Process to 100% Legal check a Pokemon

Table Of Contents:
Generation 3 Pokemon: Pal Parked Generation 4 Pokemon: DPPtHGSS Alternate Gen4 Methods: Pros and Cons Breadth Knowledge: Hex Structure and Encryption Closing + Sources

Generation 3 Pokemon
Have .pkm file (party/box). 1) Look for a website to see if the OT/ID is from a known hacker, if you want. 2) Have Legal.exe, PokeGen, and Ingame Info Viewer (PokeGen or Secure PKM Reader). i. Run .pkm through legal.exe. ii. Check PID Type, should match the PID types located here for the specific pokemon. 1. Check the internets for the specific pokemons type if no clear answer was given. iii. Trash Bytes: If invalid, it must be imported from HGSS. 1. Type: Pal Park Trash Bytes. Checked by legal. iv. Everything else should pass. v. ~Do one of the following according to what the Pokemon is. 1. Events: Know ID/SID/OT, make sure they are right. a. Do nothing. Legal.exe is as far as you can check if the PID type is correct. b. If the PID type is Unknown GBA, there may be people who dont want to share the algorithm but can check. More often than not, they are Unknown c. Compare to another legal one, for hidden hex etc. 2. Wild Capture Pokemon a. Stationary Legends and Gift Pokemon are Method 1. Common GBA ABCD. i. Some may carry over Fateful Encounter Flag (Obedience) b. Wild Pokemon (Method 2): Uncommon GBA ABDE. i. Encounter in tall grass, except Latias or Latios ii. Encounter in seaweed or deep sand iii. Encounter on water, except Latias or Latios iv. Encounter in caves or Pokmon-infested structures v. Encounter while fishing vi. Encounter after using Rock Smash c. Wild Pokemon (Method 3/4): Rare and Ultra Rare GBA i. VERY Rare cases. 3. Breeds: a. There is no correlation between PID and IVs. Thus, PID type is Unknown GBA. 3) Open file in [PokeGen] or [Secure PKM Reader (run as administrator for Vista/Win7)]. i. Check to see if anything odd appears. Just so you dont have to view it in game. 4) Open file in latest PokeGen nonbeta version (2.312). ii. Check the Encounter Type under the Met tab. This must be correct for the given Pokemon. a. Hex Location: 85h (00) 1. 0x0 Pal Park, Egg, Hatched, Special Event iii. Check the extra bytes, should all be zero. 1. Not completely certain for GBA events. Note: there are many Unknown GBA pokemon, as events and hatched. Any caught pokemon will NEVER have an Unknown GBA type. Generation 3 Pokemon are easier to hack, compared to Generation 4 This is due to the Encounter type being 0 and trashbytes.exe normalizing the trash bytes to one of the 2 algorithms.

Generation 4 Pokemon
Have .pkm file (party/box). 1) Look for a website to see if the OT/ID is from a known hacker, if you want. 2) Have Legal.exe, PokeGen, and Ingame Info Viewer (PokeGen or Secure PKM Reader). i. Run .pkm through legal.exe. ii. Check PID Type, should match the PID types located here for the specific pokemon. iii. Trash Bytes: 1. Pal Park Pokemon: If invalid, it must be Pal Parked from HGSS to still be valid. a. Checked by legal, even tells you the region. 2 Possible Algorithm results. 2. Mystery Gift Pokemon: Compare to a legal one, Nickname and OT have trash. a. Checked by legal, even for New Events not in its database. 3. Hatched Pokemon: Trash Bytes in Nickname. Nicknamed, Unnickd = No trash. a. This may indicate a hack. Legal does not check Hatched Trash. iv. Everything else should pass, except new Wondercard events. v. ~Do one of the following according to what the Pokemon is. 1. Events During/Before February 2010 (Last Legal revision) b. Do nothing. Legal.exe is as far as you can check. 2. New Events: Know ID/SID, and do one of the following: i. Have legit Wondercard from PP.org or other site. ii. Check the PID of any other legit one a. Set natures will have the exact PID of a known legit / Wondercard b. Variable natures: Do a morph a. Open PokeGen and change it to any earlier event that passes legal.exe. b. Change the Nickname/ID/SID and OT. c. Save a new .pkm and run thru legal. Must be Mystery Gift PID type. 3. Wild Capture Pokemon: a. DPPt pokemon should appear as having a SYNC. iii. Sync means that the method 1 -> method J allows the PID to appear naturally in the game. If invalid, it may be a false negative in legal.exe a. If HGSS or sync is invalid, go to Shaym.in Method 1/J/K Checker 1. Enter exact IVs, select Method J for DPPt, Method K for HGSS. 2. Enter in any other information you have to narrow results. 3. If the PID appears for the correct method, it is legal. 4. This guide will not cover chain shinies 4. Breeds a. There is no correlation between PID and IVs. Thus, PID type is Unknown. b. Should appear as Hatched (or Egg for Egg .pkms) 5. Gift Pokemon: Method 1 *Common NDS ABCD+pokemon do not need sync. 3) Open file in [PokeGen] or [Secure PKM Reader (run as administrator for Vista/Win7)]. i. Check to see if anything odd appears. Just so you dont have to view it in game. ii. It will show you hidden hex, if necessary for the Pokemon. 1. Its not necessary to view hidden hex, only(?) Pt/HGSS locations and encounter type are used in the hidden hex. 4) Open file in latest PokeGen nonbeta version (2.312). i. Check the Encounter Type under the Met tab. This must be correct for the given Pokemon. a. Hex Location: 85h (00-0C) 0x0 Pal Park, Egg, Hatched, Special Event 0x2 Tall Grass 0x4 Dialga/Palkia In-Game Event 0x5 Cave, Hall of Origin 0x7 Surfing, Fishing 0x9 Building 0xA Great Marsh (Safari Zone) 0xC Starter, Fossil, Gift (Eevee) ii. Check the extra bytes in OT/Misc, all should be zero.

Addressing other methods that legit checkers use for wild encounter Pokemon. 1) First, you need knowledge on what initial seeds are. The 2 checking methods below are based on this. a. Seeds are 8 digits, in hex. They have 2 parts, being 4 digits each, in hex. Date and Delay. Method 1 is a 16^8 PID long loop, and it repeats. Depending on the Date + Delay, you can land wherever. 1. Think of it as landing on the equator from space. Where you land is based on Speed of descent (delay) and angle of approach (Date). Change one and you will land somewhere else on Earth! b. Date is the Date/Time/Year the game was continued at. 0000-FFFF c. Delay is the time from startup to continue (increases 60~times/second) 0000-FFFF d. Since seeds range from 00000000-FFFFFFFF, they also have 16^8 possible combinations. Therefore, theoretically there is one seed in which a PID appears on the first frame, one on the second frame, one on the third frame, etc. e. However, delay is the only limiting factor, people dont go below 500~ or above 10000~ delay. a. With those approximate limits, you get a reduction in possible seeds. b. This removes (16^4-9500) possible delay hexes (4 digit hexes), leaving 9500~ possible delay hexes. c. Multiply this to the Date hex possibility (9500*16^4), which leaves 622,592,000~ remaining seeds, which is 14%~ of the possible seed pool. d. This means that there is a seed in which a PID appears in the (1-8)x frame range. 1. So, there are on average~~ 2. 1 seed in which a PID appears in the first 7.90 frames. 3. 5 seeds in which a PID appears in the first 39.5 frames. 4. 12.66 seeds in which a PID appears in the first 100 frames. 5. Et cetera. a. x seeds in the first x*(7.8985263157) frames. e. Combining this with the 16^8/8192 possible shiny PIDs, there are 524,288 shiny PIDs. 1. Definitely MANY PIDs that are soft resettable. 2. With the delay restrictions, you have ~66400 shiny frame X seeds to SR for. 3. Its still 1/8192 to get a shiny when soft resetting

2) Delay Checking a. Delay Checking is where the checker uses PokeRNGDP.exe to see if the PID appears on a low enough delay. The problem with this is that it only checks for seeds in which the PID appears on a somewhat low frame. For wild encounter pokemon, they can be entirely random or RNGd. You might have to do some research on which it is. a. RNGd pokemon should have low frames, but delay checking is invalid because they can hit high delays, usually 5(6)00-4000. b. Random encounter pokemon can be entirely random, so frame really doesnt matter. See the above seed limits to get a scope of how random it is. b. When this method is valid: a. Soft Reset Shinies. Always frames 1-20~, so if no seed with a low shiny frame is possible with a delay lower than 10000 on that date, it can rule it a hack. c. Why this method is invalid for everything else: a. PokeRNGDP.exe only gives one result, not always the seed in which the PID was from. b. With the many date/time/delay seeds, you can be anywhere. Add that to the amount of frame advancement (randomly/RNGd) into the game and any frame/seed/PID is possible.

3) Seed/Date Checking a. A variant on delay checking, but has its flaws. a. Checks the date to see if there is a seed (with that date) in which that PID appears. b. When this method is valid: a. Soft reset shinies. See above for delay checking, frames 1-20 having a shiny PID frame only happens on 2-3~ possible seeds (per PID, but you know the PID). c. Why this method is invalid for everything else: a. Same as the Delay checking. You can hit any of those possible seeds, be smart/get lucky. 4) So, what does this mean? a. Delay and Date checking are completely invalid as checking tools, except for low frame pokemon gotten through soft resetting. They rely on the Delay seed limiting, and the Date restriction (usually reduces possible seeds by ). Thus why it is only valid for soft resetting. Depending on the Pokemon (Gift/Legend), the SR frame hit will be 1-20~. Breadth Knowledge: The following is not needed to legal check but is good information to know. Pokemon Hex Structure (Project Pokemon Wiki) Party Pokemon and Box Pokemon all share the same structure, except party pokemon have 100 extra bytes for battle stats etc. Unused Parts Should all be Zeroes. Parts of this use binary (IVs etc)! Space Tabbed indicates speculation on B+W hex structure changes if 136byte structure stays standard. Always First: Zero Row Always Unencrypted Bytes 0x00 - 0x03 - PID [8 digit hex PID] 0x04 - 0x05 - Unused [4 digit Always Zero] 0x06 - 0x07 - Checksum [4 digit hex] Normally .pkm are the Unencrypted version. There is no block shuffling. Encrypted .pkms cannot be checked by legal, because it can't deshuffle. PokeGen can deshuffle. For the following Blocks A, B, C, D: When in game, start encryption: BLOCK A 0x08 - 0x09 - Species 0x0A - 0x0B - Held Item 0x0C - 0x0D - OTID 0x0E - 0x0F - OTSID One Row 0x10 - 0x13 - Exp Pts - 2byte blocks [8 digits] 0x14 - 0x15 - [Friendship (HatchSteps if egg) and Ability] 0x16 - 0x17 - Box Markings and Country Origin-Language 0x18 - 0x19 - EVs Set 1 [HP and Attack] 0x1A - 0x1B - EVs Set 2 [Defense and Speed] 0x1C - 0x1D - EVs Set 3 [SpA and SpD] 0x1E - 0x1F - Contest-Stats Set 1 [Cool and Beauty] Two Row 0x20 - 0x21 - Contest-Stats Set 2 [Cute and Smart] 0x22 - 0x23 - Contest-Stats Set 3 [Smart and Tough] 0x24 - 0x25 - Ribbon Set 1 0x26 - 0x27 - Ribbon Set 2

BLOCK B 0x28 - 0x29 - Move 1 ID# 0x2A - 0x2B - Move 2 ID# 0x2C - 0x2D - Move 3 ID# 0x2E - 0x2F - Move 4 ID# 0x30 - 0x31 - Move 1 and 2 PP 0x32 - 0x33 - Move 3 and 4 PP 0x34 - 0x35 - Move 1 and 2 PP UP Count 0x36 - 0x37 - Move 3 and 4 PP UP Count 0x38 - 0x39 - IV Set 1 and... 0x3A - 0x3B - IV Set 2/EggFlag/NicknameFlag [IVs 0-29], 30, 31 0x3C - 0x3D - Hoenn Ribbon Set 1 0x3E - 0x3F - Hoenn Ribbon Set 2 0x40 - 0x40 - Gender/Form [Bits: 0=Fateful flag, 1=Female, 2=Genderless, 3-7 Forms] 0x41 - 0x41 - Shiny Leaves (HGSS) [0-4, 5 for crown] 0x42 - 0x43 (Unused) B/W Met Location - Egg location will be from D/P/Pt 0x44 - 0x45 Egg Location (Platinum+HGSS) 0x46 - 0x47 Met Location (Platinum+HGSS) BLOCK C 0x48 - 0x5D - Nickname - 2byte blocks 0x5E - 0x5F - Unused + Hometown Version B/W Version Modifier 0x60 - 0x61 - Sinnoh Contest Ribbon Set 1 0x62 - 0x63 - Sinnoh Contest Ribbon Set 2 0x64 - 0x65 (Unused) B/W Contest Ribbon Set 1 0x66 - 0x67 (Unused) B/W Contest Ribbon Set 2 BLOCK D 0x68 - 0x77 - OT Name - 2byte blocks 0x78 - 0x7D - Date Egg Received/Met Dates - 2byte blocks 0x7E - 0x7F - Egg Location (Diamond+Pearl) [FarawayPlace for Plat] 0x80 - 0x81 - Met Location (Diamond+Pearl) [FarawayPlace for Plat] 0x82 - 0x83 - Pokerus and Pokeball Type 0x84 - 0x85 - Met At Level + Encounter Type of the Pokemon (NEEDED) 0x86 - 0x87 - HGSS Pokeball + Unused B/W Pokeball ??, New Encounter Modifier?? or Gen5.5 Location

Party .PKM Everything after 0x87 is Battle Stats, which are also Encrypted in game. When a pokemon is saved as a Party PKM, these are absent. No need to LC these. Repeated above in LCing: Encounter Hex Meaning (85h) 0x0 Pal Park, Egg, Hatched, Special Event 0x2 Tall Grass 0x4 Dialga/Palkia In-Game Event 0x5 Cave, Hall of Origin 0x7 Surfing, Fishing 0x9 Building 0xA Great Marsh (Safari Zone) 0xC Starter, Fossil, Gift (Eevee) 0xE Unused B+W Dreamzone?

Pokemon Ingame Data Encryption (tsanth) What follows is a description of the pkm encryption algorithm. Credit goes to loadingNow for reversing the algorithm; without him, the great majority of the discoveries and analysis in this thread would not be possible: *) The assembly and knowledge required to implement the PRNG has been posted earlier in the thread, and so will not be reposted. What follows are descriptions of other algorithms used in DP. *) pkm data is ordinarily stored encrypted in the save data in 136-byte blocks, following the format: [4 bytes: PV] [2 bytes: 0x00] [2 bytes: checksum] [128 bytes: encrypted data] *) Both the PV and checksum are stored in little-endian format. *) Checksum: Split the 128 bytes of unencrypted data into sixty-four 2-byte words. To calculate the checksum, take the sum of these words and truncate to 16 bits. *) Encryption of the data happens in two steps: 1) block-shuffling, and 2) encryption. Decryption performs the operations in reverse: 1) decryption, then 2) block-shuffling. *) Block shuffling: Let blocks A, B, C, and D be the normal data, split into four blocks of 32 bytes each. Prior to encryption, the blocks are rearranged (shuffled) based on the PV. The value determining the permutation is given by the expression shiftVal = ((pv >> 0xD) & 0x1F) % 24. The permutations are regular and can be defined either as a list/array (faster) or as a set of operations which determine the block to take (more arcane/geek cred). For clarity, the list determining the permutations (the left-hand side is given as decimal) is given here: # 00 = ABCD; 01 = ABDC; 02 = ACBD; 03 = ACDB; 04 = ADBC; 05 = ADCB # 06 = BACD; 07 = BADC; 08 = BCAD; 09 = BCDA; 10 = BDAC; 11 = BDCA # 12 = CABD; 13 = CADB; 14 = CBAD; 15 = CBDA; 16 = CDAB; 17 = CDBA # 18 = DABC; 19 = DACB; 20 = DBAC; 21 = DBCA; 22 = DCAB; 23 = DCBA *) For the curious, the operations required to implement this permutation sequence are given below. Assume that you are passed a subscriptable list containing blocks: [A, B, C, D]. Further assume that the list refers to A as element 0. Further assume that your implementation of a list allows removal of an arbitrary element, e.g. list.pop(2) results in the list [A, B, D]. The order of the shuffled elements is given by the expressions: shuffled[0] = shiftVal / 6 shuffled[1] = (shiftVal % 6) / 2 shuffled[2] = (shiftVal % 6) % 2 shuffled[3] =0 *) Encryption: After the blocks are shuffled, they're encrypted. The actual encryption relies upon the PRNG. To perform the encryption/decryption, 1) seed the PRNG with the checksum, then 2) for every one of the 128 bytes of encrypted data (for 0..127), perform the operation clearByte = prng.rand() ^ encryptedByte.

Closing/Credits:
This guide would not be possible without Smogon, Sabresite, tsanth, Project Pokemon, and whoever they give credit to. not Pokemon Secure. Gen3+Gen4 written by Kaphotics, Alternate Methods written by Kaphotics.

All Breadth knowledge is a pretty obvious direct rip of another page you can view these two topics directly from the URLs inside their topic header at PP/GameFAQs. Some information is added in on some lines for a little more description for those who dont speak programming/hex etc, and also for some predictions for Black + White.