Kodewerx

Our culture has advanced beyond all that you could possibly comprehend with one hundred percent of your brain.
It is currently Fri Mar 29, 2024 7:25 am

All times are UTC - 8 hours [ DST ]




Post new topic Reply to topic  [ 159 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6  Next
Author Message
 Post subject:
PostPosted: Fri Feb 23, 2007 1:24 pm 
Offline
Kommunist
Kommunist

Joined: Mon Jan 29, 2007 2:23 pm
Posts: 313
Only thing I need then is an instruction reference if you would be so kind as to supply me with a link? Not that I'm lazy, but I had a good one and saved it to my computer but now I cant find it :/


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Feb 23, 2007 4:20 pm 
Offline
Kommunist
Kommunist

Joined: Tue Oct 10, 2006 9:32 am
Posts: 445
The only infos I get come from GBATEK.


For the general information, I've made a small tool to convert asm to ar codes (it's a gui/frontend for arm-eabi-as.exe and arm-eabi-objcopy.exe, which then takes the result to make an ar code out of it). I put the link to the download page is in the first post of this thread (also avaible here).

For exemple, you launch it and copy/paste this asm code into the left window of the program :
Code:
ldr r0,data
mov r2,#0
loop:
ldrb r1,[r0]
orr r1,r1,#7
strb r1,[r0],#14
add r2,r2,#1
cmp r2,#50
bne loop
bx r14

data:
.word 0x02188479


Then you click 'Convert to ARDS', and you're done (this asm routine should have the same effect than your advance war codes, but it hasn't been tested).

Edit :
was using 'orr r1,r1,#3' instead of 'orr r1,r1,#7'. Corrected now.


Last edited by kenobi on Sat Feb 24, 2007 3:01 am, edited 2 times in total.

Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Feb 23, 2007 7:57 pm 
Offline
Kommunist
Kommunist

Joined: Mon Jan 29, 2007 2:23 pm
Posts: 313
While that is awesome.....it sadly still produces the black lines in the same area. Most likely because it is holding up the graphics and causing the glitch. I guess the only way around it for now is to use the button activator :?

Nice program by the way. I planned on adding something like that into kode garage (hope you don't think I stole the idea from you or that I am trying to copy you.)


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Feb 23, 2007 8:29 pm 
Offline
Kommunist
Kommunist

Joined: Mon Feb 12, 2007 4:24 pm
Posts: 29
Parasyte wrote:
ACK! (Nitpick time: Please use capital letters and some form of hexadecimal notation where applicable. Thanks!)

'E' code type, 'patch code' example:
E20EAE04 00000044...

FYI: ROM can NOT be patched on NDS, due to the data read protocol used. It's more like an SD card or CD-ROM drive than a GBA cart. ROM patches can be simulated with a little bit of card lib patching, however. (Patching parts of the executable in RAM that has to do with reading the NDS card.) But I doubt there is any real need for this.


I think there is a need for this well maybe not for every games, but for

Pokemon Diamond and Pearl, definitely there is a need for rom patches,

mainly for wild pokemon modifier, wild pokemon level modifier, shiny

pokemon, and etc. But this condition only arrived if the ram write codes

can't do the job, again mainly DMA or any conditions that are simliar to

those conditions in Pokemon Leaf Green and FireRed, Pokemon Ruby and

Sapphire, and Pokemon emerald, that requires rom patch codes to get the

desired results.

:D


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Feb 23, 2007 8:36 pm 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3768
Title: All in a day's work.
You're thinking of assembly hacks, not ROM patches. On NDS, ALL of the assembly code must be executed in RAM. On GBA, that was optional; most games ran directly in ROM. Because of the ROM protocol used on NDS (and explained a bit above) it is impossible to execute any code in ROM. So I still do not think even simulated ROM patches will be useful.

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Feb 24, 2007 3:00 am 
Offline
Kommunist
Kommunist

Joined: Tue Oct 10, 2006 9:32 am
Posts: 445
kickenchicken57 wrote:
While that is awesome.....it sadly still produces the black lines in the same area. Most likely because it is holding up the graphics and causing the glitch. I guess the only way around it for now is to use the button activator :?

Nice program by the way. I planned on adding something like that into kode garage (hope you don't think I stole the idea from you or that I am trying to copy you.)


I have absotuley no problems with you adding an 'asm to ards' option into kode garage !

About the black lines, do you have any other codes activated ?
Do the glitches appear during the normal gameplay ? At the precise point ? I'm asking that because it might be that the glitches could come from the codes overwriting important value (can happen if the amo location moves, during cut scenes or menus for exemple).

Also this simple code (that'll only works with the fist unit) also create glitches ? :
Code:
023FE4D8 0A000003
023FE424 E1833004
DB000000 02188479
D4000000 00000007
D8000000 02188479


And if not, does this asm routine also creates black lines ? :
Code:
ldr r0,data
mov r2,#0
loop:
ldrb r1,[r0]
orr r1,r1,#7
strb r1,[r0],#14
add r2,r2,#1
cmp r2,#10
bne loop
ldr r2,data+4
cmp r2,r0
ldreq r0,data+8
str r0,data
bx r14

data:
.word 0x02188479
.word 0x02188735
.word 0x02188479


(if black lines still appear with this code, try to change the 'cmp r2,#10' with 'cmp r2,#5', cmp r2,#2'...).




Parasyte wrote:
You're thinking of assembly hacks, not ROM patches.


Just for the info, the first pokemons modifier codes on the GBA where made using rom patchs which were not assembly hacks, by modifying the data of the game. For exemple people found where the data of the 8 pokemons that randomly appeared on route 110 was stored in the rom, and they used rom patches to change one of them in the pokemon of their choice and with the level of their choice (however that hacked pokemon would still appear randomly).

Now time has proven these hacks were kinda cheap and useless compared to an assembly hack.

And on a side note, the shiny pokemon code can only be achieved using a real assembly hack.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Feb 24, 2007 5:57 am 
Offline
Kommunist
Kommunist

Joined: Mon Jan 29, 2007 2:23 pm
Posts: 313
I will try your new stuff when I get a chance. To answer your questions...
1) Tried the code as a type '2' constant write (also ruins the status flags because it needs ORRed) with no side effects
2) Tried the code in a loop with the ORR and it causes glitches ONLY during gameplay, not in any menus.
3) None of the Unit codes (Ammo, Health, Gas) move.
4) As long as the code is on, the glitch remains constant.
5) There is some 'cut scene' situations. Such as when you shoot an enemy or capture a base, but I cant remember if it glitches there also. I will check that out.

I will try the ORR code on one unit alone and also try your code and ASM code


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Feb 24, 2007 3:09 pm 
Offline
Kommunist
Kommunist

Joined: Mon Feb 12, 2007 4:24 pm
Posts: 29
Parasyte wrote:
You're thinking of assembly hacks, not ROM patches. On NDS, ALL of the assembly code must be executed in RAM. On GBA, that was optional; most games ran directly in ROM. Because of the ROM protocol used on NDS (and explained a bit above) it is impossible to execute any code in ROM. So I still do not think even simulated ROM patches will be useful.


Yes, indeed you are right. I was thinking of assembly hack, and not ROM

patches. The reason I called them ROM patches because of the following code

types. For example: Action Replay V3 code types z0C, z0D, z0E, and z0F that

were used for assembly hacking on the Action Replay V3.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Mar 14, 2007 8:27 am 
Offline
Kommunist
Kommunist

Joined: Mon Jan 29, 2007 2:23 pm
Posts: 313
is it possible through ASM to store values and use them later? or would i need to find an unuesed area or memory that does not change to store my values in? I would like to read 3 values from an address and store them somewhere for later use.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Mar 14, 2007 8:47 am 
If you find an unused register, you can use that.


Top
  
Reply with quote  
 Post subject:
PostPosted: Wed Mar 14, 2007 9:02 am 
Offline
Kommunist
Kommunist

Joined: Mon Jan 29, 2007 2:23 pm
Posts: 313
EDIT: nevermind, i found a spot to store stuff. Thanks.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Mar 14, 2007 10:09 am 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3768
Title: All in a day's work.
In general, it is safe to overwrite part of the secure area. There are a few Thumb instructions stored there which mustn't be touched, but the majority of it is unused garbage.

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Mar 14, 2007 10:52 am 
Offline
Kommunist
Kommunist

Joined: Mon Jan 29, 2007 2:23 pm
Posts: 313
i used 0x02000000 upward. safe so far....thanks for the tip also ^


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Mar 15, 2007 2:51 pm 
Offline
Kommunist
Kommunist

Joined: Tue Oct 10, 2006 9:32 am
Posts: 445
For the info, the TT code handler has the following changes (compared to the AR 1.52 code handler) :

- The DB code type bug if fixed.
- The if codes can now use either the address, or the offset (if the address of the if code is set to 0, then the offset is used).
- New codes types (undocumented in the TT docs) : C4, C5, C6. Not quite sure what they do for now (C4 seems to set the offset to the address of the code in the code list, C5 seems to have something to do with stopping the execution of codes, and C6 stores the offset at the value of C6... I'll update and develop when I get more infos).

What I don't get is, as the TT code handler IS inside the AR v1.52, why they didn't also upgrade the AR 1.52 code handler (edit : the C5 code type might be the reason for now) ?
Because people might start making codes (for exemple if... codes with an address of 0) using the TT, that will work with the TT, but not with the AR (when used alone)...???
I guess a new upgrade will be coming to fix that !

Edit :

C4 is confirmed.

Exemple :
C4000000 XXXXXXXX
DC000000 00000004

Then, writing to the offset will overwrite the XXXXXXXX value
which means :
00000000 12345678
will transform C4000000 XXXXXXXX into C4000000 12345678

In short, it gives you a secure place to store data.
It can also be used to change the code on the fly !

Stupid exemple (for mario 1.1) :
C4000000 00000000
DC000000 00000084 // 0x84, is the number of bytes to jump from the c4 code (c4 code included)
00000000 00000004
94000130 ffef0000
00000000 00000010
d0000000 00000000
94000130 ffdf0000
00000000 00000020
d0000000 00000000
94000130 ffbf0000
00000000 00000030
d0000000 00000000
94000130 ff7f0000
00000000 00000040
d0000000 00000000 // d0 and d3 could be merged in d2
d3000000 00000000 //
02098930 00000004 // the codes will overwrite the '00000004'

This code will give you 4 lifes if you don't press the D-pad, 16 if you press right, 32 if you press left, 48 if you press up and 64 if you press down.

However, I'm not quite sure changing codes on the fly is really useful.

But, and that could be better, the C4 code could be use to create 'AR hacks' that will work even if a custom (m) code is used.

Also... It could be used by Datel to relocate the AR while the game is running (used with an F code type, and some other codes that would change the hook).


C6 confirmed :

C6000000 YYYYYYYY
Will store the offset to [YYYYYYYY].



C5 code type :
There is a 16-bits 'timer' (well, might be more some kind of counter) running, inside the TT (at a fixed address : 0x088002E8). Not sure how it is incremented (I don't see any access to that address in the TT?...), but I guess it is each time the code handler is executed. C5 let you compare the timer value with your own value.
C5000000 XXXXYYYY
if (timer and YYYY)==XXXX

If acts like a regular 'if...' code :
If the check is true, nothing happens.
If the check is false, it sets the execution status to 'disable'.

Exemple (still for super mario 1.1) :
C5000000 00FF00FF
94000130 ffbf0000
D9000000 02098930
D4000000 00000001
D6000000 02098930
D0000000 00000000
94000130 ff7f0000
D9000000 02098930
D4000000 FFFFFFFF
D6000000 02098930
D0000000 00000000 // can be merged to D2
D0000000 00000000 //

Using this code will make pressing Dpad Up will increase the lifes, and pressind Dpad Down will decrease them at a rate of about 2 times per seconds (of course, the values of the C5 code might have to be tweaked for each game, because the timer speed should depends on how much time the code handler is executed per seconds...). Pretty nice code type if you asked me (could make items/stats editing codes pretty simple) !


Last edited by kenobi on Thu Mar 15, 2007 10:12 pm, edited 2 times in total.

Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Mar 15, 2007 4:27 pm 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:46 pm
Posts: 2331
Location: *poof*
Title: The Mad Hacker
Oh wow, I love that C5 code type! That's great!

_________________
Image


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Mar 16, 2007 2:00 am 
Offline
Kommunist
Kommunist

Joined: Wed Feb 28, 2007 5:52 pm
Posts: 79
hmm, looks like I have more stuff to add to Nitro Hax :)


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Mar 16, 2007 5:18 am 
Offline
Kommunist
Kommunist

Joined: Mon Jan 29, 2007 2:23 pm
Posts: 313
i could definitely use that timer address (0x088002E8) but too bad it only works with the TT. If the AR gets updated with this stuff it'll be checking back here to see if its a different address in the AR or not. Nice work :D


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Mar 16, 2007 11:09 am 
Offline
Kommunist
Kommunist

Joined: Tue Oct 10, 2006 9:32 am
Posts: 445
@chishm : would be funny to have nitro hax using official AR code type before Datel !

About the C4/C6 codes:
I think I finaly got one of the primary goal of this code : let you execute custom asm routines.
Exemple :
C4000000 00000018
92000000 FFFFFFFF // that check will always be false
E0000000 XXXXXXXX
YYYYYYYY YYYYYYYY // this is your custom asm routine...
YYYYYYYY YYYYYYYY
.....
D0000000 00000000
C6000000 ZZZZZZZZ

So, this code will :
store the address of the start of the second line of the E code type in the offset (= the start of YYYYYYYY, being your custom arm routine).
Write the offset to ZZZZZZZZ. So if you choose for ZZZZZZZZ the address loaded for a bx (being executed several times per seconds), for exemple :
0x02000000 : ldr r1,=0x02000100
0x02000004 : bx r1
0x02000008 : 0x02000100
then you just make ZZZZZZZZ = 0x02000008.

Of course, you must then end your custom asm routine not with bx r14, but with the bx you replaced (bx 0x02000100).

It should also be possible to place the hook inside the AR.

(Sorry if it's a bit cryptic/unclear, but I hope the people that can use that code 'combinaison' will understand it).


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Mar 16, 2007 6:09 pm 
Offline
Kommunist
Kommunist

Joined: Wed Feb 28, 2007 5:52 pm
Posts: 79
Hehe, the new code types are now in Nitro Hax (as of version 0.6). That way of doing custom ASM routines looks pretty convoluted to me. I like your hack / my code type better.

kickenchicken57:
It'll have to be a different address for the AR, since 0x088002E8 is within GBA Cart address space.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Mar 16, 2007 6:15 pm 
Offline
Kommunist
Kommunist

Joined: Mon Jan 29, 2007 2:23 pm
Posts: 313
o yea....don't mind me when i say dumb stuff. thanks for pointing that out.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Mar 17, 2007 1:30 am 
Offline
Kommunist
Kommunist

Joined: Tue Oct 10, 2006 9:32 am
Posts: 445
@chishm :
Just read your readme for 0.6, and their could be something wrong. The counter/timer is not incremented each time the C5 code type is executed, but more likely each time the code handler is executed.
For exemple, both these codes work the very same on the AR+TT :

C5000000 00FF00FF
C5000000 00FF00FF
94000130 ffbf0000
D9000000 02098930
D4000000 00000001
D6000000 02098930
D0000000 00000000
94000130 ff7f0000
D9000000 02098930
D4000000 FFFFFFFF
D6000000 02098930
D2000000 00000000

and

C5000000 00FF00FF
94000130 ffbf0000
D9000000 02098930
D4000000 00000001
D6000000 02098930
D0000000 00000000
94000130 ff7f0000
D9000000 02098930
D4000000 FFFFFFFF
D6000000 02098930
D2000000 00000000

And I assume that the first code will not work on Nitro hax, because the counter would have incremented at the first check, making the second one return false.

Also, for the C4, not sure if you done it on purpose, the it's not the way it works on the AR+TT.
You made :
C4000000 xxxxxxxx - Safe data store (Based on Trainer Toolkit code)
Sets the offset register to point to the second word of this code.
Storing data at [offset] will save over the top of xxxxxxxx.

And it should be
C4000000 xxxxxxxx - Safe data store (Based on Trainer Toolkit code)
Sets the offset register to point to the first word of this code.
Storing data at [offset+4] will save over the top of xxxxxxxx.

Edit :
Oh, and there is also that if... code type change. You might want to do :
If type codes
Adds offset to the address if the lowest bit of the address is set, or if the address ==0.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Mar 17, 2007 5:32 am 
Offline
Kommunist
Kommunist

Joined: Wed Feb 28, 2007 5:52 pm
Posts: 79
Thanks for the tips, Nitro Hax v0.7 will support the correct codes.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Mar 18, 2007 9:13 pm 
Offline
Kommunist
Kommunist

Joined: Wed Feb 28, 2007 5:52 pm
Posts: 79
kenobi:
Do you know how the master codes work? It seems Animal Crossing needs one, and I am not entirely sure how to convert it for Nitro Hax.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Mar 18, 2007 10:17 pm 
Offline
Kommunist
Kommunist

Joined: Tue Oct 10, 2006 9:32 am
Posts: 445
Didn't study it very closely yet. But from what I saw :
The first addess in the (m) code is something like the place to copy the AR hook searcher before the game boots up.
And the before last address is something like the place to copy the code handler.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Mar 19, 2007 12:28 am 
Offline
Kommunist
Kommunist

Joined: Wed Feb 28, 2007 5:52 pm
Posts: 79
Okay, what's the other address for? E.g. this is the master code for AC:WW. So 023f0000 is the place for the hook searcher to go and 023ff090 is the handler address, what's 023ffe88?
Code:
00000000 023f0000
00000000 00000001
00000000 00000000
00000000 00000000
00000000 00000000
00000000 023ffe88
00000000 023ff090
00000000 00000000
00000000 00000001

Thanks again for your help.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Mar 19, 2007 12:01 pm 
Offline
Kommunist
Kommunist

Joined: Tue Oct 10, 2006 9:32 am
Posts: 445
It looks like 0x23FFE88 is the start of the hooking routine (ie. it has some small code that put in place the hook in the game before launching the arm7 executable, and it also has the instructions replaced by the hook so they are executed each time the hook is executed).


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Mar 20, 2007 12:07 am 
Offline
Kommunist
Kommunist

Joined: Wed Feb 28, 2007 5:52 pm
Posts: 79
Okay, thanks. I think I'm going to have a deep think about how I want to hook the games with odd ARM7 binaries. I'll probably do it differently to the way the AR does.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Mar 21, 2007 6:51 pm 
Offline
Kommunist
Kommunist

Joined: Mon Jan 29, 2007 2:23 pm
Posts: 313
ok, I definitely need to use that C5 timer code now :( hope that update comes soon.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Mar 22, 2007 3:54 pm 
Offline
Kommunist
Kommunist

Joined: Tue Oct 10, 2006 9:32 am
Posts: 445
I was reading some mph posts, and saw a post of Para about some on/off activator code I made (which was obviously not posted here).
So here it is :

Code:
L+R trigger the on/off switch
94000130 FCFF0000 // choose the key combinaison to enable/disable the codes
823FDFFC FCFF0000 // put the same key combinaison than the above line
DA000000 023FDFFE
D4000000 00000001
D7000000 023FDFFE
D2000000 00000000
D3000000 04000130
F23FDFFC 00000002
D2000000 00000000


This code will actually set up a counter, at 0x023FDFFE, that will increase when the key combinaison goes from the not pressed to pressed state.
Now, to check if the 'switch' is on or off, just use this check before the codes you want to enable/disable with the 'switch':
923FDFFE FFFE0001 (this will make the codes disable by default)
or
923FDFFE FFFE0000 (this will make the codes enable by default)

Also, one could also use the counter at 023FDFFC for some other purposes (press L+R to cycle trought objects, players... However that would need some other codes/some asm hacks).

Now, if one need a C5-like code type :
DA000000 023FDFFA
D4000000 00000001
D7000000 023FDFFA

This sets up a 16-bits counter at 023FDFFA.
Then, instead of using the C5 code, use a 9 code type :
(just be aware that the mask/data is inverted in the C5 code type, and the mask of the 9 code type must be inverted (not(mask)):
923FDFFA FFF0000F
will be the same than
C5000000 000F000F

and

923FDFFA FFF00001
will be the same than
C5000000 0001000F


Last edited by kenobi on Thu Mar 22, 2007 10:07 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Mar 22, 2007 5:16 pm 
Offline
Kommunist
Kommunist
User avatar

Joined: Sun Oct 15, 2006 6:44 am
Posts: 92
Title: Everybody's bitch.
Hey Kenobi, I just wanted to say, I think this thread is very helpful.

_________________
"If you prick us, do we not BLEED? If you tickle us, do we not LAUGH? If you poison us, do we not DIE? And if you wrong us, shall we not REVENGE?"
~ William Shakespeare, The Merchant of Venice.
Thanks to Parasyte for introducing me to this. :D
Image


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 159 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6  Next

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 101 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group