Kodewerx

I want to put ROM images of my games on my comp using the trinaer toolkit. So I made 0x08000000 through 0x0B000000 a file on my comp, its a NDS file. But DSemu and No$GBA won't run it, why?

You already posted this somewhere else...

_________________


I am a proud NDS hacker.

I don't know what you mean; I doubt he posted this elsewhere.

Besides, I would have posted this thread myself anyhow, because I was the one who tried dumping the ROM and suggesting that he try it, and I was also the one who suggested we seek help on this issue.

If he DID post this somewhere else, I didn't see it in the 911 forum, so posting here instead was a better idea. Wherever else he may have posted this would be in the wrong place.

_________________

I posted it in the no$gba thread, but since that wasn't specifically my issue. I made a thread.

Trainer Toolkit can be dumped, but it will do you no good without the AR ROM dump and a way to virtually eject and insert ROMs in the emulator. (Imagine the FDS support in NES emulators, where you have keys to eject, flip, and insert FDS disk images... Yeah, something like that. No, the piece of gay emulator does not support anything like it.)

_________________
I have to return some video tapes.

Feed me a stray cat.

I don't mean to actually dump the TT onto a emu. I mean using the TT to dump a game you really have onto a Emu.

NDS games cannot be dumped through Trainer Toolkit. At all. Ever.

_________________
I have to return some video tapes.

Feed me a stray cat.

Can you explain why? It doesn't make any sense to me. The ROM's there at 0x8000000 isn't it? I don't know what the header's supposed to look like, though. I didn't see any game ID stuff. I did see a bunch of ARM assembly, though.

Edit: I compared my dump with a working ROM in a hex editor...the one that works has a header that includes the game ID I was looking for.

Where do those headers come from?

Edit, again: I had a look at GBATEK; I thought 0x8000000 was the NDS ROM address in ARM 9 mode. Apparently that's still reserved for GBA ROM and the NDS ROM is unmapped.

This unmapped stuff confuses the crap out of me.

_________________

0x08000000 - 0x09FFFFFF is the GBA bus, with mirrors at 0x0A000000 - 0x0BFFFFFF.

The NDS bus is not directly mapped anywhere in main memory. It is instead accessed similar to a CD ROM drive, by sending a command to the card I/O registers, and then pumping the data read through another set of I/O registers.

And then you have the NDS software encryption to deal with, which is the Blowfish algorithm with a bit of additional permutation on top of that.

In other words, you will never be able to dump an NDS ROM image the same way you dump memory.

_________________
I have to return some video tapes.

Feed me a stray cat.

Yes, I researched that...it seems there are custom firmwares floating around that take control of those I/O ports and stream the ROM onto another media device.

That's all well and good except that method seems to require spending more money, which I can't afford to do anymore. :\

That said, I'll have to get an MP:H 1.0 (U) dump somehow because I don't know where to connect to the aim bot routine.

Would it be possible to use a RAM routine to do what those custom firmwares do, except instead of dumping to a media device, dump blocks to other segments of RAM? It would be really nice if I could simply stream the ROM into the RAM in pieces as big as I can afford and then piece them together.

I won't bother learning more about those I/O ports if that's not possible, though. :\

_________________

Having the ROM just for hacking is not going to help much. If you can't find what you are looking for in a RAM dump, you're not going to find it at all. The ONLY way the NDS can read an NDS card is by first dumping blocks (of 512 bytes each) to RAM. The "streaming" that you are hearing about is just an additional step on top of this basic functionality, which then copies from RAM to whatever media device is connected.

Of course, AR does have the capability to read and decrypt the NDS ROM images. But it's probably not very "hacker friendly" to hook into.

_________________
I have to return some video tapes.

Feed me a stray cat.

I need to see the execution in action if I want to make a hook; just viewing the ASM doesn't help.

How do I do that without an emulator?

If I had an (M) code to go by I'd use that, but MP:H doesn't need one.

I know the N64 usually hooked from 0x80000180; what's the generic hook for a DS game?

_________________