1. Welcome to Smogon Forums! Please take a minute to read the rules.
  2. New to the forums? Check out our Mentorship Program!
    Our mentors will answer your questions and help you become a part of the community!
  3. Welcome to Wi-Fi! Please remember to read the rules and do NOT create a new thread for simple trades or Friend Safari codes.

Past Gen RNG Research

Discussion in 'Wi-Fi' started by mingot, Sep 12, 2009.

  1. Kaphotics

    Kaphotics Remodeling Kitchens
    is a Pokemon Researcheris a Contributor to Smogon

    Joined:
    Apr 25, 2009
    Messages:
    775
    C-Gear SEED1/SEED2 advancement upon activation:

    Tested on Black
    Code:
    B35076F9 MTRNG		Reseeds@
    Delay @A: 0FEE		1001
    NPID[112C6B07,8F675234]	C-Gear: 00A1E204
    
    Delay Changes and Frame Changes
    1001 --> 1008	1055	10BC	110B	114C	119F	123C	1287	134B	1396	1438	149B	154C	158E	15D7	162D
    ΔF=	+1Frame	+1Frame	...
    ΔD=		4D	67	4F	41	53	9D	4B	C4	4B	A2	63	B1	42	49	56
    I did a earlier test and got the 41, 53. I think it follows a similar pattern of advancement, but it is definitely not at a fixed repeating rate. It might be a cyclic changing rate. Just posting what I have for now.

    Wonder what a plot of (more of) these values would look like... too much studying :P

    Did some more tests for different resulting C-Gear seeds, pressing at the exact same delay. Not the same ΔD/ΔF. So if there is any calculation done as to how fast, it's not consistent across all times/seeds. It did however stick to within 10H delay of each one, so all seeds would probably have the same approximate rate of advancement.

    For my first test, it advanced on average every 68H, being 104.667, thus every 1.7333 seconds.
  2. Kaphotics

    Kaphotics Remodeling Kitchens
    is a Pokemon Researcheris a Contributor to Smogon

    Joined:
    Apr 25, 2009
    Messages:
    775
    Going to confirm a method to verify if you got a shiny roamer or not.

    Done, shiny roamer verification method confirmed to be correct!

    Dex Proof (open)
    [​IMG]


    After encountering your roamer via the event with the old lady, open up your PokeDex.
    If it is a shiny sprite, it is shiny. If it isn't, it isn't.

    Roamer PID locations (adding Black) (open)
    Black - 0223D52C
    White - 0223D538
  3. xElite

    xElite

    Joined:
    Jun 15, 2009
    Messages:
    331
    This screwed up my results too many times with Raikou. When I was RNG Abusing my Raikou, I let the date rollover to get Buena's Password to stop playing. All 4 attempts had the frame advance by 2. It seems pretty consistent to me.
  4. Kaphotics

    Kaphotics Remodeling Kitchens
    is a Pokemon Researcheris a Contributor to Smogon

    Joined:
    Apr 25, 2009
    Messages:
    775
    There is also another type rollover advance during regular playtime, each time doing +1.

    I'd be RNGing something in HGSS without calls/radio, and I'd use the NPCs and walking to advance the frame. Instead of walking I would "time warp" to another time, usually +1 hour did the trick. I would then advance 1 frame. Repeatable, and it didn't work when going back in time obviously. Mind you this was on an emulator, I'm too lazy to wait on a DS :) Never figured out what triggered it (never debugged).
  5. Kaphotics

    Kaphotics Remodeling Kitchens
    is a Pokemon Researcheris a Contributor to Smogon

    Joined:
    Apr 25, 2009
    Messages:
    775
    Mystery Gift (Blue Man) IV RNG:

    Show Hide
    It's not based on the MTRNG to create IVs. It is instead reliant on the SEED1/SEED2 combination. Freezing both of these and receiving gifts yields the same IVs, but different PIDs depending on the gender, which wasn't all one gender for 5 mons grabbed.

    Code:
    Test 1: Frozen SEED1 | SEED2 (451E2B75 | 0C325BE2)
    D31AA193 Calm Male   (26/15/20/18/6/18)
    9410760B Calm Female (26/15/20/18/6/18)
    D31AA193 Calm Male   (26/15/20/18/6/18)
    9410760B Calm Female (26/15/20/18/6/18)
    D31AA193 Calm Male   (26/15/20/18/6/18)       speed IV last for all mons
    that's all for now.


    No MTIVRNG for Mystery Gift Pokemon. It doesn't mean they aren't abuseable, just not with our currently known methods.
  6. ΩDonut

    ΩDonut don't glaze me bro
    is a Programmeris a Forum Moderatoris a Community Contributoris a Pokemon Researcheris a Contributor to Smogon
    Moderator

    Joined:
    Aug 23, 2006
    Messages:
    3,727
    This was worth overhauling the Researcher window. Wondercard IV generation:

    Frame 1 -- initial RNG value
    ...
    ...
    ...
    Frame 23 -- (upper 32 bits of RNG) >> 27 = HP IV
    Frame 24 -- (upper 32 bits of RNG) >> 27 = Attack IV
    Frame 25 -- (upper 32 bits of RNG) >> 27 = Defense IV
    Frame 26 -- (upper 32 bits of RNG) >> 27 = SpAttk IV
    Frame 27 -- (upper 32 bits of RNG) >> 27 = SpDef IV
    Frame 28 -- (upper 32 bits of RNG) >> 27 = Speed IV
    ...
    Frame 31 -- (upper 32 bits of RNG) ^ 0x10000 = PID (probably changes depending on the shiny check, or to maintain a certain gender value)
    Frame 33 -- ending frame, and (upper 32 bits of RNG * 25) >> 32 = nature, using the following table

    nature table (open)

    0 Hardy
    1 Lonely
    2 Brave
    3 Adamant
    4 Naughty
    5 Bold
    6 Docile
    7 Relaxed
    8 Impish
    9 Lax
    10 Timid
    11 Hasty
    12 Serious
    13 Jolly
    14 Naive
    15 Modest
    16 Mild
    17 Quiet
    18 Bashful
    19 Rash
    20 Calm
    21 Gentle
    22 Sassy
    23 Careful
    24 Quirky


    Thanks to Rusted Magnemite for info on natures.
  7. Kaphotics

    Kaphotics Remodeling Kitchens
    is a Pokemon Researcheris a Contributor to Smogon

    Joined:
    Apr 25, 2009
    Messages:
    775
    yay mystery solved

    Going back to the Male/Female issue, the female PID came from the 10th advancement of this frozen seed, upper32bits XOR'd with 0x10000.
    Code:
    Test 1: Frozen SEED1 | SEED2 (451E2B75 | 0C325BE2)
    D31AA193 Calm Male   (26/15/20/18/6/18)
    9410760B Calm Female (26/15/20/18/6/18)
    D31AA193 Calm Male   (26/15/20/18/6/18)
    9410760B Calm Female (26/15/20/18/6/18)
    D31AA193 Calm Male   (26/15/20/18/6/18)       speed IV last for all mons
    9411760BAD641154 is the 64bit seed for the frame in which it was XOR'd with the usual 0x10000.
    9410760B

    Now, why on the 10th frame (40th in actual)? Not sure. This won't always always generate another female, depending on the seeds. The nature could have just been pure luck to be the same as well.

    Still one place that still needs ironing out.
  8. Bond697

    Bond697 Dies, died, will die.
    is a Pokemon Researcher

    Joined:
    Jun 20, 2010
    Messages:
    307
    well, it looks like zorua and zoroark both do the same shiny check as zekrom and reshiram. hitting the same seed with both a shiny and non-shiny TID/SID resulted in different PIDs. the odd thing is that with zoroark the PID was subtracted by 0x10000000 while with zorua the PID had 0x10000000 added to it. odd that they don't both have the same amount added or subtracted, it's different for each.
  9. musicmeister

    musicmeister

    Joined:
    Apr 18, 2010
    Messages:
    1,071
    Egg PIDs sadly aren't so simple, there's some kind of shift that increases the amount of frames advanced between talking to the man and receiving the egg and PID.

    Tested with Kaphotics on #smogonwifi via PM with PIDRNG to get shiny eggs in Black since Kaphotics' laptop sucks:
    Code:
    Initial Seeds
    SEED: AB57EEB4E3020DA2
    Lower: E3020DA2
    Upper: AB57EEB4
    IDSID [i]Censored[/i]
    In Daycare: Ditto and Oshawott
    dataz (open)
    Code:
       
    Aiming for 381 - - - Shiny with Musicmeister's IDs. Frame of the seed from Initial and the Seed Values (Lower Upper [Hex] === Lower Upper [Dec])
    14          364... F55B231E and EEDFA781 === 4116390686 s1, 4007634817 s2
                    Frame 378, Naive   [2DEB15BA]
    12          365... 30B88799 and 9847EFB8 ===  817399705 s1, 2554851256 s2
                    Frame 377, Adamant [64F49718]
    12          366... 3AB3FF20 and 7247E65B ===  984874784 s1, 1917314651 s2
                    Frame 378, Lax     [2DEB15BA]
    12          367... F6926663 and 91714695 === 4136789603 s1, 2440119957 s2
                    Frame 379, Bold    [B318553D]
    12          368... 3168FED2 and 20F8C160 ===  828964562 s1,  553173344 s2
                    Frame 380, Quirky  [709816B4]
    16          369... 3EAF899D and 6312F99E === 1051691421 s1, 1662187934 s2
                    Frame 385, Naughty [6E9A1783]
    12          370... AB57EEB4 and 35C979C6 === 2874666676 s1, 0902396358 s2
                    Frame 382, Modest  [9C84A0B4]
    14          371... 1F821FC7 and F98D0E33 ===  528621511 s1, 4186770995 s2
                    Frame 385, Modest  [6E9A1783]
    12          372... E3EFA746 and 32F04E81 === 3824133958 s1,  854609537 s2
                    Frame 384, Calm    [EC364294]
    12          373... 49221361 and 9FF8D2F7 === 1226969953 s1, 2683884279 s2
                    Frame 385, Rash    [6E9A1783]
    12          374... 8A9E2D08 and 9EFE4213 === 2325622024 s1, 2667463187 s2
                    Frame 386, Lax     [5A7F530E]
    14          375... F1DFAAEB and CE4B285E === 4057967339 s1, 3461032030 s2
                    Frame 389, Naughty [EAB7946F]
    12          376... F049D07A and C3B8BDD5 === 4031369338 s1, 3283664341 s2
                    Frame 388, Quiet   [A536499A]
    12          377... 792D28E5 and 64F49719 === 2033002725 s1, 1693751065 s2
                    Frame 389, Timid   [EAB7946F]
    12          378... B41D4E1C and 2DEB15BB === 3021819420 s1,  770381243 s2
                    Frame 390, Impish  [F510028D]
    
    Frame Differences:
    14 12 12 12 12 16 12 14 12 12 12 14 12 12 12
    
    trollfreak (edited by Kaphotics... musicmeister did almost all of the work)
    


    Sadly, we didn't get the shiny egg. Will do some more testing tomorrow. @_@
  10. Bond697

    Bond697 Dies, died, will die.
    is a Pokemon Researcher

    Joined:
    Jun 20, 2010
    Messages:
    307
    so.. RNGPID works? at least, as much as it should work right now? that is, finding shiny frames, predicting the next s seeds, outputting PIDs for all the frames based on method.

    done.
  11. xElite

    xElite

    Joined:
    Jun 15, 2009
    Messages:
    331
    Wild PID Encounters: Trying for Shiny

    Code:
    Initial Conditions + Notes
    SEED: 111BFFCAE76B5F24
    SEED1: E76B5F24
    SEED2: 111BFFCA
    SEEDs Loc:  022160A(4/8)
    PID6 Loc: 02234C80
    Data (open)
    Code:
    Aiming for 3050: Scenting on Frame 0 in a cave resulted in Frame 4's PID
    3044... 331554D8 and 1D6A5EDD === 857035992 s1, 493510365 s2
            Rockdude frame 3048 [62E8297F], 0x8* XOR
    3045... 03E0AFFB and D010F434 === 65056763 s1, 3490772020 s2
            Koromori frame 3049 [17B20FA9], 0x8* XOR
    3046... 79D65FCA and FCE9CB02 === 2044092362 s1, 4243180290 s2
              Kibago frame 3050 [f0a60a58], 0x8* XOR
    3047... A1838375 and 455FA925 === 2709750645 s1, 1163897125 s2
            Koromori frame 3051 [A823B542], 0x1* XOR
    3048... 0E9618EC and E2E9297F === 244717804 s1, 3806931327 s2
            Rockdude frame 3052 [FF9800AC], 0x8* XOR
            
    Aiming for 9809: 
    9805... A9B107E3 and 2BB03DC1 === 2846951395 s1, 732970433 s2
            Koromori frame 9809, NSy [CF76358A], 0x1* XOR
    
    Aiming for 19112:
    19118... F1AAE432 and 4544E35A === 4054508594 s1, 1162142554 s2
            Rockdude frame 19118, Sy [4329B9D3], 0x1* XOR
            
    Aiming for 22387:
    22383... 40AA4F3D and E75DADD6 === 1084903229 s1, 3881676246 s2
              Kibago frame 22387, [E7EA1D12] 0x8* XOR
        
    Aiming for 28301
    28297... 6FC3487F and FB9C8E5E === 1875069055 s1, 4221341278 s2
            Rockdude frame 28301, [BA90406C], 0x8* XOR
            
    Aiming for  38230
    38226... 762EE1C6 and 33CA0FF3 === 1982783942 s1, 868880371 s2
            Koromori frame 38230, [AED6D42A], 0x8* XOR
            Shiny with my IDs!!!!!
            
    YOU CAN'T BEST US GAMEFREAK!!! XD
  12. Bond697

    Bond697 Dies, died, will die.
    is a Pokemon Researcher

    Joined:
    Jun 20, 2010
    Messages:
    307
  13. Kaphotics

    Kaphotics Remodeling Kitchens
    is a Pokemon Researcheris a Contributor to Smogon

    Joined:
    Apr 25, 2009
    Messages:
    775
    Was browsing the net looking for some infoz, mainly the synchronization check, hmmmmmm

    http://ameblo.jp/xyz-wing/day-20101116.html

    Sync? Incidence = Occurance/Appearance Rate (encounter slot? more stuff here)

    I'll make sense of it tomorrow if it isn't by then :P. Hope it's not wrong!


    working on the eggskipping invalid PIDs
  14. ΩDonut

    ΩDonut don't glaze me bro
    is a Programmeris a Forum Moderatoris a Community Contributoris a Pokemon Researcheris a Contributor to Smogon
    Moderator

    Joined:
    Aug 23, 2006
    Messages:
    3,727
    Okay, cool. I have Synchronize implemented in RNG Reporter, and if I can just get some info on the encounter rates from veekun, I can implement encounter slots.

    The last thing I need to to before release is to figure out how many times the RNG advances between loading the game and when the game starts. The number of advances changes depending on the initial seed, so I need to go look at the code under a debugger.
  15. lucariojr

    lucariojr quell the storm and ride the thundurus
    is a Contributor to Smogon

    Joined:
    Jun 2, 2009
    Messages:
    1,446
    Just a quick question about the PIDRNG reporter- once I have my numbers from the code provided by the app, do I have do convert them somehow, and do I put them in the lower and upper seed boxes?

    if the answer is obvious i swear >_>
  16. Kaphotics

    Kaphotics Remodeling Kitchens
    is a Pokemon Researcheris a Contributor to Smogon

    Joined:
    Apr 25, 2009
    Messages:
    775
    Better to ask in the 5th gen thread as opposed to here. Here's your answer on how to use the seed check codes.
  17. Bond697

    Bond697 Dies, died, will die.
    is a Pokemon Researcher

    Joined:
    Jun 20, 2010
    Messages:
    307
    PIDRNG is updated now and it lists only the correct PID for wild pokemon each seed. Eggs still list 3, as that method is still undetermined. It also has functionality built in to reverse the RNG if someone needs that for some reason.

    Also, all the necessary frame shifting is built in. The egg PIDs listed next to a given seed are +12, +14, and +16 ahead of the current seed, for example.

    (credit for this update goes to toastplusone)
  18. xElite

    xElite

    Joined:
    Jun 15, 2009
    Messages:
    331
    Encountering Landlos (not roamer) advances the RNG 4 times to get the PID (wild method). This was the same as my previous test sweet scenting in a cave.
  19. Bond697

    Bond697 Dies, died, will die.
    is a Pokemon Researcher

    Joined:
    Jun 20, 2010
    Messages:
    307
  20. Wichu

    Wichu ACUPRESSURE
    is a Pokemon Researcher

    Joined:
    May 30, 2007
    Messages:
    1,545
    Could someone find out how Rock Smash works in HG/SS (chance of finding a Pokémon, encounter slot percentages)? Serebii says it's 90% slot 0 and 10% slot 1, but their fishing percentages appear to be wrong, so I'm not going to trust them on that...

    EDIT: Also Headbutt Trees. Do they even have encounter tables?
  21. Kaphotics

    Kaphotics Remodeling Kitchens
    is a Pokemon Researcheris a Contributor to Smogon

    Joined:
    Apr 25, 2009
    Messages:
    775
    @Wichu, from when I did my headbutt RNG the shroomish always appeared with the same encounter slot set.

    Last night musicmeister and I tested shaking patches and the encounter slots for them to get a shiny Emonga. Slots are not like fishing, surfing, or wilds. Probably like headbutts :)

    ==

    5th Gen Breeding Compendium

    Code:
    Frame 0    n-1             Initial Seed [Start]
    Frame 1    n               IVs From MTRNG Grabbed 
    ---        if Nidoran/Illumise/Volbeat, a frame is skipped (taking n+1 and shifting everything else +1)
    Frame 2    n+1             Species                  (r[n+1] * 2) >>32 
    Frame 3    n+2             Nature                   (r[n+2]*0x19) >>32, nature value
    ---        if Everstone, becomes Frame 4 (r[n+3] * 2) >>32 0 or 1; and all calls are shifted +1
    Frame 4    n+3             DW                       (r[n+3] * 5) >>32 > 1, inherit DW
    ---        if Ditto parent, becomes Frame 5 [n+4] and all calls are shifted +1.  Not sure what is done here.
    Frame 5    n+4        m    IV1-Place                r[m]*6>>64, return 0-5 for what IV (HABCDS)
    Frame 6    n+5        m+1  IV1-Parent               r[m+1]>>63, return 0/1 for what parent (A=1, B=0)
    Frame 7    n+6+2r     m+2  IV2-Place                r[m+2]*6>>64, return 0-5 for what IV (HABCDS)        ...r=rejected frames for 2nd iteration, each rejection is +1 to r value
    Frame 8    n+7+2r     m+3  IV2-Parent               r[m+3]>>64, return 0/1 for what parent (A=1, B=0)
    Frame 9    n+8+2r+2s  m+4  IV3-Place                r[m+4]*6>>63, return 0-5 for what IV (HABCDS)        ...s=rejected frames for 3rd iteration, each rejection is +1 to s value
    [u]Frame 10   n+9+2r+2s  m+5  IV3-Parent[/u]               r[m+5]>>64, return 0/1 for what parent (A=1, B=0)
    Frame 11   n+10+2r+2s      PID Generated            r[n+10+2r+2s] *FFFFFFFF >>32 = PID
    Frame 12   n+11+2r+2s      International PID Sequence      (if PID = notshiny; PID=seed*FFFFFFFF) 5 times [End]
    ***                Run 5 times if international, else it is a fake calc that has no influence.
    For >>32, assume using upper32
    For >>6*, assume using full seed
    "Rejected": 0-5 value calculated matches one from a previous iteration. 
    Discard and repeat calc until it does not match a previous 0-5, thus advancing 2 frames.
    lol normal breeding done (open)

    No everstone, not international. Everstone has yet to be tested.
    Code:
    --
    Nature calculated
    DW passing calculated right after
    --
    Then IVs: Calculates IV, then Parent
    Repeat until 3 different IVs are inherited, same IV results are discarded
    Then the PID
    
    Inheritance: 0-5 for positioning, [0/1/2/3/4/5]=[HP/At/De/SA/SD/Sp]
    Parent M = 0
    Parent F = 1
    Code:
    Nature: same way as every other method
    r[DW] = SEED>>32 *0x64 >>32; if > 40, pass DW
    
    frame skipping: dependent on the IV calculations
    r[i] = SEED>>32 *6 >> 32
        Determines what IV inherited (0-5)
    r[i+1] = SEED>>32 >> 31 
        Determines what parent passes IV (0 or 1)
        
        If IV = a previous iteration result, repeat step.
    Loop back to r[i] until 3 different IVs are inherited.
    
    PID is still SEED >>32 *FFFFFFFF >>32
    Illustration test, carried out by xElite and translated from code by Kaphotics and Bond697
    [​IMG]
    For the last test pic, the first (3,1) is the one used, not the last one.

    Also, the first one saying >2 for the Hidden Ability calc should be >1
  22. musicmeister

    musicmeister

    Joined:
    Apr 18, 2010
    Messages:
    1,071
    In case anyone wants to abuse pokemon that can be caught in shaking grass the frame is advanced by "4" not 1 or 2. It has been consistent for me during the time I was testing. The method used is the same as the method I used for capturing wild pokemon hence called "wild pokemon method" from Bond697's PIDRNG. The encounter slots aren't mapped yet so this was a hit and miss test.

    I used this:

    Target pokemon: Emonga
    Location: Illusion Forest (no NPC distractions)
    Seed: 36357FAA 99EC6E26
    Upper Seed: 909475754
    Lower Seed: 2582408742
    Frame: 543,507
  23. Bond697

    Bond697 Dies, died, will die.
    is a Pokemon Researcher

    Joined:
    Jun 20, 2010
    Messages:
    307
  24. Bond697

    Bond697 Dies, died, will die.
    is a Pokemon Researcher

    Joined:
    Jun 20, 2010
    Messages:
    307
    IV abuse in the High Link\Entralink
    --------------------------------

    This is something I figured out last night and the results were rather nice:


    Doing this is very similar to hitting one's CGear seed. The way it works is that right before you show up in the High Link,(the frame when the screen changes from getting brighter to letting you move in the HL) the MTRNG reseeds. That reseed can be treated exactly as starting up the CGear in terms of hitting your seed.

    This is what I did:

    -Find a CGear seed I wanted to hit. I used 7E2345BB, delay 4442, frame 30
    -Click on the orange part of the CGear and choose "High Link"
    -When it says "xxx warped to the High Link", pause the emulator
    -Slowly advance frames counting the number of frames and watching for the MTRNG to reseed so you know what you're aiming to hit.
    -The point 1 frame before reseed is where you need to get back to.
    -You need to hit the right second AND the right delay ON that reseed point.
    -Hitting your seed once normally with the CGear and writing down the encrypted seed is a good idea, as you will see the same resultant seed on hitting it when entering the High Link.

    Once in the High Link:

    Generally, when catching pokemon and abusing the MTRNG frames, you want to be on the first frame you want use for an IV. In other words, since my frame is 30, I want to be on frame 30 when I get into a fight. The High Link is different. You must get into the "battle" with your desired poke 0x15 IV frames early. If my target frame was 0x1E in the overworld, it would be frame 0x09 in the High Link.

    The way I did it was to use an emulator and hit my delay first, leaving it 1 or 2 back 1 fame before reseed. I paused the emulator here and adjusted the Windows clock to 5 seconds before the desired second. Once the second hit I unpaused the emulator and the delay and time advanced just right to cause the CGear to reseed in my favor and hit my desired seed within the High Link.

    I suppose that with practice this might be do-able on a normal cart. ZOMGTimer would probably be a huge help.

    Anyway, there you go, IV abuse in the High Link. Now we can have great DW pokes in different pokeballs, not just bred in plain pokeballs. Also, competitive Speed Boost Blaziken is now possible among other things.(since they're all male)

    For the PID/nature, PIDRNG can predict PID and nature might require a few state reloads.
  25. mattj

    mattj blatant Nintendo fanboy

    Joined:
    Mar 30, 2009
    Messages:
    4,615
    Emulators obviously make things easier and more controllable, but do you think that with enough patience this could be done through trial and error on a normal cart? Just try, try, try, try, try, try, and try again?

Users Viewing Thread (Users: 0, Guests: 1)