Spoofing DS Slot 2?

Discussion in '3DS - ROM Hacking, Translations and Utilities' started by MegaManTrigger, Jan 16, 2017.

  1. MegaManTrigger
    OP

    MegaManTrigger Newbie

    Newcomer
    4
    0
    Oct 1, 2016
    United States
    I've tried and tried, but the GBAtemp search function simply won't let me use search terms like "slot 2" and "GBA", which seems rather...anti-useful. Not even the mighty Google seems to be of help. Here's hoping a thread will work better.

    I've been looking into hacking Mega Man Battle Network 5: Double Team DS in order to allow the use of the various slot-2 GBA-driven events and abilities (particularly the two Bass Crosses and Sol Cross) on 3DS. While the Wii U VC versions of the GBA titles do allow the use of the two Bass Crosses (and they've been ripped and converted to CIA successfully already), Sol Cross is (to my knowledge) still not available in those, and the rather large number of events driven by various GBA carts are of indeterminate status. Making BN5DS just work on a 3DS without needing a second cartridge slot would still be beneficial.

    The trouble I keep running into is that, as far as I know, there's no way to spoof slot-2 data directly. Thus I put the question to my fellow tinkerers: is there now, or might there theoretically be, a method for spoofing data in slot 2 when running DS games on a 3DS, whether via commercial cart or flashcart?

    (Yes, I'm aware DeSmuME can do this, but I'd like to have the ability to play the full BN5DS on the go, without needing an emulator to spoof slot 2.)
     
  2. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23,508
    9,326
    Nov 21, 2005
    Afraid I have to run so I am going to have to go full hacker in fairly short order, links in my signature if you are less familiar with GBA/DS hacking.

    There are three types of GBA slot reading, four if you count the likes of the browser or homebrew ram pack but let us not go there.

    1) Just uses a header read to see if the game is there.
    2) Uses data from the game to do something.
    3) Use a save from the game to do something.

    Never seen 2) in the wild beyond a proof of concept I did for a ROM hack once (it 32 megs of memory mapped fast read space after all) but it could be seen one day and thus is it in my list.
    The vast, vast majority of these are 1) as I found when I chopped ROMs down to the header, flashed them and tried seeing about bonuses.
    3) is mainly seen in pokemon where you can read the save off it and get various bonuses, pokemon and whatever from your actual save. It troubles flash carts as pokemon uses a flash save where flash carts typically use SRAM (the everdrive may dodge this but you could in turn have other things to contend with that). Fortunately you can patch the DS game to read instead. You encounter a similar issue for some GBA-GC linkups (pokemon titles again and sonic adventure being two most commonly seen).
    https://filetrip.net/nds-downloads/rom-hacks/download-pokepatch-4-2-f27240.html sorts the DS stuff at least though by patching the DS ROM to read from SRAM.

    Anyway you do get to hack or cheat with the game now. Two approaches.
    If it gives you an item then make a conventional item cheat and gain it that way. Easier in the short run really. Save editing and savestate editing are also options for this.
    If you need more, or it is not a one time thing and you need it there all the time, then chances are the code somewhere in the game (probably close to boot, where you load the save or where you unlock it -- for something like advance wars you have to go to the shop) will read
    copy (don't know if ldm or dma or what -- http://problemkaputt.de/gbatek.htm#armopcodesmemoryblockdatatransferldmstm ) segment from header
    compare against known value (quite possibly just the serial number)
    if good jump to GBA present routine
    else carry on with life.

    You then change the if else thing to always jump to the GBA present stuff. It might also be as simple as setting a flag which you can do outside of fiddling with the routine, maybe even with something like DSATM and a cheat.
    Problem for you will be I seem to recall MMBN5 responded to various GBA titles, including solar boy django/boktai in some instances. To that end you might need various hacks to do multiple things, or if it is just flags then maybe see if you can trip several at once.

    You may recognise this as similar to the basic converting an infinite lives cheat to a ROM hack concept and it is.

    The GBA cart is a basically never read location in DS RAM though (08000000 through 09FFFFFF, though for under 16 megabyte games it will be all 08XXXXXX). To that end if you get a disassembly of the DS binary (possibly overlays as well) then you can look for anything that wants to reach out and touch the region just mentioned and it will probably be related to what you want. To that end if you wanted to set a break on read for the GBA header section (early in the cart) you would probably not have too many problems with unrelated reads like you might for general RAM.

    It may also have an element of 3) above in there (I have not looked it up at this point but there might have been some more if you had a completed game in there and that would mean saves play a role).
    Said some instances may have also varied between regions and been locked out of various versions of the game if one or more titles did not appear.
    If it is a save then it will be read differently from a different location (you have gbatek linked already, it will say where saves are found). Hopefully it is just a flag in this case and not needing the whole save like pokemon.

    It may also be possible to hack the 3ds firmware/DS hypervisor to do something, and if you could get it to a general form where it may auto redirect to a given file on SD/NAND that would be nicer than doing individual game hacks, it is however a considerably harder task than tripping some flags in a game or faking out a compare routine.
     
    Last edited by FAST6191, Jan 16, 2017
    MegaManTrigger and Ryccardo like this.
  3. Favna

    Favna #PCMasterRace

    Member
    809
    391
    Sep 12, 2009
    Netherlands
    snip

    FAST6191 debunked this pretty much
     
    Last edited by Favna, Jan 16, 2017 - Reason: snip
  4. Mikemk

    Mikemk GBAtemp Advanced Maniac

    Member
    1,557
    555
    Mar 26, 2015
    United States
    I'd be willing to try to reverse engineer and merge TWL and AGB firm to load 2 roms at once.
    But I'm not good at reverse engineering, so
     
  5. MegaManTrigger
    OP

    MegaManTrigger Newbie

    Newcomer
    4
    0
    Oct 1, 2016
    United States
    http://www.gamefaqs.com/ds/928331-mega-man-battle-network-5-double-team/cheats

    BN5DS may hold the record for most GBA games interacted with via slot 2, sitting at a whopping thirteen. Two of them (the original GBA versions of BN5) use both method 1 and method 3 -- just having the cart inserted will change the default battle music, but BN5DS will also read the save and do one or two things with it: give you the option to import your active chip folder from your GBA game into your DS game, and (if your GBA save has registered the defeat of the secret final boss) give you the option to use a different default ability set for Mega Man when starting a new game. The other eleven games (all versions of BN1-4, plus Boktai 1-3) all use method 1 exclusively -- BN5DS merely detects their presence and changes in-game features accordingly, without reading save data.