Reverse engineer NDS Backup Plus

Discussion in 'NDS - ROM Hacking and Translations' started by cornaljoe, Apr 16, 2010.

  1. cornaljoe

    cornaljoe GBAtemp Advanced Fan

    Jan 13, 2006
    United States
    I've been trying to find a way to backup and restore my Pokemon SS save to my flashcart. All the current homebrew methods don't work. The only thing that works is the NDS Backup Plus due to it's ability to update it's firmware. So it is possible through a software fix. I'm in the process of dissassembling the firmware, but it's been awhile and I'm kinda rusty. Anyone who wants to help out just post in this thread. I'll also update this post with my progress.

    NDS Backup Plus firmware DL page: Here.
  2. TM2-Megatron

    TM2-Megatron Predacon Commander

    Feb 10, 2009
    Toronto, Ontario, Canada
    Good luck with this; I wish I could help with actually reverse engineering the thing, but I don't know much about programming things like this (though I'm always wanting to learn; need to start on that sometime).

    Mods should consider making this thread a sticky, as it's a worthwhile project and there still seems to be quite a few posts about dumping Hg/Ss saves in various sections of GBAtemp, almost daily. Also it'd be more likely that anyone capable of helping would actually see the post and contribute if it were sticked, as opposed to it just getting buried under a bunch of other posts after a few days.

    Hopefully once we know exactly how the NDS Adapter Plus works, updates for the current range of hombrew dumping apps (Rudolph's being first and foremost, I think) can be created.
  3. fearofshorts

    fearofshorts GBAtemp Fan

    Jul 12, 2009
    Good luck with this project! It sounds like it'll be really useful if you can complete it.
  4. gameguy95

    gameguy95 Needs More Furries!

    Jan 27, 2009
    United States
    i hope so
  5. FAST6191

    FAST6191 Techromancer

    pip Reporter
    Nov 21, 2005
    United Kingdom
    I support this project not that I really care about pokemon but because I suspect this will spread to a few other games as time goes on (it is a hardware thing though so it is not like a new save type and similarly being hardware it will probably mean it has a good use in a game). I skimmed the pokemon thread around here ( ) where a hardware mod was done though and by the looks of it I would agree that it could be done in software (the game itself is sure to have the necessary data).

    According to the that thread the cart differs in hardware courtesy of the pokewalker thing- the game essentially has two saves accessed by the conventional pins, the extra hardware comes in to allow choosing between the onboard save memory and the pokewalker adding another layer to the save dumping protocol ( scroll down a bit) hence the previous tools (which were quite "dumb") not working. The hardware hack bypasses the new hardware (for an EEPROM chip to work you usually first select it via the CS (chip select) pin) essentially rendering it a standard save memory chip while the object of this sort of project would be to gain enough knowledge of the new layer to allow save chip selection.

    I will however say it would probably be easier to reverse engineer it from a hardware perspective/at a protocol level than going in and trying to reverse engineer some firmware for an unknown (to you) "processor" that the NDS Backup Plus uses, this also assumes the developers made life easy for such projects (bad coding, deliberate obfuscation, encryption, compression, just an update (diff) and so on are all common enough in such circles).

    Something like might work/be useful if you were to head into the software side of things or analysed the payloads but the fact there is some firmware available (assuming it is firmware and not just using the name) there is surely some signals changing hardware inside the tool itself beyond the basic voltage changing and smoothing so a protocol analyser will become necessary.

    A DS cartridge pinout:

    You need not follow the goings on for all the pins either if you are only trying for the cart level protocol in dealing with the "CS" level stuff then it might be possible even without a NDS backup plus (outside shot at doing it on a basic (data storing) oscilloscope assuming you only want to follow the would be "CS" pin, not sure of the clock speeds involved but it might even be in the line in port regime).