FE: Awakening Hacking Topic

[Jacien]

Here ya go.

Most recent Dump: https://www.dropbox.com/s/rlxvvsq66er8889/Skills.bin?dl=0

HexWorkshop Bookmarks for mine: https://www.dropbox.com/s/brjafwsnjm9k1wy/Slots.hbk?dl=0

The first four are Character Table entries (with the character pointer in it). And the rest of the bookmarks that say Slot # are on each character pointer in the roster.

EDIT: Yeah the parent pointers are weird. My Avatar married Tharja, and Morgan points one way and Noire points the other way.

A8853915 = Avatar; 78B63915 = Tharja

Morgan points to 0x018EBDA0

Noire points to 0x009B46B0

And both begin with Avatar. I was under the impression that it was always the mother first. So yeah, whatever this place is that contains marriage/parent data, it has both parents together.

And on a different dump Noire points to a place south like Morgan's and everyone else goes north.

This is weird lol. But it does seem like it always points to the father first. Going to bed.

Edited May 5, 2015 by Jacien

[Missing Number]

sorry bout causing confusion lol, yeah i took Sully x Stahl and subbed in Anna x Yarne (haven't even met him yet lol)

since i made everyone related basically, something odd happened when i talked to one sibling (anyone) to another (anyone), the game just threw up the next letter grade with no convo (im guessing these guys aren't supposed to be related lol) but it closed the rank for everyone..... so it def got some stuff about support in it, which is why i'll assume each kid has their own set even if they are brothers n sisters

in the original save, some data was the same, and in the next, some of it changed (after i talked) i didnt have the time to record the differences tho

[spoiler=Sully x Stahl (Kjelle)]

one thing that really sucks is the inibility to create this data, as i have tried (basically copied EVERYTHING in that area to an older save before kids) and failed (crash) so i can't even have parents til chapter 13 T~T

Edited May 5, 2015 by Missing Number

[shadowofchaos]

...you know, I think instead of coding something huge for "porting" codes, I should just make a quick Excel Calculator like I did for Radiant Dawn before.

Because that text file list looks PAINFUL.

Edit: It looks like your 3DS home theme might also affect Character Table shifts...

Edited May 6, 2015 by shadowofchaos

[Jacien]

Oh interesting. I saw only one other person here had the same offsets like me for the character roster. That could be interesting if that's the case.

For perspective my save files have been on a U.S. Retail cart, spot pass data and dlc with a standard home theme.

However the 3ds has dlc data in the save but not installed. I think I'll buy the dlc on the spare 3ds

Edited May 6, 2015 by Jacien

[shadowofchaos]

I'm not sure about the theme, but I used Rxtools Emunand and that had my Club Nintendo Hanafuda theme... and since them, my offsets have shifted.

[shadowofchaos]

Same, this is odd.

I guess it's the site acting up.

EDIT: It works for me now, used this https://chart.googleapis.com/chart?cht=qr&chs=220x220&chl=http://dukesrg.no-ip.org/3ds/rop?memdump.dat%26

Which is basically the usual site with no filename chosen. The way it dumps is changed, it doesn't just flicker, it shows the progress of the dump now.

http://dukesrg.no-ip.org/3ds/rop.html

Except that just dumps one at a time.

You can now dump multiple on your SD card without changing the filenames.

This QR code dumps according to the timestamp:

[Missing Number]

the one i use does that, but i have it saved as a bookmark, i find it easiest to just go to the bookmark than have to load up the camera and then switch to QR then browser..... skip the middleman

when loading codes, theres only QR, but dumping, i use my bookmark....... sure i still have to wait like 1 minute, but at least i save 5 - 15 seconds

i wonder if Citra can load Awakening..... would be quicker to make codes that way possibly?

[shadowofchaos]

i wonder if Citra can load Awakening..... would be quicker to make codes that way possibly?

And be hell to port.

I want NTR CFW ported to Old3ds already. I want that debugger and live memory editor.

Edited May 8, 2015 by shadowofchaos

[shadowofchaos]

Character Block Table

The character block table keeps track of your current character roster. The order in there is dynamic and it will change several times.

Stuff like haircolor, level, exp, hp, character inventory etc are stored in there. Each block is 272 bytes in size and there is a total of 200 blocks but most remain unused.

You can search for this hex string to find the beginning of the table:

10 01 00 00 C8 00 00 00 00 00 00 00 00 00 00 00 ?? ?? ?? ??

10 01 00 00 seems to be holding the object size (272 bytes)

while C8 00 00 00 seems to hold the object count (200)

Those blocks were partially mapped out already by some of you guys, there are still some unknown values left in there.

Expect more info soon... :)

I'm really interested in finding more reliable pointers to offer support to read every dump of the game reliable, regardless of what game version was used to make it. Hope you guys can help me with that :D

Making an excel calculator for this (even though a program might be better)... and I found out that mine had:

10 01 00 00 C8 00 00 00 01 00 00 00 00 00 00 00 ?? ?? ?? ??

Though 10 01 00 00 C8 00 00 00 only had one result.

Edit: Anyone willing to test this?

I know m0rt's program is probably superior, but this will probably save you guys time for now.

WIP, took about 10 minutes:

https://dl.dropboxusercontent.com/u/5490460/FE13%20Related/RAM%20Hacking/FE13%20Temporary%20Shifting%20Offsets%20Calculator.xls

Edited May 8, 2015 by shadowofchaos

[Rilne]

Making an excel calculator for this (even though a program might be better)... and I found out that mine had:

10 01 00 00 C8 00 00 00 01 00 00 00 00 00 00 00 ?? ?? ?? ??

Though 10 01 00 00 C8 00 00 00 only had one result.

Edit: Anyone willing to test this?

I know m0rt's program is probably superior, but this will probably save you guys time for now.

WIP, took about 10 minutes:

https://dl.dropboxusercontent.com/u/5490460/FE13%20Related/RAM%20Hacking/FE13%20Temporary%20Shifting%20Offsets%20Calculator.xls

I've seen that a few times in my dumps too, I suspect it has to do with whether Chrom is locked or not.

Why are we making an excel calculator?

Just do D3000000 [your starting offset] then work relative to that. It's what that mode is for.

Edited May 8, 2015 by Rilne

[shadowofchaos]

I've seen that a few times in my dumps too, I suspect it has to do with whether Chrom is locked or not.

Why are we making an excel calculator?

Just do D3000000 [your starting offset] then work relative to that. It's what that mode is for.

Because crap like PIDs aren't on a set offset.

It's easier to generate the MU x MU code from a program because it's dependent on the other shifts.

[Rilne]

Eh. I worked with pointers by loading a known one with D9,

incrementing/decrementing it enough to point to what I want (since most of them are in a consistant order),

then writing to target with D6.

This admittedly doesn't help too much with the parent pointers, since we'd need to actually follow them,

but for support tables/class tables/other stuff it works fairly well.

I wanna try and fork the lunarcookies generator and add some extensions (inline ASM and the 'add data to offset' in particular),

we'll see how far I get with that.

Should be able to make better general codes then.

[shadowofchaos]

I found character "status".

What the dancer refreshes. It's 2 bytes after the coordinates.

[Rilne]

Nice. Oh, I'm not sure if this is common knowledge or not:

If you dump, close your 3DS lid while still on home screen, take out SD card and copy dump off,

then put SD card back in and open 3DS back up AFTER it's back in,

it won't freak out and decide to shutdown/close your game.

useful for looking at the memory _right now_ and then immediately making edits based on that.

[shadowofchaos]

This is ASSUMING that you don't have EmuNAND.

[shadowofchaos]

So apparently, while changing character pointers, things happened...

So that's where Ike went after FE10...

Also the logbook pointer names overwrite the character names if they happen to have one already.

So Alm was Chrom. Even though it still said Alm and the portrait because of the logbook pointer.

Edited May 9, 2015 by shadowofchaos

[someonewhodied]

So uhh. where is the convoy relative to your gold amount?

I never actually found how to edit my convoy.

Edited May 9, 2015 by someonewhodied

[someonewhodied]

So there is definitely a gender byte in character blocks. This is what says if someone can use wedding bouquet/dread scroll.

Other reclasses aren't affected regardless but i wonder where this byte is.

Also how to recruit twin morgans in their chapter?

This seems to be the only way to make both morgans show up in everyone else's supports. (though you can just access the supports from the morgans)

wait i think i got it.

Edited May 10, 2015 by someonewhodied

[shadowofchaos]

I hope this helps even one person when it comes to porting codes between versions.

https://www.youtube.com/watch?v=bATrOqxq3ro

Edited May 10, 2015 by shadowofchaos

[someonewhodied]

Paralogue Morgan Test

0135147C 15345368

01351480 154C78C8

01351490 15639860

01351494 00000000

01351498 738898A2

0135151C FFF18708

E1638ED5 00000030

00000000 00000000

00000000 00000000

00000000 00000000

00000000 00000000

00000000 00000000

00000000 00000000

This is what i used to recruit morgan twins:

First part is: Character pointer, Class Pointer, Parent Pointer, Zero out enemy pointer, Copy Morgan Original's unknown 4 bytes (maybe linked to something relevant?), hair color

Second part zeros out the event string.

[shadowofchaos]

All you need to do is zero 12 bytes ._.

I added them to the paralogue as a green unit.

Add Female Mark:

E160F140 0000003C

00000000 00000000

00000000 00000000

00000000 00000000

00000000 00000000

20000220 00000000

00000010 00000000

FFFF0079 32000000

00070001 00000000

E160F1A4 0000000C

155DAFA8 155AFEC8

1522F340 00000000

0160F1B8 15B1337C

E160F1C4 00000008

04080A0D 01050B06

0160F1CC 26000A41

E160F1D0 00000008

110B110B 00000100

E160F1E0 00000014

10230003 00230067

00030099 00000000

00000000 00000000

E160F1F4 00000008

0011000D 004C0025

1160F1FC 00000000

1160F1FE 00000023

0160F200 00230000

0160F244 FF55585B

2162F23E 000000FF

2162F240 00000001

2162F248 00000003

0122F37C 1560F250

Edited May 11, 2015 by shadowofchaos

[shadowofchaos]

0199CA38 - Pointer Location

0134DCD8 - First Character

6199CA38 00000000

B199CA38 00000000

// QuickMax Skills

2000001F 000000FE

00000020 FFFFFFFF

00000024 FFFFFFFF

00000028 FFFFFFFF

// Character Portrait

00000064 XXXXXXXX

//Class Modifier

00000068 XXXXXXXX

// Logbook Pointer

00000074 XXXXXXXX

//Marriage Pointer

00000078 XXXXXXXX

//Stats

00000084 SK MA ST HP

00000088 RE DF LK SP

//Level

2000008A 000000XX

//EXP

2000008B 000000XX

//Inventory (u = uses, x = item id)

000000A0 00UU00XX

000000A4 00UU00XX

000000A8 00UU00XX

000000AC 00UU00XX

000000B0 00UU00XX

//Skills

000000B4 00WW00VV

000000B8 00YY00XX

200000BC 000000ZZ

//Weapon Ranks

100000BE 00005A5A

000000C0 5A5A5A5A

//Hair Color

00000104 XXXXXXXX

This is what the code should look like. The addresses are correct anyways.

I found a better way to edit the character table:

Pointer to Character table is always at this location in JP:

3CEE100

Anyways, someone named bmi30 found some interesting addresses on the JP version.

100 exp. each action(経験値100)

03E862E0 E3510000

Ported to NA:

Always 100 exp for every action

03E77A5C E3510000

Yo, Vincent, can you give me a dump so I can port it to the EU version?

Can you people test this too?

Edited May 11, 2015 by shadowofchaos

[Jacien]

^ The US code worked perfectly on my retail cart. Neat.

[shadowofchaos]

100 exp. each action ported to European version:

03E77F80 E3510000

Anyone with a Europe copy care to test it for me?

[Missing Number]

i used the all skills code before and it worked.... but then i tried again with a few new additions (childrens n such) and it refuses to activate.... is it bork'd?

nevermind it is working now..... (not sure why it wasn't before....)

also

[spoiler=a few code requests]

1. a code that searches out where our forged item list is and turns everything into godlike weapons. i know from experimentation that there is a limit to each attribute, i think MT is capped at like +30 or +50, and i can get up to 200 accuracy, and 50 crit.... so thats all im asking for, if someone could break those limits feel free to do so lol

2. an all items code that is indifferent to one's version. it seems weapons n junk go above 255 but items are stuck @ 255 for their limit maybe?

3. perhaps an 'has skill' code, that gives you a skill regardless if you have it equipped (some weapons give skill effects like Luna or Astra)

4. a +2 =+30 (or more) for reagons other than the one it already exists for

Edited May 13, 2015 by Missing Number