DSHack.org Archive
This is a read-only archive from DSHack.org, as seen in 2008-2015.
Click here to join our newer Forum.
Page: 1
Haruhi Ermiiworth
Posted 2015年05月28日 - 0:06 JST #21069


9234 Posts

As you may know, MKDS Demo hasn't got an explicit file system so that you can edit the files easily, but files are inside the ARM9.

Thanks to Gericom I've figured out how to inject some carcs, even though I still cannot replace files with filesize bigger than the ones already in the ARM9 (infact this implies editing the overlays).

I've also found there are 2 SDATs inside the ARM9, the first one is for unknown purposes, while the second one is the actual one. I've extracted it and edited it by paying attention to the filesize wouldn't go over the limit.


Here is a POC video:


Posted 2015年05月28日 - 2:44 JST #21075

37 Posts

Have you found any unused things, a build date or any other version info/evidence?

Posted 2015年05月30日 - 19:51 JST #21096

Feature-Length Nut Expansion Pak

1377 Posts

I have looked at the demo, and I can say that it (probably) shouldn't be too difficult to make larger files possible. Starting at offset 0x50C5C in the arm9 file (=0x0250C5C in memory), there are functions that return addresses to carc files.


ldr r0,= 0x021BFBC0
bx lr

This translates to this in c:

void* sub_250C5C()
    return &CROSS_COURSE_CARC[0];

(yes, this one returns the course carc address)

So there are 2 instructions (8 bytes) and then a 4 byte address to the carc, which is 0x02000000 + arm9 address.


I have not found the file sizes yet, but since it seems that all carces are after eachother, the size might be calcuated by subtracting the start offset from the current carc from the start offset of the next carc.

Page: 1