Search

[Rion]

Hex editing is easy as hell.

save game
open save in hex editor
open calc.exe, switch it over to sientific mode
Enter a value from the game. For this exsample lets say money. You have 4256 dollars in the game. Enter that in the caulculator. Now switch it to hex, it will make the number 10A0.
Take that enter it into the hex editor's search. it should come out with a resault.
too many resaults? pad the number, lets make it 000010A0
The reason for the 0s is that games have a set adress for some amounts like money. 10a0 is 2 bytes. Thats a max number of 65535 or ffff in hex. Some numbers go higher then 65535 so they give it 2 more bytes. So instead of ffff as a max value it can go as high as ffffffff or about 4.29 billion. so the amount your are looking for 4256 or 10A0 comes out as 000010A0
As soon as you have narrowed it down to a single adress change the value of that to what ever you like. Just make sure you change it in hex. 000010A0 change it to 000F4240. that's makes the value 1 million

Oh and always remember to back up your save game when doing this. sometimes you will change a value and it will make quite a few changes. Or maybe you put too many 0s on the number. Not all values are 4 bytes. Try for the closest match you can.

God knows how many times I was shafting my exp and ended up the entire team all the sudden getting 10 times the experiance I meant for the one team member to have.

This guide is taken from the Unofficial forum for M3.

Hex Workshop Hex Editor

http://www.hexworkshop.com/

[Overdrive_X]

Hex editing is easy as hell.

save game
open save in hex editor
open calc.exe, switch it over to sientific mode
Enter a value from the game. For this exsample lets say money. You have 4256 dollars in the game. Enter that in the caulculator. Now switch it to hex, it will make the number 10A0.
Take that enter it into the hex editor's search. it should come out with a resault.
too many resaults? pad the number, lets make it 000010A0
The reason for the 0s is that games have a set adress for some amounts like money. 10a0 is 2 bytes. Thats a max number of 65535 or ffff in hex. Some numbers go higher then 65535 so they give it 2 more bytes. So instead of ffff as a max value it can go as high as ffffffff or about 4.29 billion. so the amount your are looking for 4256 or 10A0 comes out as 000010A0
As soon as you have narrowed it down to a single adress change the value of that to what ever you like. Just make sure you change it in hex. 000010A0 change it to 000F4240. that's makes the value 1 million

Oh and always remember to back up your save game when doing this. sometimes you will change a value and it will make quite a few changes. Or maybe you put too many 0s on the number. Not all values are 4 bytes. Try for the closest match you can.

God knows how many times I was shafting my exp and ended up the entire team all the sudden getting 10 times the experiance I meant for the one team member to have.

This guide is taken from the Unofficial forum for M3.

Hex Workshop Hex Editor

http://www.hexworkshop.com/

Hex editing is easy but each Nintendo DS games use a different floating checksum. You must reverse enginiring the arm9 executable to found the good checksum for game X.

[Rion]

That sounds complicated. More info?

[Overdrive_X]

That sounds complicated. More info?

It's complicated in a way. Each game will do a calcul off the save file to see if someone modified it.


In Exemple: They gonna take *exemple* the 6 first hex value of the save game. and check if with the calcul (checksum) you get the good answer.

(Exemple)

Normal Save Game

Value1+Value2+Value3 = Checksum 5

Modified SaveGame

Value1+Value2+Value3 = Checksum 6

The Nintendo will do the V1+v2+v3 and say ok the checksum should be 6 on your modified save. If you did not change the checksum it will still be 5. The game gonna reject it and say your saved game is corrupted.

The worst part is to dissamble the arm9 binary using in exemple (IDA PRO + NDSLOADER) and you must found how the game calculate the checksum but the oupps it's when you dissamble, the code you see is in ASM (Assembler).

ASM is a Low Level so when you see the code you see the opcode of the arm9 cpu in exemple STOR you see the registers and the value. it's not like in C that look like a sentense. This is the very difficult part if your not asm familiar.

[Rion]

Ok. So if the game says the save is corrupt you can just stop trying cause you cant (if you dont know how) fix it.

[cory1492]

There are other ways to figure out the crc, but it can be complex. Going in and changing one small thing, saving, dumping your save, go back in and change something, save, dump it etc till you have a bunch you can compare to. Once you know which bytes are the checksum, you can see how that sum is affected by change in data... well, its statistics, with enough changes you should be able to calculate the checksum for the changes you want.

So yeah. If you dont have the patience to do that, or to learn assembly to delve into the ROM binary then its gonna be tough to figure it out. I personally havent seen a game yet that is worth that kind of patience, although those who are better at asm have already looked at nintendogs, mario kart and animal crossing. Perhaps others.

[Rion]

Will this help. If he makes one for NDS games?

http://m3-forum.com/viewtopic.php?t=914&highlight=

[Overdrive_X]

Will this help. If he makes one for NDS games?

http://m3-forum.com/viewtopic.php?t=914&highlight=

Hex Workshop still do Hex Comparing. The problem is each game calcul is checksum in a different way. Hex Workshop will do the job but there is no way of knowning the checksum beside of reverse enginiring the arm9 or by guessing and trying <----------- GOOD LUCK and i hope you have large amount of time.

Beside i'm gonna show you by picture what i am talking about. I'm gonna take Ping Pals and explain you what i mean.

[Overdrive_X]

Here is a JPEG image of some values in the Ping Pals saved games and where the checksum is located. The checksum is calculate somewhere in the file. Now you need to guess what data you must use to calculate the checksum. Remember even 0000 0000 count so you have 8Kbytes to search for .... IT'S A LOT to just guessing.

The best thing to do is getting IDA PRO and download the NDS Loader and dissamble the arm9 binary you extracted using Darkfader's NDSTOOL.

The best thing for people who don't really know how to do it. It's making a small group and learn from each other.

Remember that the checksum calcul cannot be used to calcul the checksum of Mario and Luigi or any other game. Each game have is own.

[Rion]

Thanks for all you help and info Overdrive_X.
This really sheds some light on things.

 

[Overdrive_X]

I'll try to do a small Documents (PDF) with images that explain how to get checksum equation using IDA PRO and a small Saved Game Editor in VB (OpenSource).

As many of you, i'm more focus on doing my thing than do docs.

[cory1492]

Honestly, some explanation for finding the correct info in IDA would be greatly appreciated. 1/2 the time I looking at the disasm wondering if it is disassembling properly or not (even with the ndsloader and ndssigs)...

[shark2003]

This may be a very dumb question,but since I use the GBA NeoFlash cart to play my DS games...is it possible to use a GBA gameshark and someone make codes that would pass the NDS game through and enable cheats....   (already tried this,but if I have the gameshark switch on,I get a white screen) This would probably be more complicated then finding the Checksum....

[loading]

ida works perfectly with nds loader ^^ but like 50% of all arm9 apps is packed so only the first part dissassembles i wrote a small unpacker for mariokart (most other compressed games i looked at work exactly the same way i guess that's part of nintendos sdk or something) and now it's looking much better anyways i still have problems finding the code for handling save data. (in any game not just mk) how do these SC or M3 patcher apps redirecht the save? does anyone know that maybe that does help.

obviously action replay for gba will not work that's completely different technology the closest thing you can get is with natriums mariokart loader instead of patching the course list add some code to freeze an address and and patch during bootup. i guess that will work but the only thing i was able to do so far was an offline coursehack in mariokart with a few bugs (ghosts completely screwup) the old sound plays.

[shark2003]

ida works perfectly with nds loader ^^ but like 50% of all arm9 apps is packed so only the first part dissassembles i wrote a small unpacker for mariokart (most other compressed games i looked at work exactly the same way i guess that's part of nintendos sdk or something) and now it's looking much better anyways i still have problems finding the code for handling save data. (in any game not just mk) how do these SC or M3 patcher apps redirecht the save? does anyone know that maybe that does help.

obviously action replay for gba will not work that's completely different technology the closest thing you can get is with natriums mariokart loader instead of patching the course list add some code to freeze an address and and patch during bootup. i guess that will work but the only thing i was able to do so far was an offline coursehack in mariokart with a few bugs (ghosts completely screwup) the old sound plays.

I have a copy of IDA and I dont any F**ing idea of what I am looking at,I figured out a little bit of the Hex stuff on my own...anyway,I am just trying to figure out the checksum for Castlevania: Dawn of Sorrow save.  Read my post here http://www.scdev.org/forum/viewtopic.php?t=2916