gbadev.org forum archive

This is a read-only mirror of the content originally found on forum.gbadev.org (now offline), salvaged from Wayback machine copies. A new forum can be found here.

DS development > Datel Toolkit for NDS

#118657 - Diddl - Thu Feb 15, 2007 8:30 am

Datel provide a new hardware maybe interesting for developers. It is a slot 2 hardware which allow to access whole memory while a slot 1 application is running.

The software has a dump feature with disassembly window. You can spy certain memory locations. You can trap on memory changes and patch every memory location after trap.

Maybe this will help for debugging code and for reverse engineering.

Source: click

#118683 - kusma - Thu Feb 15, 2007 3:08 pm

How on earth does this thing work? Can you interact with the program and view memory over the SLOT2? If so, why haven't we had anything like this before? ;)

#118685 - tepples - Thu Feb 15, 2007 3:31 pm

A reason we haven't had this before from the homebrew scene is that some people in the homebrew scene are vocally uninterested in the liability that they imagine comes from having even once read the disassembly of copyrighted, trade-secreted object code of an all-rights-reserved commercial game. They don't have the same kind of resources that, say, Phoenix Technologies used to maintain a clean room in order to make absolutely sure that the company's clone of IBM PC BIOS did not infringe IBM's copyright.

A reason we haven't had this before from the piracy scene is that warez release groups treat their debugging tools as a competitive advantage over other release groups.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.

#118687 - Doom5 - Thu Feb 15, 2007 3:39 pm

This device does look really neat.

#118706 - Diddl - Thu Feb 15, 2007 10:28 pm

Doom5 wrote:
This device does look really neat.


I will report soon ...

Datel wrote me, it's sell out in moment: "Unfortunately the trainer
toolkit is out of stock and will follow within the next few days"

#118710 - chishm - Thu Feb 15, 2007 11:39 pm

I'd say that the required Action Replay is used to add a hook to the program being trained. This hook would be a piece of code to allow memory dumping. The cartridge does not have access to internal DS memory independent of the CPU.

I'm interested in what debugging facilities, if any, that this has for homebrew.
_________________
http://chishm.drunkencoders.com
http://dldi.drunkencoders.com

#118721 - Lynx - Fri Feb 16, 2007 3:38 am

And, with pretty much everything Datel, you might be able to get one in a couple of months?
_________________
NDS Homebrew Roms & Reviews

#120707 - Diddl - Mon Mar 05, 2007 6:39 pm

today I got my Datel Toolkit for NDS.

you must have a Datel AR for DS also, I didn't know this. my luck I have one since month.

without a AR the slot 2 module does nothing. starting the NDS with both inserted (toolkit in slot 2 and AR in slot 1) windows want to install the new USB device.

from now on you can access NDS memory from PC (read and write). strange, datel let you see datel own code? on screen there doesn't appear the normal AR picture. on upper screen is a Logo, code counter and trainer status (on/off). lower screen shows "INSERT GAME CARD ..." and version numbers of 'Body: v0.08', 'HOOK: v0.04', 'Patcher: 0.03' and 'Code Engine: v1.21'.

it works in same manner on a flashed DS and on a original DS. AR program directly start after switching on DS (without flashme with healthy screen).

###

after inserting a cartridge into slot 1 it appears 4 lines of information. for example for a UFPEX 16G (DS Linker / MK5) it appears:
Code:
chipID: 00000F ...
game ID: DSGB-73FB ...
Game Name:
Unknown Game


for a Super Mario Bros appears:
Code:
chipID: 00001FC2
game ID: A2DP-C83D5913
Game Name:
Unknown version


own "Games n Music" card will not be recognized. Also no DS Link card. neither on the flashed NDS nor on the original.

original games are all ok and starts fine. DS Linker and M3 Simply also will be recognized as a game card.

you can dump any memory area as hex dump or assembly view. windows can be refreshed and you can choose auto refresh. it is possible to build a watch window to spy at specific locations in a specific view.

it is possible to make whole dumps and then compares with other (previous) dumps and detect changes (euqal, not equal, less, greater - all with specific value or with last dump). the result ist a list of memory occurences which is shown in a list of addresses with all values of all dumps.
each result can be easy choosen for a spy in a watch window. each result or entry in watch window can easily used as base for a poke (memory write) or a code for AR.

#120808 - HyperHacker - Tue Mar 06, 2007 5:41 am

Oh? So you can do read/write/execute breakpoints and everything? How much does this cost?

Also, I got an ARDS the other day and I hate its interface. Has anyone looked into how to read/write its flash ROM?
_________________
I'm a PSP hacker now, but I still <3 DS.

#120819 - Diddl - Tue Mar 06, 2007 8:35 am

HyperHacker wrote:
Oh? So you can do read/write/execute breakpoints and everything? How much does this cost?


no breakpoints! read/write works while game is running. on heavy transfers the game speed slows down while transfer is running.

but you can upload new action codes at runtime while game is running. it has his own little language with loops, compares, branches, write/read commands and offset register (pointer - for C programmer).

the costs are ?39.99 at codejunkies.

HyperHacker wrote:
Also, I got an ARDS the other day and I hate its interface. Has anyone looked into how to read/write its flash ROM?


the ARDS interface is changed completly. now you also can enter codes manually. you can get the update at codejunkies.

#120924 - caitsith2 - Wed Mar 07, 2007 9:42 am

HyperHacker wrote:
Oh? So you can do read/write/execute breakpoints and everything? How much does this cost?

Also, I got an ARDS the other day and I hate its interface. Has anyone looked into how to read/write its flash ROM?


Reverse engineer it. To get a firmware dump to reverse engineer, just retrieve it from C:\Program Files\Datel\Action Replay Code Manager\firmware.bin. Remove the first 8 bytes from it, then you can manipulate it like any other nds rom file.