GBA and DS ROM hacking guide
Sections
Abstract
Foreword
I Introduction
Introduction
Warning
II ROM hacking concepts
1
Basics
1.1
Hexadecimal
1.1.1
Representation
1.1.2
BCD (Binary coded decimal)
1.1.3
Big and little endian
1.1.4
Signed values, floating point and fixed point
1.2
Hex operations
1.2.1
Shift
1.2.2
Rotate
1.2.3
Flip
1.2.4
Boolean logic
1.2.5
Hex Mathematics.
1.3
Patching and patch making
1.4
File systems and operations
1.4.1
Non filesystem devices
1.4.2
GBA
1.4.3
DS
1.4.4
3DS
1.4.5
GC (gamecube)
1.4.6
Wii
1.4.7
Xbox
1.4.8
Xbox 360
1.4.9
PS1 and PS2
1.4.10
PS3
1.4.11
PSP
1.4.12
Saturn
1.4.13
Dreamcast
1.4.14
Amiga
1.4.15
PC and related hardware.
1.5
Finding the object of your interest.
1.6
Abstraction
1.7
Tools of the trade continued
1.7.1
Hex editor
1.7.2
Tile editor
1.7.3
Spreadsheet and command line
1.7.4
Compression
1.7.5
Music
1.7.6
ASM/Assembly
1.8
Basic file format concepts
2
Graphics
2.1
Basic graphics concepts
2.1.1
Aliasing
2.1.2
Haloing
2.1.3
Bit depth
2.2
Palettes and colours
2.2.1
GBA colours (15 bit)
2.3
Tiles
2.3.1
1Bpp
2.3.2
4 Bpp
2.3.3
8Bpp
2.3.4
GBA3 Xbpp
2.3.5
GBA2 4BPP
2.3.6
Bitmap
2.3.7
Known formats
2.3.8
Crystaltile2 export and import.
2.3.9
Avoiding gradients, AA, lossy compression, noise and such things.
2.4
Layout, timing, OAM and special effects
2.4.1
Introduction to the OAM and BG modes.
2.4.2
Timing
2.4.3
GBA and DS OAM (sprites)
2.4.4
GBA and DS BG modes
2.4.5
Emulator shots
2.4.6
Basic animation
2.4.7
Window feature
2.4.8
Special features (flipping, affine transformation, alpha and such)
2.4.9
Basic DS layout formats and mapping
2.4.10
Video memory handling and alignment
2.5
3d
2.5.1
Basic 3d (bones, coordinates, keyframes)
2.5.2
Viewpoints
2.5.3
Textures and material colours
2.5.4
Models
2.5.5
Lighting/shadows
2.5.6
3d smoke and fog
2.5.7
Animations
2.5.8
DS 3D hardware
2.5.9
The shift of the 3D to DS 2d
2.5.10
NSBMD
2.5.11
Basic NSBMD hacks
2.5.12
Example of minor hack
2.5.13
Basic texture viewing hack
2.5.14
Command decoding aside
2.5.15
Non NSBMD
2.6
Notes and further reading
3
Text
3.1
Tables
3.1.1
Table creation and figuring out custom encodings
3.1.2
Relative searching
3.1.3
Corruption and alteration
3.1.4
Memory viewing and corruption
3.1.5
Frequency analysis
3.1.6
Language analysis
3.1.7
Pointer and encoding/hex analysis
3.1.8
Assembly tracing
3.1.9
Font viewing
3.1.10
Language comparing
3.1.11
Table creation tools
3.2
Pointers
3.2.1
Special cases and non pointer concepts
3.2.2
Example reverse engineering of pointers
3.3
Markup, control codes and placeholders
3.3.1
Worked example
3.4
Fonts
3.4.1
NFTR
3.4.2
Adding characters to NFTR
3.4.3
Common hacks
3.5
Scripting and layout
3.5.1
Layout and limits
3.6
Text extraction and insertion
3.6.1
Text extraction
3.6.2
Text insertion
3.7
Language detection in DS games
3.8
Translation hacking
3.8.1
The types of Japanese characters and how they work -
3.8.2
Japanese glyphs/characters and observations on the language
3.8.3
On language
3.8.4
Right to left languages and translation.
3.9
Japanese text editors and translation tools
3.9.1
General Japanese capable text editors
3.9.2
ROM hacking tools
3.9.3
CAT tools
4
Multimedia
4.1
Sound
4.1.1
SDAT (NDS)
4.1.2
Others
4.1.3
Tracker formats
4.1.4
General rule of thumb for custom audio formats
4.1.5
Common DS SDAT audio hacks (undubbing, injection, tweaks and relinking)
4.1.6
Basic undub
4.1.7
Relinking
4.1.8
Injection
4.1.9
Proper/complex undub
4.1.10
SSEQ editing
4.1.11
GBA audio
4.1.12
Sappy
4.1.13
Notable GBA audio hacks
4.2
Video
4.2.1
General video theory
4.2.2
Mods/VX/act imagine by Mobiclip.
4.2.3
RAD/Bink
4.2.4
Criware
4.3
Cut scenes
5
Game logic
5.1
Levels and Stats
5.1.1
Example tools
5.1.2
Level editing techniques
5.1.3
Worked example
5.1.4
Stats
5.1.5
RPG randomiser
5.2
Compression
5.2.1
Lossy
5.2.2
Lossless
5.2.3
Basic theory of the actual implementations
5.2.4
Compression at hexadecimal level
5.3
Cheating
5.3.1
General cheat making
5.3.2
GBA cheat making
5.3.3
DS cheat making
5.3.4
Basic making of a cheat
5.3.5
Cheat prevention methods and frustrations
5.3.6
Instruction editing cheating
5.4
Programming concepts
5.4.1
Functions and procedural programming. Also return oriented programming/ROP
5.4.2
IF ELSE
5.4.3
Recursion
5.4.4
Iteration
5.4.5
Loops
5.4.6
Turing complete
5.4.7
Fundamentals of Assembly
5.5
Assembly
5.5.1
ARM
5.5.2
GBA Assembly specifics
5.5.3
DS Assembly specifics
5.5.4
The GBA and DS compared
5.5.5
On controls
5.5.6
Hooking
5.5.7
GBA cart as extra memory for DS hacks
5.6
Non specific assembly discussion.
5.6.1
Language mod example
5.6.2
Non code in ASM
5.6.3
Destructive vs non destructive assembly editing
5.6.4
Polymorphic and dynamic code
5.6.5
Slowdown and speedup
5.6.6
Cryptography (encryption, checksums and signatures)
5.6.7
Multiplayer and the failure of Nintendo’s online DS security.
5.6.8
Save editing
5.6.9
Interpreted languages
5.6.10
Game AI, game logic and game theory
5.7
Flash cart and emulator theory
5.7.1
GBA
5.7.2
DS
5.8
ROM hacking “protection”
III Examples, oddities and techniques
6
Crystaltile2 general usage guide
7
GBA tracing
7.1
Tracing options
7.1.1
Worked examples
8
DS tracing
8.1
DS debugging emulators
8.2
Cart read command
8.2.1
Basic lookup and methods for it
8.2.2
Header reverse engineering/generated values
9
Reverse engineering various ROM images
9.1
Large archive on top of filesystem
9.1.1
Tony Hawk
9.1.2
Star Wars - The Force Unleashed
9.1.3
El Tigre Make my mule
9.2
Compression
9.3
First Person Game
9.4
Platformer
9.5
Fighting games
9.6
Role playing games
9.7
Racing games
9.8
Puzzle
9.8.1
Mahjong game
9.8.2
Tetris
9.9
Other genres
10
Developer leftovers
11
Workarounds
12
Moving to a new system
13
Developer tricks aka thinking like a game developer
13.0.1
Level and mechanism design
13.0.2
Sprite and palette reuses
13.0.3
Pre rendering
13.0.4
Speed blur and fog
13.0.5
Loading covers
13.0.6
Optimisation of loading
13.0.7
3d imagery in general
13.0.8
Procedural generation
13.0.9
Noise on images and sound.
13.0.10
Using the limits of the system/working to them
13.0.11
Network coding
14
Game design and media
15
Python, batch files and programming for ROM hacking
15.1
radare2 reverse engineering tools
15.2
Programming languages
15.3
Python
16
PC program hacking
16.1
Debugging
16.2
Decompilation
17
Version control and project management.
17.1
Project and team management
17.2
Version control
18
Interesting links and further reading.
18.1
Links
18.2
Further reading
IV File formats (specifications, methods and known formats)
19
General things about the DS
20
Generic DS nitro SDK format
21
General file reverse engineering
21.1
Headers
21.2
File sizes
21.3
Multiple versions of the game
21.4
File names and extensions
21.5
Tile viewers
21.6
Pointers and such
22
Sound
22.1
SDAT
22.2
SSEQ
22.3
STRM
22.4
SWAR
22.5
SWAR
22.6
BANK
22.7
Other formats
23
Graphics
24
2d
24.1
NCER
24.2
NANR
24.3
NCGR
24.4
NSCR
24.5
NMCR
24.6
NFTR
25
3d
25.1
NSBMD
25.2
NSBTX
25.3
NSBCA
26
Packing format
26.1
NARC, ARC and CARC
27
Text
27.1
BMG
V Glossary, index and such
28
Glossary
References
Documentation Project on GBATemp
GBA and DS ROM hacking guide
24.5
NMCR
Location
Size
Description