ROM Hack Changing server URL in rom.

[TylerHartman]

Im trying to change the server that is being contacted when the ugoku viewer memo chou rom connects online.
Ive open the emulators RAM with cheat engine while its being played, heres what Ive got.

Now, how would I change this and apply it to the .NDS file?

Thanks.

 

[0x40]

What happens if you just search and replace the url in the rom?

 

[TylerHartman]

Dosnt work like that.

 

[0x40]

Dosnt work like that.

Have you tried?

 

[TylerHartman]

With a hex editor yes, absolutely nothing. Know any programs where I can see the raw ASM?

 

[0x40]

With a hex editor yes, absolutely nothing. Know any programs where I can see the raw ASM?

What do you mean by "absolutely nothing?"
Does the rom not contain that string?

 

[mikey420]

You need to decrypt the ROM and probably patch the executable (or whatever file tells it where to connect) then rebuild/encrypt the ROM its not an easy thing to do. Although. I suppose if you were to use a debugger on the actual DS you could find the URL in memory and patch it on the fly with an action replay style hack.

 

[TylerHartman]

All I saw was a bunch of random characters.

--------------------- MERGED ---------------------------

You need to decrypt the ROM and probably patch the executable (or whatever file tells it where to connect) then rebuild/encrypt the ROM its not an easy thing to do. Although. I suppose if you were to use a debugger on the actual DS you could find the URL in memory and patch it on the fly with an action replay style hack.

Anyway a noob could do this?

--------------------- MERGED ---------------------------

What do you mean by "absolutely nothing?"
Does the rom not contain that string?

 

[0x40]

All I saw was a bunch of random characters.

--------------------- MERGED ---------------------------


Anyway a noob could do this?

--------------------- MERGED ---------------------------


View attachment 72480View attachment 72481
View attachment 72482

Either it uses some weird encoding, or it's encrypted. If it's encrypted, first try googling for nds rom decrypt tool, and if that doesn't work, you'll need to figure out what encryption method it uses somehow.

 

[TylerHartman]

Either it uses some weird encoding, or it's encrypted. If it's encrypted, first try googling for nds rom decrypt tool, and if that doesn't work, you'll need to figure out what encryption method it uses somehow.

Ill try that, Thanks!

 

[The Real Jdbye]

With a hex editor yes, absolutely nothing. Know any programs where I can see the raw ASM?

You need the No$GBA debugger (licenses are not cheap but there is a pirated version floating around somewhere ) Cheat Engine is only designed for x86/64 assembly, not ARM assembly like the DS uses.
As for editing the ROM, I believe you can open the ROM in Every File Explorer and extract the arm7.bin/arm9.bin, the URL might be stored in there.

 

[TylerHartman]

Already have it

 

[mikey420]

I'm unsure what debugging options the DS offers but if they work similar to the GC/Wii remote debuggers then it would be just about as simple as finding the memory address this is stored at by searching the hex string you found with cheat engine. Once you know the memory region you need to overwrite you will then need knowledge of the different code types for the cheat tool you are using... Without knowledge of cheat making for the DS this will be extremely difficult to do and I'm not the guy to ask about this. But I'm sure if you can provide the memory range the string is found/provide a ram dump of the game someone could easily put together the code for you to use. Though finding this data would require use of the native hardware as I'm pretty sure memory addresses don't translate over from the emulator. Though they may if the emulation is extremely accurate

 

[FAST6191]

If you pulled it out of RAM like that then it was probably in a binary or an overlay (it is where we tended to see urls, see something the save DS wifi project for more on that). Said binary could well be compressed and binary compression is often a rather different one to other things, though it is hardly an unknown. Crystaltile2 can handle it (when you right click arm9.bin it will hopefully have a decompress option) and there are many others, Cue's DS tools will refer to it as BLZ (backwards LZ, referring to the name it is known to the world as) where others might use the term DS binary compression.

Technically you can reinsert an uncompressed binary or overlay (might have to flick a flag somewhere in the header to say it is uncompressed) but for this it is probably just as easy to compress again.

There is encryption involved in DS ROMs (see secure area if you are bored, or don't as nobody really cares about it*) but nothing that will bother you here or really anybody. Bonus is when doing the ds wifi stuff it was seen that most games and servers did not check that anything that originally was sent over https actually was sent securely, most of the patches are then simply to replace the https:// with http:// instead.

*for the sake of a forum searcher then if you have been lumped with a cart that wants secure area games or your dumps have it secured then use eNDryptS Advanced from http://www.no-intro.org/tools.htm to sort it.

 

[TylerHartman]

Sorry to bug you all but I got stuck again.

--------------------- MERGED ---------------------------

Ok, I decompressed it using lz77.

 

[habababa]

You have to decompress with BLZ, not LZ77.

Extract arm9.bin and all the overlays with Crystaltile.
Download CUE's DS Tools from romhacking.net. Extract BLZ.exe from the archive you downloaded into the same directory that contains arm9.bin and the overlays.
Open a command line then enter this command

blz -d [filename]

for every file in that directory.

 

[FAST6191]

Though the above method should work just fine and would be what I did when doing things properly if you just want a test.
Open the ROM in CT2.
Click on the little DS icon on the top right of the icon list.
Find the ARM9.bin file in the file list for the game which that previous icon brings up.
Right click that and there should be an option to decompress it (you can also extract it without touching it if you did want to feed it to cue's stuff).
CT2 will tend to indicate compression if it is there but can have false positives from time to time (I remember a thread for metroid prime hunters where it did).