How Patch Roms Using Cheats?

Discussion in 'NDS - Console and Game Discussions' started by Sabregod, Apr 13, 2010.

Apr 13, 2010

How Patch Roms Using Cheats? by Sabregod at 12:28 AM (1,419 Views / 0 Likes) 4 replies

  1. Sabregod
    OP

    Member Sabregod GBAtemp Regular

    Joined:
    Jan 24, 2010
    Messages:
    240
    Location:
    Canada
    Country:
    Canada
    Hi To All,

    Is there any Program or any tutorial that can help me patch Roms by using cheats? I have some codes that can fix new AP Games. So my question is how to use these codes to patch roms [​IMG]
     
  2. ShinRyouma

    Member ShinRyouma GBAtemp Advanced Fan

    Joined:
    Dec 6, 2008
    Messages:
    956
    Location:
    Surabaya
    Country:
    Indonesia
    Game fix codes are usually used like other cheat codes, except they have to be on everytime we play the games. If you have some Game fix codes you can submit them here http://cheats.gbatemp.net/forum/nds/
     
  3. FAST6191

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,743
    Country:
    United Kingdom
    I assume this is a request from a person wanting to be a hacker rather than someone without a decent flash card or something similar (my reply will certain be geared towards the former).

    Cheats are little more than lists of memory locations and what you want done to said locations, later hacking tools added a few methods to this list like if greater/less than but the general idea remains the same:
    http://doc.kodewerx.org/hacking_nds.html#action_replay (the document is called enhacklopedia and has many mirrors/forks in various places so if it is down do search for it).
    "Traditionally" this means finding the location of the money/health/ammo in a game and holding that value at a given value. As the game binary is held/available in memory for most modern consoles including the DS you can target this memory that the console sees and as data in a game binary is the same as regular data in memory as far as cheats are concerned you can do interesting things including defeating anti piracy/anti cheat protection (in the case of the DS they can operate in the same way although the DS does also feature games with more traditional anti cheat methods like mirrored and game level encrypted memory).

    AP defeating cheats almost always target the rom binaries and/or overlays* with the aim of writing out the AP code sections with either a jump, a NOP or whatever else to bypass the code section (this is what the cheat payload is and why it is not necessarily just a bunch of random numbers) when they are in memory and this is where it can tricky:

    You could use something like NDSATM to hardpatch the cheats in but the way the later versions of the app work (using interrupts and the like rather than memory location searching/replacement/injection which makes it far better for "general" cheats will not be ideal for AP defeating cheats especially if the AP is loaded at game start and before your interrupts can be triggered).

    Still http://nocash.emubase.de/gbatek.htm#dsmemorymaps tells us what to look for in the ram (desmume has a memory viewer if you lack the developers/hackers version of no$gba or your rom will not work in it- these AP methods can also target emulators with no$gba usually falling prey) which you can relate back to the binaries (the arm7.bin, the arm9.bin and the overlays you see when you pull a rom apart) as necessary.
    Edited in from post below and my reply:
    NDSTS should tell you the arm7 and arm9 execute location and thus give you pretty much everything you need.

    [​IMG]

    correct if utterly redundant information
    Now all you have to do is take the offset from the locations you already have*. From there you appear to have all the data you should need to sort this.

    *for the sake of example you find CS3E - 4743 - Sonic & SEGA All-Stars Racing starts the ARM9 binary at 020c0000h so you just take c0000 from the memory locations you just listed

    0x020c9edc
    00 06 09 0A 08 43 00 21

    This would mean at 9edc in the ARM9 binary you pluck out from the rom (as you should not be changing the size I would use something like NDSTS for this rather than ndstool) you change whatever is there to 00 06 09 0A 08 43 00 21

    The enhacklopedia link tells you how to decode cheats, the ram viewer and cheat itself will help you locate the relevant data and your hex editor should be able to change things (search and replace, finding nearby data and so on) while again the cheat provides the payload you want to change the data with. Modern games has been seen to have many AP sections (even to the point of noticeably slowing the game down) so this search and replace can take a while (probably not as long as it took the hacker(s) to initially track them all down mind).

    Problem 2 is that the game binaries can be compressed in various methods when they are stored in the rom image but that is veering into more traditional rom hacking not to mention if you just porting cheats it can be bypassed in various more interesting ways than the initial hacker would have (you can cancel compression at some level (sometimes that is not necessary) or just recompress from a binary snatched from the ram viewer of an emulator).


    *overlays are an older computing method used by the DS to extend the binaries while saving memory, as such they are usually only loaded when necessary and the basic cheats might cause trouble if they patch over another overlay's memory. However AP code has been seen several times sitting in overlays so be aware of this, this is more of a problem to the would be cheat maker though.
     
  4. Sabregod
    OP

    Member Sabregod GBAtemp Regular

    Joined:
    Jan 24, 2010
    Messages:
    240
    Location:
    Canada
    Country:
    Canada
    Well, I don't have a decent flash cart [​IMG] Below you will see the locations the rom patches in the NDS memory
    I hope someone can make into an AR code for it work out to offset in the rom memory to make a patch but i don't know how to do that [​IMG]



    CS3E - 4743 - Sonic & SEGA All-Stars Racing

    0x020c9edc
    00 06 09 0A 08 43 00 21

    0x0233a1a8
    04 4A BA 42 02 D1 80 22 92 00 BF 18 01 A2 17 60
    4F 60 0D E1 FF FF FF FF FF FF FF FF

    0x0233a3d4
    0A 60 E7 E6

    0x02339fa8
    94 E8 3F 02

    0x0233a2d8
    85 42 3A E0

    0x0233a228
    B8 20 00 23 88 60 CB 60 01 4A 01 3B 13 60 01 E0
    B8 E8 3F 02

    0xc2339e40
    F8 B5 04 1C

    0x02339e50
    09 E0 55 4F

    0x02339e70
    4B 48 53 21

    0x02339ed0
    43 1C 03 E0

    0x0233a50c
    03 E0 00 21

    0xd0000000


    UORE - 4812 - WarioWare D.I.Y.

    0x020038a0
    1E FF 2F E1

    0x02003110
    01 00 A0 E3 1E FF 2F E1

    0x02003ab4
    03 00 A0 E3 1E FF 2F E1

    0x02003acc
    00 00 A0 E3 1E FF 2F E1

    0x0200355c
    08 40 2D E9 00 30 A0 E1 01 00 A0 E1 03 10 A0 E1
    08 E0 8F E2 00 30 9F E5 13 FF 2F E1 0B E0 3F 02
    01 00 A0 E3 08 80 BD E8

    0x02003928
    08 40 2D E9 00 30 A0 E1 01 00 A0 E1 03 10 A0 E1
    08 E0 8F E2 00 30 9F E5 13 FF 2F E1 01 E0 3F 02
    01 00 A0 E3 08 80 BD E8

    VSOE - 4757 - Sonic Classic Collection

    0x02078d78
    00 0C A0 E1 21 04 80 E1 00 10 A0 E3

    0x0233a1a8
    04 4A BA 42 02 D1 80 22 92 00 BF 18 01 A2 17 60
    4F 60 0D E1 FF FF FF FF FF FF FF FF

    0x0233a3d4
    0A 60 E7 E6

    0x02339fa8
    94 E8 3F 02

    0x0233a2d8
    85 42 3A E0

    0x0233a228
    B8 20 00 23 88 60 CB 60 01 4A 01 3B 13 60 01 E0
    B8 E8 3F 02

    0x02380694
    00 00 A0 E1

    0xc2339e40
    F8 B5 04 1C

    0x02339e50
    09 E0 55 4F

    0x02339e70
    4B 48 53 21

    0x02339ed0
    43 1C 03 E0

    0x0233a50c
    03 E0 00 21

    0xd0000000
     
  5. FAST6191

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,743
    Country:
    United Kingdom
    My apologies the rest of that sentence should have read [without a decent flash card or something similar] looking for a quick fix.

    Edit: Here I go embarrassing myself- NDSTS should tell you the arm7 and arm9 execute location and thus give you everything you need.

    [​IMG]

    correct if utterly redundant information
    Now all you have to do is take the offset from the locations you already have*. From there you appear to have all the data you should need to sort this.

    *for the sake of example you find CS3E - 4743 - Sonic & SEGA All-Stars Racing starts the ARM9 binary at 020c0000h so you just take c0000 from the memory locations you just listed

    0x020c9edc
    00 06 09 0A 08 43 00 21

    This would mean at 9edc in the ARM9 binary you pluck out from the rom (as you should not be changing the size I would use something like NDSTS for this rather than ndstool) you change whatever is there to 00 06 09 0A 08 43 00 21
     

Share This Page