├── .gitignore ├── BootLoader ├── Makefile ├── load.ld └── source │ ├── cheat.c │ ├── cheat.h │ ├── cheat_engine.s │ ├── clear_cache.arm9.s │ ├── clear_mem.s │ ├── common.h │ ├── crt0.arm9.s │ ├── encryption.c │ ├── encryption.h │ ├── launch_ds_crt0.s │ ├── main.arm7.c │ ├── main.arm9.c │ ├── read_bios.h │ ├── read_bios.s │ ├── read_card.c │ ├── read_card.h │ ├── reset.arm7.s │ └── reset.arm9.s ├── LICENSE ├── Makefile ├── NitroHax_screen.png ├── README.md ├── arm7 ├── Makefile └── source │ ├── cheat_engine_arm7.c │ ├── cheat_engine_arm7.h │ └── main.c ├── arm9 ├── Makefile ├── graphics │ ├── bgsub.bmp │ ├── bgtop.bmp │ ├── button_file.bmp │ ├── button_folder.bmp │ ├── button_go.bmp │ ├── button_off.bmp │ ├── button_on.bmp │ ├── cursor.bmp │ ├── font.bmp │ ├── scrollbar.bmp │ └── textbox.bmp └── source │ ├── bios_decompress_callback.c │ ├── bios_decompress_callback.h │ ├── cheat.cpp │ ├── cheat.h │ ├── cheat_engine.c │ ├── cheat_engine.h │ ├── consoletext.cpp │ ├── consoletext.h │ ├── crc.c │ ├── crc.h │ ├── main.cpp │ ├── nds_card.c │ ├── nds_card.h │ ├── ui.cpp │ └── ui.h └── icon.bmp /.gitignore: -------------------------------------------------------------------------------- 1 | BootLoader/build 2 | BootLoader/load.bin 3 | arm7/build 4 | arm9/build/ 5 | arm9/data/ 6 | arm9/source/version.h 7 | *.nds 8 | *.elf -------------------------------------------------------------------------------- /BootLoader/Makefile: -------------------------------------------------------------------------------- 1 | #--------------------------------------------------------------------------------- 2 | .SUFFIXES: 3 | #--------------------------------------------------------------------------------- 4 | ifeq ($(strip $(DEVKITARM)),) 5 | $(error "Please set DEVKITARM in your environment. export DEVKITARM=devkitARM) 6 | endif 7 | 8 | -include $(DEVKITARM)/ds_rules 9 | 10 | #--------------------------------------------------------------------------------- 11 | # BUILD is the directory where object files & intermediate files will be placed 12 | # SOURCES is a list of directories containing source code 13 | # INCLUDES is a list of directories containing extra header files 14 | #--------------------------------------------------------------------------------- 15 | export TARGET := load 16 | BUILD := build 17 | SOURCES := source source/patches 18 | INCLUDES := build 19 | SPECS := specs 20 | 21 | #--------------------------------------------------------------------------------- 22 | # options for code generation 23 | #--------------------------------------------------------------------------------- 24 | ARCH := -mthumb-interwork -march=armv4t -mtune=arm7tdmi 25 | 26 | CFLAGS := -g -Wall -O2\ 27 | -fomit-frame-pointer\ 28 | -ffast-math \ 29 | -Wall -Wextra -Werror \ 30 | $(ARCH) 31 | 32 | CFLAGS += $(INCLUDE) -DARM7 33 | 34 | ASFLAGS := -g $(ARCH) $(INCLUDE) 35 | LDFLAGS := -nostartfiles -T$(CURDIR)/../load.ld -g $(ARCH) -Wl,-Map,$(TARGET).map 36 | 37 | LIBS := -lnds7 38 | 39 | #--------------------------------------------------------------------------------- 40 | # list of directories containing libraries, this must be the top level containing 41 | # include and lib 42 | #--------------------------------------------------------------------------------- 43 | LIBDIRS := $(LIBNDS) 44 | 45 | 46 | #--------------------------------------------------------------------------------- 47 | # no real need to edit anything past this point unless you need to add additional 48 | # rules for different file extensions 49 | #--------------------------------------------------------------------------------- 50 | ifneq ($(BUILD),$(notdir $(CURDIR))) 51 | #--------------------------------------------------------------------------------- 52 | 53 | export TARGETBIN := $(CURDIR)/$(TARGET).bin 54 | export ARM7ELF := $(CURDIR)/$(BUILD)/$(TARGET).arm7.elf 55 | export DEPSDIR := $(CURDIR)/$(BUILD) 56 | 57 | export VPATH := $(foreach dir,$(SOURCES),$(CURDIR)/$(dir)) 58 | 59 | export CC := $(PREFIX)gcc 60 | export CXX := $(PREFIX)g++ 61 | export AR := $(PREFIX)ar 62 | export OBJCOPY := $(PREFIX)objcopy 63 | 64 | CFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.c))) 65 | CPPFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.cpp))) 66 | SFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.s))) 67 | 68 | export OFILES := $(CPPFILES:.cpp=.o) $(CFILES:.c=.o) $(SFILES:.s=.o) 69 | 70 | export INCLUDE := $(foreach dir,$(INCLUDES),-I$(CURDIR)/$(dir)) \ 71 | $(foreach dir,$(LIBDIRS),-I$(dir)/include) \ 72 | -I$(CURDIR)/$(BUILD) 73 | 74 | export LIBPATHS := $(foreach dir,$(LIBDIRS),-L$(dir)/lib) 75 | 76 | #--------------------------------------------------------------------------------- 77 | # use CC for linking standard C 78 | #--------------------------------------------------------------------------------- 79 | export LD := $(CC) 80 | #--------------------------------------------------------------------------------- 81 | 82 | .PHONY: $(BUILD) clean 83 | 84 | #--------------------------------------------------------------------------------- 85 | $(BUILD): 86 | @[ -d $@ ] || mkdir -p $@ 87 | @make --no-print-directory -C $(BUILD) -f $(CURDIR)/Makefile 88 | 89 | #--------------------------------------------------------------------------------- 90 | clean: 91 | @echo clean ... 92 | @rm -fr $(BUILD) *.elf load.bin 93 | 94 | 95 | #--------------------------------------------------------------------------------- 96 | else 97 | 98 | DEPENDS := $(OFILES:.o=.d) 99 | 100 | #--------------------------------------------------------------------------------- 101 | # main targets 102 | #--------------------------------------------------------------------------------- 103 | 104 | $(TARGETBIN) : $(ARM7ELF) 105 | @$(OBJCOPY) -O binary $< $@ 106 | @echo built ... $(notdir $@) 107 | 108 | 109 | $(ARM7ELF) : $(OFILES) 110 | @echo linking $(notdir $@) 111 | @$(LD) $(LDFLAGS) $(OFILES) $(LIBPATHS) $(LIBS) -o $@ 112 | 113 | 114 | 115 | 116 | #--------------------------------------------------------------------------------------- 117 | endif 118 | #--------------------------------------------------------------------------------------- 119 | -------------------------------------------------------------------------------- /BootLoader/load.ld: -------------------------------------------------------------------------------- 1 | OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm", "elf32-littlearm") 2 | OUTPUT_ARCH(arm) 3 | ENTRY(_start) 4 | 5 | MEMORY { 6 | 7 | vram : ORIGIN = 0x06000000, LENGTH = 64K /* Reserve last 64K for cheats */ 8 | arm9ram : ORIGIN = 0x027FD800, LENGTH = 2K /* Used for the ARM9's functions */ 9 | } 10 | 11 | __vram_start = ORIGIN(vram); 12 | __vram_top = ORIGIN(vram)+ LENGTH(vram); 13 | __sp_irq = __vram_top - 0x60; 14 | __sp_svc = __sp_irq - 0x100; 15 | __sp_usr = __sp_svc - 0x100; 16 | 17 | __irq_flags = __vram_top - 8; 18 | __irq_vector = __vram_top - 4; 19 | 20 | 21 | __arm9ram_start = ORIGIN(arm9ram); 22 | __arm9ram_top = ORIGIN(arm9ram)+ LENGTH(arm9ram); 23 | 24 | /* No IRQs or SVC calls in ARM9 boot code so give them minimal stacks */ 25 | __arm9_sp_irq = __arm9ram_top; 26 | __arm9_sp_svc = __arm9_sp_irq - 0x10; 27 | __arm9_sp_usr = __arm9_sp_svc - 0x10; 28 | 29 | 30 | SECTIONS 31 | { 32 | .init : 33 | { 34 | __text_start = . ; 35 | KEEP (*(.init)) 36 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 37 | } >vram = 0xff 38 | 39 | .plt : 40 | { 41 | *(.plt) 42 | } >vram = 0xff 43 | 44 | __arm9_source_start = . ; 45 | .arm9 : 46 | { 47 | __arm9_start = . ; 48 | *.arm9.*(.text*) 49 | *.arm9.*(.data*) 50 | __arm9_bss_start = ABSOLUTE(.); 51 | *.arm9.*(.bss*) 52 | __arm9_bss_end = ABSOLUTE(.); 53 | __arm9_end = . ; 54 | } >arm9ram AT>vram =0xff 55 | __arm9_source_end = __arm9_source_start + SIZEOF(.arm9); 56 | 57 | . = __arm9_source_end; 58 | . = ALIGN(4); 59 | 60 | .text ALIGN(4) : /* ALIGN (4): */ 61 | { 62 | *(.text) 63 | *(.stub) 64 | *(.text.*) 65 | /* .gnu.warning sections are handled specially by elf32.em. */ 66 | *(.gnu.warning) 67 | *(.gnu.linkonce.t*) 68 | *(.glue_7) 69 | *(.glue_7t) 70 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 71 | } >vram = 0xff 72 | 73 | .fini : 74 | { 75 | KEEP (*(.fini)) 76 | } >vram =0xff 77 | 78 | __text_end = . ; 79 | 80 | 81 | .rodata : 82 | { 83 | *(.rodata) 84 | *all.rodata*(*) 85 | *(.roda) 86 | *(.rodata.*) 87 | *(.gnu.linkonce.r*) 88 | SORT(CONSTRUCTORS) 89 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 90 | } >vram = 0xff 91 | 92 | .ARM.extab : { *(.ARM.extab* .gnu.linkonce.armextab.*) } >vram 93 | __exidx_start = .; 94 | .ARM.exidx : { *(.ARM.exidx* .gnu.linkonce.armexidx.*) } >vram 95 | __exidx_end = .; 96 | 97 | /* Ensure the __preinit_array_start label is properly aligned. We 98 | could instead move the label definition inside the section, but 99 | the linker would then create the section even if it turns out to 100 | be empty, which isn't pretty. */ 101 | . = ALIGN(32 / 8); 102 | PROVIDE (__preinit_array_start = .); 103 | .preinit_array : { KEEP (*(.preinit_array)) } >vram = 0xff 104 | PROVIDE (__preinit_array_end = .); 105 | PROVIDE (__init_array_start = .); 106 | .init_array : { KEEP (*(.init_array)) } >vram = 0xff 107 | PROVIDE (__init_array_end = .); 108 | PROVIDE (__fini_array_start = .); 109 | .fini_array : { KEEP (*(.fini_array)) } >vram = 0xff 110 | PROVIDE (__fini_array_end = .); 111 | 112 | .ctors : 113 | { 114 | /* gcc uses crtbegin.o to find the start of the constructors, so 115 | we make sure it is first. Because this is a wildcard, it 116 | doesn't matter if the user does not actually link against 117 | crtbegin.o; the linker won't look for a file to match a 118 | wildcard. The wildcard also means that it doesn't matter which 119 | directory crtbegin.o is in. */ 120 | KEEP (*crtbegin.o(.ctors)) 121 | KEEP (*(EXCLUDE_FILE (*crtend.o) .ctors)) 122 | KEEP (*(SORT(.ctors.*))) 123 | KEEP (*(.ctors)) 124 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 125 | } >vram = 0xff 126 | 127 | .dtors : 128 | { 129 | KEEP (*crtbegin.o(.dtors)) 130 | KEEP (*(EXCLUDE_FILE (*crtend.o) .dtors)) 131 | KEEP (*(SORT(.dtors.*))) 132 | KEEP (*(.dtors)) 133 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 134 | } >vram = 0xff 135 | 136 | .eh_frame : 137 | { 138 | KEEP (*(.eh_frame)) 139 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 140 | } >vram = 0xff 141 | 142 | .gcc_except_table : 143 | { 144 | *(.gcc_except_table) 145 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 146 | } >vram = 0xff 147 | .jcr : { KEEP (*(.jcr)) } >vram = 0 148 | .got : { *(.got.plt) *(.got) } >vram = 0 149 | 150 | 151 | .vram ALIGN(4) : 152 | { 153 | __vram_start = ABSOLUTE(.) ; 154 | *(.vram) 155 | *vram.*(.text) 156 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 157 | __vram_end = ABSOLUTE(.) ; 158 | } >vram = 0xff 159 | 160 | 161 | .data ALIGN(4) : { 162 | __data_start = ABSOLUTE(.); 163 | *(.data) 164 | *(.data.*) 165 | *(.gnu.linkonce.d*) 166 | CONSTRUCTORS 167 | . = ALIGN(4); 168 | __data_end = ABSOLUTE(.) ; 169 | } >vram = 0xff 170 | 171 | 172 | 173 | .bss ALIGN(4) : 174 | { 175 | __bss_start = ABSOLUTE(.); 176 | __bss_start__ = ABSOLUTE(.); 177 | *(.dynbss) 178 | *(.gnu.linkonce.b*) 179 | *(.bss*) 180 | *(COMMON) 181 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 182 | } >vram 183 | 184 | __bss_end = . ; 185 | __bss_end__ = . ; 186 | 187 | _end = . ; 188 | __end__ = . ; 189 | PROVIDE (end = _end); 190 | 191 | /* Stabs debugging sections. */ 192 | .stab 0 : { *(.stab) } 193 | .stabstr 0 : { *(.stabstr) } 194 | .stab.excl 0 : { *(.stab.excl) } 195 | .stab.exclstr 0 : { *(.stab.exclstr) } 196 | .stab.index 0 : { *(.stab.index) } 197 | .stab.indexstr 0 : { *(.stab.indexstr) } 198 | .comment 0 : { *(.comment) } 199 | /* DWARF debug sections. 200 | Symbols in the DWARF debugging sections are relative to the beginning 201 | of the section so we begin them at 0. */ 202 | /* DWARF 1 */ 203 | .debug 0 : { *(.debug) } 204 | .line 0 : { *(.line) } 205 | /* GNU DWARF 1 extensions */ 206 | .debug_srcinfo 0 : { *(.debug_srcinfo) } 207 | .debug_sfnames 0 : { *(.debug_sfnames) } 208 | /* DWARF 1.1 and DWARF 2 */ 209 | .debug_aranges 0 : { *(.debug_aranges) } 210 | .debug_pubnames 0 : { *(.debug_pubnames) } 211 | /* DWARF 2 */ 212 | .debug_info 0 : { *(.debug_info) } 213 | .debug_abbrev 0 : { *(.debug_abbrev) } 214 | .debug_line 0 : { *(.debug_line) } 215 | .debug_frame 0 : { *(.debug_frame) } 216 | .debug_str 0 : { *(.debug_str) } 217 | .debug_loc 0 : { *(.debug_loc) } 218 | .debug_macinfo 0 : { *(.debug_macinfo) } 219 | /* SGI/MIPS DWARF 2 extensions */ 220 | .debug_weaknames 0 : { *(.debug_weaknames) } 221 | .debug_funcnames 0 : { *(.debug_funcnames) } 222 | .debug_typenames 0 : { *(.debug_typenames) } 223 | .debug_varnames 0 : { *(.debug_varnames) } 224 | .stack 0x80000 : { _stack = .; *(.stack) } 225 | /* These must appear regardless of . */ 226 | } 227 | -------------------------------------------------------------------------------- /BootLoader/source/cheat.c: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #include "cheat.h" 20 | #include "common.h" 21 | 22 | extern unsigned long cheat_engine_size; 23 | extern unsigned long intr_orig_return_offset; 24 | 25 | extern const u8 cheat_engine_start[]; 26 | #define CHEAT_CODE_END 0xCF000000 27 | #define CHEAT_ENGINE_RELOCATE 0xCF000001 28 | #define CHEAT_ENGINE_HOOK 0xCF000002 29 | 30 | static const u32 handlerStartSig[5] = { 31 | 0xe92d4000, // push {lr} 32 | 0xe3a0c301, // mov ip, #0x4000000 33 | 0xe28cce21, // add ip, ip, #0x210 34 | 0xe51c1008, // ldr r1, [ip, #-8] 35 | 0xe3510000 // cmp r1, #0 36 | }; 37 | 38 | static const u32 handlerEndSig[4] = { 39 | 0xe59f1008, // ldr r1, [pc, #8] (IRQ Vector table address) 40 | 0xe7910100, // ldr r0, [r1, r0, lsl #2] 41 | 0xe59fe004, // ldr lr, [pc, #4] (IRQ return address) 42 | 0xe12fff10 // bx r0 43 | }; 44 | 45 | static const int MAX_HANDLER_SIZE = 50; 46 | 47 | static u32* hookInterruptHandler (u32* addr, size_t size) { 48 | u32* end = addr + size/sizeof(u32); 49 | int i; 50 | 51 | // Find the start of the handler 52 | while (addr < end) { 53 | if ((addr[0] == handlerStartSig[0]) && 54 | (addr[1] == handlerStartSig[1]) && 55 | (addr[2] == handlerStartSig[2]) && 56 | (addr[3] == handlerStartSig[3]) && 57 | (addr[4] == handlerStartSig[4])) 58 | { 59 | break; 60 | } 61 | addr++; 62 | } 63 | 64 | if (addr >= end) { 65 | return NULL; 66 | } 67 | 68 | // Find the end of the handler 69 | for (i = 0; i < MAX_HANDLER_SIZE; i++) { 70 | if ((addr[i+0] == handlerEndSig[0]) && 71 | (addr[i+1] == handlerEndSig[1]) && 72 | (addr[i+2] == handlerEndSig[2]) && 73 | (addr[i+3] == handlerEndSig[3])) 74 | { 75 | break; 76 | } 77 | } 78 | 79 | if (i >= MAX_HANDLER_SIZE) { 80 | return NULL; 81 | } 82 | 83 | // Now find the IRQ vector table 84 | // Make addr point to the vector table address pointer within the IRQ handler 85 | addr = addr + i + sizeof(handlerEndSig)/sizeof(handlerEndSig[0]); 86 | 87 | // Use relative and absolute addresses to find the location of the table in RAM 88 | u32 tableAddr = addr[0]; 89 | u32 returnAddr = addr[1]; 90 | u32* actualReturnAddr = addr + 2; 91 | u32* actualTableAddr = actualReturnAddr + (tableAddr - returnAddr)/sizeof(u32); 92 | 93 | // The first entry in the table is for the Vblank handler, which is what we want 94 | return actualTableAddr; 95 | } 96 | 97 | int arm7_hookGame (const tNDSHeader* ndsHeader, const u32* cheatData, u32* cheatEngineLocation) { 98 | u32 oldReturn; 99 | u32 cheatWord1, cheatWord2; 100 | u32* cheatDest; 101 | u32* hookLocation = NULL; 102 | 103 | if (cheatData[0] == CHEAT_CODE_END) { 104 | return ERR_NOCHEAT; 105 | } 106 | 107 | if (cheatData[0] == CHEAT_ENGINE_RELOCATE) { 108 | cheatWord1 = *cheatData++; 109 | cheatWord2 = *cheatData++; 110 | cheatEngineLocation = (u32*)cheatWord2; 111 | } 112 | 113 | if (cheatData[0] == CHEAT_ENGINE_HOOK) { 114 | cheatWord1 = *cheatData++; 115 | cheatWord2 = *cheatData++; 116 | hookLocation = (u32*)cheatWord2; 117 | } 118 | 119 | if (!hookLocation) { 120 | hookLocation = hookInterruptHandler ((u32*)ndsHeader->arm7destination, ndsHeader->arm7binarySize); 121 | } 122 | 123 | if (!hookLocation) { 124 | return ERR_HOOK; 125 | } 126 | 127 | oldReturn = *hookLocation; 128 | 129 | *hookLocation = (u32)cheatEngineLocation; 130 | 131 | copyLoop (cheatEngineLocation, (u32*)cheat_engine_start, cheat_engine_size); 132 | 133 | cheatEngineLocation [intr_orig_return_offset/sizeof(u32)] = oldReturn; 134 | 135 | cheatDest = cheatEngineLocation + (cheat_engine_size/sizeof(u32)); 136 | 137 | // Copy cheat data across 138 | do { 139 | cheatWord1 = *cheatData++; 140 | cheatWord2 = *cheatData++; 141 | *cheatDest++ = cheatWord1; 142 | *cheatDest++ = cheatWord2; 143 | } while (cheatWord1 != CHEAT_CODE_END); 144 | 145 | return ERR_NONE; 146 | } 147 | 148 | 149 | -------------------------------------------------------------------------------- /BootLoader/source/cheat.h: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #include 20 | #include 21 | 22 | /*------------------------------------------------------------------------- 23 | arm7_hookGame 24 | Adds a hook in the game's ARM7 binary to our own code 25 | -------------------------------------------------------------------------*/ 26 | int arm7_hookGame (const tNDSHeader* ndsHeader, const u32* cheatData, u32* cheatEngineLocation); 27 | 28 | -------------------------------------------------------------------------------- /BootLoader/source/cheat_engine.s: -------------------------------------------------------------------------------- 1 | @ NitroHax -- Cheat tool for the Nintendo DS 2 | @ Copyright (C) 2008 Michael "Chishm" Chisholm 3 | @ 4 | @ This program is free software: you can redistribute it and/or modify 5 | @ it under the terms of the GNU General Public License as published by 6 | @ the Free Software Foundation, either version 3 of the License, or 7 | @ (at your option) any later version. 8 | @ 9 | @ This program is distributed in the hope that it will be useful, 10 | @ but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | @ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | @ GNU General Public License for more details. 13 | @ 14 | @ You should have received a copy of the GNU General Public License 15 | @ along with this program. If not, see . 16 | 17 | #include 18 | .arm 19 | 20 | .global cheat_engine_start 21 | .global cheat_engine_end 22 | .global intr_orig_return_offset 23 | .global cheat_engine_size 24 | 25 | 26 | cheat_engine_size: 27 | .word cheat_engine_end - cheat_engine_start 28 | 29 | intr_orig_return_offset: 30 | .word intr_orig_return - cheat_engine_start 31 | 32 | 33 | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 34 | 35 | BEGIN_ASM_FUNC cheat_engine_start 36 | @ Hook the return address, then go back to the original function 37 | stmdb sp!, {lr} 38 | adr lr, code_handler_start 39 | ldr r0, intr_orig_return 40 | bx r0 41 | 42 | code_handler_start: 43 | stmdb sp!, {r0-r12} 44 | mov r9, #0x00000000 @ offset register 45 | mov r8, #0x00000000 @ execution status. bit0: 1 = no exec, 0 = exec. allows nested ifs 32 deep 46 | mov r7, #0x00000000 @ Dx loop start 47 | mov r6, #0x00000000 @ Dx repeat ammount 48 | mov r5, #0x00000000 @ DX data 49 | mov r4, #0x00000000 @ Dx execution status 50 | 51 | @ increment counter 52 | ldrh r0, counter_value 53 | add r0, r0, #1 54 | strh r0, counter_value 55 | 56 | @ r0-r3 are generic registers for the code processor to use 57 | @ 0xCF000000 0x00000000 indicates the end of the code list 58 | @ r12 points to the next code to load 59 | 60 | adr r12, cheat_data 61 | 62 | main_loop: 63 | ldmia r12!, {r10, r11} @ load a code 64 | cmp r10, #0xCF000000 65 | beq exit 66 | 67 | mov r0, r10, lsr #28 68 | cmp r0, #0xE 69 | beq patch_code 70 | cmp r0, #0xD 71 | beq dx_codes 72 | cmp r0, #0xC 73 | beq type_c 74 | 75 | @ check execution status 76 | tst r8, #0x00000001 77 | bne main_loop 78 | 79 | @ check code group 80 | cmp r0, #0x3 81 | blt raw_write 82 | cmp r0, #0x6 83 | ble if_32bit 84 | cmp r0, #0xB 85 | blt if_16bit_mask 86 | beq offset_load 87 | b mem_copy_code 88 | 89 | 90 | counter_value: 91 | .word 0x00000000 92 | 93 | 94 | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 95 | @ type 0-2 96 | 97 | raw_write: 98 | cmp r0, #0x1 99 | bic r10, r10, #0xf0000000 100 | strlt r11, [r10, r9] @ type 0 101 | streqh r11, [r10, r9] @ type 1 102 | strgtb r11, [r10, r9] @ type 2 103 | b main_loop 104 | 105 | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 106 | @ type 3-6 107 | @ r0 still contains the code type 108 | 109 | if_32bit: 110 | bic r1, r10, #0xf0000001 111 | tst r10, #0x00000001 112 | addne r1, r1, r9 @ add offset to the address if the lowest bit is set 113 | cmp r1, #0x00000000 114 | moveq r1, r9 @ if address is 0, set address to offset 115 | ldr r1, [r1] @ load word from [0XXXXXXX] 116 | mov r8, r8, lsl #1 @ push execution status 117 | cmp r0, #0x3 118 | beq if_32bit_bhi 119 | cmp r0, #0x5 120 | blt if_32bit_bcc 121 | beq if_32bit_beq 122 | @ fall through to if_32bit_bne 123 | 124 | @ type 6 125 | if_32bit_bne: 126 | cmp r11, r1 127 | orreq r8, r8, #0x00000001 128 | b main_loop 129 | 130 | @ type 3 131 | if_32bit_bhi: 132 | cmp r11, r1 133 | orrls r8, r8, #0x00000001 134 | b main_loop 135 | 136 | @ type 4 137 | if_32bit_bcc: 138 | cmp r11, r1 139 | orrcs r8, r8, #0x00000001 140 | b main_loop 141 | 142 | @ type 5 143 | if_32bit_beq: 144 | cmp r11, r1 145 | orrne r8, r8, #0x00000001 146 | b main_loop 147 | 148 | 149 | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 150 | @ type 7-A 151 | @ r0 still contains the code type 152 | 153 | if_16bit_mask: 154 | bic r1, r10, #0xf0000001 155 | tst r10, #0x00000001 156 | addne r1, r1, r9 @ add offset to the address if the lowest bit is set 157 | cmp r1, #0x00000000 158 | moveq r1, r9 @ if address is 0, set address to offset 159 | ldrh r1, [r1] @ load halfword from [0XXXXXXX] 160 | mov r2, r11, lsr #16 @ bit mask 161 | mov r3, r11, lsl #16 @ compare data 162 | mov r3, r3, lsr #16 163 | bic r1, r1, r2 @ clear any bit that is set in the mask 164 | 165 | mov r8, r8, lsl #1 @ push execution status 166 | cmp r0, #0x7 167 | beq if_16bit_bhi 168 | cmp r0, #0x9 169 | blt if_16bit_bcc 170 | beq if_16bit_beq 171 | @ fall through to if_16bit_bne 172 | 173 | @ type A 174 | if_16bit_bne: 175 | cmp r3, r1 176 | orreq r8, r8, #0x00000001 177 | b main_loop 178 | 179 | @ type 7 180 | if_16bit_bhi: 181 | cmp r3, r1 182 | orrls r8, r8, #0x00000001 183 | b main_loop 184 | 185 | @ type 8 186 | if_16bit_bcc: 187 | cmp r3, r1 188 | orrcs r8, r8, #0x00000001 189 | b main_loop 190 | 191 | @ type 9 192 | if_16bit_beq: 193 | cmp r3, r1 194 | orrne r8, r8, #0x00000001 195 | b main_loop 196 | 197 | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 198 | @ type B 199 | 200 | offset_load: 201 | bic r10, r10, #0xf0000000 202 | ldr r9, [r10, r9] 203 | b main_loop 204 | 205 | 206 | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 207 | @ type C 208 | 209 | type_c: 210 | mov r0, r10, lsr #24 211 | cmp r0, #0xC1 212 | beq exec_remote_function 213 | cmp r0, #0xC2 214 | beq exec_custom_function 215 | 216 | tst r8, #0x00000001 @ make sure execution is enabled 217 | bne main_loop 218 | 219 | cmp r0, #0xC0 220 | beq loop_start 221 | cmp r0, #0xC5 222 | beq execution_counter @ type C5 223 | 224 | offset_data_store: @ type C4 225 | sublt r9, r12, #0x08 @ Offset = Two words back from current code pointer (ie, word at C4000000 code) 226 | 227 | save_offset: @ type C6 228 | strgt r9, [r11] @ Save offset to [XXXXXXXX] in C6000000 XXXXXXXX 229 | b main_loop 230 | 231 | loop_start: 232 | mov r4, r8 @ execution status 233 | mov r6, r11 @ loop repeat amount 234 | mov r7, r12 @ loop start 235 | b main_loop 236 | 237 | exec_remote_function: 238 | ldmia r12, {r0, r1, r2, r3} @ load arguments 239 | and r10, r10, #0x00000007 240 | add r12, r12, r10 @ move code pointer to where it should be 241 | tst r8, #0x00000001 242 | bne align_cheat_list @ execution disabled 243 | stmdb sp!, {r12} 244 | adr lr, exec_function_return 245 | bx r11 246 | 247 | exec_custom_function: 248 | and r0, r10, #0x00000001 @ thumb mode? 249 | add r0, r0, r12 @ custom function location 250 | add r12, r12, r11 251 | tst r8, #0x00000001 252 | bne align_cheat_list @ execution disabled 253 | stmdb sp!, {r12} 254 | adr lr, exec_function_return 255 | bx r0 256 | 257 | exec_function_return: 258 | ldmia sp!, {r12} 259 | b align_cheat_list 260 | 261 | 262 | execution_counter: 263 | ldr r0, counter_value @ we only need the low 16 bits but counter_value is out of immediate range for ldrh 264 | mov r1, r11, lsl #16 265 | and r0, r0, r1, lsr #16 @ mask off counter 266 | mov r8, r8, lsl #1 @ push execution status 267 | cmp r0, r11, lsr #16 @ Compare against compare value component of code 268 | orrne r8, r8, #0x00000001 @ set execution to false 269 | b main_loop 270 | 271 | 272 | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 273 | @ type D 274 | 275 | dx_codes: 276 | mov r0, r10, lsr #24 277 | cmp r0, #0xD3 278 | bcs dx_conditional_exec 279 | 280 | cmp r0, #0xD1 281 | bgt end_loop_clear 282 | beq end_loop_no_clear 283 | @ fall through to end_if 284 | 285 | @ type D0 286 | end_if: 287 | mov r8, r8, lsr #1 @ pop exec status 288 | b main_loop 289 | 290 | @ type D2 291 | end_loop_clear: 292 | mov r8, r4 @ restore the old execution status 293 | cmp r6, #0 @ end of a loop? 294 | @ no 295 | subgt r6, r6, #1 296 | movgt r12, r7 @ load the Dx loop start 297 | bgt main_loop 298 | @ yes 299 | mov r5, #0 @ clear Dx data register 300 | mov r8, #0 @ clear execution status 301 | mov r9, #0 @ clear offset 302 | b main_loop 303 | 304 | @ type D1 305 | end_loop_no_clear: 306 | mov r8, r4 @ restore the old execution status 307 | cmp r6, #0 @ end of a loop? 308 | @ no 309 | subgt r6, r6, #1 310 | movgt r12, r7 @ load the Dx loop start 311 | @ yes 312 | b main_loop 313 | 314 | dx_conditional_exec: 315 | tst r8, #0x00000001 316 | bne main_loop 317 | 318 | cmp r0, #0xD6 319 | bcs dx_write 320 | 321 | cmp r0, #0xD4 322 | @ type D3 - Offset Set 323 | movlt r9, r11 324 | beq dx_data_op 325 | @ type D5 - Dx Data set 326 | movgt r5, r11 327 | b main_loop 328 | 329 | dx_write: 330 | cmp r0, #0xD9 331 | bcs dx_load 332 | 333 | cmp r0, #0xD7 334 | @ type D6 - Dx Data write 32 bits 335 | strlt r5, [r11, r9] 336 | addlt r9, r9, #4 337 | @ type D7 - Dx Data write 16 bits 338 | streqh r5, [r11, r9] 339 | addeq r9, r9, #2 340 | @ type D8 - Dx Data write 8 bits 341 | strgtb r5, [r11, r9] 342 | addgt r9, r9, #1 343 | b main_loop 344 | 345 | dx_load: 346 | cmp r0, #0xDC 347 | bcs dx_offset_add_addr 348 | 349 | cmp r0, #0xDA 350 | @ type D9 - Dx Data load 32 bits 351 | ldrlt r5, [r11, r9] 352 | @ type DA - Dx Data load 16 bits 353 | ldreqh r5, [r11, r9] 354 | @ type DB - Dx Data load 8 bits 355 | ldrgtb r5, [r11, r9] 356 | b main_loop 357 | 358 | @ type DC 359 | dx_offset_add_addr: 360 | add r9, r9, r11 361 | b main_loop 362 | 363 | @ type D4 364 | dx_data_op: 365 | and r0, r10, #0x000000ff 366 | cmp r0, #0x01 367 | @ type D4000000 - add, use negative values for sub 368 | addlt r5, r5, r11 369 | @ type D4000001 - or 370 | orreq r5, r5, r11 371 | ble main_loop 372 | 373 | cmp r0, #0x03 374 | @ type D4000002 - and 375 | andlt r5, r5, r11 376 | @ type D4000003 - xor 377 | eoreq r5, r5, r11 378 | ble main_loop 379 | 380 | cmp r0, #0x05 381 | @ type D4000004 - lsl 382 | movlt r5, r5, lsl r11 383 | @ type D4000005 - lsr 384 | moveq r5, r5, lsr r11 385 | ble main_loop 386 | 387 | cmp r0, #0x07 388 | @ type D4000006 - ror 389 | movlt r5, r5, ror r11 390 | @ type D4000007 - asr 391 | moveq r5, r5, asr r11 392 | ble main_loop 393 | 394 | cmp r0, #0x09 395 | @ type D4000008 - mul 396 | mullt r5, r11, r5 397 | 398 | b main_loop 399 | 400 | 401 | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 402 | @ type E 403 | 404 | patch_code: 405 | @ check execution status 406 | tst r8, #0x00000001 407 | addne r12, r12, r11 @ skip the data section 408 | bne align_cheat_list 409 | 410 | bic r10, r10, #0xf0000000 @ destination address 411 | add r10, r10, r9 @ add offset to dest 412 | @ r11 is bytes remaining 413 | @ r12 is source 414 | 415 | patch_code_word_loop: 416 | cmp r11, #4 417 | blt patch_code_byte_loop 418 | ldr r1, [r12], #4 419 | str r1, [r10], #4 420 | sub r11, r11, #4 421 | b patch_code_word_loop 422 | 423 | patch_code_byte_loop: 424 | cmp r11, #1 425 | blt align_cheat_list @ patch_code_end 426 | ldrb r1, [r12], #1 427 | strb r1, [r10], #1 428 | sub r11, r11, #1 429 | b patch_code_byte_loop 430 | 431 | align_cheat_list: 432 | add r12, r12, #0x7 433 | bic r12, r12, #0x00000007 @ round up to nearest multiple of 8 434 | b main_loop 435 | 436 | 437 | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 438 | @ type F 439 | 440 | mem_copy_code: 441 | bic r10, r10, #0xf0000000 @ destination address 442 | @ r11 is bytes remaining 443 | mov r2, r9 @ source address 444 | 445 | mem_copy_code_word_loop: 446 | cmp r11, #4 447 | blt mem_copy_code_byte_loop 448 | ldr r1, [r2], #4 449 | str r1, [r10], #4 450 | sub r11, r11, #4 451 | b mem_copy_code_word_loop 452 | 453 | mem_copy_code_byte_loop: 454 | cmp r11, #1 455 | blt main_loop @ mem_copy_code_end 456 | ldrb r1, [r2], #1 457 | strb r1, [r10], #1 458 | sub r11, r11, #1 459 | b mem_copy_code_byte_loop 460 | 461 | 462 | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 463 | 464 | exit: 465 | ldmia sp!, {r0-r12} 466 | ldmia sp!, {lr} 467 | bx lr 468 | 469 | intr_orig_return: 470 | .word 0x00000000 471 | 472 | .pool 473 | 474 | cheat_data: 475 | 476 | cheat_engine_end: 477 | 478 | @ Cheat data goes here 479 | 480 | .word 0xCF000000, 0x00000000 481 | .word 0x00000000, 0x00000000 482 | .word 0x00000000, 0x00000000 483 | .word 0x00000000, 0x00000000 484 | 485 | 486 | -------------------------------------------------------------------------------- /BootLoader/source/clear_cache.arm9.s: -------------------------------------------------------------------------------- 1 | @ NitroHax -- Cheat tool for the Nintendo DS 2 | @ Copyright (C) 2008 Michael "Chishm" Chisholm 3 | @ 4 | @ This program is free software: you can redistribute it and/or modify 5 | @ it under the terms of the GNU General Public License as published by 6 | @ the Free Software Foundation, either version 3 of the License, or 7 | @ (at your option) any later version. 8 | @ 9 | @ This program is distributed in the hope that it will be useful, 10 | @ but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | @ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | @ GNU General Public License for more details. 13 | @ 14 | @ You should have received a copy of the GNU General Public License 15 | @ along with this program. If not, see . 16 | 17 | @ Clears ICache and Dcache, and resets the protection units 18 | @ Originally written by Darkain, modified by Chishm 19 | 20 | #include 21 | 22 | .arm 23 | 24 | BEGIN_ASM_FUNC arm9_clearCache 25 | @ Clean and flush cache 26 | mov r1, #0 27 | outer_loop: 28 | mov r0, #0 29 | inner_loop: 30 | orr r2, r1, r0 31 | mcr p15, 0, r2, c7, c14, 2 32 | add r0, r0, #0x20 33 | cmp r0, #0x400 34 | bne inner_loop 35 | add r1, r1, #0x40000000 36 | cmp r1, #0x0 37 | bne outer_loop 38 | 39 | mov r3, #0 40 | mcr p15, 0, r3, c7, c5, 0 @ Flush ICache 41 | mcr p15, 0, r3, c7, c6, 0 @ Flush DCache 42 | mcr p15, 0, r3, c7, c10, 4 @ empty write buffer 43 | 44 | bx lr 45 | 46 | -------------------------------------------------------------------------------- /BootLoader/source/clear_mem.s: -------------------------------------------------------------------------------- 1 | @ NitroHax -- Cheat tool for the Nintendo DS 2 | @ Copyright (C) 2008 Michael "Chishm" Chisholm 3 | @ 4 | @ This program is free software: you can redistribute it and/or modify 5 | @ it under the terms of the GNU General Public License as published by 6 | @ the Free Software Foundation, either version 3 of the License, or 7 | @ (at your option) any later version. 8 | @ 9 | @ This program is distributed in the hope that it will be useful, 10 | @ but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | @ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | @ GNU General Public License for more details. 13 | @ 14 | @ You should have received a copy of the GNU General Public License 15 | @ along with this program. If not, see . 16 | 17 | @ void arm7_clearmem (void* loc, size_t len); 18 | @ Clears memory using an stmia loop 19 | 20 | #include 21 | 22 | .arm 23 | 24 | 25 | BEGIN_ASM_FUNC arm7_clearmem 26 | add r1, r0, r1 27 | stmfd sp!, {r4-r9} 28 | mov r2, #0 29 | mov r3, #0 30 | mov r4, #0 31 | mov r5, #0 32 | mov r6, #0 33 | mov r7, #0 34 | mov r8, #0 35 | mov r9, #0 36 | 37 | clearmem_loop: 38 | stmia r0!, {r2-r9} 39 | cmp r0, r1 40 | blt clearmem_loop 41 | 42 | ldmfd sp!, {r4-r9} 43 | bx lr 44 | 45 | -------------------------------------------------------------------------------- /BootLoader/source/common.h: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #ifndef _COMMON_H 20 | #define _COMMON_H 21 | 22 | #include 23 | #include 24 | #include 25 | 26 | #define resetCpu() \ 27 | __asm volatile("swi 0x000000") 28 | 29 | enum ERROR_CODES { 30 | ERR_NONE = 0x00, 31 | ERR_STS_CLR_MEM = 0x01, 32 | ERR_STS_LOAD_BIN = 0x02, 33 | ERR_STS_HOOK_BIN = 0x03, 34 | ERR_STS_START = 0x04, 35 | // initCard error codes: 36 | ERR_LOAD_NORM = 0x11, 37 | ERR_LOAD_OTHR = 0x12, 38 | ERR_SEC_NORM = 0x13, 39 | ERR_SEC_OTHR = 0x14, 40 | ERR_LOGO_CRC = 0x15, 41 | ERR_HEAD_CRC = 0x16, 42 | // hookARM7Binary error codes: 43 | ERR_NOCHEAT = 0x21, 44 | ERR_HOOK = 0x22, 45 | }; 46 | 47 | // Values fixed so they can be shared with ASM code 48 | enum ARM9_STATE { 49 | ARM9_BOOT = 0, 50 | ARM9_START = 1, 51 | ARM9_RESET = 2, 52 | ARM9_READY = 3, 53 | ARM9_MEMCLR = 4 54 | }; 55 | 56 | enum ARM7_STATE { 57 | ARM7_BOOT = 0, 58 | ARM7_START = 1, 59 | ARM7_RESET = 2, 60 | ARM7_READY = 3, 61 | ARM7_MEMCLR = 4, 62 | ARM7_LOADBIN = 5, 63 | ARM7_HOOKBIN = 6, 64 | ARM7_BOOTBIN = 7, 65 | ARM7_ERR = 8 66 | }; 67 | 68 | extern volatile u32 arm9_errorCode; 69 | 70 | static inline void dmaFill(const void* src, void* dest, uint32 size) { 71 | DMA_SRC(3) = (uint32)src; 72 | DMA_DEST(3) = (uint32)dest; 73 | DMA_CR(3) = DMA_COPY_WORDS | DMA_SRC_FIX | (size>>2); 74 | while(DMA_CR(3) & DMA_BUSY); 75 | } 76 | 77 | static inline void copyLoop (u32* dest, const u32* src, size_t size) { 78 | do { 79 | *dest++ = *src++; 80 | } while (size -= 4); 81 | } 82 | 83 | static inline void ipcSendState(uint8_t state) { 84 | REG_IPC_SYNC = (state & 0x0f) << 8; 85 | } 86 | 87 | static inline uint8_t ipcRecvState(void) { 88 | return (uint8_t)(REG_IPC_SYNC & 0x0f); 89 | } 90 | 91 | #endif // _COMMON_H 92 | 93 | -------------------------------------------------------------------------------- /BootLoader/source/crt0.arm9.s: -------------------------------------------------------------------------------- 1 | @--------------------------------------------------------------------------------- 2 | .global _arm9_start 3 | @--------------------------------------------------------------------------------- 4 | .align 4 5 | .arm 6 | @--------------------------------------------------------------------------------- 7 | _arm9_start: 8 | @--------------------------------------------------------------------------------- 9 | mov r0, #0x04000000 @ IME = 0; 10 | add r0, r0, #0x208 11 | strh r0, [r0] 12 | 13 | mov r0, #0x12 @ Switch to IRQ Mode 14 | msr cpsr, r0 15 | ldr sp, =__arm9_sp_irq @ Set IRQ stack 16 | 17 | mov r0, #0x13 @ Switch to SVC Mode 18 | msr cpsr, r0 19 | ldr sp, =__arm9_sp_svc @ Set SVC stack 20 | 21 | mov r0, #0x1F @ Switch to System Mode 22 | msr cpsr, r0 23 | ldr sp, =__arm9_sp_usr @ Set user stack 24 | 25 | ldr r0, =__arm9_bss_start @ Clear BSS section to 0x00 26 | ldr r1, =__arm9_bss_end 27 | sub r1, r1, r0 28 | bl ClearMem 29 | 30 | mov r0, #0 @ int argc 31 | mov r1, #0 @ char *argv[] 32 | ldr r3, =arm9_main 33 | bl _blx_r3_stub @ jump to user code 34 | 35 | @ If the user ever returns, restart 36 | b _arm9_start 37 | 38 | @--------------------------------------------------------------------------------- 39 | _blx_r3_stub: 40 | @--------------------------------------------------------------------------------- 41 | bx r3 42 | 43 | 44 | @--------------------------------------------------------------------------------- 45 | @ Clear memory to 0x00 if length != 0 46 | @ r0 = Start Address 47 | @ r1 = Length 48 | @--------------------------------------------------------------------------------- 49 | ClearMem: 50 | @--------------------------------------------------------------------------------- 51 | mov r2, #3 @ Round down to nearest word boundary 52 | add r1, r1, r2 @ Shouldn't be needed 53 | bics r1, r1, r2 @ Clear 2 LSB (and set Z) 54 | bxeq lr @ Quit if copy size is 0 55 | 56 | mov r2, #0 57 | ClrLoop: 58 | stmia r0!, {r2} 59 | subs r1, r1, #4 60 | bne ClrLoop 61 | bx lr 62 | 63 | -------------------------------------------------------------------------------- /BootLoader/source/encryption.c: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #include 20 | #include "encryption.h" 21 | #include "read_bios.h" 22 | 23 | #define KEYSIZE 0x1048 24 | 25 | static u32 keycode [3]; 26 | static u32 keybuf [KEYSIZE/sizeof(u32)]; 27 | 28 | void crypt_64bit_up (u32* ptr) { 29 | u32 x = ptr[1]; 30 | u32 y = ptr[0]; 31 | u32 z; 32 | int i; 33 | 34 | for (i = 0; i < 0x10; i++) { 35 | z = keybuf[i] ^ x; 36 | x = keybuf[0x012 + ((z>>24)&0xff)]; 37 | x = keybuf[0x112 + ((z>>16)&0xff)] + x; 38 | x = keybuf[0x212 + ((z>> 8)&0xff)] ^ x; 39 | x = keybuf[0x312 + ((z>> 0)&0xff)] + x; 40 | x = y ^ x; 41 | y = z; 42 | } 43 | 44 | ptr[0] = x ^ keybuf[0x10]; 45 | ptr[1] = y ^ keybuf[0x11]; 46 | } 47 | 48 | void crypt_64bit_down (u32* ptr) { 49 | u32 x = ptr[1]; 50 | u32 y = ptr[0]; 51 | u32 z; 52 | int i; 53 | 54 | for (i = 0x11; i > 0x01; i--) { 55 | z = keybuf[i] ^ x; 56 | x = keybuf[0x012 + ((z>>24)&0xff)]; 57 | x = keybuf[0x112 + ((z>>16)&0xff)] + x; 58 | x = keybuf[0x212 + ((z>> 8)&0xff)] ^ x; 59 | x = keybuf[0x312 + ((z>> 0)&0xff)] + x; 60 | x = y ^ x; 61 | y = z; 62 | } 63 | 64 | ptr[0] = x ^ keybuf[0x01]; 65 | ptr[1] = y ^ keybuf[0x00]; 66 | } 67 | 68 | static u32 bswap_32bit (u32 in) { 69 | u8 a,b,c,d; 70 | a = (u8)((in >> 0) & 0xff); 71 | b = (u8)((in >> 8) & 0xff); 72 | c = (u8)((in >> 16) & 0xff); 73 | d = (u8)((in >> 24) & 0xff); 74 | 75 | u32 out = (a << 24) | (b << 16) | (c << 8) | (d << 0); 76 | 77 | return out; 78 | } 79 | 80 | void apply_keycode (u32 modulo) { 81 | u32 scratch[2]; 82 | int i; 83 | modulo = modulo / sizeof(*keycode); 84 | 85 | crypt_64bit_up (&keycode[1]); 86 | crypt_64bit_up (&keycode[0]); 87 | memset (scratch, 0, 8); 88 | 89 | for (i = 0; i < 0x12; i+=1) { 90 | keybuf[i] = keybuf[i] ^ bswap_32bit (keycode[i % modulo]); 91 | } 92 | for (i = 0; i < 0x412; i+=2) { 93 | crypt_64bit_up (scratch); 94 | keybuf[i] = scratch[1]; 95 | keybuf[i+1] = scratch[0]; 96 | } 97 | } 98 | 99 | void init_keycode (u32 idcode, u32 level, u32 modulo) { 100 | readBios ((u8*)keybuf, 0x30, KEYSIZE); 101 | keycode[0] = idcode; 102 | keycode[1] = idcode/2; 103 | keycode[2] = idcode*2; 104 | 105 | if (level >= 1) apply_keycode (modulo); // first apply (always) 106 | if (level >= 2) apply_keycode (modulo); // second apply (optional) 107 | keycode[1] = keycode[1] * 2; 108 | keycode[2] = keycode[2] / 2; 109 | if (level >= 3) apply_keycode (modulo); // third apply (optional) 110 | } 111 | -------------------------------------------------------------------------------- /BootLoader/source/encryption.h: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #ifndef ENCRYPTION_H 20 | #define ENCRYPTION_H 21 | 22 | #include 23 | void init_keycode (u32 idcode, u32 level, u32 modulo); 24 | void crypt_64bit_down (u32* ptr); 25 | void crypt_64bit_up (u32* ptr); 26 | 27 | #endif 28 | -------------------------------------------------------------------------------- /BootLoader/source/launch_ds_crt0.s: -------------------------------------------------------------------------------- 1 | @--------------------------------------------------------------------------------- 2 | .section ".init" 3 | .global _start 4 | @--------------------------------------------------------------------------------- 5 | .align 4 6 | .arm 7 | @--------------------------------------------------------------------------------- 8 | _start: 9 | @--------------------------------------------------------------------------------- 10 | mov r0, #0x04000000 @ IME = 0; 11 | add r0, r0, #0x208 12 | strh r0, [r0] 13 | 14 | mov r0, #0x12 @ Switch to IRQ Mode 15 | msr cpsr, r0 16 | ldr sp, =__sp_irq @ Set IRQ stack 17 | 18 | mov r0, #0x13 @ Switch to SVC Mode 19 | msr cpsr, r0 20 | ldr sp, =__sp_svc @ Set SVC stack 21 | 22 | mov r0, #0x1F @ Switch to System Mode 23 | msr cpsr, r0 24 | ldr sp, =__sp_usr @ Set user stack 25 | 26 | ldr r0, =__bss_start @ Clear BSS section to 0x00 27 | ldr r1, =__bss_end 28 | sub r1, r1, r0 29 | bl ClearMem 30 | 31 | @ Load ARM9 region into main RAM 32 | ldr r1, =__arm9_source_start 33 | ldr r2, =__arm9_start 34 | ldr r3, =__arm9_source_end 35 | sub r3, r3, r1 36 | bl CopyMem 37 | 38 | @ Start ARM9 binary 39 | ldr r0, =0x027FFE24 40 | ldr r1, =_arm9_start 41 | str r1, [r0] 42 | 43 | mov r0, #0 @ int argc 44 | mov r1, #0 @ char *argv[] 45 | ldr r3, =arm7_main 46 | bl _blx_r3_stub @ jump to user code 47 | 48 | @ If the user ever returns, restart 49 | b _start 50 | 51 | @--------------------------------------------------------------------------------- 52 | _blx_r3_stub: 53 | @--------------------------------------------------------------------------------- 54 | bx r3 55 | 56 | 57 | @--------------------------------------------------------------------------------- 58 | @ Clear memory to 0x00 if length != 0 59 | @ r0 = Start Address 60 | @ r1 = Length 61 | @--------------------------------------------------------------------------------- 62 | ClearMem: 63 | @--------------------------------------------------------------------------------- 64 | mov r2, #3 @ Round down to nearest word boundary 65 | add r1, r1, r2 @ Shouldn't be needed 66 | bics r1, r1, r2 @ Clear 2 LSB (and set Z) 67 | bxeq lr @ Quit if copy size is 0 68 | 69 | mov r2, #0 70 | ClrLoop: 71 | stmia r0!, {r2} 72 | subs r1, r1, #4 73 | bne ClrLoop 74 | bx lr 75 | 76 | @--------------------------------------------------------------------------------- 77 | @ Copy memory if length != 0 78 | @ r1 = Source Address 79 | @ r2 = Dest Address 80 | @ r4 = Dest Address + Length 81 | @--------------------------------------------------------------------------------- 82 | CopyMemCheck: 83 | @--------------------------------------------------------------------------------- 84 | sub r3, r4, r2 @ Is there any data to copy? 85 | @--------------------------------------------------------------------------------- 86 | @ Copy memory 87 | @ r1 = Source Address 88 | @ r2 = Dest Address 89 | @ r3 = Length 90 | @--------------------------------------------------------------------------------- 91 | CopyMem: 92 | @--------------------------------------------------------------------------------- 93 | mov r0, #3 @ These commands are used in cases where 94 | add r3, r3, r0 @ the length is not a multiple of 4, 95 | bics r3, r3, r0 @ even though it should be. 96 | bxeq lr @ Length is zero, so exit 97 | CIDLoop: 98 | ldmia r1!, {r0} 99 | stmia r2!, {r0} 100 | subs r3, r3, #4 101 | bne CIDLoop 102 | bx lr 103 | 104 | @--------------------------------------------------------------------------------- 105 | .align 106 | .pool 107 | .end 108 | @--------------------------------------------------------------------------------- 109 | -------------------------------------------------------------------------------- /BootLoader/source/main.arm7.c: -------------------------------------------------------------------------------- 1 | /* 2 | main.arm7.c 3 | 4 | By Michael Chisholm (Chishm) 5 | 6 | All resetMemory and startBinary functions are based 7 | on the MultiNDS loader by Darkain. 8 | Original source available at: 9 | http://cvs.sourceforge.net/viewcvs.py/ndslib/ndslib/examples/loader/boot/main.cpp 10 | 11 | License: 12 | NitroHax -- Cheat tool for the Nintendo DS 13 | Copyright (C) 2008 Michael "Chishm" Chisholm 14 | 15 | This program is free software: you can redistribute it and/or modify 16 | it under the terms of the GNU General Public License as published by 17 | the Free Software Foundation, either version 3 of the License, or 18 | (at your option) any later version. 19 | 20 | This program is distributed in the hope that it will be useful, 21 | but WITHOUT ANY WARRANTY; without even the implied warranty of 22 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 | GNU General Public License for more details. 24 | 25 | You should have received a copy of the GNU General Public License 26 | along with this program. If not, see . 27 | */ 28 | 29 | #ifndef ARM7 30 | # define ARM7 31 | #endif 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | 40 | #ifndef NULL 41 | #define NULL 0 42 | #endif 43 | 44 | #include "common.h" 45 | #include "read_card.h" 46 | #include "cheat.h" 47 | 48 | /*------------------------------------------------------------------------- 49 | External functions 50 | --------------------------------------------------------------------------*/ 51 | extern void arm7_clearmem (void* loc, size_t len); 52 | extern void arm7_reset (void); 53 | 54 | //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 55 | // Important things 56 | #define NDS_HEAD 0x027FFE00 57 | tNDSHeader* ndsHeader = (tNDSHeader*)NDS_HEAD; 58 | 59 | #define CHEAT_ENGINE_LOCATION 0x027FE000 60 | #define CHEAT_DATA_LOCATION 0x06010000 61 | 62 | //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 63 | // Used for debugging purposes 64 | static void errorOutput (u32 code) { 65 | // Set the error code, then set our state to "error" 66 | arm9_errorCode = code; 67 | ipcSendState(ARM7_ERR); 68 | // Stop 69 | while(1); 70 | } 71 | 72 | //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 73 | // Firmware stuff 74 | 75 | #define FW_READ 0x03 76 | 77 | void arm7_readFirmware (uint32 address, uint8 * buffer, uint32 size) { 78 | uint32 index; 79 | 80 | // Read command 81 | while (REG_SPICNT & SPI_BUSY); 82 | REG_SPICNT = SPI_ENABLE | SPI_CONTINUOUS | SPI_DEVICE_NVRAM; 83 | REG_SPIDATA = FW_READ; 84 | while (REG_SPICNT & SPI_BUSY); 85 | 86 | // Set the address 87 | REG_SPIDATA = (address>>16) & 0xFF; 88 | while (REG_SPICNT & SPI_BUSY); 89 | REG_SPIDATA = (address>>8) & 0xFF; 90 | while (REG_SPICNT & SPI_BUSY); 91 | REG_SPIDATA = (address) & 0xFF; 92 | while (REG_SPICNT & SPI_BUSY); 93 | 94 | for (index = 0; index < size; index++) { 95 | REG_SPIDATA = 0; 96 | while (REG_SPICNT & SPI_BUSY); 97 | buffer[index] = REG_SPIDATA & 0xFF; 98 | } 99 | REG_SPICNT = 0; 100 | } 101 | 102 | /*------------------------------------------------------------------------- 103 | arm7_resetMemory 104 | Clears all of the NDS's RAM that is visible to the ARM7 105 | Written by Darkain. 106 | Modified by Chishm: 107 | * Added STMIA clear mem loop 108 | --------------------------------------------------------------------------*/ 109 | void arm7_resetMemory (void) { 110 | int i; 111 | u8 settings1, settings2; 112 | 113 | REG_IME = 0; 114 | 115 | for (i=0; i<16; i++) { 116 | SCHANNEL_CR(i) = 0; 117 | SCHANNEL_TIMER(i) = 0; 118 | SCHANNEL_SOURCE(i) = 0; 119 | SCHANNEL_LENGTH(i) = 0; 120 | } 121 | REG_SOUNDCNT = 0; 122 | 123 | // Clear out ARM7 DMA channels and timers 124 | for (i=0; i<4; i++) { 125 | DMA_CR(i) = 0; 126 | DMA_SRC(i) = 0; 127 | DMA_DEST(i) = 0; 128 | TIMER_CR(i) = 0; 129 | TIMER_DATA(i) = 0; 130 | } 131 | 132 | // Clear out FIFO 133 | REG_IPC_SYNC = 0; 134 | REG_IPC_FIFO_CR = IPC_FIFO_ENABLE | IPC_FIFO_SEND_CLEAR; 135 | REG_IPC_FIFO_CR = 0; 136 | 137 | // clear IWRAM - 037F:8000 to 0380:FFFF, total 96KiB 138 | arm7_clearmem ((void*)0x037F8000, 96*1024); 139 | 140 | // clear most of EXRAM - except after 0x023FD800, which has the ARM9 code 141 | arm7_clearmem ((void*)0x02000000, 0x003FD800); 142 | 143 | // clear last part of EXRAM, skipping the ARM9's section 144 | arm7_clearmem ((void*)0x023FE000, 0x2000); 145 | 146 | REG_IE = 0; 147 | REG_IF = ~0; 148 | (*(vu32*)(0x04000000-4)) = 0; //IRQ_HANDLER ARM7 version 149 | (*(vu32*)(0x04000000-8)) = ~0; //VBLANK_INTR_WAIT_FLAGS, ARM7 version 150 | REG_POWERCNT = 1; //turn off power to stuffs 151 | 152 | // Reload DS Firmware settings 153 | arm7_readFirmware((u32)0x03FE70, &settings1, 0x1); 154 | arm7_readFirmware((u32)0x03FF70, &settings2, 0x1); 155 | 156 | if (settings1 > settings2) { 157 | arm7_readFirmware((u32)0x03FE00, (u8*)0x027FFC80, 0x70); 158 | arm7_readFirmware((u32)0x03FF00, (u8*)0x027FFD80, 0x70); 159 | } else { 160 | arm7_readFirmware((u32)0x03FF00, (u8*)0x027FFC80, 0x70); 161 | arm7_readFirmware((u32)0x03FE00, (u8*)0x027FFD80, 0x70); 162 | } 163 | 164 | // Load FW header 165 | arm7_readFirmware((u32)0x000000, (u8*)0x027FF830, 0x20); 166 | } 167 | 168 | 169 | int arm7_loadBinary (void) { 170 | u32 chipID; 171 | u32 errorCode; 172 | 173 | // Init card 174 | errorCode = cardInit(ndsHeader, &chipID); 175 | if (errorCode) { 176 | return errorCode; 177 | } 178 | 179 | // Set memory values expected by loaded NDS 180 | *((u32*)0x027ff800) = chipID; // CurrentCardID 181 | *((u32*)0x027ff804) = chipID; // Command10CardID 182 | *((u32*)0x027ffc00) = chipID; // 3rd chip ID 183 | *((u16*)0x027ff808) = ndsHeader->headerCRC16; // Header Checksum, CRC-16 of [000h-15Dh] 184 | *((u16*)0x027ff80a) = ndsHeader->secureCRC16; // Secure Area Checksum, CRC-16 of [ [20h]..7FFFh] 185 | *((u16*)0x027ffc40) = 0x1; // Booted from card -- EXTREMELY IMPORTANT!!! Thanks to cReDiAr 186 | 187 | cardRead(ndsHeader->arm9romOffset, (u32*)ndsHeader->arm9destination, ndsHeader->arm9binarySize); 188 | cardRead(ndsHeader->arm7romOffset, (u32*)ndsHeader->arm7destination, ndsHeader->arm7binarySize); 189 | return ERR_NONE; 190 | } 191 | 192 | 193 | //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 194 | // Main function 195 | 196 | void arm7_main (void) { 197 | int errorCode; 198 | 199 | // Synchronise start 200 | while (ipcRecvState() != ARM9_START); 201 | ipcSendState(ARM7_START); 202 | 203 | // Wait until ARM9 is ready 204 | while (ipcRecvState() != ARM9_READY); 205 | 206 | ipcSendState(ARM7_MEMCLR); 207 | 208 | // Get ARM7 to clear RAM 209 | arm7_resetMemory(); 210 | 211 | ipcSendState(ARM7_LOADBIN); 212 | 213 | // Load the NDS file 214 | errorCode = arm7_loadBinary(); 215 | if (errorCode) { 216 | errorOutput(errorCode); 217 | } 218 | 219 | ipcSendState(ARM7_HOOKBIN); 220 | 221 | // Load the cheat engine and hook it into the ARM7 binary 222 | errorCode = arm7_hookGame(ndsHeader, (const u32*)CHEAT_DATA_LOCATION, (u32*)CHEAT_ENGINE_LOCATION); 223 | if (errorCode != ERR_NONE && errorCode != ERR_NOCHEAT) { 224 | errorOutput(errorCode); 225 | } 226 | 227 | ipcSendState(ARM7_BOOTBIN); 228 | 229 | arm7_reset(); 230 | } 231 | -------------------------------------------------------------------------------- /BootLoader/source/main.arm9.c: -------------------------------------------------------------------------------- 1 | /* 2 | main.arm9.c 3 | 4 | By Michael Chisholm (Chishm) 5 | 6 | All resetMemory and startBinary functions are based 7 | on the MultiNDS loader by Darkain. 8 | Original source available at: 9 | http://cvs.sourceforge.net/viewcvs.py/ndslib/ndslib/examples/loader/boot/main.cpp 10 | 11 | License: 12 | NitroHax -- Cheat tool for the Nintendo DS 13 | Copyright (C) 2008 Michael "Chishm" Chisholm 14 | 15 | This program is free software: you can redistribute it and/or modify 16 | it under the terms of the GNU General Public License as published by 17 | the Free Software Foundation, either version 3 of the License, or 18 | (at your option) any later version. 19 | 20 | This program is distributed in the hope that it will be useful, 21 | but WITHOUT ANY WARRANTY; without even the implied warranty of 22 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 | GNU General Public License for more details. 24 | 25 | You should have received a copy of the GNU General Public License 26 | along with this program. If not, see . 27 | */ 28 | 29 | #define ARM9 30 | #undef ARM7 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | 40 | #include "common.h" 41 | 42 | volatile int arm9_stateFlag = ARM9_BOOT; 43 | volatile u32 arm9_errorCode = 0xFFFFFFFF; 44 | volatile bool arm9_errorClearBG = false; 45 | volatile u32 arm9_BLANK_RAM = 0; 46 | 47 | /*------------------------------------------------------------------------- 48 | External functions 49 | --------------------------------------------------------------------------*/ 50 | extern void arm9_clearCache (void); 51 | extern void arm9_reset (void); 52 | 53 | /*------------------------------------------------------------------------- 54 | arm9_errorOutput 55 | Displays an error code on screen. 56 | 57 | Each box is 2 bits, and left-to-right is most-significant bits to least. 58 | Red = 00, Yellow = 01, Green = 10, Blue = 11 59 | 60 | Written by Chishm 61 | --------------------------------------------------------------------------*/ 62 | static void arm9_errorOutput (u32 code) { 63 | int i, j, k; 64 | u16 colour; 65 | vu16 *const vram_a = (vu16*)VRAM_A; 66 | 67 | REG_POWERCNT = (u16)(POWER_LCD | POWER_2D_A); 68 | REG_DISPCNT = MODE_FB0; 69 | VRAM_A_CR = VRAM_ENABLE; 70 | 71 | // Clear display 72 | for (i = 0; i < 256*192; i++) { 73 | vram_a[i] = 0x0000; 74 | } 75 | 76 | // Draw boxes of colour, signifying error codes 77 | 78 | if ((code >> 16) != 0) { 79 | // high 16 bits 80 | for (i = 0; i < 8; i++) { // Pair of bits to use 81 | if (((code>>(30-2*i))&3) == 0) { 82 | colour = 0x001F; // Red 83 | } else if (((code>>(30-2*i))&3) == 1) { 84 | colour = 0x03FF; // Yellow 85 | } else if (((code>>(30-2*i))&3) == 2) { 86 | colour = 0x03E0; // Green 87 | } else { 88 | colour = 0x7C00; // Blue 89 | } 90 | for (j = 71; j < 87; j++) { // Row 91 | for (k = 32*i+8; k < 32*i+24; k++) { // Column 92 | vram_a[j*256+k] = colour; 93 | } 94 | } 95 | } 96 | } 97 | 98 | // Low 16 bits 99 | for (i = 0; i < 8; i++) { // Pair of bits to use 100 | if (((code>>(14-2*i))&3) == 0) { 101 | colour = 0x001F; // Red 102 | } else if (((code>>(14-2*i))&3) == 1) { 103 | colour = 0x03FF; // Yellow 104 | } else if (((code>>(14-2*i))&3) == 2) { 105 | colour = 0x03E0; // Green 106 | } else { 107 | colour = 0x7C00; // Blue 108 | } 109 | for (j = 103; j < 119; j++) { // Row 110 | for (k = 32*i+8; k < 32*i+24; k++) { // Column 111 | vram_a[j*256+k] = colour; 112 | } 113 | } 114 | } 115 | } 116 | 117 | /*------------------------------------------------------------------------- 118 | arm9_main 119 | Clears the ARM9's icahce and dcache 120 | Clears the ARM9's DMA channels and resets video memory 121 | Jumps to the ARM9 NDS binary in sync with the ARM7 122 | Written by Darkain, modified by Chishm 123 | --------------------------------------------------------------------------*/ 124 | void arm9_main (void) { 125 | register int i; 126 | 127 | //set shared ram to ARM7 128 | WRAM_CR = 0x03; 129 | REG_EXMEMCNT = 0xE880; 130 | 131 | // Disable interrupts 132 | REG_IME = 0; 133 | REG_IE = 0; 134 | REG_IF = ~0; 135 | 136 | // Synchronise start 137 | ipcSendState(ARM9_START); 138 | while (ipcRecvState() != ARM7_START); 139 | 140 | ipcSendState(ARM9_MEMCLR); 141 | 142 | arm9_clearCache(); 143 | 144 | for (i=0; i<16*1024; i+=4) { //first 16KB 145 | (*(vu32*)(i+0x00000000)) = 0x00000000; //clear ITCM 146 | (*(vu32*)(i+0x00800000)) = 0x00000000; //clear DTCM 147 | } 148 | 149 | for (i=16*1024; i<32*1024; i+=4) { //second 16KB 150 | (*(vu32*)(i+0x00000000)) = 0x00000000; //clear ITCM 151 | } 152 | 153 | (*(vu32*)0x00803FFC) = 0; //IRQ_HANDLER ARM9 version 154 | (*(vu32*)0x00803FF8) = ~0; //VBLANK_INTR_WAIT_FLAGS ARM9 version 155 | 156 | // Clear out FIFO 157 | REG_IPC_FIFO_CR = IPC_FIFO_ENABLE | IPC_FIFO_SEND_CLEAR; 158 | REG_IPC_FIFO_CR = 0; 159 | 160 | // Blank out VRAM 161 | VRAM_A_CR = 0x80; 162 | VRAM_B_CR = 0x80; 163 | // Don't mess with the VRAM used for execution 164 | // VRAM_C_CR = 0; 165 | VRAM_D_CR = 0x80; 166 | VRAM_E_CR = 0x80; 167 | VRAM_F_CR = 0x80; 168 | VRAM_G_CR = 0x80; 169 | VRAM_H_CR = 0x80; 170 | VRAM_I_CR = 0x80; 171 | BG_PALETTE[0] = 0xFFFF; 172 | dmaFill((void*)&arm9_BLANK_RAM, BG_PALETTE+1, (2*1024)-2); 173 | dmaFill((void*)&arm9_BLANK_RAM, OAM, 2*1024); 174 | dmaFill((void*)&arm9_BLANK_RAM, VRAM_A, 256*1024); // Banks A, B 175 | dmaFill((void*)&arm9_BLANK_RAM, VRAM_D, 272*1024); // Banks D, E, F, G, H, I 176 | 177 | // Clear out display registers 178 | vu16 *mainregs = (vu16*)0x04000000; 179 | vu16 *subregs = (vu16*)0x04001000; 180 | for (i=0; i<43; i++) { 181 | mainregs[i] = 0; 182 | subregs[i] = 0; 183 | } 184 | 185 | // Clear out ARM9 DMA channels 186 | for (i=0; i<4; i++) { 187 | DMA_CR(i) = 0; 188 | DMA_SRC(i) = 0; 189 | DMA_DEST(i) = 0; 190 | TIMER_CR(i) = 0; 191 | TIMER_DATA(i) = 0; 192 | } 193 | 194 | REG_DISPSTAT = 0; 195 | videoSetMode(0); 196 | videoSetModeSub(0); 197 | VRAM_A_CR = 0; 198 | VRAM_B_CR = 0; 199 | // Don't mess with the VRAM used for execution 200 | // VRAM_C_CR = 0; 201 | VRAM_D_CR = 0; 202 | VRAM_E_CR = 0; 203 | VRAM_F_CR = 0; 204 | VRAM_G_CR = 0; 205 | VRAM_H_CR = 0; 206 | VRAM_I_CR = 0; 207 | REG_POWERCNT = 0x820F; 208 | 209 | // set ARM9 state to ready and wait for instructions from ARM7 210 | ipcSendState(ARM9_READY); 211 | while (ipcRecvState() != ARM7_BOOTBIN) { 212 | if (ipcRecvState() == ARM7_ERR) { 213 | arm9_errorOutput (arm9_errorCode); 214 | // Halt after displaying error code 215 | while(1); 216 | } 217 | } 218 | 219 | arm9_reset(); 220 | } 221 | 222 | -------------------------------------------------------------------------------- /BootLoader/source/read_bios.h: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | #include 19 | 20 | void readBios (u8* dest, u32 src, u32 size); 21 | -------------------------------------------------------------------------------- /BootLoader/source/read_bios.s: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | @This code comes from a post by CaitSith2 at gbadev.org - THANKS!! 4 | @ 5 | @Code to dump the complete Nintendo DS ARM7 bios, including the 6 | @first 0x1204 bytes residing in the secure area. 7 | @ 8 | @The ARM7 bios has read protection where 0x(Word)[FFFF(Half word)[FF(Byte)[FF]]] 9 | @is returned, if any reads are attempted while PC is outside the arm7 bios range. 10 | @ 11 | @Additionally, if the PC is outside the 0x0000 - 0x1204 range, that range of the bios 12 | @is completely locked out from reading. 13 | 14 | 15 | @ void readBios (u8* dest, u32 src, u32 size) 16 | 17 | .arm 18 | 19 | BEGIN_ASM_FUNC readBios 20 | adr r3,bios_dump+1 21 | bx r3 22 | .thumb 23 | 24 | bios_dump: 25 | push {r4-r7,lr} @Even though we don't use R7, the code we are jumping to is going 26 | @trash R7, therefore, we must save it. 27 | mov r5, r1 @ src 28 | sub r1, r2, #1 @ size 29 | mov r2, r0 @ dest 30 | ldr r0,=0x5ED @The code that will be made to read the full bios resides here. 31 | 32 | loop: 33 | mov r6,#0x12 @We Subtract 12 from the location we wish to read 34 | sub r3,r1,r6 @because the code at 0x5EC is LDRB R3, [R3,#0x12] 35 | add r3, r3, r5 36 | adr r6,ret 37 | push {r2-r6} @The line of code at 0x5EE is POP {R2,R4,R6,R7,PC} 38 | bx r0 39 | .align 40 | 41 | ret: 42 | strb r3,[r2,r1] @Store the read byte contained in r3, to SRAM. 43 | sub r1,#1 @Subtract 1 44 | bpl loop @And branch as long as R1 doesn't roll into -1 (0xFFFFFFFF). 45 | 46 | pop {r4-r7} @Restore the saved registers 47 | pop {r3} @and return. 48 | bx r3 49 | 50 | .END 51 | 52 | @The exact code that resides at 0x5EC (secure area range) of the arm7 bios. 53 | @ROM:000005EC 9B 7C LDRB R3, [R3,#0x12] 54 | @ROM:000005EE D4 BD POP {R2,R4,R6,R7,PC} 55 | -------------------------------------------------------------------------------- /BootLoader/source/read_card.c: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #include "read_card.h" 20 | 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | 28 | #include "encryption.h" 29 | #include "common.h" 30 | 31 | typedef union 32 | { 33 | char title[4]; 34 | u32 key; 35 | } GameCode; 36 | 37 | static u32 portFlags = 0; 38 | static u32 secureAreaData[CARD_SECURE_AREA_SIZE/sizeof(u32)]; 39 | 40 | static const u8 cardSeedBytes[] = {0xE8, 0x4D, 0x5A, 0xB1, 0x17, 0x8F, 0x99, 0xD5}; 41 | 42 | static u32 getRandomNumber(void) { 43 | return 4; // chosen by fair dice roll. 44 | // guaranteed to be random. 45 | } 46 | 47 | static void decryptSecureArea (u32 gameCode, u32* secureArea) 48 | { 49 | int i; 50 | 51 | init_keycode (gameCode, 2, 8); 52 | crypt_64bit_down (secureArea); 53 | 54 | init_keycode (gameCode, 3, 8); 55 | 56 | for (i = 0; i < 0x200; i+= 2) { 57 | crypt_64bit_down (secureArea + i); 58 | } 59 | } 60 | 61 | static struct { 62 | unsigned int iii; 63 | unsigned int jjj; 64 | unsigned int kkkkk; 65 | unsigned int llll; 66 | unsigned int mmm; 67 | unsigned int nnn; 68 | } key1data; 69 | 70 | 71 | static void initKey1Encryption (u8* cmdData) { 72 | key1data.iii = getRandomNumber() & 0x00000fff; 73 | key1data.jjj = getRandomNumber() & 0x00000fff; 74 | key1data.kkkkk = getRandomNumber() & 0x000fffff; 75 | key1data.llll = getRandomNumber() & 0x0000ffff; 76 | key1data.mmm = getRandomNumber() & 0x00000fff; 77 | key1data.nnn = getRandomNumber() & 0x00000fff; 78 | 79 | cmdData[7] = CARD_CMD_ACTIVATE_BF; 80 | cmdData[6] = (u8) (key1data.iii >> 4); 81 | cmdData[5] = (u8) ((key1data.iii << 4) | (key1data.jjj >> 8)); 82 | cmdData[4] = (u8) key1data.jjj; 83 | cmdData[3] = (u8) (key1data.kkkkk >> 16); 84 | cmdData[2] = (u8) (key1data.kkkkk >> 8); 85 | cmdData[1] = (u8) key1data.kkkkk; 86 | cmdData[0] = (u8) getRandomNumber(); 87 | } 88 | 89 | // Note: cmdData must be aligned on a word boundary 90 | static void createEncryptedCommand (u8 command, u8* cmdData, u32 block) 91 | { 92 | unsigned long iii, jjj; 93 | 94 | if (command != CARD_CMD_SECURE_READ) { 95 | block = key1data.llll; 96 | } 97 | 98 | if (command == CARD_CMD_ACTIVATE_SEC) { 99 | iii = key1data.mmm; 100 | jjj = key1data.nnn; 101 | } else { 102 | iii = key1data.iii; 103 | jjj = key1data.jjj; 104 | } 105 | 106 | cmdData[7] = (u8) (command | (block >> 12)); 107 | cmdData[6] = (u8) (block >> 4); 108 | cmdData[5] = (u8) ((block << 4) | (iii >> 8)); 109 | cmdData[4] = (u8) iii; 110 | cmdData[3] = (u8) (jjj >> 4); 111 | cmdData[2] = (u8) ((jjj << 4) | (key1data.kkkkk >> 16)); 112 | cmdData[1] = (u8) (key1data.kkkkk >> 8); 113 | cmdData[0] = (u8) key1data.kkkkk; 114 | 115 | crypt_64bit_up ((u32*)cmdData); 116 | 117 | key1data.kkkkk += 1; 118 | } 119 | 120 | static void cardDelay (u16 readTimeout) { 121 | /* Using a while loop to check the timeout, 122 | so we have to wait until one before overflow. 123 | This also requires an extra 1 for the timer data. 124 | See GBATek for the normal formula used for card timeout. 125 | */ 126 | TIMER_DATA(0) = 0 - (((readTimeout & 0x3FFF) + 3)); 127 | TIMER_CR(0) = TIMER_DIV_256 | TIMER_ENABLE; 128 | while (TIMER_DATA(0) != 0xFFFF); 129 | 130 | // Clear out the timer registers 131 | TIMER_CR(0) = 0; 132 | TIMER_DATA(0) = 0; 133 | } 134 | 135 | 136 | int cardInit (tNDSHeader* ndsHeader, u32* chipID) 137 | { 138 | u32 portFlagsKey1, portFlagsSecRead; 139 | bool normalChip; // As defined by GBAtek, normal chip secure area is accessed in blocks of 0x200, other chip in blocks of 0x1000 140 | u32* secureArea; 141 | int secureBlockNumber; 142 | int i; 143 | u8 cmdData[8] __attribute__ ((aligned)); 144 | GameCode* gameCode; 145 | 146 | // Dummy command sent after card reset 147 | cardParamCommand (CARD_CMD_DUMMY, 0, 148 | CARD_ACTIVATE | CARD_nRESET | CARD_CLK_SLOW | CARD_BLK_SIZE(1) | CARD_DELAY1(0x1FFF) | CARD_DELAY2(0x3F), 149 | NULL, 0); 150 | 151 | // Verify that the ndsHeader is packed correctly, now that it's no longer __packed__ 152 | static_assert(sizeof(tNDSHeader) == 0x160, "tNDSHeader not packed properly"); 153 | 154 | // Read the header 155 | cardParamCommand (CARD_CMD_HEADER_READ, 0, 156 | CARD_ACTIVATE | CARD_nRESET | CARD_CLK_SLOW | CARD_BLK_SIZE(1) | CARD_DELAY1(0x1FFF) | CARD_DELAY2(0x3F), 157 | (uint32*)ndsHeader, sizeof(tNDSHeader)); 158 | 159 | // Check header CRC 160 | if (ndsHeader->headerCRC16 != swiCRC16(0xFFFF, (void*)ndsHeader, 0x15E)) { 161 | return ERR_HEAD_CRC; 162 | } 163 | 164 | // Check logo CRC 165 | if (ndsHeader->logoCRC16 != 0xCF56) { 166 | return ERR_LOGO_CRC; 167 | } 168 | 169 | // Initialise blowfish encryption for KEY1 commands and decrypting the secure area 170 | gameCode = (GameCode*)ndsHeader->gameCode; 171 | init_keycode (gameCode->key, 2, 8); 172 | 173 | // Port 40001A4h setting for normal reads (command B7) 174 | portFlags = ndsHeader->cardControl13 & ~CARD_BLK_SIZE(7); 175 | // Port 40001A4h setting for KEY1 commands (usually 001808F8h) 176 | portFlagsKey1 = CARD_ACTIVATE | CARD_nRESET | (ndsHeader->cardControl13 & (CARD_WR|CARD_CLK_SLOW)) | 177 | ((ndsHeader->cardControlBF & (CARD_CLK_SLOW|CARD_DELAY1(0x1FFF))) + ((ndsHeader->cardControlBF & CARD_DELAY2(0x3F)) >> 16)); 178 | 179 | // 1st Get ROM Chip ID 180 | cardParamCommand (CARD_CMD_HEADER_CHIPID, 0, 181 | (ndsHeader->cardControl13 & (CARD_WR|CARD_nRESET|CARD_CLK_SLOW)) | CARD_ACTIVATE | CARD_BLK_SIZE(7), 182 | chipID, sizeof(u32)); 183 | 184 | // Adjust card transfer method depending on the most significant bit of the chip ID 185 | normalChip = ((*chipID) & 0x80000000) != 0; // ROM chip ID MSB 186 | if (!normalChip) { 187 | portFlagsKey1 |= CARD_SEC_LARGE; 188 | } 189 | 190 | // 3Ciiijjj xkkkkkxx - Activate KEY1 Encryption Mode 191 | initKey1Encryption (cmdData); 192 | cardPolledTransfer((ndsHeader->cardControl13 & (CARD_WR|CARD_nRESET|CARD_CLK_SLOW)) | CARD_ACTIVATE, NULL, 0, cmdData); 193 | 194 | // 4llllmmm nnnkkkkk - Activate KEY2 Encryption Mode 195 | createEncryptedCommand (CARD_CMD_ACTIVATE_SEC, cmdData, 0); 196 | 197 | if (normalChip) { 198 | cardPolledTransfer(portFlagsKey1, NULL, 0, cmdData); 199 | cardDelay(ndsHeader->readTimeout); 200 | cardPolledTransfer(portFlagsKey1, NULL, 0, cmdData); 201 | } else { 202 | cardPolledTransfer(portFlagsKey1, NULL, 0, cmdData); 203 | } 204 | 205 | // Set the KEY2 encryption registers 206 | REG_ROMCTRL = 0; 207 | REG_CARD_1B0 = cardSeedBytes[ndsHeader->deviceType & 0x07] | (key1data.nnn << 15) | (key1data.mmm << 27) | 0x6000; 208 | REG_CARD_1B4 = 0x879b9b05; 209 | REG_CARD_1B8 = key1data.mmm >> 5; 210 | REG_CARD_1BA = 0x5c; 211 | REG_ROMCTRL = CARD_nRESET | CARD_SEC_SEED | CARD_SEC_EN | CARD_SEC_DAT; 212 | 213 | // Update the DS card flags to suit KEY2 encryption 214 | portFlagsKey1 |= CARD_SEC_EN | CARD_SEC_DAT; 215 | 216 | // 1lllliii jjjkkkkk - 2nd Get ROM Chip ID / Get KEY2 Stream 217 | createEncryptedCommand (CARD_CMD_SECURE_CHIPID, cmdData, 0); 218 | 219 | if (normalChip) { 220 | cardPolledTransfer(portFlagsKey1, NULL, 0, cmdData); 221 | cardDelay(ndsHeader->readTimeout); 222 | cardPolledTransfer(portFlagsKey1 | CARD_BLK_SIZE(7), NULL, 0, cmdData); 223 | } else { 224 | cardPolledTransfer(portFlagsKey1 | CARD_BLK_SIZE(7), NULL, 0, cmdData); 225 | } 226 | 227 | // 2bbbbiii jjjkkkkk - Get Secure Area Block 228 | secureArea = secureAreaData; 229 | portFlagsSecRead = (ndsHeader->cardControlBF & (CARD_CLK_SLOW|CARD_DELAY1(0x1FFF)|CARD_DELAY2(0x3F))) 230 | | CARD_ACTIVATE | CARD_nRESET | CARD_SEC_EN | CARD_SEC_DAT; 231 | 232 | for (secureBlockNumber = 4; secureBlockNumber < 8; secureBlockNumber++) { 233 | createEncryptedCommand (CARD_CMD_SECURE_READ, cmdData, secureBlockNumber); 234 | 235 | if (normalChip) { 236 | cardPolledTransfer(portFlagsSecRead, NULL, 0, cmdData); 237 | cardDelay(ndsHeader->readTimeout); 238 | for (i = 8; i > 0; i--) { 239 | cardPolledTransfer(portFlagsSecRead | CARD_BLK_SIZE(1), secureArea, 0x200, cmdData); 240 | secureArea += 0x200/sizeof(u32); 241 | } 242 | } else { 243 | cardPolledTransfer(portFlagsSecRead | CARD_BLK_SIZE(4) | CARD_SEC_LARGE, secureArea, 0x1000, cmdData); 244 | secureArea += 0x1000/sizeof(u32); 245 | } 246 | } 247 | 248 | // Alllliii jjjkkkkk - Enter Main Data Mode 249 | createEncryptedCommand (CARD_CMD_DATA_MODE, cmdData, 0); 250 | 251 | if (normalChip) { 252 | cardPolledTransfer(portFlagsKey1, NULL, 0, cmdData); 253 | cardDelay(ndsHeader->readTimeout); 254 | cardPolledTransfer(portFlagsKey1, NULL, 0, cmdData); 255 | } else { 256 | cardPolledTransfer(portFlagsKey1, NULL, 0, cmdData); 257 | } 258 | 259 | // Now deal with secure area decryption and verification 260 | decryptSecureArea (gameCode->key, secureAreaData); 261 | 262 | secureArea = secureAreaData; 263 | if (secureArea[0] == 0x72636e65 /*'encr'*/ && secureArea[1] == 0x6a624f79 /*'yObj'*/) { 264 | // Secure area exists, so just clear the tag 265 | secureArea[0] = 0xe7ffdeff; 266 | secureArea[1] = 0xe7ffdeff; 267 | } else { 268 | // Secure area tag is not there, so destroy the entire secure area 269 | for (i = 0; i < 0x200; i ++) { 270 | *secureArea++ = 0xe7ffdeff; 271 | } 272 | return normalChip ? ERR_SEC_NORM : ERR_SEC_OTHR; 273 | } 274 | 275 | return ERR_NONE; 276 | } 277 | 278 | void cardRead (u32 src, u32* dest, size_t size) 279 | { 280 | size_t readSize; 281 | 282 | if (src < CARD_SECURE_AREA_OFFSET) { 283 | return; 284 | } else if (src < CARD_DATA_OFFSET) { 285 | // Read data from secure area 286 | readSize = src + size < CARD_DATA_OFFSET ? size : CARD_DATA_OFFSET - src; 287 | memcpy (dest, (u8*)secureAreaData + src - CARD_SECURE_AREA_OFFSET, readSize); 288 | src += readSize; 289 | dest += readSize/sizeof(*dest); 290 | size -= readSize; 291 | } 292 | 293 | while (size > 0) { 294 | readSize = size < CARD_DATA_BLOCK_SIZE ? size : CARD_DATA_BLOCK_SIZE; 295 | cardParamCommand (CARD_CMD_DATA_READ, src, 296 | (portFlags &~CARD_BLK_SIZE(7)) | CARD_ACTIVATE | CARD_nRESET | CARD_BLK_SIZE(1), 297 | dest, readSize); 298 | src += readSize; 299 | dest += readSize/sizeof(*dest); 300 | size -= readSize; 301 | } 302 | } 303 | 304 | -------------------------------------------------------------------------------- /BootLoader/source/read_card.h: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #ifndef READ_CARD_H 20 | #define READ_CARD_H 21 | 22 | #include 23 | #include 24 | #include 25 | 26 | #define CARD_NDS_HEADER_SIZE (0x200) 27 | #define CARD_SECURE_AREA_OFFSET (0x4000) 28 | #define CARD_SECURE_AREA_SIZE (0x4000) 29 | #define CARD_DATA_OFFSET (0x8000) 30 | #define CARD_DATA_BLOCK_SIZE (0x200) 31 | 32 | int cardInit (tNDSHeader* ndsHeader, u32* chipID); 33 | 34 | void cardRead (u32 src, u32* dest, size_t size); 35 | 36 | #endif // READ_CARD_H 37 | 38 | -------------------------------------------------------------------------------- /BootLoader/source/reset.arm7.s: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2015 Dave Murphy (WinterMute) 3 | 4 | This program is free software: you can redistribute it and/or modify 5 | it under the terms of the GNU General Public License as published by 6 | the Free Software Foundation, either version 2 of the License, or 7 | (at your option) any later version. 8 | 9 | This program is distributed in the hope that it will be useful, 10 | but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | GNU General Public License for more details. 13 | 14 | You should have received a copy of the GNU General Public License 15 | along with this program. If not, see . 16 | 17 | */ 18 | .text 19 | .align 4 20 | 21 | .arm 22 | @--------------------------------------------------------------------------------- 23 | .global arm7_reset 24 | .type arm7_reset STT_FUNC 25 | @--------------------------------------------------------------------------------- 26 | arm7_reset: 27 | @--------------------------------------------------------------------------------- 28 | mrs r0, cpsr @ cpu interrupt disable 29 | orr r0, r0, #0x80 @ (set i flag) 30 | msr cpsr, r0 31 | 32 | ldr r0, =0x380FFFC @ irq vector 33 | mov r1, #0 34 | str r1, [r0] 35 | sub r0, r0, #4 @ IRQ1 Check Bits 36 | str r1, [r0] 37 | sub r0, r0, #4 @ IRQ2 Check Bits 38 | str r1, [r0] 39 | 40 | bic r0, r0, #0x7f 41 | 42 | msr cpsr_c, #0xd3 @ svc mode 43 | mov sp, r0 44 | sub r0, r0, #64 45 | msr cpsr_c, #0xd2 @ irq mode 46 | mov sp, r0 47 | sub r0, r0, #512 48 | msr cpsr_c, #0xdf @ system mode 49 | mov sp, r0 50 | 51 | mov r12, #0x04000000 52 | add r12, r12, #0x180 53 | 54 | @ while (ipcRecvState() != ARM9_RESET); 55 | mov r0, #2 56 | bl waitsync 57 | @ ipcSendState(ARM7_RESET) 58 | mov r0, #0x200 59 | strh r0, [r12] 60 | 61 | @ while(ipcRecvState() != ARM9_BOOT); 62 | mov r0, #0 63 | bl waitsync 64 | @ ipcSendState(ARM7_BOOT) 65 | strh r0, [r12] 66 | 67 | ldr r0,=0x2FFFE34 68 | 69 | ldr r0,[r0] 70 | bx r0 71 | 72 | .pool 73 | 74 | @--------------------------------------------------------------------------------- 75 | waitsync: 76 | @--------------------------------------------------------------------------------- 77 | ldrh r1, [r12] 78 | and r1, r1, #0x000f 79 | cmp r0, r1 80 | bne waitsync 81 | bx lr 82 | -------------------------------------------------------------------------------- /BootLoader/source/reset.arm9.s: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2006 - 2015 Dave Murphy (WinterMute) 3 | 4 | This program is free software: you can redistribute it and/or modify 5 | it under the terms of the GNU General Public License as published by 6 | the Free Software Foundation, either version 2 of the License, or 7 | (at your option) any later version. 8 | 9 | This program is distributed in the hope that it will be useful, 10 | but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | GNU General Public License for more details. 13 | 14 | You should have received a copy of the GNU General Public License 15 | along with this program. If not, see . 16 | 17 | */ 18 | 19 | #include 20 | 21 | .text 22 | .align 4 23 | 24 | .arm 25 | 26 | .arch armv5te 27 | .cpu arm946e-s 28 | 29 | @--------------------------------------------------------------------------------- 30 | .global arm9_reset 31 | .type arm9_reset STT_FUNC 32 | @--------------------------------------------------------------------------------- 33 | arm9_reset: 34 | @--------------------------------------------------------------------------------- 35 | mrs r0, cpsr @ cpu interrupt disable 36 | orr r0, r0, #0x80 @ (set i flag) 37 | msr cpsr, r0 38 | 39 | @ Switch off MPU 40 | mrc p15, 0, r0, c1, c0, 0 41 | bic r0, r0, #PROTECT_ENABLE 42 | mcr p15, 0, r0, c1, c0, 0 43 | 44 | 45 | adr r12, mpu_initial_data 46 | ldmia r12, {r0-r10} 47 | 48 | mcr p15, 0, r0, c2, c0, 0 49 | mcr p15, 0, r0, c2, c0, 1 50 | mcr p15, 0, r1, c3, c0, 0 51 | mcr p15, 0, r2, c5, c0, 2 52 | mcr p15, 0, r3, c5, c0, 3 53 | mcr p15, 0, r4, c6, c0, 0 54 | mcr p15, 0, r5, c6, c1, 0 55 | mcr p15, 0, r6, c6, c3, 0 56 | mcr p15, 0, r7, c6, c4, 0 57 | mcr p15, 0, r8, c6, c6, 0 58 | mcr p15, 0, r9, c6, c7, 0 59 | mcr p15, 0, r10, c9, c1, 0 60 | 61 | mov r0, #0 62 | mcr p15, 0, r0, c6, c2, 0 @ PU Protection Unit Data/Unified Region 2 63 | mcr p15, 0, r0, c6, c5, 0 @ PU Protection Unit Data/Unified Region 5 64 | 65 | mrc p15, 0, r0, c9, c1, 0 @ DTCM 66 | mov r0, r0, lsr #12 @ base 67 | mov r0, r0, lsl #12 @ size 68 | add r0, r0, #0x4000 @ dtcm top 69 | 70 | sub r0, r0, #4 @ irq vector 71 | mov r1, #0 72 | str r1, [r0] 73 | sub r0, r0, #4 @ IRQ1 Check Bits 74 | str r1, [r0] 75 | 76 | bic r0, r0, #0x7f 77 | 78 | msr cpsr_c, #0xd3 @ svc mode 79 | mov sp, r0 80 | sub r0, r0, #64 81 | msr cpsr_c, #0xd2 @ irq mode 82 | mov sp, r0 83 | sub r0, r0, #4096 84 | msr cpsr_c, #0xdf @ system mode 85 | mov sp, r0 86 | 87 | mov r12, #0x04000000 88 | add r12, r12, #0x180 89 | 90 | @ ipcSendState(ARM9_RESET) 91 | mov r0, #0x200 92 | strh r0, [r12] 93 | @ while (ipcRecvState() != ARM7_RESET); 94 | mov r0, #2 95 | bl waitsync 96 | 97 | @ ipcSendState(ARM9_BOOT) 98 | mov r0, #0 99 | strh r0, [r12] 100 | @ while (ipcRecvState() != ARM7_BOOT); 101 | bl waitsync 102 | 103 | ldr r10, =0x2FFFE24 104 | ldr r2, [r10] 105 | 106 | @ Switch MPU to startup default 107 | ldr r0, =0x00012078 108 | mcr p15, 0, r0, c1, c0, 0 109 | 110 | bx r2 111 | 112 | .pool 113 | 114 | @--------------------------------------------------------------------------------- 115 | waitsync: 116 | @--------------------------------------------------------------------------------- 117 | ldrh r1, [r12] 118 | and r1, r1, #0x000f 119 | cmp r0, r1 120 | bne waitsync 121 | bx lr 122 | 123 | mpu_initial_data: 124 | .word 0x00000042 @ p15,0,c2,c0,0..1,r0 ;PU Cachability Bits for Data/Unified+Instruction Protection Region 125 | .word 0x00000002 @ p15,0,c3,c0,0,r1 ;PU Write-Bufferability Bits for Data Protection Regions 126 | .word 0x15111011 @ p15,0,c5,c0,2,r2 ;PU Extended Access Permission Data/Unified Protection Region 127 | .word 0x05100011 @ p15,0,c5,c0,3,r3 ;PU Extended Access Permission Instruction Protection Region 128 | .word 0x04000033 @ p15,0,c6,c0,0,r4 ;PU Protection Unit Data/Unified Region 0 129 | .word 0x0200002b @ p15,0,c6,c1,0,r5 ;PU Protection Unit Data/Unified Region 1 4MB 130 | .word 0x08000035 @ p15,0,c6,c3,0,r6 ;PU Protection Unit Data/Unified Region 3 131 | .word 0x0300001b @ p15,0,c6,c4,0,r7 ;PU Protection Unit Data/Unified Region 4 132 | .word 0xffff001d @ p15,0,c6,c6,0,r8 ;PU Protection Unit Data/Unified Region 6 133 | .word 0x027ff017 @ p15,0,c6,c7,0,r9 ;PU Protection Unit Data/Unified Region 7 4KB 134 | .word 0x0300000a @ p15,0,c9,c1,0,r10 ;TCM Data TCM Base and Virtual Size 135 | itcm_reset_code_end: -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU General Public License is a free, copyleft license for 11 | software and other kinds of works. 12 | 13 | The licenses for most software and other practical works are designed 14 | to take away your freedom to share and change the works. By contrast, 15 | the GNU General Public License is intended to guarantee your freedom to 16 | share and change all versions of a program--to make sure it remains free 17 | software for all its users. We, the Free Software Foundation, use the 18 | GNU General Public License for most of our software; it applies also to 19 | any other work released this way by its authors. You can apply it to 20 | your programs, too. 21 | 22 | When we speak of free software, we are referring to freedom, not 23 | price. Our General Public Licenses are designed to make sure that you 24 | have the freedom to distribute copies of free software (and charge for 25 | them if you wish), that you receive source code or can get it if you 26 | want it, that you can change the software or use pieces of it in new 27 | free programs, and that you know you can do these things. 28 | 29 | To protect your rights, we need to prevent others from denying you 30 | these rights or asking you to surrender the rights. Therefore, you have 31 | certain responsibilities if you distribute copies of the software, or if 32 | you modify it: responsibilities to respect the freedom of others. 33 | 34 | For example, if you distribute copies of such a program, whether 35 | gratis or for a fee, you must pass on to the recipients the same 36 | freedoms that you received. You must make sure that they, too, receive 37 | or can get the source code. And you must show them these terms so they 38 | know their rights. 39 | 40 | Developers that use the GNU GPL protect your rights with two steps: 41 | (1) assert copyright on the software, and (2) offer you this License 42 | giving you legal permission to copy, distribute and/or modify it. 43 | 44 | For the developers' and authors' protection, the GPL clearly explains 45 | that there is no warranty for this free software. For both users' and 46 | authors' sake, the GPL requires that modified versions be marked as 47 | changed, so that their problems will not be attributed erroneously to 48 | authors of previous versions. 49 | 50 | Some devices are designed to deny users access to install or run 51 | modified versions of the software inside them, although the manufacturer 52 | can do so. This is fundamentally incompatible with the aim of 53 | protecting users' freedom to change the software. The systematic 54 | pattern of such abuse occurs in the area of products for individuals to 55 | use, which is precisely where it is most unacceptable. Therefore, we 56 | have designed this version of the GPL to prohibit the practice for those 57 | products. If such problems arise substantially in other domains, we 58 | stand ready to extend this provision to those domains in future versions 59 | of the GPL, as needed to protect the freedom of users. 60 | 61 | Finally, every program is threatened constantly by software patents. 62 | States should not allow patents to restrict development and use of 63 | software on general-purpose computers, but in those that do, we wish to 64 | avoid the special danger that patents applied to a free program could 65 | make it effectively proprietary. To prevent this, the GPL assures that 66 | patents cannot be used to render the program non-free. 67 | 68 | The precise terms and conditions for copying, distribution and 69 | modification follow. 70 | 71 | TERMS AND CONDITIONS 72 | 73 | 0. Definitions. 74 | 75 | "This License" refers to version 3 of the GNU General Public License. 76 | 77 | "Copyright" also means copyright-like laws that apply to other kinds of 78 | works, such as semiconductor masks. 79 | 80 | "The Program" refers to any copyrightable work licensed under this 81 | License. Each licensee is addressed as "you". "Licensees" and 82 | "recipients" may be individuals or organizations. 83 | 84 | To "modify" a work means to copy from or adapt all or part of the work 85 | in a fashion requiring copyright permission, other than the making of an 86 | exact copy. The resulting work is called a "modified version" of the 87 | earlier work or a work "based on" the earlier work. 88 | 89 | A "covered work" means either the unmodified Program or a work based 90 | on the Program. 91 | 92 | To "propagate" a work means to do anything with it that, without 93 | permission, would make you directly or secondarily liable for 94 | infringement under applicable copyright law, except executing it on a 95 | computer or modifying a private copy. Propagation includes copying, 96 | distribution (with or without modification), making available to the 97 | public, and in some countries other activities as well. 98 | 99 | To "convey" a work means any kind of propagation that enables other 100 | parties to make or receive copies. Mere interaction with a user through 101 | a computer network, with no transfer of a copy, is not conveying. 102 | 103 | An interactive user interface displays "Appropriate Legal Notices" 104 | to the extent that it includes a convenient and prominently visible 105 | feature that (1) displays an appropriate copyright notice, and (2) 106 | tells the user that there is no warranty for the work (except to the 107 | extent that warranties are provided), that licensees may convey the 108 | work under this License, and how to view a copy of this License. If 109 | the interface presents a list of user commands or options, such as a 110 | menu, a prominent item in the list meets this criterion. 111 | 112 | 1. Source Code. 113 | 114 | The "source code" for a work means the preferred form of the work 115 | for making modifications to it. "Object code" means any non-source 116 | form of a work. 117 | 118 | A "Standard Interface" means an interface that either is an official 119 | standard defined by a recognized standards body, or, in the case of 120 | interfaces specified for a particular programming language, one that 121 | is widely used among developers working in that language. 122 | 123 | The "System Libraries" of an executable work include anything, other 124 | than the work as a whole, that (a) is included in the normal form of 125 | packaging a Major Component, but which is not part of that Major 126 | Component, and (b) serves only to enable use of the work with that 127 | Major Component, or to implement a Standard Interface for which an 128 | implementation is available to the public in source code form. A 129 | "Major Component", in this context, means a major essential component 130 | (kernel, window system, and so on) of the specific operating system 131 | (if any) on which the executable work runs, or a compiler used to 132 | produce the work, or an object code interpreter used to run it. 133 | 134 | The "Corresponding Source" for a work in object code form means all 135 | the source code needed to generate, install, and (for an executable 136 | work) run the object code and to modify the work, including scripts to 137 | control those activities. However, it does not include the work's 138 | System Libraries, or general-purpose tools or generally available free 139 | programs which are used unmodified in performing those activities but 140 | which are not part of the work. For example, Corresponding Source 141 | includes interface definition files associated with source files for 142 | the work, and the source code for shared libraries and dynamically 143 | linked subprograms that the work is specifically designed to require, 144 | such as by intimate data communication or control flow between those 145 | subprograms and other parts of the work. 146 | 147 | The Corresponding Source need not include anything that users 148 | can regenerate automatically from other parts of the Corresponding 149 | Source. 150 | 151 | The Corresponding Source for a work in source code form is that 152 | same work. 153 | 154 | 2. Basic Permissions. 155 | 156 | All rights granted under this License are granted for the term of 157 | copyright on the Program, and are irrevocable provided the stated 158 | conditions are met. This License explicitly affirms your unlimited 159 | permission to run the unmodified Program. The output from running a 160 | covered work is covered by this License only if the output, given its 161 | content, constitutes a covered work. This License acknowledges your 162 | rights of fair use or other equivalent, as provided by copyright law. 163 | 164 | You may make, run and propagate covered works that you do not 165 | convey, without conditions so long as your license otherwise remains 166 | in force. You may convey covered works to others for the sole purpose 167 | of having them make modifications exclusively for you, or provide you 168 | with facilities for running those works, provided that you comply with 169 | the terms of this License in conveying all material for which you do 170 | not control copyright. Those thus making or running the covered works 171 | for you must do so exclusively on your behalf, under your direction 172 | and control, on terms that prohibit them from making any copies of 173 | your copyrighted material outside their relationship with you. 174 | 175 | Conveying under any other circumstances is permitted solely under 176 | the conditions stated below. Sublicensing is not allowed; section 10 177 | makes it unnecessary. 178 | 179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 180 | 181 | No covered work shall be deemed part of an effective technological 182 | measure under any applicable law fulfilling obligations under article 183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 184 | similar laws prohibiting or restricting circumvention of such 185 | measures. 186 | 187 | When you convey a covered work, you waive any legal power to forbid 188 | circumvention of technological measures to the extent such circumvention 189 | is effected by exercising rights under this License with respect to 190 | the covered work, and you disclaim any intention to limit operation or 191 | modification of the work as a means of enforcing, against the work's 192 | users, your or third parties' legal rights to forbid circumvention of 193 | technological measures. 194 | 195 | 4. Conveying Verbatim Copies. 196 | 197 | You may convey verbatim copies of the Program's source code as you 198 | receive it, in any medium, provided that you conspicuously and 199 | appropriately publish on each copy an appropriate copyright notice; 200 | keep intact all notices stating that this License and any 201 | non-permissive terms added in accord with section 7 apply to the code; 202 | keep intact all notices of the absence of any warranty; and give all 203 | recipients a copy of this License along with the Program. 204 | 205 | You may charge any price or no price for each copy that you convey, 206 | and you may offer support or warranty protection for a fee. 207 | 208 | 5. Conveying Modified Source Versions. 209 | 210 | You may convey a work based on the Program, or the modifications to 211 | produce it from the Program, in the form of source code under the 212 | terms of section 4, provided that you also meet all of these conditions: 213 | 214 | a) The work must carry prominent notices stating that you modified 215 | it, and giving a relevant date. 216 | 217 | b) The work must carry prominent notices stating that it is 218 | released under this License and any conditions added under section 219 | 7. This requirement modifies the requirement in section 4 to 220 | "keep intact all notices". 221 | 222 | c) You must license the entire work, as a whole, under this 223 | License to anyone who comes into possession of a copy. This 224 | License will therefore apply, along with any applicable section 7 225 | additional terms, to the whole of the work, and all its parts, 226 | regardless of how they are packaged. This License gives no 227 | permission to license the work in any other way, but it does not 228 | invalidate such permission if you have separately received it. 229 | 230 | d) If the work has interactive user interfaces, each must display 231 | Appropriate Legal Notices; however, if the Program has interactive 232 | interfaces that do not display Appropriate Legal Notices, your 233 | work need not make them do so. 234 | 235 | A compilation of a covered work with other separate and independent 236 | works, which are not by their nature extensions of the covered work, 237 | and which are not combined with it such as to form a larger program, 238 | in or on a volume of a storage or distribution medium, is called an 239 | "aggregate" if the compilation and its resulting copyright are not 240 | used to limit the access or legal rights of the compilation's users 241 | beyond what the individual works permit. Inclusion of a covered work 242 | in an aggregate does not cause this License to apply to the other 243 | parts of the aggregate. 244 | 245 | 6. Conveying Non-Source Forms. 246 | 247 | You may convey a covered work in object code form under the terms 248 | of sections 4 and 5, provided that you also convey the 249 | machine-readable Corresponding Source under the terms of this License, 250 | in one of these ways: 251 | 252 | a) Convey the object code in, or embodied in, a physical product 253 | (including a physical distribution medium), accompanied by the 254 | Corresponding Source fixed on a durable physical medium 255 | customarily used for software interchange. 256 | 257 | b) Convey the object code in, or embodied in, a physical product 258 | (including a physical distribution medium), accompanied by a 259 | written offer, valid for at least three years and valid for as 260 | long as you offer spare parts or customer support for that product 261 | model, to give anyone who possesses the object code either (1) a 262 | copy of the Corresponding Source for all the software in the 263 | product that is covered by this License, on a durable physical 264 | medium customarily used for software interchange, for a price no 265 | more than your reasonable cost of physically performing this 266 | conveying of source, or (2) access to copy the 267 | Corresponding Source from a network server at no charge. 268 | 269 | c) Convey individual copies of the object code with a copy of the 270 | written offer to provide the Corresponding Source. This 271 | alternative is allowed only occasionally and noncommercially, and 272 | only if you received the object code with such an offer, in accord 273 | with subsection 6b. 274 | 275 | d) Convey the object code by offering access from a designated 276 | place (gratis or for a charge), and offer equivalent access to the 277 | Corresponding Source in the same way through the same place at no 278 | further charge. You need not require recipients to copy the 279 | Corresponding Source along with the object code. If the place to 280 | copy the object code is a network server, the Corresponding Source 281 | may be on a different server (operated by you or a third party) 282 | that supports equivalent copying facilities, provided you maintain 283 | clear directions next to the object code saying where to find the 284 | Corresponding Source. Regardless of what server hosts the 285 | Corresponding Source, you remain obligated to ensure that it is 286 | available for as long as needed to satisfy these requirements. 287 | 288 | e) Convey the object code using peer-to-peer transmission, provided 289 | you inform other peers where the object code and Corresponding 290 | Source of the work are being offered to the general public at no 291 | charge under subsection 6d. 292 | 293 | A separable portion of the object code, whose source code is excluded 294 | from the Corresponding Source as a System Library, need not be 295 | included in conveying the object code work. 296 | 297 | A "User Product" is either (1) a "consumer product", which means any 298 | tangible personal property which is normally used for personal, family, 299 | or household purposes, or (2) anything designed or sold for incorporation 300 | into a dwelling. In determining whether a product is a consumer product, 301 | doubtful cases shall be resolved in favor of coverage. For a particular 302 | product received by a particular user, "normally used" refers to a 303 | typical or common use of that class of product, regardless of the status 304 | of the particular user or of the way in which the particular user 305 | actually uses, or expects or is expected to use, the product. A product 306 | is a consumer product regardless of whether the product has substantial 307 | commercial, industrial or non-consumer uses, unless such uses represent 308 | the only significant mode of use of the product. 309 | 310 | "Installation Information" for a User Product means any methods, 311 | procedures, authorization keys, or other information required to install 312 | and execute modified versions of a covered work in that User Product from 313 | a modified version of its Corresponding Source. The information must 314 | suffice to ensure that the continued functioning of the modified object 315 | code is in no case prevented or interfered with solely because 316 | modification has been made. 317 | 318 | If you convey an object code work under this section in, or with, or 319 | specifically for use in, a User Product, and the conveying occurs as 320 | part of a transaction in which the right of possession and use of the 321 | User Product is transferred to the recipient in perpetuity or for a 322 | fixed term (regardless of how the transaction is characterized), the 323 | Corresponding Source conveyed under this section must be accompanied 324 | by the Installation Information. But this requirement does not apply 325 | if neither you nor any third party retains the ability to install 326 | modified object code on the User Product (for example, the work has 327 | been installed in ROM). 328 | 329 | The requirement to provide Installation Information does not include a 330 | requirement to continue to provide support service, warranty, or updates 331 | for a work that has been modified or installed by the recipient, or for 332 | the User Product in which it has been modified or installed. Access to a 333 | network may be denied when the modification itself materially and 334 | adversely affects the operation of the network or violates the rules and 335 | protocols for communication across the network. 336 | 337 | Corresponding Source conveyed, and Installation Information provided, 338 | in accord with this section must be in a format that is publicly 339 | documented (and with an implementation available to the public in 340 | source code form), and must require no special password or key for 341 | unpacking, reading or copying. 342 | 343 | 7. Additional Terms. 344 | 345 | "Additional permissions" are terms that supplement the terms of this 346 | License by making exceptions from one or more of its conditions. 347 | Additional permissions that are applicable to the entire Program shall 348 | be treated as though they were included in this License, to the extent 349 | that they are valid under applicable law. If additional permissions 350 | apply only to part of the Program, that part may be used separately 351 | under those permissions, but the entire Program remains governed by 352 | this License without regard to the additional permissions. 353 | 354 | When you convey a copy of a covered work, you may at your option 355 | remove any additional permissions from that copy, or from any part of 356 | it. (Additional permissions may be written to require their own 357 | removal in certain cases when you modify the work.) You may place 358 | additional permissions on material, added by you to a covered work, 359 | for which you have or can give appropriate copyright permission. 360 | 361 | Notwithstanding any other provision of this License, for material you 362 | add to a covered work, you may (if authorized by the copyright holders of 363 | that material) supplement the terms of this License with terms: 364 | 365 | a) Disclaiming warranty or limiting liability differently from the 366 | terms of sections 15 and 16 of this License; or 367 | 368 | b) Requiring preservation of specified reasonable legal notices or 369 | author attributions in that material or in the Appropriate Legal 370 | Notices displayed by works containing it; or 371 | 372 | c) Prohibiting misrepresentation of the origin of that material, or 373 | requiring that modified versions of such material be marked in 374 | reasonable ways as different from the original version; or 375 | 376 | d) Limiting the use for publicity purposes of names of licensors or 377 | authors of the material; or 378 | 379 | e) Declining to grant rights under trademark law for use of some 380 | trade names, trademarks, or service marks; or 381 | 382 | f) Requiring indemnification of licensors and authors of that 383 | material by anyone who conveys the material (or modified versions of 384 | it) with contractual assumptions of liability to the recipient, for 385 | any liability that these contractual assumptions directly impose on 386 | those licensors and authors. 387 | 388 | All other non-permissive additional terms are considered "further 389 | restrictions" within the meaning of section 10. If the Program as you 390 | received it, or any part of it, contains a notice stating that it is 391 | governed by this License along with a term that is a further 392 | restriction, you may remove that term. If a license document contains 393 | a further restriction but permits relicensing or conveying under this 394 | License, you may add to a covered work material governed by the terms 395 | of that license document, provided that the further restriction does 396 | not survive such relicensing or conveying. 397 | 398 | If you add terms to a covered work in accord with this section, you 399 | must place, in the relevant source files, a statement of the 400 | additional terms that apply to those files, or a notice indicating 401 | where to find the applicable terms. 402 | 403 | Additional terms, permissive or non-permissive, may be stated in the 404 | form of a separately written license, or stated as exceptions; 405 | the above requirements apply either way. 406 | 407 | 8. Termination. 408 | 409 | You may not propagate or modify a covered work except as expressly 410 | provided under this License. Any attempt otherwise to propagate or 411 | modify it is void, and will automatically terminate your rights under 412 | this License (including any patent licenses granted under the third 413 | paragraph of section 11). 414 | 415 | However, if you cease all violation of this License, then your 416 | license from a particular copyright holder is reinstated (a) 417 | provisionally, unless and until the copyright holder explicitly and 418 | finally terminates your license, and (b) permanently, if the copyright 419 | holder fails to notify you of the violation by some reasonable means 420 | prior to 60 days after the cessation. 421 | 422 | Moreover, your license from a particular copyright holder is 423 | reinstated permanently if the copyright holder notifies you of the 424 | violation by some reasonable means, this is the first time you have 425 | received notice of violation of this License (for any work) from that 426 | copyright holder, and you cure the violation prior to 30 days after 427 | your receipt of the notice. 428 | 429 | Termination of your rights under this section does not terminate the 430 | licenses of parties who have received copies or rights from you under 431 | this License. If your rights have been terminated and not permanently 432 | reinstated, you do not qualify to receive new licenses for the same 433 | material under section 10. 434 | 435 | 9. Acceptance Not Required for Having Copies. 436 | 437 | You are not required to accept this License in order to receive or 438 | run a copy of the Program. Ancillary propagation of a covered work 439 | occurring solely as a consequence of using peer-to-peer transmission 440 | to receive a copy likewise does not require acceptance. However, 441 | nothing other than this License grants you permission to propagate or 442 | modify any covered work. These actions infringe copyright if you do 443 | not accept this License. Therefore, by modifying or propagating a 444 | covered work, you indicate your acceptance of this License to do so. 445 | 446 | 10. Automatic Licensing of Downstream Recipients. 447 | 448 | Each time you convey a covered work, the recipient automatically 449 | receives a license from the original licensors, to run, modify and 450 | propagate that work, subject to this License. You are not responsible 451 | for enforcing compliance by third parties with this License. 452 | 453 | An "entity transaction" is a transaction transferring control of an 454 | organization, or substantially all assets of one, or subdividing an 455 | organization, or merging organizations. If propagation of a covered 456 | work results from an entity transaction, each party to that 457 | transaction who receives a copy of the work also receives whatever 458 | licenses to the work the party's predecessor in interest had or could 459 | give under the previous paragraph, plus a right to possession of the 460 | Corresponding Source of the work from the predecessor in interest, if 461 | the predecessor has it or can get it with reasonable efforts. 462 | 463 | You may not impose any further restrictions on the exercise of the 464 | rights granted or affirmed under this License. For example, you may 465 | not impose a license fee, royalty, or other charge for exercise of 466 | rights granted under this License, and you may not initiate litigation 467 | (including a cross-claim or counterclaim in a lawsuit) alleging that 468 | any patent claim is infringed by making, using, selling, offering for 469 | sale, or importing the Program or any portion of it. 470 | 471 | 11. Patents. 472 | 473 | A "contributor" is a copyright holder who authorizes use under this 474 | License of the Program or a work on which the Program is based. The 475 | work thus licensed is called the contributor's "contributor version". 476 | 477 | A contributor's "essential patent claims" are all patent claims 478 | owned or controlled by the contributor, whether already acquired or 479 | hereafter acquired, that would be infringed by some manner, permitted 480 | by this License, of making, using, or selling its contributor version, 481 | but do not include claims that would be infringed only as a 482 | consequence of further modification of the contributor version. For 483 | purposes of this definition, "control" includes the right to grant 484 | patent sublicenses in a manner consistent with the requirements of 485 | this License. 486 | 487 | Each contributor grants you a non-exclusive, worldwide, royalty-free 488 | patent license under the contributor's essential patent claims, to 489 | make, use, sell, offer for sale, import and otherwise run, modify and 490 | propagate the contents of its contributor version. 491 | 492 | In the following three paragraphs, a "patent license" is any express 493 | agreement or commitment, however denominated, not to enforce a patent 494 | (such as an express permission to practice a patent or covenant not to 495 | sue for patent infringement). To "grant" such a patent license to a 496 | party means to make such an agreement or commitment not to enforce a 497 | patent against the party. 498 | 499 | If you convey a covered work, knowingly relying on a patent license, 500 | and the Corresponding Source of the work is not available for anyone 501 | to copy, free of charge and under the terms of this License, through a 502 | publicly available network server or other readily accessible means, 503 | then you must either (1) cause the Corresponding Source to be so 504 | available, or (2) arrange to deprive yourself of the benefit of the 505 | patent license for this particular work, or (3) arrange, in a manner 506 | consistent with the requirements of this License, to extend the patent 507 | license to downstream recipients. "Knowingly relying" means you have 508 | actual knowledge that, but for the patent license, your conveying the 509 | covered work in a country, or your recipient's use of the covered work 510 | in a country, would infringe one or more identifiable patents in that 511 | country that you have reason to believe are valid. 512 | 513 | If, pursuant to or in connection with a single transaction or 514 | arrangement, you convey, or propagate by procuring conveyance of, a 515 | covered work, and grant a patent license to some of the parties 516 | receiving the covered work authorizing them to use, propagate, modify 517 | or convey a specific copy of the covered work, then the patent license 518 | you grant is automatically extended to all recipients of the covered 519 | work and works based on it. 520 | 521 | A patent license is "discriminatory" if it does not include within 522 | the scope of its coverage, prohibits the exercise of, or is 523 | conditioned on the non-exercise of one or more of the rights that are 524 | specifically granted under this License. You may not convey a covered 525 | work if you are a party to an arrangement with a third party that is 526 | in the business of distributing software, under which you make payment 527 | to the third party based on the extent of your activity of conveying 528 | the work, and under which the third party grants, to any of the 529 | parties who would receive the covered work from you, a discriminatory 530 | patent license (a) in connection with copies of the covered work 531 | conveyed by you (or copies made from those copies), or (b) primarily 532 | for and in connection with specific products or compilations that 533 | contain the covered work, unless you entered into that arrangement, 534 | or that patent license was granted, prior to 28 March 2007. 535 | 536 | Nothing in this License shall be construed as excluding or limiting 537 | any implied license or other defenses to infringement that may 538 | otherwise be available to you under applicable patent law. 539 | 540 | 12. No Surrender of Others' Freedom. 541 | 542 | If conditions are imposed on you (whether by court order, agreement or 543 | otherwise) that contradict the conditions of this License, they do not 544 | excuse you from the conditions of this License. If you cannot convey a 545 | covered work so as to satisfy simultaneously your obligations under this 546 | License and any other pertinent obligations, then as a consequence you may 547 | not convey it at all. For example, if you agree to terms that obligate you 548 | to collect a royalty for further conveying from those to whom you convey 549 | the Program, the only way you could satisfy both those terms and this 550 | License would be to refrain entirely from conveying the Program. 551 | 552 | 13. Use with the GNU Affero General Public License. 553 | 554 | Notwithstanding any other provision of this License, you have 555 | permission to link or combine any covered work with a work licensed 556 | under version 3 of the GNU Affero General Public License into a single 557 | combined work, and to convey the resulting work. The terms of this 558 | License will continue to apply to the part which is the covered work, 559 | but the special requirements of the GNU Affero General Public License, 560 | section 13, concerning interaction through a network will apply to the 561 | combination as such. 562 | 563 | 14. Revised Versions of this License. 564 | 565 | The Free Software Foundation may publish revised and/or new versions of 566 | the GNU General Public License from time to time. Such new versions will 567 | be similar in spirit to the present version, but may differ in detail to 568 | address new problems or concerns. 569 | 570 | Each version is given a distinguishing version number. If the 571 | Program specifies that a certain numbered version of the GNU General 572 | Public License "or any later version" applies to it, you have the 573 | option of following the terms and conditions either of that numbered 574 | version or of any later version published by the Free Software 575 | Foundation. If the Program does not specify a version number of the 576 | GNU General Public License, you may choose any version ever published 577 | by the Free Software Foundation. 578 | 579 | If the Program specifies that a proxy can decide which future 580 | versions of the GNU General Public License can be used, that proxy's 581 | public statement of acceptance of a version permanently authorizes you 582 | to choose that version for the Program. 583 | 584 | Later license versions may give you additional or different 585 | permissions. However, no additional obligations are imposed on any 586 | author or copyright holder as a result of your choosing to follow a 587 | later version. 588 | 589 | 15. Disclaimer of Warranty. 590 | 591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 599 | 600 | 16. Limitation of Liability. 601 | 602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 610 | SUCH DAMAGES. 611 | 612 | 17. Interpretation of Sections 15 and 16. 613 | 614 | If the disclaimer of warranty and limitation of liability provided 615 | above cannot be given local legal effect according to their terms, 616 | reviewing courts shall apply local law that most closely approximates 617 | an absolute waiver of all civil liability in connection with the 618 | Program, unless a warranty or assumption of liability accompanies a 619 | copy of the Program in return for a fee. 620 | 621 | 622 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | #--------------------------------------------------------------------------------- 2 | .SUFFIXES: 3 | #--------------------------------------------------------------------------------- 4 | ifeq ($(strip $(DEVKITARM)),) 5 | $(error "Please set DEVKITARM in your environment. export DEVKITARM=devkitARM) 6 | endif 7 | 8 | include $(DEVKITARM)/ds_rules 9 | 10 | export TARGET := NitroHax 11 | export TOPDIR := $(CURDIR) 12 | 13 | export VERSION_MAJOR := 0 14 | export VERSION_MINOR := 94 15 | export VERSTRING := $(VERSION_MAJOR).$(VERSION_MINOR) 16 | 17 | 18 | .PHONY: checkarm7 checkarm9 19 | 20 | #--------------------------------------------------------------------------------- 21 | # main targets 22 | #--------------------------------------------------------------------------------- 23 | all: $(TARGET).nds checkarm7 checkarm9 24 | 25 | #--------------------------------------------------------------------------------- 26 | checkarm7: 27 | $(MAKE) -C arm7 28 | 29 | #--------------------------------------------------------------------------------- 30 | checkarm9: 31 | $(MAKE) -C arm9 32 | 33 | $(TARGET).nds : arm7/$(TARGET).elf arm9/$(TARGET).elf 34 | ndstool -c $(TARGET).nds -7 arm7/$(TARGET).elf -9 arm9/$(TARGET).elf \ 35 | -b $(CURDIR)/icon.bmp "Nitro Hax;DS Game Cheat Tool;Created by Chishm" 36 | 37 | #--------------------------------------------------------------------------------- 38 | # Create boot loader and link raw binary into ARM9 ELF 39 | #--------------------------------------------------------------------------------- 40 | BootLoader/load.bin : BootLoader/source/* 41 | $(MAKE) -C BootLoader 42 | 43 | arm9/data/load.bin : BootLoader/load.bin 44 | mkdir -p $(@D) 45 | cp $< $@ 46 | 47 | #--------------------------------------------------------------------------------- 48 | arm9/source/version.h : Makefile 49 | @echo "#ifndef VERSION_H" > $@ 50 | @echo "#define VERSION_H" >> $@ 51 | @echo >> $@ 52 | @echo '#define VERSION_STRING "v'$(VERSION_MAJOR).$(VERSION_MINOR)'"' >> $@ 53 | @echo >> $@ 54 | @echo "#endif // VERSION_H" >> $@ 55 | 56 | #--------------------------------------------------------------------------------- 57 | arm7/$(TARGET).elf: 58 | $(MAKE) -C arm7 59 | 60 | #--------------------------------------------------------------------------------- 61 | arm9/$(TARGET).elf : arm9/data/load.bin arm9/source/version.h 62 | $(MAKE) -C arm9 63 | 64 | #--------------------------------------------------------------------------------- 65 | dist-bin : $(TARGET).nds README.md LICENSE 66 | zip -X -9 $(TARGET)_v$(VERSTRING).zip $^ 67 | 68 | dist-src : 69 | tar --exclude=*~ -cvjf $(TARGET)_src_v$(VERSTRING).tar.bz2 \ 70 | --transform 's,^,$(TARGET)/,' \ 71 | Makefile icon.bmp LICENSE README.md \ 72 | arm7/Makefile arm7/source \ 73 | arm9/Makefile arm9/source arm9/graphics \ 74 | BootLoader/Makefile BootLoader/load.ld BootLoader/source 75 | 76 | dist : dist-bin dist-src 77 | 78 | #--------------------------------------------------------------------------------- 79 | clean: 80 | $(MAKE) -C arm9 clean 81 | $(MAKE) -C arm7 clean 82 | $(MAKE) -C BootLoader clean 83 | rm -f arm9/data/load.bin 84 | rm -f $(TARGET).ds.gba $(TARGET).nds $(TARGET).arm7 $(TARGET).arm9 85 | -------------------------------------------------------------------------------- /NitroHax_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chishm/nitrohax/c5b68b31a833d8aece47efe80594dde59e906332/NitroHax_screen.png -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Nitro Hax 2 | ========= 3 | 4 | By Chishm 5 | 6 | Nitro Hax is a cheat tool for the Nintendo DS. 7 | It works with original games only. 8 | 9 | The newest release is available to 10 | [download](https://www.chishm.com/NitroHax/NitroHax.zip) from the 11 | [Nitro Hax web page](https://www.chishm.com/NitroHax/index.html). 12 | 13 | Usage 14 | ===== 15 | 16 | 1. Patch NitroHax.nds with a DLDI file if you need to. 17 | 2. Copy the NitroHax.nds file to your media device. 18 | 3. Place an Action Replay XML file on your media device. 19 | 4. Start NitroHax.nds from your media device 20 | 1. One of the following will be loaded automatically if it is found (in order 21 | of preference): 22 | * "cheats.xml" in the current directory 23 | * "/NitroHax/cheats.xml" 24 | * "/data/NitroHax/cheats.xml" 25 | * "/cheats.xml" 26 | 2. If no file is found, browse for and select a file to open. 27 | 5. Remove your media device if you want to. 28 | 6. Remove any card that is in Slot-1 29 | 7. Insert the DS game into Slot-1 30 | 8. Choose the cheats you want to enable. 31 | 1. Some cheats are enabled by default and others may be always on. This is 32 | specified in the XML file. 33 | 2. The keys are: 34 | * **A**: Open a folder or toggle a cheat enabled 35 | * **B**: Go up a folder or exit the cheat menu if at the top level 36 | * **X**: Enable all cheats in current folder 37 | * **Y**: Disable all cheats in current folder 38 | * **L**: Move up half a screen 39 | * **R**: Move down half a screen 40 | * **Up**: Move up one line 41 | * **Down**: Move down one line 42 | * **Start**: Start the game 43 | 9. When you are done, exit the cheat menu. 44 | 10. The game will then start with cheats running. 45 | 46 | 47 | Copyright 48 | ========= 49 | 50 | Copyright (C) 2008 Michael "Chishm" Chisholm 51 | 52 | This program is free software: you can redistribute it and/or modify 53 | it under the terms of the GNU General Public License as published by 54 | the Free Software Foundation, either version 3 of the License, or 55 | (at your option) any later version. 56 | 57 | This program is distributed in the hope that it will be useful, 58 | but WITHOUT ANY WARRANTY; without even the implied warranty of 59 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 60 | GNU General Public License for more details. 61 | 62 | You should have received a copy of the GNU General Public License 63 | along with this program. If not, see . 64 | 65 | 66 | Acknowledgements 67 | ================ 68 | 69 | Thanks to (in no particular order): 70 | * Pink-Lightning - Original skin (v0.5-0.82) 71 | * bLAStY - Memory dumps 72 | * cReDiAr - Last crucial step for running DS Cards 73 | * Parasyte - Tips for hooking the game automatically 74 | * kenobi - Action Replay code document 75 | * Darkain - Memory and cache clearing code 76 | * Martin Korth - GBAtek 77 | * Deathwind / WinterMute - File menu code (v0.2 - v0.4) 78 | * WinterMute - dslink source, reset code 79 | * Everyone else who helped me along the way 80 | 81 | Big thanks to Datel (CodeJunkies) for creating the original Action Replay and 82 | its cheats. 83 | 84 | 85 | Custom Code Types 86 | ================= 87 | 88 | In addition to the standard Action Replay DS code types described on 89 | [EnHacklopedia's Action Replay DS page](http://doc.kodewerx.org/hacking_nds.html#arcodetypes), 90 | Nitro Hax supports the following custom codes. 91 | 92 | `CF000000 00000000`: Code list end 93 | ---------------------------------- 94 | Code used internally to specify the end of the cheat code list. It does not need 95 | to be specified manually. 96 | 97 | `CF000001 xxxxxxxx`: Relocate cheat engine 98 | ------------------------------------------ 99 | Relocate the cheat engine to address `xxxxxxxx`. The cheat engine and all data 100 | are moved to the given address, which should be accessible from the ARM7. 101 | 102 | `CF000002 xxxxxxxx`: Hook address 103 | --------------------------------- 104 | Change the hook address to `xxxxxxxx`. The hook should be a function pointer 105 | that is called regularly. By default the ARM7's VBlank interrupt handler is 106 | hooked. This code overrides the default. 107 | 108 | `C100000x yyyyyyyy`: Call function with arguments 109 | ------------------------------------------------- 110 | Call a function with between 0 and 4 arguments. The argument list follows this 111 | code, which has the parameters: 112 | * `x`: Number of arguments (0 - 4) 113 | * `yyyyyyyy`: Address of function 114 | 115 | For example, to call a function at `0x02049A48` with the three arguments 116 | `r0 = 0x00000010`, `r1 = 0x134CBA9C`, and `r2 = 0x12345678`, you would use: 117 | ``` 118 | C1000003 02049A48 119 | 00000010 134CBA9C 120 | 12345678 00000000 121 | ``` 122 | 123 | `C200000x yyyyyyyy`: Run ARM/THUMB code 124 | --------------------------------------- 125 | Run ARM or THUMB code stored in the cheat list. 126 | * `x`: `0` = ARM mode, `1` = THUMB mode 127 | * `yyyyyyyy`: length of function in bytes 128 | 129 | For example: 130 | ``` 131 | C2000000 00000010 132 | AAAAAAAA BBBBBBBB 133 | CCCCCCCC E12FFF1E 134 | ``` 135 | This will run the code `AAAAAAAA BBBBBBBB CCCCCCCC` in ARM mode. 136 | The `E12FFF1E` (`bx lr`) is needed at the end to return to the cheat engine. 137 | 138 | The above instructions are based on those written by kenobi. 139 | 140 | `C4000000 xxxxxxxx`: Scratch space 141 | ---------------------------------- 142 | Provide 4 bytes of scratch space to safely store data. Sets the offset register 143 | to point to the first word of this code. Storing data at `[offset+4]` will save 144 | over the top of `xxxxxxxx`. 145 | 146 | This is based on a Trainer Toolkit code. 147 | 148 | `C5000000 xxxxyyyy`: Counter 149 | ---------------------------- 150 | Each time the cheat engine is executed, the counter is incremented by 1. 151 | If `(counter & yyyy) == xxxx` then execution status is set to true, else it is 152 | set to false. 153 | 154 | This is based on a Trainer Toolkit code. 155 | 156 | `C6000000 xxxxxxxx`: Store offset 157 | --------------------------------- 158 | Stores the offset register to the address `xxxxxxxx`. 159 | 160 | This is based on a Trainer Toolkit code. 161 | 162 | `D400000x yyyyyyyy`: Dx Data operation 163 | -------------------------------------- 164 | Performs the operation `Data = Data ? yyyyyyyy` where `?` is determined by `x` 165 | as follows: 166 | * `0`: add 167 | * `1`: or 168 | * `2`: and 169 | * `3`: xor 170 | * `4`: logical shift left 171 | * `5`: logical shift right 172 | * `6`: rotate right 173 | * `7`: arithmetic shift right 174 | * `8`: multiply 175 | 176 | If-type codes 177 | ------------- 178 | For codes begining with `3`-`9` or `A` (if-type codes), the offset register can 179 | be used for address calculations. If the lowest bit of the code's address is set 180 | then the offset is added to the address. If the address is `0x00000000` then the 181 | offset is used instead. 182 | 183 | For example, if the code `32009001 00001000` is run and the offset register is 184 | currently `0x000000AC`, then: 185 | 1. the address is taken from the first code word as `0x02009000`, 186 | 2. the offset is added (because the lowest bit of the first codeword is set to 187 | `1`) to give an address of `0x020090AC`, 188 | 3. the memory at address `0x020090AC` is read, and the value compared to 189 | `0x00001000` (the second codeword). 190 | 4. Now (since the code starts with `3`) if the codeword value is greater than 191 | the value read from memory, then the rest of the codes in the list will be 192 | executed, otherwise they will be skipped until the next `D0000000 00000000` code 193 | is reached. 194 | -------------------------------------------------------------------------------- /arm7/Makefile: -------------------------------------------------------------------------------- 1 | #--------------------------------------------------------------------------------- 2 | .SUFFIXES: 3 | #--------------------------------------------------------------------------------- 4 | ifeq ($(strip $(DEVKITARM)),) 5 | $(error "Please set DEVKITARM in your environment. export DEVKITARM=devkitARM") 6 | endif 7 | 8 | include $(DEVKITARM)/ds_rules 9 | 10 | #--------------------------------------------------------------------------------- 11 | # BUILD is the directory where object files & intermediate files will be placed 12 | # SOURCES is a list of directories containing source code 13 | # INCLUDES is a list of directories containing extra header files 14 | # DATA is a list of directories containing binary files 15 | # all directories are relative to this makefile 16 | #--------------------------------------------------------------------------------- 17 | BUILD := build 18 | SOURCES := source 19 | INCLUDES := include build 20 | DATA := 21 | 22 | #--------------------------------------------------------------------------------- 23 | # options for code generation 24 | #--------------------------------------------------------------------------------- 25 | ARCH := -mthumb-interwork -march=armv4t -mtune=arm7tdmi 26 | 27 | CFLAGS := -g -Wall -O2\ 28 | -fomit-frame-pointer\ 29 | -ffast-math \ 30 | -Wall -Wextra -Werror \ 31 | $(ARCH) 32 | 33 | CFLAGS += $(INCLUDE) -DARM7 34 | CXXFLAGS := $(CFLAGS) -fno-rtti -fno-exceptions -fno-rtti 35 | 36 | 37 | ASFLAGS := -g $(ARCH) $(INCLUDE) 38 | LDFLAGS = -specs=ds_arm7.specs -g $(ARCH) -Wl,-Map,$(notdir $*).map 39 | 40 | LIBS := -lnds7 41 | 42 | #--------------------------------------------------------------------------------- 43 | # list of directories containing libraries, this must be the top level containing 44 | # include and lib 45 | #--------------------------------------------------------------------------------- 46 | LIBDIRS := $(LIBNDS) 47 | 48 | 49 | #--------------------------------------------------------------------------------- 50 | # no real need to edit anything past this point unless you need to add additional 51 | # rules for different file extensions 52 | #--------------------------------------------------------------------------------- 53 | ifneq ($(BUILD),$(notdir $(CURDIR))) 54 | #--------------------------------------------------------------------------------- 55 | 56 | export ARM7ELF := $(CURDIR)/$(TARGET).elf 57 | export DEPSDIR := $(CURDIR)/$(BUILD) 58 | 59 | export VPATH := $(foreach dir,$(SOURCES),$(CURDIR)/$(dir)) 60 | 61 | CFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.c))) 62 | CPPFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.cpp))) 63 | SFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.s))) 64 | BINFILES := $(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.*))) 65 | 66 | export OFILES := $(addsuffix .o,$(BINFILES)) \ 67 | $(CPPFILES:.cpp=.o) $(CFILES:.c=.o) $(SFILES:.s=.o) 68 | 69 | export INCLUDE := $(foreach dir,$(INCLUDES),-I$(CURDIR)/$(dir)) \ 70 | $(foreach dir,$(LIBDIRS),-I$(dir)/include) \ 71 | -I$(CURDIR)/$(BUILD) 72 | 73 | export LIBPATHS := $(foreach dir,$(LIBDIRS),-L$(dir)/lib) 74 | 75 | #--------------------------------------------------------------------------------- 76 | # use CXX for linking C++ projects, CC for standard C 77 | #--------------------------------------------------------------------------------- 78 | ifeq ($(strip $(CPPFILES)),) 79 | #--------------------------------------------------------------------------------- 80 | export LD := $(CC) 81 | #--------------------------------------------------------------------------------- 82 | else 83 | #--------------------------------------------------------------------------------- 84 | export LD := $(CXX) 85 | #--------------------------------------------------------------------------------- 86 | endif 87 | #--------------------------------------------------------------------------------- 88 | 89 | .PHONY: $(BUILD) clean 90 | 91 | #--------------------------------------------------------------------------------- 92 | $(BUILD): 93 | @[ -d $@ ] || mkdir -p $@ 94 | @make --no-print-directory -C $(BUILD) -f $(CURDIR)/Makefile 95 | 96 | #--------------------------------------------------------------------------------- 97 | clean: 98 | @echo clean ... 99 | @rm -fr $(BUILD) *.elf 100 | 101 | 102 | #--------------------------------------------------------------------------------- 103 | else 104 | 105 | DEPENDS := $(OFILES:.o=.d) 106 | 107 | #--------------------------------------------------------------------------------- 108 | # main targets 109 | #--------------------------------------------------------------------------------- 110 | $(ARM7ELF) : $(OFILES) 111 | @echo linking $(notdir $@) 112 | @$(LD) $(LDFLAGS) $(OFILES) $(LIBPATHS) $(LIBS) -o $@ 113 | 114 | 115 | #--------------------------------------------------------------------------------- 116 | # you need a rule like this for each extension you use as binary data 117 | #--------------------------------------------------------------------------------- 118 | %.bin.o : %.bin 119 | #--------------------------------------------------------------------------------- 120 | @echo $(notdir $<) 121 | @$(bin2o) 122 | 123 | -include $(DEPENDS) 124 | 125 | #--------------------------------------------------------------------------------------- 126 | endif 127 | #--------------------------------------------------------------------------------------- 128 | -------------------------------------------------------------------------------- /arm7/source/cheat_engine_arm7.c: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #include 20 | 21 | void runCheatEngineCheck (void) 22 | { 23 | if(*((vu32*)0x027FFE24) == (u32)0x027FFE04) 24 | { 25 | irqDisable (IRQ_ALL); 26 | *((vu32*)0x027FFE34) = (u32)0x06000000; 27 | swiSoftReset(); 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /arm7/source/cheat_engine_arm7.h: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #ifndef CHEAT_ENGINE_ARM7_H 20 | #define CHEAT_ENGINE_ARM7_H 21 | 22 | 23 | #ifdef __cplusplus 24 | extern "C" { 25 | #endif 26 | 27 | 28 | void runCheatEngineCheck (void); 29 | 30 | 31 | #ifdef __cplusplus 32 | } 33 | #endif 34 | 35 | #endif // CHEAT_ENGINE_ARM7_H 36 | -------------------------------------------------------------------------------- /arm7/source/main.c: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #include 20 | #include 21 | #include 22 | 23 | #include "cheat_engine_arm7.h" 24 | 25 | 26 | void VcountHandler() { 27 | inputGetAndSend(); 28 | } 29 | 30 | void VblankHandler(void) { 31 | } 32 | 33 | //--------------------------------------------------------------------------------- 34 | int main(void) { 35 | //--------------------------------------------------------------------------------- 36 | 37 | irqInit(); 38 | fifoInit(); 39 | 40 | // read User Settings from firmware 41 | readUserSettings(); 42 | 43 | // Start the RTC tracking IRQ 44 | initClockIRQ(); 45 | 46 | SetYtrigger(80); 47 | 48 | installSystemFIFO(); 49 | 50 | irqSet(IRQ_VCOUNT, VcountHandler); 51 | irqSet(IRQ_VBLANK, VblankHandler); 52 | 53 | irqEnable( IRQ_VBLANK | IRQ_VCOUNT); 54 | 55 | // Keep the ARM7 mostly idle 56 | while (1) { 57 | runCheatEngineCheck(); 58 | swiWaitForVBlank(); 59 | } 60 | } 61 | 62 | 63 | -------------------------------------------------------------------------------- /arm9/Makefile: -------------------------------------------------------------------------------- 1 | #--------------------------------------------------------------------------------- 2 | .SUFFIXES: 3 | #--------------------------------------------------------------------------------- 4 | ifeq ($(strip $(DEVKITARM)),) 5 | $(error "Please set DEVKITARM in your environment. export DEVKITARM=devkitARM") 6 | endif 7 | 8 | include $(DEVKITARM)/ds_rules 9 | 10 | #--------------------------------------------------------------------------------- 11 | # BUILD is the directory where object files & intermediate files will be placed 12 | # SOURCES is a list of directories containing source code 13 | # INCLUDES is a list of directories containing extra header files 14 | # DATA is a list of directories containing binary files 15 | # all directories are relative to this makefile 16 | #--------------------------------------------------------------------------------- 17 | BUILD := build 18 | IMAGES := graphics 19 | SOURCES := source $(IMG_DATA) 20 | INCLUDES := include 21 | DATA := data 22 | 23 | #--------------------------------------------------------------------------------- 24 | # options for code generation 25 | #--------------------------------------------------------------------------------- 26 | ARCH := -march=armv5te -mtune=arm946e-s -mthumb -mthumb-interwork 27 | 28 | CFLAGS := -g -Wall -O2\ 29 | -fomit-frame-pointer\ 30 | -ffast-math \ 31 | -Wall -Wextra -Werror \ 32 | $(ARCH) 33 | 34 | CFLAGS += $(INCLUDE) -DARM9 35 | CXXFLAGS := $(CFLAGS) 36 | 37 | ASFLAGS := -g $(ARCH) $(INCLUDE) 38 | 39 | LDFLAGS = -specs=ds_arm9.specs -g $(ARCH) -Wl,-Map,$(notdir $*.map) 40 | 41 | #--------------------------------------------------------------------------------- 42 | # any extra libraries we wish to link with the project 43 | #--------------------------------------------------------------------------------- 44 | LIBS := -lfat -lnds9 45 | 46 | #--------------------------------------------------------------------------------- 47 | # list of directories containing libraries, this must be the top level containing 48 | # include and lib 49 | #--------------------------------------------------------------------------------- 50 | LIBDIRS := $(LIBNDS) 51 | 52 | #--------------------------------------------------------------------------------- 53 | # no real need to edit anything past this point unless you need to add additional 54 | # rules for different file extensions 55 | #--------------------------------------------------------------------------------- 56 | ifneq ($(BUILD),$(notdir $(CURDIR))) 57 | #--------------------------------------------------------------------------------- 58 | 59 | export ARM9ELF := $(CURDIR)/$(TARGET).elf 60 | export DEPSDIR := $(CURDIR)/$(BUILD) 61 | 62 | export VPATH := $(foreach dir,$(SOURCES),$(CURDIR)/$(dir)) \ 63 | $(foreach dir,$(DATA),$(CURDIR)/$(dir)) 64 | 65 | CFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.c))) 66 | CPPFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.cpp))) 67 | SFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.s))) 68 | BINFILES := $(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.*))) 69 | 70 | BMPFILES := $(foreach dir,$(IMAGES),$(notdir $(wildcard $(dir)/*.bmp))) 71 | 72 | #--------------------------------------------------------------------------------- 73 | # use CXX for linking C++ projects, CC for standard C 74 | #--------------------------------------------------------------------------------- 75 | ifeq ($(strip $(CPPFILES)),) 76 | #--------------------------------------------------------------------------------- 77 | export LD := $(CC) 78 | #--------------------------------------------------------------------------------- 79 | else 80 | #--------------------------------------------------------------------------------- 81 | export LD := $(CXX) 82 | #--------------------------------------------------------------------------------- 83 | endif 84 | #--------------------------------------------------------------------------------- 85 | 86 | export OFILES := $(addsuffix .o,$(BINFILES)) $(BMPFILES:.bmp=.o) \ 87 | $(CPPFILES:.cpp=.o) $(CFILES:.c=.o) $(SFILES:.s=.o) 88 | 89 | export INCLUDE := $(foreach dir,$(INCLUDES),-I$(CURDIR)/$(dir)) \ 90 | $(foreach dir,$(LIBDIRS),-isystem $(dir)/include) \ 91 | -I$(CURDIR)/$(BUILD) 92 | 93 | export LIBPATHS := $(foreach dir,$(LIBDIRS),-L$(dir)/lib) 94 | 95 | .PHONY: $(BUILD) clean 96 | 97 | #--------------------------------------------------------------------------------- 98 | $(BUILD): 99 | @[ -d $@ ] || mkdir -p $@ 100 | @make --no-print-directory -C $(BUILD) -f $(CURDIR)/Makefile 101 | 102 | #--------------------------------------------------------------------------------- 103 | clean: 104 | @echo clean ... 105 | @rm -fr $(BUILD) *.elf *.nds* *.bin 106 | 107 | #--------------------------------------------------------------------------------- 108 | else 109 | 110 | #--------------------------------------------------------------------------------- 111 | # main targets 112 | #--------------------------------------------------------------------------------- 113 | $(ARM9BIN) : $(ARM9ELF) 114 | @$(OBJCOPY) -O binary $< $@ 115 | @echo built ... $(notdir $@) 116 | 117 | $(ARM9ELF) : $(OFILES) 118 | @echo linking $(notdir $@) 119 | @$(LD) $(LDFLAGS) $(OFILES) $(LIBPATHS) $(LIBS) -o $@ 120 | 121 | 122 | #--------------------------------------------------------------------------------- 123 | # graphics 124 | #--------------------------------------------------------------------------------- 125 | bgtop.s : ../$(IMAGES)/bgtop.bmp 126 | grit $< -gB4 -gzl -fts -o $@ -q 127 | 128 | bgsub.s : ../$(IMAGES)/bgsub.bmp 129 | grit $< -gB4 -gzl -fts -o $@ -q 130 | 131 | cursor.s : ../$(IMAGES)/cursor.bmp 132 | grit $< -gB4 -fts -Mw8 -Mh4 -o $@ -q 133 | 134 | font.s : ../$(IMAGES)/font.bmp 135 | grit $< -gB4 -gzl -fts -o font.s -q 136 | 137 | button_go.s : ../$(IMAGES)/button_go.bmp 138 | grit $< -gB4 -fts -Mw16 -Mh4 -o $@ -q 139 | 140 | button_on.s : ../$(IMAGES)/button_on.bmp 141 | grit $< -gB4 -fts -Mw30 -Mh2 -o $@ -q 142 | 143 | button_off.s : ../$(IMAGES)/button_off.bmp 144 | grit $< -gB4 -fts -Mw30 -Mh2 -o $@ -q 145 | 146 | button_folder.s : ../$(IMAGES)/button_folder.bmp 147 | grit $< -gB4 -fts -Mw30 -Mh2 -o $@ -q 148 | 149 | button_file.s : ../$(IMAGES)/button_file.bmp 150 | grit $< -gB4 -fts -Mw30 -Mh2 -o $@ -q 151 | 152 | scrollbar.s : ../$(IMAGES)/scrollbar.bmp 153 | grit $< -gB4 -Mw2 -Mh2 -fts -o scrollbar.s -q 154 | 155 | textbox.s : ../$(IMAGES)/textbox.bmp 156 | grit $< -gB4 -fts -o textbox.s -q 157 | 158 | 159 | #--------------------------------------------------------------------------------- 160 | # you need a rule like this for each extension you use as binary data 161 | #--------------------------------------------------------------------------------- 162 | %.bin.o : %.bin 163 | #--------------------------------------------------------------------------------- 164 | @echo $(notdir $<) 165 | @$(bin2o) 166 | 167 | -include $(DEPSDIR)/*.d 168 | 169 | #--------------------------------------------------------------------------------------- 170 | endif 171 | #--------------------------------------------------------------------------------------- 172 | -------------------------------------------------------------------------------- /arm9/graphics/bgsub.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chishm/nitrohax/c5b68b31a833d8aece47efe80594dde59e906332/arm9/graphics/bgsub.bmp -------------------------------------------------------------------------------- /arm9/graphics/bgtop.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chishm/nitrohax/c5b68b31a833d8aece47efe80594dde59e906332/arm9/graphics/bgtop.bmp -------------------------------------------------------------------------------- /arm9/graphics/button_file.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chishm/nitrohax/c5b68b31a833d8aece47efe80594dde59e906332/arm9/graphics/button_file.bmp -------------------------------------------------------------------------------- /arm9/graphics/button_folder.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chishm/nitrohax/c5b68b31a833d8aece47efe80594dde59e906332/arm9/graphics/button_folder.bmp -------------------------------------------------------------------------------- /arm9/graphics/button_go.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chishm/nitrohax/c5b68b31a833d8aece47efe80594dde59e906332/arm9/graphics/button_go.bmp -------------------------------------------------------------------------------- /arm9/graphics/button_off.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chishm/nitrohax/c5b68b31a833d8aece47efe80594dde59e906332/arm9/graphics/button_off.bmp -------------------------------------------------------------------------------- /arm9/graphics/button_on.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chishm/nitrohax/c5b68b31a833d8aece47efe80594dde59e906332/arm9/graphics/button_on.bmp -------------------------------------------------------------------------------- /arm9/graphics/cursor.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chishm/nitrohax/c5b68b31a833d8aece47efe80594dde59e906332/arm9/graphics/cursor.bmp -------------------------------------------------------------------------------- /arm9/graphics/font.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chishm/nitrohax/c5b68b31a833d8aece47efe80594dde59e906332/arm9/graphics/font.bmp -------------------------------------------------------------------------------- /arm9/graphics/scrollbar.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chishm/nitrohax/c5b68b31a833d8aece47efe80594dde59e906332/arm9/graphics/scrollbar.bmp -------------------------------------------------------------------------------- /arm9/graphics/textbox.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chishm/nitrohax/c5b68b31a833d8aece47efe80594dde59e906332/arm9/graphics/textbox.bmp -------------------------------------------------------------------------------- /arm9/source/bios_decompress_callback.c: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #include "bios_decompress_callback.h" 20 | 21 | static int getSizeBiosCallback (uint8 * source, uint16 * dest, uint32 r2) 22 | { 23 | (void)dest; 24 | (void)r2; 25 | return *((int*)source); 26 | } 27 | 28 | static uint8 readByteBiosCallback (uint8 * source) 29 | { 30 | return *source; 31 | } 32 | 33 | TDecompressionStream decompressBiosCallback = 34 | { 35 | getSizeBiosCallback, 36 | (void*)0, 37 | readByteBiosCallback 38 | } ; 39 | 40 | 41 | -------------------------------------------------------------------------------- /arm9/source/bios_decompress_callback.h: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #ifndef BIOS_DECOMPRESS_CALLBACK_H 20 | #define BIOS_DECOMPRESS_CALLBACK_H 21 | 22 | #ifdef __cplusplus 23 | extern "C" { 24 | #endif 25 | 26 | #include 27 | #include 28 | 29 | extern TDecompressionStream decompressBiosCallback; 30 | 31 | 32 | 33 | #ifdef __cplusplus 34 | } 35 | #endif 36 | 37 | #endif // BIOS_DECOMPRESS_CALLBACK_H 38 | 39 | -------------------------------------------------------------------------------- /arm9/source/cheat.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #include "cheat.h" 20 | #include 21 | #include 22 | #include 23 | 24 | #include "ui.h" 25 | 26 | static const char HEX_CHARACTERS[] = "0123456789ABCDEFabcdef"; 27 | 28 | CheatFolder::~CheatFolder() 29 | { 30 | for (std::vector::iterator curItem = contents.begin(); curItem != contents.end(); curItem++) { 31 | delete (*curItem); 32 | } 33 | } 34 | 35 | void CheatFolder::enableAll (bool enabled) 36 | { 37 | if (allowOneOnly && enabled) { 38 | return; 39 | } 40 | for (std::vector::iterator curItem = contents.begin(); curItem != contents.end(); curItem++) { 41 | CheatCode* cheatCode = dynamic_cast(*curItem); 42 | if (cheatCode) { 43 | cheatCode->setEnabled (enabled); 44 | } 45 | } 46 | } 47 | 48 | void CheatFolder::enablingSubCode (void) 49 | { 50 | if (allowOneOnly) { 51 | enableAll (false); 52 | } 53 | } 54 | 55 | std::list CheatFolder::getEnabledCodeData (void) 56 | { 57 | std::list codeData; 58 | CheatCode* cheatCode; 59 | 60 | for (std::vector::iterator curItem = contents.begin(); curItem != contents.end(); curItem++) { 61 | std::list curCodeData = (*curItem)->getEnabledCodeData(); 62 | cheatCode = dynamic_cast(*curItem); 63 | if (cheatCode && cheatCode->isMaster()) { 64 | codeData.insert( codeData.begin(), curCodeData.begin(), curCodeData.end()); 65 | } else { 66 | codeData.insert( codeData.end(), curCodeData.begin(), curCodeData.end()); 67 | } 68 | } 69 | 70 | return codeData; 71 | } 72 | 73 | std::list CheatCode::getEnabledCodeData (void) 74 | { 75 | std::list codeData; 76 | if (enabled) { 77 | codeData = cheatData; 78 | } 79 | 80 | return codeData; 81 | } 82 | 83 | void CheatCode::setCodeData (const std::string& data) 84 | { 85 | const char* codeData = data.c_str(); 86 | char codeinfo[30]; 87 | int value; 88 | int codeLen = strlen (codeData); 89 | int codePos = 0; 90 | int readNum = 1; 91 | 92 | const char ALWAYS_ON[] = "always_on"; 93 | const char ON[] = "on"; 94 | const char MASTER[] = "master"; 95 | 96 | if (sscanf (codeData, "%29s", codeinfo) > 0) { 97 | if (strcmp(codeinfo, ALWAYS_ON) == 0) { 98 | always_on = true; 99 | enabled = true; 100 | codePos += strlen (ALWAYS_ON); 101 | } else if (strcmp(codeinfo, ON) == 0) { 102 | enabled = true; 103 | codePos += strlen (ON); 104 | } else if (strcmp(codeinfo, MASTER) == 0) { 105 | master = true; 106 | codePos += strlen (MASTER); 107 | } 108 | } 109 | 110 | while ((codePos < codeLen) && (readNum > 0)) { 111 | // Move onto the next hexadecimal value 112 | codePos += strcspn (codeData + codePos, HEX_CHARACTERS); 113 | readNum = sscanf (codeData + codePos, "%x", &value); 114 | if (readNum > 0) { 115 | cheatData.push_back (value); 116 | codePos += CODE_WORD_LEN; 117 | } else { 118 | readNum = sscanf (codeData + codePos, "%29s", codeinfo); 119 | if (readNum > 0) { 120 | codePos += strlen (codeinfo); 121 | } 122 | } 123 | } 124 | 125 | if (master && (cheatData.size() >= 2)) { 126 | if ((*(cheatData.begin()) & 0xFF000000) == 0xCF000000) { 127 | // Master code meant for Nitro Hax 128 | always_on = true; 129 | enabled = true; 130 | } else if ((cheatData.size() >= 18) && (*(cheatData.begin()) == 0x00000000)) { 131 | // Master code meant for the Action Replay 132 | // Convert it for Nitro Hax 133 | CheatWord relocDest; 134 | std::list::iterator i = cheatData.begin(); 135 | std::advance (i, 13); 136 | relocDest = *i; 137 | cheatData.clear(); 138 | cheatData.push_back (CHEAT_ENGINE_RELOCATE); 139 | cheatData.push_back (relocDest); 140 | enabled = true; 141 | } 142 | } 143 | } 144 | 145 | void CheatCode::toggleEnabled (void) 146 | { 147 | if (!enabled && getParent()) { 148 | getParent()->enablingSubCode(); 149 | } 150 | if (!always_on) { 151 | enabled = !enabled; 152 | } 153 | } 154 | 155 | 156 | void CheatGame::setGameid (const std::string& id) 157 | { 158 | const char* idData = id.c_str(); 159 | const char* crcData; 160 | 161 | headerCRC = 0; 162 | if (id.size() < 9) { 163 | return; 164 | } 165 | gameid[0] = id.at(0); 166 | gameid[1] = id.at(1); 167 | gameid[2] = id.at(2); 168 | gameid[3] = id.at(3); 169 | 170 | headerCRC = 0; 171 | crcData = strpbrk (idData+4, HEX_CHARACTERS); 172 | if (crcData) { 173 | sscanf (crcData, "%" SCNx32, &headerCRC); 174 | // CRC is inverted in the cheat list 175 | headerCRC = ~headerCRC; 176 | } 177 | } 178 | 179 | 180 | CheatCodelist::~CheatCodelist(void) 181 | { 182 | for (std::vector::iterator curItem = getContents().begin(); curItem != getContents().end(); curItem++) { 183 | delete (*curItem); 184 | } 185 | } 186 | 187 | #define BUFFER_SIZE 1024 188 | bool CheatCodelist::nextToken (FILE* fp, std::string& token, TOKEN_TYPE& tokenType) 189 | { 190 | char tokenData[BUFFER_SIZE]; 191 | token.clear(); 192 | 193 | if (fscanf(fp, " <%1023[^>]", tokenData) > 0) { 194 | if (tokenData[0] == '/') { 195 | tokenType = TOKEN_TAG_END; 196 | token += &tokenData[1]; 197 | } else { 198 | tokenType = TOKEN_TAG_START; 199 | token += tokenData; 200 | } 201 | while (fscanf(fp, "%1023[^>]", tokenData) > 0) { 202 | token += tokenData; 203 | } ; 204 | fscanf(fp, ">"); 205 | if (tokenType == TOKEN_TAG_START && token.at(token.size() -1 ) == '/') { 206 | token.resize (token.size() -1); 207 | tokenType = TOKEN_TAG_SINGLE; 208 | } 209 | } else if (fscanf(fp, "%1023[^<]", tokenData) > 0) { 210 | tokenType = TOKEN_DATA; 211 | do { 212 | token += tokenData; 213 | } while (fscanf(fp, "%1023[^<]", tokenData) > 0); 214 | if (token.empty()) { 215 | return false; 216 | } 217 | } else { 218 | return false; 219 | } 220 | 221 | return true; 222 | } 223 | 224 | bool CheatCodelist::load (FILE* fp) 225 | { 226 | enum {state_normal, state_name, state_note, state_codes, state_gameid, state_allowedon} state = state_normal; 227 | CheatBase* curItem = this; 228 | CheatBase* newItem; 229 | CheatCode* cheatCode; 230 | CheatFolder* cheatFolder; 231 | CheatGame* cheatGame; 232 | std::string token; 233 | TOKEN_TYPE tokenType; 234 | int depth = 0; 235 | bool done = false; 236 | 237 | while (nextToken (fp, token, tokenType) && (tokenType != TOKEN_TAG_START || token != "codelist")) ; 238 | 239 | if (token != "codelist") { 240 | return false; 241 | } 242 | depth ++; 243 | 244 | while (nextToken (fp, token, tokenType) && !done) { 245 | switch (tokenType) { 246 | case TOKEN_DATA: 247 | switch (state) { 248 | case state_name: 249 | curItem->name = token; 250 | break; 251 | case state_note: 252 | curItem->note = token; 253 | break; 254 | case state_codes: 255 | cheatCode = dynamic_cast(curItem); 256 | if (cheatCode) { 257 | cheatCode->setCodeData (token); 258 | } 259 | break; 260 | case state_gameid: 261 | cheatGame = dynamic_cast(curItem); 262 | if (cheatGame) { 263 | cheatGame->setGameid (token); 264 | } 265 | break; 266 | case state_allowedon: 267 | cheatFolder = dynamic_cast(curItem); 268 | if (cheatFolder) { 269 | cheatFolder->setAllowOneOnly (!(token == "0")); 270 | } 271 | break; 272 | case state_normal: 273 | break; 274 | } 275 | break; 276 | case TOKEN_TAG_START: 277 | depth++; 278 | if (token == "game") { 279 | cheatGame = new CheatGame (this); 280 | this->addItem (cheatGame); 281 | curItem = cheatGame; 282 | } else if (token == "folder") { 283 | cheatFolder = dynamic_cast(curItem); 284 | if (cheatFolder) { 285 | newItem = new CheatFolder (cheatFolder); 286 | cheatFolder->addItem (newItem); 287 | curItem = newItem; 288 | } 289 | } else if (token == "cheat") { 290 | cheatFolder = dynamic_cast(curItem); 291 | if (cheatFolder) { 292 | newItem = new CheatCode (cheatFolder); 293 | cheatFolder->addItem (newItem); 294 | curItem = newItem; 295 | } 296 | } else if (token == "codelist") { 297 | // Should only occur at top level 298 | curItem = this; 299 | depth = 1; 300 | } else if (token == "name") { 301 | state = state_name; 302 | } else if (token == "note") { 303 | state = state_note; 304 | } else if (token == "codes") { 305 | state = state_codes; 306 | } else if (token == "gameid") { 307 | state = state_gameid; 308 | } else if (token == "allowedon") { 309 | state = state_allowedon; 310 | } 311 | break; 312 | case TOKEN_TAG_END: 313 | if ((token == "game") || 314 | (token == "folder") || 315 | (token == "cheat") 316 | ) { 317 | newItem = curItem->getParent(); 318 | if (newItem) { 319 | curItem = newItem; 320 | } 321 | } else if (token == "subscription") { 322 | done = true; 323 | } 324 | state = state_normal; 325 | depth--; 326 | break; 327 | case TOKEN_TAG_SINGLE: 328 | break; 329 | } 330 | } 331 | 332 | this->name = "Cheat list"; 333 | return true; 334 | } 335 | 336 | CheatGame* CheatCodelist::getGame (const char gameid[4], uint32_t headerCRC) 337 | { 338 | for (std::vector::iterator curItem = contents.begin(); curItem != contents.end(); curItem++) { 339 | CheatGame* game = dynamic_cast(*curItem); 340 | if (game && game->checkGameid(gameid, headerCRC)) { 341 | return game; 342 | } 343 | } 344 | 345 | return NULL; 346 | } 347 | 348 | 349 | -------------------------------------------------------------------------------- /arm9/source/cheat.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef CHEAT_H 3 | #define CHEAT_H 4 | 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | 12 | #define CHEAT_CODE_END 0xCF000000 13 | #define CHEAT_ENGINE_RELOCATE 0xCF000001 14 | #define CHEAT_ENGINE_HOOK 0xCF000002 15 | 16 | 17 | typedef unsigned int CheatWord; 18 | 19 | class CheatFolder; 20 | 21 | class CheatBase 22 | { 23 | private: 24 | CheatFolder* parent; 25 | 26 | public: 27 | std::string name; 28 | std::string note; 29 | 30 | CheatBase (CheatFolder* parent) 31 | { 32 | this->parent = parent; 33 | } 34 | 35 | CheatBase (const char* name, CheatFolder* parent) 36 | { 37 | this->name = name; 38 | this->parent = parent; 39 | } 40 | 41 | CheatBase (const std::string name, CheatFolder* parent) 42 | { 43 | this->name = name; 44 | this->parent = parent; 45 | } 46 | 47 | virtual ~CheatBase () 48 | { 49 | } 50 | 51 | const char* getName (void) 52 | { 53 | return name.c_str(); 54 | } 55 | 56 | const char* getNote (void) 57 | { 58 | return note.c_str(); 59 | } 60 | 61 | CheatFolder* getParent (void) 62 | { 63 | return parent; 64 | } 65 | 66 | virtual std::list getEnabledCodeData(void) 67 | { 68 | std::list codeData; 69 | return codeData; 70 | } 71 | } ; 72 | 73 | class CheatCode : public CheatBase 74 | { 75 | public: 76 | CheatCode (CheatFolder* parent) : CheatBase (parent) 77 | { 78 | enabled = false; 79 | always_on = false; 80 | master = false; 81 | } 82 | 83 | void setEnabled (bool enable) 84 | { 85 | if (!always_on) { 86 | enabled = enable; 87 | } 88 | } 89 | 90 | void toggleEnabled (void); 91 | 92 | bool getEnabledStatus (void) 93 | { 94 | return enabled; 95 | } 96 | 97 | bool isMaster (void) 98 | { 99 | return master; 100 | } 101 | 102 | std::list getCodeData(void) 103 | { 104 | return cheatData; 105 | } 106 | 107 | void setCodeData (const std::string& data); 108 | 109 | std::list getEnabledCodeData(void); 110 | 111 | static const int CODE_WORD_LEN = 8; 112 | 113 | private: 114 | std::list cheatData; 115 | bool enabled; 116 | bool always_on; 117 | bool master; 118 | } ; 119 | 120 | class CheatFolder : public CheatBase 121 | { 122 | public: 123 | CheatFolder (const char* name, CheatFolder* parent) : CheatBase (name, parent) 124 | { 125 | allowOneOnly = false; 126 | } 127 | 128 | CheatFolder (CheatFolder* parent) : CheatBase (parent) 129 | { 130 | allowOneOnly = false; 131 | } 132 | 133 | ~CheatFolder(); 134 | 135 | void addItem (CheatBase* item) 136 | { 137 | if (item) { 138 | contents.push_back(item); 139 | } 140 | } 141 | 142 | void enablingSubCode (void); 143 | 144 | void enableAll (bool enabled); 145 | 146 | void setAllowOneOnly (bool value) 147 | { 148 | allowOneOnly = value; 149 | } 150 | 151 | std::vector getContents(void) 152 | { 153 | return contents; 154 | } 155 | 156 | std::list getEnabledCodeData(void); 157 | 158 | protected: 159 | std::vector contents; 160 | 161 | private: 162 | bool allowOneOnly; 163 | 164 | } ; 165 | 166 | class CheatGame : public CheatFolder 167 | { 168 | public: 169 | CheatGame (const char* name, CheatFolder* parent) : CheatFolder (name, parent) 170 | { 171 | memset(gameid, ' ', 4); 172 | } 173 | 174 | CheatGame (CheatFolder* parent) : CheatFolder (parent) 175 | { 176 | memset(gameid, ' ', 4); 177 | } 178 | 179 | bool checkGameid (const char gameid[4], uint32_t headerCRC) 180 | { 181 | return (memcmp (gameid, this->gameid, sizeof(this->gameid)) == 0) && 182 | (headerCRC == this->headerCRC); 183 | } 184 | 185 | void setGameid (const std::string& id); 186 | 187 | private: 188 | char gameid[4]; 189 | uint32_t headerCRC; 190 | } ; 191 | 192 | class CheatCodelist : public CheatFolder 193 | { 194 | public: 195 | CheatCodelist (void) : CheatFolder ("No codes loaded", NULL) 196 | { 197 | } 198 | 199 | ~CheatCodelist (); 200 | 201 | bool load (FILE* fp); 202 | 203 | CheatGame* getGame (const char gameid[4], uint32_t headerCRC); 204 | 205 | private: 206 | enum TOKEN_TYPE {TOKEN_DATA, TOKEN_TAG_START, TOKEN_TAG_END, TOKEN_TAG_SINGLE}; 207 | 208 | bool nextToken (FILE* fp, std::string& token, TOKEN_TYPE& tokenType); 209 | 210 | } ; 211 | 212 | #endif // CHEAT_H 213 | 214 | -------------------------------------------------------------------------------- /arm9/source/cheat_engine.c: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #include 20 | #include 21 | 22 | #include "load_bin.h" 23 | #include "cheat_engine.h" 24 | #define LCDC_BANK_C (vu16*)0x06840000 25 | 26 | #define CHEAT_DATA_LOCATION ((u32*)0x06850000) 27 | #define CHEAT_CODE_END 0xCF000000 28 | 29 | static void vramset (volatile void* dst, u16 val, int len) 30 | { 31 | vu32* dst32 = (vu32*)dst; 32 | u32 val32 = val | (val << 16); 33 | 34 | for ( ; len > 0; len -= 4) { 35 | *dst32++ = val32; 36 | } 37 | } 38 | 39 | static void vramcpy (volatile void* dst, const void* src, int len) 40 | { 41 | vu32* dst32 = (vu32*)dst; 42 | const u32* src32 = (u32*)src; 43 | 44 | for ( ; len > 0; len -= 4) { 45 | *dst32++ = *src32++; 46 | } 47 | } 48 | 49 | void runCheatEngine (void* cheats, int cheatLength) 50 | { 51 | irqDisable(IRQ_ALL); 52 | 53 | 54 | // Direct CPU access to VRAM bank C 55 | VRAM_C_CR = VRAM_ENABLE | VRAM_C_LCD; 56 | // Clear VRAM 57 | vramset (LCDC_BANK_C, 0x0000, 128 * 1024); 58 | // Load the loader/patcher into the correct address 59 | vramcpy (LCDC_BANK_C, load_bin, load_bin_size); 60 | // Put the codes 64KiB after the start of the loader 61 | vramcpy (CHEAT_DATA_LOCATION, cheats, cheatLength); 62 | // Mark the end of the code list 63 | CHEAT_DATA_LOCATION[cheatLength/sizeof(u32)] = CHEAT_CODE_END; 64 | CHEAT_DATA_LOCATION[cheatLength/sizeof(u32) + 1] = 0; 65 | 66 | // Give the VRAM to the ARM7 67 | VRAM_C_CR = VRAM_ENABLE | VRAM_C_ARM7_0x06000000; 68 | 69 | // Reset into a passme loop 70 | REG_EXMEMCNT = 0xffff; 71 | *((vu32*)0x027FFFFC) = 0; 72 | *((vu32*)0x027FFE04) = (u32)0xE59FF018; 73 | *((vu32*)0x027FFE24) = (u32)0x027FFE04; 74 | swiSoftReset(); 75 | } 76 | -------------------------------------------------------------------------------- /arm9/source/cheat_engine.h: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #ifndef CHEAT_ENGINE_H 20 | #define CHEAT_ENGINE_H 21 | 22 | #include 23 | #define CHEAT_MAX_DATA_SIZE (64 * 1024) // 64KiB 24 | 25 | #ifdef __cplusplus 26 | extern "C" { 27 | #endif 28 | 29 | 30 | void runCheatEngine (void* cheats, int cheatLength); 31 | 32 | 33 | #ifdef __cplusplus 34 | } 35 | #endif 36 | 37 | #endif // CHEAT_ENGINE_H 38 | -------------------------------------------------------------------------------- /arm9/source/consoletext.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #include "consoletext.h" 20 | #include 21 | 22 | #define TAB_STOP 4 23 | #define SCREEN_WIDTH 32 24 | 25 | 26 | ConsoleText::ConsoleText (int width, int height, CHAR_SIZE tileSize, vu16 *const fontMap, u16 palette): 27 | fontPal(palette << 12), 28 | row(0), 29 | col(0), 30 | width(width), 31 | height(height), 32 | fontStart(0), 33 | fontMap(fontMap), 34 | tileSize(tileSize) 35 | { 36 | } 37 | 38 | void ConsoleText::clearText (void) 39 | { 40 | setPosition (0, 0); 41 | for (int i = 0; i < width * height; i++) { 42 | putChar (' '); 43 | } 44 | setPosition (0, 0); 45 | } 46 | 47 | void ConsoleText::clearText (int startRow, int startCol, int endRow, int endCol) 48 | { 49 | for (int i = startRow; i <= endRow; i++) { 50 | for (int j = startCol; j <= endCol; j++) { 51 | putChar (' ', i, j); 52 | } 53 | } 54 | } 55 | 56 | 57 | void ConsoleText::setPosition (int row, int col) 58 | { 59 | this->row = row; 60 | this->col = col; 61 | } 62 | 63 | void ConsoleText::putText (const char* str) 64 | { 65 | putText (str, 0, height-1, width-1); 66 | } 67 | 68 | int ConsoleText::putText (const char* str, int startCol, int endRow, int endCol, int curRow, int curCol) 69 | { 70 | int pos = 0; 71 | int len = strlen (str); 72 | row = curRow; 73 | col = curCol; 74 | char curChar; 75 | 76 | while (pos < len) { 77 | curChar = str[pos]; 78 | switch (curChar) { 79 | case '\r': 80 | col = startCol; 81 | break; 82 | case '\n': 83 | row++; 84 | col = startCol; 85 | break; 86 | case '\t': 87 | col += TAB_STOP; 88 | col = col - (col % TAB_STOP); 89 | break; 90 | default: 91 | if (col > endCol) { 92 | row++; 93 | col = startCol; 94 | } 95 | 96 | if (row > endRow) { 97 | // Overflowed the screen so bail out 98 | return row; 99 | } 100 | 101 | putChar (curChar, row, col); 102 | col++; 103 | break; 104 | } 105 | pos++; 106 | } 107 | 108 | return row; 109 | } 110 | 111 | void ConsoleText::putChar (char chr) 112 | { 113 | putChar (chr, row, col); 114 | col++; 115 | if (col >= width) { 116 | row++; 117 | col = 0; 118 | } 119 | if (row >= height) { 120 | row = 0; 121 | } 122 | } 123 | 124 | void ConsoleText::putChar (char chr, int row, int col) 125 | { 126 | if (tileSize == CHAR_SIZE_8PX) { 127 | fontMap[col + row * SCREEN_WIDTH] = fontPal | (u16)(chr + fontStart); 128 | } else { 129 | fontMap[col * 2 + row * 2 * SCREEN_WIDTH] = fontPal | (u16)(chr * 4 + fontStart); 130 | fontMap[(col * 2 + 1) + row * 2 * SCREEN_WIDTH] = fontPal | (u16)(chr * 4 + 1 + fontStart); 131 | fontMap[col * 2 + (row * 2 + 1) * SCREEN_WIDTH] = fontPal | (u16)(chr * 4 + 2 + fontStart); 132 | fontMap[(col * 2 + 1) + (row * 2 + 1) * SCREEN_WIDTH] = fontPal | (u16)(chr * 4 + 3 + fontStart); 133 | } 134 | } 135 | 136 | void ConsoleText::putTile (int val, int row, int col, int palette) 137 | { 138 | u16 pal = (u16)(palette << 12); 139 | if (tileSize == CHAR_SIZE_8PX) { 140 | fontMap[col + row * SCREEN_WIDTH] = pal | (u16)val; 141 | } else { 142 | fontMap[col * 2 + row * 2 * SCREEN_WIDTH] = pal | (u16)(val * 4); 143 | fontMap[(col * 2 + 1) + row * 2 * SCREEN_WIDTH] = pal | (u16)(val * 4 + 1); 144 | fontMap[col * 2 + (row * 2 + 1) * SCREEN_WIDTH] = pal | (u16)(val * 4 + 2); 145 | fontMap[(col * 2 + 1) + (row * 2 + 1) * SCREEN_WIDTH] = pal | (u16)(val * 4 + 3); 146 | } 147 | } 148 | -------------------------------------------------------------------------------- /arm9/source/consoletext.h: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #include 20 | 21 | class ConsoleText 22 | { 23 | public: 24 | enum CHAR_SIZE {CHAR_SIZE_8PX, CHAR_SIZE_16PX}; 25 | 26 | ConsoleText (int width, int height, CHAR_SIZE tileSize, vu16 *const fontMap, u16 palette); 27 | 28 | void setPosition (int x, int y); 29 | void clearText (void); 30 | void clearText (int startRow, int startCol, int endRow, int endCol); 31 | void putText (const char* str); 32 | int putText (const char* str, int startCol, int endRow, int endCol, int curRow, int curCol); 33 | int putText (const char* str, int startCol, int endRow, int endCol) 34 | { 35 | return putText (str, startCol, endRow, endCol, row, col); 36 | } 37 | 38 | void putChar (char chr); 39 | void putChar (char chr, int row, int col); 40 | void putTile (int val, int row, int col, int palette); 41 | 42 | private: 43 | u16 fontPal; 44 | int row, col; 45 | int width, height; 46 | int fontStart; 47 | vu16 *const fontMap; 48 | CHAR_SIZE tileSize; 49 | } ; 50 | -------------------------------------------------------------------------------- /arm9/source/crc.c: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #include "crc.h" 20 | 21 | /* 22 | * This code implements the AUTODIN II polynomial 23 | * The variable corresponding to the macro argument "crc" should 24 | * be an unsigned long. 25 | * Original code by Spencer Garrett 26 | */ 27 | 28 | #define _CRC32_(crc, ch) (crc = (crc >> 8) ^ crc32tab[(crc ^ (ch)) & 0xff]) 29 | 30 | /* generated using the AUTODIN II polynomial 31 | * x^32 + x^26 + x^23 + x^22 + x^16 + 32 | * x^12 + x^11 + x^10 + x^8 + x^7 + x^5 + x^4 + x^2 + x^1 + 1 33 | */ 34 | 35 | static const uint32_t crc32tab[256] = { 36 | 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 37 | 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3, 38 | 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, 39 | 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 40 | 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, 41 | 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 42 | 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 43 | 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5, 44 | 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, 45 | 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 46 | 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 47 | 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, 48 | 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 49 | 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f, 50 | 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, 51 | 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 52 | 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a, 53 | 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, 54 | 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 55 | 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01, 56 | 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 57 | 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 58 | 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, 59 | 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, 60 | 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 61 | 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 62 | 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, 63 | 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 64 | 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086, 65 | 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, 66 | 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 67 | 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 68 | 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, 69 | 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 70 | 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, 71 | 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 72 | 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 73 | 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7, 74 | 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, 75 | 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 76 | 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 77 | 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, 78 | 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 79 | 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79, 80 | 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, 81 | 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 82 | 0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 83 | 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, 84 | 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 85 | 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713, 86 | 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 87 | 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 88 | 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e, 89 | 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, 90 | 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 91 | 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, 92 | 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, 93 | 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 94 | 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, 95 | 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, 96 | 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 97 | 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf, 98 | 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, 99 | 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d, 100 | }; 101 | 102 | uint32_t crc32(const char *buf, size_t size) 103 | { 104 | uint32_t crc = (uint32_t)~0; 105 | const char *p; 106 | size_t len, nr; 107 | 108 | len = 0; 109 | nr=size; 110 | for (len += nr, p = buf; nr--; ++p) 111 | { 112 | _CRC32_(crc, *p); 113 | } 114 | return ~crc; 115 | } 116 | 117 | -------------------------------------------------------------------------------- /arm9/source/crc.h: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #ifndef CRC_H 20 | #define CRC_H 21 | 22 | #ifdef __cplusplus 23 | extern "C" { 24 | #endif 25 | 26 | #include 27 | #include 28 | 29 | uint32_t crc32(const char *buf, size_t size); 30 | 31 | #ifdef __cplusplus 32 | } 33 | #endif 34 | 35 | #endif // CRC_H 36 | 37 | -------------------------------------------------------------------------------- /arm9/source/main.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | 26 | #include "cheat.h" 27 | #include "ui.h" 28 | #include "nds_card.h" 29 | #include "cheat_engine.h" 30 | #include "crc.h" 31 | #include "version.h" 32 | 33 | const char TITLE_STRING[] = "Nitro Hax " VERSION_STRING "\nWritten by Chishm"; 34 | const char* defaultFiles[] = {"cheats.xml", "/DS/NitroHax/cheats.xml", "/NitroHax/cheats.xml", "/data/NitroHax/cheats.xml", "/cheats.xml"}; 35 | 36 | 37 | static inline void ensure (bool condition, const char* errorMsg) { 38 | if (false == condition) { 39 | ui.showMessage (errorMsg); 40 | while(1) swiWaitForVBlank(); 41 | } 42 | 43 | return; 44 | } 45 | 46 | //--------------------------------------------------------------------------------- 47 | int main(int argc, const char* argv[]) 48 | { 49 | (void)argc; 50 | (void)argv; 51 | 52 | u32 ndsHeader[0x80]; 53 | u32* cheatDest; 54 | int curCheat = 0; 55 | char gameid[4]; 56 | uint32_t headerCRC; 57 | std::string filename; 58 | int c; 59 | FILE* cheatFile; 60 | 61 | ui.showMessage (UserInterface::TEXT_TITLE, TITLE_STRING); 62 | 63 | #ifdef DEMO 64 | ui.demo(); 65 | while(1); 66 | #endif 67 | 68 | ensure (fatInitDefault(), "FAT init failed"); 69 | 70 | // Read cheat file 71 | for (u32 i = 0; i < sizeof(defaultFiles)/sizeof(const char*); i++) { 72 | cheatFile = fopen (defaultFiles[i], "rb"); 73 | if (NULL != cheatFile) break; 74 | } 75 | if (NULL == cheatFile) { 76 | filename = ui.fileBrowser (".xml"); 77 | ensure (filename.size() > 0, "No file specified"); 78 | cheatFile = fopen (filename.c_str(), "rb"); 79 | ensure (cheatFile != NULL, "Couldn't load cheats"); 80 | } 81 | 82 | ui.showMessage (UserInterface::TEXT_TITLE, TITLE_STRING); 83 | ui.showMessage ("Loading codes"); 84 | 85 | c = fgetc(cheatFile); 86 | ensure (c != 0xFF && c != 0xFE, "File is in an unsupported unicode encoding"); 87 | fseek (cheatFile, 0, SEEK_SET); 88 | 89 | CheatCodelist* codelist = new CheatCodelist(); 90 | ensure (codelist->load(cheatFile), "Can't read cheat list\n"); 91 | fclose (cheatFile); 92 | 93 | ui.showMessage (UserInterface::TEXT_TITLE, TITLE_STRING); 94 | 95 | sysSetCardOwner (BUS_OWNER_ARM9); 96 | 97 | ui.showMessage ("Loaded codes\nYou can remove your flash card\nRemove DS Card"); 98 | do { 99 | swiWaitForVBlank(); 100 | getHeader (ndsHeader); 101 | } while (ndsHeader[0] != 0xffffffff); 102 | 103 | ui.showMessage ("Insert Game"); 104 | do { 105 | swiWaitForVBlank(); 106 | getHeader (ndsHeader); 107 | } while (ndsHeader[0] == 0xffffffff); 108 | 109 | // Delay half a second for the DS card to stabilise 110 | for (int i = 0; i < 30; i++) { 111 | swiWaitForVBlank(); 112 | } 113 | 114 | getHeader (ndsHeader); 115 | 116 | ui.showMessage ("Finding game"); 117 | 118 | memcpy (gameid, ((const char*)ndsHeader) + 12, 4); 119 | headerCRC = crc32((const char*)ndsHeader, sizeof(ndsHeader)); 120 | CheatFolder *gameCodes = codelist->getGame (gameid, headerCRC); 121 | 122 | if (!gameCodes) { 123 | gameCodes = codelist; 124 | } 125 | 126 | ui.cheatMenu (gameCodes, gameCodes); 127 | 128 | 129 | cheatDest = (u32*) malloc(CHEAT_MAX_DATA_SIZE); 130 | ensure (cheatDest != NULL, "Bad malloc\n"); 131 | 132 | std::list cheatList = gameCodes->getEnabledCodeData(); 133 | 134 | for (std::list::iterator cheat = cheatList.begin(); cheat != cheatList.end(); cheat++) { 135 | cheatDest[curCheat++] = (*cheat); 136 | } 137 | 138 | ui.showMessage (UserInterface::TEXT_TITLE, TITLE_STRING); 139 | ui.showMessage ("Running game"); 140 | 141 | runCheatEngine (cheatDest, curCheat * sizeof(u32)); 142 | 143 | while(1) { 144 | 145 | } 146 | 147 | return 0; 148 | } 149 | -------------------------------------------------------------------------------- /arm9/source/nds_card.c: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #include 20 | #include 21 | #include "nds_card.h" 22 | 23 | void getHeader (u32* ndsHeader) { 24 | cardParamCommand (CARD_CMD_DUMMY, 0, 25 | CARD_ACTIVATE | CARD_CLK_SLOW | CARD_BLK_SIZE(1) | CARD_DELAY1(0x1FFF) | CARD_DELAY2(0x3F), 26 | NULL, 0); 27 | 28 | cardParamCommand(CARD_CMD_HEADER_READ, 0, 29 | CARD_ACTIVATE | CARD_nRESET | CARD_CLK_SLOW | CARD_BLK_SIZE(1) | CARD_DELAY1(0x1FFF) | CARD_DELAY2(0x3F), 30 | ndsHeader, 512); 31 | 32 | } 33 | -------------------------------------------------------------------------------- /arm9/source/nds_card.h: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #ifndef NDS_CARD_H 20 | #define NDS_CARD_H 21 | 22 | #include 23 | 24 | #ifdef __cplusplus 25 | extern "C" { 26 | #endif 27 | 28 | 29 | void getHeader (u32* ndsHeader); 30 | 31 | 32 | #ifdef __cplusplus 33 | } 34 | #endif 35 | 36 | #endif // NDS_CARD_H 37 | -------------------------------------------------------------------------------- /arm9/source/ui.h: -------------------------------------------------------------------------------- 1 | /* 2 | NitroHax -- Cheat tool for the Nintendo DS 3 | Copyright (C) 2008 Michael "Chishm" Chisholm 4 | 5 | This program is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program. If not, see . 17 | */ 18 | 19 | #include 20 | #include 21 | #include "cheat.h" 22 | #include "consoletext.h" 23 | 24 | //#define DEMO 25 | 26 | class Sprite; 27 | 28 | 29 | class UserInterface 30 | { 31 | public: 32 | UserInterface (void); 33 | ~UserInterface (); 34 | 35 | struct FileInfo { 36 | std::string filename; 37 | bool isDirectory; 38 | }; 39 | 40 | 41 | enum TEXT_TYPE {TEXT_TITLE, TEXT_INFO}; 42 | 43 | void showMessage (TEXT_TYPE textType, const char* str, ...); 44 | void showMessage (const char* str, ...); 45 | void clearMessage (TEXT_TYPE textType); 46 | void clearMessage (void); 47 | 48 | void cheatMenu (CheatFolder* gameCodes) { 49 | cheatMenu (gameCodes, NULL); 50 | } 51 | void cheatMenu (CheatFolder* gameCodes, CheatFolder* top); 52 | 53 | std::string fileBrowser (const char* extension); 54 | 55 | #ifdef DEMO 56 | void demo (void) ; 57 | #endif 58 | 59 | private: 60 | static const int FONT_PALETTE = 1; 61 | 62 | static const int BUTTON_PALETTE_ON = 4; 63 | static const int BUTTON_PALETTE_OFF = 5; 64 | static const int BUTTON_PALETTE_FILE = 6; 65 | static const int BUTTON_PALETTE_FOLDER = 7; 66 | enum BUTTON_BG_OFFSETS {BUTTON_BG_OFFSET = 16, BUTTON_BG_FOLDER = BUTTON_BG_OFFSET + 0, 67 | BUTTON_BG_ON = BUTTON_BG_OFFSET + 60, BUTTON_BG_OFF = BUTTON_BG_OFFSET + 120, 68 | BUTTON_BG_FILE = BUTTON_BG_OFFSET + 180, BUTTON_BG_NONE = 0}; 69 | 70 | enum MENU_CONTROLS {MENU_END1 = 0, MENU_END2 = 1, MENU_BACK = 5, MENU_TICK1 = 9, MENU_TICK2 = 10, 71 | MENU_CROSS1 = 14, MENU_CROSS2 = 15}; 72 | 73 | static const int SCROLLBAR_PALETTE = 2; 74 | enum SCROLLBAR_OFFSETS {SCROLLBAR_OFFSET = 4, SCROLLBAR_UP = SCROLLBAR_OFFSET + 0, SCROLLBAR_BAR = SCROLLBAR_OFFSET + 4, 75 | SCROLLBAR_DOWN = SCROLLBAR_OFFSET + 8, SCROLLBAR_BOX = SCROLLBAR_OFFSET + 12}; 76 | 77 | static const int TEXTBOX_PALETTE = 3; 78 | enum TEXTBOX_OFFSETS {TEXTBOX_OFFSET = 1, TEXTBOX_NW = TEXTBOX_OFFSET + 0, TEXTBOX_N = TEXTBOX_OFFSET + 1, 79 | TEXTBOX_NE = TEXTBOX_OFFSET + 2, TEXTBOX_W = TEXTBOX_OFFSET + 3, TEXTBOX_C = TEXTBOX_OFFSET + 4, 80 | TEXTBOX_E = TEXTBOX_OFFSET + 5, TEXTBOX_SW = TEXTBOX_OFFSET + 6, TEXTBOX_S = TEXTBOX_OFFSET + 7, 81 | TEXTBOX_SE = TEXTBOX_OFFSET + 8}; 82 | 83 | static const int GO_BUTTON_PALETTE = 8; 84 | static const int GO_BUTTON_OFFSET = 256; 85 | 86 | static const int BLANK_TILE = 0; 87 | 88 | static const int NUM_CURSORS = 4; 89 | 90 | // Console elements 91 | ConsoleText* topText; 92 | u16* textboxMap; 93 | ConsoleText* subText; 94 | 95 | // GUI elements 96 | Sprite* scrollbox; 97 | Sprite* cursor[NUM_CURSORS]; 98 | vu16* guiSubMap; 99 | int scrollboxPosition; 100 | 101 | // Menu elements 102 | struct MENU_LEVEL { 103 | int top; 104 | int selected; 105 | int bottom; 106 | }; 107 | 108 | MENU_LEVEL menuLevel; 109 | 110 | void writeTextBox (TEXT_TYPE textType, const char* str, va_list args); 111 | void drawBox (int startRow, int startCol, int endRow, int endCol); 112 | void clearBox (void); 113 | void clearBox (int startRow, int startCol, int endRow, int endCol); 114 | static void wordWrap (char* str, int height, int width); 115 | 116 | void showCheatFolder (std::vector &contents); 117 | 118 | std::vector getDirContents (const char* extension); 119 | static bool fileInfoPredicate (const FileInfo& lhs, const FileInfo& rhs); 120 | void showFileFolder (std::vector &contents); 121 | 122 | int menuInput(bool enableGoButton); 123 | 124 | void putGuiTile (int val, int row, int col, int palette, bool doubleSize); 125 | void clearFolderBackground(void); 126 | void showCursor (bool visible); 127 | void setCursorPosition (int offset); 128 | void putButtonBg (BUTTON_BG_OFFSETS buttonBg, int position); 129 | void showScrollbar (bool visisble); 130 | void setScrollbarPosition (int offset, int listLength); 131 | void showGoButton (bool visible, int left, int top); 132 | } ; 133 | 134 | class Sprite 135 | { 136 | public: 137 | Sprite (int width, int height, const u16* spriteData, const u16* paletteData); 138 | 139 | void showSprite (bool visible); 140 | void setPosition (int left, int top); 141 | 142 | public: 143 | static void init (void); 144 | 145 | private: 146 | int top; 147 | int left; 148 | int num; 149 | u16 attrib0, attrib1, attrib2; 150 | bool visible; 151 | 152 | void updateAttribs (void); 153 | 154 | private: 155 | static int getSpriteNum (void); 156 | } ; 157 | 158 | extern UserInterface ui; 159 | 160 | -------------------------------------------------------------------------------- /icon.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chishm/nitrohax/c5b68b31a833d8aece47efe80594dde59e906332/icon.bmp --------------------------------------------------------------------------------