Kodewerx

bought now on EBAY at Datel online store...shipped...last one for the moment until Datel USA gets more...it should be here early next week...

_________________
Ancient Code Sage

Here are some infos I gathered from toying with the Trainer Toolkit (TT).

The TT has some kind of volatile memory (ram?), at 0x08800000. When you start the TT with the AR in the NDS slot, the AR will write some stuff at 0x08800000 (0x2980 bytes will be written with the AR 1.52). It looks like something close to the normal code handler (the registers used are different though), however I didn't studied it very much yet (I think that when the TT is used, it executed its own code handler and not the one copied by the AR - which means the AR hacks will not work). Then, if the AR finds out that it can read/write from 0x08808000, it enters the 'Trainer Toolkit enable' mode. And each time you power down the NDS/remove the TT, the 'ram' of the TT get cleared.

Then, when you start a game with the AR and the Trainer Toolkit enabled, a branch to 0x08800000 is set in the code handler. Also, with the TT enabled, the code handler is a bit off (compared to the code handler without the TT).

Also, the TT seems to have its own game list, different from the AR one. If you have codes for, let's say, Super Mario 64, in your AR but plug in the TT, it'll say '0 codes' and 'game unknown'. There seems to be no way to add codes to the TT, which is a bit strange. That kinda explains why games that use some custom (m) code won't work (as custom (m) codes can't be entered in the TT).

And even if it 'looks like' a GBA cartridge, putting it inside a GBA will start the GB/C mode. And you can see the contents of the TT by looking at/dumping 0x08000000~0x09000000 using the TT PC Tool.

Edit :
Apart that, the product seems pretty strong, the software nice enought for me, and the manual seems to explain a lot of things pretty well for people that never hacked. So that's a thumbs up for Datel from my part !

Edit2 :
Actually, the data in the TT is mirrored every 0x00080000.

Hell, mine has said "payment received" and nothing else for a month now.

Kenobi....long ago I remember this weird code list thing with a product Datel made for Rocket Games....N64 Dev. Kit. We never understood that one either....don't sweat it...keep playing and let us know what you find...especially like YS...if there are any games not seeming compatible.

_________________
Ancient Code Sage

Not sure if I/we should create a thread in the 'Game Hacking Development' for the TT technicals infos/hacks... Anyway !

Just for the fun, a small (kinda useless) Trainer Toolkit hack :

08800268 E12FFF1E
94000130 FDFF0000
08800268 EAFFFF64
D2000000 00000000

This will 'freeze' the game, making the TT code handler loop on itself while L is pressed (there is a small delay between the time you start pressing the key and the freeze happens - might be due to some instruction caching or some sort of write delay).
This will prevent the game from running while the code search is happening, as long as you keep the key pressed (can be useful for a moonjump or a timer code search, in case the game doesn't offer a pause button/menu).

Also, well anyone with the TT can see that, but when you enter codes using the 'Run-List' option of the software, the software copies the codes in the TT code handler on the fly. Code list starts at 0x08800928.

And it seems that when the TT is running, you can press L+R (and only L+R) to freeze the game. However this will be some kind of infinite loop on itself, ie. the code handler will not be executed (loop : ldrh r3,[0x04000130] ; cmp r3,0xff ; beq loop). In case anyone is annoyed with it, here is a code to disable that :
523FE054 0AFFFFFC
023FE054 EA100000
D2000000 00000000

That looks awesome. I can't wait 'till I get it!

Then I can finnaly start making more codes. I've made two for the DS and ~25~ for the GCN... (and I know it's not for the GCN, I just wanted to put it there )

mine gets here Monday. nice hacks as usual kenobi.

[quote="kenobi"]Here are some infos I gathered from toying with the Trainer Toolkit (TT).



Also, the TT seems to have its own game list, different from the AR one. If you have codes for, let's say, Super Mario 64, in your AR but plug in the TT, it'll say '0 codes' and 'game unknown'. There seems to be no way to add codes to the TT, which is a bit strange. That kinda explains why games that use some custom (m) code won't work (as custom (m) codes can't be entered in the TT).

No not strange...this is exactly the way the TT works. You "add" the codes in the run list screen of the trainer. It disallows any pre-loaded codes on purpose so that the trainer runs correctly.

The trainer firmware is updated two ways...through the AR DS when you update it (right now it is at ver 1.52) while the trainer is at 1.0...or you can update it should you be lucky enough to have a newer release firmware bin file...which is doubtful unless you hacked your way in Datel itself. The present settings for the TT:
Body v 0.08
Hook v 0.04
Patcher v 0.03
Code Engine v 1.21


Kenobi...do you see anything at all hidden in the firmware that has a pass through? Pokemon may be one such place that is needed with the TT.

_________________
Ancient Code Sage

I got my TT yesterday, and this code is helping me alot.
Thanks Kenobi.

_________________

My Trainer Toolkit probably arrived today, or at least something from Datel did. Odd since my order status never changed. Unfortunately I won't be able to get the package until this weekend, since I expected it to arrive when I was on break two weeks ago and didn't have it shipped here.
I hope everything is okay.

Mine has not changed in a month now. Nobody ever said if they got an email or if the status changed when it shipped.

@macrox : I'm not sure what the TT updgrade is for. Like I said, it seems the TT is just some kind of ram expension pack, with an USB communication feature. It means the TT upgrade might have nothing to do with the body, hook, patcher and code engine versions, so it could be just an upgrade for the USB communication firmware (the body, hook, patcher and code engine being all inside the AR and not the TT).
And even if I didn't fully look at it yet, I didn't saw anything "hidden" inside the TT (but there might be things "hidden" inside the AR).

@kyle : glad it helped !

@dexter0 : I've received no emails, and my shipping status didn't change (it was/is "Complete & Despatched").

I got mine. BTW: Thanks for the info kenobi. I was getting worried.

Aside from that I have a question for all who have updated to 1.52 firmware. Does the new firmware break kenobi's special hacks or cause other problems?

EDIT: A quick search revelaed the answer from kenobi himself.
http://kodewerx.net/forum/viewtopic.php?t=602

Perhaps I should buy a 2nd ARDS with the new firmware just for the TT.

@ kenobi- The TT is simply just a comm board for the AR DS to talk to the PC. I think you are right, it is the AR DS itself that is running the "show" here aka "mother ship".

_________________
Ancient Code Sage

Just in case people don't see it, I made a post about some new AR code types (only avaible when using the TT for now).

Another 'useless' code (ie. for hacking purpose only) :
(of course, it'll only work properly with the TT !)



If you want to change the activators, it's there :
(button(s) used to freeze/unfreeze the game)
94000130 FEFF0000 // R = FEFF
88860000 FEFF0000 // R = FEFF

and here
(button(s) used to advance the game)
94000130 FDFF0000 // L = FDFF
88860000 FDFF0000 // L = FDFF

Then, you can select at which 'speed' the game advance when you press L (or whichever button you choosed) :
98860004 FFFE0001
08800268 EAFFFF64
5886000C 00000004 <- 4 = wait for 4 ar code handler execution before freezing the game again.

I advise you try the lowest working number. For exemple, I tried 3 in Hotel Dusk, and it wasn't working (after pushin L some dozen of times, the game never unfroze), while using 4 worked better (the game advanced slowly while I was pressing the L button numerous times). However, one could also set this number to 0x10, 0x50...


What could this code be good for ? Well, for finding/hacking counters that decrease/increase way too fast I guess... And maybe others unknown purposes...

Note that code might now work properly for all games (like the other 'freeze game' code I made).

And I guess I'm allowed to double post as I'm bringing new informations...

Kenobi- This code has worked for me in the Vanias and Clubhouse games...but it does not allow a total pause (freeze) in Cooking Mama.

_________________
Ancient Code Sage

If anybody could put one of these up on Ebay it would be appreciated cause my family (parents) dont trust Codejnkies site

_________________

I bought one from codejunkies. I have it. besides, you can buy them from Datel ON ebay as well.

@macrox :

Not quite sure what the 'problem' could be, so I might say nonsense... The AR hooks the ARM7, so I guess while the TT is looping on itself ('freezing' the ARM7 execution) the ARM9 is still running, so if the game 'relies' on it, it could be still running. Moreover, interrupts should still be going on, so the game might still be either actually running, or give the impression that it's running (that depends on how the game is programmed?). It could also be that the hook is not executed, but I highly doubt it.
Anyway, I'll try to check cooking mama sometime later.

Is that why if you end up freezing a game, the music may continue, or things on screen may still move.

@ King R
I was looking on Ebay and could not find one

_________________

FNG posted the link somewhere on KW. Might've been in Dial 911, if he did, it should be stickied.