NDS Roms - Nintendo DS Game Backup
Metroid Prime Hunters
First Hunt NDS ROM
ROM Progress Report.... DarkFader hasn't been getting much sleep recently but he may earn a solid 12 hour block of shut-eye shortly if he keeps making progress at this pace. Here's what's happened since DarkFader dumped the Metroid card on Dec 21st...
1) He flashed the ARM7 part of Metroid to GBA cartridge. At startup this code normally gets loaded to the RAM from the DS cartridge but DarkFader changed the execution address to the GBA slot. This worked. The Metroid card can be removed and Metroid is still playable from the GBA slot.
2) DarkFader dumped the first 0x4000 bytes of the ARM9 executable with a piece of ARM7 code and can reconstruct a full ROM.
What does this mean?
1) The entire system may well be accessible from the GBA slot - not just GBA games. Which would greatly speed homebrewing as writable GBA cartridges are cheap and plentiful.
2) DarkFader is able to work on virtually no sleep and should be commended.
If anything happens, I'll post it here...
Downloads are currently offline and if you are wondering why - it is becaiuse there is no emulator to play nds ames so waiting for an emulator to be released.
||Metroid Prime Hunters - First Hunt
||Super Mario 64 DS
NDS rom backup devices
At this point there are NO commercial NDS Flash Card or Linker made specificly for backup of Nintendo DS Roms so take a look at the compatibilty tests of Gameboy Advance rom Backup devices with the NDS peformed by Gameboy-Advance.net
Nintendo DS Rom Hacking
Explore metroid levels with this aplication -- http://www.auby.no/dill/dsgraph.rar
DSgraph in action
Homebrew DS Games
The breakthrough for running custom code on the DS came when DarkFader found out that he could make the DS jump to the GBA cart by modifying the ARM7 vector and adjusting the CRC16 in the Metroid header with his passthrough setup. This allowed him to take over the ARM7 which was at that time running in DS mode (i.e. with access to DS specific hardware). The custom ARM7 code could then load ARM9 code into memory and then take over the ARM9. As a result, DS homebrewing became a reality.
The primary (read: only) means of running homebrew code on the Nintendo DS is currently via a passthrough mechanism in the DS card port and a traditional GBA flash cart in the GBA cartridge port . A passthrough technique is required, since the DS BIOS enables encryption after reading the header, and the encryption is not fully understood.
The passthrough operates in protocol mode most of the time, transparently directing commands to the card and data back to the DS (see DS protocol . However, for the first transfer after a card reset (always the header fetch during boot), it feeds a modified header back to the DS instead of the data that would have come from the card.
This modified header is the same as the original header, with the exception of the ARM7 execute address and the header CRC16. The ARM7 execute address points to 0x08000000 (GBA cartrdige ROM), and the header CRC16 is recomputed to account for the modifications. You can't do this trick to run ARM9 directly, because the BIOS gives the ARM7 priority on the cartridge space during bootup.
Once you select the game in the firmware menu (or it auto-loads, depending on your settings), the code on the GBA cartridge will be executed. Unlike running code directly off of a GBA cartridge, it is executed in DS mode , not GBA mode! At this point, you're free to do what you want, but typically the ARM7 bootloader code on the cartridge copies a pair of ARM binaries to RAM, one for the ARM7 and the other for the ARM9.
All of the hardware constructed so far consists of a FPGA between the DS and a DS cartridge, and either a GBA flash cart or GBA cartridge emulator also running on the FPGA.
sgstair and Ampz built protocol sniffers and laid the groundwork for the passthrough, and DarkFader built the first passthrough and documented it.
Five people have built passthroughs so far:
Natrium and Dovoto are making passthroughs out of CPLDs, which should be significantly smaller than the existing FPGA boards, but the only current idea for eliminating the passthrough entirely involves replacing a BGA chip inside the DS...