#158873 - 11X_daemon_X11 - Fri Jun 20, 2008 12:05 am
Alright, like It says, is that possible? I used to use rudolphs GBA save Backup tool to get the save off of it and hack it through that, but it seems like rudolphs seems to now be corrupting the save files I extract instead (although, this might just be DSO 3.1's handy work as the past.. eh.. 5 programs I've put on my SD card have become corrupt by it, so I've started using DS Dos to auto patch). So what I was wondering if it was possible to make the slot 1 device put codes into the slot 2 processor/into the ram (which ever one gets the codes), and then boots the slot 2 device (as I know there are many programs that actually launch the slot 2 games from it) is that actually possible to do? and if it is, how long would it take for me to learn how to code (if its not already out there)?
_________________
IRC (please join :D):
http://evilnetirc.ath.cx/
#158880 - chuckstudios - Fri Jun 20, 2008 4:40 am
Sorry, not possible. The BIOS clears all RAM before jumping to GBA mode. This is the same reason why we can't run multiboot programs with just a Slot 1 card.
#158893 - Lazy1 - Fri Jun 20, 2008 11:10 am
Just curios...
How does the BIOS jump to GBA mode?
Is there a way to do this using our own code except not clear RAM?
#158908 - Cydrak - Fri Jun 20, 2008 3:42 pm
Basically,
| Code: |
/* won't return */
void switchToGBAMode() { HALT_CR = 0x40; } |
That's the same register used for sleeping, so it triggers lots of hardware magic.
The main trouble though, is that this boots into the GBA BIOS, complete with logo. And, like any ordinary GBA, it boots out of slot-2, not RAM--nevermind if it was cleared or not. (Though it will attempt/fail to multiboot, try it!)
#158910 - 11X_daemon_X11 - Fri Jun 20, 2008 7:03 pm
Well that sucks... I've never had much lucky with GBA cheat devices... I used to have a gameshark for it that I used with my GBM, but that got fried when I tried to use it with my friends DS... stupid ds's (Now I have my own DS, of coarse, but no cheat devices :'()
But wouldn't there be a way to boot a game like you boot slot 2 devices, by using a passme like thing that would convince the DS that its still/was always in slot 1 function, thus leaving everything that was in there, in there?
_________________
IRC (please join :D):
http://evilnetirc.ath.cx/
#158917 - Cydrak - Fri Jun 20, 2008 9:42 pm
| Quote: |
| But wouldn't there be a way to boot a game like you boot slot 2 devices, by using a passme like thing that would convince the DS that its still/was always in slot 1 function, thus leaving everything that was in there, in there? |
Well, you could stay in DS mode, but GBA games aren't going to work then. Otherwise, you're stuck rebooting into GBA mode where you have a clean slate, and the game runs as normal. The switch is completely automatic, so there's not really an "in between"--at least none I've ever heard of.
#158920 - 11X_daemon_X11 - Sat Jun 21, 2008 12:55 am
hmm... what about if you forced it to put whats need to be hacked of the GBA into the ram, then allowed you to do what you pleased with it using a built in hex editor, then putting it back into the cart itself (ofcoarse, that would only work for the save files that can be saved as .sav's)? Would that be possible? lol (i'm guessing so, because isn't that kinda what the GBA backup tool does?)
_________________
IRC (please join :D):
http://evilnetirc.ath.cx/
#159075 - HyperHacker - Wed Jun 25, 2008 3:31 am
Yes, if you have a writable slot-2 card (RAM or flash), you can write whatever you want there, then reboot in GBA mode to run it. You can't do this with a commercial game cartridge though, since they're ROM.
_________________
I'm a PSP hacker now, but I still <3 DS.
#159128 - 11X_daemon_X11 - Wed Jun 25, 2008 10:00 pm
What about the save part of the commercial cart? aren't they most the time flash (such as in games like FFTA)? And, even thouh it would be hard to do, couldn't you somehow rewrite it? like.. .even though its probably almost impossible to do, it should be able to be done because no member is entirely permenant if you think about it.
_________________
IRC (please join :D):
http://evilnetirc.ath.cx/
#159131 - tepples - Wed Jun 25, 2008 10:37 pm
| 11X_daemon_X11 wrote: |
| What about the save part of the commercial cart? aren't they most the time flash (such as in games like FFTA)? And, even thouh it would be hard to do, couldn't you somehow rewrite it? |
Yes, you can rewrite the flash from homebrew code. But that doesn't work on games without save, nor does it let you cheat at aspects of the game that the save doesn't cover. Even on games with save, good luck figuring out how to change parts of the save without triggering the code that erases damaged saves.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#159239 - 11X_daemon_X11 - Fri Jun 27, 2008 11:03 pm
Yeah I notice what you mean... I've been dumping the saves of FFTA (in attempt to change stats), and using hexedit on dslinux to edit, all I get is first slot deletion because it thinks that I've corrupted the save. (FFTA is the only game that I know of that has the save easily accessed that shows all of the values quite easily) I was kinda thinking about this.. would it be possible, as the GBA runs from the arm 7, to do some trickery with the arm 7, and not necissarally booting a gba game, but just putting its info into the processor, then, from there, using the arm 9 to run another program to exam said inserted information? or would that just end up working as the gba instantly booting up and taking over everything?
_________________
IRC (please join :D):
http://evilnetirc.ath.cx/
#159250 - tepples - Sat Jun 28, 2008 2:57 am
There's probably a checksum algorithm, and it could be reverse engineered *somehow*.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#159254 - sgeos - Sat Jun 28, 2008 3:49 am
| 11X_daemon_X11 wrote: |
| would it be possible, as the GBA runs from the arm 7, to do some trickery with the arm 7, and not necissarally booting a gba game, but just putting its info into the processor, then, from there, using the arm 9 to run another program to exam said inserted information? or would that just end up working as the gba instantly booting up and taking over everything? |
You would be better off writing analysis software that runs on the PC.
| tepples wrote: |
| There's probably a checksum algorithm, and it could be reverse engineered *somehow*. |
Most people are quite afraid of encryption/checksums. I suspect it is either a textbook solution with default values (like the ADOM save files) or a custom checksum that is ultimately weak cryptographically speaking. The goal is to prevent corruption, so I doubt the code does anything wildly tricky. Furthermore, the code that checks for corruption and the code that writes a valid checksum are undoubtedly different, so all you need is some sort of code that forces the corruption check to pass. At that point you should be able to resave and have a valid checksum (no guarantees; you might need to change something to force recalculation of the checksums). I do not think this would be a hard problem to solve given a large enough pool of valid checksums, and a lot of time.
-Brendan
#159346 - 11X_daemon_X11 - Sun Jun 29, 2008 5:02 pm
So for the checksum thing, what exactly is that? Does it like compare values of the save with another value that was saved somewhere else in the .sav file to make sure there are no corruptions or modifications? Like I said, though, are they stored in the binary of the .sav? Could I use a hex editing program to find them and modify them if they are? (I'm not to good with the whole programming stuffs. only reason I know where to modify these saves is from N64 Gameshark hacking on the game Ogre Battle 64)
_________________
IRC (please join :D):
http://evilnetirc.ath.cx/
#159348 - tepples - Sun Jun 29, 2008 6:03 pm
| 11X_daemon_X11 wrote: |
| So for the checksum thing, what exactly is that? |
Start with these Wikipedia articles: Error detection and correction, Checksum, Cyclic redundancy check
| Quote: |
| Does it like compare values of the save with another value that was saved somewhere else in the .sav file to make sure there are no corruptions or modifications? |
Yes, and it calculates that value using some mathematical function.
| Quote: |
| Could I use a hex editing program to find them and modify them if they are? |
If you know how they are computed, then yes. But it can prove difficult to discern how they are computed without dumping and disassembling the game, the discussion of which is discouraged on the domain gbadev.org.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#159365 - sgeos - Sun Jun 29, 2008 8:48 pm
| tepples wrote: |
| If you know how they are computed, then yes. But it can prove difficult to discern how they are computed without dumping and disassembling the game, the discussion of which is discouraged on the domain gbadev.org. |
With enough valid data, checksum pairs you should be able to derive the formula used. You end up with a different formula that give the same results. The trick is that you need data points that vary only slightly so that you can see how the checksum changes. If you have a crypto background (industry pro, studied it, hobby) then the task should be relatively trivial, although it will be time consuming if you are collecting your own data points. If you have a CS background, you can refer to documentation and the project will be even more time consuming. If you have neither, you still might be able to pull it off, but it will require even more time. You'll probably need some technical data about the game, like the hex codes for items, etc.
My advice, go find some gameshark codes and/or technical information on the game. Someone must have performed a technical analysis of this game by now. This will be a lot easier and a lot less time consuming. Unless, of course, you find the notion of doing things all on your own intriguing. For what it's worth, there is good chance tepples is right and they are using basic CRC or something of that nature.
| 11X_daemon_X11 wrote: |
| Could I use a hex editing program to find them and modify them if they are? |
Yes, but if you are looking casually edit characters / game data, that is not going to happen with a hex editor. You are basically looking at creating an application that loads the save game data, allows you to modify the data, and then corrects the checksum. (I've seen some of these for various games.)
The alternative is, you make a calculator program (or maybe setup a spreadsheet) and manually enter data, get the checksum and then update it. When games protect save game data, it prevents casually changing things. Somebody needs to put a lot of work in to make it easy for everyone, and often that does not happen. Even if it does, it usually does not not happen right away.
Also, the save game data may be shadowed. Ie, there are two copies of save file on the cart. This way, if one fails the game can load the other. If save game shadowing is going on I suspect you need to update both copies of the data, but that would depend on the game. There may be other special data protection features.
-Brendan
#159388 - 11X_daemon_X11 - Mon Jun 30, 2008 2:19 am
I know the EXACT location of items in the .sav file as they are set up exactly the same as OB64 (which as I stated earlier, I made hacks for with GS). The item values are set up as following: xxxx zzzz xxxx zzzz (or roughly as such. xxxx being the item number, zzzz being the current number of the items, or in reverse, I'm not good at memory of set up because I don't have the data hanging in front of me). So in order to find the checksum, I would first dump the data (not even gonna ask how :p I know what happens to people that ask questions...), then could I just look at the hex and find it? And, wouldn't it be somewhere near either the section of hex that writes the save, or would it be with the reading of the save file? (I just have to say, normally I would dump the save and the rom and use visual boy advance to use the gameshark feature, and delete the rom after I have completed, but first off, I wantto stop doing the illegal process of running the rom, and I want to be able to modify the saves anywhere at any time)
_________________
IRC (please join :D):
http://evilnetirc.ath.cx/
#159402 - sgeos - Mon Jun 30, 2008 8:49 am
Basically it is a dull process of changing values one by one (by increments of one) and looking at checksums until you can figure out the pattern. I'd use google and gamefaqs to find as much info as you can before you start down this long and dreary road. I'd also read the articles present and possibly look for your own.
Keep in mind once you can edit items and correct the checksum, you may not be able to edit stats, etc. It all depends on how they combine the data. Some area may not be included in the checksum.
My real personal opinion... FFTA is not very hard. Just make some assassins, maybe put white magic on them and win, but it's your time, not mine. (Ninjas with double attack can also clean up the field fast.)
Good luck!
-Brendan
#159436 - 11X_daemon_X11 - Mon Jun 30, 2008 10:13 pm
I know the game isn't hard, I've got about 50 to 60 missions left to complete, but I want to have all items :p
_________________
IRC (please join :D):
http://evilnetirc.ath.cx/