#38021 - Fleet-C - Sun Mar 20, 2005 3:56 pm
Hi, I just saw this new action replay, and as you can see by the pictures, it "might" access the ds hardware by the GBA port.
http://us.codejunkies.com/news_reviews.asp?c=US&cr=USD&cs=$&r=0&l=1&p=17&i=8649&s=8
#38022 - Riven.art - Sun Mar 20, 2005 4:02 pm
I was going to post this yesterday. I've seen a few news Items that say it does for diffinate and even the design shows it does.
The Ds cart plugs into the side of the ar which in turn goes in you GBA slot.
Whether It'll act as a pass me is one Question but I'll be happy if it uses a touchscreen keyboard for codes. Make it so much faster.
#38024 - tepples - Sun Mar 20, 2005 5:30 pm
Based on the review, the major feature of the new AR Duo is that it can copy and modify savegame data on the Nintendo DS Game Pak. If we can exploit a buffer overflow in a commercial DS game (as was done for 007: Agent Under Fire and MechAssault on the Xbox), we might be able to turn a commercial DS Game Pak into a self-contained passthrough.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#38045 - DrEggman - Mon Mar 21, 2005 1:38 am
this seems to be a save game modifyer for DS, nothing more really.
_________________
DigiPen Graduate
#38051 - darkfader - Mon Mar 21, 2005 2:40 am
| tepples wrote: |
| we might be able to turn a commercial DS Game Pak into a self-contained passthrough. |
Yeah, and pay money for an unwanted game just because it has some exploit for which you might need to wait a few minutes too ;P
It's for development anyways, so it doesn't need to be small.
#38082 - Mr DiZZLE - Mon Mar 21, 2005 9:39 pm
This product only boots in GBA mode and therefore doesn't use any of the DS hardware such as touchscreen. The DUO has 256KB of flash which is shared between Action Replay codes and DS game saves and of course the application code. You can either back up the currently inserted DS game save to the storage space on the DUO (The Vault) or along the USB cable to your PC.
#38084 - tepples - Mon Mar 21, 2005 10:00 pm
| darkfader wrote: |
| It's for development anyways, so it doesn't need to be small. |
Play-testing is an issue as well. For a game designed for a handheld system such as a Nintendo DS, I would want to test it in an area where handheld systems are likely to be used. Being small is an advantage for testing because it allows testing to be spontaneous. For instance, pretend that Darkain beat you to it and got a Ni-Fi multiboot master working before you got your passthrough working; if I wanted to start the DS and test a game that I or another forum member was working on, I'd have to pull out a laptop, start it, and then have the laptop start the DS.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#38089 - DiscoStew - Mon Mar 21, 2005 10:08 pm
| Mr DiZZLE wrote: |
| This product only boots in GBA mode and therefore doesn't use any of the DS hardware such as touchscreen |
How could it modify anything on the DS side if only the GBA mode is initialized? There is the other thread going on about this device here, with pictures showing off some touch-screen menus from the look of it.
Perhaps this is one of those devices that will show up as an "Option Pak"?
_________________
DS - It's all about DiscoStew
#38090 - ampz - Mon Mar 21, 2005 10:10 pm
| DiscoStew wrote: |
| Mr DiZZLE wrote: | | This product only boots in GBA mode and therefore doesn't use any of the DS hardware such as touchscreen |
How could it modify anything on the DS side if only the GBA mode is initialized? There is the other thread going on about this device here, with pictures showing off some touch-screen menus from the look of it.
Perhaps this is one of those devices that will show up as an "Option Pak"? |
Well, the DS card is not inserted into the DS, is it?
Sounds to me like the DS card is inserted into the AR.
#38099 - PhoenixSoft - Mon Mar 21, 2005 11:21 pm
Maybe a DS option pak is a GBA cartridge which is given special access to the DS hardware (eg the game card)?
#38104 - Mr DiZZLE - Mon Mar 21, 2005 11:50 pm
The DUO has the same method of connecting to the GBA/DS as the previous Action Replay. It has a slot on the unit for your DS game.
#38110 - willgonz - Tue Mar 22, 2005 1:00 am
Does anyone have any pictures of the device?
_________________
│?ig │
All of this is research. You are going to see theories come and go. Things you think can't be done, will be done. But because you are here, you'll be the first to know.
#38269 - Mike - Fri Mar 25, 2005 1:27 am
| tepples wrote: |
| Based on the review, the major feature of the new AR Duo is that it can copy and modify savegame data on the Nintendo DS Game Pak. If we can exploit a buffer overflow in a commercial DS game (as was done for 007: Agent Under Fire and MechAssault on the Xbox), we might be able to turn a commercial DS Game Pak into a self-contained passthrough. |
Better yet, we could run a piece of code that downloads our program over a WLAN and reads it into memory.
#38270 - PhoenixSoft - Fri Mar 25, 2005 1:39 am
| Mike wrote: |
| tepples wrote: | | Based on the review, the major feature of the new AR Duo is that it can copy and modify savegame data on the Nintendo DS Game Pak. If we can exploit a buffer overflow in a commercial DS game (as was done for 007: Agent Under Fire and MechAssault on the Xbox), we might be able to turn a commercial DS Game Pak into a self-contained passthrough. |
Better yet, we could run a piece of code that downloads our program over a WLAN and reads it into memory. |
But that would require knowledge of the DS' wireless chipset and how to get it communicating - information which, AFAIK, hasn't been found yet.
#38311 - Mike - Fri Mar 25, 2005 10:17 pm
| PhoenixSoft wrote: |
| Mike wrote: | | tepples wrote: | | Based on the review, the major feature of the new AR Duo is that it can copy and modify savegame data on the Nintendo DS Game Pak. If we can exploit a buffer overflow in a commercial DS game (as was done for 007: Agent Under Fire and MechAssault on the Xbox), we might be able to turn a commercial DS Game Pak into a self-contained passthrough. |
Better yet, we could run a piece of code that downloads our program over a WLAN and reads it into memory. |
But that would require knowledge of the DS' wireless chipset and how to get it communicating - information which, AFAIK, hasn't been found yet. |
It believe it's definitely possible to implement TCP/IP in software eventually, despite the fact that the DS doesn't support it natively. A good network coder should be able to pull it off easily, and write a small PC-side uploader app as well. But then again, like you said, it seems that we don't know how to access the WiFi features of the DS at all (except maybe for Darkain :p)
#38320 - TJ - Sat Mar 26, 2005 12:35 am
| Quote: |
| It believe it's definitely possible to implement TCP/IP in software eventually, despite the fact that the DS doesn't support it natively. |
Of course, it is going to need TCP/IP for online games.
#38382 - lambi1982 - Sat Mar 26, 2005 10:55 pm
The DS cart goes into the AR DUO into the GBA slot
[Images not permitted - Click here to view it]
_________________
Who, Me?
#38385 - Riven.art - Sat Mar 26, 2005 11:42 pm
I think what people are trying to say is that the DS acts as a self contained passme, seen as it boots a DS game from the gba slot.
#38387 - darkfader - Sun Mar 27, 2005 12:50 am
Forget about cheating with AR DUO !
I just got 150 stars on SM64 :)
| Code: |
FILE *fi = fopen("C:\\public\\SMDS.Save.Modifier.v1.0\\150.dss", "rb");
if (!fi) exit(1);
fseek(fi, 0x1F4, SEEK_SET);
for (unsigned int address=0; address<4096; address+=32)
{
// set WEL (Write Enable Latch)
reg_MI_MCCNT0 = REG_MI_MCCNT0_E_MASK | REG_MI_MCCNT0_SEL_MASK | REG_MI_MCCNT0_MODE_MASK;
reg_MI_MCD0 = 0x06;
reg_MI_MCCNT0 = REG_MI_MCCNT0_MODE_MASK;
// program 32 bytes
reg_MI_MCCNT0 = REG_MI_MCCNT0_E_MASK | REG_MI_MCCNT0_SEL_MASK | REG_MI_MCCNT0_MODE_MASK;
reg_MI_MCD0 = 0x02;
reg_MI_MCD0 = address >> 8;
reg_MI_MCD0 = address & 0xFF;
for (int i=0; i<32; i++) reg_MI_MCD0 = fgetc(fi);
reg_MI_MCCNT0 = REG_MI_MCCNT0_MODE_MASK;
// wait programming to finish
reg_MI_MCCNT0 = REG_MI_MCCNT0_E_MASK | REG_MI_MCCNT0_SEL_MASK | REG_MI_MCCNT0_MODE_MASK;
reg_MI_MCD0 = 0x05;
do { reg_MI_MCD0 = 0x00; } while (reg_MI_MCD0 & 0x01); // WIP (Write In Progress) ?
reg_MI_MCCNT0 = REG_MI_MCCNT0_MODE_MASK;
}
fclose(fi);
|
#38421 - Mr. Ploppy - Sun Mar 27, 2005 12:54 pm
No, the Duo can only modify a DS game's save file. It cannot be used to boot a DS game from the GBA slot, nor can it run "cheat codes" on a DS game. It is essentially useless for programming purposes, unless you wish to screw with a commercial game's the save data.
_________________
I'm just off to Hartleypool to buy some exploding trousers. Cluck, cluck, gibber, gibber, "my old man's a mushroom", et cetera.
#38423 - lambi1982 - Sun Mar 27, 2005 4:31 pm
Mr. Ploppy Have you tried it your self?
_________________
Who, Me?
#38435 - dankydoo - Sun Mar 27, 2005 8:41 pm
More interestingly, it may be able to be used to exploit a game save, i.e. a buffer overflow, to make a DS cart a self contained passme-like device, similar to the way that mech assault and 007 on the xblx are done....
dankydoo
#38439 - darkfader - Sun Mar 27, 2005 8:50 pm
and after that, rewrite the firmware to allow code to be run immediately :)
#38741 - TJBK_TJB - Thu Mar 31, 2005 3:58 am
After looking at the latest version of the page, it apparently claims to do both cheats and game saves.
| Quote: |
| Action Replay MAX DUO is already loaded with unauthorized cheats and Powersaves |
Well, actually, that was here.
#38747 - Mr. Ploppy - Thu Mar 31, 2005 9:25 am
Aye. It can do cheats and saves on GBA games no problem. But as far as the DS is concerned, it's save swapping only. Don't get me wrong, I'm all for backing up DS saves and trading them over the net, but I wouldn't hold my breath as far as it's passthrough potential is concerned.
_________________
I'm just off to Hartleypool to buy some exploding trousers. Cluck, cluck, gibber, gibber, "my old man's a mushroom", et cetera.
#38748 - Boeboe - Thu Mar 31, 2005 9:40 am
| Mr. Ploppy wrote: |
| Aye. It can do cheats and saves on GBA games no problem. But as far as the DS is concerned, it's save swapping only. Don't get me wrong, I'm all for backing up DS saves and trading them over the net, but I wouldn't hold my breath as far as it's passthrough potential is concerned. |
if you can do save swapping, it shouldnt be difficult to hex the files on your pc and then swap it back onto your action replay. Cheating is possible, you only need a bit more work :p
#38750 - TJ - Thu Mar 31, 2005 10:22 am
| Quote: |
| if you can do save swapping, it shouldnt be difficult to hex the files on your pc and then swap it back onto your action replay. Cheating is possible, you only need a bit more work :p |
That is where the "Powersaves" come in. Same thing for the XBox. Datel just has saves with full everything up for download on their site.
Not what I would consider cheating in the classical sense though. You can never be invincible, for instance.
#38767 - Vince - Thu Mar 31, 2005 4:07 pm
| Quote: |
| Not what I would consider cheating in the classical sense though. You can never be invincible, for instance |
True. I truly miss the old Pro AR where you could look for your own codes (I own the Gamegear version). What fun it was to find hidden secrets/codes in each of your games! That really did lengthen the life of the games.
Just a thought,
Vince
_________________
Reclaim control of your F2A/F2AU with if2a !!
#38779 - tepples - Thu Mar 31, 2005 7:07 pm
| Vince wrote: |
| I truly miss the old Pro AR where you could look for your own codes (I own the Gamegear version). What fun it was to find hidden secrets/codes in each of your games! |
A lot of the newer emulators have cheat-finders. There's even a build of PocketNES with a cheat-finder.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#38795 - Mr DiZZLE - Thu Mar 31, 2005 9:26 pm
| Quote: |
Not what I would consider cheating in the classical sense though. You can never be invincible, for instance. |
Not strictly true. The XIII powersave on Xbox had God Mode enabled on a button push.
There is already a save modifier for Super Mario DS ( http://www.rarewitchproject.com/news.php?id=219 ), I dare say there will be more in the future.
#38854 - LunarCrisis - Fri Apr 01, 2005 3:16 pm
If you look at any of the screenshots at lik-sang (like this one: http://image.lik-sang.com/content/action_replay_duo/03_AR_DUO_console.jpg) in an image editor, you'll notice that each 'pixel' in the image is actually a 4x4 square, and when you shrink it to 25%, you get a 240x160 image. i.e. it is using the GBA's resolution. If it were truly booting in DS mode it would be using the full DS resolution. (not to mention the other screen)
_________________
If a tree falls in the forest and no one is there to hear it, why the heck do you care?
#38962 - Mr DiZZLE - Sat Apr 02, 2005 4:18 pm
It only boots in GBA mode. This was clarified in page 1 of this topic.
#38965 - lambi1982 - Sat Apr 02, 2005 4:34 pm
On the web site it has an update that says "In depth" and it says "Datel?s dynamic new Action Replay MAX DUO! Combining Action Replay for GBA and MAX Drive DS" and goes on to say it only allows you to read and write game saves of the DS, hence the name MAX DRIVE DS.
But they do go on to say that you will be able to download game saves with cheats enabled such as infinite ammo
_________________
Who, Me?
#39058 - Mr DiZZLE - Mon Apr 04, 2005 12:43 am
If the game has an infinite ammo flag in the save, then yes that will be possible.
#39062 - tepples - Mon Apr 04, 2005 2:12 am
If the savegame format has at least a 16-bit field for maximum ammo, then the savegame can be set up such that the game system will run out of battery power before the hero runs out of ammo.
[EDIT: forgot which forum I was on]
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
Last edited by tepples on Mon Apr 04, 2005 3:06 am; edited 1 time in total
#39063 - octopusfluff - Mon Apr 04, 2005 2:15 am
| Mr DiZZLE wrote: |
| If the game has an infinite ammo flag in the save, then yes that will be possible. |
Or if there's poor bounds checking in the code that can cause invalid values to break the logic, it is also possible.
Video game programmers don't always have the best sanity checking, and sometimes the optimizations can result in some interesting effects if 'impossible' data shows up (i.e. something the game itself will never generate)
![[Images not permitted - Click here to view it]](http://www.textamerica.com/user.images.x/32/IMG_421032//Thumb/_0326/TZ20032613473247.jpg){kind=link}