PassME/FlashME, How Do They Work?

gudenau

Largely ignored
OP
Member
Joined
Jul 7, 2010
Messages
3,882
Trophies
2
Location
/dev/random
Website
www.gudenau.net
XP
5,469
Country
United States
How do PassMe and FlashME jump to the GBA flash cartridges? I have access to the memory on a DS and tried jumping to 0x08000000 but it didn't appear to do anything, what's the correct procedure?
 

SylverReZ

The planet is fine. The people are crazy.
Member
Joined
Sep 13, 2022
Messages
7,341
Trophies
3
Location
The Wired
Website
m4x1mumrez87.neocities.org
XP
22,649
Country
United Kingdom
These files might help you reverse engineer on how it all works. But, it probably works by bypassing Nintendo's security checks with the use of a real cart, similar to those Wisdom Tree NES/SNES pass thru carts.
 

Attachments

  • passkey2-v2.rar
    360.7 KB · Views: 28
  • passme_pack1.3.zip
    68.3 KB · Views: 22
  • passme1.4.zip
    58.1 KB · Views: 26
  • passme2.zip
    71.3 KB · Views: 25
  • passme-iQue.zip
    10.1 KB · Views: 27
  • passme-serial.zip
    12.5 KB · Views: 25
  • Like
Reactions: bilibili2011

metroid maniac

An idiot with an opinion
Member
Joined
May 16, 2009
Messages
2,089
Trophies
2
XP
2,683
Country
How do PassMe and FlashME jump to the GBA flash cartridges? I have access to the memory on a DS and tried jumping to 0x08000000 but it didn't appear to do anything, what's the correct procedure?
ARM7 will jump to 0x080000C0.
ARM9 is held in an infinite loop - write the ARM9 entry address to 0x027FFE24 when ready and it will jump there.
These details were taken from GBATEK.
There is a file, ndsloader.bin. If you concatenate this with a .nds file, it will produce a ROM you can write to a GBA flashcart which bootstraps the ARM7 and ARM9 binaries.
 
  • Like
Reactions: SylverReZ

gudenau

Largely ignored
OP
Member
Joined
Jul 7, 2010
Messages
3,882
Trophies
2
Location
/dev/random
Website
www.gudenau.net
XP
5,469
Country
United States
ARM7 will jump to 0x080000C0.
ARM9 is held in an infinite loop - write the ARM9 entry address to 0x027FFE24 when ready and it will jump there.
These details were taken from GBATEK.
There is a file, ndsloader.bin. If you concatenate this with a .nds file, it will produce a ROM you can write to a GBA flashcart which bootstraps the ARM7 and ARM9 binaries.
So I need to do something like `mov r15, #0x080000C0` on ARM7 and make sure there's a `mov r15, $` at 0x027FFE24 and make ARM9 jump there?

My flash cart should support DS mode, shocking how easy this sounds.
 

metroid maniac

An idiot with an opinion
Member
Joined
May 16, 2009
Messages
2,089
Trophies
2
XP
2,683
Country
So I need to do something like `mov r15, #0x080000C0` on ARM7 and make sure there's a `mov r15, $` at 0x027FFE24 and make ARM9 jump there?

My flash cart should support DS mode, shocking how easy this sounds.
I don't understand, are you asking how to make a bootable slot-2 cartridge or are you asking how to boot a slot-2 cartridge in NDS mode?
 

FAST6191

Techromancer
Editorial Team
Joined
Nov 21, 2005
Messages
36,798
Trophies
3
XP
28,402
Country
United Kingdom
Depending upon the firmware/hardware revision there was a reason for passme2 which instead used save memory I believe it was. Flashme can do what it likes (custom firmware after all).

That said if this is more about using a GBA flash cart as extra space (presumably for code in this instance, on the rare occasions I do anything here I tend to want bulk data or extra RAM for homebrew that I probably did not write) then yeah I don't think there are any particularly exotic incantations needed.
 

metroid maniac

An idiot with an opinion
Member
Joined
May 16, 2009
Messages
2,089
Trophies
2
XP
2,683
Country
I'm trying to get a SLOT-2 flash cart to run in a dev kit for dubious reasons.
If you want to keep this simple, just concat ndsloader.bin to an .nds file, and write the resulting file to your flashcart.
Code:
cat ndsloader.bin myfirmware.nds > myfirmware.ds.gba
I have attached ndsloader.bin as part of the dslazy tool.

If you wanna get a bit more complicated than that, take a look at the scfw.s file from this project I started a little while ago. You can discard the Supercard specific function, but this assembly program shows how you can make a slot-2 ROM which chainloads an embedded _mb.gba or .nds binary.
 

Attachments

  • dslazy.zip
    151.1 KB · Views: 28
  • Like
Reactions: SylverReZ

gudenau

Largely ignored
OP
Member
Joined
Jul 7, 2010
Messages
3,882
Trophies
2
Location
/dev/random
Website
www.gudenau.net
XP
5,469
Country
United States
Depending upon the firmware/hardware revision there was a reason for passme2 which instead used save memory I believe it was. Flashme can do what it likes (custom firmware after all).

That said if this is more about using a GBA flash cart as extra space (presumably for code in this instance, on the rare occasions I do anything here I tend to want bulk data or extra RAM for homebrew that I probably did not write) then yeah I don't think there are any particularly exotic incantations needed.

It's to use it as a flash cart, I have dumped games that I want to use the devkit to stream without nuking/backing up save files. If I can use the slot-2 flash cart for that instead it would be super nice. Unless you know of a way for me to create my own backup carts for the dev unit, this might be the most viable path forward with this.

If you want to keep this simple, just concat ndsloader.bin to an .nds file, and write the resulting file to your flashcart.
Code:
cat ndsloader.bin myfirmware.nds > myfirmware.ds.gba
I have attached ndsloader.bin as part of the dslazy tool.

If you wanna get a bit more complicated than that, take a look at the scfw.s file from this project I started a little while ago. You can discard the Supercard specific function, but this assembly program shows how you can make a slot-2 ROM which chainloads an embedded _mb.gba or .nds binary.

Would that let you boot into GBA mode and launch a NDS ROM? I thought the hardware used write-once registers that could only be cleared via a hardware reset.
 

SylverReZ

The planet is fine. The people are crazy.
Member
Joined
Sep 13, 2022
Messages
7,341
Trophies
3
Location
The Wired
Website
m4x1mumrez87.neocities.org
XP
22,649
Country
United Kingdom

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • Psionic Roshambo @ Psionic Roshambo:
    Pineapple is the safe word?
  • Psionic Roshambo @ Psionic Roshambo:
    But you said pine apple...
  • Psionic Roshambo @ Psionic Roshambo:
    Ughh gonna be bored today, class for new job has a lot of networking material and I'm certified in that already...
  • Veho @ Veho:
    Peen apple.
    +1
  • Psionic Roshambo @ Psionic Roshambo:
    "pine unf apple" doesn't count! Lol
  • Psionic Roshambo @ Psionic Roshambo:
    Employee code of conduct videos are awesome!!! Did you know eating the other employees is bad? I didn't know... Lol
    +1
  • AncientBoi @ AncientBoi:
    Anymore males there? :blush:
  • Psionic Roshambo @ Psionic Roshambo:
    All of us lol
  • Psionic Roshambo @ Psionic Roshambo:
    I got free every channel so that's awesome lol
    +1
  • AncientBoi @ AncientBoi:
    Give me ALL the gay pron channels, since you won't be watching them :blush::D
    +1
  • Psionic Roshambo @ Psionic Roshambo:
    Lol they exist?
    +1
  • Psionic Roshambo @ Psionic Roshambo:
    Hmmm so Mario Does Luigi's plumbing is a bad movie? Lol
  • Psionic Roshambo @ Psionic Roshambo:
    These videos are soooo dry
  • Psionic Roshambo @ Psionic Roshambo:
    Please click all suspicious links sent your email
    +1
  • BigOnYa @ BigOnYa:
    What to do today? Cut grass for 3-4 hours, or just get drunk and play video games... Hmm
    +1
  • BigOnYa @ BigOnYa:
    I need a remote controlled mower, so I can sit on the couch and do both.
  • BigOnYa @ BigOnYa:
    Sounds good to me, video games and booze it is then.
    +1
  • denpafan @ denpafan:
    Good choice
    +1
  • BigOnYa @ BigOnYa:
    Now what to play, Starfield or Fallout4. And what to drink, beer or Whiskey and Coke. Such tough decisions.
  • BigOnYa @ BigOnYa:
    Looks like its whiskey & coke, only 4 beers left. And think ill start with Falllout. :grog:
  • rqkaiju2 @ rqkaiju2:
    THIS IMAGE IS SO SCARY WTF. THAT SURE AS HELL IS NOT A CAT THATS LIKE A FUCKING DEMON

    Untitled2.png
    rqkaiju2 @ rqkaiju2: THIS IMAGE IS SO SCARY WTF. THAT SURE AS HELL IS NOT A CAT THATS LIKE A FUCKING DEMON