Homebrew Injecting roms into VC? With only the web browser? Sure.

TUWieZ

TUWieZ

Well-Known Member
Newcomer
Level 4
Joined
Apr 17, 2014
Messages
83
Trophies
0
Age
28
XP
390
Country
United States
duke_srg said:
I believe I'll manage to make a bookmark-based ROM selection way much sooner than any ROP/ARM11 based GUI will be made ;)
Click to expand...


True, I was just making a suggestion though lol. I can't lie I'm no programmer of any sort and I don't know the limitations here, but a file list of a specified sd directory doesn't seem impossible if this tool can load a .gbc from sd with a specified name. And the progress in just the past 3 days by kazo and shutterbug has been phenomenal. I don't doubt their ability :D

Anyway like I said I'm no programmer so its time to embarrass myself and share what I believe I was referring to earlier
https://github.com/Drenn1/GameYob/blob/master/platform/common/filechooser.cpp
I know, its probably a lot more complex than stealing some code from drenn's source :cry:
 
duke_srg

duke_srg

Well-Known Member
Member
Level 6
Joined
Mar 1, 2011
Messages
1,862
Trophies
0
Age
44
Location
Moscow
XP
807
Country
Serbia, Republic of
Just realized KazoWAR's version also works with GB console! Though still have issues with over 32kb, i.e. banked roms, in Kid Icarus VC
Managed to make stable one rom selection with URL parameter, follow there for usage details http://gbatemp.net/threads/release-custom-rop-loader-html.379531/
Now, the idea of rom selection:
- VC.dat is based on LoadCode with added additional write of a rom filename (which is substituted from URL parameter while loaded in 3DS browser) to a VC.rom file
- VC.bin is the same KazoWAR's code.bin with added rom filename read from file VC.rom

Can't solve the rom filelength issue, i.e. adding more zero pading after FileNameRom allows to set longer filename, it is written to VC.rom, but in this case ROM is just not loaded.

Code: 
	.arm
	.text

#define SELF_LOC 	0x08B88400
#define BUFFER_LOC 0x18410000
#define CODE_SIZE 0x00004000
#define CODE_TARGET 0x19592000
#define CODE_JUMP 0x009D2000

	.global	_start
@---------------------------------------------------------------------------------
_start:
	@ mount SD
		.word 0x0010C2FC @ LDMFD   SP!, {R0,PC}
			.word 0x001050B3 @ R0 = "dmc:"
		.word 0x0019CA34 @ FS_MOUNTSDMC(), then LDMFD   SP!, {R3-R5,PC}
			.word 0xDEADBEEF @ R3, dummy
			.word 0xDEADBEEF @ R4, dummy
			.word 0xDEADBEEF @ R5, dummy
	@ open file
		.word 0x001946EB @ POP     {R0-R4,R7,PC}
			.word 0x08F10000 @ R0 = this
			.word SELF_LOC+FileName @ R1 = filename
			.word 0x00000006 @ R2 = permission
			.word 0xDEADBEEF @ R3, dummy
			.word 0xDEADBEEF @ R4, dummy
			.word 0xDEADBEEF @ R7, dummy
		.word 0x0022FE0C @ IFile_Open(), then LDMFD   SP!, {R4-R7,PC}
			.word 0xDEADBEEF @ R4, dummy
			.word 0xDEADBEEF @ R5, dummy
			.word 0xDEADBEEF @ R6, dummy
			.word 0xDEADBEEF @ R7, dummy
		.fill	31, 4, 0x001057C4 @ POP {PC} / nop * 31
	@ read memory
		.word 0x001946EB @ POP     {R0-R4,R7,PC}
			.word 0x08F10000 @ R0 = this
			.word 0x08F10020 @ R1 = written
			.word SELF_LOC+FileNameRom @ R2 = buffer
			.word FileNameCode-FileNameRom @ R3 = size
			.word 0xDEADBEEF @ R4, dummy
			.word 0xDEADBEEF @ R7, dummy
		.word 0x00168768 @ IFile_Write, then LDMFD   SP!, {R4-R11,PC}
			.word 0xDEADBEEF @ R4, dummy
			.word 0xDEADBEEF @ R5, dummy
			.word 0xDEADBEEF @ R6, dummy
			.word 0xDEADBEEF @ R7, dummy
			.word SELF_LOC+_start+0x8C @ R8, dummy (InitData start)
			.word 0xDEADBEEF @ R9, dummy
			.word 0xDEADBEEF @ R10, dummy
			.word 0xDEADBEEF @ R11, dummy
	@ open file
		.word 0x001946EB @ POP     {R0-R4,R7,PC}
			.word 0x08F10000 @ R0 = this
			.word SELF_LOC+FileNameCode @ R1 = filename
			.word 0x00000001 @ R2 = permission
			.word 0xDEADBEEF @ R3, dummy
			.word 0xDEADBEEF @ R4, dummy
			.word 0xDEADBEEF @ R7, dummy
		.word 0x0022FE0C @ IFile_Open(), then LDMFD   SP!, {R4-R7,PC}
			.word 0xDEADBEEF @ R4, dummy
			.word SELF_LOC+_start @ R5, dummy
			.word 0x001057C4 @ R6, dummy
			.word 0x001057C4 @ R7, dummy
		.word 0x001057C4 @ POP {PC}
	@ read payload
		.word 0x001946EB @ POP     {R0-R4,R7,PC}
			.word 0x08F10000 @ R0 = this
			.word 0x08F10020 @ R1 = total_read
			.word BUFFER_LOC @ R2 = buffer
			.word CODE_SIZE @ R3 = size
			.word 0xDEADBEEF @ R4, dummy
			.word 0xDEADBEEF @ R7, dummy
		.word 0x001686E0 @ IFile_Read, then LDMFD   SP!, {R4-R9,PC}
			.word 0x0010C2FC @ R4, dummy
			.word SELF_LOC+_start+0x218 @ R5, dummy
			.word 0xDEADBEEF @ R6, dummy
			.word 0xDEADBEEF @ R7, dummy
			.word 0x001057C4 @ R8, dummy
			.word 0xDEADBEEF @ R9, dummy
	@ flush data cache
		.word 0x0010b5b4 @ pop {r0, r1, r2, r3, r4, pc}
			.word 0x003DA72C @ r0 (handle ptr)
			.word 0xFFFF8001 @ r1 (kprocess handle)
			.word BUFFER_LOC  @ r2 (address)
			.word CODE_SIZE @ r3 (size)
			.word 0xDEADC0DE @ r4 (garbage)
		.word 0x0013035C @ pop {lr, pc}
			.word 0x001057c4 @ lr (pop {pc})
		.word 0x0012c1e0 @ GSPGPU_FlushDataCache
	@ send GX command
		.word 0x0010c2fc @ pop {r0, pc}
			.word 0x3D7C40+0x58 @ r0 (nn__gxlow__CTR__detail__GetInterruptReceiver)
		.word 0x00228af4 @ pop {r1, pc}
			.word SELF_LOC+gxCommand @ r1 (cmd addr)
		.word 0x0013035C @ pop {lr, pc}
			.word 0x001057c4 @ lr (pop {pc})
		.word 0x0012BF04 @ nn__gxlow__CTR__CmdReqQueueTx__TryEnqueue
	@ sleep for a bit
		.word 0x0010c2fc @ pop {r0, pc}
			.word 0x3B9ACA00 @ r0 (one second)
		.word 0x00228af4 @ pop {r1, pc}
			.word 0x00000000 @ r1 (nothing)
		.word 0x0013035C @ pop {lr, pc}
			.word 0x001057c4 @ lr (pop {pc})
		.word 0x001041f8 @ svc 0xa | bx lr
	@ jump to code
		.word CODE_JUMP
	.fill	10, 4, 0
Self:
	.word SELF_LOC+Self, 0x001057C4
gxCommand:
	.word 0x00000004 @ command header (SetTextureCopy)
	.word BUFFER_LOC @ source address
	.word CODE_TARGET @ destination address
	.word CODE_SIZE @ size
	.word 0xFFFFFFFF @ dim in
	.word 0xFFFFFFFF @ dim out
	.word 0x00000008 @ flags
	.word 0x00130344 @ unused Self 3
.align	2
FileNameRom:
	.string16 "dmc:/rom.bin\0"
.align	2
FileNameCode:
	.string16 "dmc:/VC.bin"
.align	2
FileName:
	.string16 "dmc:/VC.rom"

was
Code: 
		IFile_Open(fin, L"dmc:/rom.gbc", FILE_R);
now
Code: 
		IFile_Open(fin, L"dmc:/VC.rom", FILE_R);
		fin->pos = 0x00;
		IFile_Read(fin, read_len, buf, 0x100);

		IFile_Open(fin, buf, FILE_R);
 
SinkyChan17

SinkyChan17

Well-Known Member
Newcomer
Level 2
Joined
Dec 18, 2014
Messages
88
Trophies
0
Age
33
Location
Montreal, Quebec
XP
153
Country
Canada
duke_srg Haha I've been waiting for this eheheheh >: )... Now that I can bother you again, I have a question for you. The updated VC.dat, it shows max file name WITH extension = 8, so does that confirm that "pkmnylw.gbc" is too long? Also, is it an updated version? 'cause even when I tried dkc.gbc (for Donkey Kong Country GBC ver), it still didn't work.

Let me know, I'm off to see a client today so I'll be pretty busy! Thanks in advance, friend-o. :).

EDIT:

Changed all the names of the games to 3 letters .gbc, they work!! Even Pokemon Silver worked for me. Thanks a lot, buddy!! I used 2 different URL's (bookmarks), and both games loaded fine. Thank you so much. :). This is awesome!!!
 
duke_srg

duke_srg

Well-Known Member
Member
Level 6
Joined
Mar 1, 2011
Messages
1,862
Trophies
0
Age
44
Location
Moscow
XP
807
Country
Serbia, Republic of
SinkyChan17 4 letter for name should work too. 8 letter total including a dot, like pkmn.gbc or pkmny.gb
I hope someone experienced in 3DS homebrew will fix the issue, because I don't see any limitation on ROP side
 
ZOOT

ZOOT

Well-Known Member
Member
Level 3
Joined
Mar 14, 2009
Messages
317
Trophies
0
Age
39
Location
Leerdam
XP
303
Country
Netherlands
AntnioMoura

AntnioMoura

Well-Known Member
Member
Level 2
Joined
Sep 14, 2012
Messages
102
Trophies
0
XP
115
Country
Sorry the double post but I was playing Wario Land 2 on my 3DS(Injected on Pokémon TGC) and it saves. So i reboot my console, execute the exploit...and my save game was there!
It's that possible?
 
duke_srg

duke_srg

Well-Known Member
Member
Level 6
Joined
Mar 1, 2011
Messages
1,862
Trophies
0
Age
44
Location
Moscow
XP
807
Country
Serbia, Republic of
AntnioMoura look my post above, there is a way to have several Roms and open by browser bookmarks. The save game persists in case it uses less save memory than the original VC ROM.
 
TUWieZ

TUWieZ

Well-Known Member
Newcomer
Level 4
Joined
Apr 17, 2014
Messages
83
Trophies
0
Age
28
XP
390
Country
United States
ZOOT said:
1. Put all the files in the zip on sd card

2. Open up a 3ds vc, but(important), mash the home button to return to Home menu ASAP.

3. Load website http://dukesrg.no-ip.org/3ds/rop/?LoadCode.dat on the 3ds.
(http://loadcode.projectpokemon.org/ for 9.3/9.4 users)
(NVM this. I messed up :P)

4. Return to vc, hit reset on bottom screen(also important!)

5. Done!
Click to expand...

Given that's the instruction from the original post, what did you name the rom? iirc at first it used rom.nes but if you're using kazo's it needs to be rom.gbc :P

Also clearing browser cache/history is important. Let us know what color the bottom screen changes to upon browser crash too
Red-Rom not found (Could be named incorrectly)
Yellow-Rom too big for VC
Green-Should be good
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Is it possible...?

Hacking Hardware  New Nintendo 3DS XL Louvre

Hardware  Why does my 3DS take so long to turn off?

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

What's the best 3DS emulator (especially after Citra's shutdown)?

Hacking Misc  VCRUNTIME140.dll UCRTBASED.dll Master Thread

Tutorial  How to fix 007-2001

General chit-chat
Help Users
  • No one is chatting at the moment.
    SylverReZ @ SylverReZ: https://www.youtube.com/watch?v=ZokeA2lKB6o