XY RNG Research

Bond697

Dies, died, will die.
I have a few things I've figured out that I thought might be worth putting up in here.


First of all, the RNG is the same as last gen. It's still seed = seed * 0x5d588b656c078965 + 0x0000000000269ec3. There's also still a Mersenne Twister, though it's an official one now too. It seems to be a little bit different than the one that GF has always used, but that's not a big deal.

What has changed is that there's not a function to build an array of entropy data anymore. So the initial seed is built in a different way. I'm not sure exactly how, but odds are it uses the AES generator built into the 3DS. There are functions on the DSi and 3DS for generating random numbers from the on-board AES hardware. In fact, on the DSi they have specific instructions to use the AES library's random numbers as a starting point for the main mathlib RNG. I don't know 100% for sure that that's the same case on the 3DS, but there's no reason for it to change at all considering that the 3DS is pretty secure in general. Certainly moreso than previous "DS" handhelds.

Anyway, what that means is that we may not be able to ever RNG the way we're used to ever again. There's certainly a chance I'm wrong about that last bit, and I hope I am. Obviously I'm not 100% sure, but if what I was saying wasn't pretty solid, to me at least, I wouldn't mention it at all until I know more.

It may come down to using a GPGPU program to (relatively)quickly find seeds in games that are already loaded and going from there.
 
Last edited:

Bond697

Dies, died, will die.
What? No. Do you know what an AES generator is? There will likely be no rng-ing as we know it for gen 6. There's more work to be done confirming that 100%, but the odds are good.
 
Hey Bonds, just to clarify: what you're saying is that the MT lookup table is initialised upon turning on the 3DS with a built-in RNG from their AES engine? How does the AES engine generate random numbers? Do they start with an initial seed on startup? Or is there only one initial seed (i.e. the first time you turn on the device, the initial seed is generated, and then it is never restarted)?
 

Bond697

Dies, died, will die.
Let's be clear about something because I'm seeing and hearing lots of stupidity about this.

Gamefreak did not try to kill RNG abuse. It is a result of the RNG implementation on the 3DS.

And it's not even 100% confirmed yet. God damn it.
 
So if I understand what was said.. rather than finding a seed and the hour generating it and booting the game at that precise time like in Gen 5, RNGing in that Gen 6 -if it is possible- will be more like booting the game and trying to find the seed and the targets you want from there?

(I'm not that tech savvy, but I like to understand, especially since I'm all for RNGing)
 

Arcticblast

Trans rights are human rights
is a Forum Moderatoris a Tiering Contributoris a Social Media Contributor Alumnusis a Senior Staff Member Alumnusis a Community Contributor Alumnusis a Battle Simulator Moderator Alumnusis a Past SPL Champion
I know this isn't strictly RNG-related, but there's the whole egg "abuse" thing going around which apparently works well (I haven't read the thread though). Would it be worth investigating?
 
hello
i am not a native English speaker so maybe i missunderstand sth that you said
there's a question about rng abuse in gen6 that if i can know wich seed i was in, will it be able to generate the list?
i mean the egg list, IVs list or other.
if we could get the list, we can use Save&Load to get a better seed and at last get the same result to real RNG abuse.
 
What? No. Do you know what an AES generator is? There will likely be no rng-ing as we know it for gen 6. There's more work to be done confirming that 100%, but the odds are good.
So, does this mean we can't control the initial seed? I don't know how the AES engine works, but couldn't we predict new seeds based off of several old seeds and advance the frames from there? I'm still stuck at Yveltal, because I'm stubbornly waiting to get a flawless one... Do you suppose anyone could be of any assistance, if only a little bit?
 
When you tap a pokemon in the summary screen it will make various poses, which correspond to its movements when using different types of moves in battle.
For example,
Greninja has 3, which can be represented by Dark Pulse (stands up and raises its hand over the head), Shadow Sneak (flips around and chops with one hand) and Water Shuriken(well,.. throws shuriken).
Yveltal has 4, Dark Pulse, Oblivion Wing, Sucker Punch and Dragon Rush(iirc)

I tested once with greninja and got the following sequence:
dwsddsdddswswsdsswssswwswwdssdswdsdswdwsdssdwdwwww dwdwswwwsswdwwdswswswwdwsdwwsddddsdddwwwsswwsddswd sddwdswdddsdswssswswwwsssdd
which totals:
40 dark pulse
43 shadow sneak
44 water shuriken
These may not be exactly accurate (recorded and counted by hand only once) but generally it seems that they are evenly distributed.
 
The 'static' seed for breeds is stored in the save file at offset 0x207E8/0x9F7E8 at the end of the Daycare Block for Save1 and Save2 respectively.
Please tell me someone is working on RNG abuse. I STILL haven't beaten the game because I want a flawless Yveltal.
So... the breeding seed is static? Does that mean that there is no real way to manipulate breeding through RNG abuse?
As far as normal RNG abuse goes, could we predict later seeds by finding a series of seeds beforehand?
 
Interesting that the Nintendo finally started using real crypto for rng. Frankly I'm shocked that it took them this long to do so.

Think of it this way Strange_matter: If you can break AES, you have a promising future in the international intelligence community. That is to say that there isn't some possible exploit based on how it was implemented, but AES itself is VERY secure.
 
Interesting that the Nintendo finally started using real crypto for rng. Frankly I'm shocked that it took them this long to do so.

Think of it this way Strange_matter: If you can break AES, you have a promising future in the international intelligence community. That is to say that there isn't some possible exploit based on how it was implemented, but AES itself is VERY secure.
So... is my idea viable, or is it possible to find the seed after starting and manipulating it from there? Is there any feasible method for RNG abuse? I wasn't my flawless Yveltal, although... if anyone has one I might be will to trade it for an event Pokémon, or flawless ditto, or a flawless shiny Pokémon, or a flawless legendary Pokémon given enough time.
 
I'm positive you could have gotten one by now after endless soft-resets. RNG abuse isn't coming out anytime soon.
Oh well... I guess RNG abuse is off the table for now then, but are there any plans though? There is that Celebi event that I can't soft-reset for, so I can make do for now, but, while I don't want to be a pest, it would be nice to know...
 

Pyritie

TAMAGO
is an Artist
Oh well... I guess RNG abuse is off the table for now then, but are there any plans though? There is that Celebi event that I can't soft-reset for, so I can make do for now, but, while I don't want to be a pest, it would be nice to know...
You're guaranteed three perfect IVs on both yveltal and celebi (though I'm not sure if you can SR for the latter). Bring a synchroniser to the yveltal and keep SRing until all stats are 27+, should be good enough for you
 
You're guaranteed three perfect IVs on both yveltal and celebi (though I'm not sure if you can SR for the latter). Bring a synchroniser to the yveltal and keep SRing until all stats are 27+, should be good enough for you
Yeah, I already knew that stationary Pokémon have 3 perfect IV's, but I didn't realize that Celebi was guaranteed 3 perfect IV's. I have a synchronizer too...
You might think that IV's above would be good enough, but I must obsessively accept nothing less than perfect IV's... Yes, I'm a bit eccentric...
 

Age of Kings

of the Ash Legion
is a Forum Moderator Alumnus
Yeah, I already knew that stationary Pokémon have 3 perfect IV's, but I didn't realize that Celebi was guaranteed 3 perfect IV's. I have a synchronizer too...
You might think that IV's above would be good enough, but I must obsessively accept nothing less than perfect IV's... Yes, I'm a bit eccentric...
Then that's your own problem since the chances without RNG abuse, even with the three guaranteed perfect IVs, are infinitesimally small. The difference between a 27 and a 31 in stats other than Speed and HP make less than a 1% difference in damage calculations. You're already starting with a paltry 50% chance of getting the nature you want. Deal with it or don't enjoy the game but don't try to force a response out of the researchers. It will come when it will come.

The bank Celebi is not soft resettable but it's completely useless anyways since it lacks event moves and tutors which comprise an extremely important component of its movepool.
 
Then that's your own problem since the chances without RNG abuse, even with the three guaranteed perfect IVs, are infinitesimally small. The difference between a 27 and a 31 in stats other than Speed and HP make less than a 1% difference in damage calculations. You're already starting with a paltry 50% chance of getting the nature you want. Deal with it or don't enjoy the game but don't try to force a response out of the researchers. It will come when it will come.

The bank Celebi is not soft resettable but it's completely useless anyways since it lacks event moves and tutors which comprise an extremely important component of its movepool.
Yeah, I'm not trying to be unreasonable or anything like that, so I'll just have to wait for the RNG reporter. I hope people don't mind that I've been asking questions though...
 

Users Who Are Viewing This Thread (Users: 1, Guests: 0)

Top