DrPikachu, you cannot recode a retail game to do anything - there is a reason why we call the chips they are stored on ROM - Read Only Memory. The game has to already have an exploitable feature in it - you can't just put it in. Not to mention that games are encrypted - modifying any section with no way of re-encrypting would make the game unbootable. The only thing that can be modified is a save file, which unlike the ROM image can be overwritten. You then add specific data into the save file that is meant to crash the system in such a way that the data will go straight to the section of memory which is concerned with the binary - this data is the code you wish to execute. If you are lucky enough, you skip past the key comparison stage and boot the code and the CPU doesn't know any better unless there is a hypervisor in place. This has nothing to do with ROM hacking at all - ROM hacking can only be performed on dumped ROM images or via live patching of data within memory while the system runs - you cannot overwrite a ROM on a cartridge.
Damn man, you were faster than me, but I guess your post is clear enough that makes my post almost unnecessary .
Or not, it looks like Dr Pikachu still does not get it
The rom itself is on the cartridge as is the save. It boots from itself. The Twilight hack boots from an external/internal memory from the host, not the game itself.
Let me clear this thing for you.Problem with the idea however is that the games do not include such an ability otherwise romhackers would be able to directly modify things such as sprites and maps. Which they can't. Cartridges boot themselves, not from an sd.
You do not boot a save, you boot a game, which in 3DS is one very specific memory, let's call this memory A
The save memory is not the same memory as memory A.
The memory A is called ROM, which means Read-Only Memory, basically saying it's not overwriteable,
turning romhacking useless to the case.
The game, which is located in memory A boots normally, as it's unchanged.
At certain point, the game will try to load the save, wich is located in memory B.
Since memory B is obviously overwriteable, there is the best place to put your exploit.
The exploit is inside the save file, and starts running when the game that is in memory A access it, which is in memory B.
Exploit will do it's purpose and them it's done, simple as that.
Hence using an AR. Completely different.
It's not using an Action Replay
Don't take this personally, but you should search a little before saying bullshit