|
* Press SELECT to exit the Nickname Writer safely.
===Using the nickname writer===
From this point onward, whenever you use the ACE item, you should be able to open the nickname writer. Please make sure to keep note of the following:
* Since the Nickname Writer works independently of the current active box, you can change the current active box however much you like.
* AsWhen awriting side effectdata, the Nickname Writer will overwrite theenemy nicknamesparty ofdata. theWhile partythis pokémondoes correspondingnot withhave theany currenteffect item slotoutside of 4F.battle, '''Pleaseit makeis surerecommended to keepnot 4F inuse the firstNickname 6Writer itemin slots while using the Nickname Writerbattle.'''
The program works as follows:
* This nickname then gets converted to a sequence of five bytes.
* All five bytes are written starting from the starting location
* The program displays a glitched overworld view, along with a checksum (sum of all written byte values) towards the top right of the screen to confirm that you correctly entered the code. '''If the printed checksum doesn't match the expected checksum, you made a mistake entering a code.''' The glitched overworld view is temporary and will not affect your game.
* Afterwards, it waits for the user to decide what to do.
! Write mode !! Input mode
|-
! [[File:RB Name writer write mode.png|thumb]]!![[File:RB Name writer input mode.png|thumb]]
! [[File:RB Name writer input mode.png]]
|-
| PressEnter nickname, press select to switch between uppercase/lowercase || Checksum ("4E", in this case) is displayed rightas ata thehex endvalue ofon the secondtop main menuright entryquadrant
|}
q p y y ] z y p g F
a Pk j ? t K K b c c
hR qj yj qm jv jw *w TP SP jp
bl Ll M v U U u l : ♀ ♀ Pk
P x w v lv lW M m m ♀w
A B r q x Pk z g g h
i z , [ o w o x w x
( ) ) ) ) , , ] ] .
j ! U ? ? u w v u !
a Pk Mny So Mnx ]♀ Y♂ ;♂ ( ?
q r Ap O a; i; I[ h: H; h: H;
</pre>
|| <pre>
q p y y o ) ] Pk ) )
a - ä s t K K b c c
kR kj Üj :m :v äw äw ♂P ♂P ♂p
Sl jl KM lv V V u l u ü : T
KP Öx Üw ;v wv VW M m m ♀w
A B Ä S ü ü Ü U u L
T - - Ä Ä S Z Pk z r
Q p ) ) ) , , ] ] .
Ä z y [ ♀ W w v ü ü
Üa ;Pk WMn w? y! .U ♂M ♂v u u
tr lp LO K; L; Ü[ : ; : ;
</pre>
|| <pre>
q p y y ] z y p g F
u u j ? t K K b c c
hR qj yj qm jv jw *w TP SP jp
bl Ll LM jv rV rV gu Pkl Z: Z♀
P x w v lv lW M m m ♀w
A B r q x Pk z g g h
i z , [ o w o x w x
( ) ) ) ) , , ] ] .
j ! U ? ? u w v u !
va xPk x] og xy ♀. ♂P ♂p vp lx
q r Ap O a; i; I[ h: H; h: H;
</pre>
|| <pre>
q p y y ] z y p g F
a - j ? t K K b c c
hR qj yj qm jv jw *w TP SP jp
bl Ll LM jv rV rV gu Pkl Z: Z♀
P x w v lv lW M m m ♀w
A B r q x Pk z g g h
i z , [ o w o x w x
( ) ) ) ) , , ] ] .
j ! U ? ? u w v u !
a Pk Z, Mn, Mn- ]: : V u u
q r Ap O a; i; I[ h: H; h: H;
</pre>
|}
===Explanation===
The item code itself consists of two components. The first 10 items are used to write a program that takes text characters from the nicknames of characters currently within the active box, converts them, then writes the resulting values to unused memory starting from $D66AD66E.
Pairs of text characters are converted to single values through a [(2a + b)%256] formula, where a is the value of the first character and b the value of the second. text terminators are skipped, the code will stop and execute the newly written code once it either reads a $00 value or if values are being read past $DEFF.
<pre>
11 6F6E D6 ld de, UNUSED_MEMORY ; Memory between $D66F and $D6F4 goes unused
D5 push de
21 0B0A DE ld hl, wBoxNicks
.loop
2A ldi a, (hl)
</pre>
The last item, the LeafX StoneAccuracy, simply form a pointer to $F32FF32E. Due to echo RAM this address is equivalent to $D32FD32E, which correspond to item #67's item ID, the start of the item code. By replacing the map script pointer with this item, we can redirect the map script routine to execute the item code instead. This routine is executed on every frame, as long as the start menu isn't open.
===Raw Assembly===
<pre>
11 6F6E Max Potion x111x110
D6 D5 TM14 x213
21 0B0A Thunderstone x11x10
DA 2A TM22 x42
03 87 Great Ball x135
F4 C9 TM44 x201
2F2E F3 Leaf Stone x243
</pre>
==4F Boostrap Nicknames==
This set of nicknames, when converted, will modify item #1's ID to be 4F and writes a bootstrap so that using it will lead to execution of the item code from $D328D32E onward. It requires the presence of the Infinite Eevee Mode Nickname (see previous section) to properly return.
<pre>
3E 59 ld a, $59 ; 4F's item ID
21 22 D3 ld hl, wBagItems ; item #1's ID
2236 59 ldild (hl), a$59 ; 4F's item ID
AF7C xorld a, h ; a = $00D3
21 66 DA ld hl, 4F_Execution_Pointer +2
22 ldi (hl), a
2232 ldildd (hl), a
22 ldi (hl), a
22 ldi (hl), a ; clears a bunch of $FF values placed by swapping party pokémon
21 64 DA ld hl, 4F_Execution_Pointer
3E 21 ld a, $21
22 ldi (hl), a
3E 2E ld a, $2E
22 ldi (hl), a
3E36 D3C3 ld a(hl), $D3C3
22 ldi (hl), a
36 E9 ld hl, $E9
; The contents of the first nickname (see previous section) are written right after this, ensuring safe return.
</pre>
<pre>
3E 59 21 22 D3 36 59
227C AF21 2266 22DA 2232
223E 212E 6432 DA36 3EC3
21 22 3E 2E 22
3E D3 22 36 E9
</pre>
===Explanation===
Using 4F, an invalid item, will cause the game to index the item effects table out of bounds, leading to an invalid execution pointer. For 4F, this causes the game to execute code from $FA65FA64 onward. Due to echo RAM, this address is equivalent to $DA65DA64. Thanks to the bootstrap that was applied earlier, this will then cause the game to jump to $D328D32E, corresponding to the start of the item code.
<pre>
21C3 2E D3 ldjp hl, ITEM_6_IDITEM_7_ID
E9 jp hl
</pre>
===Raw Assembly===
<pre>21C3 2E D3 E9</pre>
==Nickname Writer==
<pre>
11 A0B9 D8 ld de, $D8A0D8B9 ; location written to
D5 push de
.newMail
D5 push de
21 1E 63 ld hl, AskName + 39h ; Prepares data and calls DisplayNamingScreen
06 01 ld b, 01
CD 1A 39 call $391A ; sets b to 01, then jumps to Bankswitch, calling b:hl
21 56 63 ld hl, DisplayNameRaterScreen
CD 87 3E call BankSwitch ; Change rom banks and call b:hl
0E 80 ld c, $80 ; Ensure checksum consistency
21 4F CF ld hl, wStringBuffer ; Address where new name gets written to
18 F3 jp .newChar
.terminator
21 29 C4 ld hl, $C429 ; Corresponds to screen tile
0E 01 ld c, 01
D5 push de
21 00 C4 ld hl, $C400 ; Corresponds to screen tile
CD BC 13 call PrintBCDNumber.loop ; Prints c amount of bytes at de to hl in binary coded decimal format, prints checksum
0E 01 ld c, $01 ; How many bytes printed as numbers?
CD BC 13 call PrintBCDNumber.loop
.numLoop
2D dec l
CB FE set 7, (hl)
20 FB jp nz, .numLoop ; Repeat until hl == $C400
75 ld (hl), l ; Nulls out $C400
.inputLoop
CD 21 38 call JoypadLowSensitivity ; Halt execution until frame has passed, get joypad status and store result in hJoy5
F0 B5 ld a, (hJoy5)
E6 0F and $0F ; Set z flag if A, B, START, SELECT not pressed
28 F7 jp z, .inputLoop
1F rra ; Is A pressed? If yes, set c flag
D1 pop de
F038 B5CB ldjr ac, (hJoy5).newMail
A7 and a ; Check if no buttons are pressed
28 EE jp z, .terminator ; If no buttons pressed, keep displaying checksum
1F rra ; Shift all bits to the right, transfer former bit 7 to bit 1 and store status of this bit in c flag
38 CF jp c, .loop ; Is A is pressed, start new nickname
1B dec de ; If another button outside of A is pressed, either we're using the correction function, executing or stopping
1F rra ; is B pressed?
38 E7 jp c, .terminator ; If B is pressed, de has been decremented once so continue just displaying the new value de points towards
1F rra
1F rra ; Is START pressed?
D8 ret c ; Jump to $D89C, which was pushed to the stack at the start of the code and execute newly written code
1B dec de
1B dec de
1B dec de
1F rra ; Is B pressed? If yes, set c flag
1B dec de ; de's value has been decremented a total of 5 times, equal to a full nickname's worth of data
38 E1 jr c, .terminator
17 rla ; Shift all bits to the left, transfer former bit 7 to bit 1 and store status of this bit in c flag. Is SELECT pressed?
1F rra ; Is SELECT pressed? If yes, set c flag
30 C1 jp nc, loop ; If SELECT NOT pressed and dpad pressed instead, start new mail after de has been decremented a total of 5 times. Basically undoes a full nickname's worth of data
E1 pop hl ; Otherwise, pop the storedstarting address of $D89C from theto stackhl
C9D8 ret c ; SinceIf $D89CSELECT was poppedpressed, simply return to normal execution without executing newly written codeoperations
E9 jp hl ; If START pressed, jump to hl to execute newly written code
</pre>
<pre>
11 A0B9 D8 ld de, $D8A0D8B9 ; location written to
D5 push de
.newMail
D5 push de
21 AA 62 ld hl, AskName + 39h ; Prepares data and calls DisplayNamingScreen
06 01 ld b, 01
CD 1C 39 call $391C ; sets b to 01, then jumps to Bankswitch, calling b:hl
21 E2 62 ld hl, DisplayNameRaterScreen
CD 89 3E call BankSwitch ; Change rom banks and call b:hl
0E 80 ld c, $80 ; Ensure checksum consistency
21 4F CF ld hl, wStringBuffer ; Address where new name gets written to
18 F3 jp .newChar
.terminator
21 29 C4 ld hl, $C429 ; Corresponds to screen tile
0E 01 ld c, 01
D5 push de
21 00 C4 ld hl, $C400 ; Corresponds to screen tile
CD BF 13 call PrintBCDNumber.loop ; Prints c amount of bytes at de to hl in binary coded decimal format, prints checksum
0E 01 ld c, $01 ; How many bytes printed as numbers?
CD BF 13 call PrintBCDNumber.loop
.numLoop
2D dec l
CB FE set 7, (hl)
20 FB jp nz, .numLoop ; Repeat until hl == $C400
75 ld (hl), l ; Nulls out $C400
.inputLoop
CD 23 38 call JoypadLowSensitivity ; Halt execution until frame has passed, get joypad status and store result in hJoy5
F0 B5 ld a, (hJoy5)
E6 0F and $0F ; Set z flag if A, B, START, SELECT not pressed
28 F7 jp z, .inputLoop
1F rra ; Is A pressed? If yes, set c flag
D1 pop de
F038 B5CB ldjr ac, (hJoy5).newMail
A7 and a ; Check if no buttons are pressed
28 EE jp z, .terminator ; If no buttons pressed, keep displaying checksum
1F rra ; Shift all bits to the right, transfer former bit 7 to bit 1 and store status of this bit in c flag
38 CF jp c, .loop ; Is A is pressed, start new nickname
1B dec de ; If another button outside of A is pressed, either we're using the correction function, executing or stopping
1F rra ; is B pressed?
38 E7 jp c, .terminator ; If B is pressed, de has been decremented once so continue just displaying the new value de points towards
1F rra
1F rra ; Is START pressed?
D8 ret c ; Jump to $D89C, which was pushed to the stack at the start of the code and execute newly written code
1B dec de
1B dec de
1B dec de
1F rra ; Is B pressed? If yes, set c flag
1B dec de ; de's value has been decremented a total of 5 times, equal to a full nickname's worth of data
38 E1 jr c, .terminator
17 rla ; Shift all bits to the left, transfer former bit 7 to bit 1 and store status of this bit in c flag. Is SELECT pressed?
1F rra ; Is SELECT pressed? If yes, set c flag
30 C1 jp nc, loop ; If SELECT NOT pressed and dpad pressed instead, start new mail after de has been decremented a total of 5 times. Basically undoes a full nickname's worth of data
E1 pop hl ; Otherwise, pop the storedstarting address of $D89C from theto stackhl
C9D8 ret c ; SinceIf $D89CSELECT was poppedpressed, simply return to normal execution without executing newly written codeoperations
E9 jp hl ; If START pressed, jump to hl to execute newly written code
</pre>
<pre>
11 A0B9 D8 ld de, $D8A0D8B9 ; location written to
D5 push de
.newMail
D5 push de
21 E4 62 ld hl, AskName + 39h ; Prepares data and calls DisplayNamingScreen
06 01 ld b, 01
CD 15 39 call $3915 ; sets b to 01, then jumps to Bankswitch, calling b:hl
21 1C 63 ld hl, DisplayNameRaterScreen
CD 82 3E call BankSwitch ; Change rom banks and call b:hl
0E 80 ld c, $80 ; Ensure checksum consistency
21 4F CF ld hl, wStringBuffer ; Address where new name gets written to
18 F3 jp .newChar
.terminator
21 29 C4 ld hl, $C429 ; Corresponds to screen tile
0E 01 ld c, 01
D5 push de
21 00 C4 ld hl, $C400 ; Corresponds to screen tile
CD BF 13 call PrintBCDNumber.loop ; Prints c amount of bytes at de to hl in binary coded decimal format, prints checksum
0E 01 ld c, $01 ; How many bytes printed as numbers?
CD BF 13 call PrintBCDNumber.loop
.numLoop
2D dec l
CB FE set 7, (hl)
20 FB jp nz, .numLoop ; Repeat until hl == $C400
75 ld (hl), l ; Nulls out $C400
.inputLoop
CD 1C 38 call JoypadLowSensitivity ; Halt execution until frame has passed, get joypad status and store result in hJoy5
F0 B5 ld a, (hJoy5)
E6 0F and $0F ; Set z flag if A, B, START, SELECT not pressed
28 F7 jp z, .inputLoop
1F rra ; Is A pressed? If yes, set c flag
D1 pop de
F038 B5CB ldjr ac, (hJoy5).newMail
A7 and a ; Check if no buttons are pressed
28 EE jp z, .terminator ; If no buttons pressed, keep displaying checksum
1F rra ; Shift all bits to the right, transfer former bit 7 to bit 1 and store status of this bit in c flag
38 CF jp c, .loop ; Is A is pressed, start new nickname
1B dec de ; If another button outside of A is pressed, either we're using the correction function, executing or stopping
1F rra ; is B pressed?
38 E7 jp c, .terminator ; If B is pressed, de has been decremented once so continue just displaying the new value de points towards
1F rra
1F rra ; Is START pressed?
D8 ret c ; Jump to $D89C, which was pushed to the stack at the start of the code and execute newly written code
1B dec de
1B dec de
1B dec de
1F rra ; Is B pressed? If yes, set c flag
1B dec de ; de's value has been decremented a total of 5 times, equal to a full nickname's worth of data
38 E1 jr c, .terminator
17 rla ; Shift all bits to the left, transfer former bit 7 to bit 1 and store status of this bit in c flag. Is SELECT pressed?
1F rra ; Is SELECT pressed? If yes, set c flag
30 C1 jp nc, loop ; If SELECT NOT pressed and dpad pressed instead, start new mail after de has been decremented a total of 5 times. Basically undoes a full nickname's worth of data
E1 pop hl ; Otherwise, pop the storedstarting address of $D89C from theto stackhl
C9D8 ret c ; SinceIf $D89CSELECT was poppedpressed, simply return to normal execution without executing newly written codeoperations
E9 jp hl ; If START pressed, jump to hl to execute newly written code
</pre>
<pre>
11 A0B9 D8 ld de, $D8A0D8B9 ; location written to
D5 push de
.newMail
D5 push de
21 DC 62 ld hl, AskName + 39h ; Prepares data and calls DisplayNamingScreen
06 01 ld b, 01
CD 1C 39 call $391C ; sets b to 01, then jumps to Bankswitch, calling b:hl
21 14 63 ld hl, DisplayNameRaterScreen
CD 89 3E call BankSwitch ; Change rom banks and call b:hl
0E 80 ld c, $80 ; Ensure checksum consistency
21 4F CF ld hl, wStringBuffer ; Address where new name gets written to
18 F3 jp .newChar
.terminator
21 29 C4 ld hl, $C429 ; Corresponds to screen tile
0E 01 ld c, 01
D5 push de
21 00 C4 ld hl, $C400 ; Corresponds to screen tile
CD BF 13 call PrintBCDNumber.loop ; Prints c amount of bytes at de to hl in binary coded decimal format, prints checksum
0E 01 ld c, $01 ; How many bytes printed as numbers?
CD BF 13 call PrintBCDNumber.loop
.numLoop
2D dec l
CB FE set 7, (hl)
20 FB jp nz, .numLoop ; Repeat until hl == $C400
75 ld (hl), l ; Nulls out $C400
.inputLoop
CD 23 38 call JoypadLowSensitivity ; Halt execution until frame has passed, get joypad status and store result in hJoy5
F0 B5 ld a, (hJoy5)
E6 0F and $0F ; Set z flag if A, B, START, SELECT not pressed
28 F7 jp z, .inputLoop
1F rra ; Is A pressed? If yes, set c flag
D1 pop de
F038 B5CB ldjr ac, (hJoy5).newMail
A7 and a ; Check if no buttons are pressed
28 EE jp z, .terminator ; If no buttons pressed, keep displaying checksum
1F rra ; Shift all bits to the right, transfer former bit 7 to bit 1 and store status of this bit in c flag
38 CF jp c, .loop ; Is A is pressed, start new nickname
1B dec de ; If another button outside of A is pressed, either we're using the correction function, executing or stopping
1F rra ; is B pressed?
38 E7 jp c, .terminator ; If B is pressed, de has been decremented once so continue just displaying the new value de points towards
1F rra
1F rra ; Is START pressed?
D8 ret c ; Jump to $D89C, which was pushed to the stack at the start of the code and execute newly written code
1B dec de
1B dec de
1B dec de
1F rra ; Is B pressed? If yes, set c flag
1B dec de ; de's value has been decremented a total of 5 times, equal to a full nickname's worth of data
38 E1 jr c, .terminator
17 rla ; Shift all bits to the left, transfer former bit 7 to bit 1 and store status of this bit in c flag. Is SELECT pressed?
1F rra ; Is SELECT pressed? If yes, set c flag
30 C1 jp nc, loop ; If SELECT NOT pressed and dpad pressed instead, start new mail after de has been decremented a total of 5 times. Basically undoes a full nickname's worth of data
E1 pop hl ; Otherwise, pop the storedstarting address of $D89C from theto stackhl
C9D8 ret c ; SinceIf $D89CSELECT was poppedpressed, simply return to normal execution without executing newly written codeoperations
E9 jp hl ; If START pressed, jump to hl to execute newly written code
</pre>
<pre>
11 A0B9 D8 D5 D5
06 01 21 561E 63 CD 1A
CD 87 3E39 0E 80 21 4F
21 4F CF D1 2A 87 30
87 30 09 86 12 13 23
13 23 81 12 4F 18 F3
18 F3D5 21 2900 C4 0E
0E 01 D5 CD BC 13 2D
13CB CDFE 2120 38FB D1CD
F021 B538 A7F0 28B5 EEE6
1F0F 3828 CFF7 1B1F 1FD1
38 E7CB 1F1B 1F D838
1BE1 1B1F 1BE1 1BD8 17E9
30 C1 E1 C9 00
</pre>
<pre>
11 A0B9 D8 D5 D5
06 01 21 E2AA 62 CD 1C
CD 89 3E39 0E 80 21 4F
21 4F CF D1 2A 87 30
87 30 09 86 12 13 23
13 23 81 12 4F 18 F3
18 F3D5 21 2900 C4 0E
0E 01 D5 CD BF 13 2D
13CB CDFE 2320 38FB D1CD
F023 B538 A7F0 28B5 EEE6
1F0F 3828 CFF7 1B1F 1FD1
38 E7CB 1F1B 1F D838
1BE1 1B1F 1BE1 1BD8 17E9
30 C1 E1 C9 00
</pre>
<pre>
11 A0B9 D8 D5 D5
0621 01E4 2162 1CCD 6315
CD 82 3E39 0E 80 21 4F
21 4F CF D1 2A 87 30
87 30 09 86 12 13 23
13 23 81 12 4F 18 F3
18 F3D5 21 2900 C4 0E
0E 01 D5 CD BF 13 2D
13CB CDFE 1C20 38FB D1CD
F01C B538 A7F0 28B5 EEE6
1F0F 3828 CFF7 1B1F 1FD1
38 E7CB 1F1B 1F D838
1BE1 1B1F 1BE1 1BD8 17E9
30 C1 E1 C9 00
</pre>
<pre>
11 A0B9 D8 D5 D5
0621 01DC 2162 14CD 631C
CD 89 3E39 0E 80 21 4F
21 4F CF D1 2A 87 30
87 30 09 86 12 13 23
13 23 81 12 4F 18 F3
18 F3D5 21 2900 C4 0E
0E 01 D5 CD BF 13 2D
13CB CDFE 2320 38FB D1CD
F023 B538 A7F0 28B5 EEE6
1F0F 3828 CFF7 1B1F 1FD1
38 E7CB 1F1B 1F D838
1BE1 1B1F 1BE1 1BD8 17E9
30 C1 E1 C9 00
</pre>
|