gbadev.org forum archive

Step 1 ARM9: Device-specific code to reset "Menu" (BootFlash/FlashROM/OS) mode

Supercard CF(works), SD(works), miniSD(works), microSD(works) - Rumble versions are the same?

Code:

sysSetBusOwners(true, true);
*(vu16*)0x09FFFFFE = 0xA55A;
*(vu16*)0x09FFFFFE = 0xA55A;
*(vu16*)0x09FFFFFE = 0;
*(vu16*)0x09FFFFFE = 0;

M3CF(works), M3SD(works), M3miniSD(works), M3Lite(should work)

Code:

// Note that the M3 requires the ARM7 to jump to 0x80000C0 instead of 0x8000000. See below.

sysSetBusOwners(true, true);
u32 mode = 0x00400000;
vu16 tmp;
tmp = *(vu16*)(0x08E00002);
tmp = *(vu16*)(0x0800000E);
tmp = *(vu16*)(0x08801FFC);
tmp = *(vu16*)(0x0800104A);
tmp = *(vu16*)(0x08800612);
tmp = *(vu16*)(0x08000000);
tmp = *(vu16*)(0x08801B66);
tmp = *(vu16*)(0x08000000 + (mode << 1));
tmp = *(vu16*)(0x0800080E);
tmp = *(vu16*)(0x08000000);
tmp = *(vu16*)(0x09000000);

or..

sysSetBusOwners(true, true);
u32 mode = 0x00400004;
vu16 tmp;
tmp = *(vu16*)(0x08E00002);
tmp = *(vu16*)(0x0800000E);
tmp = *(vu16*)(0x08801FFC);
tmp = *(vu16*)(0x0800104A);
tmp = *(vu16*)(0x08800612);
tmp = *(vu16*)(0x08000000);
tmp = *(vu16*)(0x08801B66);
tmp = *(vu16*)(0x08000000 + (mode << 1));
tmp = *(vu16*)(0x0800080E);
tmp = *(vu16*)(0x08000000);

tmp = *(vu16*)(0x080001E4);
tmp = *(vu16*)(0x080001E4);
tmp = *(vu16*)(0x08000188);
tmp = *(vu16*)(0x08000188);

EZFlash III (not tested), EFA2 (not tested)

Code:

sysSetBusOwners(true, true);
*(u16 *)0x9FE0000 = 0xD200;
*(u16 *)0x8000000 = 0x1500;
*(u16 *)0x8020000 = 0xD200;
*(u16 *)0x8040000 = 0x1500;
*(u16 *)0x9880000 = 1 << 15; // "Menu" mode
*(u16 *)0x9FC0000 = 0x1500;

GBAMP with chishms hack(works)

Code:

No code needed. Already in "Menu" mode.

DS-Extreme (not tested)
Ninja DS (not tested)

Code:

????? Dunno!

G6L (by Puyo)

Code:

sysSetCartOwner(BUS_OWNER_ARM9);
u16 i = *(volatile u16*)0x09000000;
i = *(volatile u16*)0x09FFFFE0;
i = *(volatile u16*)0x09FFFFEC;
i = *(volatile u16*)0x09FFFFEC;
i = *(volatile u16*)0x09FFFFEC;
i = *(volatile u16*)0x09FFFFFC;
i = *(volatile u16*)0x09FFFFFC;
i = *(volatile u16*)0x09FFFFFC;
i = *(volatile u16*)0x09FFFF4A;
i = *(volatile u16*)0x09FFFF4A;
i = *(volatile u16*)0x09FFFF4A;
i = *(volatile u16*)(0x09200000 + (0));
i = *(volatile u16*)0x09FFFFF0;
i = *(volatile u16*)0x09FFFFE8;

Step 2 ARM9: When the device is in "Menu" mode, enter the famous "PassMe" loop

Code:

sysSetBusOwners(false, false);
*((vu32*)0x027FFFFC) = 0;
*((vu32*)0x027FFE04) = (u32)0xE59FF018;
*((vu32*)0x027FFE24) = (u32)0x027FFE04;
swiSoftReset();

Step 3 ARM7: Keep checking if ARM9 entered "PassMe" loop

Code:

while(1)
{
if(*((vu32*)0x027FFE24) == (u32)0x027FFE04)
{
*((vu32*)0x027FFE34) = (u32)0x08000000;
// For M3 devices, use: (u32)0x080000C0;
swiSoftReset();
}
swiWaitForVBlank();
}

edit:
I will add more device specific code, as I find them.

edit:
I changed the ARM7 jump to 0x08000000. It was first 0x080000C0, but some cards don't work on that one.

edit:
I added '*((vu32*)0x027FFFFC) = 0;' to ARM9. It's only necessary for GBAMP, but it's good to have it at that position.
Also, replaced the asm jumps with swiSoftReset().

Thanks WinterMute, pepsiman for this method.
Thanks Loopy for sharing the firmware decryption/decompression code.
- Lick
_________________
http://licklick.wordpress.com

Last edited by Lick on Fri Feb 23, 2007 1:49 pm; edited 32 times in total

Nice, always wanted a function like this.

Now we only need one for M3 :p.
_________________
http://www.mrsnowflake.be

It's simple, the theory is like this.

On the ARM9 side:

On the ARM7 side:

I'm working on a ready-to-use package!
- Lick
_________________
http://licklick.wordpress.com

--removed. See first post.
_________________
http://licklick.wordpress.com

Last edited by Lick on Fri Oct 27, 2006 3:56 pm; edited 3 times in total

Might I ask which EZ-Flash product specificly? All of them? 1 through 4?

Why are these values changed twice to the same value:

Code:

*(vu16*)0x09FFFFFE = 0xA55A;
*(vu16*)0x09FFFFFE = 0xA55A;
*(vu16*)0x09FFFFFE = 0; // Hey! Go back to Boot Flash mode aka "Menu" mode!
*(vu16*)0x09FFFFFE = 0;

Or is it just a typo?

BTW: if you don't have a M3 (CF in my case), I'll be happy to test.
_________________
http://www.mrsnowflake.be

It's part of an unlocking mechanism, most likely. Not a typo.

Might I ask which EZ-Flash product specificly? All of them? 1 through 4?
I tested on my ezflash iv lite and it works. But the code is for EFA2, so I suppose the architecture is pretty same on those devices. I need testers though. A lot of them.

BTW: if you don't have a M3 (CF in my case), I'll be happy to test.
Could you test for me? I don't own an M3 but I'm already working on a solution for that device.

Twice the same value, is it just a typo?
Nope, it's part of the talk-to-device procedure. Supercard requires writing 0xA55A twice to that location, then you can write the desired value (in this case: 0) twice.

- Lick
_________________
http://licklick.wordpress.com

Oh gee, I just found out that the EFA2 code doesn't apply to any EZ device. The fact that it worked on my ezflashIVlite was because it doesn't need any set-"Menu"-mode-code.

Anyway, I updated the first post to reflect what I've tested. I need M3 device testers right now!
_________________
http://licklick.wordpress.com

Quote:

EZFlash IV Deluxe(not tested), Lite(works)

Actually, there are the following EZ4 products:
- EZ-Flash 4
- EZ-Flash 4 Lite
- EZ-Flash 4 Lite: Deluxe (more room for GBA programs)
- EZ-Flash 4 Lite: Compact (no room for GBA programs)

I'm pretty sure all EZ-Flash 4 products have the same interface though.
EZ-Flash 2 and 3 are closely related to the EZ-Flash 4 (shown by users being able to execute patched games meant to run on EZ-Flash 4, on their EZ-Flash 2 and EZ-Flash 3), but would require testing.

Thanks for all your effort though. Showing us clearly how this all can be achieved is really appreciated.

Thanks for clearing up. I fixed it in the first post.

Are you interested in testing? What cards do you have? I'm looking for testers!

- Lick
_________________
http://licklick.wordpress.com

not working on supercard cf
_________________
http://www.myspace.com/knight0fdragonds

MK DS FC: Dragon 330772 075464
AC WW FC: Anthony SamsClub 1933-3433-9458
MPFH: Dragon 0215 4231 1206

Could you upload the source of your test app? I just want to make sure.
_________________
http://licklick.wordpress.com

I own an EZ-Flash 4 Lite, and an EZ-Flash 2.

ok it works with my supercard CF and my XGFlash2 Lite, turns out the ARM7 passme code is also needed
_________________
http://www.myspace.com/knight0fdragonds

MK DS FC: Dragon 330772 075464
AC WW FC: Anthony SamsClub 1933-3433-9458
MPFH: Dragon 0215 4231 1206

Knight0fDragon, with that last device (XGFlash Lite..), do you simply press R or do you touch the Save & Return button?
(I sent Knight0fDragon a test application)

- Lick
_________________
http://licklick.wordpress.com

R does not work for me ever, it is the save and reset button
_________________
http://www.myspace.com/knight0fdragonds

MK DS FC: Dragon 330772 075464
AC WW FC: Anthony SamsClub 1933-3433-9458
MPFH: Dragon 0215 4231 1206

knight0fdragon: does the XGFlash Lite show a -red- or -green- color, before going back to the bootmenu?

Also, I have updated the first post many times now. It contains a lot more information, and with the updated code, GBAMP is supported! Yay!
_________________
http://licklick.wordpress.com

Muahuahuhaha!! I have added M3 support! Thanks Whacko (irc) for testing on M3CF and M3SD.
_________________
http://licklick.wordpress.com

Good job. :)

Yeah nice work. I can confirm that it boots M3CF.
_________________
GTAMP.com/DS

Last edited by Sektor on Wed Nov 01, 2006 1:54 pm; edited 5 times in total

Great job, Lick! I can confirm it works on M3 miniSD. Once you release the template code, I'll include reboot in my apps.

Thanks everyone! Really need to thank the testers as well!

And yes 0xt0b, that reminds me..
Which of the following distributions would you guys prefer?
- Add to libfat. This will need WinterMute and chishm to allow and help me to do.
- Build as a new library. For example "libreboot.a" or "libreset.a".
- Simply clean up the code and release a .h and a .c/cpp file.

Thanks,
- Lick
_________________
http://licklick.wordpress.com

Erm, I would say option 2 or option 3. I can't see any logic in adding the code to libfat...

I would personally prefer to be in the form of a library, but that's just me...

I imagine the code is simple enough, overall, for it come in the form of a header and so forth...
_________________
"My boot, your face..." - Attributed to OOPMan, Emperor of Eroticon VI

You can find my NDS homebrew projects here...

A simple question, how to detect what type of flash card the program is running on?

sectionboy wrote:

A simple question, how to detect what type of flash card the program is running on?

Use libfat of DevKitPro r19b. Read 'ndsx_gbaslot.h' in the LoveLite sourcecode and you'll find the hack that josath aka davr provided to me.

OOPMan: I'm thinking of option 2 and 3 also. I prefer building it to a lib .
_________________
http://licklick.wordpress.com

Thanks alot!

Hey, great work and all that. This will really help if I ever get around to coding that idea I have...

Anyways. How about for GBA mode? Here's a program that makes a EZ4 (it works on my EZ3 too) reset from NDS to GBA mode...

http://www.sosuke.com/ezflash/viewtopic.php?t=2599

(it's not the first piece of code, it's the ones later posted by cory1492 that work)

Great job! Finally homebrew can use the soft reset function!
Since this depends on libfat, would option one be the easiest option?

chuckstudios: I don't think it will be hard to implement, though I also don't think that this feature fits into the subjects category. I would rather see it in libnds.

felix123: Yup, I hope many developers will use it. This way it will make the DS feel more PDA than handheld, right? I'm not sure if my code will ever get into DevKitPro. WinterMute and chishm haven't replied here so hmm.. I think a library release will be the final choice, then.

- Lick
_________________
http://licklick.wordpress.com

Lick wrote:

sectionboy wrote:

A simple question, how to detect what type of flash card the program is running on?

Use libfat of DevKitPro r19b.

And lose directory reading.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.

tepples wrote:

Lick wrote:

sectionboy wrote:

A simple question, how to detect what type of flash card the program is running on?

Use libfat of DevKitPro r19b.

And lose directory reading.

Quote:

A simple question, how to detect what type of flash card the program is running on?

I had only answered his "simple" question. ;P
_________________
http://licklick.wordpress.com

This isn't really within the scope of libfat. libfat is designed for reading and writing FAT formatted media, nothing else. I think the best option would be to release it as a single .h/.c(pp) file combination if it is small enough, or as a library if the source is too complicated to keep in one file or gets updated often.
_________________
http://chishm.drunkencoders.com
http://dldi.drunkencoders.com

Hi. I just wanted to share this code for rebooting G6L to main menu.
Rebooting ARM9:

Code:

/* Select MENU mode */

sysSetCartOwner(BUS_OWNER_ARM9);
SelectOperation(0);

sysSetCartOwner(BUS_OWNER_ARM7);
*((vu32*)0x027FFE04) = (u32)0xE59FF018;
*((vu32*)0x027FFE24) = (u32)0x027FFE04;
swiSoftReset();

/* End */

void SelectOperation(u16 op)
{
u16 i;

i = *(volatile u16*)0x09000000;
i = *(volatile u16*)0x09FFFFE0;

i = *(volatile u16*)0x09FFFFEC;
i = *(volatile u16*)0x09FFFFEC;
i = *(volatile u16*)0x09FFFFEC;

i = *(volatile u16*)0x09FFFFFC;
i = *(volatile u16*)0x09FFFFFC;
i = *(volatile u16*)0x09FFFFFC;

i = *(volatile u16*)0x09FFFF4A;
i = *(volatile u16*)0x09FFFF4A;
i = *(volatile u16*)0x09FFFF4A;

i = *(volatile u16*)(0x09200000 + (op<<1));
i = *(volatile u16*)0x09FFFFF0;
i = *(volatile u16*)0x09FFFFE8;
}

Rebooting ARM7:

Code:

// Standart stuff
while (1)
{
   if(*((vu32*)0x027FFE24) == (u32)0x027FFE04)
   {
   *((vu32*)0x027FFE34) = (u32)0x080000C0;
   swiSoftReset();
   }
   swiWaitForVBlank();
}

And Lick, could you please add this to your library.

Hm, it'd be nice if the cart-reset functions were somehow integrated into libFAT, so they could be part of DLDI patches and have working autodetect.
_________________
I'm a PSP hacker now, but I still <3 DS.

Nice find Puyo!

HyperHacker: I don't think that will ever happen, as it's darn hard to write good enough code that's worthy of getting included into libfat or libnds.
_________________
http://licklick.wordpress.com

HyperHacker wrote:

Hm, it'd be nice if the cart-reset functions were somehow integrated into libFAT, so they could be part of DLDI patches and have working autodetect.

I've said it before -- direct cart reset functions are out of scope of libfat. However, there is a way to do it, which complements the existing functions. Add the code to put the cart into menu mode to the shutdown function of the cart's DLDI. When the card is unmounted, it will be shutdown and placed into menu mode. Then you can call a common reset routine which just resets the DS.
_________________
http://chishm.drunkencoders.com
http://dldi.drunkencoders.com

Sometimes you want to unmount and not reset, though. For example my GBA boot menu has the option to unmount at will so that you can do so for slot 2 cards before switching to a GBA cartridge. Unless you just meant unmounting would prepare the card to be reset?
_________________
I'm a PSP hacker now, but I still <3 DS.

HyperHacker wrote:

Unless you just meant unmounting would prepare the card to be reset?

Yes, that's what I said. The card itself is merely placed in the same mode it is in when the DS is first turned on. The DS is reset by a different function, not the shutdown function.
_________________
http://chishm.drunkencoders.com
http://dldi.drunkencoders.com

Well that makes sense. Now we just need to go update all the DLDIs to do this... :-/
_________________
I'm a PSP hacker now, but I still <3 DS.

And not all DLDIs come with source code. Blegh!

But yeah, I think the future for libcartreset will be:
1) custom builds of DLDI with reset. These could become official DLDIs, not necessary.
2) new simplified API that only does PassMe loop.
_________________
http://licklick.wordpress.com

I was recently pondering the idea of a GBA cart library that would tell you just what is inserted (e.g. GBAMP, Mario Kart Super Circuit, Nintendo Rumble Pak etc) and might provide functions to interface with them in various ways outside of what libFAT does (rumble control, EEPROM read/write, reset etc). Since you need to detect the cartridge type to use libCartReset anyway, it seems like they'd go well together. Obviously there aren't going to be DLDIs for rumble paks and GBA games, because there's no filesystem on them, so we can't really use that method.
_________________
I'm a PSP hacker now, but I still <3 DS.

HyperHacker wrote:

Obviously there aren't going to be DLDIs for rumble paks and GBA games, because there's no filesystem on them

Is it that there is no file system in a GBA game, or is it that there is no MS-FAT file system in a GBA game? The Jaleco NES compilation is thought to use the PocketNES file system (48-byte header, ROM data, 48-byte header, ROM data, etc). I wonder if any commercial game uses a variant of GBFS.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.

Well if Chishm wants to add support to libFAT for commercial games' filesystems, then by all means... not really a necessary feature, I'd say.
_________________
I'm a PSP hacker now, but I still <3 DS.

gbadev.org forum archive

DS development > Code: Reset to Supercard, ezflashIV, GBAMP, M3 (NEW)

#107109 - Lick - Thu Oct 26, 2006 6:40 pm

#107119 - Mr Snowflake - Thu Oct 26, 2006 8:35 pm

#107122 - Lick - Thu Oct 26, 2006 9:16 pm

#107135 - Lick - Fri Oct 27, 2006 12:29 am

#107164 - Dark Knight ez - Fri Oct 27, 2006 9:25 am

#107171 - Mr Snowflake - Fri Oct 27, 2006 11:02 am

#107172 - Dark Knight ez - Fri Oct 27, 2006 11:04 am

#107178 - Lick - Fri Oct 27, 2006 12:50 pm

#107196 - Lick - Fri Oct 27, 2006 3:58 pm

#107200 - Dark Knight ez - Fri Oct 27, 2006 4:25 pm

#107201 - Lick - Fri Oct 27, 2006 4:31 pm

#107205 - knight0fdragon - Fri Oct 27, 2006 4:47 pm

#107207 - Lick - Fri Oct 27, 2006 5:06 pm

#107211 - Dark Knight ez - Fri Oct 27, 2006 6:02 pm

#107213 - knight0fdragon - Fri Oct 27, 2006 6:10 pm

#107238 - Lick - Fri Oct 27, 2006 10:36 pm

#107260 - knight0fdragon - Sat Oct 28, 2006 2:46 am

#107345 - Lick - Sat Oct 28, 2006 8:41 pm

#107651 - Lick - Tue Oct 31, 2006 9:36 pm

#107664 - Dark Knight ez - Wed Nov 01, 2006 12:08 am

#107706 - Sektor - Wed Nov 01, 2006 10:51 am

#107714 - 0xtob - Wed Nov 01, 2006 1:02 pm

#107726 - Lick - Wed Nov 01, 2006 4:27 pm

#107729 - OOPMan - Wed Nov 01, 2006 4:53 pm

#107741 - sectionboy - Wed Nov 01, 2006 6:28 pm

#107748 - Lick - Wed Nov 01, 2006 6:56 pm

#107759 - sectionboy - Wed Nov 01, 2006 8:22 pm

#107792 - chuckstudios - Thu Nov 02, 2006 12:49 am

#107801 - felix123 - Thu Nov 02, 2006 4:30 am

#107844 - Lick - Thu Nov 02, 2006 4:18 pm

#107859 - tepples - Thu Nov 02, 2006 5:18 pm

#107861 - Lick - Thu Nov 02, 2006 5:27 pm

#107913 - chishm - Fri Nov 03, 2006 2:13 am

#119433 - Puyo - Thu Feb 22, 2007 11:17 pm

#119473 - HyperHacker - Fri Feb 23, 2007 10:15 am

#119484 - Lick - Fri Feb 23, 2007 1:51 pm

#119557 - chishm - Sat Feb 24, 2007 9:16 am

#119562 - HyperHacker - Sat Feb 24, 2007 9:54 am

#119574 - chishm - Sat Feb 24, 2007 12:39 pm

#119643 - HyperHacker - Sun Feb 25, 2007 12:07 am

#119769 - Lick - Mon Feb 26, 2007 12:47 am

#119870 - HyperHacker - Mon Feb 26, 2007 11:33 pm

#119878 - tepples - Tue Feb 27, 2007 12:46 am

#119890 - HyperHacker - Tue Feb 27, 2007 5:46 am