From c88db53b08b01d0b545a9b10a9cf6337a5b28e3a Mon Sep 17 00:00:00 2001
From: ApacheThunder <spenserwhaley@gmail.com>
Date: Tue, 24 Oct 2023 14:53:18 -0500
Subject: [PATCH] Slot-1 now partially booting...

* Arm9 finally jumps to the cart's arm9 binary correctly.
* However Arm7 still isn't cooperating for some reason....
---
 arm9/source/main.c             | 39 +++++++++++++++++----
 arm9/source/nds_card.c         | 27 +++++++++++++++
 arm9/source/nds_card.h         | 36 +++++++++++++++++++
 bootloader/source/fwparams.h   |  1 +
 bootloader/source/main.arm7.c  | 63 ++++++++++++++++++----------------
 bootloader/source/reset.arm7.s |  2 +-
 bootloader/source/reset.arm9.s | 21 +++++-------
 include/fwparams.h             |  1 +
 8 files changed, 141 insertions(+), 49 deletions(-)
 create mode 100644 arm9/source/nds_card.c
 create mode 100644 arm9/source/nds_card.h

diff --git a/arm9/source/main.c b/arm9/source/main.c
index 64c17da..248f330 100644
--- a/arm9/source/main.c
+++ b/arm9/source/main.c
@@ -12,6 +12,7 @@
 #include "prefcompat.h"
 #include "encryption.h"
 #include "read_card.h"
+#include "nds_card.h"
 #include "tonccpy.h"
 
 #ifdef EMBEDDED_FIRMWARE
@@ -25,9 +26,6 @@
 #define NEED_FAT
 #endif
 
-#define NDS_HEADER 0x027FFE00
-#define NDS_HEADER2 0x02FFFE00
-
 fwunpackParams params;
 FILE* image;
 
@@ -95,7 +93,8 @@ int main(void) {
 	#endif
 
 	params.isDsi = isDSiMode();
-
+	params.hasCart = 0;
+	
 	printf("fwrun\n\n");
 	memset(&params, sizeof params, 1);
 
@@ -134,16 +133,42 @@ int main(void) {
 	
 	consoleClear();
 	
-	if (isDSiMode() && (REG_SCFG_EXT & BIT(31))) {
+	if (!isDSiMode()) {
+		ShowText();
+		ALIGN(4) u32 ndsHeader[0x80];
+		getHeader (ndsHeader);
+		bool noCart = false;
+		printf("Remove DS Card\nPress B to skip...");
+		do {
+			swiWaitForVBlank();
+			scanKeys();
+			if(keysDown() & KEY_B) { noCart = true; break; }
+			getHeader (ndsHeader);
+		} while (ndsHeader[0] != 0xFFFFFFFF);
+		consoleClear();
+		printf("Insert DS Card\nPress B to skip...");
+		do {
+			swiWaitForVBlank();
+			scanKeys();
+			if(keysDown() & KEY_B) { noCart = true; break; }
+			getHeader (ndsHeader);
+		} while (ndsHeader[0] == 0xFFFFFFFF);
+		if (!noCart) {
+			params.hasCart = 0x00000001;
+			for(int i = 0; i < 30; i++)swiWaitForVBlank();
+		}
+		consoleClear();
+	} else if (REG_SCFG_EXT & BIT(31)) {
 		bool CartWasMissing = (REG_SCFG_MC == 0x11);
 		if (!CartWasMissing) {
-			sNDSHeaderExt* ndsHeaderExt = (sNDSHeaderExt*)NDS_HEADER;
+			ALIGN(4) sNDSHeaderExt* ndsHeaderExt = (sNDSHeaderExt*)malloc(sizeof(sNDSHeaderExt));
 			if (REG_SCFG_MC == 0x10)enableSlot1();
 			cardInit(ndsHeaderExt);
-			tonccpy((void*)NDS_HEADER2, (void*)NDS_HEADER, 0x170);
+			params.hasCart = 0x00000001;
 		}
 	}
 	
+	
 	loader_run();
 
 	return 0;
diff --git a/arm9/source/nds_card.c b/arm9/source/nds_card.c
new file mode 100644
index 0000000..f8fafd0
--- /dev/null
+++ b/arm9/source/nds_card.c
@@ -0,0 +1,27 @@
+/*
+    NitroHax -- Cheat tool for the Nintendo DS
+    Copyright (C) 2008  Michael "Chishm" Chisholm
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stddef.h>
+#include <nds/card.h>
+#include "nds_card.h"
+
+void getHeader (u32* ndsHeader) {
+	cardParamCommand(CARD_CMD_DUMMY, 0, CARD_ACTIVATE | CARD_CLK_SLOW | CARD_BLK_SIZE(1) | CARD_DELAY1(0x1FFF) | CARD_DELAY2(0x3F), NULL, 0);
+	cardParamCommand(CARD_CMD_HEADER_READ, 0, CARD_ACTIVATE | CARD_nRESET | CARD_CLK_SLOW | CARD_BLK_SIZE(1) | CARD_DELAY1(0x1FFF) | CARD_DELAY2(0x3F), ndsHeader, 512);
+}
+
diff --git a/arm9/source/nds_card.h b/arm9/source/nds_card.h
new file mode 100644
index 0000000..ee1eb93
--- /dev/null
+++ b/arm9/source/nds_card.h
@@ -0,0 +1,36 @@
+/*
+    NitroHax -- Cheat tool for the Nintendo DS
+    Copyright (C) 2008  Michael "Chishm" Chisholm
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef NDS_CARD_H
+#define NDS_CARD_H
+
+#include <nds/ndstypes.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+void getHeader (u32* ndsHeader);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // NDS_CARD_H
diff --git a/bootloader/source/fwparams.h b/bootloader/source/fwparams.h
index 7b16a32..217b703 100644
--- a/bootloader/source/fwparams.h
+++ b/bootloader/source/fwparams.h
@@ -46,4 +46,5 @@ typedef struct {
     fwAddrs guidata;
     fwType type;
     u32 isDsi;
+	u32 hasCart;
 } fwunpackParams;
\ No newline at end of file
diff --git a/bootloader/source/main.arm7.c b/bootloader/source/main.arm7.c
index e79d728..6fc8bfe 100644
--- a/bootloader/source/main.arm7.c
+++ b/bootloader/source/main.arm7.c
@@ -363,7 +363,7 @@ void arm7_resetMemory () {
 
 u32 arm7_loadBinary (void) {
 	u32 errorCode;
-		
+	
 	tDSiHeader* twlHeaderTemp = (tDSiHeader*)TMP_HEADER; // Use same region cheat engine goes. Cheat engine will replace this later when it's not needed.
 
 	// Init card
@@ -372,18 +372,18 @@ u32 arm7_loadBinary (void) {
 
 	ndsHeader = loadHeader(twlHeaderTemp); // copy twlHeaderTemp to ndsHeader location
 
-	if (((u32)ndsHeader->arm9destination != 0x02000000) && ndsHeader->arm9binarySize < 0x0BFFFF) {
-		cardRead(ndsHeader->arm9romOffset, (u32*)NTR_CARTARM9, ndsHeader->arm9binarySize);
-	} else {
-		cardRead(ndsHeader->arm9romOffset, (u32*)ndsHeader->arm9destination, ndsHeader->arm9binarySize);
-	}
+	u32 Arm9Size = ndsHeader->arm9binarySize;
+	u32 MaxArm9Size = 0x09FFFF; // DS firwmare appears able to relocate it self if the cart's arm binary would be large enough to over write it... but that doesn't seem to happen in our case so must cap arm9 reads for now.
+	
+	if (Arm9Size > MaxArm9Size)Arm9Size = MaxArm9Size;
+	
+	cardRead(ndsHeader->arm9romOffset, (u32*)ndsHeader->arm9destination, Arm9Size);
 	cardRead(ndsHeader->arm7romOffset, (u32*)NTR_CARTARM7, ndsHeader->arm7binarySize);
 	
 	// Fix Pokemon games needing header data.
-	copyLoop((u32*)NDS_HEADER_POKEMON, (u32*)NDS_HEADER, 0x170);
-	// copyLoop((u32*)0x023FFE00, (u32*)NDS_HEADER, 0x170);
+	// copyLoop((u32*)NDS_HEADER_POKEMON, (u32*)NDS_HEADER, 0x170);
 
-	char* romTid = (char*)NDS_HEADER_POKEMON+0xC;
+	/* char* romTid = (char*)NDS_HEADER_POKEMON+0xC;
 	if (   memcpy(romTid, "ADA", 3) == 0 // Diamond
 		|| memcmp(romTid, "APA", 3) == 0 // Pearl
 		|| memcmp(romTid, "CPU", 3) == 0 // Platinum
@@ -393,15 +393,14 @@ u32 arm7_loadBinary (void) {
 		// Make the Pokemon game code ADAJ.
 		const char gameCodePokemon[] = { 'A', 'D', 'A', 'J' };
 		memcpy((char*)NDS_HEADER_POKEMON+0xC, gameCodePokemon, 4);
-	}
+	}*/
 	
 	return ERR_NONE;
 }
 
 static void setMemoryAddress(const tNDSHeader* ndsHeader) {
-	if (ndsHeader->unitCode > 0) {
+	/*if (ndsHeader->unitCode > 0) {
 		copyLoop((u32*)0x027FFA80, (u32*)ndsHeader, 0x160);	// Make a duplicate of DS header
-		copyLoop((u32*)0x02FFFA80, (u32*)ndsHeader, 0x160);	// Make a duplicate of DS header
 
 		*(u32*)(0x027FA680) = 0x02FD4D80;
 		*(u32*)(0x027FA684) = 0x00000000;
@@ -425,7 +424,7 @@ static void setMemoryAddress(const tNDSHeader* ndsHeader) {
 		} else if (strncmp(getRomTid(ndsHeader)+3, "K", 1) == 0) {
 			*(u8*)(0x027FFD70) = 5;
 		}
-	}
+	}*/
 	
     // Set memory values expected by loaded NDS
     // from NitroHax, thanks to Chism
@@ -433,7 +432,16 @@ static void setMemoryAddress(const tNDSHeader* ndsHeader) {
 	*((u32*)0x027FF804) = chipID;					// Command10CardID
 	*((u16*)0x027FF808) = ndsHeader->headerCRC16;	// Header Checksum, CRC-16 of [000h-15Dh]
 	*((u16*)0x027FF80A) = ndsHeader->secureCRC16;	// Secure Area Checksum, CRC-16 of [ [20h]..7FFFh]
-	// *((u16*)0x027FF850) = 0x5835;
+	*((u16*)0x027FF850) = 0x5835;
+	*((u32*)0x027FF860) = (u32)ndsHeader->arm7executeAddress;
+		
+	// Extra bits
+	*((u16*)0x027FF869) = 0x03FE;
+	*((u16*)0x027FF874) = 0x4F5D;
+	 *((u8*)0x027FF880) = 0x03;
+	 *((u8*)0x027FF884) = 0x02;
+	*((u32*)0x027FF890) = 0x30002A02;
+	
 	// Copies of above
 	*((u32*)0x027FFC00) = chipID;					// CurrentCardID
 	*((u32*)0x027FFC04) = chipID;					// Command10CardID
@@ -441,26 +449,23 @@ static void setMemoryAddress(const tNDSHeader* ndsHeader) {
 	*((u16*)0x027FFC0A) = ndsHeader->secureCRC16;	// Secure Area Checksum, CRC-16 of [ [20h]..7FFFh]
 	*((u16*)0x027FFC10) = 0x5835;
 	*((u16*)0x027FFC40) = 0x01;						// Boot Indicator -- EXTREMELY IMPORTANT!!! Thanks to cReDiAr
-			
-	// *((vu32*)0x027FF860) = (u32)ndsHeader->arm7executeAddress;	 // Copy of Arm7's entry address?
-	// memcpy((u32*)0x027FF860, (u32*)ndsHeader->arm7executeAddress, 0x04);
-	// *((u32*)0x027FF860) = (u32)ndsHeader->arm7executeAddress;
-	// copyLoop((u32*)0x027FF860, (u32*)0x027FFE34, 0x4);
-	tonccpy((void*)0x027FF860, (u32*)0x027FFE34, 0x4);
-	tonccpy((void*)0x02FFF860, (u32*)0x02FFFE34, 0x4);
+	
+	(*(vu32*)0x027FFFF4) = 0;
 	
 	// Smaller copy of header? This is what's present in memory during DS firmware boot up at least...
-	copyLoop((u32*)0x0235603C, (u32*)NDS_HEADER, 0xE0);
-	arm7_clearmem ((void*)0x0235603C, 0x4);
-	// copyLoop((u32*)0x023FF000, (u32*)0x027FF000, 0x1000);
-	// tonccpy((u32*)0x023FF000, (u32*)0x027FF000, 0x1000);
+	copyLoop((u32*)0x0235621C, (u32*)NDS_HEADER, 0xE0);
+	*((u32*)0x0235621C) = 0xFFFFFFFF;
+	
+	*((u32*)0x027FFE38) = (u32)NTR_CARTARM7;
+	
+	copyLoop((u32*)0x023FF000, (u32*)0x027FF000, 0x1000);
 }
 
 void arm7_main (void) {
 	
 	u32 errorCode;
-	bool noCart = ((REG_SCFG_MC == 0x11) || (REG_SCFG_MC == 0x10));
-	if (!params->isDsi) noCart = true;
+	bool noCart = (params->hasCart == 0);
+		
 	if (params->isDsi && (REG_SCFG_EXT & BIT(31))) {
 		REG_MBK9=0xFCFFFF0F;
 		*((vu32*)REG_MBK1)=0x8D898581;
@@ -520,8 +525,8 @@ void arm7_main (void) {
 
 	if (!noCart)setMemoryAddress(ndsHeader);
 
-	*((vu32*)0x02FFFE24) = params->boot9.ramaddr;
-	*((vu32*)0x02FFFE34) = params->boot7.ramaddr;
+	*((vu32*)0x027FC024) = (u32)params->boot9.ramaddr;
+	*((vu32*)0x027FC034) = (u32)params->boot7.ramaddr;
 		
 	ipcSendState(ARM7_BOOTBIN);
 
diff --git a/bootloader/source/reset.arm7.s b/bootloader/source/reset.arm7.s
index 344ee8a..afd5e09 100644
--- a/bootloader/source/reset.arm7.s
+++ b/bootloader/source/reset.arm7.s
@@ -64,7 +64,7 @@ arm7_reset:
 	@ ipcSendState(ARM7_BOOT)
 	strh	r0, [r12]
 	
-	ldr	r0,=0x2FFFE34
+	ldr	r0,=0x027FC034
 
 	ldr	r0,[r0]
 	bx	r0
diff --git a/bootloader/source/reset.arm9.s b/bootloader/source/reset.arm9.s
index c93d2b0..2e8e0d3 100644
--- a/bootloader/source/reset.arm9.s
+++ b/bootloader/source/reset.arm9.s
@@ -100,17 +100,13 @@ arm9_reset:
 	@ while (ipcRecvState() != ARM7_BOOT);
 	bl	waitsync
 
-	ldr	r10, =0x2FFFE24
+	ldr	r10, =0x027FC024
 	ldr	r2, [r10]
-	
+
 	@ Switch MPU to startup default
 	ldr	r0, =0x00012078
 	mcr	p15, 0, r0, c1, c0, 0
 
-	@ enable cache & tcm
-	ldr	r1,= ITCM_ENABLE | DTCM_ENABLE | ICACHE_ENABLE | DCACHE_ENABLE
-	orr	r0,r0,r1
-	
 	bx	r2
 
 	.pool
@@ -130,10 +126,11 @@ mpu_initial_data:
 	.word 0x15111011  @ p15,0,c5,c0,2,r2    ;PU Extended Access Permission Data/Unified Protection Region
 	.word 0x05100011  @ p15,0,c5,c0,3,r3    ;PU Extended Access Permission Instruction Protection Region
 	.word 0x04000033  @ p15,0,c6,c0,0,r4    ;PU Protection Unit Data/Unified Region 0
-	.word 0x0200002b  @ p15,0,c6,c1,0,r5    ;PU Protection Unit Data/Unified Region 1 4MB
+	.word 0x0200002B  @ p15,0,c6,c1,0,r5    ;PU Protection Unit Data/Unified Region 1 4MB
 	.word 0x08000035  @ p15,0,c6,c3,0,r6    ;PU Protection Unit Data/Unified Region 3
-	.word 0x0300001b  @ p15,0,c6,c4,0,r7    ;PU Protection Unit Data/Unified Region 4
-	.word 0xffff001d  @ p15,0,c6,c6,0,r8    ;PU Protection Unit Data/Unified Region 6
-	.word 0x02fff017  @ p15,0,c6,c7,0,r9    ;PU Protection Unit Data/Unified Region 7 4KB
-	.word 0x0300000a  @ p15,0,c9,c1,0,r10   ;TCM Data TCM Base and Virtual Size
-itcm_reset_code_end:
\ No newline at end of file
+	.word 0x0300001B  @ p15,0,c6,c4,0,r7    ;PU Protection Unit Data/Unified Region 4
+	.word 0xFFFF001D  @ p15,0,c6,c6,0,r8    ;PU Protection Unit Data/Unified Region 6
+	.word 0x027FF017  @ p15,0,c6,c7,0,r9    ;PU Protection Unit Data/Unified Region 7 4KB
+	.word 0x0300000A  @ p15,0,c9,c1,0,r10   ;TCM Data TCM Base and Virtual Size
+itcm_reset_code_end:
+
diff --git a/include/fwparams.h b/include/fwparams.h
index 60c4bdc..d9fddaa 100644
--- a/include/fwparams.h
+++ b/include/fwparams.h
@@ -46,4 +46,5 @@ typedef struct {
     fwAddrs guidata;
     fwType type;
     u32 isDsi;
+	u32 hasCart;
 } fwunpackParams;
\ No newline at end of file