8 files changed, 550 insertions, 606 deletions
diff --git a/Makefile.gc b/Makefile.gc
deleted file mode 100644
index eaaf3b9..0000000
--- a/Makefile.gc
+++ /dev/null

@@ -1,131 +0,0 @@
-#---------------------------------------------------------------------------------
-# Clear the implicit built in rules
-#---------------------------------------------------------------------------------
-.SUFFIXES:
-#---------------------------------------------------------------------------------
-ifeq ($(strip $(DEVKITPPC)),)
-$(error "Please set DEVKITPPC in your environment. export DEVKITPPC=<path to>devkitPPC")
-endif
-include $(DEVKITPPC)/gamecube_rules
-#---------------------------------------------------------------------------------
-# TARGET is the name of the output
-# BUILD is the directory where object files & intermediate files will be placed
-# SOURCES is a list of directories containing source code
-# INCLUDES is a list of directories containing extra header files
-#---------------------------------------------------------------------------------
-TARGET          :=      gen3uploader_gc
-BUILD           :=      build
-SOURCES         :=      source
-DATA            :=      data
-INCLUDES        :=      source
-#---------------------------------------------------------------------------------
-# options for code generation
-#---------------------------------------------------------------------------------
-CFLAGS  = -g -O3 -Wall $(MACHDEP) $(INCLUDE)
-CXXFLAGS        =       $(CFLAGS)
-LDFLAGS = -g $(MACHDEP) -Wl,-Map,$(notdir $@).map
-#---------------------------------------------------------------------------------
-# any extra libraries we wish to link with the project
-#---------------------------------------------------------------------------------
-LIBS    := -logc
-#---------------------------------------------------------------------------------
-# list of directories containing libraries, this must be the top level containing
-# include and lib
-#---------------------------------------------------------------------------------
-LIBDIRS := $(DEVKITPPC)/lib $(CURDIR)
-#---------------------------------------------------------------------------------
-# no real need to edit anything past this point unless you need to add additional
-# rules for different file extensions
-#---------------------------------------------------------------------------------
-ifneq ($(BUILD),$(notdir $(CURDIR)))
-#---------------------------------------------------------------------------------
-export OUTPUT   :=      $(CURDIR)/$(TARGET)
-export VPATH    :=      $(foreach dir,$(SOURCES),$(CURDIR)/$(dir)) \
-                                        $(foreach dir,$(DATA),$(CURDIR)/$(dir))
-export DEPSDIR  :=      $(CURDIR)/$(BUILD)
-#---------------------------------------------------------------------------------
-# automatically build a list of object files for our project
-#---------------------------------------------------------------------------------
-CFILES          :=      $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.c)))
-CPPFILES        :=      $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.cpp)))
-sFILES          :=      $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.s)))
-SFILES          :=      $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.S)))
-BINFILES        :=      $(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.*)))
-#---------------------------------------------------------------------------------
-# use CXX for linking C++ projects, CC for standard C
-#---------------------------------------------------------------------------------
-ifeq ($(strip $(CPPFILES)),)
-        export LD       :=      $(CC)
-else
-        export LD       :=      $(CXX)
-endif
-export OFILES   :=      $(addsuffix .o,$(BINFILES)) \
-                                        $(CPPFILES:.cpp=.o) $(CFILES:.c=.o) \
-                                        $(sFILES:.s=.o) $(SFILES:.S=.o)
-#---------------------------------------------------------------------------------
-# build a list of include paths
-#---------------------------------------------------------------------------------
-export INCLUDE  :=      $(foreach dir,$(INCLUDES),-I$(CURDIR)/$(dir)) \
-                                        $(foreach dir,$(LIBDIRS),-I$(dir)/include) \
-                                        -I$(CURDIR)/$(BUILD) \
-                                        -I$(LIBOGC_INC)
-#---------------------------------------------------------------------------------
-# build a list of library paths
-#---------------------------------------------------------------------------------
-export LIBPATHS :=      $(foreach dir,$(LIBDIRS),-L$(dir)/lib) \
-                                        -L$(LIBOGC_LIB)
-export OUTPUT   :=      $(CURDIR)/$(TARGET)
-.PHONY: $(BUILD) clean
-#---------------------------------------------------------------------------------
-$(BUILD):
-        @[ -d $@ ] || mkdir -p $@
-        @make --no-print-directory -C $(BUILD) -f $(CURDIR)/Makefile.gc
-#---------------------------------------------------------------------------------
-clean:
-        @echo clean ...
-        @rm -fr $(BUILD) $(OUTPUT).elf $(OUTPUT).dol
-#---------------------------------------------------------------------------------
-else
-DEPENDS :=      $(OFILES:.o=.d)
-#---------------------------------------------------------------------------------
-# main targets
-#---------------------------------------------------------------------------------
-$(OUTPUT).dol: $(OUTPUT).elf
-$(OUTPUT).elf: $(OFILES)
-#---------------------------------------------------------------------------------
-# This rule links in binary data with the .jpg extension
-#---------------------------------------------------------------------------------
-%.gba.o :       %.gba
-#---------------------------------------------------------------------------------
-        @echo $(notdir $<)
-        $(bin2o)
-include $(DEPENDS)
-#---------------------------------------------------------------------------------
-endif
-#---------------------------------------------------------------------------------
diff --git a/build.bat b/build.bat
index 17c2889..e2ad539 100644
--- a/build.bat
+++ b/build.bat

@@ -5,8 +5,6 @@ make
 cd ..
 @md data
 mv -f gba/gba_pkjb.gba data/gba_mb.gba
-make -f Makefile.gc clean
-make -f Makefile.gc
 make -f Makefile.wii clean
 make -f Makefile.wii
 pause
diff --git a/build.sh b/build.sh
index b521d27..cae6808 100755
--- a/build.sh
+++ b/build.sh

@@ -5,7 +5,5 @@ make
 cd ..
 mkdir data
 mv -f gba/gba_pkjb.gba data/gba_mb.gba
-make -f Makefile.gc clean
-make -f Makefile.gc
 make -f Makefile.wii clean
 make -f Makefile.wii
diff --git a/source/link.c b/source/link.c
index 4178293..1091576 100644
--- a/source/link.c
+++ b/source/link.c

@@ -5,18 +5,159 @@
 * of the MIT license.  See the LICENSE file for details.
 */
 #include "link.h"
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+#include <malloc.h>
-u32 waitForButtons(u32 mask)
+//from my tests 50us seems to be the lowest
+//safe si transfer delay in between calls
+#define SI_TRANS_DELAY 50
+static u8* resbuf;
+static u8* cmdbuf;
+void initLink()
+{
+  cmdbuf = memalign(32,32);
+  resbuf = memalign(32,32);
+}
+static volatile u32 transval = 0;
+void transcb(s32 chan, u32 ret)
+{
+  transval = 1;
+}
+static volatile u32 resval = 0;
+void acb(s32 res, u32 val)
+{
+  resval = val;
+}
+void doreset()
+{
+  cmdbuf[0] = 0xFF; //reset
+  transval = 0;
+  SI_Transfer(1, cmdbuf, 1, resbuf, 3, transcb, SI_TRANS_DELAY);
+  while (transval == 0);
+}
+void getstatus()
 {
-  for (;;)
+  cmdbuf[0] = 0; //status
+  transval = 0;
+  SI_Transfer(1, cmdbuf, 1, resbuf, 3, transcb, SI_TRANS_DELAY);
+  while (transval == 0);
+}
+u32 recv()
+{
+  memset(resbuf,0,32);
+  cmdbuf[0]=0x14; //read
+  transval = 0;
+  SI_Transfer(1, cmdbuf, 1, resbuf, 5, transcb, SI_TRANS_DELAY);
+  while (transval == 0);
+  printf("%08lx\n", *(vu32*)resbuf);
+  return *(vu32*)resbuf;
+}
+void send(u32 msg)
+{
+  cmdbuf[0] = 0x15;
+  cmdbuf[1] = (msg >> 0) & 0xFF;
+  cmdbuf[2] = (msg >> 8) & 0xFF;
+  cmdbuf[3] = (msg >> 16) & 0xFF;
+  cmdbuf[4] = (msg >> 24) & 0xFF;
+  transval = 0;
+  resbuf[0] = 0;
+  SI_Transfer(1, cmdbuf, 5, resbuf, 1, transcb, SI_TRANS_DELAY);
+  while (transval == 0);
+}
+u32 getMsg()
+{
+  u32 val = 0;
+  while (val == 0)
  {
-    PAD_ScanPads();
+    val = __builtin_bswap32(recv());
-    VIDEO_WaitVSync();
+    sleep(1);
+  }
-    u32 btns = PAD_ButtonsDown(0);
+  send(0);
-    if (btns & mask)
+  while (recv()!=0) {sleep(1);}
+  send(0);
+  return val;
+}
+void getMsgArr(u32* arr, int len)
+{
+  for (int i=0; i<len; i++)
+  {
+    *(vu32*)(arr+i) = __builtin_bswap32(recv());
+    usleep(500000);
+  }
+}
+void sendMsg(u32 msg)
+{
+  while (recv()==0) {sleep(1);}
+  send(msg);
+  while (recv()!=0) {sleep(1);}
+  send(0);
+}
+void waitForGBA()
+{
+  resval = 0;
+  do
+  {
+    SI_GetTypeAsync(1, acb);
+    for (;;)
    {
-      return btns;
+      if (resval)
+      {
+        if (resval == 0x80 || resval & 8)
+        {
+          resval = 0;
+          SI_GetTypeAsync(1, acb);
+        } else if (resval)
+        {
+          break;
+        }
+      }
    }
-  }
+  } while (!(resval & SI_GBA));
+}
+void waitForBIOS()
+{
+  resbuf[2]=0;
+  do
+  {
+    doreset();
+  } while (!(resbuf[1] > 4));
+}
+void waitForGame()
+{
+  do
+  {
+    doreset();
+  } while ((resbuf[0] != 0) || !(resbuf[2] & 0x10));
+}
+void waitForAck()
+{
+  while (recv() != 0) {sleep(1);};
+  send(0);
 }
diff --git a/source/link.h b/source/link.h
index 24a60b5..15eff62 100644
--- a/source/link.h
+++ b/source/link.h

@@ -9,6 +9,18 @@
 #include <gccore.h>
-u32 waitForButtons(u32 mask);
+void initLink();
+u32 recv();
+void send(u32 msg);
+u32 getMsg();
+void getMsgArr(u32* arr, int len);
+void sendMsg(u32 msg);
+void waitForGBA();
+void waitForBIOS();
+void waitForGame();
+void waitForAck();
 #endif
diff --git a/source/main.c b/source/main.c
index dd252b5..a3b7525 100644
--- a/source/main.c
+++ b/source/main.c

@@ -10,17 +10,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
-#include <string.h>
-#include <malloc.h>
 #include "link.h"
 #include "encoding.h"
+#include "multiboot.h"
-//from my tests 50us seems to be the lowest
-//safe si transfer delay in between calls
-#define SI_TRANS_DELAY 50
-extern u8 gba_mb_gba[];
-extern u32 gba_mb_gba_size;
 void printmain()
 {
@@ -31,91 +23,27 @@ void printmain()
  printf("Based on GBA Link Cable Dumper v1.6 by FIX94\n");
 }
-u8 *resbuf,*cmdbuf;
-volatile u32 transval = 0;
-void transcb(s32 chan, u32 ret)
-{
-  transval = 1;
-}
-volatile u32 resval = 0;
-void acb(s32 res, u32 val)
-{
-  resval = val;
-}
-unsigned int docrc(u32 crc,u32 val)
-{
-  u32 result;
-  result = val ^ crc;
-  for (int i = 0; i < 0x20; i++)
-  {
-    if (result & 1)
-    {
-      result >>= 1;
-      result ^= 0xA1C1;
-    } else {
-      result >>= 1;
-    }
-  }
-  return result;
-}
-void doreset()
-{
-  cmdbuf[0] = 0xFF; //reset
-  transval = 0;
-  SI_Transfer(1, cmdbuf, 1, resbuf, 3, transcb, SI_TRANS_DELAY);
-  while (transval == 0);
-}
-void getstatus()
-{
-  cmdbuf[0] = 0; //status
-  transval = 0;
-  SI_Transfer(1, cmdbuf, 1, resbuf, 3, transcb, SI_TRANS_DELAY);
-  while (transval == 0);
-}
 void endproc()
 {
-  doreset();
  printf("Start pressed, exit\n");
  VIDEO_WaitVSync();
  VIDEO_WaitVSync();
  exit(0);
 }
-u32 recv()
+u32 waitForButtons(u32 mask)
-{
-  memset(resbuf,0,32);
-  cmdbuf[0]=0x14; //read
-  transval = 0;
-  SI_Transfer(1, cmdbuf, 1, resbuf, 5, transcb, SI_TRANS_DELAY);
-  while (transval == 0);
-  printf("%08lx\n", *(vu32*)resbuf);
-  return *(vu32*)resbuf;
-}
-void send(u32 msg)
 {
-  cmdbuf[0] = 0x15;
+  for (;;)
-  cmdbuf[1] = (msg >> 0) & 0xFF;
+  {
-  cmdbuf[2] = (msg >> 8) & 0xFF;
+    PAD_ScanPads();
-  cmdbuf[3] = (msg >> 16) & 0xFF;
+    VIDEO_WaitVSync();
-  cmdbuf[4] = (msg >> 24) & 0xFF;
-  transval = 0;
-  resbuf[0] = 0;
-  SI_Transfer(1, cmdbuf, 5, resbuf, 1, transcb, SI_TRANS_DELAY);
-  while (transval == 0);
+    u32 btns = PAD_ButtonsDown(0);
+    if (btns & mask)
+    {
+      return btns;
+    }
+  }
 }
 void warnError(char *msg)
@@ -135,132 +63,148 @@ void fatalError(char *msg)
  exit(0);
 }
-u32 genKeyA()
+void* extractor(void* userdata)
 {
-  u32 retries = 0;
  for (;;)
  {
-    u32 key = 0;
+    printmain();
-    if (retries > 32)
+    printf("Press A when GBA is plugged in and turned off.\n");
-    {
+    waitForButtons(PAD_BUTTON_A);
-      key = 0xDD654321;
-    } else {
+    printf("Turn on your GBA.\n");
-      key = (rand() & 0x00ffffff) | 0xDD000000;
+    printf("Waiting for a GBA in port 2...\n");
-    }
+    waitForGBA();
-    u32 unk = (key % 2 != 0);
+    printf("GBA Found! Sending multiboot image...\n");
-    u32 v12 = key;
+    if (!sendMultibootImage())
-    for (u32 v13 = 1; v13 < 32; v13++)
    {
-      v12 >>= 1;
+      warnError("Failed sending multiboot image.\n");
-      unk += (v12 % 2 != 0);
+      continue;
    }
-    if ((unk >= 10 && unk <= 24))
+    printf("Waiting for GBA...\n");
+    waitForAck();
+    VIDEO_WaitVSync();
+    // Get game
+    // -1 - unsupported game
+    //  1 - Ruby
+    //  2 - Sapphire
+    //  3 - FireRed
+    //  4 - LeafGreen
+    //  5 - Emerald
+    u32 gameId = getMsg();
+    if (gameId == -1)
    {
-      if (retries > 4)
+      warnError("ERROR: Unsupported GBA game inserted!\n");
-      {
-        printf("KeyA retries = %ld", retries);
-      }
-      printf("KeyA = 0x%08lx\n", key);
+      continue;
+    }
-      return key;
+    printf("\nPokemon ");
+    switch (gameId)
+    {
+      case 1: printf("Ruby"); break;
+      case 2: printf("Sapphire"); break;
+      case 3: printf("FireRed"); break;
+      case 4: printf("LeafGreen"); break;
+      case 5: printf("Emerald"); break;
    }
-    retries++;
+    printf("\n");
-  }
+    VIDEO_WaitVSync();
-}
-u32 checkKeyB(u32 KeyBRaw)
+    u32 isValid = getMsg();
-{
+    if (isValid == -1)
-  if ((KeyBRaw & 0xFF) != 0xEE)
+    {
-  {
+      warnError("ERROR: Unsupported game version inserted!\n");
-    printf("Invalid KeyB - lowest 8 bits should be 0xEE, actually 0x%02x\n",
-        ((u8)(KeyBRaw)));
-    return 0;
+      continue;
-  }
+    }
-  u32 KeyB = KeyBRaw & 0xffffff00;
+    // Get trainer name
-  u32 val = KeyB;
+    u8 trainerName[8];
-  u32 unk = (val < 0);
-  for (u32 i = 1; i < 24; i++)
-  {
-    val <<= 1;
-    unk += (val < 0);
-  }
-  if (unk > 14)
+    u32 tnd = getMsg();
-  {
+    trainerName[0] = (tnd & 0xFF000000) >> 24;
-    printf("Invalid KeyB - high 24 bits bad: 0x%08lx\n", KeyB);
+    trainerName[1] = (tnd & 0x00FF0000) >> 16;
+    trainerName[2] = (tnd & 0x0000FF00) >> 8;
+    trainerName[3] = (tnd & 0x000000FF);
-    return 0;
+    tnd = getMsg();
-  }
+    trainerName[4] = (tnd & 0xFF000000) >> 24;
+    trainerName[5] = (tnd & 0x00FF0000) >> 16;
+    trainerName[6] = (tnd & 0x0000FF00) >> 8;
+    trainerName[7] = (tnd & 0x000000FF);
-  printf("Valid KeyB: 0x%08lx\n", KeyB);
+    // Get trainer ID
+    u32 trainerId = getMsg();
-  return KeyB;
+    printf("Trainer: ");
-}
-u32 deriveKeyC(u32 keyCderive, u32 kcrc)
+    for (int i = 0; i < 8; i++)
-{
+    {
-  u32 keyc = 0;
+      if (trainerName[i] == 0xFF)
-  u32 keyCi = 0;
+      {
+        break;
+      } else {
+        printf("%c", debugGen3Decode(trainerName[i]));
+      }
+    }
-  do
+    printf(" (%ld)\n", trainerId);
-  {
-    u32 v5 = 0x1000000 * keyCi - 1;
+    // Wait for confirmation.
-    u32 keyCattempt = docrc(kcrc,v5);
+    printf("Press A to import the data from this game.\n");
+    printf("Press B to cancel.\n");
+    VIDEO_WaitVSync();
-    if (keyCderive == keyCattempt)
+    if (waitForButtons(PAD_BUTTON_A | PAD_BUTTON_B) & PAD_BUTTON_B)
    {
-      keyc = v5;
+      printf("Cancelling...\n");
+      VIDEO_WaitVSync();
-      printf("Found keyC: %08lx\n",keyc);
+      sendMsg(0);
-      return keyc;
+      continue;
    }
-    keyCi++;
+    printf("Importing...\n");
-  } while (keyCi < 256);
+    VIDEO_WaitVSync();
-  return keyc;
+    sendMsg(1);
-}
-u32 getMsg()
+    // Get Pokédex data
-{
+    u32 pokedexSeen[13];
-  u32 val = 0;
+    u32 pokedexCaught[13];
-  while (val == 0)
-  {
-    val = __builtin_bswap32(recv());
-    sleep(1);
-  }
-  send(0);
+    getMsgArr(pokedexSeen, 13);
-  while (recv()!=0) {sleep(1);}
+    getMsgArr(pokedexCaught, 13);
-  send(0);
+    int numCaught = 0;
+    int numSeen = 0;
+    for (int i=0; i<(13*32); i++)
+    {
+      if (pokedexCaught[i >> 5] >> (i & 31) & 1)
+      {
+        //printf("Caught #%d\n", i);
+        numCaught++;
+        numSeen++;
+      } else if (pokedexSeen[i >> 5] >> (i & 31) & 1)
+      {
+        //printf("Saw #%d\n", i);
+        numSeen++;
+      }
+    }
-  return val;
+    printf("Caught: %d\nSeen: %d\n", numCaught, numSeen);
-}
-void getMsgArr(u32* arr, int len)
+    waitForButtons(PAD_BUTTON_START);
-{
-  for (int i=0; i<len; i++)
-  {
-    *(vu32*)(arr+i) = __builtin_bswap32(recv());
-    usleep(500000);
  }
-}
-void sendMsg(u32 msg)
+  return NULL;
-{
-  while (recv()==0) {sleep(1);}
-  send(msg);
-  while (recv()!=0) {sleep(1);}
-  send(0);
 }
 int main(int argc, char *argv[])
@@ -282,299 +226,27 @@ int main(int argc, char *argv[])
  CON_InitEx(rmode, x, y, w, h);
  VIDEO_ClearFrameBuffer(rmode, xfb, COLOR_BLACK);
  PAD_Init();
-  cmdbuf = memalign(32,32);
-  resbuf = memalign(32,32);
-  for (;;)
+  initLink();
-  {
-    printmain();
-    printf("Press A to begin, press Start to quit.\n");
+  lwp_t extractorHandle = (lwp_t)NULL;
-    if (waitForButtons(PAD_BUTTON_A | PAD_BUTTON_START) & PAD_BUTTON_START)
-    {
-      endproc();
-    }
-    printf("Waiting for a GBA in port 2...\n");
+  LWP_CreateThread(
-    resval = 0;
+    &extractorHandle,   // thread handle
+    extractor,          // code
+    NULL,               // userdata
+    NULL,               // stack base
+    16*1024,            // stack size
+    LWP_PRIO_HIGHEST);  // thread priority
-    SI_GetTypeAsync(1,acb);
+  for (;;)
-    while(1)
+  {
-    {
+    VIDEO_WaitVSync();
-      if (resval)
+    PAD_ScanPads();
-      {
-        if (resval == 0x80 || resval & 8)
-        {
-          resval = 0;
-          SI_GetTypeAsync(1,acb);
-        } else if (resval)
-        {
-          break;
-        }
-      }
-      PAD_ScanPads();
-      VIDEO_WaitVSync();
-      if (PAD_ButtonsHeld(0) & PAD_BUTTON_START)
-      {
-        getstatus();
-        endproc();
-      }
-    }
-    if (resval & SI_GBA)
+    if (PAD_ButtonsDown(0) & PAD_BUTTON_START)
    {
-      printf("GBA Found! Waiting on BIOS\n");
+      endproc();
-      resbuf[2]=0;
-      // wait for the BIOS to hand over to the game
-      do
-      {
-        doreset();
-      } while (!(resbuf[1] > 4));
-      printf("BIOS handed over to game, waiting on game\n");
-      do
-      {
-        doreset();
-      } while ((resbuf[0] != 0) || !(resbuf[2] & 0x10));
-      // receive the game-code from GBA side.
-      u32 gamecode = recv();
-      printf("Ready, sending multiboot ROM\n");
-      unsigned int sendsize = ((gba_mb_gba_size+7)&~7);
-      // generate KeyA
-      unsigned int ourkey = genKeyA();
-      //printf("Our Key: %08x\n", ourkey);
-      printf("Sending game code that we got: 0x%08lx\n",
-          __builtin_bswap32(gamecode));
-      // send the game code back, then KeyA.
-      send(__builtin_bswap32(gamecode));
-      send(ourkey);
-      // get KeyB from GBA, check it to make sure its valid, then xor with KeyA
-      // to derive the initial CRC value and the sessionkey.
-      u32 sessionkeyraw = 0;
-      do
-      {
-        sessionkeyraw = recv();
-      } while (sessionkeyraw == gamecode);
-      sessionkeyraw = checkKeyB(__builtin_bswap32(sessionkeyraw));
-      if (sessionkeyraw == 0)
-      {
-        warnError("Cannot continue.\n");
-        continue;
-      }
-      u32 sessionkey = sessionkeyraw ^ ourkey;
-      u32 kcrc = sessionkey;
-      printf("start kCRC=%08lx\n",kcrc);
-      sessionkey = (sessionkey*0x6177614b)+1;
-      // send hacked up send-size in uint32s
-      u32 hackedupsize = (sendsize >> 3) - 1;
-      printf("Sending hacked up size 0x%08lx\n",hackedupsize);
-      send(hackedupsize);
-      //unsigned int fcrc = 0x00bb;
-      // send over multiboot binary header, in the clear until the end of the
-      // nintendo logo. GBA checks this, if nintendo logo does not match the
-      // one in currently inserted cart's ROM, it will not accept any more data.
-      for (int i = 0; i < 0xA0; i+=4)
-      {
-        vu32 rom_dword = *(vu32*)(gba_mb_gba+i);
-        send(__builtin_bswap32(rom_dword));
-      }
-      printf("\n");
-      printf("Header done! Sending ROM...\n");
-      // Add each uint32 of the multiboot image to the checksum, encrypt the
-      // uint32 with the session key, increment the session key, send the
-      // encrypted uint32.
-      for (int i = 0xA0; i < sendsize; i+=4)
-      {
-        u32 dec = (
-            (((gba_mb_gba[i+3]) << 24) & 0xff000000) |
-            (((gba_mb_gba[i+2]) << 16) & 0x00ff0000) |
-            (((gba_mb_gba[i+1]) << 8)  & 0x0000ff00) |
-            (((gba_mb_gba[i])   << 0)  & 0x000000ff)
-            );
-        u32 enc = (dec - kcrc) ^ sessionkey;
-        kcrc = docrc(kcrc,dec);
-        sessionkey = (sessionkey * 0x6177614B) + 1;
-        //enc^=((~(i+(0x20<<20)))+1);
-        //enc^=0x6f646573;//0x20796220;
-        send(enc);
-      }
-      //fcrc |= (sendsize<<16);
-      printf("ROM done! CRC: %08lx\n", kcrc);
-      //get crc back (unused)
-      // Get KeyC derivation material from GBA (eventually)
-      u32 keyCderive = 0;
-      do
-      {
-        keyCderive = recv();
-      } while (keyCderive <= 0xfeffffff);
-      keyCderive = __builtin_bswap32(keyCderive);
-      keyCderive >>= 8;
-      printf("KeyC derivation material: %08lx\n",keyCderive);
-      // (try to) find the KeyC, using the checksum of the multiboot image, and
-      // the derivation material that GBA sent to us
-      u32 keyc = deriveKeyC(keyCderive,kcrc);
-      if (keyc == 0)
-      {
-        printf("Could not find keyC - kcrc=0x%08lx\n",kcrc);
-        warnError("Cannot continue.\n");
-        continue;
-      }
-      // derive the boot key from the found KeyC, and send to GBA. if this is
-      // not correct, GBA will not jump to the multiboot image it was sent.
-      u32 bootkey = docrc(0xBB,keyc) | 0xbb000000;
-      printf("BootKey = 0x%08lx\n",bootkey);
-      send(bootkey);
-      sleep(2);
-      printf("Waiting for GBA...\n");
-      while (recv() != 0) {sleep(1);};
-      send(0);
-      VIDEO_WaitVSync();
-      // Get game
-      // -1 - unsupported game
-      //  1 - Ruby
-      //  2 - Sapphire
-      //  3 - FireRed
-      //  4 - LeafGreen
-      //  5 - Emerald
-      u32 gameId = getMsg();
-      if (gameId == -1)
-      {
-        warnError("ERROR: Unsupported GBA game inserted!\n");
-        continue;
-      }
-      printf("\nPokemon ");
-      switch (gameId)
-      {
-        case 1: printf("Ruby"); break;
-        case 2: printf("Sapphire"); break;
-        case 3: printf("FireRed"); break;
-        case 4: printf("LeafGreen"); break;
-        case 5: printf("Emerald"); break;
-      }
-      printf("\n");
-      VIDEO_WaitVSync();
-      u32 isValid = getMsg();
-      if (isValid == -1)
-      {
-        warnError("ERROR: Unsupported game version inserted!\n");
-        continue;
-      }
-      // Get trainer name
-      u8 trainerName[8];
-      u32 tnd = getMsg();
-      trainerName[0] = (tnd & 0xFF000000) >> 24;
-      trainerName[1] = (tnd & 0x00FF0000) >> 16;
-      trainerName[2] = (tnd & 0x0000FF00) >> 8;
-      trainerName[3] = (tnd & 0x000000FF);
-      tnd = getMsg();
-      trainerName[4] = (tnd & 0xFF000000) >> 24;
-      trainerName[5] = (tnd & 0x00FF0000) >> 16;
-      trainerName[6] = (tnd & 0x0000FF00) >> 8;
-      trainerName[7] = (tnd & 0x000000FF);
-      // Get trainer ID
-      u32 trainerId = getMsg();
-      printf("Trainer: ");
-      for (int i = 0; i < 8; i++)
-      {
-        if (trainerName[i] == 0xFF)
-        {
-          break;
-        } else {
-          printf("%c", debugGen3Decode(trainerName[i]));
-        }
-      }
-      printf(" (%ld)\n", trainerId);
-      // Wait for confirmation.
-      printf("Press A to import the data from this game.\n");
-      printf("Press B to cancel.\n");
-      VIDEO_WaitVSync();
-      if (waitForButtons(PAD_BUTTON_A | PAD_BUTTON_B) & PAD_BUTTON_B)
-      {
-        printf("Cancelling...\n");
-        VIDEO_WaitVSync();
-        sendMsg(0);
-        continue;
-      }
-      printf("Importing...\n");
-      VIDEO_WaitVSync();
-      sendMsg(1);
-      // Get Pokédex data
-      u32 pokedexSeen[13];
-      u32 pokedexCaught[13];
-      getMsgArr(pokedexSeen, 13);
-      getMsgArr(pokedexCaught, 13);
-      int numCaught = 0;
-      int numSeen = 0;
-      for (int i=0; i<(13*32); i++)
-      {
-        if (pokedexCaught[i >> 5] >> (i & 31) & 1)
-        {
-          //printf("Caught #%d\n", i);
-          numCaught++;
-          numSeen++;
-        } else if (pokedexSeen[i >> 5] >> (i & 31) & 1)
-        {
-          //printf("Saw #%d\n", i);
-          numSeen++;
-        }
-      }
-      printf("Caught: %d\nSeen: %d\n", numCaught, numSeen);
-      waitForButtons(PAD_BUTTON_START);
    }
  }
diff --git a/source/multiboot.c b/source/multiboot.c
new file mode 100644
index 0000000..06cbd6f
--- /dev/null
+++ b/source/multiboot.c

@@ -0,0 +1,246 @@
+#include "multiboot.h"
+#include <gccore.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include "link.h"
+extern u8 gba_mb_gba[];
+extern u32 gba_mb_gba_size;
+unsigned int docrc(u32 crc,u32 val)
+{
+  u32 result;
+  result = val ^ crc;
+  for (int i = 0; i < 0x20; i++)
+  {
+    if (result & 1)
+    {
+      result >>= 1;
+      result ^= 0xA1C1;
+    } else {
+      result >>= 1;
+    }
+  }
+  return result;
+}
+u32 genKeyA()
+{
+  u32 retries = 0;
+  for (;;)
+  {
+    u32 key = 0;
+    if (retries > 32)
+    {
+      key = 0xDD654321;
+    } else {
+      key = (rand() & 0x00ffffff) | 0xDD000000;
+    }
+    u32 unk = (key % 2 != 0);
+    u32 v12 = key;
+    for (u32 v13 = 1; v13 < 32; v13++)
+    {
+      v12 >>= 1;
+      unk += (v12 % 2 != 0);
+    }
+    if ((unk >= 10 && unk <= 24))
+    {
+      if (retries > 4)
+      {
+        printf("KeyA retries = %ld", retries);
+      }
+      printf("KeyA = 0x%08lx\n", key);
+      return key;
+    }
+    retries++;
+  }
+}
+u32 checkKeyB(u32 KeyBRaw)
+{
+  if ((KeyBRaw & 0xFF) != 0xEE)
+  {
+    printf("Invalid KeyB - lowest 8 bits should be 0xEE, actually 0x%02x\n",
+        ((u8)(KeyBRaw)));
+    return 0;
+  }
+  u32 KeyB = KeyBRaw & 0xffffff00;
+  u32 val = KeyB;
+  u32 unk = (val < 0);
+  for (u32 i = 1; i < 24; i++)
+  {
+    val <<= 1;
+    unk += (val < 0);
+  }
+  if (unk > 14)
+  {
+    printf("Invalid KeyB - high 24 bits bad: 0x%08lx\n", KeyB);
+    return 0;
+  }
+  printf("Valid KeyB: 0x%08lx\n", KeyB);
+  return KeyB;
+}
+u32 deriveKeyC(u32 keyCderive, u32 kcrc)
+{
+  u32 keyc = 0;
+  u32 keyCi = 0;
+  do
+  {
+    u32 v5 = 0x1000000 * keyCi - 1;
+    u32 keyCattempt = docrc(kcrc,v5);
+    if (keyCderive == keyCattempt)
+    {
+      keyc = v5;
+      printf("Found keyC: %08lx\n",keyc);
+      return keyc;
+    }
+    keyCi++;
+  } while (keyCi < 256);
+  return keyc;
+}
+bool sendMultibootImage()
+{
+  printf("Waiting on BIOS\n");
+  waitForBIOS();
+  printf("BIOS handed over to game, waiting on game\n");
+  waitForGame();
+  // receive the game-code from GBA side.
+  u32 gamecode = recv();
+  printf("Ready, sending multiboot ROM\n");
+  unsigned int sendsize = ((gba_mb_gba_size+7)&~7);
+  // generate KeyA
+  unsigned int ourkey = genKeyA();
+  //printf("Our Key: %08x\n", ourkey);
+  printf("Sending game code that we got: 0x%08lx\n",
+      __builtin_bswap32(gamecode));
+  // send the game code back, then KeyA.
+  send(__builtin_bswap32(gamecode));
+  send(ourkey);
+  // get KeyB from GBA, check it to make sure its valid, then xor with KeyA
+  // to derive the initial CRC value and the sessionkey.
+  u32 sessionkeyraw = 0;
+  do
+  {
+    sessionkeyraw = recv();
+  } while (sessionkeyraw == gamecode);
+  sessionkeyraw = checkKeyB(__builtin_bswap32(sessionkeyraw));
+  if (sessionkeyraw == 0)
+  {
+    return false;
+  }
+  u32 sessionkey = sessionkeyraw ^ ourkey;
+  u32 kcrc = sessionkey;
+  printf("start kCRC=%08lx\n",kcrc);
+  sessionkey = (sessionkey*0x6177614b)+1;
+  // send hacked up send-size in uint32s
+  u32 hackedupsize = (sendsize >> 3) - 1;
+  printf("Sending hacked up size 0x%08lx\n",hackedupsize);
+  send(hackedupsize);
+  //unsigned int fcrc = 0x00bb;
+  // send over multiboot binary header, in the clear until the end of the
+  // nintendo logo. GBA checks this, if nintendo logo does not match the
+  // one in currently inserted cart's ROM, it will not accept any more data.
+  for (int i = 0; i < 0xA0; i+=4)
+  {
+    vu32 rom_dword = *(vu32*)(gba_mb_gba+i);
+    send(__builtin_bswap32(rom_dword));
+  }
+  printf("\n");
+  printf("Header done! Sending ROM...\n");
+  // Add each uint32 of the multiboot image to the checksum, encrypt the
+  // uint32 with the session key, increment the session key, send the
+  // encrypted uint32.
+  for (int i = 0xA0; i < sendsize; i+=4)
+  {
+    u32 dec = (
+        (((gba_mb_gba[i+3]) << 24) & 0xff000000) |
+        (((gba_mb_gba[i+2]) << 16) & 0x00ff0000) |
+        (((gba_mb_gba[i+1]) << 8)  & 0x0000ff00) |
+        (((gba_mb_gba[i])   << 0)  & 0x000000ff)
+        );
+    u32 enc = (dec - kcrc) ^ sessionkey;
+    kcrc = docrc(kcrc,dec);
+    sessionkey = (sessionkey * 0x6177614B) + 1;
+    //enc^=((~(i+(0x20<<20)))+1);
+    //enc^=0x6f646573;//0x20796220;
+    send(enc);
+  }
+  //fcrc |= (sendsize<<16);
+  printf("ROM done! CRC: %08lx\n", kcrc);
+  //get crc back (unused)
+  // Get KeyC derivation material from GBA (eventually)
+  u32 keyCderive = 0;
+  do
+  {
+    keyCderive = recv();
+  } while (keyCderive <= 0xfeffffff);
+  keyCderive = __builtin_bswap32(keyCderive);
+  keyCderive >>= 8;
+  printf("KeyC derivation material: %08lx\n",keyCderive);
+  // (try to) find the KeyC, using the checksum of the multiboot image, and
+  // the derivation material that GBA sent to us
+  u32 keyc = deriveKeyC(keyCderive,kcrc);
+  if (keyc == 0)
+  {
+    printf("Could not find keyC - kcrc=0x%08lx\n",kcrc);
+    return false;
+  }
+  // derive the boot key from the found KeyC, and send to GBA. if this is
+  // not correct, GBA will not jump to the multiboot image it was sent.
+  u32 bootkey = docrc(0xBB,keyc) | 0xbb000000;
+  printf("BootKey = 0x%08lx\n",bootkey);
+  send(bootkey);
+  sleep(2);
+  return true;
+}
diff --git a/source/multiboot.h b/source/multiboot.h
new file mode 100644
index 0000000..a8f5d0d
--- /dev/null
+++ b/source/multiboot.h

@@ -0,0 +1,8 @@
+#ifndef MULTIBOOT_H_5C3CB904
+#define MULTIBOOT_H_5C3CB904
+#include <stdbool.h>
+bool sendMultibootImage();
+#endif /* end of include guard: MULTIBOOT_H_5C3CB904 */