Implement Game Sync

[mm201]

@polaris- already did some amazing work reverse engineering this; I should be able to do the rest myself.

Note that I have no plans of replicating the original dream world, since that would be a major violation of copyright.

[ghost]

what's news ? and for fixing the Matchmaking of gen5 random matchups ?

[mm201]

I need lots of free time to do game Sync. Random matchup is an altwfc issue. Send them your packets.

https://github.com/polaris-/dwc_network_server_emulator/issues/162

[ghost]

Random bump; @mm201 how is the stage of the framework as a whole?

[mm201]

It'll be done when it's ready.

[dmoeenm]

What are you planning to do with the whole dream world/ global link stuff then i know you won't replicate it but what are you going to use the gamesync for and what will happen to all the other functions of gamesync will you work with other's to create a way to grow berries and maybe get dream world event pokemon or something like that and do you have any plans for the other global link stuff

[the4anoni]

any news ?

[ghost]

Well ofc not. If there was any news, it'd have been posted 😉

[the4anoni]

How can i help with this ? (im not dev ,dont have any captured packages)

[ketsuban]

Could you write up what you do know about the Game Sync protocol? The lay writeups focus on the Dream World (not unreasonable, but unhelpful for our purposes) and I'd be interested to know what uses it can be put to.

[mm201]

First, the game checks the account status. If it's able to put a pokemon to bed, it first downloads a banlist, then lets you pick a pokemon, then puts it to bed. The put-to-bed request actually uploads the entire savefile to the server. Another possible account status is that the pokemon is dreaming or that it's able to wake up. If you wake it up, the server sends a payload which contains any pokemon or items you brought back with you. Communications happen over https. It's not a gamestats server.

There should be other stuff in this payload I haven't had a chance to look at yet, such as trainer's pokemon who visited you and stuff for BW2 join avenue.

The neatest thing is that the entire savefile is sent, so this can be used for stuff like bulk IV checking. You should also be able to inject pokemon, which will then appear in the forest to be caught with dream balls, or items.

I can't give you detailed specifics, since I haven't figured them out yet and plan on figuring them out by actually implementing it. What I can provide is @polaris- 's toy Game Sync implementation which contains some valuable research he did.

[ketsuban]

Wow, that's a lot more exploitable than what I was expecting. Thanks!

[ghost]

How is the project going?

[zurgeg]

Yo, incase you need any help, I've been doing some research relating to Game Sync. I've built a simple Python server to run GS but that's besides the point. Currently I've found that when a Pokemon isn't currently sleeping in that save, returning anything relating to waking up a Pokemon will tell you that "Game Sync needs to recharge"

[zurgeg]

Alright, more research, the form data (I think?) when you respond with \x08 to playstatus, then with \x00\x00\x00\x00 to account.create.upload, is actually just your raw save data

[mm201]

@zurgeg I hear you're doing some good research! savedata.download is the current snag. Rating battle, i.e. worldbattle download/upload would also be great to have and we should be able to run rating battles without any copyright issue.

Can I contact you on Discord?

[zurgeg]

@zurgeg I hear you're doing some good research! savedata.download is the current snag. Rating battle, i.e. worldbattle download/upload would also be great to have and we should be able to run rating battles without any copyright issue.

Can I contact you on Discord?

Yeah, but I prefer GitHub issues for this kinda thing ;)

[zurgeg]

@mm201 I figured out some likely key info on savedata.download

During savedata.download, it runs the following math function 10 times, increasing x each time: f[x] = (x * 0x08) + 0x04, each time it runs that function, it checks the 2 bytes at that location in the response, if those are \x00\x00 then break the loop, otherwise if d <= 0x1ed where D is the data just pulled, then do something(!)

I believe that d is likely pointing to something in the response, from what I saw on polaris-'s gist. I can't seem to find much else at the address (21D7E78) polaris mentioned in the gist.

[mm201]

0x1ed is Arceus's Nat Dex number which is ... interesting. It looks pretty clearly like a null-terminated list of up to 10 whatsits involving Pokémon. Possibly the list of Pokémon to send to the Entree? 8 bytes would give us 4 shorts for species, 2 moves, and maybe some additional flags like gender? But I'm not sure why it would care whether the Pokémon is a Unova native or not. 0x289 seems like a more reasonable number to test.

[zurgeg]

0x1ed is Arceus's Nat Dex number which is ... interesting. It looks pretty clearly like a null-terminated list of up to 10 whatsits involving Pokémon. Possibly the list of Pokémon to send to the Entree? 8 bytes would give us 4 shorts for species, 2 moves, and maybe some additional flags like gender? But I'm not sure why it would care whether the Pokémon is a Unova native or not. 0x289 seems like a more reasonable number to test.

Odd, afaik Arceus isn't the last guy in the natdex (at least in gen 5). Additionally, PKHeX says that Entree pokemon can only have 1 move? Maybe the additional flags are actually replacing the PID? I know Entree pokemon don't have a PID.
EDIT: I did just realize that Arceus is the last guy in the Gen4 dex however.

[426C7565]

Heyo, someone else who would be interested in helping out (but not sure how to) here! Took a look at everything mentioned in here so far, as well as the gist shared, and wanted to share my thoughts on it. Please note that I have never played PDW or used the Global Link extensively while it was around, so I might be completely wrong here.

Assuming that the gist was based off of the first set of gen V games (this would somewhat explain why the second loop uses the index of the first BW2 exclusive item), it would make sense for the game to check for any non-Unova Pokémon, as they aren't part of the regional dex. My guess is that the game performs an additional check on non-Unova Pokémon to see whether or not the player has obtained the national dex mode in-game, and if not, makes the Pokémon invisible in the Entree Forest (this is also an option in PKHeX) until they do.

As for the data itself, my guess is that it's laid out like this:

0x00 - 2 bytes - Internal Pokémon ID
0x02 - 2 bytes - First move ID
0x04 - 4 bytes - (Partial) personality value

The DW Pokémon have a set gender, as well as a guaranteed HA (if the Pokémon has one) and cannot be shiny from what I've read, so for these elements, a (partial) personality value would need to be created on the server's side before the transfer occurs (probably within the DW game when the Pokémon was encountered).

Hope any of this helps!

[zurgeg]

Heyo, someone else who would be interested in helping out (but not sure how to) here! Took a look at everything mentioned in here so far, as well as the gist shared, and wanted to share my thoughts on it. Please note that I have never played PDW or used the Global Link extensively while it was around, so I might be completely wrong here.

Assuming that the gist was based off of the first set of gen V games (this would somewhat explain why the second loop uses the index of the first BW2 exclusive item), it would make sense for the game to check for any non-Unova Pokémon, as they aren't part of the regional dex. My guess is that the game performs an additional check on non-Unova Pokémon to see whether or not the player has obtained the national dex mode in-game, and if not, makes the Pokémon invisible in the Entree Forest (this is also an option in PKHeX) until they do.

As for the data itself, my guess is that it's laid out like this:

0x00 - 2 bytes - Internal Pokémon ID
0x02 - 2 bytes - First move ID
0x04 - 4 bytes - (Partial) personality value

The DW Pokémon have a set gender, as well as a guaranteed HA (if the Pokémon has one) and cannot be shiny from what I've read, so for these elements, a (partial) personality value would need to be created on the server's side before the transfer occurs (probably within the DW game when the Pokémon was encountered).

Hope any of this helps!

Ah. Perfect! I used up my GS energy yesterday so I should be able to give this a test. I'll edit this once I do.
EDIT: Nope, didn't work. I can't think of anything else that could go on...

[426C7565]

Does the problem originate from the Pokémon data parsing specifically, or can it be any of the other sections as well? And is what is described in the gist all that is sent, or is there more data (namely PGL stuff) that is sent in the same response? Supposedly there should be more data that the system receives once a Pokémon wakes up, but I can't find any mention of anything unrelated to the DW apart from the battle competition.

Also, would it be possible to share some snippets of the disassembled code that parses the response, or does that go against any rules/guidelines (not familiar with the legal side of these things)? I don't have any experience in the field reverse-engineering, but would like to take a look at it if possible.

[zurgeg]

Does the problem originate from the Pokémon data parsing specifically, or can it be any of the other sections as well? And is what is described in the gist all that is sent, or is there more data (namely PGL stuff) that is sent in the same response? Supposedly there should be more data that the system receives once a Pokémon wakes up, but I can't find any mention of anything unrelated to the DW apart from the battle competition.

Also, would it be possible to share some snippets of the disassembled code that parses the response, or does that go against any rules/guidelines (not familiar with the legal side of these things)? I don't have any experience in the field reverse-engineering, but would like to take a look at it if possible.

Good question! I haven't taken a look in a debugger since I can't get it to work under melonDS, but I will once I get back to you

[zurgeg]

0x1ed is Arceus's Nat Dex number which is ... interesting. It looks pretty clearly like a null-terminated list of up to 10 whatsits involving Pokémon. Possibly the list of Pokémon to send to the Entree? 8 bytes would give us 4 shorts for species, 2 moves, and maybe some additional flags like gender? But I'm not sure why it would care whether the Pokémon is a Unova native or not. 0x289 seems like a more reasonable number to test.

FYI, the answer to why it would care is that there are only a couple Unova pokemon with overworld sprites (Virizon, Reshiram, Zekrom, just to name a few). We also figured out that it comes out to 2-bytes species, 2-bytes move, 1-byte gender, and then some other things we haven't figured out.

[zurgeg]

Heyo, someone else who would be interested in helping out (but not sure how to) here! Took a look at everything mentioned in here so far, as well as the gist shared, and wanted to share my thoughts on it. Please note that I have never played PDW or used the Global Link extensively while it was around, so I might be completely wrong here.

Assuming that the gist was based off of the first set of gen V games (this would somewhat explain why the second loop uses the index of the first BW2 exclusive item), it would make sense for the game to check for any non-Unova Pokémon, as they aren't part of the regional dex. My guess is that the game performs an additional check on non-Unova Pokémon to see whether or not the player has obtained the national dex mode in-game, and if not, makes the Pokémon invisible in the Entree Forest (this is also an option in PKHeX) until they do.

As for the data itself, my guess is that it's laid out like this:

0x00 - 2 bytes - Internal Pokémon ID
0x02 - 2 bytes - First move ID
0x04 - 4 bytes - (Partial) personality value

The DW Pokémon have a set gender, as well as a guaranteed HA (if the Pokémon has one) and cannot be shiny from what I've read, so for these elements, a (partial) personality value would need to be created on the server's side before the transfer occurs (probably within the DW game when the Pokémon was encountered).

Hope any of this helps!

Well, that helped quite a bit given you were actually right about the first 2 values. What a coincidence that a random guess would've gotten us this far!

[zurgeg]

Alright, so I made a purely random guess about worldbattle.download (just bounced back my savedata) and yeah it worked?
Problem is, it is connecting to syachi2ds.secure.sake.gs.nintendowifi.net. On top of that, not only is it connecting to a server out of my control (Wiimmfi), the error code it spits out (40755) is unknown...

[zurgeg]

I was mistaken. I coded a basic SAKE server (bounces back a simple XML upon a download request) and now we are connecting to dls1.ilostmymind.xyz. Unfortunately, that seems to be a NWFC server controlled by Wiimmfi, which is (actually this time) out of my control.

[zurgeg]

We did it!
Also customizations can download now

[DrRubix1712]

Is there a way for me to get involved with this project as far as testing the sending and receiving of save data or anything to do with testing?

[zurgeg]

Is there a way for me to get involved with this project as far as testing the sending and receiving of save data or anything to do with testing?

We haven't quite gotten anything up and running for a production ready build, but maybe soon!

[Cowboyjunkie]

Is there a way for me to get involved with this project as far as testing the sending and receiving of save data or anything to do with testing?

We haven't quite gotten anything up and running for a production ready build, but maybe soon!

Hi!
Anything one can do to help? I have my Pkmn-Classic Server on PiOS just up and running and I am already in the process of debugging and analyzing various parts of it.
Regards,
John

[zurgeg]

Is there a way for me to get involved with this project as far as testing the sending and receiving of save data or anything to do with testing?

We haven't quite gotten anything up and running for a production ready build, but maybe soon!

Hi! Anything one can do to help? I have my Pkmn-Classic Server on PiOS just up and running and I am already in the process of debugging and analyzing various parts of it. Regards, John

Not really. We don't actually have anything set up for front-end stuff, so basically all that you can do is download a bunch of Blaziken ;)

[mm201]

@Cowboyjunkie If you're feeling adventurous, you could drop some replay responses into pgl.ashx, especially for savedata.download. There's some discussion in this thread about them. (Just remove the 502 response to get rid of the maintenance error.) You should make sure you have a savefile backup, because wrong responses can mess up your Entralink.

Other than that, just have a bit of patience while I finish up GenIV and move onto this.

[zurgeg]

@Cowboyjunkie If you're feeling adventurous, you could drop some replay responses into pgl.ashx, especially for savedata.download. There's some discussion in this thread about them. (Just remove the 502 response to get rid of the maintenance error.) You should make sure you have a savefile backup, because wrong responses can mess up your Entralink.

Other than that, just have a bit of patience while I finish up GenIV and move onto this.

Busted Entralink was an issue with the save I was using fyi. But attempting to load in ----- (or really anything with no overworld sprite) would probably crash.

[qfoxb]

Any updates in the past few months?

[kuroppoi]

Has there been any cool & notable progress that I missed out on?
I came across this a while back and it piqued my interest, so I decided to have a go at figuring this out for fun and experience.
It seems that the hardest part has already been done, so admittedly all I have really done so far was write a local DNS server and some very simple server emulators based on the groundwork that has been laid down until now & messed with some of the values.

I'm currently at the point where I am able to tuck in and wake up a Pokémon, as well as catch downloaded Pokémon in the Entralink/Dream World. (Although the provided data is far from complete.)

I'm currently not very experienced when it comes to reverse engineering DS games (couldn't for the life of me figure out how to debug them in realtime..), but I'd love to share any of my findings with you, should you find them interesting!

[zurgeg]

Has there been any cool & notable progress that I missed out on? I came across this a while back and it piqued my interest, so I decided to have a go at figuring this out for fun and experience. It seems that the hardest part has already been done, so admittedly all I have really done so far was write a local DNS server and some very simple server emulators based on the groundwork that has been laid down until now & messed with some of the values.

I'm currently at the point where I am able to tuck in and wake up a Pokémon, as well as catch downloaded Pokémon in the Entralink/Dream World. (Although the provided data is far from complete.)

I'm currently not very experienced when it comes to reverse engineering DS games (couldn't for the life of me figure out how to debug them in realtime..), but I'd love to share any of my findings with you, should you find them interesting!

Ooh! We would definitely love to know how savedata.download works. Currently, we're stuck on Pokemon data. All it gives us is a Blaziken, and I've been stuck trying to bruteforce due to GS's cool down.

If you need help with RT Debugging, use No$GBA.

[kuroppoi]

Has there been any cool & notable progress that I missed out on? I came across this a while back and it piqued my interest, so I decided to have a go at figuring this out for fun and experience. It seems that the hardest part has already been done, so admittedly all I have really done so far was write a local DNS server and some very simple server emulators based on the groundwork that has been laid down until now & messed with some of the values.
I'm currently at the point where I am able to tuck in and wake up a Pokémon, as well as catch downloaded Pokémon in the Entralink/Dream World. (Although the provided data is far from complete.)

I'm currently not very experienced when it comes to reverse engineering DS games (couldn't for the life of me figure out how to debug them in realtime..), but I'd love to share any of my findings with you, should you find them interesting!

Ooh! We would definitely love to know how savedata.download works. Currently, we're stuck on Pokemon data. All it gives us is a Blaziken, and I've been stuck trying to bruteforce due to GS's cool down.

If you need help with RT Debugging, use No$GBA.

Hi!
I've tinkered with No$GBA before, but I was unable to get WiFi to work on it.
I currently use MelonDS and use save states to skip the whole Game Sync recharge thing.
As for savedata.download; The Pokémon data that I currently send starts at index 0x84 (132) in the response packet, is 10 entries long and each entry contains 8 bytes of data. The entry data format is as follows:

0x00 - 2 bytes - Species/Dex Number
0x02 - 2 bytes - Move ID, matches with numbers here: https://bulbapedia.bulbagarden.net/wiki/List_of_moves
0x04 - 1 byte  - Unknown
0x05 - 1 byte  - Unknown
0x06 - 1 byte  - Animation
0x07 - 1 byte  - Unknown

Here is how I currently write the Pokémon data to the response buffer:

// 10 entries starting at index 132 and incrementing by 8 with each subsequent entry
for(int i = 0; i < 10; i++) {
    // Currently #1 aka Bulbasaur
    response[i * 8 + 132] = 1; // 0x00 - 2 bytes - Species/Dex Number
    response[i * 8 + 133] = 0; // ^
						
    // Currently #1 aka Pound
    response[i * 8 + 134] = 1; // 0x02 - 2 bytes - Move ID
    response[i * 8 + 135] = 0; // ^
						
    response[i * 8 + 136] = 0  // 0x04 - 1 byte  - Unknown
    response[i * 8 + 137] = 0; // 0x05 - 1 byte  - Unknown
						
    response[i * 8 + 138] = 5; // 0x06 - 1 byte  - Animation
    response[i * 8 + 139] = 0; // 0x07 - 1 byte  - Unknown
}

I'm currently trying to figure out how to make the Pokémon appear in different parts of the forest.
Hope this helps!

[zurgeg]

Ahh, I figured out why it wasn't working. I forgot to catch my Blazikens I've been holding hostage keeping in the entree.

[kuroppoi]

Items work a little interestingly; starting at index 0xDC (220), up to 20 item IDs (2 bytes) may be sent.
Then, starting at index 0x104 (260) the item amounts are sent (1 byte) in respective order.

// Items obtained
// First, starting at index 220, send up to 20 item IDs.
for(int i = 0; i < 20; i++) {
    // This will send items Water Stone through Old Amber
    response[i * 2 + 220] = i + 84; // Item ID
    response[i * 2 + 221] = 0;
}

// Then, starting at index 260, send the item counts in the same order.
for(int i = 0; i < 20; i++) {
    response[i * 1 + 260] = i + 1) // Item Count
}

[zurgeg]

Items work a little interestingly; starting at index 0xDC (220), up to 20 item IDs (2 bytes) may be sent. Then, starting at index 0x104 (260) the item amounts are sent (1 byte) in respective order.

// Items obtained
// First, starting at index 220, send up to 20 item IDs.
for(int i = 0; i < 20; i++) {
    // This will send items Water Stone through Old Amber
    response[i * 2 + 220] = i + 84; // Item ID
    response[i * 2 + 221] = 0;
}

// Then, starting at index 260, send the item counts in the same order.
for(int i = 0; i < 20; i++) {
    response[i * 1 + 260] = i + 1) // Item Count
}

Yep, that's what we found too

[Pyrochrome]

Has there been any cool & notable progress that I missed out on? I came across this a while back and it piqued my interest, so I decided to have a go at figuring this out for fun and experience. It seems that the hardest part has already been done, so admittedly all I have really done so far was write a local DNS server and some very simple server emulators based on the groundwork that has been laid down until now & messed with some of the values.

I'm currently at the point where I am able to tuck in and wake up a Pokémon, as well as catch downloaded Pokémon in the Entralink/Dream World. (Although the provided data is far from complete.)

I'm currently not very experienced when it comes to reverse engineering DS games (couldn't for the life of me figure out how to debug them in realtime..), but I'd love to share any of my findings with you, should you find them interesting!

You wouldn't mind opening your own repo for this, would you? I'm curious about replicating the same thing on my own computer.

[kuroppoi]

Has there been any cool & notable progress that I missed out on? I came across this a while back and it piqued my interest, so I decided to have a go at figuring this out for fun and experience. It seems that the hardest part has already been done, so admittedly all I have really done so far was write a local DNS server and some very simple server emulators based on the groundwork that has been laid down until now & messed with some of the values.
I'm currently at the point where I am able to tuck in and wake up a Pokémon, as well as catch downloaded Pokémon in the Entralink/Dream World. (Although the provided data is far from complete.)

I'm currently not very experienced when it comes to reverse engineering DS games (couldn't for the life of me figure out how to debug them in realtime..), but I'd love to share any of my findings with you, should you find them interesting!

You wouldn't mind opening your own repo for this, would you? I'm curious about replicating the same thing on my own computer.

If nobody beats me to it, I might make a simple open-source tool that allows you to download any Pokémon, item and (custom) C-Gear/Pokédex skin you want.

[mm201]

I would be delighted to take a pull request that gets Game Sync working! If you want to talk more, you should hop on Discord. There should be a current link on https://pkmnclassic.net/

[zurgeg]

Has there been any cool & notable progress that I missed out on? I came across this a while back and it piqued my interest, so I decided to have a go at figuring this out for fun and experience. It seems that the hardest part has already been done, so admittedly all I have really done so far was write a local DNS server and some very simple server emulators based on the groundwork that has been laid down until now & messed with some of the values.
I'm currently at the point where I am able to tuck in and wake up a Pokémon, as well as catch downloaded Pokémon in the Entralink/Dream World. (Although the provided data is far from complete.)

I'm currently not very experienced when it comes to reverse engineering DS games (couldn't for the life of me figure out how to debug them in realtime..), but I'd love to share any of my findings with you, should you find them interesting!

You wouldn't mind opening your own repo for this, would you? I'm curious about replicating the same thing on my own computer.

If nobody beats me to it, I might make a simple open-source tool that allows you to download any Pokémon, item and (custom) C-Gear/Pokédex skin you want.

atm, DSLink has repos for it. https://github.com/NDSLink/dream-server

[zurgeg]

Has there been any cool & notable progress that I missed out on? I came across this a while back and it piqued my interest, so I decided to have a go at figuring this out for fun and experience. It seems that the hardest part has already been done, so admittedly all I have really done so far was write a local DNS server and some very simple server emulators based on the groundwork that has been laid down until now & messed with some of the values.
I'm currently at the point where I am able to tuck in and wake up a Pokémon, as well as catch downloaded Pokémon in the Entralink/Dream World. (Although the provided data is far from complete.)

I'm currently not very experienced when it comes to reverse engineering DS games (couldn't for the life of me figure out how to debug them in realtime..), but I'd love to share any of my findings with you, should you find them interesting!

Ooh! We would definitely love to know how savedata.download works. Currently, we're stuck on Pokemon data. All it gives us is a Blaziken, and I've been stuck trying to bruteforce due to GS's cool down.
If you need help with RT Debugging, use No$GBA.

Hi! I've tinkered with No$GBA before, but I was unable to get WiFi to work on it. I currently use MelonDS and use save states to skip the whole Game Sync recharge thing. As for savedata.download; The Pokémon data that I currently send starts at index 0x84 (132) in the response packet, is 10 entries long and each entry contains 8 bytes of data. The entry data format is as follows:

0x00 - 2 bytes - Species/Dex Number
0x02 - 2 bytes - Move ID, matches with numbers here: https://bulbapedia.bulbagarden.net/wiki/List_of_moves
0x04 - 1 byte  - Unknown
0x05 - 1 byte  - Unknown
0x06 - 1 byte  - Animation
0x07 - 1 byte  - Unknown

Here is how I currently write the Pokémon data to the response buffer:

// 10 entries starting at index 132 and incrementing by 8 with each subsequent entry
for(int i = 0; i < 10; i++) {
    // Currently #1 aka Bulbasaur
    response[i * 8 + 132] = 1; // 0x00 - 2 bytes - Species/Dex Number
    response[i * 8 + 133] = 0; // ^
						
    // Currently #1 aka Pound
    response[i * 8 + 134] = 1; // 0x02 - 2 bytes - Move ID
    response[i * 8 + 135] = 0; // ^
						
    response[i * 8 + 136] = 0  // 0x04 - 1 byte  - Unknown
    response[i * 8 + 137] = 0; // 0x05 - 1 byte  - Unknown
						
    response[i * 8 + 138] = 5; // 0x06 - 1 byte  - Animation
    response[i * 8 + 139] = 0; // 0x07 - 1 byte  - Unknown
}

I'm currently trying to figure out how to make the Pokémon appear in different parts of the forest. Hope this helps!

@kuroppoi do you happen to know if this is in big endian or little? I'm p sure that DS uses little but just checking before I use my GS energy for today :P

[kuroppoi]

Has there been any cool & notable progress that I missed out on? I came across this a while back and it piqued my interest, so I decided to have a go at figuring this out for fun and experience. It seems that the hardest part has already been done, so admittedly all I have really done so far was write a local DNS server and some very simple server emulators based on the groundwork that has been laid down until now & messed with some of the values.
I'm currently at the point where I am able to tuck in and wake up a Pokémon, as well as catch downloaded Pokémon in the Entralink/Dream World. (Although the provided data is far from complete.)

I'm currently not very experienced when it comes to reverse engineering DS games (couldn't for the life of me figure out how to debug them in realtime..), but I'd love to share any of my findings with you, should you find them interesting!

Ooh! We would definitely love to know how savedata.download works. Currently, we're stuck on Pokemon data. All it gives us is a Blaziken, and I've been stuck trying to bruteforce due to GS's cool down.
If you need help with RT Debugging, use No$GBA.

Hi! I've tinkered with No$GBA before, but I was unable to get WiFi to work on it. I currently use MelonDS and use save states to skip the whole Game Sync recharge thing. As for savedata.download; The Pokémon data that I currently send starts at index 0x84 (132) in the response packet, is 10 entries long and each entry contains 8 bytes of data. The entry data format is as follows:

0x00 - 2 bytes - Species/Dex Number
0x02 - 2 bytes - Move ID, matches with numbers here: https://bulbapedia.bulbagarden.net/wiki/List_of_moves
0x04 - 1 byte  - Unknown
0x05 - 1 byte  - Unknown
0x06 - 1 byte  - Animation
0x07 - 1 byte  - Unknown

Here is how I currently write the Pokémon data to the response buffer:

// 10 entries starting at index 132 and incrementing by 8 with each subsequent entry
for(int i = 0; i < 10; i++) {
    // Currently #1 aka Bulbasaur
    response[i * 8 + 132] = 1; // 0x00 - 2 bytes - Species/Dex Number
    response[i * 8 + 133] = 0; // ^
						
    // Currently #1 aka Pound
    response[i * 8 + 134] = 1; // 0x02 - 2 bytes - Move ID
    response[i * 8 + 135] = 0; // ^
						
    response[i * 8 + 136] = 0  // 0x04 - 1 byte  - Unknown
    response[i * 8 + 137] = 0; // 0x05 - 1 byte  - Unknown
						
    response[i * 8 + 138] = 5; // 0x06 - 1 byte  - Animation
    response[i * 8 + 139] = 0; // 0x07 - 1 byte  - Unknown
}

I'm currently trying to figure out how to make the Pokémon appear in different parts of the forest. Hope this helps!

@kuroppoi do you happen to know if this is in big endian or little? I'm p sure that DS uses little but just checking before I use my GS energy for today :P

Little endian

[kuroppoi]

Alright, I published all of my findings in a separate repository, so feel free to do with that what you will.