Hacking Working with extinfo.dat and infolib.dat ?

[drwhojan]

Working with extinfo.dat and infolib.dat + Help if possible with your idears ?

How to locate offset's for extinfo.dat - as you see in the image you can work out from there!

Fist you need the correct GameCode and ID: encrypt a copy of your ROM with eNDryptS Advanced
http://www.no-intro.org/tools.htm , run with admin rights for vista and 7's users -

Then get the encrypted GameCode and ID using r4cee http://hp.vector.co.jp/authors/VA013928/bin/r4cce086.zip

Use the encrypted GameID and Code with all extinfo.dat / infolib.dat /savlib.dat

You might need DeSmuME http://desmume.org/

------------------------------------------------------------

First type data to search for

38 40 2D E9 00 0C A0 E1 21 24 80 E1

Extinfo.dat Patch data to apply

00 0C A0 E1 21 04 80 E1 00 10 A0 E3

1. Do a RAM search / Tick all shown on image

2. Reverse DATA to search in RAM: E1 80 24 21 - Need to search lest data 00 and 08 ->00

If still have errcode =-4 patch two of the greens 28 and 29 -> 00

Once the game has bypassed err codes it will boot into two white screens - OK not a problem

Once the game has loaded - Put your microSD chip into reader and Check the LIB folder you code has bean generated but garbled data abit

OK now to do a match - open the file in the lib folder with a hex-editor and your data between lines 180-1D0

Now open the original infolib.dat with TTdT.exe - and look thoughout infolib.dat - look for the bottom line in green 30 09 00 00 94 FB 00 00 - 94 FB will tell you to look out for a match that in the image - 44 EE in blue - then the match will give you all of the arm7 data

True data is marked in green this is what we need to mix! - the red was garbled this is patched in FF's for DSI enhanced games - but is data for DS games

Take a good look yourself - and the pick and mix data is!

A true 95% done!

00 00 00 00 00 00 00 00 44 E3 00 00 00 00 00 00
00 00 00 00 00 00 00 00 9C E3 00 00 C0 E4 00 00
08 E4 00 00 78 E5 00 00 00 00 00 00 00 E6 00 00
38 E7 00 00 2C E8 00 00 xx xx 01 00 FF FF FF FF
18 CF 01 00 FF FF FF FF FF FF FF FF FF FF FF FF
30 09 00 00 94 FB 00 00 FF FF FF FF FF FF FF FF

xx xx - are the only part's that it will not produce - but looking for help on this issue ?

EDIT:

MAP

Green ARM7 Data - Red ARM9 Data

How to get 95% infolib.dat data.avi - video bypassing errcode=-4 and 6

http://www.mediafire.com/?vs2dc249ispo7vo

Any Idears are thought's are welcome ??

 

[bitonio6]

Why you dont post that here -> http://gbatemp.net/t274313-hackers-testers-for-dat-s-files ???

 

[drwhojan]

Please post anythink ? below so i can start a fresh page V!

Chears

 

[Bunie]

Please post anythink ? below so i can start a fresh page V!

Chears

*Post* (?)

Also, Nice job there. Keep up the good work.

 

[drwhojan]

Thank you Bunie! <img src="style_emoticons/<#EMO_DIR#>/smile.gif" style="vertical-align:middle" emoid="" border="0" alt="smile.gif" />

Now for this!

------------------------

<!--sizeo:3--><span style="font-size:12pt;line-height:100%"><!--/sizeo--><!--coloro:#008000--><span style="color:#008000"><!--/coloro-->infolib.dat Structure, Re-map and cleanup , If anyone can make sense of how to use it, please let us and overs know ?<!--colorc--></span><!--/colorc--> <!--sizec--></span><!--/sizec-->

Big XX are data bytes - small xx could be a byte or 00

<!--coloro:#008000--><span style="color:#008000"><!--/coloro-->infolib.dat Structure in spioler<!--colorc--></span><!--/colorc-->

Spoiler

PATCH[0] : 00 00 00 00 ... reserve
PATCH[1] : 00 00 00 00 ... reserve
PATCH[2] : XX XX 00 00 ... [ARM7 RAM offset] Patch_A
PATCH[3] : 00 00 00 00 ... reserve

PATCH[4] : 00 00 00 00 ... resreve
PATCH[5] : 00 00 00 00 ... reserve
PATCH[6] : XX XX 00 00 ... [ARM7 RAM offset] Patch_B (function1:MemoryRead)
PATCH[7] : XX XX 00 00 ... [ARM7 RAM offset] Patch_B (function2:MemoryWrite)

PATCH[8] : XX XX 00 00 ... [ARM7 RAM offset] Patch_B (function2:MemoryWrite)
PATCH[9] : XX XX 00 00 ... [ARM7 RAM offset] Patch_B (function3:WaitDelay)
PATCH[10] : 00 00 00 00 ... [ARM7 RAM offset] Patch_B (function4:MemoryWrite256)
PATCH[11] : XX XX 00 00 ... [ARM7 RAM offset] Patch_B (function5:MemoryWrite64K)

PATCH[12] : XX XX 00 00 ... [ARM7 RAM offset] Patch_B (function6:MemoryWrite512K)
PATCH[13] : XX XX 00 00 ... [ARM7 RAM offset] Patch_B (function7:CardCommand)
PATCH[14] : XX XX xx 00 ... [ARM9 RAM offset] Patch_B (function7:CardCommand)
PATCH[15] : XX XX XX 00 ... [ARM9 RAM offset] Patch_B (function8:CardInitialize)

PATCH[16] : XX XX xx 00 ... [ARM9 RAM offset] Patch_A
PATCH[17] : FF FF FF FF ... [ARM9 RAM offset] Patch_C (functuon7:CardCommand)
PATCH[18] : XX XX xx 00 ... [ARM9 RAM offset] Patch_D (DMA patch)
PATCH[19] : FF FF FF FF ... [ARM9 RAM offset] Patch_E

PATCH[20] : XX XX 00 00 ... [ARM9 RAM offset] Branch Address (Cheat & Reset)
PATCH[21] : XX XX xx 00 ... [ARM7 Execute RAM offset] Branch Address (Cheat & Reset)
PATCH[22] : FF FF FF FF ... reserve
PATCH[23] : FF FF FF FF ... reserve


infolib.dat is, ARM7, ARM9 offset addresses are recorded to be deployed patch program memory.

· ARM9: If the compression code, and the offset address after deployment.
· ARM7: offset address of the memory to be deployed early.
However, offset RAM Execute ARM7 is, ARM7 ?'re confusing offset address that contains the executable code
* These values, even if, ARM code, if odd, THUMB code is embedded.
(Odd case, the embedded address bit0 to 0 respectively)

Embed code, there are four patterns. For convenience, Patch_A, Patch_B, Patch_C, Patch_D call.

Patch_A will only return
Patch_B Patch_C and memory, the patch is deployed 0x023FE000 call each feature of the program.
The Patch_D, DMA code when processing embedded
Patch_E is Animal Crossing? Embed code
PATCH [20], PATCH [21] is, Cheat & Reset to store the memory address of the jump process.



PATCH [2]: Patch_A
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [2]) = E12FFF1E bx r14

If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [2]) = 4770


PATCH [6]: Patch_B (function1)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [6] +0) = E59F3000 ldr r3, [r15]
* (ARM7_RAM_ADDRESS + PATCH [6] +4) = E12FFF13 bx r3
* (ARM7_RAM_ADDRESS + PATCH [6] +8) = 023FE001

If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [6] +0) = 4B00
* (ARM7_RAM_ADDRESS + PATCH [6] +2) = 470C
* (ARM7_RAM_ADDRESS + PATCH [6] +4) = E001
* (ARM7_RAM_ADDRESS + PATCH [6] +6) = 023F

u32 MemoryRead (u32 chip_address, (u8 *) read_buffer, u32 read_size)
entry
r0 = chip_address
r1 = * read_buffer
r2 = read_size

return
r0 = 0

PATCH [7]: Patch_B (function2)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [7] +0) = E59F3000 ldr r3, [r15]
* (ARM7_RAM_ADDRESS + PATCH [7] +4) = E12FFF13 bx r3
* (ARM7_RAM_ADDRESS + PATCH [7] +8) = 023FE00B

If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [7] +0) = 4B00
* (ARM7_RAM_ADDRESS + PATCH [7] +2) = 470C
* (ARM7_RAM_ADDRESS + PATCH [7] +4) = E00B
* (ARM7_RAM_ADDRESS + PATCH [7] +6) = 023F

void MemoryWrite (u32 chip_address, (u8 *) write_buffer, u32 write_size)
entry
r0 = chip_address
r1 = * write_buffer
r2 = write_size


PATCH [8]: Patch_B (function2)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [8] +0) = E59F3000 ldr r3, [r15]
* (ARM7_RAM_ADDRESS + PATCH [8] +4) = E12FFF13 bx r3
* (ARM7_RAM_ADDRESS + PATCH [8] +8) = 023FE00B

If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [8] +0) = 4B00
* (ARM7_RAM_ADDRESS + PATCH [8] +2) = 470C
* (ARM7_RAM_ADDRESS + PATCH [8] +4) = E00B
* (ARM7_RAM_ADDRESS + PATCH [8] +6) = 023F

void MemoryWrite (u32 chip_address, (u8 *) write_buffer, u32 write_size)
entry
r0 = chip_address
r1 = * write_buffer
r2 = write_size


PATCH [9]: Patch_B (function3)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [9] +0) = E59F3000 ldr r3, [r15]
* (ARM7_RAM_ADDRESS + PATCH [9] +4) = E12FFF13 bx r3
* (ARM7_RAM_ADDRESS + PATCH [9] +8) = 023FE015

If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [9] +0) = 4B00
* (ARM7_RAM_ADDRESS + PATCH [9] +2) = 470C
* (ARM7_RAM_ADDRESS + PATCH [9] +4) = E015
* (ARM7_RAM_ADDRESS + PATCH [9] +6) = 023F

void WaitDelay (void)


PATCH [10]: Patch_B (function4)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [10] +0) = E59F2000 ldr r2, [r15]
* (ARM7_RAM_ADDRESS + PATCH [10] +4) = E12FFF12 bx r2
* (ARM7_RAM_ADDRESS + PATCH [10] +8) = 023FE01F

If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [10] +0) = 4A00
* (ARM7_RAM_ADDRESS + PATCH [10] +2) = 4708
* (ARM7_RAM_ADDRESS + PATCH [10] +4) = E01F
* (ARM7_RAM_ADDRESS + PATCH [10] +6) = 023F

void MemoryWrite256 (u32 chip_address)
entry
r0 = chip_address


PATCH [11]: Patch_B (function5)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [11] +0) = E59F2000 ldr r2, [r15]
* (ARM7_RAM_ADDRESS + PATCH [11] +4) = E12FFF12 bx r2
* (ARM7_RAM_ADDRESS + PATCH [11] +8) = 023FE029

If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [11] +0) = 4A00
* (ARM7_RAM_ADDRESS + PATCH [11] +2) = 4708
* (ARM7_RAM_ADDRESS + PATCH [11] +4) = E029
* (ARM7_RAM_ADDRESS + PATCH [11] +6) = 023F

void MemoryWrite64K (u32 chip_address)
entry
r0 = chip_address


PATCH [12]: Patch_B (function6)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [12] +0) = E59F1000 ldr r1, [r15]
* (ARM7_RAM_ADDRESS + PATCH [12] +4) = E12FFF11 bx r1
* (ARM7_RAM_ADDRESS + PATCH [12] +8) = 023FE033

If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [12] +0) = 4900
* (ARM7_RAM_ADDRESS + PATCH [12] +2) = 4704
* (ARM7_RAM_ADDRESS + PATCH [12] +4) = E033
* (ARM7_RAM_ADDRESS + PATCH [12] +6) = 023F

void MemoryWrite512K (void)


PATCH [13]: Patch_B (function7)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [13] +0) = E59F2000 ldr r2, [r15]
* (ARM7_RAM_ADDRESS + PATCH [13] +4) = E12FFF12 bx r2
* (ARM7_RAM_ADDRESS + PATCH [13] +8) = 023FE03D

If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [13] +0) = 4A00
* (ARM7_RAM_ADDRESS + PATCH [13] +2) = 4708
* (ARM7_RAM_ADDRESS + PATCH [13] +4) = E03D
* (ARM7_RAM_ADDRESS + PATCH [13] +6) = 023F

void CardCommand (u32 command)
entry
r0 = command (Gamecard bus command)


PATCH [14]: Patch_B (function7)
If your code · ARM
* (ARM9_RAM_ADDRESS + PATCH [14] +0) = E59F2000 ldr r2, [r15]
* (ARM9_RAM_ADDRESS + PATCH [14] +4) = E12FFF12 bx r2
* (ARM9_RAM_ADDRESS + PATCH [14] +8) = 023FE03D

If your code · THUMB
* (ARM9_RAM_ADDRESS + PATCH [14] +0) = 4A00
* (ARM9_RAM_ADDRESS + PATCH [14] +2) = 4708
* (ARM9_RAM_ADDRESS + PATCH [14] +4) = E03D
* (ARM9_RAM_ADDRESS + PATCH [14] +6) = 023F

void CardCommand (u32 command)
entry
r0 = command (Gamecard bus command)


PATCH [15]: Patch_B (function8)
If your code · ARM
* (ARM9_RAM_ADDRESS + PATCH [15] +0) = E59F1000 ldr r1, [r15]
* (ARM9_RAM_ADDRESS + PATCH [15] +4) = E12FFF11 bx r1
* (ARM9_RAM_ADDRESS + PATCH [15] +8) = 023FE047

If your code · THUMB
* (ARM9_RAM_ADDRESS + PATCH [15] +0) = 4900
* (ARM9_RAM_ADDRESS + PATCH [15] +2) = 4704
* (ARM9_RAM_ADDRESS + PATCH [15] +4) = E047
* (ARM9_RAM_ADDRESS + PATCH [15] +6) = 023F

void CardInitialize (void)


PATCH [16]: Patch_A
If your code · ARM
* (ARM9_RAM_ADDRESS + PATCH [16]) = E12FFF1E bx r14

If your code · THUMB
* (ARM9_RAM_ADDRESS + PATCH [16]) = 4770


PATCH [17]: Patch_C (function7)
If your code · ARM
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x0C) = E92D400F stmdb r13!, (R0, r1, r2, r3, r14)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x10) = E1A0000C mov r0, r12
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x14) = E1A01005 mov r1, r5
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x18) = E28FE008 add r14, r15, # 0x8
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x1C) = E59F2000 ldr r2, [r15]
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x20) = E12FFF12 bx r2
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x24) = 023FE03D
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x28) = E8BD400F ldmia r13!, (R0, r1, r2, r3, r14)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x2C) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x30) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x34) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x38) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x3C) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x40) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x44) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x48) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x4C) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x50) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x54) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x58) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x5C) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x60) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x64) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x68) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x6C) = -------- skip
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x70) = E1A00000 nop (mov r0, r0)

If your code · THUMB
No

void CardCommand (u32 command)
entry
r0 = command (Gamecard bus command)


PATCH [18]: Patch_D
If your code · ARM
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x00) = E59F1010 ldr r1, [r15, # +0 x10]
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x04) = E5911000 ldr r1, [r1, # +0 x0]
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x08) = E38114A1 orr r1, r1, # 0xA1000000
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x0c) = E5801004 str r1, [r0, # +0 x4]
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x10) = E3A00000 mov r0, # 0x0
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x14) = E12FFF1E bx r14
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x18) = 027FFE60

If your code · THUMB
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x00) = 4903
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x02) = 6809
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x04) = 4A03
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x06) = 4311
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x08) = 6041
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x0a) = 2000
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x0c) = 4770
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x0e) = 0000
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x10) = FE60
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x12) = 027F
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x14) = 0000
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x16) = A100


PATCH [19]: Patch_E
pending

MAP of Sploiler data

<img src="http://i377.photobucket.com/albums/oo212/drwhojan/infolib-2.png" border="0" class="linked-image" />


EDIT:

Basicly I'm looking for someone who know's how to find this area ? - are what to do with it ?

PATCH [14]: Patch_B (function7)
If your code · ARM
* (ARM9_RAM_ADDRESS + PATCH [14] +0) = E59F2000 ldr r2, [r15]
* (ARM9_RAM_ADDRESS + PATCH [14] +4) = E12FFF12 bx r2
* (ARM9_RAM_ADDRESS + PATCH [14] +8) = 023FE03D

If your code · THUMB
* (ARM9_RAM_ADDRESS + PATCH [14] +0) = 4A00
* (ARM9_RAM_ADDRESS + PATCH [14] +2) = 4708
* (ARM9_RAM_ADDRESS + PATCH [14] +4) = E03D
* (ARM9_RAM_ADDRESS + PATCH [14] +6) = 023F

void CardCommand (u32 command)
entry
r0 = command (Gamecard bus command)

Thank you drwhojan

 

[magicksun]

howwwwww i want to add one traslation of daisuki zombie in spanish to the info/ext/sav lib and i read this and is chinese for me =(

 

[magicksun]

hey boys , i try to get it , but if i do the first part of do a encripted , and then with the r4cce get the id and code , then put it to the info,ext,sav lib the game works? i try ir , y put the game code and id in the indoextsav , but i don't encripted , maybe becouse i don't encripted don't work?

 

[Elvarg]

REMOVED.

 

[hinze54321]

How to get the first offset video

somwone gave me this to post for him

http://www.mediafire.com/?ph62fqsubszr8y2