3DS reverse engineering

Discussion of development of software for any "obsolete" computer or video game system.
TuxSH
Posts: 1
Joined: Tue May 19, 2020 12:47 pm

Re: 3DS reverse engineering

Post by TuxSH » Mon Jun 01, 2020 1:45 pm

I've added a few regs: You can find a fully commented sleep mode entry function: I've made some other changes as well.
Hope this helps.

profi200
Posts: 48
Joined: Fri May 10, 2019 4:48 am

Re: 3DS reverse engineering

Post by profi200 » Mon Jun 22, 2020 3:51 pm

Another little puzzle piece. The GBA RTC on 3DS works a little different than you think. You need to set the base BCD date and time and the regs you named "HEX" contain the offset from this base. This can be confirmed by for example setting the time and date to the correct current one and then starting a new save in one of the RTC enabled Pokémon games. The offset will increase quite high as the game resets the RTC to 1.1.2000 00:00.

Legacy Process9 does set the current BCD date and time and uses the offset it stores along the savegame. I currently don't do that and set the date and time with offset 0. Looks like i can get away with this and it's still working.

From source/arm9/hardware/lgy.c:

Code: Select all

Result LGY_setGbaRtc(const GbaRtc rtc)
{
	// Set base time and date.
	REG_LGY_GBA_RTC_BCD_TIME = rtc.time;
	REG_LGY_GBA_RTC_BCD_DATE = rtc.date;

	//while(REG_LGY_GBA_RTC_CNT & LGY_RTC_CNT_BUSY);
	//REG_LGY_GBA_RTC_CNT = 0; // Legacy P9 does this. Useless?
	REG_LGY_GBA_RTC_HEX_TIME = 1u<<15; // Time offset 0 and 24h format.
	REG_LGY_GBA_RTC_HEX_DATE = 0;      // Date offset 0.
	REG_LGY_GBA_RTC_CNT = LGY_RTC_CNT_WR;
	while(REG_LGY_GBA_RTC_CNT & LGY_RTC_CNT_BUSY);

	if(REG_LGY_GBA_RTC_CNT & LGY_RTC_CNT_WR_ERR) return RES_GBA_RTC_ERR;
	else                                         return RES_OK;
}

Result LGY_getGbaRtc(GbaRtc *const out)
{
	//while(REG_LGY_GBA_RTC_CNT & LGY_RTC_CNT_BUSY);
	//REG_LGY_GBA_RTC_CNT = 0; // Legacy P9 does this. Useless?
	REG_LGY_GBA_RTC_CNT = LGY_RTC_CNT_RD;
	while(REG_LGY_GBA_RTC_CNT & LGY_RTC_CNT_BUSY);

	if((REG_LGY_GBA_RTC_CNT & LGY_RTC_CNT_WR_ERR) == 0u)
	{
		out->time = REG_LGY_GBA_RTC_BCD_TIME;
		out->date = REG_LGY_GBA_RTC_BCD_DATE;

		return RES_OK;
	}

	return RES_GBA_RTC_ERR;
}

Also another strange thing i found. Setting bit 7 in REG_LGY_GBA_RTC_HEX_TIME makes the entire(?) GBA hardware hang no matter if at runtime or before doing the final switch to GBA mode. It just dies including graphics and sound. This seems unrecoverable (could not get it to work at all after setting this bit).

nocash
Posts: 1236
Joined: Fri Feb 24, 2012 12:09 pm
Contact:

Re: 3DS reverse engineering

Post by nocash » Fri Oct 16, 2020 9:59 pm

Released no$gba v3.03 - http://problemkaputt.de/gba.htm

My latest finding was the system settings file, it's called the "config savegame", apart from the system settings it does also contain a copy of the HWCAL calibration settings, accessing that file requires deciphering DISA containers and SAVE filesystem... and then I got a bit side-tracked and spent the next 4-5 months on improving my filesystem viewer and adding specs for various nds/dsi/3ds file formats.

Code: Select all

17 Oct 2020 - version 3.03
- filesys viewer: supports deeply nested/compressed/encrypted filesystems
- filesys viewer: allows to browse into dozens of compressed/archive filetypes
- filesys viewer: added file/folder/archive/device icons, added save-as button
- filesys viewer: auto-mounts child archives when expanding treeview items
- filesys viewer: detects about 150 different filetypes
- nds/help: file formats for sound, 2d/3d-video, message, manuals
- 3ds/help: file formats for sound, 3d-video, message, mpo, cro0/crr0, config
- compression/help: specs for Yaz0, ASH0, ALZ1, zip compression
- archive/help: specs for arcless, narcless, sarc, zar, encrypted arika archives
- gba/eeprom: ignores non-DMA access (Tomato Adventure) (thanks Unknown W.B.)
- gba/eeprom: avoids crash by stripping upper 4bit of 14bit addresses
- gba/debug: fixed nonsense warnings on jumps to 300xxxxh (caused by dsi mapper)
- dsi/ndma: gxfifo ndma mode support, fixed ndma ctrl bits in iomap (thanks ttb)
- 3ds/help: MCU: added missing IRQ 26,27,28,29 and IRQ 18,19,20,21
- 3ds/help: added aes keyslot summary
- 3ds/help: specs for partitions, cleanup for FIRM encryption chapter
- 3ds/help: confirmed GBA footer format (removed most of the guess/maybe stuff)
- debug: fixed lost data/stack/regs window focus after emulation run
homepage - patreon - you can think of a bit as a bottle that is either half full or half empty

profi200
Posts: 48
Joined: Fri May 10, 2019 4:48 am

Re: 3DS reverse engineering

Post by profi200 » Sat Oct 17, 2020 8:05 am

Recommendation (not exactly related to 3DS reverse engineering):
Split gbatek into multiple html files. It has become so big that lower end devices struggle with the site. Lower end for example being older ARMv7 tablets/smartphones or if you try to browse the site on a Raspberry Pi.
It even took seconds to load on a relatively modern i7 machine when i still had ADSL (got my connection upgraded to 100 Mbit/s VDSL recently).

nocash
Posts: 1236
Joined: Fri Feb 24, 2012 12:09 pm
Contact:

Re: 3DS reverse engineering

Post by nocash » Wed Oct 21, 2020 11:54 pm

profi200 wrote:
Sat Oct 17, 2020 8:05 am
Recommendation (not exactly related to 3DS reverse engineering):
Split gbatek into multiple html files. It has become so big that lower end devices struggle with the site. Lower end for example being older ARMv7 tablets/smartphones or if you try to browse the site on a Raspberry Pi.
It even took seconds to load on a relatively modern i7 machine when i still had ADSL (got my connection upgraded to 100 Mbit/s VDSL recently).
Yes, the html version doesn't work too well. Thanks for pointing out! I've been wondering about that (and some other changes) for a while, too.
I've just made a separate topic for it: Reformatting GBATEK html version
homepage - patreon - you can think of a bit as a bottle that is either half full or half empty

Post Reply