Well, all of the firmwares have 'generic' patches that are easy to search for and patch. I've written a simple search/patch routine for this. These don't change much, other than where they are located. They control if the firmware says 'incorrect hardware' or whatever.
The addresses stored in the dat are changed with every revision and the bytes are almost never the same or even similar. However, it is very easy to find them. All you need to do is decrypt the English R4 and the Chinese Simplified R4 and compare the last 0x8400 bytes.
There should only be a handful of bytes that are different. Just record them (make sure that if you're putting them in the dat that address 0 would be (firmware_length-0x8400).
I should probably explain the .dat
The first value 2E866286 is the CRC32 of the firmware
The second value 000D are the 'flags' just copy these from the line for an older version.
The third value 1110 is the version number, 1.11 the 0 is for if there's a beta or alternate version
The last value is the most important, 4, it is the patch number to use. Without the correct patch
games will not load.
2E866286,000D,1110,4, // r4 1.11 English
Now, for the actual patch,
4 is the patch number,
1380,1474,158C,41B0, are addressees to be patched (starting at firmware_length-0x8400).
The maximum number of patches you can apply is 32
4,1380,1474,158C,41B0, // 1.11 [R4] / 1.07 [M3]
The main thing to remember for the address patches is that they are all the same for firmwares of the same revision. So any R4 1.11 / M3 1.07 firmware will generally use the same addresses.