It's pointers. The game is either moving data around, loading data (not too likely) or uncompressing data and then clearing the uncompressed version once it's not needed anymore.
I found the following chain
[09CB30D4] + 0x10 Get the value at that address and add 0x10
 + 0x10 Get the value at the address from the previous step and add 0x10
 + 0x508 Get the value at the address from the previous step and add 0x508
 + 0x198 ...
 + 0x20
This address is start of the entry for that first head. From here you can offset to find the specific value you need.
I am pretty sure the whole chain only works when you are in garage mode.
I need to translate this website: http://wikiwiki.jp/cwcheat/?CODE%A4%CE%B8%FA%B2%CC
Just this part: multi pointer(0.2.2REVA以降)
It says how to make a multi-pointer cheat that will work for something like this.
I know some Japanese but that one looks rather complicated.
If there is English documentation of it, that will work too, but there isn't.
I did a manual check of it and it worked even after completing a battle. The final address ended up being different than it was before the battle.
This is really complicated, I suggest you switch to looking at changing the ISO. This is actually the most complicated example I've ever seen thus far. Falcom games load "database" data on startup and then never move or unload it, so it's easy to make cheats. When you enter battle it sets a pointer to all of the battle data (otherwise it's zero) so it's easy to make cheats that affect battle as well - this is the "simple pointer codes" 0x6 at the above link.
OK, I kind of half got it at least.
I'm not really expecting you to be able to replicate this but give it a shot.
1) make your project folder, mine I called ACLR (name does not matter)
2) make a folder "dumped" under this folder
3) use UMDgen and extract AC.BIN into your project folder
4) copy offzip.exe to your project folder
This tool is free. Download link: http://aluigi.altervista.org/mytoolz.htm
5) Hold left shift and R-click in your project folder. Choose "Open command window here"
6) Type the following: "offzip -a AC.BIN dumped 0 > output.txt"
There are not less than 5,215 files in here. Not to worry though, go to your trusty plaintext searching tools. offzip is a compressed searcher.
We know the first head part is CR-H695 so try searching for that. But I guess first we need to know about how to use our text searching tool.
Umm...I guess ask if you have questions? We want to search all 5,215 files in the dumped folder for CR-H695.
I found hits in 3 files:
006cc000.bnd 09880800.bnd 0c780800.bnd
The content looks the same in all the files.
The 09880800 and 0C780800 files have three copies of this data, not sure why. All three copies look the same. We can just change them all when that time comes to make sure the changes take effect.
I wanted to run a quick test, so I picked the first file which just has one copy of the data. The original AP value for CR-H695 is 809, that's 0x329. I changed this to 0xFFFF 65535 using a hex editor. It just randomly happens to be the case that the AP value is at offset 0x100 within each entry.
I saved the new file using a different filename in the project folder, and copied the original file into the project folder. I then ran xdelta and made a patch out of this. You don't really need xdelta for this because it's just two bytes, but whatever.
We need to make a new AC.BIN with our modified file.
"006cc000.bnd" this file is named after the offset in which it appears in the AC.BIN file. Let's now look at output.txt that got created when offzip was run. Search for 6cc000 and you see this:
0x006cc000 25553321 -> 69981040 / 0x01f2a9a9 _ 1156 8:7:28:0:1:bd91e339
0x01faa800 80 -> 800 / 0x01faa850 _ 523863 8:7:28:0:1:88ae04ef
There's key info we need here: The 0x6cc000 number (where is the compressed data), the 25553321 number (how big is the compressed data) and the 1faa800 number (where is the next file).
That is now enough so we write the pseudocode:
1) Make temporary AC.orig file with original file contents
2) Decompress the "6cc000" file (need the 25553321 number for this step)
3) Apply patch
4) Make the new AC.BIN file.
4A) Copy the first 6cc000 bytes
4B) Compress and then write the patched file
4C) Write zeros up until 1faa800
4D) Copy the rest from AC.orig
Now write the real code corresponding to the pseudocode:http://pastebin.com/5Hga0vWG
Here is my xdelta test patch:http://www.filedropper.com/006cc000
Now you have an AC.BIN (modified version) for testing use.
I don't have python code yet that can do ISO replacement so use UMDgen to put the file in. UMDgen tutorial for replace files with alignment:
1) Open the UMD ISO in UMDgen
2) Export file list
3) Replace files using drag & drop
4) Import file list
5) Write uncompressed ISO (use a different filename than the original UMD ISO)
Test in PPSSPP and....
Whoops, still didn't work. I forgot to disable my cheats.
Let me change the other values and report back.