POKEMON X 3DS EMULATOR FULL
As I was now able to run it on my console while running my own unsigned code in the background, which meant I could not only take in game screenshots, but also make full ram dumps. For the unitiated : shortly after I got redNAND up and running on my 3DS, I got ahold of a copy of pokemon Y. But what can you do, live and learn I suppose. I was also disappointed in the reaction of some “hardcore pokéhackers” (because apparently, I was expected to share the game’s full decrypted code… which obviously wasn’t going to happen). I wasn’t expecting for something so simple to make such a big impact, and frankly it’s a little frustrating that now a large chunk of the messages I get are from people who want to buy hacked pokémon from me. Overall I’d say it was a positive experience.
I’d like to start by saying that I’m not in any way a “pokéhacker” I did what I did for fun and because people were curious, and I was all too glad to be able to help out in finding out some secrets. Which brings me to pokémon, and pokéhacking (yes, that’s a word now). One of the less alarming side effects of messing with the 3DS’s NAND like a reckless idiot. Either way, redNAND seems to be running very well at the moment obviously we’d need more than just the few of us who have it running atm to test it before an actual release, but I’ve used it on my 3DS for a number of hours while playing pokemon and so far no problem. Not 100% sure about this as there are some discrepancies in my theory (iirc the console crashed before it got to the point where it would show the game notes initialization message), but so far that’s the best explanation I’ve got for what happened. Because of that, going into game notes would create those files, which would normally be fine, but because it would be using the FAT table from my NAND dump while writing to my actual NAND, obviously things would go wrong and it would and up messing stuff up. My theory goes that because I had never gone into game notes before dumping my NAND (I’d just done a system reset to undo the potential side effects of a previous bad NAND write), the files which were supposed to contain its data had not been created. I don’t know for sure exactly what happened as I haven’t repaired that 3DS yet (simply reflashing an old dump to NAND *should* be enough to get it going again), but I think it has to do with game notes. Because of that, I guess the 3DS overwrote something it shouldn’t have on NAND, and somehow that broke everything. As far as I can tell, what happened is that while I’d gotten my NAND redirection code working for reading (as the 3DS did boot by loading all its data from my SD), I had not actually located and hooked the NAND writing code properly. If you follow me on twitter, maybe you know that I bricked a 3DS while working on this. I’m calling it redNAND because I like silly names, but you don’t have to. Not necessarily an easy thing to do, but since we did already have some information on how NAND and SD are accessed thanks to the (light) documentation present on 3Dbrew and the fact that it works in ways very similar to how it did on the DSi, it was really little more than a matter of time until we got it working. Really, what it took to get it running was a bunch of code analysis and reverse engineering. Getting that done was not actually that hard a task. Mostly, I was able to get NAND redirection working on my 3DS. That’s ok though, as I did get a lot done before starting my hiatus (and I started writing an article about my 3DS work). Unfortunately, I have not had any time to work on 3DS stuff in the past couple weeks.
Now, here’s to hoping I’ll have time to further my 3DS plans soon ! Nothing too exciting in and of itself, but it allowed me to spawn unobtainable pokémon, and the rest is history. From there, I listed the pokemon I’d encountered in my area, wrote a python script to search through my ram dump to find an adequate-looking structure, and that’s how I found the encounter tables. That’s how I ran across Kaphotics, who confirmed my intuition by graciously providing encounter tables from previous pokémon games. With that in mind, I started asking around to see if anyone knew of such structures in previous games.
It stood to reason that the possibly encounterable pokémon in a given area would have to be stored somewhere in memory. Now, I *really* wanted to capture a mew for no appropriate reason so I decided to make a cheat that would allow me to do so.
Being able to dump RAM in game meant being able to see the game’s code, some of its ressources, but also of course it meant being able to analyze it to create cheats.