NDS Cheat-tool [Project-DipStar-]

Imaha486 · Post by **Imaha486** » Tue Feb 21, 2006 4:21 pm

Hi, them.
Because DATEL didn't make ProActionReplay, I made.
Name is .. Project-DipStar-

http://hp.vector.co.jp/authors/VA018359 ... r_v251.zip

It applied MKDS-Patch.
It reads cheat-code which was stored in the SRAM.
(MAX 126 codes / 4 pages)

To use, PassMe(or PassKey) and FlashCart are necessary.
PassMe,PassKey,PassKey2 or MAGICKEY/MK2 is good! :)
But, EZ-PASS,SUPERPASS or PassMe2 is bad..

Moreover, the FlashCart which doesn't use a loader is necessary.
EZ-FLASH or USBLine is good!
M3,G6,SuperCard,GBALink,etc... is bad..

If succeeding...

Of course, it is possible to do parameter search, too.

Don't you, too, challenge?

Darkflame · Post by **Darkflame** » Tue Feb 21, 2006 5:00 pm

GBAMP is bad?

Imaha486 · Post by **Imaha486** » Tue Feb 21, 2006 5:08 pm

Darkflame wrote:GBAMP is bad?

Yes. An error message is displayed.
DipStar must be most called first.
Moreover, DS-CARD must be read to the memory.

The cheapest combination is EZ-FLASH + PassKey.

Sappharad · Post by **Sappharad** » Tue Feb 21, 2006 5:55 pm

Thank you for making DipStar!
I have also been waiting for a DS ProActionReplay.

I don't have a PassMe (only FlashMe) so I can't use it. :-(
But still, great job! I hope you continue to update it!

loading · Post by **loading** » Tue Feb 21, 2006 7:40 pm

awesome :)

it's a shame i can't read the japanese instructions though

chishm · Post by **chishm** » Wed Feb 22, 2006 3:51 am

Is this a patch loader that changes memory addresses on boot or does it place a hook into the main NDS and continually update the memory locations specified?

The 9th Sage · Post by **The 9th Sage** » Wed Feb 22, 2006 4:12 am

Hm, interesting little program. I'll have to mess around with this...how easy is it to find codes? I haven't been using my flash cart for a lot lately since getting an M3, so maybe I could turn it into a full-time cheat device. :D

Sappharad · Post by **Sappharad** » Wed Feb 22, 2006 6:35 am

chishm wrote:Is this a patch loader that changes memory addresses on boot or does it place a hook into the main NDS and continually update the memory locations specified?

I attempted to use the included tool and found 3 codes for Kirby Canvas Curse. Since I dont have a PassMe, and I'm assuming it uses the leftover decrypted binary in memory to boot, I can't actually try the DS program. But I think I understand how it works so I can answer your question.

It can do both. If you don't provide it with a master code, it will only write once, then execute the game. If you do provide a master code, it continually updates the memory locations specified. It works just like an Action Replay, where the master code is the address that gets a hook.

It would be nice if there was an on-system cheat search, but I know that's almost impossible due to memory constraints. :-(

I have two questions of my own.
Does hasteDS have the ability to write to a memory address found with search, so you can test codes in emulator? I couldn't figure out if it could do this after clicking on all of the buttons.
Also, does anyone plan to translate more of this to English? I was able to figure out how this works, but it would be nice to have a bit more information.

Imaha486 · Post by **Imaha486** » Wed Feb 22, 2006 10:50 am

I know a way of cheat code searching.
Does someone need a tutorial?

---

Thank you Sappharad! :)
You are excellent.

Soon, I want to support a resident area change.
(At present, it is resident in address 0237a00.
The game which uses this place has firmed).

---

Hi,loading.
>It's a shame I can't read the Japanese instructions though
don't worry. ;)
An English manual, too, is included in archive.
It is a text-based but the contents are the same.

hasteDS is Japanese.
But, because I translated, wish to see.

---

Hi,chishm.
DipStar is Memory-hacking tool.
The master code can be used.
(For the details, it refers to the image)

Imaha486 · Post by **Imaha486** » Wed Feb 22, 2006 12:19 pm

And...Sappharad.

>Does hasteDS have the ability to write to a memory address found with search,
>so you can test codes in emulator?

Yes, it is possible.

It is possible if using "cheat code tester".
Support code is ..
0XXXXXXX 000000YY .. 8bit write it only once.
1XXXXXXX 0000YYYY .. 16bit write it only once.
2XXXXXXX YYYYYYYY .. 32bit write it only once.

--

Way, a MasterCode is easily found out.
http://hp.vector.co.jp/authors/VA018359 ... 2_v104.zip
use "NDS Disassembler [NDSDIS2](I made this, too).

(Command)
ndsdis2.exe NDSROM.NDS > disasmlist.txt

Open the TextEditor, And searches the string"4000130".
(exam)
:020014F0 E59F1048 ldr r1,[r15, #+0x48]
;r15+0x48=*(02001540)=#67109168(0x04000130) <<< hit!

It sees the bottom in the more...
(exam)
:0200153C E12FFF1E bx r14 (Jump to addr_04000008?)

===>MASTER CODE is "F200153C E12FFF1E"

As for address 4000130, contents at the button are stored.
In other words, it squeezes into the button entry.
Every time the program processes the button in this, a code is executed.

--

>Also, does anyone plan to translate more of this to English?

I'm not thinking.
Because I can not speak English, I am rescued when someone does.

see you :)

chishm · Post by **chishm** » Wed Feb 22, 2006 12:20 pm

This sounds really good. To make it work for flashme, you might want to load the full binaries from the DS card. There is code in libnds to read the card, but it is a bit hard to understand.

Mc Nasty · Post by **Mc Nasty** » Wed Feb 22, 2006 1:14 pm

serious possible to make this application for Supercard? since it sounds fantastic and I would like to prove it (I consider myself an expert as regards game enhacers) please I request him (especially to Imaha486) that supports users of SC/M3 since this idea this brilliant one (if I dominate him soon they will be the first ones in knowing it)
Ahead of time I apologize for my terrible one English but I don't dominate him very well

Imaha486 · Post by **Imaha486** » Wed Feb 22, 2006 11:43 pm

>chishm
Actually, I tried already.
But, in the method of MKDS, ARM9 can not be controlled.
Therefore, in DipStar, the wish isn't fulfilled.
( There is an idea but the motivation doesn't occur ).

>Mc Nasty
As explained above, SuperCard, too, can not be supported.

---

If PassMe is unnecessary and is made to be able to use SuperCard...

1.Loads a boot-program(ARM7/ARM9) from the flash cart.
2.Copies a main-program on to address:023F0000.
3.jump to main-program.
4.Removes the program to have loaded in 2004000(ARM9) and 2380000(ARM7).
5.Loads NDS card in the cleared address.
6.Changes values such as the header.
7.Changes a program counter.
8.Game start.

But easy if the card can be controlled in only ARM7...

Sappharad · Post by **Sappharad** » Fri Feb 24, 2006 4:55 am

Imaha486, I can not seem to figure out how the "Memory Write" feature in HasteDS works. Can you explain how to use it?

I run a game in DeSmuME, and search for an address. When I find it, I click memory write. I type the address in the left box, and the value I want to change it to in the right box. But when I click write, nothing happens. The value stays the same, even when the emulator is paused.

Do I need to enter the values into the memory write box in a special way?

Thanks in advance if you can explain how to use memory write.

HyperHacker · Post by **HyperHacker** » Fri Feb 24, 2006 5:23 am

Sappharad wrote:It would be nice if there was an on-system cheat search, but I know that's almost impossible due to memory constraints. :-(

Have we forgotten about the possibility to dump the game's RAM to CF/SD card, flash cart ROM, or thr 32MB provided by some carts, scan through it, and restore it? (Or even better, execute from the flash cart.) It'd be slow, but hey, it'd work.