Author Topic: R4DS/M3DSS Firmware Patcher  (Read 52174 times)

Offline iq_132

  • Administrator
  • *****
  • Posts: 3730
  • Karma: +358/-0
  • destroy.
    • NeoSource
R4DS/M3DSS Firmware Patcher
« on: July 31, 2007, 02:50:08 AM »
Quote
31/07/07
Added M3 1.07 to database
The database now has a version number.
 - If it is isn't current, 'info.dat' is deleted.
 - You will need to re-start the application to write the newer/newest one.
You must press 'enter' to exit the program now.  This makes it easier to see/resolve errors.


Offline Buddy

  • Newbies
  • *
  • Posts: 2
  • Karma: +0/-0
Re: R4DS/M3DSS Firmware Patcher
« Reply #1 on: July 31, 2007, 07:16:39 AM »
Thanks! How do you find the adresses for the dat before the m3 firmware is available?

Offline iq_132

  • Administrator
  • *****
  • Posts: 3730
  • Karma: +358/-0
  • destroy.
    • NeoSource
Re: R4DS/M3DSS Firmware Patcher
« Reply #2 on: July 31, 2007, 02:36:03 PM »
Well, all of the firmwares have 'generic' patches that are easy to search for and patch. I've written a simple search/patch routine for this. These don't change much, other than where they are located.  They control if the firmware says 'incorrect hardware' or whatever. 

The addresses stored in the dat are changed with every revision and the bytes are almost never the same or even similar. However, it is very easy to find them.  All you need to do is decrypt the English R4 and the Chinese Simplified R4 and compare the last 0x8400 bytes.

There should only be a handful of bytes that are different.  Just record them (make sure that if you're putting them in the dat that address 0 would be (firmware_length-0x8400).

I should probably explain the .dat

The first value 2E866286 is the CRC32 of the firmware
The second value 000D are the 'flags' just copy these from the line for an older version.
The third value 1110 is the version number, 1.11 the 0 is for if there's a beta or alternate version
The last value is the most important, 4, it is the patch number to use.  Without the correct patch
games will not load.
2E866286,000D,1110,4, // r4 1.11  English

Now, for the actual patch,
4 is the patch number,
1380,1474,158C,41B0, are addressees to be patched (starting at firmware_length-0x8400).
The maximum number of patches you can apply is 32
4,1380,1474,158C,41B0,               // 1.11 [R4] / 1.07 [M3]

The main thing to remember for the address patches is that they are all the same for firmwares of the same revision.  So any R4 1.11 / M3 1.07 firmware will generally use the same addresses.


Offline Buddy

  • Newbies
  • *
  • Posts: 2
  • Karma: +0/-0
Re: R4DS/M3DSS Firmware Patcher
« Reply #3 on: July 31, 2007, 05:37:40 PM »
Thank You for your explanation!  :smilie: I understood.

Offline iq_132

  • Administrator
  • *****
  • Posts: 3730
  • Karma: +358/-0
  • destroy.
    • NeoSource
Re: R4DS/M3DSS Firmware Patcher
« Reply #4 on: August 01, 2007, 02:59:28 AM »
No problem :)


Offline iq_132

  • Administrator
  • *****
  • Posts: 3730
  • Karma: +358/-0
  • destroy.
    • NeoSource
Re: R4DS/M3DSS Firmware Patcher
« Reply #5 on: November 21, 2007, 05:15:11 AM »
x


Offline tkbook

  • Newbies
  • *
  • Posts: 3
  • Karma: +0/-0
Re: R4DS/M3DSS Firmware Patcher
« Reply #6 on: November 21, 2007, 06:23:30 AM »
there is a new r4 firmware 1.12
2007/11/21

Offline iq_132

  • Administrator
  • *****
  • Posts: 3730
  • Karma: +358/-0
  • destroy.
    • NeoSource
Re: R4DS/M3DSS Firmware Patcher
« Reply #7 on: November 21, 2007, 06:24:49 AM »
Yeah, I know. :) The info.dat I posted above your post has support for the R4 1.12 firmware.


Offline tkbook

  • Newbies
  • *
  • Posts: 3
  • Karma: +0/-0
Re: R4DS/M3DSS Firmware Patcher
« Reply #8 on: November 22, 2007, 12:01:25 AM »
thanks your file
but i don't know how to use "info.dat"

can u teach?

Offline xsnake

  • Newbies
  • *
  • Posts: 2
  • Karma: +0/-0
Re: R4DS/M3DSS Firmware Patcher
« Reply #9 on: November 22, 2007, 01:38:39 AM »
Hi.. iq_132

Some attachment for INFO.DAT

r4 korean V1.12         0x6C739C13
r4 french  V1.12         0xA9D1FAB7
m3dss 1.08 french      0x3A4729BD
m3dss 1.08 japan       0xC6DE099C
m3dss 1.08 t-chinese  0x242FE1CC
m3dss 1.08 s-chinese  0x6A73812B
m3dss 1.08 english      0xFAF03B8D


THX for your great work..


thanks your file
but i don't know how to use "info.dat"

can u teach?

INFO.DAT is text file...
You can add your own attachments to INFO.DAT using text file editor ..

THX
« Last Edit: November 22, 2007, 02:22:17 AM by iq_132 »

Offline f0rbidden

  • Newbies
  • *
  • Posts: 9
  • Karma: +0/-0
Re: R4DS/M3DSS Firmware Patcher
« Reply #10 on: November 29, 2007, 11:13:00 PM »
Great work IQ, worked:)

Offline f0rbidden

  • Newbies
  • *
  • Posts: 9
  • Karma: +0/-0
Re: R4DS/M3DSS Firmware Patcher
« Reply #11 on: November 30, 2007, 12:49:35 AM »
BTW, do you mind telling me what do you decrypt them with? I want to learn and actually take a look at those variables.

Offline iq_132

  • Administrator
  • *****
  • Posts: 3730
  • Karma: +358/-0
  • destroy.
    • NeoSource
Re: R4DS/M3DSS Firmware Patcher
« Reply #12 on: December 02, 2007, 01:33:46 PM »
You can use r4denc, which is found on this page:
http://home.usay.jp/pc/etc/nds/index_en.html

I use my own, custom, tools. :)


Offline tinng

  • Newbies
  • *
  • Posts: 1
  • Karma: +0/-0
Re: R4DS/M3DSS Firmware Patcher
« Reply #13 on: December 05, 2007, 10:48:36 AM »
You are the best of the world ,thank you!!!

Offline arsehat

  • Newbies
  • *
  • Posts: 2
  • Karma: +0/-0
Re: R4DS/M3DSS Firmware Patcher
« Reply #14 on: December 07, 2007, 12:13:00 AM »
The addresses stored in the dat are changed with every revision and the bytes are almost never the same or even similar. However, it is very easy to find them.  All you need to do is decrypt the English R4 and the Chinese Simplified R4 and compare the last 0x8400 bytes.

Okay, I *think* I got all that. Decrypt, and play spot-the-difference. One slight problem when I look at 1.13, though.

I'm not seeing any difference in the last 0x8400 bytes between the chinese and english versions of 1.13. I suspect that's not good - either I've screwed up in checking, or they've given up on anything other than the stuff the generic patcher can get to, or they've used an entirely different location for that stuff. Can't check right now - I'll have a look this evening. I'm hoping for the second option.

2E866286,000D,1110,4, // r4 1.11  English

Now, for the actual patch,
4 is the patch number,
1380,1474,158C,41B0, are addressees to be patched (starting at firmware_length-0x8400).
The maximum number of patches you can apply is 32
4,1380,1474,158C,41B0,               // 1.11 [R4] / 1.07 [M3]

Unless I've missed something (and I probably have), 1.13 English will need an entry something like this in info.dat:
13288BC6,000D,1113,6, //r4 1.13 English

And a patch line of:
6,                               // 1.13 [R4]

Can't check this right now... anyone care to confirm whether this works, or I've made an arse of myself in public (again...), or the patching method needs to be re-evaluated?

Oh, and iq_132, thanks for the patcher  :cool: