for Reshiram\Zekrom
• Finish RNG Reporter

Debugging this was a lot easier than I thought it would be. :D

p.s. Kaphotics, date is stored at 0x23FFDE8 and time at 0x23FFDEC.