Difference between revisions of "Codebreaker (Nintendo DS)"

From Wiki - GameHacking.org
Jump to: navigation, search
(Added download link for CBDSCrypt)
 
(6 intermediate revisions by one other user not shown)
Line 1: Line 1:
Code Breaker is a cheat device developed by Pelican Accessories, currently available for PlayStation, PlayStation 2, Dreamcast and Nintendo DS. Along with competing product Action Replay, it is one of the few currently supported video game cheat devices.  The original model of the Codebreaker was identical to the Gameshark in that it would use codes to hack the game. It could also use Gameshark codes as well as its own. It was well known for having a more user friendly interface and design than the Gameshark.<br>
+
[[File:CodeBreaker_DS.jpg|thumb|right|160px|Codebreaker cartridge]]
<br>
+
'''Code Breaker''' is a [[Game Enhancer]] developed by [[Pelican Accessories]] for Nintendo DS. The original model of the Codebreaker was identical to the [[GameShark]] in that it would use codes to hack the game. It was well known for having a more user friendly interface and design than the GameShark.
[[File:CodeBreaker_DS.jpg]] [[File:Codebreaker_(Nintendo_DS).png]]
 
  
Using CBDSCrypt
+
==Using CBDSCrypt==
 
+
[http://doc.kodewerx.org/tools/nds/cbdscrypt.rar CBDSCrypt] is a utility developed by kenobi. It is capable of both encrypting and decrypting codes for the Codebreaker DS, as well as creating master codes. A rom of the game the codes are for is required in order to use this application. To use the program, simply run it, and then drag and drop the rom image on top of the program. Paste the codes that are to be encrypted or decrypted into the left textarea, and press the appropriate button "encrypt" or "decrypt" and the resulting codes will appear in the right text area.
[http://doc.kodewerx.org/tools.html#cbdscrypt CBDSCrypt] is a utility developed by kenobi. It is capable of both encrypting and decrypting codes for the Codebreaker DS, as well as creating master codes. A rom of the game the codes are for is required in order to use this application. To use the program, simply run it, and then drag and drop the rom image on top of the program. Paste the codes that are to be encrypted or decrypted into the left textarea, and press the appropriate button "encrypt" or "decrypt" and the resulting codes will appear in the right text area.
 
  
 
Master codes can be generated by pressing the (M) button. This program uses two methods to generate potential master codes, Parasyte's method and kenobi's method. Parasyte's method entails finding the location of the following instructions in both of the ARM executables:
 
Master codes can be generated by pressing the (M) button. This program uses two methods to generate potential master codes, Parasyte's method and kenobi's method. Parasyte's method entails finding the location of the following instructions in both of the ARM executables:
Line 19: Line 17:
 
Kenobi's method involves simulating the ARDS's automated (M) code finder. To start, search for the 32-bit value 0x0380FFF8, beginning at the ARM7 executable. After this is found, search for the following 0x0380FFF8. Following this, search backwards for the first bx r14 (0xE12FFF13). Subtract 4 from this address and then convert it to a RAM address. To convert it to a RAM address, take the address and subtract the 32-bit value that is located at 0x30 in the ROM; then add the 32-bit value that is located at 0x38 in the ROM. The (M) code is F2[ram address] 023FC000.  
 
Kenobi's method involves simulating the ARDS's automated (M) code finder. To start, search for the 32-bit value 0x0380FFF8, beginning at the ARM7 executable. After this is found, search for the following 0x0380FFF8. Following this, search backwards for the first bx r14 (0xE12FFF13). Subtract 4 from this address and then convert it to a RAM address. To convert it to a RAM address, take the address and subtract the 32-bit value that is located at 0x30 in the ROM; then add the 32-bit value that is located at 0x38 in the ROM. The (M) code is F2[ram address] 023FC000.  
  
    Codebreaker DS Code Types
+
==Hardware==
 +
<gallery>
 +
File:Codebreaker_(Nintendo_DS).png|Box
 +
File:CodeBreaker_DS.jpg|Cartridge
 +
</gallery>
  
    ---------------------------------------
+
==External Links==
    Auto Game Recognizer (Code Type 0x0000)
+
*[http://www.neoseeker.com/Games/Products/DS/digimon_world_ds/code_breaker.html Digimon World DS Codebreaker Codes]
    ---------------------------------------
 
    0000YYYY XXXXXXXX
 
    YYYY = Game's Header CRC16
 
    XXXXXXXX = ID of the Game's Nintendo
 
 
 
    -------------------------------------
 
    Bit Constant Write (Code Type 0x00)
 
    -------------------------------------
 
    0 XXXXXXX 000000 YY
 
    00 = Code Type Or Byte
 
    Address = XXXXXXX
 
    YY = 8-bit Value
 
 
 
    --------------------------------------
 
    Bit Constant Write (Code Type 0x10)
 
    --------------------------------------
 
    XXXXXXX 1 0000 YYYY
 
    10 = Code Type Or Byte
 
    Address = XXXXXXX
 
    YYYY = 16-bit Value
 
 
 
    --------------------------------------
 
    Bit Constant Write (Code Type 0x20)
 
    --------------------------------------
 
    2 XXXXXXX YYYYYYYY
 
    20 = Code Type Or Byte
 
    Address = XXXXXXX
 
    YYYYYYYY = 32-bit Value
 
 
 
    ---------------------------------------------
 
    8 / Increment/Decrement Bit (Code Type 0x30)
 
    ---------------------------------------------
 
    3 000UYYYY XXXXXXX
 
    30 = Code Type Or Byte
 
    Address = XXXXXXX
 
    U = Bit-type Write, 0 for 8 and 1 for 16-bit
 
    YYYY = 8/16-bit Value to increment by
 
    NOTE: YYYY is signed so it can do the increment and decrement
 
 
 
    -------------------------------------------
 
    Bit Increment/Decrement (Code Type 0x38)
 
    -------------------------------------------
 
    3 XXXXXXX YYYYYYYY
 
    38 = Code Type Or Byte
 
    Address = XXXXXXX
 
    YYYYYYYY = 8/16-bit Value to increment by
 
    NOTE: YYYYYYYY is signed so it can do the increment and decrement
 
 
 
    ---------------------------------------------
 
    Serial Repeat Constant Write (Code Type 0x40)
 
    ---------------------------------------------
 
    4 XXXXXXX TWWWZZZZ
 
    YYYYYYYY VVVVVVVV
 
    40 = Code Type Or Byte
 
    Address = XXXXXXX
 
    T = Bit-type Write, 0 for 32-bit, 16-bit for 1 & 2 for 8
 
    WWW = Number of times to repeat
 
    ZZZZ = Increase Address by (Multiply by data size (1 << (2-T)))
 
    YYYYYYYY = Start Value
 
    VVVVVVVV = Increase Value by
 
    Example: This code:
 
    42010000 00050001 <--0001 * 4 = 0004 to Increase Address by
 
    63636363 00000000
 
    Is the same as:
 
    22010000 63636363
 
    22010004 63636363
 
    22010008 63636363
 
    2201000C 63636363
 
    22010010 63636363
 
 
 
    ---------------------------
 
    Copy Bytes (Code Type 0x50)
 
    ---------------------------
 
    5 XXXXXXX YYYYYYYY
 
    ZZZZZZZZ 00000000
 
    50 = Code Type Or Byte
 
    XXXXXXX = Address to copy to
 
    YYYYYYYY = Number of bytes to copy
 
    ZZZZZZZZ = Address to copy from
 
 
 
    -----------------------------
 
    Pointer Code (Code Type 0x60)
 
    -----------------------------
 
    6 XXXXXXX YYYYYYYY
 
    BCTUVVVV ZZZZZZZZ
 
    60 = Code Type Or Byte
 
    XXXXXXX = Pointer Address
 
    YYYYYYYY = 8 / 16 Bit Value
 
    ZZZZZZZZ = Offset to add to the Pointer Address
 
    B = Bit-type Write, 0 for 8-bit, 16-bit for 1 & 2 for 32
 
    C = Condition Enabled, 0 for disabled, 1 for enabled
 
    T = the Condition type to check against
 
    0 = If equal to VVVV
 
    1 = If not equal to VVVV
 
    2 = If lesser than VVVV
 
    3 = If greater than VVVV
 
    4 = If AND VVVV equal to 0000
 
    5 = If AND VVVV not equal to 0000
 
    6 = If AND VVVV equal to VVVV
 
    7 = If AND VVVV not equal to VVVV
 
    U = Bit-type Load, 0 for 8 and 1 for 16-bit
 
    VVVV = Conditional Value to check against
 
  
    -----------------------------------------------
+
{{Codebreaker}}
    8 / Bit Special Bitwise Write (Code Type 0x70)
+
[[Category:Codebreaker]]
    -----------------------------------------------
 
    7 00TBYYYY XXXXXXX
 
    70 = Code Type Or Byte
 
    Address = XXXXXXX
 
    T = Operation type, 0 for OR, for 1 AND 2 for XOR
 
    B = Bit-type Write, 0 for 8 and 1 for 16-bit
 
    YYYY = 8/16-Bit Value
 
 
 
    ----------------------------------------------
 
    Bit Write On Bootup-Hook 1 (Code Type 0xA0)
 
    ----------------------------------------------
 
    AXXXXXXX YYYYYYYY
 
    A0 = Code Type Or Byte
 
    Address = XXXXXXX
 
    YYYYYYYY = Value
 
 
 
    ----------------------------------------------
 
    Bit Write On Bootup-Hook 2 (Code Type 0xA8)
 
    ----------------------------------------------
 
    AXXXXXXX YYYYYYYY
 
    A8 = Code Type Or Byte
 
    Address = XXXXXXX
 
    YYYYYYYY = Value
 
 
 
    -----------------------------------------
 
    Bit Conditional Check (Code Type 0xD0)
 
    -----------------------------------------
 
    DXXXXXXX ZZTUYYYY
 
    D0 = Code Type Or Byte
 
    Address = XXXXXXX
 
    ZZ = Lines to skip, 00 means 01 by default
 
    T = the Condition type to check against
 
    0 = If equal to YYYY
 
    1 = If not equal to YYYY
 
    2 = If lesser than YYYY
 
    3 = If greater than YYYY
 
    4 = If AND YYYY equal to 0000
 
    5 = If AND YYYY not equal to 0000
 
    6 = If AND YYYY equal to YYYY
 
    7 = If AND YYYY not equal to YYYY
 
    U = Bit-type Load, 0, 1 for 8-bit and 16-bit for
 
    YYYY = Conditional Value to check against
 
 
 
    -----------------------------------
 
    Enable Code-Hook 1 (Code Type 0xF0)
 
    -----------------------------------
 
    FXXXXXXX TYYYYYYY
 
    F0 = Code Type Or Byte
 
    XXXXXXX = Hook Address
 
    T = Type of Hook to use
 
    0 = Hook almost any 2 opcodes, LDR PC =
 
    1 = Hook almost any BL opcode, BL function
 
    2 = Hook almost any.long address, DC. D ADDR; BX
 
    3 = Hook almost any BX Register opcode, BX Ry
 
    YYYYYYY = Cheat Engine Address
 
 
 
    -----------------------------------
 
    Enable Code-Hook 2 (Code Type 0xF8)
 
    -----------------------------------
 
    FXXXXXXX TPPPPPPP
 
    F8 = Code Type Or Byte
 
    XXXXXXX = Cheat Engine Hook Address
 
    T = Type of Hook to use
 
    0 = Hook almost any 2 opcodes, LDR PC =
 
    1 = Hook almost any BL opcode, BL function
 
    2 = Hook almost any.long address, DC. D ADDR; BX
 
    3 = Hook almost any BX Register opcode, BX Ry
 
    PPPPPPP = Parameters that will be used later
 
 
 
    Reprinted from GSCENTRAL
 
 
 
==External Links==
 
*[http://www.neoseeker.com/Games/Products/DS/digimon_world_ds/code_breaker.html Digimon World DS Code Breaker Codes]
 

Latest revision as of 09:53, 6 October 2015

Codebreaker cartridge

Code Breaker is a Game Enhancer developed by Pelican Accessories for Nintendo DS. The original model of the Codebreaker was identical to the GameShark in that it would use codes to hack the game. It was well known for having a more user friendly interface and design than the GameShark.

Using CBDSCrypt

CBDSCrypt is a utility developed by kenobi. It is capable of both encrypting and decrypting codes for the Codebreaker DS, as well as creating master codes. A rom of the game the codes are for is required in order to use this application. To use the program, simply run it, and then drag and drop the rom image on top of the program. Paste the codes that are to be encrypted or decrypted into the left textarea, and press the appropriate button "encrypt" or "decrypt" and the resulting codes will appear in the right text area.

Master codes can be generated by pressing the (M) button. This program uses two methods to generate potential master codes, Parasyte's method and kenobi's method. Parasyte's method entails finding the location of the following instructions in both of the ARM executables:

Inst Operands Comments
ldr r1, =intr_table @ 0xE59F1008
ldr r0, [r1,r0,LSL#2] @ 0xE7910100
ldr lr, =ret_loc @ 0xE59FE004
bx r0 @ 0xE12FFF10

They might not be found in the ARM9 executable because of decompression, but it will always be in plain sight in the ARM7. All that is necessary is to hook that =retloc, which is always 2 words after that bx r0. It is done the same way as hooking any other pointer. This is also how Kwurdi's automatic hook search has functioned for the last two and half years, and it hasn't failed yet.

Kenobi's method involves simulating the ARDS's automated (M) code finder. To start, search for the 32-bit value 0x0380FFF8, beginning at the ARM7 executable. After this is found, search for the following 0x0380FFF8. Following this, search backwards for the first bx r14 (0xE12FFF13). Subtract 4 from this address and then convert it to a RAM address. To convert it to a RAM address, take the address and subtract the 32-bit value that is located at 0x30 in the ROM; then add the 32-bit value that is located at 0x38 in the ROM. The (M) code is F2[ram address] 023FC000.

Hardware

External Links

Codebreaker
Consoles
PlayStation - Dreamcast - PlayStation 2
Portables
Game Boy - Game Boy Advance - Nintendo DS