1. New to the forums? Check out our Mentorship Program!
    Our mentors will answer your questions and help you become a part of the community!
  2. Welcome to Smogon Forums! Please take a minute to read the rules.
  3. Welcome to Wi-Fi! Please remember to read the rules and do NOT create a new thread for simple trades or Friend Safari codes.

Past Gen RNG Research

Discussion in 'Wi-Fi' started by mingot, Sep 12, 2009.

  1. Kaphotics

    Kaphotics Remodeling Kitchens
    is a Pokemon Researcheris a Contributor to Smogon

    Joined:
    Apr 25, 2009
    Messages:
    780
    B/W Power Items (Part 2, de end)

    Test Image (open)
    [​IMG]
    Test Image with repeat inheritance (skips) (open)
    [​IMG]


    Code:
    [B]IV Generation Section is the only thing different[/B]:
    
    1 - Parent
    2 - IV
    3 - Power (+Parent)
    
    [B]4 - IV 
    5 - Parent[/B]
       repeat until 3 total IVs inherited
    Basically instead of generating the first 2 IVs, it generates the Parent first, IV, then Power Parent, then it goes back to the normal way (IV-Parent) until 3 IVs have been generated.

    ======

    Somewhat related speculation on other dummy breeding calcs: (open)
    The frame added for Everstone is probably another >>63 calc to decide what parent passes everstone nature if both of them hold it. Since we only have one holding it, it doesn't change anything and is just a dummy frame.
    For the Ditto dummy frame it probably says "hey I have to decide which is which" and consumes a frame to think about it. But it always ends up making the Ditto male. Same for the species dummy calc (it has to go find what offspring).
  2. Kaphotics

    Kaphotics Remodeling Kitchens
    is a Pokemon Researcheris a Contributor to Smogon

    Joined:
    Apr 25, 2009
    Messages:
    780
    FireRed/LeafGreen TID/SID Generation

    Code:
    The moment you press OK and the screen fades out completely, 
           the 0x04000104 timer value gets set as the new seed.
    The game then takes that seed and considers it the initial, 
           and that initial seed is your TID.
    [​IMG]
    Code:
    The SID is set later in the process, but is still related to the seed. 
    It is taken from the frame you are on when you end the miniaturization, 
           taking the seed on that frame (and using the upper16).
    [​IMG]

    ===========

    The current seed for FRLG is stored at 0x03005000.
  3. Bond697

    Bond697 Dies, died, will die.
    is a Pokemon Researcher

    Joined:
    Jun 20, 2010
    Messages:
    307
    Stadium Trainers
    -----------------

    Well, first of all, the trainer list on the last page is wrong. Here it is:

    Show Hide

    Code:
    [U][B]CORRECT list[/B][/U]
    0 = Clerk F Wren
    1 = Waiter Clint  -- Fresh Water
    2 = Waitress Bonita  -- Fresh Water
    3 = Ace Trainer Charlie - PP Up
    4 = Ace Trainer Lucille - PP Up
    5 = Lass Sophie  -- Ultra Ball
    6 = Rich Boy Anthony
    [B][U]7 = Policeman Jeff [/U][/B]
    8 = Black Belt Lao
    9 = Harlequin Charley
    10 = Artist Pierre
    11 = Scientist Simon  -- Ether
    12 = Scientist Blythe  -- Ether
    13 = Psychic Gerard
    14 = Psychic Madhu
    15 = Worker Matthew
    16 = Worker Tyler
    17 = Gentleman Renaud  -- Nugget
    18 = School Kid Alan 
    19 = School Kid Sally
    20 = Roughneck Fletcher
    21 = Janitor Caleb
    22 = Pokefan Colin
    23 = Pokefan Darcy
    24 = Dancer Davey
    25 = Youngster Kevin  -- Ultra Ball
    26 = Fisherman Devon
    27 = Depot Agent Josh
    28 = Doctor Jules  -- Max Revive
    29 = Nurse Kirsten  -- Full Restore
    30 = Pilot Leonard
    31 = Backpacker Alexander  -- Repel
    32 = Backpacker Patty  -- Repel
    33 = Battle Girl Janie
    34 = Parasol Lady Gwyneth
    35 = Clerk M Nelson
    36 = Clerk M Fredric
    37 = Baker Lilly  -- Moomoo Milk
    38 = Veteran Arlen -- PP Max
    39 = Veteran Sayuri -- PP Max
    40 = Nursery Aide Leah  -- Rare Candy
    41 = PKMN Breeder Owen
    42 = PKMN Breeder Brooke
    43 = PKMN Ranger Alain
    44 = PKMN Ranger Heidi
    45 = Socialite Emilia  -- Big Pearl
    46 = Lass Dana
    47 = Musician Boris
    48 = Maid Alicia
    49 = Hiker Russel
    50 = Preeschooler Evan
    51 = Preeschooler Mia
    


    (List and some disassembly courtesy Arcee)



    Code:
    0215F5B0 0400     lsl     r0,r0,#0x10       // result << 16
    0215F5B2  1402    asr     r2,r0,#0x10     // >> 16
    0215F5B4 2000     mov     r0,#0x0          // r0 = 0, r2 = result- arg set
    
    0215F5B6 1C31     mov     r1,r6                    //  zero-out r1 - arg set
    0215F5B8 2D00     cmp     r5,#0x0               // r5 v 0
    0215F5BA DD06     ble     #0x215F5CA        // branch if "z", true-branch here
    
    0215F5CA 42A9     cmp     r1,r5
    0215F5CC D106     bne     #0x215F5DC // both 0, no branch
    0215F5CE 1E51     sub     r1,r2,1             // r1 = result -1
    0215F5D0 0409     lsl     r1,r1,#0x10       // (result - 1) << 16
    0215F5D2 140A     asr     r2,r1,#0x10     // r2 = result-1
    0215F5D4 D502     bpl     #0x215F5DC
    
    0215F5DC 1C40     add     r0,r0,1        // r0 += 1
    0215F5DE 2834     cmp     r0,#0x34    
    0215F5E0 DBE9     blt     #0x215F5B6 // for(int i = 0; i < 34; i++)
    
    0215F5B6 1C31     mov     r1,r6                    //  zero-out r1
    0215F5B8 2D00     cmp     r5,#0x0               // r5 v 0
    0215F5BA DD06     ble     #0x215F5CA        // branch if "z", true
    
    0215F5CA 42A9     cmp     r1,r5
    0215F5CC D106     bne     #0x215F5DC // both 0, no branch
    0215F5CE 1E51     sub     r1,r2,1             // r1 = r2 -1
    0215F5D0 0409     lsl     r1,r1,#0x10       // (r2- 1) << 16
    0215F5D2 140A     asr     r2,r1,#0x10     // r2 -= 1
    0215F5D4 D502     bpl     #0x215F5DC
    
    0215F5DC 1C40     add     r0,r0,1        // r0 += 1 - loop is recorded here
    0215F5DE 2834     cmp     r0,#0x34    
    0215F5E0 DBE9     blt     #0x215F5B6 // for(int i = 0; i < 34; i++)
    
    0215F5CA 42A9     cmp     r1,r5
    0215F5CC D106     bne     #0x215F5DC // both 0, no branch
    0215F5CE 1E51     sub     r1,r2,1             // r1 = r2 -1
    0215F5D0 0409     lsl     r1,r1,#0x10       // (r2- 1) << 16
    0215F5D2 140A     asr     r2,r1,#0x10     // r2 -= 1
    0215F5D4 D502     bpl     #0x215F5DC
    
    0215F5DC 1C40     add     r0,r0,1        // r0 += 1 - loop is recorded here
    0215F5DE 2834     cmp     r0,#0x34    
    0215F5E0 DBE9     blt     #0x215F5B6 // for(int i = 0; i < 34; i++)
    
    0215F5E2 1E78        sub     r0,r7,1                // r7 is used as the multiplier on rng proc. -1 each full iteration
    0215F5E4 0400        lsl     r0,r0,#0x10                // r0 << 16
    0215F5E6 1C6D        add     r5,r5,1                // r5 + 0x1
    0215F5E8 0C07        lsr     r7,r0,#0x10                // r7 = r0 >> 0x10 (so undo the << from earlier, move to r7)
    0215F5EA 2D06        cmp     r5,#0x6                // r5 - 0x6 ; 6 loops 34-2F, 0-5
    0215F5EC DBDD        blt     #0x215F5AA                // branch if neg; true, so up we go
    
    0215F5AA 1C38        mov     r0,r7                // r0 returns to value before >>
    0215F5AC F6A6F89E    bl      #0x20056EC               // rng advancement using r7->r0.. 
    
    Ok, so, the RNG procs 6 times. It goes:

    Code:
    (u32 * 34) >> 0x20
    (u32 * 33) >> 0x20
    (u32 * 32) >> 0x20
    (u32 * 31) >> 0x20
    (u32 * 30) >> 0x20
    (u32 * 2F) >> 0x20
    
    The first time, the trainer is just the event value determined by the formula. Each time after, it checks the current value against the previous value. If the current RNG proc is greater than the last one, 1 is added to the event result. So, if RNG proc 1 gave you 0x10 and RNG proc 2 is 0x11, 1 is added to the current proc, so trainer 2 would be # 0x12.
  4. Bond697

    Bond697 Dies, died, will die.
    is a Pokemon Researcher

    Joined:
    Jun 20, 2010
    Messages:
    307
    Emerald Feebas
    --------------

    Simply put, it's the same as the RS Feebas, but with Sync:

    1. 5 frames past the "A pokemon is on the hook!" box, it does ((seed >> 16) % 100) with a <= cmp against 49 at the end, though the number needs to be under 50.

    2. This is ((seed >> 16) % 100) again, but the cmp at the end is r4 against 1. From what I can tell, r4 records whether is seed is even or odd, making this Sync

    3. ((seed >> 16) % 6) = 0

    4. PID, same as RS/FRLG- make a PID w/ the current+next frame, check PID%0x19, check PIDs after that for the same nature and use the matching one

    -skip 1 frame here-(that makes this ABDE, method 4)

    5. ((seed >> 16) & 0x1F- this is to start, more happens. It's checking IVs
    6. ((seed >> 16) & 0x1F- same here, IVs

    Also, the "skipped" frames aren't actually skipped, per se. The Emerald RNG, like the R/S RNG, runs right before the IRQ handler. The IRQ handler runs 60x/sec, so the RNG runs 60x/sec+ a few when it cycles multiple times on a (vblank, not RNG)frame(I think, pretty sure).
  5. Bond697

    Bond697 Dies, died, will die.
    is a Pokemon Researcher

    Joined:
    Jun 20, 2010
    Messages:
    307
    Gen 1/2 RNG
    -----------

    I see this question come up more often that I would expect. Here's why no one should do it:

    To start, let's take Pokemon Crystal as an example:

    In page0 of the RAM(shown as HRAM in most emulators), there are 4 values we want to pay attention to:

    FF04, a division register- not sure what it's dividing, though. No one else is either, from what I've read.
    FF9B, a counter, [FF9B]++ each frame it seems
    FFE1, the first 8-bit "RNG"
    FFE2, the second 8-bit "RNG"

    Now, the relevant Z80 assembly I pulled out today:

    Show Hide

    [​IMG]


    Code:
    ROM0:02B1 21 9B FF         ld hl,ff9b          // load counter offset to hl
    ROM0:02B4 34               inc (hl)            // increment hl by 1(counter++)
    ROM0:02B5 F0 04            ld a,(ff00+04)      // set a to the value at FF04
    ROM0:02B7 47               ld b,a              // set b to it
    ROM0:02B8 F0 E1            ld a,(ff00+e1)      // RNG byte 1 to a
    ROM0:02BA 88               adc b               // add a and b(FF04 to FFE1)
    ROM0:02BB E0 E1            ld (ff00+e1),a      // store the new a back to FFE1
    ROM0:02BD F0 04            ld a,(ff00+04)      // set a to the value at FF04
    ROM0:02BF 47               ld b,a              // set b to it
    ROM0:02C0 F0 E2            ld a,(ff00+e2)      // RNG byte 2 to a
    ROM0:02C2 98               sbc b               // subtract b from a(FF04 to FFE2)
    ROM0:02C3 E0 E2            ld (ff00+e2),a      // store the new a back to FFE2
    
    What we're seeing here is the way the RNG advances in gen 1 and 2, though this particular example is for gen 2. Each time the counter(FF9B) increments, RNG byte1 is incremented by the value at FF04 and RNG byte2 is decremented by the value at FF04. Also, the 2 bytes are at times combined and used as a 16-bit values. All the cases where they're used separately and together would need to be documented.

    In order to abuse the RNG, one would need to figure out the speed of advancement for the counter(I think this is 60fps, not sure), how the division register(FF04) works and what it starts at(if it's even static), etc. It would be a lot of work on my/our end to figure out and on the RNG-er's end to do just to be unable to trade with anyone.
  6. Bond697

    Bond697 Dies, died, will die.
    is a Pokemon Researcher

    Joined:
    Jun 20, 2010
    Messages:
    307
    Pokegear
    --------

    Found this one while I was looking for something else:

    Show Hide

    Code:
    02252028 F5CDFE8C bl      #0x201FD44	// RNG advance
    0225202C 21FA     mov     r1,#0xFA	// r1 = 250
    0225202E 0089     lsl     r1,r1,#0x2	r1 = 250 * 4
    02252030 F6A0ECB2 blx     #0x20F2998
       (seed >> 16) % 1000
    020F2998 E020C001 eor     r12,r0,r1		// this is a signed divmod- it returns r0/r1 in r0 and r0%r1 in r1
    020F299C E20CC102 and     r12,r12,#0x80000000
    020F29A0 E3500000 cmp     r0,#0x0
    020F29A4 B2600000 rsblt   r0,r0,#0x0
    020F29A8 B28CC001 addlt   r12,r12,#0x1
    020F29AC E3510000 cmp     r1,#0x0
    020F29B0 B2611000 rsblt   r1,r1,#0x0
    020F29B4 0A000075 beq     #0x20F2B90
    020F29B8 E1500001 cmp     r0,r1
    020F29BC 31A01000 movcc   r1,r0
    020F29C0 33A00000 movcc   r0,#0x0
    020F29C4 3A000071 bcc     #0x20F2B90
    020F29C8 E3A0201C mov     r2,#0x1C
    020F29CC E1A03220 mov     r3,r0,lsr #0x4
    020F29D0 E1510623 cmp     r1,r3,lsr #0xC
    020F29D4 D2422010 suble   r2,r2,#0x10
    020F29D8 D1A03823 movle   r3,r3,lsr #0x10
    020F29DC E1510223 cmp     r1,r3,lsr #0x4
    020F29E0 D2422008 suble   r2,r2,#0x8
    020F29E4 D1A03423 movle   r3,r3,lsr #0x8
    020F29E8 E1510003 cmp     r1,r3
    020F29EC D2422004 suble   r2,r2,#0x4
    020F29F0 D1A03223 movle   r3,r3,lsr #0x4
    020F29F4 E1A00210 mov     r0,r0,lsl r2
    020F29F8 E2611000 rsb     r1,r1,#0x0
    020F29FC E0900000 adds    r0,r0,r0
    020F2A00 E0822082 add     r2,r2,r2,lsl #0x1
    020F2A04 E08FF102 add     r15,r15,r2,lsl #0x2
    020F2A08 E1A00000 nop
    020F2A0C E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2A10 30433001 subcc   r3,r3,r1
    020F2A14 E0B00000 adcs    r0,r0,r0
    020F2A18 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2A1C 30433001 subcc   r3,r3,r1
    020F2A20 E0B00000 adcs    r0,r0,r0
    020F2A24 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2A28 30433001 subcc   r3,r3,r1
    020F2A2C E0B00000 adcs    r0,r0,r0
    020F2A30 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2A34 30433001 subcc   r3,r3,r1
    020F2A38 E0B00000 adcs    r0,r0,r0
    020F2A3C E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2A40 30433001 subcc   r3,r3,r1
    020F2A44 E0B00000 adcs    r0,r0,r0
    020F2A48 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2A4C 30433001 subcc   r3,r3,r1
    020F2A50 E0B00000 adcs    r0,r0,r0
    020F2A54 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2A58 30433001 subcc   r3,r3,r1
    020F2A5C E0B00000 adcs    r0,r0,r0
    020F2A60 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2A64 30433001 subcc   r3,r3,r1
    020F2A68 E0B00000 adcs    r0,r0,r0
    020F2A6C E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2A70 30433001 subcc   r3,r3,r1
    020F2A74 E0B00000 adcs    r0,r0,r0
    020F2A78 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2A7C 30433001 subcc   r3,r3,r1
    020F2A80 E0B00000 adcs    r0,r0,r0
    020F2A84 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2A88 30433001 subcc   r3,r3,r1
    020F2A8C E0B00000 adcs    r0,r0,r0
    020F2A90 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2A94 30433001 subcc   r3,r3,r1
    020F2A98 E0B00000 adcs    r0,r0,r0
    020F2A9C E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2AA0 30433001 subcc   r3,r3,r1
    020F2AA4 E0B00000 adcs    r0,r0,r0
    020F2AA8 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2AAC 30433001 subcc   r3,r3,r1
    020F2AB0 E0B00000 adcs    r0,r0,r0
    020F2AB4 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2AB8 30433001 subcc   r3,r3,r1
    020F2ABC E0B00000 adcs    r0,r0,r0
    020F2AC0 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2AC4 30433001 subcc   r3,r3,r1
    020F2AC8 E0B00000 adcs    r0,r0,r0
    020F2ACC E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2AD0 30433001 subcc   r3,r3,r1
    020F2AD4 E0B00000 adcs    r0,r0,r0
    020F2AD8 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2ADC 30433001 subcc   r3,r3,r1
    020F2AE0 E0B00000 adcs    r0,r0,r0
    020F2AE4 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2AE8 30433001 subcc   r3,r3,r1
    020F2AEC E0B00000 adcs    r0,r0,r0
    020F2AF0 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2AF4 30433001 subcc   r3,r3,r1
    020F2AF8 E0B00000 adcs    r0,r0,r0
    020F2AFC E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B00 30433001 subcc   r3,r3,r1
    020F2B04 E0B00000 adcs    r0,r0,r0
    020F2B08 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B0C 30433001 subcc   r3,r3,r1
    020F2B10 E0B00000 adcs    r0,r0,r0
    020F2B14 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B18 30433001 subcc   r3,r3,r1
    020F2B1C E0B00000 adcs    r0,r0,r0
    020F2B20 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B24 30433001 subcc   r3,r3,r1
    020F2B28 E0B00000 adcs    r0,r0,r0
    020F2B2C E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B30 30433001 subcc   r3,r3,r1
    020F2B34 E0B00000 adcs    r0,r0,r0
    020F2B38 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B3C 30433001 subcc   r3,r3,r1
    020F2B40 E0B00000 adcs    r0,r0,r0
    020F2B44 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B48 30433001 subcc   r3,r3,r1
    020F2B4C E0B00000 adcs    r0,r0,r0
    020F2B50 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B54 30433001 subcc   r3,r3,r1
    020F2B58 E0B00000 adcs    r0,r0,r0
    020F2B5C E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B60 30433001 subcc   r3,r3,r1
    020F2B64 E0B00000 adcs    r0,r0,r0
    020F2B68 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B6C 30433001 subcc   r3,r3,r1
    020F2B70 E0B00000 adcs    r0,r0,r0
    020F2B74 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B78 30433001 subcc   r3,r3,r1
    020F2B7C E0B00000 adcs    r0,r0,r0
    020F2B80 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B84 30433001 subcc   r3,r3,r1
    020F2B88 E0B00000 adcs    r0,r0,r0
    020F2B8C E1A01003 mov     r1,r3
    020F2B90 E21C3102 ands    r3,r12,#0x80000000
    020F2B94 12600000 rsbne   r0,r0,#0x0
    020F2B98 E21C3001 ands    r3,r12,#0x1
    020F2B9C 12611000 rsbne   r1,r1,#0x0
    020F2BA0 E12FFF1E bx      r14
    
    02252034 0408     lsl     r0,r1,#0x10		// drop the div, keep the mod
    02252036 0C01     lsr     r1,r0,#0x10
    02252038 207D     mov     r0,#0x7D		r0 = 125
    0225203A 0080     lsl     r0,r0,#0x2		r0 = 125 * 4
    0225203C 4281     cmp     r1,r0			500 - ((seed >> 16) % 1000)
    0225203E D202     bcs     #0x2252046		// if the result is under 500, you get a Pokegear call!
    



    This isn't an important thing, so I didn't spend a lot of time taking it apart. It isn't worth manipulating, but I think it is worth knowing, if nothing else.

    arcee actually brought up a very good point about this the other day. it isn't a hard cmp against 500, it's against another register. it's possible that pokegear calls are grouped into rarity tiers and that value changes based on each tier or something.
  7. Bond697

    Bond697 Dies, died, will die.
    is a Pokemon Researcher

    Joined:
    Jun 20, 2010
    Messages:
    307
    Speculation on why the methods exist:

    http://pastebin.com/P2w2C42H

    Show Hide

    [18:15] <10Kaphotics> so ya the methods are caused by the IRQ handler chewing up frames as it so desires?
    [18:34] <Bond697> not exactly
    [18:35] <Bond697> the calls to create the pkm are extra calls from outside the one at the end of the main loop
    [18:35] <Bond697> the way it works
    [18:36] <Bond697> the game runs through one main set of calls that interpret movement, play a bit of sound, play a bit of graphics, handle controls, check for a battle, check for being in/approaching a tile where a battle can happen, etc
    [18:36] <Bond697> at the end of the loop, the vblank runs and clears the screen for the next to bed rawn
    [18:36] <Bond697> *to be drawn
    [18:37] <Bond697> the frame probably advances right before that
    [18:37] <Bond697> (the rng frame) through a rand(); call or something
    [18:37] <Bond697> so when it’s creating a poke, those are extra calls
    [18:38] <Bond697> the methods could be a result of the main loop running at specific times during encounter creation
    [18:38] <Bond697> instead of all the calcs running through one trip through the main loop
    [18:39] <Bond697> honestly, it’s probably their own fault
    [18:39] <Bond697> everything i’ve ever read about gba programming says not to use division and not to use modulus
    [18:40] <Bond697> they have no computational accelerator on the gba and so have to be done through software
    [18:41] <Bond697> the fact that most everything is done via modulus might cause weird timing issues that leave the game to catch up
    [18:42] <Bond697> fishing, for example needs to have running water drawn, has to do a bunch of modulus calcs, there’s a lot going on
    [18:43] <Bond697> so the game probably falls behind, finishes the main loop, and starts over again, leaving a gap in the calcs
    [18:44] <Bond697> the methods outside of specific event stuff might only exist due to bad programming
    [18:45] <10Kaphotics> well said :D
    [18:46] <10Kaphotics> the game still uses mod for the *100 level calc in gen 4/5 tho
    [18:46] <10Kaphotics> guess it isn't as bad compared to fucking %100 a 65536
    [18:46] <Bond697> well
    [18:46] <Bond697> there’s a computational accelerator in the ds
    [18:46] <Bond697> for div and mod
    [18:46] <10Kaphotics> ah yes
    [18:46] <10Kaphotics> and then that too
    [18:46] <10Kaphotics> however they did the mod
    [18:46] <Bond697> in fact, the div i/o registers always return both
    [18:46] <10Kaphotics> revealing the errors in nintendos ways :D
    [18:46] <Bond697> the div and the remainder
    [18:46] <10Kaphotics> you should post that
    [18:47] <10Kaphotics> "the mystery of Method 1/2/3/4
    [18:47] <Bond697> maybe
    [18:47] <10Kaphotics> and one can definitely argue that no spreads are exclusively one method or another
    [18:48] <10Kaphotics> due to that "game runs through the main set of calls", milliseconds of time
    [18:48] <Bond697> 60x/sec
    [18:48] <10Kaphotics> which explains how I was able to get multiple Methods with different tiles
    [18:48] <Bond697> it probably just falls behind
    [18:50] <Bond697> i would put money on it not being a coincidence that modulus is hard on the system and that there’s weirdness in the calcs that create the method
    [18:56] <Bond697> actually
    [18:56] <Bond697> every other frame
    [18:56] <Bond697> after the game makes the pid
    [18:57] <Bond697> it has to run a modulus of a small number (0x19) against a large number(0-0xFFFFFFFF, usually closer to the high end)
    [18:57] <Bond697> well, after it makes the temp pid
    [18:57] <Bond697> i’ve run through those so many times, they take an incredibly lrge amount of instructions
    [18:57] <Bond697> *large
    [18:58] <Bond697> because it avoids division and has to do mod and div out via shifting and adding
    [18:59] <Bond697> thats probably it right there
    [19:01] <Bond697> err, it does mod 25 every time
    [19:01] <Bond697> either way, it’s a lot of reducing
  8. Bond697

    Bond697 Dies, died, will die.
    is a Pokemon Researcher

    Joined:
    Jun 20, 2010
    Messages:
    307
    5th Gen RNG Routines

    Gen 3 and gen 4 had a single RNG advancement routine each. It did the multiplication/addition and right-shifted 16 and that was it. RNG advancement in gen 5 uses 3 dfferent functions, of which 2 are in use for a given advancement. Here's a sort-of code example:

    Show Hide

    Code:
        
        typedef unsigned __int32 u32_t;
        typedef unsigned __int64 u64_t;
         
         
        u64_t mul64(u64_t num1, u64_t num2);
        u32_t rand();
        u32_t rand.event(u32_t event);
         
        const u64_t a 0x5d588b656c078965;
        const u64_t c 0x0000000000269EC3;
        u64_t seed = seed.init;
    
        void main()
        {
         
        if (rng.event == true)
        {
        u32_t check = 0;
         
        check = rand.event(event);
         
        return check;
         
        }
        else
        {
        u32_t top = 0;
    	
        top = rand();
        
        return top;			..return u32 of the rng for use in pids, etc.
    	
        }
        }
         
        u32_t rand()
                {
                	
                    seed = mul64(a, seed) + c;
                   
                    return (seed >> 32);
                }
         
         
        u32_t rand.event(u32_t event)
                {
                    u32_t eventSeed, eventVal = 0; 	
         		
                    seed = mul64(a, seed) + c;
                   
                    eventSeed = seed >> 32;
         
                    eventVal = mul64(eventSeed, event) >> 32;
         
                    return eventVal;
                }
         
         
        u64_t mul64(u64_t num1, u64_t num2)
                {
                    u64_t result = 0;
         
                    result = num1 * num2;
                    return result;
                }
    


    And the matching assembly for a comparison:

    Show Hide

    Code:
    
    RNG routines:
    
    [code]
    rand();
    :020056EC B538 push {r3,r4,r5,LR}
    :020056EE 1C05 mov r5,r0	;r5 = 0(0x00000000)
    :020056F0 480C ldr r0,[PC,#0x30]	;PC(0x20056f4)+0x30=*(0x02005724)=#34251188(0x020aa1b4)
    :020056F2 6904 ldr r4,[r0,#0x10]	;r0+0x10=*(0x020aa1c4)=#1187036664(0x46c0bdf8)
    :020056F4 68A0 ldr r0,[r4,#0x8]	;r4+0x8=*(0x46c0be00)=#0(0x00000000)
    :020056F6 68E1 ldr r1,[r4,#0xc]	;r4+0xc=*(0x46c0be04)=#0(0x00000000)
    :020056F8 6822 ldr r2,[r4,#0x0]	;r4+0x0=*(0x46c0bdf8)=#0(0x00000000)
    :020056FA 6863 ldr r3,[r4,#0x4]	;r4+0x4=*(0x46c0bdfc)=#0(0x00000000)
    :020056FC F096ECB6 blx 0209C06C
    :02005700 6922 ldr r2,[r4,#0x10]	;r4+0x10=*(0x46c0be08)=#0(0x00000000)
    :02005702 6963 ldr r3,[r4,#0x14]	;r4+0x14=*(0x46c0be0c)=#0(0x00000000)
    :02005704 1810 add r0,r2,r0	;r0 = 2(0x00000002)
    :02005706 414B adc r3,r1
    :02005708 6020 str r0,[r4,#0x0]	;r4+0x0=*(0x46c0bdf8)= write #2(0x00000002)
    :0200570A 6063 str r3,[r4,#0x4]	;r4+0x4=*(0x46c0bdfc)= write #0(0x00000000)
    :0200570C 2D00 cmp r5,#0x0	;if(0 : 0)
    :0200570E D101 bne 02005714
    :02005710 6861 ldr r1,[r4,#0x4]	;r4+0x4=*(0x46c0bdfc)=#0(0x00000000)
    :02005712 E005 b 02005720
    :02005714 6860 ldr r0,[r4,#0x4]	;r4+0x4=*(0x46c0bdfc)=#0(0x00000000)
    :02005716 2100 mov r1,#0x0	;r1 = 0(0x00000000)
    :02005718 2300 mov r3,#0x0	;r3 = 0(0x00000000)
    :0200571A 1C2A mov r2,r5	;r2 = 0(0x00000000)
    :0200571C F096ECA6 blx 0209C06C
    :02005720 1C08 mov r0,r1	;r0 = 0(0x00000000)
    :02005722 BD38 pop {r3,r4,r5,PC}
    
    .data
    :02005724 020AA1B4 andeq  r10,r10,#0x2D
    
    rand.event();
    :02005728 B538 push {r3,r4,r5,LR}
    :0200572A 1C05 mov r5,r0	;r5 = 0(0x00000000)
    :0200572C 480A ldr r0,[PC,#0x28]	;PC(0x2005730)+0x28=*(0x02005758)=#34251188(0x020aa1b4)
    :0200572E 6904 ldr r4,[r0,#0x10]	;r0+0x10=*(0x020aa1c4)=#1187036664(0x46c0bdf8)
    :02005730 68A0 ldr r0,[r4,#0x8]	;r4+0x8=*(0x46c0be00)=#0(0x00000000)
    :02005732 68E1 ldr r1,[r4,#0xc]	;r4+0xc=*(0x46c0be04)=#0(0x00000000)
    :02005734 6822 ldr r2,[r4,#0x0]	;r4+0x0=*(0x46c0bdf8)=#0(0x00000000)
    :02005736 6863 ldr r3,[r4,#0x4]	;r4+0x4=*(0x46c0bdfc)=#0(0x00000000)
    :02005738 F096EC98 blx 0209C06C
    :0200573C 6922 ldr r2,[r4,#0x10]	;r4+0x10=*(0x46c0be08)=#0(0x00000000)
    :0200573E 6963 ldr r3,[r4,#0x14]	;r4+0x14=*(0x46c0be0c)=#0(0x00000000)
    :02005740 1810 add r0,r2,r0	;r0 = 2(0x00000002)
    :02005742 414B adc r3,r1
    :02005744 6020 str r0,[r4,#0x0]	;r4+0x0=*(0x46c0bdf8)= write #2(0x00000002)
    :02005746 6063 str r3,[r4,#0x4]	;r4+0x4=*(0x46c0bdfc)= write #0(0x00000000)
    :02005748 1C18 mov r0,r3	;r0 = 0(0x00000000)
    :0200574A 2100 mov r1,#0x0	;r1 = 0(0x00000000)
    :0200574C 2300 mov r3,#0x0	;r3 = 0(0x00000000)
    :0200574E 1C2A mov r2,r5	;r2 = 0(0x00000000)
    :02005750 F096EC8C blx 0209C06C
    :02005754 1C08 mov r0,r1	;r0 = 0(0x00000000)
    :02005756 BD38 pop {r3,r4,r5,PC}
    
    .data
    :02005758 020AA1B4 andeq  r10,r10,#0x2D
    

    mul64 routine:

    Code:
    Mul64();
    :0209C06C E92D4030 stmdb  r13!,{r4,r5,r14}
    :0209C070 E0845290 umull  r5,r4,r0,r2
    :0209C074 E0244390 mla  r4,r0,r3,r4unknown
    :0209C078 E0244192 mla  r4,r2,r1,r4unknown
    :0209C07C E1A01004 mov  r1,r4			;r1=1(0x1)
    :0209C080 E1A00005 mov  r0,r5			;r0=0(0x0)
    :0209C084 E8BD4030 ldmia  r13!,{r4,r5,r14}
    :0209C088 E12FFF1E bx r14 (Jump to addr_00000000?)
    
    [/code]


    Basically, if the programmer needs an "event value"(what I've been calling those (XX * u32) >> 32 things), he can call rand.event(), give it the value he wants multiplied against, and he gets a number back. If he needs the upper half of the RNG, he can call rand() and get the top half back to do calcs against or to convert to a PID, etc. 5th gen is actually pretty consistent in that way. It either returns the result of the rand/event calc or the upper half of the RNG just like gens 3 and 4.
  9. Bond697

    Bond697 Dies, died, will die.
    is a Pokemon Researcher

    Joined:
    Jun 20, 2010
    Messages:
    307
    (Clown, Fisherman, Patrat, and Waiter by Arcee)

    Berry Clown
    RNG is triggered when you approach clown, and press 'A' to talk to him.
    (u32 * 0x10) >> 32

    -Dark pokemon are never requested here. Either Game Freak intentionally left out dark types or whoever wrote the routine/s for the clown simply forgot there were 17 types total. I would guess the latter.

    Show Hide

    0x0 - Normal
    0x1 - Fighting
    0x2 - Flying
    0x3 - Poison
    0x4 - Ground
    0x5 - Rock
    0x6 - Bug
    0x7 - Ghost
    0x8 - Steel
    0x9 - Fire
    0xA - Water
    0xB - Grass
    0xC - Electric
    0xD - Psychic
    0xE - Ice
    0xF - Dragon


    ==============================================================
    Village Bridge Fisherman
    (u32 * 0x15) >> 32
    RNG is triggered when 'Why don't you join up and enjoy fishing?' and you answer 'Yes'.

    Show Hide

    0x0 - Carvanha
    0x1 - Basculin
    0x2 - Sharpedo
    0x3 - Feebas
    0x4 - Milotic
    0x5 - Goldeen
    0x6 - Seaking
    0x7 - Poliwag
    0x8 - Poliwhirl
    0x9 - Poliwrath
    0xA - Krabby
    0xB - Shellder
    0xC - Luvdisc
    0xD - Kingler
    0xE - Cloyster
    0xF - Finneon
    0x10 - Horsea
    0x11 - Seadra
    0x12 - Qwilfish
    0x13 - Lumineon
    0x14 - Kingdra


    ==============================================================
    Heartscale Lady
    (u32 * 0x26) >> 32
    One RNG proc when answering "yes" to her single question

    Show Hide

    0 - Dragon Claw
    1 - Roar
    2 - Toxic
    3 - Thunderbolt
    4 - Dig
    5 - Shadow Ball
    6 - Brick Break
    7 - Sludge Bomb
    8 - Rock Tomb
    9 - Torment
    10 - Flame Charge
    11 - Rest
    12 - Attract
    13 - Thief
    14 - Fling
    15 - Sky Drop
    16 - Will-O-Wisp
    17 - Acrobatics
    18 - Shadow Claw
    19 - Retaliate
    20 - Flash
    21 - Volt Switch
    22 - Struggle Bug
    23 - Bulldoze
    24 - Frost Breath
    25 - Rock Slide
    26 - X-Scissor
    27 - Dragon Tail
    28 - Work Up
    29 - Poison Jab
    30 - Grass Knot
    31 - Substitute
    32 - Flash Cannon
    33 - Rock Smash
    34 - Cut
    35 - Fly
    36 - Surf
    37 - Strength


    ==============================================================

    Patrat RNG
    RNG triggers after she says 'The Patrat that I will have you follow today is..'
    (u32 * 0x4) >> 32
    (in order of left to right too)
    0x0 - Patrat with the brightest smile
    0x1 - Patrat with cutest dimples
    0x2 - Patrat with the trendiest eyebrows
    0x3 - Patrat with biggest belly

    Movement
    (u32 * 0x3) >> 32
    Three pre-set movement patterns!
    0x0 - Using first patrat (0x0), results in Patrat on far left
    0x1 - Using first patrat (0x0), results in Patrat second to left.
    0x2 - Using first patrat (0x0), results in Patrat second to right.


    ==============================================================
    Waiter's Orders (Village Bridge cafe mini-game)
    (u32 * 0x4) >> 32
    RNG triggers when one presses A to speak to NPC.

    0x0 - Cheri Berry sandwich
    0x1 - Persim Berry sandwich
    0x2 - Pecha Berry sandwich
    0x3 - Chesto Berry sandwich
  10. Bond697

    Bond697 Dies, died, will die.
    is a Pokemon Researcher

    Joined:
    Jun 20, 2010
    Messages:
    307
    Heart Gold Fishing


    Heart Gold does fishing rates in sort of a funny way. It does it

    (seed >> 16) % 100 and then uses 3 different values to compare against. This is noted in the code:

    Show Hide

    Code:
    
    HG fishing
    Unlike BW (where the calculation was the second break), HG's is the first break. BW possibly calculates something else before..?
    0201FD4A 1C13     mov     r3,r2            // rng advancement
    0201FD4C 4343     mul     r3,r0            // ax
    0201FD4E 4805     ldr     r0,=#0x6073
    0201FD50 1818     add     r0,r3,r0          // ax + c into r0
    0201FD52 6048     str     r0,[r1,#0x4]
    0201FD54 0C00     lsr     r0,r0,#0x10
    0201FD56 0400     lsl     r0,r0,#0x10
    0201FD58 0C00     lsr     r0,r0,#0x10
    0201FD5A 4770     bx      r14
    02246FC6 2164     mov     r1,#0x64
    02246FC8 F6ABECE6 blx     #0x20F2998
    020F2998 E020C001 eor     r12,r0,r1            // signed divmod; start with r0 = ax+c >> 16, r1 = 0x64
    
    020F299C E20CC102 and     r12,r12,#0x80000000
    020F29A0 E3500000 cmp     r0,#0x0
    020F29A4 B2600000 rsblt   r0,r0,#0x0
    020F29A8 B28CC001 addlt   r12,r12,#0x1
    020F29AC E3510000 cmp     r1,#0x0
    020F29B0 B2611000 rsblt   r1,r1,#0x0
    020F29B4 0A000075 beq     #0x20F2B90
    020F29B8 E1500001 cmp     r0,r1
    020F29BC 31A01000 movcc   r1,r0
    020F29C0 33A00000 movcc   r0,#0x0
    020F29C4 3A000071 bcc     #0x20F2B90
    020F29C8 E3A0201C mov     r2,#0x1C
    020F29CC E1A03220 mov     r3,r0,lsr #0x4
    020F29D0 E1510623 cmp     r1,r3,lsr #0xC
    020F29D4 D2422010 suble   r2,r2,#0x10
    020F29D8 D1A03823 movle   r3,r3,lsr #0x10
    020F29DC E1510223 cmp     r1,r3,lsr #0x4
    020F29E0 D2422008 suble   r2,r2,#0x8
    020F29E4 D1A03423 movle   r3,r3,lsr #0x8
    020F29E8 E1510003 cmp     r1,r3
    020F29EC D2422004 suble   r2,r2,#0x4
    020F29F0 D1A03223 movle   r3,r3,lsr #0x4
    020F29F4 E1A00210 mov     r0,r0,lsl r2
    020F29F8 E2611000 rsb     r1,r1,#0x0
    020F29FC E0900000 adds    r0,r0,r0
    020F2A00 E0822082 add     r2,r2,r2,lsl #0x1
    020F2A04 E08FF102 add     r15,r15,r2,lsl #0x2
    020F2AFC E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B00 30433001 subcc   r3,r3,r1
    020F2B04 E0B00000 adcs    r0,r0,r0
    020F2B08 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B0C 30433001 subcc   r3,r3,r1
    020F2B10 E0B00000 adcs    r0,r0,r0
    020F2B14 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B18 30433001 subcc   r3,r3,r1
    020F2B1C E0B00000 adcs    r0,r0,r0
    020F2B20 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B24 30433001 subcc   r3,r3,r1
    020F2B28 E0B00000 adcs    r0,r0,r0
    020F2B2C E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B30 30433001 subcc   r3,r3,r1
    020F2B34 E0B00000 adcs    r0,r0,r0
    020F2B38 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B3C 30433001 subcc   r3,r3,r1
    020F2B40 E0B00000 adcs    r0,r0,r0
    020F2B44 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B48 30433001 subcc   r3,r3,r1
    020F2B4C E0B00000 adcs    r0,r0,r0
    020F2B50 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B54 30433001 subcc   r3,r3,r1
    020F2B58 E0B00000 adcs    r0,r0,r0
    020F2B5C E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B60 30433001 subcc   r3,r3,r1
    020F2B64 E0B00000 adcs    r0,r0,r0
    020F2B68 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B6C 30433001 subcc   r3,r3,r1
    020F2B70 E0B00000 adcs    r0,r0,r0
    020F2B74 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B78 30433001 subcc   r3,r3,r1
    020F2B7C E0B00000 adcs    r0,r0,r0
    020F2B80 E0B13083 adcs    r3,r1,r3,lsl #0x1
    020F2B84 30433001 subcc   r3,r3,r1
    020F2B88 E0B00000 adcs    r0,r0,r0
    020F2B8C E1A01003 mov     r1,r3
    020F2B90 E21C3102 ands    r3,r12,#0x80000000
    020F2B94 12600000 rsbne   r0,r0,#0x0
    020F2B98 E21C3001 ands    r3,r12,#0x1
    020F2B9C 12611000 rsbne   r1,r1,#0x0
    020F2BA0 E12FFF1E bx      r14                // r0 = r0/r1; r1 = r0%r1
    
    [b]02246FCC 0408 lsl    r0,r1,#0x10    // << 16d
    02246FCE 0C00     lsr    r0,r0,#0x10   // >> 16d (clears upper 16 bits)
    02246FD0 42A0     cmp  r0,r4            // r4 = 0x5F - super rod, 0x46 - good rod, 0x2D - old rod[/b]
    02246FD2 DB02     blt     #0x2246FDA
    



    Basically, if you have the super rod, you have a 95% chance of getting a nibble. If you use the good or old rods, you have a 70% and 45% chance, respectively. The cmp changes between 5D, 46, and 2D depending on if you use the super, good, or old rod.


    Black and White Fishing

    Black and White are extremely similar to HG in this regard. The big difference, though, is that BW use the div part of the divmod and HG uses the mod part. The calc is the same as the ESV calc, but for the frame before:

    Show Hide

    Code:
    020056FC F096EC3C blx     #0x209C06C
    0209C06C E92D4030 stmfd r13!, (r4,r5,r14)
    0209C070 E0845290  umull r5, r4, r0, r2 
    0209C074 E0244390  mla   r4, r0, r3, r4 
    0209C078 E0244192  mla   r4, r2, r1, r4 
    0209C07C E1A01004 mov  r1, r4
    0209C080 E1A00005 mov  r0, r5
    0209C084 E8BD4030 ldmfd r13!,(r4, r5, r14)
    0209C088 E12FFF1E bx    r14 
    02005700 6922     ldr  r2,[r4,#0x10] 
    02005702 6963     ldr  r3,[r4,#0x14] 
    02005704 1810     add  r0,r2,r0
    02005706 414B     adc  r3,r1  
    02005708 6020     str  r0,[r4]  
    0200570A 6063     str  r3,[r4,#0x4]   
    0200570C 2D00     cmp  r5, #0x0   
    0200570E D101     bne #0x2005714 
    02005714 6860     ldr r0,[r4,#0x4]  
    02005716 2100     mov r1, #0x0  
    02005718 2300     mov r3, #0x0  
    02005720 1C2A     mov r2, r5  
    0200571C F096ECA6 blx  #0209C06C
    0209C06C E92D4030 stmfd r13!, (r4,r5,r14)
    0209C070 E0845290 umull r5, r4, r0, r2                            // r4 = 0x9CAB
    0209C074 E0244390 mla   r4, r0, r3, r4   
    0209C078 E0244192 mla   r4, r2, r1, r4   
    0209C07C E1A01004 mov  r1, r4                                    // save to r1 
    0209C080 E1A00005 mov  r0, r5              
    0209C084 E8BD4030 ldmfd r13!,(r4, r5, r14)
    0209C088 E12FFF1E bx    r14
    02005720 1C08     mov        r0,r1                        // save r1 as arg
    02005722 BD38     pop  (r3-r5,r15)
    021A9DF0 2129     mov     r1,#0x29                // r1 = 0x29
    021A9DF2 0109     lsl     r1,r1,#0x4
    021A9DF4 F6F2EA68 blx     #0x209C2C8
    - unsigned divmod - r0 = r0/0x290, r1=r1%0x290
    0209C2C8 E3510000 cmp     r1,#0x0
    0209C2CC 012FFF1E bxeq    r14
    0209C2D0 E1500001 cmp     r0,r1                        // compare upper half of seed with 0x290 to make sure it's above
    0209C2D4 31A01000 movcc   r1,r0
    0209C2D8 33A00000 movcc   r0,#0x0
    0209C2DC 312FFF1E bxcc    r14
    0209C2E0 E3A0201C mov     r2,#0x1C
    0209C2E4 E1A03220 mov     r3,r0,lsr #0x4
    0209C2E8 E1510623 cmp     r1,r3,lsr #0xC
    0209C2EC D2422010 suble   r2,r2,#0x10
    0209C2F0 D1A03823 movle   r3,r3,lsr #0x10
    0209C2F4 E1510223 cmp     r1,r3,lsr #0x4
    0209C2F8 D2422008 suble   r2,r2,#0x8
    0209C2FC D1A03423 movle   r3,r3,lsr #0x8
    0209C300 E1510003 cmp     r1,r3
    0209C304 D2422004 suble   r2,r2,#0x4
    0209C308 D1A03223 movle   r3,r3,lsr #0x4
    0209C30C E1A00210 mov     r0,r0,lsl r2
    0209C310 E2611000 rsb     r1,r1,#0x0
    0209C314 E0900000 adds    r0,r0,r0
    0209C318 E0822082 add     r2,r2,r2,lsl #0x1
    0209C31C E08FF102 add     r15,r15,r2,lsl #0x2                // switch statement
    0209C444 E0B13083 adcs    r3,r1,r3,lsl #0x1
    0209C448 30433001 subcc   r3,r3,r1
    0209C44C E0B00000 adcs    r0,r0,r0
    0209C450 E0B13083 adcs    r3,r1,r3,lsl #0x1
    0209C454 30433001 subcc   r3,r3,r1
    0209C458 E0B00000 adcs    r0,r0,r0
    0209C45C E0B13083 adcs    r3,r1,r3,lsl #0x1
    0209C460 30433001 subcc   r3,r3,r1
    0209C464 E0B00000 adcs    r0,r0,r0
    0209C468 E0B13083 adcs    r3,r1,r3,lsl #0x1
    0209C46C 30433001 subcc   r3,r3,r1
    0209C470 E0B00000 adcs    r0,r0,r0
    0209C474 E0B13083 adcs    r3,r1,r3,lsl #0x1
    0209C478 30433001 subcc   r3,r3,r1
    0209C47C E0B00000 adcs    r0,r0,r0
    0209C480 E0B13083 adcs    r3,r1,r3,lsl #0x1
    0209C484 30433001 subcc   r3,r3,r1
    0209C488 E0B00000 adcs    r0,r0,r0
    0209C48C E0B13083 adcs    r3,r1,r3,lsl #0x1
    0209C490 30433001 subcc   r3,r3,r1
    0209C494 E0B00000 adcs    r0,r0,r0
    0209C498 E0B13083 adcs    r3,r1,r3,lsl #0x1
    0209C49C 30433001 subcc   r3,r3,r1
    0209C4A0 E0B00000 adcs    r0,r0,r0
    0209C4A4 E1A01003 mov     r1,r3
    0209C4A8 E12FFF1E bx      r14            // r0 = r0/r1; r1 = r0%r1
    021A9DF8 BD08     pop     {r3,r15}
    
    [b]021AA204 42A0     cmp     r0,r4                                // r4 = 0x32 (BW only has one rod)
    021AA206 D902     bls     #0x21AA20E[/b]
    


    Black and White only have a single rod, so instead of worrying about percentages, they just made it an easy 50/50 to fish or not. Coming in under 50(0-49) makes the routine true and procs a fish.

    (Arcee's)
  11. Kaphotics

    Kaphotics Remodeling Kitchens
    is a Pokemon Researcheris a Contributor to Smogon

    Joined:
    Apr 25, 2009
    Messages:
    780
    Black / White Battle RNG

    Somewhat borderline on the realm of what we should control, so I'll post pretty vaguely so as to document for future TAS abuse:
    I do know the seed location, not posting unless we find out it doesn't control link battles (ie anything shady).

    • Seeded in the transition between challenged animation fade to black --> fade to battle
      • Most likely seeded via the SHA-1 hash like initial seeds.
      • Stored at a memory location and called as needed for Battle Calculations (note: not Trainer actions)
    • Calculations appear as if they are similar to how they were done in gen 3/4.
      • Instead of %100 they are probably *100 like BW's RNG.
      • Instead of "a", it is probably >>60.

    It's still pretty early in the research phase, so these are just presumptions for future research.

    ============

    So far I've been able to abuse (Critical) Captures, stat reductions, critical hits, and misses via seed freezing around seed=0, it's pretty easy.
  12. Kaphotics

    Kaphotics Remodeling Kitchens
    is a Pokemon Researcheris a Contributor to Smogon

    Joined:
    Apr 25, 2009
    Messages:
    780
    BW Battle RNG p2
    • Speed determines who gets what random number calculation priority. (Ingame Battles).
    • If it does not require a random number for a particular aspect of a move, it will not consume a frame for that calculation.
    • If your move is a delayed attack move (Fly/Future Sight/Doom Desire), the game will not consume any frames until the turn it activates.
    • If the Pokemon is knocked out, no consumption of frames is used for reducing effects (like stat drops).

    So far tested structure (speculation at bottom of post):
    Code:
    0 - Initial
    1 - Hit (Accuracy)
    2 - Critical
    3 - Damage
    4 - Secondary Effects (reducing, status, effect spore)
    
    So far I have only tested psychic (ie one secondary effect). 
    More complex moves like Tri-Attack have yet to be tested.
    
    Also untested is Moody
    Code:
    Hit: 
    ((SEED>>32)*100) >>32, == 0-99, cmp if < accuracy, hit.
    
    Critical:
    ((SEED>>32)*s) >>32, if 0 crit).
    [u]Stage 	- *#[/u]
    1 	- *16
    2	- *8
    3	- *4
    4	- *3
    5	- *2
    
    Damage:
    ???????????? 
    
    Stat Drop:
    ((SEED>>32)*100)>>32 = 0-99, cmp if < drop%, reduce.
    Examples of Some Move Choices and Results (open)
    Attacking Slowpoke With Fly
    [​IMG]

    Not attacking, using X-SpD
    [​IMG]

    BC3DF93B0D4C668C causes Fly to always miss. (FFFFFFFF*100>>32 = 99, 99<95 => no, miss)
    speculation on untested moves/scenarios (open)
    Quick Claw: *100, if < 20 Quick Claw activates.
    Speed Tie: *100, if < 50 let (a) go first, if > 49 let (b) go first. Idk who is who, just guessing. Occurs after Quick Claw calc, if present.
    Thaw and Paralysis: *100 and cmp against 20 and 50 respectively. Occurs before Hit calc. If still frozen/paralyzed, don't consume anything else, naturally.
    Flinching: Occurs after damage, *100, if < flinch%, flinch. Flinch chance of move amplified by (% + (1 - %) * 0.1)=%'

    ===

    Infliction: *100, if < inflict%, inflict status. For Tri attack, *3 after to decide which status to inflict.

    ===

    Effect Spore/Etc: After contact move from attacker -- *100, if < 30, inflict status. *3 to decide which status to inflict for Effect Spore.

    ===

    Multihit Moves:
    Hit => Attack Amount => Crit for Each Time
    ((SEED>>32)*8)>>32

    Code:
    0   - Hit 5 Times
    1   - Hit 4 Times
    234 - Hit 3 Times
    578 - Hit 2 Times
    ===

    Moody (calc comes last)
    ((SEED>>32)*7)>>32, => Stat Boost *2
    ((SEED>>32)*7)>>32, => Stat Drop

    Accupressure
    ((SEED>>32)*7)>>32, => Stat Boost *2
  13. Kaphotics

    Kaphotics Remodeling Kitchens
    is a Pokemon Researcheris a Contributor to Smogon

    Joined:
    Apr 25, 2009
    Messages:
    780
    BW Battle RNG p3

    • A Pokemon cannot thaw if it has been flinched. The game will not say if the Pokemon flinches.

    Code:
    [U]Acupressure[/U]
    Only consumes one frame for your move:
    
    ((SEED>>32)*7)>>32 == (0-6)
    0 - Atk
    1 - Def
    2 - Speed
    3 - SpA
    4 - SpD
    5 - Accuracy 
    6 - Evasion
    
    [U]Moody[/U]
    Only consumes one frame for both the boost and drop, at the end of the turn:
    ((SEED>>32)*7)>>32 == (0-6) [Boost]
    Same #-Stat correlation. 
    Since it only consumes 1 for the entire thing, not sure on which is the drop.
    
    [U]Tri Attack[/U]
    Consumes two frames in between Critical and Damage. It always does both calcs.
    ((SEED>>32)*100)>>32 == (0-99), if (0-19) pass Inflict
    ((SEED>>32)*3  )>>32 == (0-2), if Inflict...
    0 - Burn
    1 - Paralyze
    2 - Freeze
    Code:
    [u]Elemental Fangs[/u]
    Consumes two frames after Damage, for Flinch and then Status.
    ((SEED>>32)*100)>>32 == (0-99), if (0-9), the Pokemon Flinches.
    ((SEED>>32)*100)>>32 == (0-99), if (0-9), the Pokemon receives Status.
    
    [u]Thaw (Freeze)[/u]
    Consumes one frame before it calculates move frames. If it fails, no move frames.
    ((SEED>>32)*100)>>32 == (0-99), if (0-19) thaw out.
    
    Image Example of Tri Attack (open)
    [​IMG]
  14. Kaphotics

    Kaphotics Remodeling Kitchens
    is a Pokemon Researcheris a Contributor to Smogon

    Joined:
    Apr 25, 2009
    Messages:
    780
    BW Battle RNG p4
    Code:
    [U]Sleep Duration[/U]
    ((SEED>>32)*3>>32)+1 = Sleep Counter (Turns Asleep)
    Returns 0-2 value, +1 ==> (1-3) turns asleep.
    Custom1: u32*3
    Custom2: Custom1 >> 32
    Custom3: Custom2 +1
    
    For the move Spore, it calculates Hit and then Turns Asleep.
    
    [U]Confusion Duration[/U] -- not completely sure
    ((SEED>>32)*4>>32)+1 = Confused Counter (Turns Confused)
    Returns 0-3 value, +2 ==> (1-4) turns confused.
    Custom1: u32*4
    Custom2: Custom1 >>32
    Custom3: Custom2 +1
    
    For the move Confuse Ray, it calculates Hit and then Turns Confused.
    Code:
    [u]Paralysis[/u]
    ((SEED>>32)*100>>32) = Paralysis Check
    If  0-24, Pokemon is Paralyzed for the Turn.
    If 25-99, Pokemon can move for the Turn.
    
    [u]Infatuation[/u]
    ((SEED>>32)*100>>32) = Infatuation Check
    If  0-49, Pokemon is Infatuated for the Turn.
    If 50-99, Pokemon can move for the Turn.
    
    [u]Confusion[/u]
    ((SEED>>32)*100>>32) = Confusion Check
    If  0-49, Pokemon is Confused for the Turn, and receives recoil.
        Inflict recoil damage with the next frame (damage).
    If 50-99, Pokemon can move for the Turn.
    
    Code:
    [u]Protect[/u]
    ((SEED>>32)*(2^p))>>32 = Protect Check
      %p = protect counter, initially 0.
    If 0, Pokemon succeeds in Protecting.
       p = p+1
    Else, Protect fails.
       p = 0
    Code:
    [u]Catching and Critical Capture[/u]
    Depending on how you calculate CC and CV, 
            you will use different multiplications to the seed.
    First it calculates if critical capture, then the shake/capture values.
    If result < CV, pass check. Total of 4 for regular catch, 1 for CC.
    
    [U][B]Escape Calculation[/B][/U]
    Esc = ((SEED>>32)*0xFF), return 0-254.
    If Esc < F, then pass run away.
    [img]http://archives.bulbagarden.net/media/upload/0/07/Escape_Formula.png[/img]
  15. Kaphotics

    Kaphotics Remodeling Kitchens
    is a Pokemon Researcheris a Contributor to Smogon

    Joined:
    Apr 25, 2009
    Messages:
    780
    BW Battle RNG p5

    Code:
    [U]Quick Claw Activation[/U]
    QC = ((SEED>>32)*100)>>32 == (0-99)
         if QC < 20, Quick Claw will activate. 
      20% chance to activate.
    • The game will cycle the RNG to store this value regardless of whether or not the Quick Claw holder moves, only if the game requires RNG to be done (opponent move).
    • This means that if you use an item while holding quick claw, if it would have been successful it would still consume a frame at the start anyways.

    Code:
    [U]Shed Skin[/U]
    SS = ((SEED>>32)*100)>>32 == (0-99)
         if SS < 30, Shed Skin will cure the status.
      This always occurs at the end of the turn.
    Code:
    [U]Swipe Moves (Bullet Seed)[/U]
    SC = ((SEED>>32) * 6)>>32 == (0-5)
    01 - Hit 2 Times
    23 - Hit 3 Times
    4  - Hit 4 Times
    5  - Hit 5 Times
    
    Occurs after Accuracy.
    Triple kick is just a repeated move and has accuracy/crit/damage for each.
    Code:
    [u]Effect Spore[/u]
    ES = ((SEED>>32)*100)>>32 == (0-99)
        if ES < 30, Effect Spore will activate.
      Only happens after physical move contact.
      It uses the same seed to calculate what status. IDK.
    Code:
    [u]Focus Band[/u]
    FB = ((SEED>>32)*100)>>32 == (0-99)
        if FB < 10, Focus Band will activate.
  16. Kaphotics

    Kaphotics Remodeling Kitchens
    is a Pokemon Researcheris a Contributor to Smogon

    Joined:
    Apr 25, 2009
    Messages:
    780
    BW Battle RNG p6

    Code:
    [U]Damage Random Value / Damage Variation[/U]
    R = ((SEED>>32)*16>>32 == (0-15)
    
    Inversely related to 85-100, 
      whereas 0 --> 100% damage
      and    15 -->  85% damage
    This is not what the onsite article says about battle damage chances. Even though it was written for D/P, I find it difficult to believe this aspect of the article to be correct.

    Gen 3's Damage Random Value was calculated as follows, which is documented by FractalFusion here.
    Code:
    In battle: Damage variation
    For almost all attacks, the amount of damage that an attack does varies
    between about 85% and 100%. The game determines damage variation 
    three frames after it checks for critical hit.
    When the game rolls for damage variation, the game will cycle the 
    RNG 3 times on that frame.
    
      xxxxxxxx
      xxxxxxxx
      xxxaxxxx    Damage variation, max: a==0   min: a==15
    The lower the number, the more damage the attack does.
    my test pad (open)
    I spat out random numbers from frame 2 of the seed (Crit->Damage), and added 85 to the calc shown above.
    I also did the same, but instead spat out numbers 85-100 with the article's method.

    This only has to make sense for me. (It shows that the higher the number, the less damage it deals). Going back to my calc (before the +85), the lower the number, the more damage it deals.

    [​IMG]
    Code:
    Initial Seed
    D196918F998EDAF9
    
    Deerling attacks!	Breloom
    33 Atk			1 Defense
    26 SpA			999 HP
    Faint Attack used.	Revive used (to no effect).
    
    CBC8A8D6B8DE8B26 ==> 89  for both
    790 HP Remained
    
    B4DC555B11814400 ==> 90  for both
    792 HP Remained
    
    D196918F998EDAF9 ==> 92  for both
    796 HP Remained
    
    7D674084F18A72C3 ==> 100 for both
    814 HP Remained
    
    923DDE8F 3EA5A594 ==> 97  for both
    807 HP Remained
    
    #	Theory	Tested
    89		790
    90		792
    91		794
    92		796
    
    93	799
    94	801
    95	803
    96	805
    97		807
    98	810
    99	812
    100	814
    
    64CCFE6D DE74DAC1	==>	91 on mine, 90 on "DP"
    794 HP Remained
  17. Kaphotics

    Kaphotics Remodeling Kitchens
    is a Pokemon Researcheris a Contributor to Smogon

    Joined:
    Apr 25, 2009
    Messages:
    780
    B/W Wild Pokemon Move Decisions

    MTRNG Controlled.

    Code:
    Seed*#>>32 of Usable Moves ... (0-[#-1])
    Researcher can't really handle it well, so in general you'd >>30 for 4 moves, 
        and >>31 for 2 moves. 3 (and 1) by hand LOL.
    
    0 - Move 1
    1 - Move 2
    2 - Move 3
    3 - Move 4
    
    If the Pokemon has less moves (say 3), the operation is *3.
    
    If a Pokemon is out of PP in a move, 
        it calculates with the # of usable moves that remain. 
                  I didn't test this scenario much at all,
                  because it will never happen in TAS/RNG.
    This will not apply to smart trainer battles, this has only been tested + confirmed on Wild Pokemon.

    If I freeze the table counter to an arbitrary value, the table value AFTER that is used.
  18. Bond697

    Bond697 Dies, died, will die.
    is a Pokemon Researcher

    Joined:
    Jun 20, 2010
    Messages:
    307
    just as a note, something weird happens with the roamers in emerald. (maybe r/s too)

    the roamers are supposed to be method 1, generated ABCD on release. what can happen is a skipped call without the nature = (rand() % 25) beforehand.(because it's supposed to be method 1) i ended up with method 4(ABCE), but without that nature calc beforehand, so there was no reduction in pids based on a pre-determined nature. sabre is thinking that this is also likely the case for any "static pokes", like voltorb, hypno, etc and i would tend to agree with him.
  19. Kaphotics

    Kaphotics Remodeling Kitchens
    is a Pokemon Researcheris a Contributor to Smogon

    Joined:
    Apr 25, 2009
    Messages:
    780
    More MTRNG:

    The game accesses the table for the sprite animations, like when the Pokemon blinks and what not.

    Code:
    16:38	Kaphotics	never before has freezing the MTRNG value delayed the game
    16:38	Kaphotics	I froze it to always access a table value of
    16:39	Kaphotics	00052F40
    16:39	Kaphotics	which is super fucking low
    16:39	Kaphotics	and the game is just sitting here
    16:39	Kaphotics	which makes me think, it hates these low numbers for the MTRNG
    16:40	Kaphotics	looks like the MTRNG controls the sprite (eyes open)
    16:40	Kaphotics	a low value makes it's eyes close
    16:40	Kaphotics	a Pokemon won't "appear" unless its eyes are open
    16:40	Kaphotics	seriously wtf
    16:40	Kaphotics	I cant throw out a pokemon with the 0 value
    16:41	Kaphotics	lol my pokemon is blinking like mad
    If a Pokemon's eyes are closing/opening, the game hangs until it's not. If you throw a PokeBall at a Pokemon, it won't go inside if the current MTRNG value is 0. Its white silhouette just dances around. Nor will the PokeBall descend/move if the value is 0.

    It will calculate for your Pokemon, then for the enemy. This is the reason why the MTRNG advances in twos during the battle.

    Trying to get PKRS out of this, since there's +2+4 advancement after the battle ends.
    Having this 6/65536 does not work for triggering PKRS, so I'll look more into it.

    ====

    In recap, even with 0001 as the upper16 of the table value, I still couldn't get PKRS.

    The game goes through 1 frame per each sprite on the field, including trainers and thrown Pokeballs (even capturing balls). If something has its eyes closed but it is not asleep, the game will wait until its eyes are open for more than one frame (if it's blinking on every frame the game won't advance).

    Move decisions consume 1 frame per enemy Pokemon that needs to do a "random" move. Haven't tested for smart trainers with smart moves.

    Once you catch the Pokemon, there's another +1 (end of turn calculate next move? probably not. tested it for PKRS, nope).

    There's still the +2+4 at the end on the battle fade out, don't know what it's for, but it does it every time as far as I've seen.

    Pokerus still eludes.
  20. Kaphotics

    Kaphotics Remodeling Kitchens
    is a Pokemon Researcheris a Contributor to Smogon

    Joined:
    Apr 25, 2009
    Messages:
    780
    [​IMG]

    Made Juniper have a shiny Miccino. Never heard of this being possible, but it is.

    Set during the second part of advancements when you meet Professor Juniper, having a 0 as the upper 32 makes it shiny.

    Code:
    PID seed, IV table frame.
    Transition which then has Juniper appear from black.
    
    0	9B1AE6E9A384E6F9		4A
    7	0C45453A2B8A2726		4A
    8	PID	CC28FE8936A566C1		+6
    9	Nature	229675654EAC71E8	51
    Wanna break it? PID/Nature and 6 IVs, most likely. Could be PID/TID/SID instead.
  21. Kaphotics

    Kaphotics Remodeling Kitchens
    is a Pokemon Researcheris a Contributor to Smogon

    Joined:
    Apr 25, 2009
    Messages:
    780
    Battle Subway Trainers / Pokemon

    Not yet researched, but a few people are interested in helping so I might as well put down the useful info...

    Battle Subway Trainers, includes the Pokemon that they will use.

    Groups and Pokemon they use (open)

    Code:
    Group-1		1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66
    Group-2		67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132
    Group-3		133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170
    Group-4		171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208
    Group-5		209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296
    Group-6		297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383
    Group-7		384,385,386,387,388,389,390,391,392,393,394,395,396,397,398
    Group-8		515,516,517,518,519,520,521
    Group-9		444,451,512,542,547,552,554,556,557
    Group-10	384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471
    Group-11	472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558
    Group-12	559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646
    Group-13	647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733
    Group-14	734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821
    Group-15	822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908
    Group-16	823,824,826,828,829,830,835,836,839,840,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,873,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,897,899,900,901,903,904,905,906,907
    Group-17	909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953,954,955,956,957,958,959,960,961,962,963,964,965,966,967,968,969,970,971,972,973,974,975,976,977,978,979,980,981,982,983,984,985,986,987,988
    
    
    
    
    Group-A		72,75,80,91,92,107,109,116,118,119,128,129,132
    Group-B		81,89,93,94,100,113,119,128,131
    Group-C		217,218,224,225,227,236,243,260,262,282,283,284,285,286,287,290,295,307,309,315,318,320,321,322,324,329,337,348,349,354,356,360,376,378,381
    Group-D		211,214,217,220,223,227,231,236,240,243,251,263,274,288,290,295,296,301,308,328,336,340,355,357,363,365,367,369
    Group-E		211,214,217,220,223,227,228,231,236,240,242,243,247,251,253,254,258,263,265,266,274,275,288,290,295,296,301,305,308,327,328,330,331,336,340,353,355,357,362,363,365,366,367,368,369,373,383
    Group-F		216,219,222,226,232,235,237,244,245,246,252,267,271,277,280,296,304,306,311,314,317,319,321,323,325,326,334,344,347,351,378
    Group-G		235,244,252,255,259,260,267,271,280,289,294,299,306,311,317,321,323,325,326,339,344,350,378
    Group-H		408,442,469,484,485,505,511,513,524,534,537,555
    Group-I		404,415,430,443,456,498,521,527,530,531,532,538
    Group-J		392,393,399,400,402,411,418,435,437,457,458,459,460,461,462,465,470,482,484,490,493,495,496,497,499,504,512,523,524,529,531,535,551,553,556
    Group-K		391,394,395,397,401,407,408,409,412,420,421,436,446,447,452,455,462,466,471
    Group-L		667,674,676,677,679,682,708,715,723,726,727,729
    Group-M		751,754,755,780,784,785,788,792,795,798,799,803,804,814,819,824,834,835,858,859,860,861,864,868,875,905
    Group-N		735,738,741,744,745,747,751,757,758,759,762,770,771,782,786,796,797,802,805,812,816,821,822,828,829,831,835,838,839,844,845,847,859,863,864,867,872,874,876,879,884,896,899,900,905
    Group-O		736,737,739,740,742,744,745,746,751,752,759,766,767,768,771,776,779,780,781,782,783,784,785,786,788,789,790,791,792,793,794,795,796,797,798,799,802,803,804,805,806,809,815,816,819
    Group-P		309,326,418,447,554,578,617,671,681,718,752,767,789,791,796,890,900,976
    Group-Q		823,824,826,828,829,830,835,836,839,840,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,873,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,897,899,900,901,903,904,905,906,907
    Group-R		243,251,288,295,340,357,367,369,426,463,468,470,516,532,542,570,581,586,590,593,601,613,614,638,640,645,678,686,691,705,707,717,745,765,766,775,776,788,799,813,820,825,861,865,892,894
    Group-S		618,637,647,706,710,713,761,827,832,833,849,880
    Group-T		219,267,291,310,323,332,336,365,368,372,373,376,377,378,379,380,381,382,394,442,466,485,498,507,511,540,543,547,548,551,552,553,554,555,556,557,569,617,641,660,673,682,686,715,718,722,723,726,727,728,729,730,731,732,744,792,816,835,848,857,861,890,893,897,898,901,902,903,904,905,906,907
    Group-U		212,213,248,249,252,256,335,361,374,375,423,424,427,431,472,510,536,598,599,602,606,685,695,711,725,738,773,774,777,781,831,860,886
    Group-V		252,274,310,378,400,402,445,454,470,494,525,583,587,609,785,787,788,811,835,843,844,847,860,873,875,885
    Group-W		209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748
    Group-X		233,267,294,309,310,330,336,338,349,359,362,380,408,442,469,484,485,505,511,513,524,534,537,555,583,617,644,659,660,680,686,688,699,709,712,730,758,792,819,834,835,855,861,863,874,884,887,905
    Group-Y		340,341,342,343,344,345,346,515,516,517,518,519,520,521,690,691,692,693,694,695,696,865,866,867,868,869,870,871
    Group-Z		240,255,346,352,355,356,363,430,456,521,527,530,531,538,579,605,618,631,696,702,705,706,713,754,780,793,806,871,877,880,881,888
    Group-AA	218,272,315,320,348,378,381,484,493,495,523,553,593,634,637,668,670,679,698,728,749,812,840,845,873,903,915,927,979
    Group-BB	209,238,240,246,251,267,272,281,316,326,344,350,361,368,377,431,484,544,593,598,601,606,613,617,634,637,658,690,700,718,734,737,740,743,749,752,753,757,759,768,772,776,781,784,789,791,796,797,809,840,843,851,864,893,894
    Group-CC	212,232,237,250,270,275,281,282,301,315,335,340,341,346,373,426,427,465,485,487,507,508,512,552,560,562,563,570,581,586,590,605,628,631,639,694,745,754,755,760,775,780,806,835,853,871,872,877,892,898,949,953,954,966,969,970,971,974,982
    Group-DD	239,241,250,261,293,338,341,347,370,414,416,425,436,468,513,516,522,545,581,591,600,611,643,688,691,697,720,764,766,775,786,818,863,866,872,895
    Group-EE	210,234,238,242,247,276,294,317,324,326,327,329,332,358,365,373,376,377,379,385,409,413,417,422,451,469,492,499,501,502,504,507,533,540,548,551,552,554,560,584,588,592,597,626,644,667,674,676,677,679,682,708,715,723,726,727,729,735,759,763,767,772,801,819,842,849,851,852,854,857,883,890,898,901,902,904,909,910,911,921,922,929,930,931,941,942,949,950,951,961,962,969,970,971,981,982
    Group-FF	352,376,420,466,467,495,502,526,538,547,551,596,607,610,618,629,630,669,671,677,689,701,702,703,714,726,771,794,805,844,845,846,852,877,878,897,901
    Group-GG	144,151,154,182,201,246,259,272,326,338,431,436,447,493,494,514,606,628,676,784,786,795,796,797,804,817,843,851,863,864,876,888,889
    Group-HH	144,151,154,182,201,246,259,272,326,338,352,376,420,431,436,447,466,467,493,494,495,502,514,526,538,547,551,596,606,607,610,618,628,629,630,669,671,676,677,689,701,702,703,714,726,771,784,786,794,795,796,797,804,805,817,843,844,845,846,851,852,863,864,876,877,878,888,889,897,901
    
    Leader-A	158,160,688
    Leader-B	689,845,897
    Leader-C	158,160,611,863
    Leader-D	364,689,845,897
    Leader-E	158,688
    Leader-F	156,611
    Leader-G	845,897
    Leader-H	364,901


    Trainer sets of pokemon (open)

    Code:
    BLACK & WHITE BATTLE SUBWAY TRAINERS & THEIR POKÉMON
    
    Ace Trainer DFGM	= set 4
    Ace Trainer Pa/Re 	= 18 PKMN - Clay/Mandi1, Gastro/Ferro/Sala2, Gran/Tomb/Krook/Licki/Blis3, Quag/Raptor/Weez/Tauros/Scraf/Gyara/Arca/Ice4
    Artist  		= all sets Normal/Steel/Ghost/Psychic
    Backpacker 		= set 1
    Baker 			= Sun (Grass/Fire) - Volca/Meg1, Rapi2, Leaf3, Doom 4, Arca13, Typhlo14, Plume/Vicy/Shift/Lilig/Eggy/Tang1234
    Battle Girl 		= set 4 Fire/Fighting/Steel
    Black Belt 		= set 4 Fire/Fighting/Steel
    Biker 			= all sets Star/Gyara/Drag/Blis/Tyra/Sala/Meta/Ape/Zong/Tomb/Chomp/Vile/Kiss/Yan/Arche/Esca/Haxo/Hydra1234
    Clerk (A/A/B/E)		= set 3
    Clerk (Fau/Ulf)  	= set 4
    Cyclist 		= set 3
    Depot Agent 		= Electric/Steel - Lant3, Raichu124, Mane/Trode/Zebra/Klink/Durant/Jolt/Luca/Vire1234
    Doctor 			= set 4
    Fisherman Fird 		= set 3,4 Water
    Fisherman Humf 		= set 1,2 Water
    Gentleman 		= all sets Legends
    Harlequin 		= TR - Shift/King1/Ttar1, Zong 14, Wak/Quag/Musha/Reun/Seismi2, Conkel/Noir24, Forry/Harry3, Cofag/Golurk/Golem/Bro/Ramp/Giga/Lix/Eggy/Hippo/Rhy4
    Hiker Jorge 		= all sets Ground
    Hiker Kemuel 		= all sets Rock
    Janitor 		= Doubles - Brel/Harry/MushaMilky/Nidoq/Toed/Shuck/Eggy/Vap/Jolteon1, Aboma134, Meggy13, Trode/Glace/Kiss14, Zong 24, Arti/Lass/Cune34,  Ludi/Shift/Carac//Lux/Yan/Garde/Gon/Draggy2,  		Zard/Typhlo/Empo/Lant/Whisc/Dew/Goth/Magius/Umby/Ent/Cress3, Empo/Jynx/Mime/Abso/Tenta/Luca/Bear/Dra,/Zap/Tres/Thund4
    Maid 			= all sets Starters
    Nurse 			= set 4 
    Nursery Aide 		= all sets Eeveelutions
    Parasol Lady 		= Rain - Ludi/Float/Seismi/Kingdra/1234, Gastro13, Vap/Milo14, Lap123, Zeb2, Jolt23, Empo34, Lant/Whis/Weez/Carac/Tenta/Walr3, Dew/Bro/Star34, Mane/Trode/King/Amphy4
    Pilot 			= all sets Flying  		
    Psychic 		= set 4 Psychic/Ghost
    PKMN Breeder 		= set 4
    PKMN Ranger 		= set 3
    Policeman 		= Annoy - Venu/Mandi/Ferro14, Blis/Ludi134, Lilig234, Tomb/Dusk13, Milo24, Gastro/Crad34, Vespi/Dew/Throh/Aboma/Rose/Umby/Tang/Drag1, 
     	 		Clay2, Plume/Bro/Basti/WailVap3,  Meg/Scep/Tort/Dug/Quag/Gran/Brel/Skarm/Unfe/Cofa/Weez//Taur/Scraf/Shuck/Giga/Chande4
    Roughneck 		= OHKO - Cryo/Basti/Rapi/Mamo/Rhy/Vani3, Whis/Pins/Phan/Wail/Glis/Walr4
    Scientist 		= set 4
    Socialite 		= all sets Legends
    Vet Col/Jeu/Ler/Ri 	= all sets Legends
    Vet Ging/Hec 		= set 4
    Vet Don/Pon 		= set 4 
    Waiter 			= set 2
    Waitress 		= set 2
    Worker Hayes 		= Sand - Tort/Ferro/Chomp1, Shu14, Exca/Tyra/Hippo1234, Clay2, Giga23, Gastro/Crad3, Dug4, Basti34, Aero3, Regi1, Land1, Terra4
    Worker Quinn 		= Sand - Tort/Ferro/Chomp1, Shu14, Exca/Tyra/Hippo1234, Clay2, Giga23, Gastro/Crad3, Dug4
    Worker Rom/Valé 	= Hail - Dew1, Abo234, Jynx34, Cryo34, Fros/Glac/Bear/Walr/Mamo/Vani1234 


    Useful resources:
    trainers and their pokemon in english
    groups

    There's 7 frame advancements at the beginning. So far I have found that Youngster Joshua occupies slot 0 for the noob singles. It probably generates all of the subway passengers at this point.

    When the next car is loaded, the Pokemon are decided. How, I'm not sure.

    There's 50 default trainers...

    5B14712C8BDF5897 got me Joshua, in addition to 0.
    DB2CEFB5EA15C166 got me Pokéfan Farna.
  22. Kaphotics

    Kaphotics Remodeling Kitchens
    is a Pokemon Researcheris a Contributor to Smogon

    Joined:
    Apr 25, 2009
    Messages:
    780
    DPPt / HGSS Everstone

    Code:
    [U][B]LCRNG[/B][/U]
    
    trigger: step counter to check to see if egg will be made
    
    0	F8EF4D06	Initial
    1	00000001	Egg Decision (0000%whatever, lower number the better)
    2	41C6AEE0	Everstone Decision (high bit) = 0
    Code:
    [U][B]MTRNG[/B][/U]
    
    0	Initial
    0+n	If Everstone passes, 
                skip until the IRNG value%25 is the Everstone Nature
    If I had to guess, it does the same thing for international, but whatever IRNG value it gets has to go through the ARNG advancements for the International PID. That's why Everstone doesn't work for International Breeding.

    This also illustrates how the game does not use the MTRNG for calculations, only number grabs. The species determination would be from the LCRNG, if anyone cared.

    DPPt / HGSS "Masuda Method"

    Code:
    Egg PIDs
    
    I didn't find the documentation on this anywhere so I'm putting it here.
    
    1 - IRNG  -- [size=1]initial MTRNG frame +1[/size]
      if International, and ^ not shiny
    2   ARNG[IRNG](1), stop if shiny
    3   ARNG[IRNG](2), stop if shiny
    4   ARNG[IRNG](3), stop if shiny
    5   ARNG[IRNG](4), stop always
    International Breeding in Gen 4 is 5/8192, not 4/8192. Nobody really took note of the first call as it's shared with the Normal Breeding method (and thus the 4 ARNG is what was thought to be the International PIDs).
  23. Kaphotics

    Kaphotics Remodeling Kitchens
    is a Pokemon Researcheris a Contributor to Smogon

    Joined:
    Apr 25, 2009
    Messages:
    780
    DPPt / HGSS / RSE (FRLG) Damage Formula -- Random Value

    On the previous page I described the Random Value for the damage formula for Black&White, but I didn't list the actual calculation for Gen 3/4 games.

    Code:
    (SEED >> 16) % 0x10   == (0-15)
    
    Inversely related to 85-100, 
      whereas 0 --> 100% damage
      and    15 -->  85% damage
    
    The lower the number, the more damage the attack does.
    In conclusion, the Random Value for the Damage Calculation is not an uneven distribution like the DPP onsite article says.

    Here's what it says... (open)
    85, 87, 89, 90, 92, 94, 96 and 98 each have a 7.69% chance of being chosen.
    86, 88, 91, 93, 95, 97 and 99 each have a 5.13% chance of being chosen.
    100 has only a 2.56% chance of being chosen.

    This is only correct for Gameboy games!!!


    The misunderstanding arose when people assumed that the damage formula from the Gameboy games carried on to the GBA&DS era. However, it did not. (The last update to the GB damage source was 1/6/2002!)

    From the actual calculations the game does, this results in a completely even distribution of 85% thru 100%.

    Again, here are the formulas Generations III-V use.

    Code:
    Need to calculate the Random Value for Damage? 
        Take the seed on the frame the calculation occurs and...
    
    [U]RSEFRLG / DPPt / HGSS[/U]
    U16 % 0x10    = (0-15)
    *might be /0x1000 for DPPt
    
    [U]BW[/U]
    U32 * 16 >>32 = (0-15)
    Implications of this Information
    • All % chance to KO calculations are incorrect for Gen 3/4/5 (they are slightly higher).
    • PO is using an incorrect damage formula, overall making moves do on average less damage than they should.
      • PO has always had a stealth "buff" to the Stall strategy, for this very reason.
      • Stall is weaker on the Cartridges than it currently is in Pokemon Online.
      • When fixed, Stall will be slightly weaker to other strategies because you will take more damage on average.
  24. Bond697

    Bond697 Dies, died, will die.
    is a Pokemon Researcher

    Joined:
    Jun 20, 2010
    Messages:
    307
    i think i might have the first unused rng that we've found so far.

    Code:
    RAM:020946AC ; S U B R O U T I N E =======================================
    RAM:020946AC
    RAM:020946AC
    RAM:020946AC ARNG__
    RAM:020946AC                 LDR     R2, =dword_20A8A98
    RAM:020946B0                 LDR     R0, =0x41C64E6D
    RAM:020946B4                 LDR     R3, [R2]
    RAM:020946B8                 LDR     R1, =0x7FFF
    RAM:020946BC                 MUL     R0, R3, R0
    RAM:020946C0                 ADD     R0, R0, #0x39
    RAM:020946C4                 ADD     R0, R0, #0x3000
    RAM:020946C8                 STR     R0, [R2]
    RAM:020946CC                 AND     R0, R1, R0,LSR#16
    RAM:020946D0                 BX      LR
    RAM:020946D0 ; End of function ARNG__
    RAM:020946D0
    RAM:020946D0 ; ---------------------------------------------------------------------------
    RAM:020946D4 off_20946D4     DCD dword_20A8A98       ; DATA XREF: ARNG__r
    RAM:020946D8 dword_20946D8   DCD 0x41C64E6D          ; DATA XREF: ARNG__+4r
    RAM:020946DC dword_20946DC   DCD 0x7FFF              ; DATA XREF: ARNG__+Cr
    RAM:020946E0
    RAM:020946E0 ; S U B R O U T I N E =======================================
    RAM:020946E0
    RAM:020946E0
    RAM:020946E0 arngStore__
    RAM:020946E0                 LDR     R1, =dword_20A8A98
    RAM:020946E4                 STR     R0, [R1]
    RAM:020946E8                 BX      LR
    RAM:020946E8 ; End of function arngStore__
    RAM:020946E8
    RAM:020946E8 ; ---------------------------------------------------------------------------
    RAM:020946EC off_20946EC     DCD dword_20A8A98       ; DATA XREF: arngStore__r
    RAM:020946F0
    
    so, what we've got here:

    -load 20A8A98 into r2
    -load 41C64E6D into r0
    -load *20A8A98 into r3
    -multiply r0 *= r3
    -add 0x3039(12345d) to the result(instead of 0x6073)
    -store the result back to 20A8A98
    -(result >> 16) & 0x7FFF - this is trimming off bit 15, returning a number made up of bits 0-14 in r0-basically, it assures numbers between 0 and 7FFF


    so why do i think it's unused?

    well,

    a. the offset it's using as the global state for the rng is inside the arm9 binary, which makes absolutely no sense at all. the area where the arm9 is stored in ram has the arm9 program written to it then isn't written to again. it's basically read only afterwards.

    b. the value there never changes from 1, ever, so far as i can tell. i went ahead and made a sort of breakpoint AR code for that rng and tried anywhere i could think of that wouldn't be viable to go in no$debug.(the gts, other online/networked stuff), and the code never caused a break. i did test it beforehand on something that i know is called and it does work.

    c. the other 2 times that 41C64E6D is used are both for encryption, not for creating random numbers.

    seeing as though the c in the equation is 0x3039, which is 12345 in decimal, it seems that maybe someone made it as a test rng and didn't remove it? considering where it reads and writes to, i wouldn't think it's used at all. if so, someone at gamefreak is really irresponsible. There's actually code past this point in the binary(which ends at 20AA7E0) and it continues until the end.

    if someone does manage to find that it is used, please say so. i'm very curious about this one.
  25. Bond697

    Bond697 Dies, died, will die.
    is a Pokemon Researcher

    Joined:
    Jun 20, 2010
    Messages:
    307
    yes, the damage formula is wrong. fractal fusion's gen 3 formula holds for gen 4 and gen 5. the full thing will follow soon, but for now:

    (a small piece of the damage calc)
    Code:
     (the result of (u32 * 16) >> 32 is in r0)- this is what i'm calling the "event value"; nintendo calls it a "max"
    021C1FB0 2164     mov     r1,#0x64                               
    021C1FB2 1A08     sub     r0,r1,r0                                //percent = 100 - event_value
    021C1FB4 0400     lsl     r0,r0,#0x10                             //dumb typecasting
    021C1FB6 0C00     lsr     r0,r0,#0x10                            // more dumb typecasting
    021C1FB8 4378     mul     r0,r7                                    //current damage total, so percent * damage_total
    021C1FBA 2164     mov     r1,#0x64                                // arg
    021C1FBC F6DAE984 blx     #0x209C2C8                       //divmod - r0 and r1
    
    the unsigned divmod(this one) returns r0/r1 in r0 and r0%r1 in r1. this is doing (percent * damage_total)/100. or for clarity, it's doing (damage_total * (percent/100)).

Users Viewing Thread (Users: 0, Guests: 2)