Hacking Patching Out DSI Enhancement for Injects?

[ghostbit]

So, it's apparently known that current injection tech and loadiine don't support DS games with 'DSi Enhancement', such as Pokemon B/W or Conquest (my particular dilemma). The rom will just hang or freeze.

What I'm wondering is if (as some of the old anti-piracy patches at least partially did) the DSi enhanced segments of the rom could be removed it would then become functional on Wii U in some form.

Perhaps removing the opening security check isn't enough and selective trimming could be the answer?

There was a thread about this in 2016 but only a few things were tried, and I'm hoping the scene has advanced enough since then that a better solution can be found.

 

[E1ite007]

I would really recommend to you that you ask @phacox_cll, he's the main character working on the injection of VC games on the Wii U and possibly has some answers.

 

[phacox_cll]

As far as I know there has been no progress in this regard.

 

[ghostbit]

As far as I know there has been no progress in this regard.

That's unfortunate. No time like the present, though. Is it impossible or has pretty much just nobody looked into it? I'm ignorant of how the dual-mode dsi enhanced games operate, would somehow selectively trimming the 'enhanced' dsi code create a usable inject? Is there perhaps a simpler method that hasn't been tried yet?

 

[phacox_cll]

It hasn't been researched in depth, but it's not like there's a section of ROMs that can simply be trimmed to disable DSi features. Enhancements for DSi are built into the game's programming and everything is assembled into the final binary that we call ROM.

 

[nastys]

You could open the ROM executable in Ghidra or IDA Pro, find the code that checks whether it's running on a DSi and add a branching instruction to skip it.
Patching the emulator instead might be possible if we know exactly why it crashes.

 

[ghostbit]

It hasn't been researched in depth, but it's not like there's a section of ROMs that can simply be trimmed to disable DSi features. Enhancements for DSi are built into the game's programming and everything is assembled into the final binary that we call ROM.

So you'd need the source to do that?

You could open the ROM executable in Ghidra or IDA Pro, find the code that checks whether it's running on a DSi and add a branching instruction to skip it.

To my knowledge, that's what some of these old anti-piracy patches did, though I don't know what else they affected that could still render the inject useless...

For that matter, maybe I was never even able to get my hands on a patch that actually removed the DSi check.

Patching the emulator instead might be possible if we know exactly why it crashes.

In this case, the emulator is the one packaged in with the virtual console - can it be altered to that level... or even at all? Maybe by opening via loadiine or something it can attach some instructions before loading.

 

[The Real Jdbye]

Most of the dumps marked (DSi Enhanced) actually don't have the DSi section properly dumped (won't work on a CycloDSi in DSi mode), could that be why they don't work?

Edit: Maybe setting offset 0x12 in the header to 00 per https://dsibrew.org/wiki/DSi_Cartridge_Header would work? The DSi has to read some data in the ROM in order to determine whether to enable higher clocks and enhanced wifi support, right?

 

[ghostbit]

Most of the dumps marked (DSi Enhanced) actually don't have the DSi section properly dumped (won't work on a CycloDSi in DSi mode), could that be why they don't work?

Edit: Maybe setting offset 0x12 in the header to 00 per https://dsibrew.org/wiki/DSi_Cartridge_Header would work? The DSi has to read some data in the ROM in order to determine whether to enable higher clocks and enhanced wifi support, right?

An interesting idea for sure. If anyone gets positive results from this I hope they report it back here

 

[ATD555]

An interesting idea for sure. If anyone gets positive results from this I hope they report it back here

I just ran Pokémon Black Version with a 00 in the 0x12 offset in Desmume and it worked, will have to try it on the Wii U but won't be able to until later.

 

[MikaDubbz]

So, it's apparently known that current injection tech and loadiine don't support DS games with 'DSi Enhancement', such as Pokemon B/W or Conquest (my particular dilemma). The rom will just hang or freeze.

What I'm wondering is if (as some of the old anti-piracy patches at least partially did) the DSi enhanced segments of the rom could be removed it would then become functional on Wii U in some form.

Perhaps removing the opening security check isn't enough and selective trimming could be the answer?

There was a thread about this in 2016 but only a few things were tried, and I'm hoping the scene has advanced enough since then that a better solution can be found.

Oh man, if we could get Conquest and the Black and White titles running on the Wii U, I'd be so happy.

 

[ATD555]

I just ran Pokémon Black Version with a 00 in the 0x12 offset in Desmume and it worked, will have to try it on the Wii U but won't be able to until later.

So I just tried booting the game through the Wii U Virtual Console and it boots into the DS Emulation but the screens are white.

 

[ghostbit]

So I just tried booting the game through the Wii U Virtual Console and it boots into the DS Emulation but the screens are white.

I believe that's the standard behavior.

 

[MikaDubbz]

Guess it's not that simple (if it's even possible)

 

[driverdis]

So I just tried booting the game through the Wii U Virtual Console and it boots into the DS Emulation but the screens are white.

did you patch the anti piracy measures from the rom first, I thought a white screen was usually an indication that it failed the check like older flash carts do.

 

[ATD555]

did you patch the anti piracy measures from the rom first, I thought a white screen was usually an indication that it failed the check like older flash carts do.

I did not.... However I found this tutorial on how to patch the game, only thing is the tools and patches linked have been removed. Not sure where to go from here.

 

[Dabu47]

You can AP patch your NDS roms easily by using this tool
(The AP database contain Pokemon Conquest and Black and Whites titles, I just verified and patched them successfully)

 

[dpad_5678]

I know that there's a certain address in the ROM's header that tells the device (or emulator) whether the ROM is a NTR (DS) or TWL (DSi-enhanced or DSi-only) title. I'm not sure if the Wii U VC just isn't compatible with DSi titles, or if it actively checks to see if it's a DSi game and refuses to load it. If it does check the ROM's header, I suppose, in theory, changing that byte in the header would allow it to load since it'll just believe it's an NTR title.

 

[ATD555]

You can AP patch your NDS roms easily by using this tool
(The AP database contain Pokemon Conquest and Black and Whites titles, I just verified and patched them successfully)

I didn't have time to test it out last night, were you successful?

 

[Dabu47]

I didn't have time to test it out last night, were you successful?

I've patched both AP protection and the offset 0x012 in the rom header (setting it to 00 for NDS), exported it to VC through Phacox Injector 1.1.4 and it still return as a blank screen on my Wii U. (Rom tested: Pokemon Conquest - USA)

I guess it would have been too simple but anybody can double check: an error in my patching is always possible.