Changing server URL in rom.

Discussion in 'NDS - ROM Hacking and Translations' started by TylerHartman, Dec 19, 2016.

  1. TylerHartman
    OP

    TylerHartman GBAtemp Regular

    Member
    184
    34
    Feb 7, 2015
    United States
    Im trying to change the server that is being contacted when the ugoku viewer memo chou rom connects online.
    Ive open the emulators RAM with cheat engine while its being played, heres what Ive got.
    upload_2016-12-19_11-59-41.png

    Now, how would I change this and apply it to the .NDS file?

    Thanks.
     
    Last edited by TylerHartman, Dec 19, 2016
  2. 0x40

    0x40 GBAtemp Regular

    Member
    224
    63
    Apr 20, 2013
    What happens if you just search and replace the url in the rom?
     
  3. TylerHartman
    OP

    TylerHartman GBAtemp Regular

    Member
    184
    34
    Feb 7, 2015
    United States
    Dosnt work like that.
     
  4. 0x40

    0x40 GBAtemp Regular

    Member
    224
    63
    Apr 20, 2013
    Have you tried?
     
  5. TylerHartman
    OP

    TylerHartman GBAtemp Regular

    Member
    184
    34
    Feb 7, 2015
    United States
    With a hex editor yes, absolutely nothing. Know any programs where I can see the raw ASM?
     
  6. 0x40

    0x40 GBAtemp Regular

    Member
    224
    63
    Apr 20, 2013
    What do you mean by "absolutely nothing?"
    Does the rom not contain that string?
     
  7. mikey420

    mikey420 GBAtemp Fan

    Member
    420
    125
    Dec 11, 2015
    United States
    You need to decrypt the ROM and probably patch the executable (or whatever file tells it where to connect) then rebuild/encrypt the ROM its not an easy thing to do. Although. I suppose if you were to use a debugger on the actual DS you could find the URL in memory and patch it on the fly with an action replay style hack.
     
  8. TylerHartman
    OP

    TylerHartman GBAtemp Regular

    Member
    184
    34
    Feb 7, 2015
    United States
    All I saw was a bunch of random characters.

    — Posts automatically merged - Please don't double post! —

    Anyway a noob could do this?

    — Posts automatically merged - Please don't double post! —

    upload_2016-12-19_12-16-59.png upload_2016-12-19_12-17-28.png
    upload_2016-12-19_12-17-46.png
     
  9. 0x40

    0x40 GBAtemp Regular

    Member
    224
    63
    Apr 20, 2013
    Either it uses some weird encoding, or it's encrypted. If it's encrypted, first try googling for nds rom decrypt tool, and if that doesn't work, you'll need to figure out what encryption method it uses somehow.
     
  10. TylerHartman
    OP

    TylerHartman GBAtemp Regular

    Member
    184
    34
    Feb 7, 2015
    United States
    Ill try that, Thanks!
     
  11. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,899
    5,046
    Mar 17, 2010
    Norway
    Alola
    You need the No$GBA debugger (licenses are not cheap but there is a pirated version floating around somewhere ;)) Cheat Engine is only designed for x86/64 assembly, not ARM assembly like the DS uses.
    As for editing the ROM, I believe you can open the ROM in Every File Explorer and extract the arm7.bin/arm9.bin, the URL might be stored in there.
     
    Last edited by The Real Jdbye, Dec 19, 2016
  12. TylerHartman
    OP

    TylerHartman GBAtemp Regular

    Member
    184
    34
    Feb 7, 2015
    United States
    Already have it
     
  13. mikey420

    mikey420 GBAtemp Fan

    Member
    420
    125
    Dec 11, 2015
    United States
    I'm unsure what debugging options the DS offers but if they work similar to the GC/Wii remote debuggers then it would be just about as simple as finding the memory address this is stored at by searching the hex string you found with cheat engine. Once you know the memory region you need to overwrite you will then need knowledge of the different code types for the cheat tool you are using... Without knowledge of cheat making for the DS this will be extremely difficult to do and I'm not the guy to ask about this. But I'm sure if you can provide the memory range the string is found/provide a ram dump of the game someone could easily put together the code for you to use. Though finding this data would require use of the native hardware as I'm pretty sure memory addresses don't translate over from the emulator. Though they may if the emulation is extremely accurate
     
  14. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23,370
    9,170
    Nov 21, 2005
    If you pulled it out of RAM like that then it was probably in a binary or an overlay (it is where we tended to see urls, see something the save DS wifi project for more on that). Said binary could well be compressed and binary compression is often a rather different one to other things, though it is hardly an unknown. Crystaltile2 can handle it (when you right click arm9.bin it will hopefully have a decompress option) and there are many others, Cue's DS tools will refer to it as BLZ (backwards LZ, referring to the name it is known to the world as) where others might use the term DS binary compression.

    Technically you can reinsert an uncompressed binary or overlay (might have to flick a flag somewhere in the header to say it is uncompressed) but for this it is probably just as easy to compress again.

    There is encryption involved in DS ROMs (see secure area if you are bored, or don't as nobody really cares about it*) but nothing that will bother you here or really anybody. Bonus is when doing the ds wifi stuff it was seen that most games and servers did not check that anything that originally was sent over https actually was sent securely, most of the patches are then simply to replace the https:// with http:// instead.

    *for the sake of a forum searcher then if you have been lumped with a cart that wants secure area games or your dumps have it secured then use eNDryptS Advanced from http://www.no-intro.org/tools.htm to sort it.
     
    TylerHartman likes this.
  15. TylerHartman
    OP

    TylerHartman GBAtemp Regular

    Member
    184
    34
    Feb 7, 2015
    United States
    Sorry to bug you all but I got stuck again. upload_2016-12-19_12-41-23.png

    — Posts automatically merged - Please don't double post! —

    Ok, I decompressed it using lz77. upload_2016-12-19_12-53-36.png
     
  16. habababa

    habababa Advanced Member

    Newcomer
    62
    1
    Nov 24, 2010
    You have to decompress with BLZ, not LZ77.

    Extract arm9.bin and all the overlays with Crystaltile.
    Download CUE's DS Tools from romhacking.net. Extract BLZ.exe from the archive you downloaded into the same directory that contains arm9.bin and the overlays.
    Open a command line then enter this command
    Code:
    blz -d [filename]
    for every file in that directory.
     
  17. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23,370
    9,170
    Nov 21, 2005
    Though the above method should work just fine and would be what I did when doing things properly if you just want a test.
    Open the ROM in CT2.
    Click on the little DS icon on the top right of the icon list.
    Find the ARM9.bin file in the file list for the game which that previous icon brings up.
    Right click that and there should be an option to decompress it (you can also extract it without touching it if you did want to feed it to cue's stuff).
    CT2 will tend to indicate compression if it is there but can have false positives from time to time (I remember a thread for metroid prime hunters where it did).