Tuesday, February 08, 2005

My pass-through ran the first code!

So... when I got my DS and games, I started to make an FPGA (a programmable logic chip) -based pass-through that would let me capture and alter the cartridge traffic. An etched PCB goes into the DS and a cut GBC-connector holds a DS cartridge. Once this worked, I tried fiddling with the header and found out that it could run own code from the GBA slot. There is even a bit that automatically starts the program without user-interaction at the boot screen. For this, I made a utility called ndstool that fixes the CRC values in the header.
After I could run my own code, I made a small program that modified a text in memory of the Metroid demo and then continued executing.
Commercial games might be playable from GBA cartridge with some code patching, but it's also possible to attach a flashchip to the DS slot to put game files on. In fact, no GBA cartridge is even required for the pass-through trick. Just execute some small loader that is stored in the unencrypted header.

No comments: