Amplificar
New Member
- Joined
- Nov 18, 2025
- Messages
- 1
- Reaction score
- 0
- Pronouns
- He/Him
I was using no$gba-debug yesterday and placed a breakpoint in leafgreen at 0804079E. When an item is given or taken from a pokemon, the break happens and their 100 byte data structure is unencrypted and easily editable.
It doesn't decrypt every pokemon in the party, just one at a time (the one being given an item). The first pokemon in the party begins at 02024284 in the version I've got.
With this trick I've been able to successfully change a pokemon's species, held item, moves, their current PP, and their increased "PP Up" bits. There's a lot more stuff I haven't identified.
The code at the breakpoint in my version of the game is 0804079E 8041 strh r1,[r0,2h]
That instruction is setting the held item value at offset [r0+2] to the value of register r1.
For other game versions, the code and ram will probably be ordered differently.
To find the party data I recommend doing a cheat search for one pokemon's current HP, but only searching for the HP value outside of battle. Searching for HP in battle wont find the party data, it'll just find temporary copies of it.
Once HP is found, two offsets prior to it will change when an item is given to or taken from the pokemon (the encrypted item id followed by a CRC). Create a break on write for the encrypted item id byte (here's an example wrapped in quotes "[20242A6]!!") When an item is given or taken it'll drop into the debugger with the unencrypted data exposed and editable.
It doesn't decrypt every pokemon in the party, just one at a time (the one being given an item). The first pokemon in the party begins at 02024284 in the version I've got.
With this trick I've been able to successfully change a pokemon's species, held item, moves, their current PP, and their increased "PP Up" bits. There's a lot more stuff I haven't identified.
The code at the breakpoint in my version of the game is 0804079E 8041 strh r1,[r0,2h]
That instruction is setting the held item value at offset [r0+2] to the value of register r1.
For other game versions, the code and ram will probably be ordered differently.
To find the party data I recommend doing a cheat search for one pokemon's current HP, but only searching for the HP value outside of battle. Searching for HP in battle wont find the party data, it'll just find temporary copies of it.
Once HP is found, two offsets prior to it will change when an item is given to or taken from the pokemon (the encrypted item id followed by a CRC). Create a break on write for the encrypted item id byte (here's an example wrapped in quotes "[20242A6]!!") When an item is given or taken it'll drop into the debugger with the unencrypted data exposed and editable.