Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
PoroCYon
Pokéwalker ROM dumper
Commits
e2cb1803
Commit
e2cb1803
authored
Nov 24, 2020
by
PoroCYon
Browse files
add README etc
parent
71cb3d6c
Changes
8
Expand all
Show whitespace changes
Inline
Side-by-side
COPYING
0 → 100644
View file @
e2cb1803
This diff is collapsed.
Click to expand it.
README.md
0 → 100644
View file @
e2cb1803
# Pokewalker ROM dumper
Dump both Pokéwalker ROMs using your DS and HGSS/BW/B2W2 cartridge.
## Usage
Launch the NDS homebrew file using your favourite exploit/homebrew menu.
Preferably, only launch it
*after*
inserting the IR-capable cart. If you insert
a non-IR-capable cart (eg. a flashcart) and launch it, it'll freeze.
Press
`A`
to do a test communication thing (it shows the trainer name stored on
the Walker),
`X`
to dump the EEPROM, and
`Y`
to dump the internal flash ROM.
## Compatiblity
Tested with HGSS, BW and B2W2, seems to work with all of these. Unknown whether
it works with other cartridges with an IR transceiver.
Only tested on a DSi running in DSi mode. Unknown whether it works on a normal
DS (or on a DSi in DS mode), it should, but cartridge initialization differs
a bit so who knows. Will probably work on a 3DS/2DS in DSi backwards-compat
mode as well, but no guarantees.
## Compilation
Compile with devkitARM. needs libnds, libfat and libfilesystem.
## How does it work
For information on how to do IR communications from the NDS side, see
[
this
melonDS BBS post
](
http://melonds.kuribo64.net/board/thread.php?pid=2762#2762
)
(own work):
> IR cartridges seem to work as follows, but I'd like to have someone else to
> verify this (seems to work with HGSS, BW and B2W2 carts, idk about others):
>
> Everything automatically happens at 115200 baud, 8n1.
>
> There seem to be three main SPI commands that are sent to what normally would
> be the savegame SPI bus, there's a fourth command to perform actual savegame
> operations. All transfers happen at 1 MHz (serial AUXSPI mode) unless
> indicated otherwise.
>
> The cartridge needs to be powered on, but nothing more besides this. No
> header reading or KEY1/KEY2 init, and so on. (I rebooted the cart with
> SCFG_MC and started doing SPI commands immediately afterwards, seems to work
> fine).
>
> The commands:
>
> * 0x00: savegame escape byte: as long as chip select is held, the bytes that
> follow will be treated like a regular savegame transfer. These can
> also happen at any clock speed, but the 0x00 byte itself needs to be
> transferred at 1 MHz. (This bit was already known.)
> * 0x01: receive data from IR: one command byte (0x01) is written, after which
> data bytes are read by the DS. The first byte read indicates the
> amount of bytes that will follow. It doesn't seem to be able to
> receive more than 255 bytes afaics. Bytes written to perform the
> reads are unused as far as I know, but usually set to 0 (HGSS does
> this, at least).
> When there are zero bytes to read, you still have to deselect the SPI
> chip, or the next transfer will fail. Disable the 'chip select hold'
> bit in AUXSPICNT and send a zero byte.
> * 0x02: send data over IR: this one has no length prefix, chip select is used
> to determine when the transfer ends, as usual.
> * 0x08: not too sure about this, but probably a status thing. A command byte
> (0x08) is sent, and a status byte(?) is received from the cart. HGSS
> seems to always send two of these one after another, carts seem to
> return 0x00 on the first one and 0xaa for the second, unless other IR
> devices are sending actively, then both bytes are 0xaa.
>
> HGSS, while trying to connect to a Pokéwalker, seems to first do a cmd 0x01,
> which returns 0 bytes, then 0x08 twice, after which it repeatedly issues
> other 0x01 commands until the return data of one of these indicates a
> Pokéwalker presence (the Pokéwalker sends out a fixed byte value as 'beacon'
> thing, the game will receive a 1-byte packet containing that beacon). 0x08 is
> never used again after being used twice in the beginning as far as I can see
> (but I might be wrong).
>
> Allegedly, the chip in carts responsible for IR is a H8/38606R (connected to
> the SPI bus on one side, and to some IR leds or so on the other), just like
> the one in the Pokéwalker. Getting its ROM dumped sounds like a fun
> challenge.
Everything else (exploit payload etc.) came from
[
Dmitry's absolutely great
writeup
](
http://dmitry.gr/?r=05.Projects&proj=28.%20pokewalker#_TOC_af123b35f7bb7a64f7b746e581c6d8af
)
.
AUXSPI, IR and Pokéwalker functionality is all wrapped into neat(
`DISPUTED`
)
packages you can use.
## License
GPLv3, because parts of the
`auxspi.c`
code come from a GPLv2 repo, and
Dmitry's code is GPLv3.
arm9/include/ir.h
View file @
e2cb1803
/*
* Copyright (c) 2020 PoroCYon <porocyon@titandemo.org>
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#ifndef IR_H_
#define IR_H_
...
...
arm9/include/pw.h
View file @
e2cb1803
/*
* Copyright (c) 2020 PoroCYon <porocyon@titandemo.org>
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#ifndef PW_H_
#define PW_H_
...
...
arm9/source/auxspi.c
View file @
e2cb1803
...
...
@@ -7,6 +7,8 @@
* (high level functions)
*
* Copyright (C) Pokedoc (2010)
*
* With back-to-C porting and slight modifications by PoroCYon (2020)
*/
/*
* This program is free software; you can redistribute it and/or modify
...
...
arm9/source/ir.c
View file @
e2cb1803
/*
* Copyright (c) 2020 PoroCYon <porocyon@titandemo.org>
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#include
<stddef.h>
#include
<stdint.h>
#include
<stdbool.h>
...
...
arm9/source/main.c
View file @
e2cb1803
/*
* Copyright (c) 2020 PoroCYon <porocyon@titandemo.org>
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#include
<stdio.h>
#include
<stdint.h>
#include
<stdbool.h>
...
...
arm9/source/pw.c
View file @
e2cb1803
/*
* Copyright (c) 2020 PoroCYon <porocyon@titandemo.org>
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#include
<nds.h>
#include
<stdio.h>
#include
<stdint.h>
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
