about summary refs log tree commit diff stats
path: root/gba/source/main.c
diff options
context:
space:
mode:
Diffstat (limited to 'gba/source/main.c')
-rw-r--r--gba/source/main.c468
1 files changed, 99 insertions, 369 deletions
diff --git a/gba/source/main.c b/gba/source/main.c index 4e1e31f..9f97324 100644 --- a/gba/source/main.c +++ b/gba/source/main.c
@@ -1,380 +1,110 @@
1/* 1/*
2 * Example Gen3-multiboot payload by slipstream/RoL 2017. 2 * Copyright (C) 2017 hatkirby
3 * 3 *
4 * This software may be modified and distributed under the terms 4 * This software may be modified and distributed under the terms
5 * of the MIT license. See the LICENSE file for details. 5 * of the MIT license. See the LICENSE file for details.
6 *
7 * main.c: setup, call payload, return gracefully back to game
8 */ 6 */
9#include <gba.h> 7#include <gba.h>
10#include "payload.h" 8#include "gamedata.h"
9#include "link.h"
11 10
12void call_into_middle_of_titlescreen_func(u32 addr,u32 stackspace); 11int main(void)
12{
13 initializeLink();
13 14
14void decrypt_save_structures(pSaveBlock1 SaveBlock1,pSaveBlock2 SaveBlock2,pSaveBlock3 SaveBlock3) { 15 // Identify the host game.
15 if (GAME_RS) { 16 if (GAME_RUBY)
16 // R/S doesn't have save crypto. 17 {
17 return; 18 sendS32(1);
18 } 19 } else if (GAME_SAPP)
19 u8* sb1raw = (u8*)SaveBlock1; 20 {
20 u8* sb2raw = (u8*)SaveBlock2; 21 sendS32(2);
21 //u8* sb3raw = (u8*)SaveBlock3; // unused 22 } else if (GAME_FR)
22 23 {
23 u32* xor_key_ptr = (u32*)(&sb2raw[( GAME_EM ? 0xA8 : 0xF20 )]); 24 sendS32(3);
24 25 } else if (GAME_LG)
25 u32 xor_key = *xor_key_ptr; 26 {
26 u16 xor_key16 = (u16)xor_key; 27 sendS32(4);
27 if (!xor_key) { 28 } else if (GAME_EM)
28 // xor key is zero, nothing needs to be done. 29 {
29 return; 30 sendS32(5);
30 } 31 } else {
31 32 sendS32(-1);
32 u32* ptr_to_xor; 33 waitForAck();
33 u32 save_offset;
34 int i;
35 u32* bag_pocket_offsets;
36 u32* bag_pocket_counts;
37 if (GAME_FRLG) {
38 // loop over and decrypt various things
39 save_offset = 0x3D38 + 4;
40 for (i = 3; i >= 0; i--) {
41 ptr_to_xor = (u32*)(&sb1raw[save_offset]);
42 *ptr_to_xor ^= xor_key;
43 save_offset += 12;
44 }
45 for (i = 0; i <= 0x3f; i++) {
46 save_offset = 0x1200 + (i*sizeof(u32));
47 ptr_to_xor = (u32*)(&sb1raw[save_offset]);
48 *ptr_to_xor ^= xor_key;
49 }
50 // loop over each of the bag pockets and decrypt decrypt decrypt
51 bag_pocket_offsets = (u32[5]) { 0x310, 0x388, 0x430, 0x464, 0x54C };
52 bag_pocket_counts = (u32[5]) { 42, 30, 13, 58, 43 };
53 for (i = 0; i < 5; i++) {
54 for (int bag_i = 0; bag_i < bag_pocket_counts[i]; bag_i++) {
55 save_offset = bag_pocket_offsets[i] + (sizeof(u32) * bag_i) + 2;
56 *(u16*)(&sb1raw[save_offset]) ^= xor_key16;
57 }
58 }
59 // decrypt some more stuff
60 save_offset = 0xaf8;
61 ptr_to_xor = (u32*)(&sb1raw[save_offset]);
62 *ptr_to_xor ^= xor_key;
63 save_offset = 0x290;
64 ptr_to_xor = (u32*)(&sb1raw[save_offset]);
65 *ptr_to_xor ^= xor_key;
66 save_offset = 0x294;
67 *(u16*)(&sb1raw[save_offset]) ^= xor_key16;
68 } else { // Emerald
69 // loop over and decrypt various things
70 for (i = 0; i <= 0x3f; i++) {
71 save_offset = 0x159c + (i*sizeof(u32));
72 ptr_to_xor = (u32*)(&sb1raw[save_offset]);
73 *ptr_to_xor ^= xor_key;
74 }
75 // loop over each of the bag pockets and decrypt decrypt decrypt
76 bag_pocket_offsets = (u32[5]) { 0x560, 0x5D8, 0x650, 0x690, 0x790 };
77 bag_pocket_counts = (u32[5]) { 30, 30, 16, 64, 46 };
78 for (i = 0; i < 5; i++) {
79 for (int bag_i = 0; bag_i < bag_pocket_counts[i]; bag_i++) {
80 save_offset = bag_pocket_offsets[i] + (sizeof(u32) * bag_i) + 2;
81 *(u16*)(&sb1raw[save_offset]) ^= xor_key16;
82 }
83 }
84 // decrypt some more stuff
85 save_offset = 0x1F4;
86 ptr_to_xor = (u32*)(&sb1raw[save_offset]);
87 *ptr_to_xor ^= xor_key;
88 save_offset = 0x490;
89 ptr_to_xor = (u32*)(&sb1raw[save_offset]);
90 *ptr_to_xor ^= xor_key;
91 save_offset = 0x494;
92 *(u16*)(&sb1raw[save_offset]) ^= xor_key16;
93 }
94
95 *xor_key_ptr = 0;
96 return;
97
98}
99 34
100int main(void) { 35 return 0;
101 // check the ROM code, make sure this game is supported. 36 }
102 u8* ROM = (u8*) 0x8000000; 37
103 38 waitForAck();
104 u32 gamecode = (*(u32*)(&ROM[0xAC])); 39
105 40 // Get access to save data.
106 void(*loadsave)(char a1); 41 pSaveBlock1 SaveBlock1;
107 void(*mainloop)(); 42 pSaveBlock2 SaveBlock2;
108 void(*load_pokemon)(); 43 pSaveBlock3 SaveBlock3;
109 pSaveBlock1 gSaveBlock1; 44
110 pSaveBlock2 gSaveBlock2; 45 if (!initSaveData(&SaveBlock1, &SaveBlock2, &SaveBlock3))
111 pSaveBlock3 gSaveBlock3; 46 {
112 u32 titlemid = 0; 47 // Unsupported game version.
113 // get the address of the save loading function. 48 sendS32(-1);
114 switch (gamecode) { 49 waitForAck();
115 // --- R/S --- 50
116 case 'DVXA': // Ruby German 51 return 0;
117 case 'DPXA': // Sapphire German 52 }
118 // TODO: detect debug ROM? 53
119 gSaveBlock1 = (pSaveBlock1) 0x2025734; 54 sendS32(1);
120 gSaveBlock2 = (pSaveBlock2) 0x2024EA4; 55 waitForAck();
121 gSaveBlock3 = (pSaveBlock3) 0x20300A0; 56
122 loadsave = (void(*)(char)) 0x8126249; // same for v1.0 + v1.1 57 // Send trainer name.
123 mainloop = (void(*)()) 0x80003D9; 58 u8* trainerName = 0;
124 load_pokemon = (void(*)()) 0x8047da9;
125 break;
126 case 'FVXA': // Ruby French
127 case 'FPXA': // Sapphire French
128 gSaveBlock1 = (pSaveBlock1) 0x2025734;
129 gSaveBlock2 = (pSaveBlock2) 0x2024EA4;
130 gSaveBlock3 = (pSaveBlock3) 0x20300A0;
131 loadsave = (void(*)(char)) 0x8126351; // same for v1.0 + v1.1
132 mainloop = (void(*)()) 0x80003D9;
133 load_pokemon = (void(*)()) 0x8047e95;
134 break;
135 case 'IVXA': // Ruby Italian
136 case 'IPXA': // Sapphire Italian
137 gSaveBlock1 = (pSaveBlock1) 0x2025734;
138 gSaveBlock2 = (pSaveBlock2) 0x2024EA4;
139 gSaveBlock3 = (pSaveBlock3) 0x20300A0;
140 loadsave = (void(*)(char)) 0x8126249; // same for v1.0 + v1.1
141 mainloop = (void(*)()) 0x80003D9;
142 load_pokemon = (void(*)()) 0x8047dbd;
143 break;
144 case 'SVXA': // Ruby Spanish
145 case 'SPXA': // Sapphire Spanish
146 gSaveBlock1 = (pSaveBlock1) 0x2025734;
147 gSaveBlock2 = (pSaveBlock2) 0x2024EA4;
148 gSaveBlock3 = (pSaveBlock3) 0x20300A0;
149 loadsave = (void(*)(char)) 0x8126349; // same for v1.0 + v1.1
150 mainloop = (void(*)()) 0x80003D9;
151 load_pokemon = (void(*)()) 0x8047ea5;
152 break;
153 case 'EVXA': // Ruby English
154 case 'EPXA': // Sapphire English
155 gSaveBlock1 = (pSaveBlock1) 0x2025734;
156 gSaveBlock2 = (pSaveBlock2) 0x2024EA4;
157 gSaveBlock3 = (pSaveBlock3) 0x20300A0;
158 mainloop = (void(*)()) 0x80002A5;
159 switch (ROM[0xBC]) { // version number
160 case 0:
161 loadsave = (void(*)(char)) 0x8125EC9;
162 load_pokemon = (void(*)()) 0x8047a85;
163 break;
164 case 1:
165 case 2:
166 loadsave = (void(*)(char)) 0x8125EE9;
167 load_pokemon = (void(*)()) 0x8047aa5;
168 break;
169 default:
170 return 0; // unsupported version
171 }
172 break;
173 case 'JVXA': // Ruby Japanese
174 case 'JPXA': // Sapphire Japanese
175 gSaveBlock1 = (pSaveBlock1) 0x2025494;
176 gSaveBlock2 = (pSaveBlock2) 0x2024C04;
177 gSaveBlock3 = (pSaveBlock3) 0x202FDBC;
178 loadsave = (void(*)(char)) 0x8120d05; // same for v1.0 + v1.1
179 mainloop = (void(*)()) 0x80002A9;
180 load_pokemon = (void(*)()) 0x8044d55;
181 break;
182 /// --- FR/LG ---
183 // In FR/LG, the function that initialises the save-block pointers to default does not set up saveblock3.
184 // Which will need to be set up before loading the save if we want boxed Pokémon to not disappear.
185 // Oh, and loadsave() offset is different between FR and LG...
186 case 'DRPB': // FireRed German
187 case 'DGPB': // LeafGreen German
188 gSaveBlock1 = (pSaveBlock1) 0x202552C;
189 gSaveBlock2 = (pSaveBlock2) 0x2024588;
190 gSaveBlock3 = (pSaveBlock3) 0x2029314;
191 *(pSaveBlock3*)(0x3004f60) = gSaveBlock3;
192 loadsave = (void(*)(char)) ( GAME_FR ? 0x80da721 : 0x80da6f5 );
193 mainloop = (void(*)()) 0x8000425;
194 titlemid = 0x80791df;
195 load_pokemon = (void(*)()) 0x804c251;
196 break;
197 case 'FRPB': // FireRed French
198 case 'FGPB': // LeafGreen French
199 gSaveBlock1 = (pSaveBlock1) 0x202552C;
200 gSaveBlock2 = (pSaveBlock2) 0x2024588;
201 gSaveBlock3 = (pSaveBlock3) 0x2029314;
202 *(pSaveBlock3*)(0x3004f60) = gSaveBlock3;
203 loadsave = (void(*)(char)) ( GAME_FR ? 0x80da7e1 : 0x80da7b5 );
204 mainloop = (void(*)()) 0x8000417;
205 titlemid = 0x807929f;
206 load_pokemon = (void(*)()) 0x804c311;
207 break;
208 case 'IRPB': // FireRed Italian
209 case 'IGPB': // LeafGreen Italian
210 gSaveBlock1 = (pSaveBlock1) 0x202552C;
211 gSaveBlock2 = (pSaveBlock2) 0x2024588;
212 gSaveBlock3 = (pSaveBlock3) 0x2029314;
213 *(pSaveBlock3*)(0x3004f60) = gSaveBlock3;
214 loadsave = (void(*)(char)) ( GAME_FR ? 0x80da721 : 0x80da6f5 );
215 mainloop = (void(*)()) 0x8000425;
216 titlemid = 0x80791cb;
217 load_pokemon = (void(*)()) 0x804c23d;
218 break;
219 case 'SRPB': // FireRed Spanish
220 case 'SGPB': // LeafGreen Spanish
221 gSaveBlock1 = (pSaveBlock1) 0x202552C;
222 gSaveBlock2 = (pSaveBlock2) 0x2024588;
223 gSaveBlock3 = (pSaveBlock3) 0x2029314;
224 *(pSaveBlock3*)(0x3004f60) = gSaveBlock3;
225 loadsave = (void(*)(char)) ( GAME_FR ? 0x80da809 : 0x80da7dd );
226 mainloop = (void(*)()) 0x8000417;
227 titlemid = 0x80792b3;
228 load_pokemon = (void(*)()) 0x804c325;
229 break;
230 case 'ERPB': // FireRed English
231 case 'EGPB': // LeafGreen English
232 gSaveBlock1 = (pSaveBlock1) 0x202552C;
233 gSaveBlock2 = (pSaveBlock2) 0x2024588;
234 gSaveBlock3 = (pSaveBlock3) 0x2029314;
235 *(pSaveBlock3*)(0x3005010) = gSaveBlock3;
236 switch (ROM[0xBC]) { // version number
237 case 0:
238 loadsave = (void(*)(char)) ( GAME_FR ? 0x80da4fd : 0x80da4d1 );
239 mainloop = (void(*)()) 0x800041b;
240 titlemid = 0x807927b;
241 load_pokemon = (void(*)()) 0x804c231;
242 break;
243 case 1:
244 loadsave = (void(*)(char)) ( GAME_FR ? 0x80da511 : 0x80da4e5 );
245 mainloop = (void(*)()) 0x8000429;
246 titlemid = 0x807928f;
247 load_pokemon = (void(*)()) 0x804c245;
248 break;
249 default:
250 return 0; // unsupported version
251 }
252 break;
253 case 'JRPB': // FireRed Japanese
254 case 'JGPB': // LeafGreen Japanese
255 gSaveBlock1 = (pSaveBlock1) 0x202548C;
256 gSaveBlock2 = (pSaveBlock2) 0x20244E8;
257 gSaveBlock3 = (pSaveBlock3) 0x202924C;
258 *(pSaveBlock3*)(0x3005050) = gSaveBlock3;
259 switch (ROM[0xBC]) { // version number
260 case 0:
261 loadsave = (void(*)(char)) ( GAME_FR ? 0x80db4e5 : 0x80db4b9 );
262 mainloop = (void(*)()) 0x800041b;
263 titlemid = 0x8078a0f;
264 load_pokemon = (void(*)()) 0x804b9e9;
265 break;
266 case 1:
267 if ((gamecode << 8) == 'GPB\x00') {
268 // LeafGreen v1.1 Japanese is undumped.
269 // Therefore, it is unsupported.
270 // I will make guesses at the offsets in the comments, but I will not actually implement them until LeafGreen v1.1 is dumped.
271 return 0;
272 }
273 loadsave = (void(*)(char)) 0x80db529; // potential LG1.1 address: 0x80db4fd
274 mainloop = (void(*)()) 0x8000417;
275 titlemid = 0x8078987;
276 load_pokemon = (void(*)()) 0x804b9c5;
277 break;
278 default:
279 return 0; // unsupported version
280 }
281 break;
282 /// --- Emerald ---
283 // In Emerald, the saveblock pointer that isn't set up is saveblock1 (in FR/LG it was saveblock3).
284 // The initial save loading code after the copyright screen is also updated, now it sets up ASLR/crypto here before loading the save.
285 case 'DEPB': // Emerald German
286 gSaveBlock1 = (pSaveBlock1) 0x2025A00;
287 gSaveBlock2 = (pSaveBlock2) 0x2024A54;
288 gSaveBlock3 = (pSaveBlock3) 0x2029808;
289 *(pSaveBlock1*)(0x3005d8c) = gSaveBlock1;
290 loadsave = (void(*)(char)) 0x8153075;
291 mainloop = (void(*)()) 0x800042b;
292 titlemid = 0x816fdb5;
293 load_pokemon = (void(*)()) 0x8076dd5;
294 break;
295 case 'FEPB': // Emerald French
296 gSaveBlock1 = (pSaveBlock1) 0x2025A00;
297 gSaveBlock2 = (pSaveBlock2) 0x2024A54;
298 gSaveBlock3 = (pSaveBlock3) 0x2029808;
299 *(pSaveBlock1*)(0x3005d8c) = gSaveBlock1;
300 loadsave = (void(*)(char)) 0x815319d;
301 mainloop = (void(*)()) 0x800042b;
302 titlemid = 0x816fedd;
303 load_pokemon = (void(*)()) 0x8076dd1;
304 break;
305 case 'IEPB': // Emerald Italian
306 gSaveBlock1 = (pSaveBlock1) 0x2025A00;
307 gSaveBlock2 = (pSaveBlock2) 0x2024A54;
308 gSaveBlock3 = (pSaveBlock3) 0x2029808;
309 *(pSaveBlock1*)(0x3005d8c) = gSaveBlock1;
310 loadsave = (void(*)(char)) 0x8153065;
311 mainloop = (void(*)()) 0x800042b;
312 titlemid = 0x816fda5;
313 load_pokemon = (void(*)()) 0x8076dd5;
314 break;
315 case 'SEPB': // Emerald Spanish
316 gSaveBlock1 = (pSaveBlock1) 0x2025A00;
317 gSaveBlock2 = (pSaveBlock2) 0x2024A54;
318 gSaveBlock3 = (pSaveBlock3) 0x2029808;
319 *(pSaveBlock1*)(0x3005d8c) = gSaveBlock1;
320 loadsave = (void(*)(char)) 0x8153175;
321 mainloop = (void(*)()) 0x800042b;
322 titlemid = 0x816feb5;
323 load_pokemon = (void(*)()) 0x8076dd1;
324 break;
325 case 'EEPB': // Emerald English
326 gSaveBlock1 = (pSaveBlock1) 0x2025A00;
327 gSaveBlock2 = (pSaveBlock2) 0x2024A54;
328 gSaveBlock3 = (pSaveBlock3) 0x2029808;
329 *(pSaveBlock1*)(0x3005d8c) = gSaveBlock1;
330 loadsave = (void(*)(char)) 0x81534d1;
331 mainloop = (void(*)()) 0x800042b;
332 titlemid = 0x817014d;
333 load_pokemon = (void(*)()) 0x8076dd5;
334 break;
335 case 'JEPB': // Emerald Japanese
336 gSaveBlock1 = (pSaveBlock1) 0x20256A4;
337 gSaveBlock2 = (pSaveBlock2) 0x20246F8;
338 gSaveBlock3 = (pSaveBlock3) 0x20294AC;
339 *(pSaveBlock1*)(0x3005aec) = gSaveBlock1;
340 loadsave = (void(*)(char)) 0x815340d;
341 mainloop = (void(*)()) 0x800042b;
342 titlemid = 0x816ff45;
343 load_pokemon = (void(*)()) 0x80767dd;
344 break;
345 default:
346 return 0; // this game isn't supported
347 }
348 loadsave(0);
349 // now the save is loaded, we can do what we want with the loaded blocks.
350 // first, we're going to want to decrypt the parts that are crypted, if applicable.
351 decrypt_save_structures(gSaveBlock1,gSaveBlock2,gSaveBlock3);
352 // time to call the payload.
353 payload(gSaveBlock1,gSaveBlock2,gSaveBlock3);
354 // Now, we better call the function that sets the pokemon-related stuff from the structure elements of the loaded save again.
355 // Just in case the payload did something with that.
356 load_pokemon();
357 // In FR/LG/Emerald, just returning to the game is unwise.
358 // The game reloads the savefile.
359 // In FR/LG, this is done at the title screen after setting ASLR/saveblock-crypto up. (probably because at initial save-load, SaveBlock3 ptr isn't set up lol)
360 // So, better bypass the title screen and get the game to return directly to the Continue/New Game screen.
361 // In Emerald, the save reload happens after the Continue option was chosen, so we have no choice but to bypass everything and get the game to go straight to the overworld.
362 // Easiest way to do this is to call into the middle of the function we want, using an ASM wrapper to set up the stack.
363 // Here goes...
364 if (titlemid) {
365 // Function reserves an extra 4 bytes of stack space in FireRed/LeafGreen, and none in Emerald.
366 call_into_middle_of_titlescreen_func(titlemid,(GAME_EM ? 0 : 4));
367 }
368 // Now we've done what we want, time to return to the game.
369 // Can't just return, the game will reload the save.
370 // So let's just call the main-loop directly ;)
371 // turn the sound back on before we head back to the game
372 *(vu16 *)(REG_BASE + 0x84) = 0x8f;
373 // re-enable interrupts
374 REG_IME = 1;
375 mainloop();
376 // Anything past here will not be executed.
377 return 0;
378}
379 59
60 if (GAME_RS)
61 {
62 trainerName = SaveBlock2->rs.playerName;
63 } else if (GAME_FRLG)
64 {
65 trainerName = SaveBlock2->frlg.playerName;
66 } else if (GAME_EM)
67 {
68 trainerName = SaveBlock2->e.playerName;
69 }
380 70
71 u32 tn1 =
72 (trainerName[0] << 24)
73 | (trainerName[1] << 16)
74 | (trainerName[2] << 8)
75 | (trainerName[3]);
76
77 u32 tn2 =
78 (trainerName[4] << 24)
79 | (trainerName[5] << 16)
80 | (trainerName[6] << 8)
81 | (trainerName[7]);
82
83 sendU32(tn1);
84 waitForAck();
85
86 sendU32(tn2);
87 waitForAck();
88
89 // Send trainer ID.
90 u8* trainerId = 0;
91 if (GAME_RS)
92 {
93 trainerId = SaveBlock2->rs.playerTrainerId;
94 } else if (GAME_FRLG)
95 {
96 trainerId = SaveBlock2->frlg.playerTrainerId;
97 } else if (GAME_EM)
98 {
99 trainerId = SaveBlock2->e.playerTrainerId;
100 }
101
102 u32 tti =
103 (trainerId[1] << 8)
104 | (trainerId[0]);
105
106 sendU32(tti);
107 waitForAck();
108
109 // Halt();
110}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-10-31 02:19:06 +0000