Slot-1 now partially booting...

* Arm9 finally jumps to the cart's arm9 binary correctly. * However Arm7 still isn't cooperating for some reason....
2025-06-19 03:35:35 -04:00 · 2023-10-24 14:53:18 -05:00 · 2023-10-24 14:53:18 -05:00 · c88db53b08
commit c88db53b08
parent a6d31ec414
8 changed files with 141 additions and 49 deletions
--- a/arm9/source/main.c
+++ b/arm9/source/main.c
@ -12,6 +12,7 @@
 #include "prefcompat.h"
 #include "encryption.h"
 #include "read_card.h"
+#include "nds_card.h"
 #include "tonccpy.h"

 #ifdef EMBEDDED_FIRMWARE
@ -25,9 +26,6 @@
 #define NEED_FAT
 #endif

-#define NDS_HEADER 0x027FFE00
-#define NDS_HEADER2 0x02FFFE00
-
 fwunpackParams params;
 FILE* image;

@ -95,6 +93,7 @@ int main(void) {
 	#endif

 	params.isDsi = isDSiMode();
+	params.hasCart = 0;
 	
 	printf("fwrun\n\n");
 	memset(&params, sizeof params, 1);
@ -134,16 +133,42 @@ int main(void) {
 	
 	consoleClear();
 	
-	if (isDSiMode() && (REG_SCFG_EXT & BIT(31))) {
+	if (!isDSiMode()) {
+		ShowText();
+		ALIGN(4) u32 ndsHeader[0x80];
+		getHeader (ndsHeader);
+		bool noCart = false;
+		printf("Remove DS Card\nPress B to skip...");
+		do {
+			swiWaitForVBlank();
+			scanKeys();
+			if(keysDown() & KEY_B) { noCart = true; break; }
+			getHeader (ndsHeader);
+		} while (ndsHeader[0] != 0xFFFFFFFF);
+		consoleClear();
+		printf("Insert DS Card\nPress B to skip...");
+		do {
+			swiWaitForVBlank();
+			scanKeys();
+			if(keysDown() & KEY_B) { noCart = true; break; }
+			getHeader (ndsHeader);
+		} while (ndsHeader[0] == 0xFFFFFFFF);
+		if (!noCart) {
+			params.hasCart = 0x00000001;
+			for(int i = 0; i < 30; i++)swiWaitForVBlank();
+		}
+		consoleClear();
+	} else if (REG_SCFG_EXT & BIT(31)) {
 		bool CartWasMissing = (REG_SCFG_MC == 0x11);
 		if (!CartWasMissing) {
-			sNDSHeaderExt* ndsHeaderExt = (sNDSHeaderExt*)NDS_HEADER;
+			ALIGN(4) sNDSHeaderExt* ndsHeaderExt = (sNDSHeaderExt*)malloc(sizeof(sNDSHeaderExt));
 			if (REG_SCFG_MC == 0x10)enableSlot1();
 			cardInit(ndsHeaderExt);
-			tonccpy((void*)NDS_HEADER2, (void*)NDS_HEADER, 0x170);
+			params.hasCart = 0x00000001;
 		}
 	}
 	
+	
 	loader_run();

 	return 0;
--- a/arm9/source/nds_card.c
+++ b/arm9/source/nds_card.c
@ -0,0 +1,27 @@
+/*
+    NitroHax -- Cheat tool for the Nintendo DS
+    Copyright (C) 2008  Michael "Chishm" Chisholm
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stddef.h>
+#include <nds/card.h>
+#include "nds_card.h"
+
+void getHeader (u32* ndsHeader) {
+	cardParamCommand(CARD_CMD_DUMMY, 0, CARD_ACTIVATE | CARD_CLK_SLOW | CARD_BLK_SIZE(1) | CARD_DELAY1(0x1FFF) | CARD_DELAY2(0x3F), NULL, 0);
+	cardParamCommand(CARD_CMD_HEADER_READ, 0, CARD_ACTIVATE | CARD_nRESET | CARD_CLK_SLOW | CARD_BLK_SIZE(1) | CARD_DELAY1(0x1FFF) | CARD_DELAY2(0x3F), ndsHeader, 512);
+}
+
--- a/arm9/source/nds_card.h
+++ b/arm9/source/nds_card.h
@ -0,0 +1,36 @@
+/*
+    NitroHax -- Cheat tool for the Nintendo DS
+    Copyright (C) 2008  Michael "Chishm" Chisholm
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef NDS_CARD_H
+#define NDS_CARD_H
+
+#include <nds/ndstypes.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+void getHeader (u32* ndsHeader);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // NDS_CARD_H
--- a/bootloader/source/fwparams.h
+++ b/bootloader/source/fwparams.h
@ -46,4 +46,5 @@ typedef struct {
    fwAddrs guidata;
    fwType type;
    u32 isDsi;
+	u32 hasCart;
 } fwunpackParams;
--- a/bootloader/source/main.arm7.c
+++ b/bootloader/source/main.arm7.c
@ -372,18 +372,18 @@ u32 arm7_loadBinary (void) {

 	ndsHeader = loadHeader(twlHeaderTemp); // copy twlHeaderTemp to ndsHeader location

-	if (((u32)ndsHeader->arm9destination != 0x02000000) && ndsHeader->arm9binarySize < 0x0BFFFF) {
-		cardRead(ndsHeader->arm9romOffset, (u32*)NTR_CARTARM9, ndsHeader->arm9binarySize);
-	} else {
-		cardRead(ndsHeader->arm9romOffset, (u32*)ndsHeader->arm9destination, ndsHeader->arm9binarySize);
-	}
+	u32 Arm9Size = ndsHeader->arm9binarySize;
+	u32 MaxArm9Size = 0x09FFFF; // DS firwmare appears able to relocate it self if the cart's arm binary would be large enough to over write it... but that doesn't seem to happen in our case so must cap arm9 reads for now.
+	
+	if (Arm9Size > MaxArm9Size)Arm9Size = MaxArm9Size;
+	
+	cardRead(ndsHeader->arm9romOffset, (u32*)ndsHeader->arm9destination, Arm9Size);
 	cardRead(ndsHeader->arm7romOffset, (u32*)NTR_CARTARM7, ndsHeader->arm7binarySize);
 	
 	// Fix Pokemon games needing header data.
-	copyLoop((u32*)NDS_HEADER_POKEMON, (u32*)NDS_HEADER, 0x170);
-	// copyLoop((u32*)0x023FFE00, (u32*)NDS_HEADER, 0x170);
+	// copyLoop((u32*)NDS_HEADER_POKEMON, (u32*)NDS_HEADER, 0x170);

-	char* romTid = (char*)NDS_HEADER_POKEMON+0xC;
+	/* char* romTid = (char*)NDS_HEADER_POKEMON+0xC;
 	if (   memcpy(romTid, "ADA", 3) == 0 // Diamond
 		|| memcmp(romTid, "APA", 3) == 0 // Pearl
 		|| memcmp(romTid, "CPU", 3) == 0 // Platinum
@ -393,15 +393,14 @@ u32 arm7_loadBinary (void) {
 		// Make the Pokemon game code ADAJ.
 		const char gameCodePokemon[] = { 'A', 'D', 'A', 'J' };
 		memcpy((char*)NDS_HEADER_POKEMON+0xC, gameCodePokemon, 4);
-	}
+	}*/
 	
 	return ERR_NONE;
 }

 static void setMemoryAddress(const tNDSHeader* ndsHeader) {
-	if (ndsHeader->unitCode > 0) {
+	/*if (ndsHeader->unitCode > 0) {
 		copyLoop((u32*)0x027FFA80, (u32*)ndsHeader, 0x160);	// Make a duplicate of DS header
-		copyLoop((u32*)0x02FFFA80, (u32*)ndsHeader, 0x160);	// Make a duplicate of DS header

 		*(u32*)(0x027FA680) = 0x02FD4D80;
 		*(u32*)(0x027FA684) = 0x00000000;
@ -425,7 +424,7 @@ static void setMemoryAddress(const tNDSHeader* ndsHeader) {
 		} else if (strncmp(getRomTid(ndsHeader)+3, "K", 1) == 0) {
 			*(u8*)(0x027FFD70) = 5;
 		}
-	}
+	}*/
 	
    // Set memory values expected by loaded NDS
    // from NitroHax, thanks to Chism
@ -433,7 +432,16 @@ static void setMemoryAddress(const tNDSHeader* ndsHeader) {
 	*((u32*)0x027FF804) = chipID;					// Command10CardID
 	*((u16*)0x027FF808) = ndsHeader->headerCRC16;	// Header Checksum, CRC-16 of [000h-15Dh]
 	*((u16*)0x027FF80A) = ndsHeader->secureCRC16;	// Secure Area Checksum, CRC-16 of [ [20h]..7FFFh]
-	// *((u16*)0x027FF850) = 0x5835;
+	*((u16*)0x027FF850) = 0x5835;
+	*((u32*)0x027FF860) = (u32)ndsHeader->arm7executeAddress;
+		
+	// Extra bits
+	*((u16*)0x027FF869) = 0x03FE;
+	*((u16*)0x027FF874) = 0x4F5D;
+	 *((u8*)0x027FF880) = 0x03;
+	 *((u8*)0x027FF884) = 0x02;
+	*((u32*)0x027FF890) = 0x30002A02;
+	
 	// Copies of above
 	*((u32*)0x027FFC00) = chipID;					// CurrentCardID
 	*((u32*)0x027FFC04) = chipID;					// Command10CardID
@ -442,25 +450,22 @@ static void setMemoryAddress(const tNDSHeader* ndsHeader) {
 	*((u16*)0x027FFC10) = 0x5835;
 	*((u16*)0x027FFC40) = 0x01;						// Boot Indicator -- EXTREMELY IMPORTANT!!! Thanks to cReDiAr
 	
-	// *((vu32*)0x027FF860) = (u32)ndsHeader->arm7executeAddress;	 // Copy of Arm7's entry address?
-	// memcpy((u32*)0x027FF860, (u32*)ndsHeader->arm7executeAddress, 0x04);
-	// *((u32*)0x027FF860) = (u32)ndsHeader->arm7executeAddress;
-	// copyLoop((u32*)0x027FF860, (u32*)0x027FFE34, 0x4);
-	tonccpy((void*)0x027FF860, (u32*)0x027FFE34, 0x4);
-	tonccpy((void*)0x02FFF860, (u32*)0x02FFFE34, 0x4);
+	(*(vu32*)0x027FFFF4) = 0;
 	
 	// Smaller copy of header? This is what's present in memory during DS firmware boot up at least...
-	copyLoop((u32*)0x0235603C, (u32*)NDS_HEADER, 0xE0);
-	arm7_clearmem ((void*)0x0235603C, 0x4);
-	// copyLoop((u32*)0x023FF000, (u32*)0x027FF000, 0x1000);
-	// tonccpy((u32*)0x023FF000, (u32*)0x027FF000, 0x1000);
+	copyLoop((u32*)0x0235621C, (u32*)NDS_HEADER, 0xE0);
+	*((u32*)0x0235621C) = 0xFFFFFFFF;
+	
+	*((u32*)0x027FFE38) = (u32)NTR_CARTARM7;
+	
+	copyLoop((u32*)0x023FF000, (u32*)0x027FF000, 0x1000);
 }

 void arm7_main (void) {
 	
 	u32 errorCode;
-	bool noCart = ((REG_SCFG_MC == 0x11) || (REG_SCFG_MC == 0x10));
-	if (!params->isDsi) noCart = true;
+	bool noCart = (params->hasCart == 0);
+		
 	if (params->isDsi && (REG_SCFG_EXT & BIT(31))) {
 		REG_MBK9=0xFCFFFF0F;
 		*((vu32*)REG_MBK1)=0x8D898581;
@ -520,8 +525,8 @@ void arm7_main (void) {

 	if (!noCart)setMemoryAddress(ndsHeader);

-	*((vu32*)0x02FFFE24) = params->boot9.ramaddr;
-	*((vu32*)0x02FFFE34) = params->boot7.ramaddr;
+	*((vu32*)0x027FC024) = (u32)params->boot9.ramaddr;
+	*((vu32*)0x027FC034) = (u32)params->boot7.ramaddr;
 		
 	ipcSendState(ARM7_BOOTBIN);

--- a/bootloader/source/reset.arm7.s
+++ b/bootloader/source/reset.arm7.s
@ -64,7 +64,7 @@ arm7_reset:
 	@ ipcSendState(ARM7_BOOT)
 	strh	r0, [r12]
 	
-	ldr	r0,=0x2FFFE34
+	ldr	r0,=0x027FC034

 	ldr	r0,[r0]
 	bx	r0
--- a/bootloader/source/reset.arm9.s
+++ b/bootloader/source/reset.arm9.s
@ -100,17 +100,13 @@ arm9_reset:
 	@ while (ipcRecvState() != ARM7_BOOT);
 	bl	waitsync

-	ldr	r10, =0x2FFFE24
+	ldr	r10, =0x027FC024
 	ldr	r2, [r10]

 	@ Switch MPU to startup default
 	ldr	r0, =0x00012078
 	mcr	p15, 0, r0, c1, c0, 0

-	@ enable cache & tcm
-	ldr	r1,= ITCM_ENABLE | DTCM_ENABLE | ICACHE_ENABLE | DCACHE_ENABLE
-	orr	r0,r0,r1
-	
 	bx	r2

 	.pool
@ -130,10 +126,11 @@ mpu_initial_data:
 	.word 0x15111011  @ p15,0,c5,c0,2,r2    ;PU Extended Access Permission Data/Unified Protection Region
 	.word 0x05100011  @ p15,0,c5,c0,3,r3    ;PU Extended Access Permission Instruction Protection Region
 	.word 0x04000033  @ p15,0,c6,c0,0,r4    ;PU Protection Unit Data/Unified Region 0
-	.word 0x0200002b  @ p15,0,c6,c1,0,r5    ;PU Protection Unit Data/Unified Region 1 4MB
+	.word 0x0200002B  @ p15,0,c6,c1,0,r5    ;PU Protection Unit Data/Unified Region 1 4MB
 	.word 0x08000035  @ p15,0,c6,c3,0,r6    ;PU Protection Unit Data/Unified Region 3
-	.word 0x0300001b  @ p15,0,c6,c4,0,r7    ;PU Protection Unit Data/Unified Region 4
-	.word 0xffff001d  @ p15,0,c6,c6,0,r8    ;PU Protection Unit Data/Unified Region 6
-	.word 0x02fff017  @ p15,0,c6,c7,0,r9    ;PU Protection Unit Data/Unified Region 7 4KB
-	.word 0x0300000a  @ p15,0,c9,c1,0,r10   ;TCM Data TCM Base and Virtual Size
+	.word 0x0300001B  @ p15,0,c6,c4,0,r7    ;PU Protection Unit Data/Unified Region 4
+	.word 0xFFFF001D  @ p15,0,c6,c6,0,r8    ;PU Protection Unit Data/Unified Region 6
+	.word 0x027FF017  @ p15,0,c6,c7,0,r9    ;PU Protection Unit Data/Unified Region 7 4KB
+	.word 0x0300000A  @ p15,0,c9,c1,0,r10   ;TCM Data TCM Base and Virtual Size
 itcm_reset_code_end:
+
--- a/include/fwparams.h
+++ b/include/fwparams.h
@ -46,4 +46,5 @@ typedef struct {
    fwAddrs guidata;
    fwType type;
    u32 isDsi;
+	u32 hasCart;
 } fwunpackParams;