How to patch the NSMB image to get NEWER

Discussion in 'Wii - Hacking' started by Wiimm, Jun 9, 2013.

  1. Wiimm
    OP

    Wiimm Developer

    Member
    2,159
    368
    Aug 11, 2009
    Gambia, The
    Germany
    This is a first idea. I have no time or interests to do it, but I 'll show you a way, how it could be done.


    How to:

    1. Extract image: wit extract nsmb.wbfs nsmb.d
    2. Replace and copy new files to nsmb.d/files/... following the instructions of the XML file.
    3. Patch main.dol (see below).
    4. Patch the loader (see below).
    5. Create a new image with:
      wit copy nsmb.d -ovv newer-smb.wbfs --id=K --name "Newer SMB"
    Patch main.dol

    First we look inside main.dol, using "wit DUMP" (wit is more than an image tool):
    Warning: Spoilers inside!
    The second table shows the virtual addresses of a loaded/running image, divided into sections. The first table shows the related offsets of the file.

    Let us analyse a singe <memory> tag (PAL):
    Code:
    <memory offset="0x800E4E84" value="38600000" original="3863330C" />
    
    800E4E84 lays in "text section #1" at offset 800E4E84-80006780 = DE704. The first table says, the file offset is 27C0+DE704 = E0EC4. Let us look into a hexdump of main.dol:
    Code:
    e0ec0: 3c 60 80 2f  38 63 33 0c  48 1f 29 19  38 60 00 3f  :<`./8c3.H.).8`.?:
    		    ^^^^^^^^^^^
    
    We find the value of attribute "original=" at the offset. Replace it by 38600000, and this single patch is done.

    Now do this patch with all memory tags.


    Patch the loader

    The only problem, I see is:
    Code:
    <memory offset="0x80001800" valuefile="Loader.bin" />
    
    I don't know, what to do with this. it is loaded before main.dol. Is it the IMGLOADER.BIN? The file "Loader.bin" is available in the newer distrib.
     
    DeadlyFoez likes this.


  2. Treeki

    Treeki GBAtemp Regular

    Member
    203
    23
    Aug 1, 2007
    Gibraltar
    Rogueport
    Loader.bin is just a small thing which detects the game version, reads the appropriate files containing code+binary patches from the "disc" (well, in Riivolution's case they're not on the disc, but whatever) and applies them. It's VERY important for Newer to work at all.

    The included version is built to be loaded at 0x80001800, so you've got to place it there... not sure if you're able to do that with the .dol format though.


    If someone really wanted to, they could move it to another address, edit the code inside loader.bin (it's just a blob of PPC ASM with a few strings at the end) to fix the lis/ori addresses and change the memory patch that writes 80001800 to a pointer to the new loader location.

    I wonder if anyone with enough knowledge to do it will actually do it and release it, though :P

    Also, don't expand the .dol sections. If you do that, the load address of the .rels will change and it'll totally screw up the new code.
     
    DeadlyFoez likes this.
  3. secretchaos1

    secretchaos1 Advanced Member

    Newcomer
    97
    7
    Apr 5, 2009
    Canada
    I really wish I had knowledge on asm to take a stab at this, but I'm afraid I probably wouldn't be able to figure out much of anything without a lot of learning. Hopefully someone comes by with the right know how to make it work, since it seems like you guys have really laid out most of the instructions for them. It's great to see that there's actual attempts being made towards making this happen instead of just arguments.
    Looking forward to playing Newer soon as well, it looks like you guys put together a better sequel than the bland looking ones Ninty has rolled out lately.
     
  4. Hoowahman

    Hoowahman Member

    Newcomer
    16
    1
    Sep 13, 2006
    Has anyone attempted this? Seems promising!
     
  5. Wiimm
    OP

    Wiimm Developer

    Member
    2,159
    368
    Aug 11, 2009
    Gambia, The
    Germany
    That's the stuff Treeki and damysteryman talk about in the other thread, where you have posted a few minutes ago.
     
  6. SifJar

    SifJar Not a pirate

    Member
    6,022
    892
    Apr 4, 2009
    Just to see if I've got this right - so something like this:


    Code:
     164:    3f e0 80 00    lis    r31,-32768 ;0x8000
    168:    63 ff 18 04    ori    r31,r31,6148 ;0x1804
    refers to the offset 0x4 within the file, so if loader.bin was going to be located at, say, 0x80001700, the above would become something like this:

    Code:
    lis        r31,-32768 ;0x8000
    ori        r31,r31,5892 ;0x1704


    And this would have do be done for all lis/ori pairs?

    (I couldn't really be bothered following through with this, just curious if I'm on the right tracks)
     
  7. Treeki

    Treeki GBAtemp Regular

    Member
    203
    23
    Aug 1, 2007
    Gibraltar
    Rogueport
    Yes, that sounds about right :P
     
    SifJar likes this.
  8. JasonP27

    JasonP27 The Tile God

    Newcomer
    34
    3
    Aug 5, 2010
    ok so the Newer Summer Sun PAL xml - first memory tag
    memory offset="0x800E4914" value="3C600140" original="3C600120"
    800E4914-80006780 = D E194
    27C0 + D E194 = E 0954
    but at the PAL main.dol offset E 0954 there is no value of 3C600120
    it's all 00000000
    so what am I doing wrong?
     
  9. SifJar

    SifJar Not a pirate

    Member
    6,022
    892
    Apr 4, 2009
    That's the JPN offset. The PAL one is 0x800E4A84, so offset in DOL is 0xE0AC4
     
    JasonP27 likes this.
  10. JasonP27

    JasonP27 The Tile God

    Newcomer
    34
    3
    Aug 5, 2010
    oh duh ... thanks

    edit: yeah got it now... about to test it out :)

    edit2: :( crashed at the wiistrap screen
     
  11. SifJar

    SifJar Not a pirate

    Member
    6,022
    892
    Apr 4, 2009
    Have you modified and inserted loader.bin, and changed the memory patch which patches the address of loader.bin? If not, it's not going to work...
     
  12. damysteryman

    damysteryman I am too busy IRL these days...

    Member
    1,190
    243
    Oct 4, 2007
    I have built and released a package that can easily build a ISO of Newer once you provide it with the Newer files, and a valid NSMBW ISO, currently only the PAL/EURv1 NSMBW ISO is supported atm, but I would like th add support for USA and JPN versions too.

    I just posted it over on the other "main" Newer Released thread.
    Original post here.
     
  13. JasonP27

    JasonP27 The Tile God

    Newcomer
    34
    3
    Aug 5, 2010
    no I figured that out after re-reading Treeki's post... I know where I want to place loader.bin, but can't figure out how to get the offset to add to the values in loader.bin, and how to edit loader.bin... I assume with IDA and set the processor to PPC but it asks about where it starts and press C and I'm just lost lol.

    @damysteryman - I saw it in the other thread... great work :) ... I'm trying to do the Summer Sun one now but not quite knowledgeable enough to modify the loader.bin
     
  14. SifJar

    SifJar Not a pirate

    Member
    6,022
    892
    Apr 4, 2009
    You don't need to use IDA, you can do it with free tools (objdump, as, objcopy; all supplied as part of devkitPro).

    To disassemble the .bin, this is the command:

    powerpc-eabi-objdump -D -b binary -m powerpc -EB Loader.bin > Loader.S

    That'll get you a .S file with all the ASM. Inside look for lis and ori commands, like the ones I posted above. Once you've worked out what to change them to, create a new .S file with contents like this:

    Code:
    lis        r31,-32768 ;0x8000
    ori        r31,r31,5892 ;0x1704
    Then compile this smaller .S file with this command:

    powerpc-eabi-as -mregnames -be example.S

    This will generate a file "a.out", we just want the binary code, so after the above run:

    powerpc-eabi-objcopy -O binary a.out a.bin

    a.bin will (in the above example) now be an 8 byte file containing the two commands above. Open with a hex editor, copy these 8 bytes and overwrite the original 8 bytes in Loader.bin.

    Repeat for each lis & ori pair.

    There are probably simpler ways to do it, but this should work.

    EDIT: Oh, all commands should be run from the "devkitPPC\bin" directory within devkitPro's install directory.
     
    JasonP27 likes this.
  15. JasonP27

    JasonP27 The Tile God

    Newcomer
    34
    3
    Aug 5, 2010
    Yeah that's the part I'm stuck at. I'm not sure how to work out the translations.
    Thanks for the info. Installing devkitPro as I write this. :)
     
  16. damysteryman

    damysteryman I am too busy IRL these days...

    Member
    1,190
    243
    Oct 4, 2007
    Ok, I have managed to acquire .dol files for USA v1 (I think, just trying to double check atm), and for USAv2. So that, along with my EURv1, is 3 versions out of 6 (I think).
    I have also gotten the files for Cannon Bros, Another, Summer Sun, and Newer Holiday Special.
    So I should hopefully be able to convert more of these within the next few days or week or so.
     
    JasonP27 likes this.
  17. JasonP27

    JasonP27 The Tile God

    Newcomer
    34
    3
    Aug 5, 2010
    Well I was gonna definitely do "Another" and maybe the Holiday Special. I'm trying to do Summer Sun too but might not get it right. I'll let you know what I do so you don't have to do them all lol.

    edit: if I want to place loader.bin at 34 43C0, how do I work out the translation to change the addresses in loader.bin?
     
  18. SifJar

    SifJar Not a pirate

    Member
    6,022
    892
    Apr 4, 2009
    Well, with objdump, the numbers are given in decimal. convert to hex and you'll get a 4-digit hex number ("32-bit" number). combine a lis and the subsequent ori and you get a 64-bit number (8 digits) which gives a memory address. Most (all?) of those addresses refer to locations within Loader.bin as it would be loaded in memory. By default it is loaded at 0x80001800, so all addresses should be within 2408 bytes of that (size of Loader.bin). To get the offset within Loader.bin, obviously you just subtract 0x80001800. Then you add the address you're placing Loader.bin at to the offset within Loader.bin to get the new address, and that's the address you use in your modified Loader.bin.

    But are the memory patches etc. actually different in whatever mod it is you're using, or is it just the resources are different? Because if it's just the resources, there's no point re-doing what damysteryman already did with the PPF patch for the DOL...
     
  19. JasonP27

    JasonP27 The Tile God

    Newcomer
    34
    3
    Aug 5, 2010
    There are different memory patches in Newer Summer Sun... much much less patched. However if the loader.bin just loads the same type of patches and the patches do the rest... perhaps the same loader.bin will suffice, and I can copy the changed loader.bin from his pre-patched .dol to my .dol with xml memory patches to form a Summer Sun dol ?
     
  20. damysteryman

    damysteryman I am too busy IRL these days...

    Member
    1,190
    243
    Oct 4, 2007
    @JasonP27:
    Ah ok, either way, just looked at Another, and looks like it also has a Loader, but it is actually inside of the .xml instead of being its own file. Thanks :) THe more you do the less I have to do myself :P

    As for the Loader, you have to find out where it will sit in memory. Do you mean the loader will sit at 0x803443C0 in memory, or is 0x3443C0 an absolute offet in the main.dol file itself?