General ARM7TDMI Information ARM CPU Overview ARM CPU Register Set ARM CPU Flags & Condition Field (cond) ARM CPU 26bit Memory Interface ARM CPU Exceptions ARM CPU Memory Alignments Further Information ARM Pseudo Instructions and Directives ARM CP15 System Control Coprocessor ARM CPU Instruction Cycle Times ARM CPU Versions ARM CPU Data Sheet |
ARM 32bit Opcodes (ARM Code) ARM Instruction Summary ARM Branch and Branch with Link (B, BL, BX, BLX, SWI, BKPT) ARM Data Processing (ALU) ARM Multiply and Multiply-Accumulate (MUL, MLA) ARM Special ARM9 Instructions (CLZ, QADD/QSUB) ARM PSR Transfer (MRS, MSR) ARM Memory: Single Data Transfer (LDR, STR, PLD) ARM Memory: Halfword, Doubleword, and Signed Data Transfer ARM Memory: Block Data Transfer (LDM, STM) ARM Memory: Single Data Swap (SWP) ARM Coprocessor (MRC/MCR, LDC/STC, CDP, MCRR/MRRC) |
ARM 16bit Opcodes (THUMB Code) When operating in THUMB state, cut-down 16bit opcodes are used. THUMB is supported on T-variants of ARMv4 and up, ie. ARMv4T, ARMv5T, etc. THUMB Instruction Summary THUMB Register Operations (ALU, BX) THUMB Memory Load/Store (LDR/STR) THUMB Memory Addressing (ADD PC/SP) THUMB Memory Multiple Load/Store (PUSH/POP and LDM/STM) THUMB Jumps and Calls |
| GBA Reference |
| GBA Technical Data |
ARM Mode ARM7TDMI 32bit RISC CPU, 16.78MHz, 32bit opcodes (GBA) THUMB Mode ARM7TDMI 32bit RISC CPU, 16.78MHz, 16bit opcodes (GBA) CGB Mode Z80/8080-style 8bit CPU, 4.2MHz or 8.4MHz (CGB compatibility) DMG Mode Z80/8080-style 8bit CPU, 4.2MHz (monochrome gameboy compatib.) |
BIOS ROM 16 KBytes Work RAM 288 KBytes (Fast 32K on-chip, plus Slow 256K on-board) VRAM 96 KBytes OAM 1 KByte (128 OBJs 3x16bit, 32 OBJ-Rotation/Scalings 4x16bit) Palette RAM 1 KByte (256 BG colors, 256 OBJ colors) |
Display 240x160 pixels (2.9 inch TFT color LCD display) BG layers 4 background layers BG types Tile/map based, or Bitmap based BG colors 256 colors, or 16 colors/16 palettes, or 32768 colors OBJ colors 256 colors, or 16 colors/16 palettes OBJ size 12 types (in range 8x8 up to 64x64 dots) OBJs/Screen max. 128 OBJs of any size (up to 64x64 dots each) OBJs/Line max. 128 OBJs of 8x8 dots size (under best circumstances) Priorities OBJ/OBJ: 0-127, OBJ/BG: 0-3, BG/BG: 0-3 Effects Rotation/Scaling, alpha blending, fade-in/out, mosaic, window Backlight GBA SP only (optionally by light on/off toggle button) |
Analogue 4 channel CGB compatible (3x square wave, 1x noise) Digital 2 DMA sound channels Output Built-in speaker (mono), or headphones socket (stereo) |
Gamepad 4 Direction Keys, 6 Buttons |
Serial Port Various transfer modes, 4-Player Link, Single Game Pak play |
GBA Game Pak max. 32MB ROM or flash ROM + max 64K SRAM CGB Game Pak max. 32KB ROM + 8KB SRAM (more memory requires banking) |
Size (mm) GBA: 145x81x25 - GBA SP: 82x82x24 (closed), 155x82x24 (stretch) |
Battery GBA GBA: 2x1.5V DC (AA), Life-time approx. 15 hours Battery SP GBA SP: Built-in rechargeable Lithium ion battery, 3.7V 600mAh External GBA: 3.3V DC 350mA - GBA SP: 5.2V DC 320mA |
---------------------------------------------------------------------------- |
____._____________...___.____
____/ : CARTRIDGE SIO : \____
| L _____________________ LED R |
| | | |
| _||_ | 2.9" TFT SCREEN | (A) |
| |_ _| | 240x160pix 61x40mm | (B) |
| || | NO BACKLIGHT | :::: |
| | | SPEAKR |
| STRT() |_____________________| :::: |
| SLCT() GAME BOY ADVANCE VOLUME |
|____ OFF-ON BATTERY 2xAA PHONES _==_|
\__.##.__________________,,___/
|
_______________________ _ | _____________________ | / / || || / / || 2.9" TFT SCREEN || / / || 240x160pix 61x40mm || / / || WITH BACKLIGHT || / / || || GBA SP SIDE VIEWS / / ||_____________________|| / / | GAME BOY ADVANCE SP | _____________________(_) |_______________________| |. . . . . . . .'.'. _| |_|________|________|_|_| |_CARTRIDGE_:_BATT._:_|_| <-- EXT1/EXT2 |L EXT1 EXT2 R| | (*) LEDSo _____________________ _ (VOL_||_ (A) o |_____________________(_) | |_ _| ,,,,,(B) | |. . . . . . . .'.'. _| | || ;SPK; | |_CARTRIDGE_:_BATT._:_|_| <-- EXT1/EXT2 | ''''' ON # _ _____________________ | SLCT STRT OFF# _____________________(_)_____________________| | CART. () () | |. . . . . . . .'.'. _| |_:___________________:_| |_CARTRIDGE_:_BATT._:_|_| <-- EXT1/EXT2 |
________________SIO_______________
| L __________________ R |
| | GBA-MICRO | |
| _||_ | 2.0" TFT SCREEN | (A)| +
||_ _| |240x160pix 42x28mm| (B) |VOL
| || | BACKLIGHT | | -
| |__________________| ... |
|___________SELECT__START__________|
PWR <--- CARTRIDGE SLOT ---> PHONES
|
_____________________________________
| _____________________ |
| | | |
| | 3" TFT SCREEN | |
| | 256x192pix 61x46mm | |
| | BACKLIGHT | |
| ::::: | Original NDS | ::::: |
| ::::: |_____________________| ::::: |
_| _ ______ _ |_ <-- gap between screens: 22mm
|L|_______| |________| |_| |_______|R| (equivalent to 90 pixels)
|_______ _____________________ _______|
| PWR | | | |SEL STA|
| _ | | 3" TFT SCREEN | | |
| _| |_ | | 256x192pix 61x46mm | | X |
||_ _|| | BACKLIGHT | | Y A |
| |_| | | TOUCH SCREEN | | B |
| | |_____________________| | |
|_______| NintendoDS |_______|
| MIC LEDS |
|_________________________________________|
VOL SLOT2(GBA) MIC/PHONES
|
_____________________________________
| _____________________ |
| | | |
| | 3" TFT SCREEN | |
| ... | 256x192pix 61x46mm | ... |
| ... | BACKLIGHT | ... |
| | NDS-LITE | |
| |_____________________| |
|___ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ____| <-- gap between screens: 23mm
L| _ |_____________MIC____________|LEDS|R
| _ _____________________ |
| _| |_ | | X |
||_ _|| 3" TFT SCREEN | Y A |PWR
| |_| | 256x192pix 61x46mm | B |
| | BACKLIGHT | |
| | TOUCH SCREEN |oSTART |
| |_____________________|oSELECT|
|_____________________________________|
VOL SLOT2(GBA) MIC/PHONES
|
_____________________________________
| _____________________ |
| | | O o | <-- CAM (O) and LED (o)
| | 3.25" TFT SCREEN | | (on backside)
| | 256x192pix 66x50mm | |
| | BACKLIGHT | |
| __ | DSi | __ |
| (__) |_____________________| (__) |
|___ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ____| <-- gap between screens: 23mm
L|LEDS|__________CAM__MIC_________| __ |R (88 pixels)
+ | _ _____________________ |
VOL| _| |_ | | X | <-- SD Card Slot
- ||_ _|| 3.25" TFT SCREEN | Y A |
| |_| | 256x192pix 66x50mm | B |
| | BACKLIGHT | |
| | TOUCH SCREEN |oSTART |
| POWERo|_____________________|oSELECT|
|_____________________________________|
MIC/PHONES
|
As DSi, but bigger case, and bigger 4.2" screens |
_________
L____------- -------____R
/ ___ \ / (Y) \Z
/ / O \ | (START) | (X)\ Z = Gameboy Player Menu
| \___/ \_______/ (A) | X or Y = Select button
|\ _ \ / (B) /|
| \___ _| |_ \ / ___ ___/ | optionally X/Y can be
| |\ |_ _| / \ / C \ /| | swapped with L/R (?)
| | \ |_| / \ \___/ / | |
| | \_____/ \_____/ | | analogue sticks = ?
\__/ \__/
|
_______ _______
/ Y \ / X \ Y/B = left bongo rear/front side
| . . . . |_| . . . . | X/A = right bongo rear/front side
| B |R| A | S = start/pause button
|\_______/|_|\_______/| R = microphone (triggers R button)
|\_______/|S|\_______/|
| |_| | (the X/Y inputs can be assigned to
|\_______/| |\_______/| GBA R/L inputs in GBA player setup)
\_______/ \_______/
|
| GBA Memory Map |
00000000-00003FFF BIOS - System ROM (16 KBytes) 00004000-01FFFFFF Not used 02000000-0203FFFF WRAM - On-board Work RAM (256 KBytes) 2 Wait 02040000-02FFFFFF Not used 03000000-03007FFF WRAM - On-chip Work RAM (32 KBytes) 03008000-03FFFFFF Not used 04000000-040003FE I/O Registers 04000400-04FFFFFF Not used |
05000000-050003FF BG/OBJ Palette RAM (1 Kbyte) 05000400-05FFFFFF Not used 06000000-06017FFF VRAM - Video RAM (96 KBytes) 06018000-06FFFFFF Not used 07000000-070003FF OAM - OBJ Attributes (1 Kbyte) 07000400-07FFFFFF Not used |
08000000-09FFFFFF Game Pak ROM/FlashROM (max 32MB) - Wait State 0 0A000000-0BFFFFFF Game Pak ROM/FlashROM (max 32MB) - Wait State 1 0C000000-0DFFFFFF Game Pak ROM/FlashROM (max 32MB) - Wait State 2 0E000000-0E00FFFF Game Pak SRAM (max 64 KBytes) - 8bit Bus width 0E010000-0FFFFFFF Not used |
10000000-FFFFFFFF Not used (upper 4bits of address bus unused) |
Region Bus Read Write Cycles BIOS ROM 32 8/16/32 - 1/1/1 Work RAM 32K 32 8/16/32 8/16/32 1/1/1 I/O 32 8/16/32 8/16/32 1/1/1 OAM 32 8/16/32 16/32 1/1/1 * Work RAM 256K 16 8/16/32 8/16/32 3/3/6 ** Palette RAM 16 8/16/32 16/32 1/1/2 * VRAM 16 8/16/32 16/32 1/1/2 * GamePak ROM 16 8/16/32 - 5/5/8 **/*** GamePak Flash 16 8/16/32 16/32 5/5/8 **/*** GamePak SRAM 8 8 8 5 ** |
* Plus 1 cycle if GBA accesses video memory at the same time. ** Default waitstate settings, see System Control chapter. *** Separate timings for sequential, and non-sequential accesses. One cycle equals approx. 59.59ns (ie. 16.78MHz clock). |
| GBA I/O Map |
4000000h 2 R/W DISPCNT LCD Control 4000002h 2 R/W - Undocumented - Green Swap 4000004h 2 R/W DISPSTAT General LCD Status (STAT,LYC) 4000006h 2 R VCOUNT Vertical Counter (LY) 4000008h 2 R/W BG0CNT BG0 Control 400000Ah 2 R/W BG1CNT BG1 Control 400000Ch 2 R/W BG2CNT BG2 Control 400000Eh 2 R/W BG3CNT BG3 Control 4000010h 2 W BG0HOFS BG0 X-Offset 4000012h 2 W BG0VOFS BG0 Y-Offset 4000014h 2 W BG1HOFS BG1 X-Offset 4000016h 2 W BG1VOFS BG1 Y-Offset 4000018h 2 W BG2HOFS BG2 X-Offset 400001Ah 2 W BG2VOFS BG2 Y-Offset 400001Ch 2 W BG3HOFS BG3 X-Offset 400001Eh 2 W BG3VOFS BG3 Y-Offset 4000020h 2 W BG2PA BG2 Rotation/Scaling Parameter A (dx) 4000022h 2 W BG2PB BG2 Rotation/Scaling Parameter B (dmx) 4000024h 2 W BG2PC BG2 Rotation/Scaling Parameter C (dy) 4000026h 2 W BG2PD BG2 Rotation/Scaling Parameter D (dmy) 4000028h 4 W BG2X BG2 Reference Point X-Coordinate 400002Ch 4 W BG2Y BG2 Reference Point Y-Coordinate 4000030h 2 W BG3PA BG3 Rotation/Scaling Parameter A (dx) 4000032h 2 W BG3PB BG3 Rotation/Scaling Parameter B (dmx) 4000034h 2 W BG3PC BG3 Rotation/Scaling Parameter C (dy) 4000036h 2 W BG3PD BG3 Rotation/Scaling Parameter D (dmy) 4000038h 4 W BG3X BG3 Reference Point X-Coordinate 400003Ch 4 W BG3Y BG3 Reference Point Y-Coordinate 4000040h 2 W WIN0H Window 0 Horizontal Dimensions 4000042h 2 W WIN1H Window 1 Horizontal Dimensions 4000044h 2 W WIN0V Window 0 Vertical Dimensions 4000046h 2 W WIN1V Window 1 Vertical Dimensions 4000048h 2 R/W WININ Inside of Window 0 and 1 400004Ah 2 R/W WINOUT Inside of OBJ Window & Outside of Windows 400004Ch 2 W MOSAIC Mosaic Size 400004Eh - - Not used 4000050h 2 R/W BLDCNT Color Special Effects Selection 4000052h 2 R/W BLDALPHA Alpha Blending Coefficients 4000054h 2 W BLDY Brightness (Fade-In/Out) Coefficient 4000056h - - Not used |
4000060h 2 R/W SOUND1CNT_L Channel 1 Sweep register (NR10) 4000062h 2 R/W SOUND1CNT_H Channel 1 Duty/Length/Envelope (NR11, NR12) 4000064h 2 R/W SOUND1CNT_X Channel 1 Frequency/Control (NR13, NR14) 4000066h - - Not used 4000068h 2 R/W SOUND2CNT_L Channel 2 Duty/Length/Envelope (NR21, NR22) 400006Ah - - Not used 400006Ch 2 R/W SOUND2CNT_H Channel 2 Frequency/Control (NR23, NR24) 400006Eh - - Not used 4000070h 2 R/W SOUND3CNT_L Channel 3 Stop/Wave RAM select (NR30) 4000072h 2 R/W SOUND3CNT_H Channel 3 Length/Volume (NR31, NR32) 4000074h 2 R/W SOUND3CNT_X Channel 3 Frequency/Control (NR33, NR34) 4000076h - - Not used 4000078h 2 R/W SOUND4CNT_L Channel 4 Length/Envelope (NR41, NR42) 400007Ah - - Not used 400007Ch 2 R/W SOUND4CNT_H Channel 4 Frequency/Control (NR43, NR44) 400007Eh - - Not used 4000080h 2 R/W SOUNDCNT_L Control Stereo/Volume/Enable (NR50, NR51) 4000082h 2 R/W SOUNDCNT_H Control Mixing/DMA Control 4000084h 2 R/W SOUNDCNT_X Control Sound on/off (NR52) 4000086h - - Not used 4000088h 2 BIOS SOUNDBIAS Sound PWM Control 400008Ah .. - - Not used 4000090h 2x10h R/W WAVE_RAM Channel 3 Wave Pattern RAM (2 banks!!) 40000A0h 4 W FIFO_A Channel A FIFO, Data 0-3 40000A4h 4 W FIFO_B Channel B FIFO, Data 0-3 40000A8h - - Not used |
40000B0h 4 W DMA0SAD DMA 0 Source Address 40000B4h 4 W DMA0DAD DMA 0 Destination Address 40000B8h 2 W DMA0CNT_L DMA 0 Word Count 40000BAh 2 R/W DMA0CNT_H DMA 0 Control 40000BCh 4 W DMA1SAD DMA 1 Source Address 40000C0h 4 W DMA1DAD DMA 1 Destination Address 40000C4h 2 W DMA1CNT_L DMA 1 Word Count 40000C6h 2 R/W DMA1CNT_H DMA 1 Control 40000C8h 4 W DMA2SAD DMA 2 Source Address 40000CCh 4 W DMA2DAD DMA 2 Destination Address 40000D0h 2 W DMA2CNT_L DMA 2 Word Count 40000D2h 2 R/W DMA2CNT_H DMA 2 Control 40000D4h 4 W DMA3SAD DMA 3 Source Address 40000D8h 4 W DMA3DAD DMA 3 Destination Address 40000DCh 2 W DMA3CNT_L DMA 3 Word Count 40000DEh 2 R/W DMA3CNT_H DMA 3 Control 40000E0h - - Not used |
4000100h 2 R/W TM0CNT_L Timer 0 Counter/Reload 4000102h 2 R/W TM0CNT_H Timer 0 Control 4000104h 2 R/W TM1CNT_L Timer 1 Counter/Reload 4000106h 2 R/W TM1CNT_H Timer 1 Control 4000108h 2 R/W TM2CNT_L Timer 2 Counter/Reload 400010Ah 2 R/W TM2CNT_H Timer 2 Control 400010Ch 2 R/W TM3CNT_L Timer 3 Counter/Reload 400010Eh 2 R/W TM3CNT_H Timer 3 Control 4000110h - - Not used |
4000120h 4 R/W SIODATA32 SIO Data (Normal-32bit Mode; shared with below) 4000120h 2 R/W SIOMULTI0 SIO Data 0 (Parent) (Multi-Player Mode) 4000122h 2 R/W SIOMULTI1 SIO Data 1 (1st Child) (Multi-Player Mode) 4000124h 2 R/W SIOMULTI2 SIO Data 2 (2nd Child) (Multi-Player Mode) 4000126h 2 R/W SIOMULTI3 SIO Data 3 (3rd Child) (Multi-Player Mode) 4000128h 2 R/W SIOCNT SIO Control Register 400012Ah 2 R/W SIOMLT_SEND SIO Data (Local of MultiPlayer; shared below) 400012Ah 2 R/W SIODATA8 SIO Data (Normal-8bit and UART Mode) 400012Ch - - Not used |
4000130h 2 R KEYINPUT Key Status 4000132h 2 R/W KEYCNT Key Interrupt Control |
4000134h 2 R/W RCNT SIO Mode Select/General Purpose Data 4000136h - - IR Ancient - Infrared Register (Prototypes only) 4000138h - - Not used 4000140h 2 R/W JOYCNT SIO JOY Bus Control 4000142h - - Not used 4000150h 4 R/W JOY_RECV SIO JOY Bus Receive Data 4000154h 4 R/W JOY_TRANS SIO JOY Bus Transmit Data 4000158h 2 R/? JOYSTAT SIO JOY Bus Receive Status 400015Ah - - Not used |
4000200h 2 R/W IE Interrupt Enable Register 4000202h 2 R/W IF Interrupt Request Flags / IRQ Acknowledge 4000204h 2 R/W WAITCNT Game Pak Waitstate Control 4000206h - - Not used 4000208h 2 R/W IME Interrupt Master Enable Register 400020Ah - - Not used 4000300h 1 R/W POSTFLG Undocumented - Post Boot Flag 4000301h 1 W HALTCNT Undocumented - Power Down Control 4000302h - - Not used 4000410h ? ? ? Undocumented - Purpose Unknown / Bug ??? 0FFh 4000411h - - Not used 4000800h 4 R/W ? Undocumented - Internal Memory Control (R/W) 4000804h - - Not used 4xx0800h 4 R/W ? Mirrors of 4000800h (repeated each 64K) 4700000h 4 W (3DS) Disable ARM7 bootrom overlay (3DS only) |
| GBA LCD Video Controller |
| LCD I/O Display Control |
Bit Expl. 0-2 BG Mode (0-5=Video Mode 0-5, 6-7=Prohibited) 3 Reserved / CGB Mode (0=GBA, 1=CGB; can be set only by BIOS opcodes) 4 Display Frame Select (0-1=Frame 0-1) (for BG Modes 4,5 only) 5 H-Blank Interval Free (1=Allow access to OAM during H-Blank) 6 OBJ Character VRAM Mapping (0=Two dimensional, 1=One dimensional) 7 Forced Blank (1=Allow FAST access to VRAM,Palette,OAM) 8 Screen Display BG0 (0=Off, 1=On) 9 Screen Display BG1 (0=Off, 1=On) 10 Screen Display BG2 (0=Off, 1=On) 11 Screen Display BG3 (0=Off, 1=On) 12 Screen Display OBJ (0=Off, 1=On) 13 Window 0 Display Flag (0=Off, 1=On) 14 Window 1 Display Flag (0=Off, 1=On) 15 OBJ Window Display Flag (0=Off, 1=On) |
Mode Rot/Scal Layers Size Tiles Colors Features 0 No 0123 256x256..512x515 1024 16/16..256/1 SFMABP 1 Mixed 012- (BG0,BG1 as above Mode 0, BG2 as below Mode 2) 2 Yes --23 128x128..1024x1024 256 256/1 S-MABP 3 Yes --2- 240x160 1 32768 --MABP 4 Yes --2- 240x160 2 256/1 --MABP 5 Yes --2- 160x128 2 32768 --MABP |
Bit Expl. 0 Green Swap (0=Normal, 1=Swap) 1-15 Not used |
| LCD I/O Interrupts and Status |
Bit Expl. 0 V-Blank flag (Read only) (1=VBlank) (set in line 160..226; not 227) 1 H-Blank flag (Read only) (1=HBlank) (toggled in all lines, 0..227) 2 V-Counter flag (Read only) (1=Match) (set in selected line) (R) 3 V-Blank IRQ Enable (1=Enable) (R/W) 4 H-Blank IRQ Enable (1=Enable) (R/W) 5 V-Counter IRQ Enable (1=Enable) (R/W) 6 Not used (0) / DSi: LCD Initialization Ready (0=Busy, 1=Ready) (R) 7 Not used (0) / NDS: MSB of V-Vcount Setting (LYC.Bit8) (0..262)(R/W) 8-15 V-Count Setting (LYC) (0..227) (R/W) |
Bit Expl. 0-7 Current Scanline (LY) (0..227) (R) 8 Not used (0) / NDS: MSB of Current Scanline (LY.Bit8) (0..262) (R) 9-15 Not Used (0) |
| LCD I/O BG Control |
Bit Expl. 0-1 BG Priority (0-3, 0=Highest) 2-3 Character Base Block (0-3, in units of 16 KBytes) (=BG Tile Data) 4-5 Not used (must be zero) (except in NDS mode: MSBs of char base) 6 Mosaic (0=Disable, 1=Enable) 7 Colors/Palettes (0=16/16, 1=256/1) 8-12 Screen Base Block (0-31, in units of 2 KBytes) (=BG Map Data) 13 BG0/BG1: Not used (except in NDS mode: Ext Palette Slot for BG0/BG1) 13 BG2/BG3: Display Area Overflow (0=Transparent, 1=Wraparound) 14-15 Screen Size (0-3) |
Value Text Mode Rotation/Scaling Mode 0 256x256 (2K) 128x128 (256 bytes) 1 512x256 (4K) 256x256 (1K) 2 256x512 (4K) 512x512 (4K) 3 512x512 (8K) 1024x1024 (16K) |
| LCD I/O BG Scrolling |
Bit Expl. 0-8 Offset (0-511) 9-15 Not used |
| LCD I/O BG Rotation/Scaling |
Bit Expl. 0-7 Fractional portion (8 bits) 8-26 Integer portion (19 bits) 27 Sign (1 bit) 28-31 Not used |
Bit Expl. 0-7 Fractional portion (8 bits) 8-14 Integer portion (7 bits) 15 Sign (1 bit) |
Rotation Center X and Y Coordinates (x0,y0) Rotation Angle (alpha) Magnification X and Y Values (xMag,yMag) |
A = Cos (alpha) / xMag ;distance moved in direction x, same line B = Sin (alpha) / xMag ;distance moved in direction x, next line C = Sin (alpha) / yMag ;distance moved in direction y, same line D = Cos (alpha) / yMag ;distance moved in direction y, next line |
x0,y0 Rotation Center x1,y1 Old Position of a pixel (before rotation/scaling) x2,y2 New position of above pixel (after rotation scaling) A,B,C,D BG2PA-BG2PD Parameters (as calculated above) |
x2 = A(x1-x0) + B(y1-y0) + x0 y2 = C(x1-x0) + D(y1-y0) + y0 |
| LCD I/O Window Feature |
Bit Expl. 0-7 X2, Rightmost coordinate of window, plus 1 8-15 X1, Leftmost coordinate of window |
Bit Expl. 0-7 Y2, Bottom-most coordinate of window, plus 1 8-15 Y1, Top-most coordinate of window |
Bit Expl. 0-3 Window 0 BG0-BG3 Enable Bits (0=No Display, 1=Display) 4 Window 0 OBJ Enable Bit (0=No Display, 1=Display) 5 Window 0 Color Special Effect (0=Disable, 1=Enable) 6-7 Not used 8-11 Window 1 BG0-BG3 Enable Bits (0=No Display, 1=Display) 12 Window 1 OBJ Enable Bit (0=No Display, 1=Display) 13 Window 1 Color Special Effect (0=Disable, 1=Enable) 14-15 Not used |
Bit Expl. 0-3 Outside BG0-BG3 Enable Bits (0=No Display, 1=Display) 4 Outside OBJ Enable Bit (0=No Display, 1=Display) 5 Outside Color Special Effect (0=Disable, 1=Enable) 6-7 Not used 8-11 OBJ Window BG0-BG3 Enable Bits (0=No Display, 1=Display) 12 OBJ Window OBJ Enable Bit (0=No Display, 1=Display) 13 OBJ Window Color Special Effect (0=Disable, 1=Enable) 14-15 Not used |
| LCD I/O Mosaic Function |
Bit Expl. 0-3 BG Mosaic H-Size (minus 1) 4-7 BG Mosaic V-Size (minus 1) 8-11 OBJ Mosaic H-Size (minus 1) 12-15 OBJ Mosaic V-Size (minus 1) 16-31 Not used |
| LCD I/O Color Special Effects |
Bit Expl.
0 BG0 1st Target Pixel (Background 0)
1 BG1 1st Target Pixel (Background 1)
2 BG2 1st Target Pixel (Background 2)
3 BG3 1st Target Pixel (Background 3)
4 OBJ 1st Target Pixel (Top-most OBJ pixel)
5 BD 1st Target Pixel (Backdrop)
6-7 Color Special Effect (0-3, see below)
0 = None (Special effects disabled)
1 = Alpha Blending (1st+2nd Target mixed)
2 = Brightness Increase (1st Target becomes whiter)
3 = Brightness Decrease (1st Target becomes blacker)
8 BG0 2nd Target Pixel (Background 0)
9 BG1 2nd Target Pixel (Background 1)
10 BG2 2nd Target Pixel (Background 2)
11 BG3 2nd Target Pixel (Background 3)
12 OBJ 2nd Target Pixel (Top-most OBJ pixel)
13 BD 2nd Target Pixel (Backdrop)
14-15 Not used
|
Bit Expl. 0-4 EVA Coefficient (1st Target) (0..16 = 0/16..16/16, 17..31=16/16) 5-7 Not used 8-12 EVB Coefficient (2nd Target) (0..16 = 0/16..16/16, 17..31=16/16) 13-15 Not used |
I = MIN ( 31, I1st*EVA + I2nd*EVB ) |
Bit Expl. 0-4 EVY Coefficient (Brightness) (0..16 = 0/16..16/16, 17..31=16/16) 5-31 Not used |
I = I1st + (31-I1st)*EVY ;For Brightness Increase I = I1st - (I1st)*EVY ;For Brightness Decrease |
| LCD VRAM Overview |
06000000-0600FFFF 64 KBytes shared for BG Map and Tiles 06010000-06017FFF 32 KBytes OBJ Tiles |
Item Depth Required Memory One Tile 4bit 20h bytes One Tile 8bit 40h bytes 1024 Tiles 4bit 8000h (32K) 1024 Tiles 8bit 10000h (64K) - excluding some bytes for BG map BG Map 32x32 800h (2K) BG Map 64x64 2000h (8K) |
Item Depth Required Memory One Tile 8bit 40h bytes 256 Tiles 8bit 4000h (16K) BG Map 16x16 100h bytes BG Map 128x128 4000h (16K) |
06000000-06013FFF 80 KBytes Frame 0 buffer (only 75K actually used) 06014000-06017FFF 16 KBytes OBJ Tiles |
06000000-06009FFF 40 KBytes Frame 0 buffer (only 37.5K used in Mode 4) 0600A000-06013FFF 40 KBytes Frame 1 buffer (only 37.5K used in Mode 4) 06014000-06017FFF 16 KBytes OBJ Tiles |
| LCD VRAM Character Data |
| LCD VRAM BG Screen Data Format (BG Map) |
Bit Expl.
0-9 Tile Number (0-1023) (a bit less in 256 color mode, because
there'd be otherwise no room for the bg map)
10 Horizontal Flip (0=Normal, 1=Mirrored)
11 Vertical Flip (0=Normal, 1=Mirrored)
12-15 Palette Number (0-15) (Not used in 256 color/1 palette mode)
|
Bit Expl. 0-7 Tile Number (0-255) |
| LCD VRAM Bitmap BG Modes |
Bit Expl. 0-4 Red Intensity (0-31) 5-9 Green Intensity (0-31) 10-14 Blue Intensity (0-31) 15 Not used in GBA Mode (in NDS Mode: Alpha=0=Transparent, Alpha=1=Normal) |
| LCD OBJ - Overview |
1210 (=304*4-6) If "H-Blank Interval Free" bit in DISPCNT register is 0 954 (=240*4-6) If "H-Blank Interval Free" bit in DISPCNT register is 1 |
Cycles per <n> Pixels OBJ Type OBJ Type Screen Pixel Range n*1 cycles Normal OBJs 8..64 pixels 10+n*2 cycles Rotation/Scaling OBJs 8..64 pixels (area clipped) 10+n*2 cycles Rotation/Scaling OBJs 16..128 pixels (double size) |
| LCD OBJ - OAM Attributes |
Bit Expl.
0-7 Y-Coordinate (0-255)
8 Rotation/Scaling Flag (0=Off, 1=On)
When Rotation/Scaling used (Attribute 0, bit 8 set):
9 Double-Size Flag (0=Normal, 1=Double)
When Rotation/Scaling not used (Attribute 0, bit 8 cleared):
9 OBJ Disable (0=Normal, 1=Not displayed)
10-11 OBJ Mode (0=Normal, 1=Semi-Transparent, 2=OBJ Window, 3=Prohibited)
12 OBJ Mosaic (0=Off, 1=On)
13 Colors/Palettes (0=16/16, 1=256/1)
14-15 OBJ Shape (0=Square,1=Horizontal,2=Vertical,3=Prohibited)
|
Bit Expl.
0-8 X-Coordinate (0-511)
When Rotation/Scaling used (Attribute 0, bit 8 set):
9-13 Rotation/Scaling Parameter Selection (0-31)
(Selects one of the 32 Rotation/Scaling Parameters that
can be defined in OAM, for details read next chapter.)
When Rotation/Scaling not used (Attribute 0, bit 8 cleared):
9-11 Not used
12 Horizontal Flip (0=Normal, 1=Mirrored)
13 Vertical Flip (0=Normal, 1=Mirrored)
14-15 OBJ Size (0..3, depends on OBJ Shape, see Attr 0)
Size Square Horizontal Vertical
0 8x8 16x8 8x16
1 16x16 32x8 8x32
2 32x32 32x16 16x32
3 64x64 64x32 32x64
|
Bit Expl. 0-9 Character Name (0-1023=Tile Number) 10-11 Priority relative to BG (0-3; 0=Highest) 12-15 Palette Number (0-15) (Not used in 256 color/1 palette mode) |
OBJ No. 0 with Priority relative to BG=1 ;hi OBJ prio, lo BG prio OBJ No. 1 with Priority relative to BG=0 ;lo OBJ prio, hi BG prio |
| LCD OBJ - OAM Rotation/Scaling Parameters |
1st Group - PA=07000006, PB=0700000E, PC=07000016, PD=0700001E 2nd Group - PA=07000026, PB=0700002E, PC=07000036, PD=0700003E etc. |
| LCD OBJ - VRAM Character (Tile) Mapping |
| LCD Color Palettes |
05000000-050001FF - BG Palette RAM (512 bytes, 256 colors) 05000200-050003FF - OBJ Palette RAM (512 bytes, 256 colors) |
Bit Expl. 0-4 Red Intensity (0-31) 5-9 Green Intensity (0-31) 10-14 Blue Intensity (0-31) 15 Not used |
| LCD Dimensions and Timings |
Visible 240 dots, 57.221 us, 960 cycles - 78% of h-time H-Blanking 68 dots, 16.212 us, 272 cycles - 22% of h-time Total 308 dots, 73.433 us, 1232 cycles - ca. 13.620 kHz |
Visible (*) 160 lines, 11.749 ms, 197120 cycles - 70% of v-time V-Blanking 68 lines, 4.994 ms, 83776 cycles - 30% of v-time Total 228 lines, 16.743 ms, 280896 cycles - ca. 59.737 Hz |
| GBA Sound Controller |
| GBA Sound Channel 1 - Tone & Sweep |
Bit Expl. 0-2 R/W Number of sweep shift (n=0-7) 3 R/W Sweep Frequency Direction (0=Increase, 1=Decrease) 4-6 R/W Sweep Time; units of 7.8ms (0-7, min=7.8ms, max=54.7ms) 7-15 - Not used |
X(t) = X(t-1) +/- X(t-1)/2^n |
Bit Expl. 0-5 W Sound length; units of (64-n)/256s (0-63) 6-7 R/W Wave Pattern Duty (0-3, see below) 8-10 R/W Envelope Step-Time; units of n/64s (1-7, 0=No Envelope) 11 R/W Envelope Direction (0=Decrease, 1=Increase) 12-15 R/W Initial Volume of envelope (1-15, 0=No Sound) |
0: 12.5% ( -_______-_______-_______ ) 1: 25% ( --______--______--______ ) 2: 50% ( ----____----____----____ ) (normal) 3: 75% ( ------__------__------__ ) |
Bit Expl. 0-10 W Frequency; 131072/(2048-n)Hz (0-2047) 11-13 - Not used 14 R/W Length Flag (1=Stop output when length in NR11 expires) 15 W Initial (1=Restart Sound) 16-31 - Not used |
| GBA Sound Channel 2 - Tone |
| GBA Sound Channel 3 - Wave Output |
Bit Expl. 0-4 - Not used 5 R/W Wave RAM Dimension (0=One bank/32 digits, 1=Two banks/64 digits) 6 R/W Wave RAM Bank Number (0-1, see below) 7 R/W Sound Channel 3 Off (0=Stop, 1=Playback) 8-15 - Not used |
Bit Expl. 0-7 W Sound length; units of (256-n)/256s (0-255) 8-12 - Not used. 13-14 R/W Sound Volume (0=Mute/Zero, 1=100%, 2=50%, 3=25%) 15 R/W Force Volume (0=Use above, 1=Force 75% regardless of above) |
Bit Expl. 0-10 W Sample Rate; 2097152/(2048-n) Hz (0-2047) 11-13 - Not used 14 R/W Length Flag (1=Stop output when length in NR31 expires) 15 W Initial (1=Restart Sound) 16-31 - Not used |
Wave RAM, single bank 32 digits Tone Frequency FFFFFFFFFFFFFFFF0000000000000000 65536/(2048-n) Hz FFFFFFFF00000000FFFFFFFF00000000 131072/(2048-n) Hz FFFF0000FFFF0000FFFF0000FFFF0000 262144/(2048-n) Hz FF00FF00FF00FF00FF00FF00FF00FF00 524288/(2048-n) Hz F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0 1048576/(2048-n) Hz |
| GBA Sound Channel 4 - Noise |
Bit Expl. 0-5 W Sound length; units of (64-n)/256s (0-63) 6-7 - Not used 8-10 R/W Envelope Step-Time; units of n/64s (1-7, 0=No Envelope) 11 R/W Envelope Direction (0=Decrease, 1=Increase) 12-15 R/W Initial Volume of envelope (1-15, 0=No Sound) 16-31 - Not used |
Bit Expl. 0-2 R/W Dividing Ratio of Frequencies (r) 3 R/W Counter Step/Width (0=15 bits, 1=7 bits) 4-7 R/W Shift Clock Frequency (s) 8-13 - Not used 14 R/W Length Flag (1=Stop output when length in NR41 expires) 15 W Initial (1=Restart Sound) 16-31 - Not used |
7bit: X=X SHR 1, IF carry THEN Out=HIGH, X=X XOR 60h ELSE Out=LOW 15bit: X=X SHR 1, IF carry THEN Out=HIGH, X=X XOR 6000h ELSE Out=LOW |
| GBA Sound Channel A and B - DMA Sound |
If Timer overflows then
Move 8bit data from FIFO to sound circuit.
If FIFO contains only 4 x 32bits (16 bytes) then
Request more data per DMA
Receive 4 x 32bit (16 bytes) per DMA
Endif
Endif
|
| GBA Sound Control Registers |
Bit Expl. 0-2 R/W Sound 1-4 Master Volume RIGHT (0-7) 3 - Not used 4-6 R/W Sound 1-4 Master Volume LEFT (0-7) 7 - Not used 8-11 R/W Sound 1-4 Enable Flags RIGHT (each Bit 8-11, 0=Disable, 1=Enable) 12-15 R/W Sound 1-4 Enable Flags LEFT (each Bit 12-15, 0=Disable, 1=Enable) |
Bit Expl. 0-1 R/W Sound # 1-4 Volume (0=25%, 1=50%, 2=100%, 3=Prohibited) 2 R/W DMA Sound A Volume (0=50%, 1=100%) 3 R/W DMA Sound B Volume (0=50%, 1=100%) 4-7 - Not used 8 R/W DMA Sound A Enable RIGHT (0=Disable, 1=Enable) 9 R/W DMA Sound A Enable LEFT (0=Disable, 1=Enable) 10 R/W DMA Sound A Timer Select (0=Timer 0, 1=Timer 1) 11 W? DMA Sound A Reset FIFO (1=Reset) 12 R/W DMA Sound B Enable RIGHT (0=Disable, 1=Enable) 13 R/W DMA Sound B Enable LEFT (0=Disable, 1=Enable) 14 R/W DMA Sound B Timer Select (0=Timer 0, 1=Timer 1) 15 W? DMA Sound B Reset FIFO (1=Reset) |
Bit Expl. 0 R Sound 1 ON flag (Read Only) 1 R Sound 2 ON flag (Read Only) 2 R Sound 3 ON flag (Read Only) 3 R Sound 4 ON flag (Read Only) 4-6 - Not used 7 R/W PSG/FIFO Master Enable (0=Disable, 1=Enable) (Read/Write) 8-31 - Not used |
Bit Expl. 0 - Not used 1-9 R/W Bias Level (Default=100h, converting signed samples into unsigned) 10-13 - Not used 14-15 R/W Amplitude Resolution/Sampling Cycle (Default=0, see below) 16-31 - Not used |
0 9bit / 32.768kHz (Default, best for DMA channels A,B) 1 8bit / 65.536kHz 2 7bit / 131.072kHz 3 6bit / 262.144kHz (Best for PSG channels 1-4) |
| GBA Comparison of CGB and GBA Sound |
| GBA Timers |
Bit Expl. 0-1 Prescaler Selection (0=F/1, 1=F/64, 2=F/256, 3=F/1024) 2 Count-up Timing (0=Normal, 1=See below) ;Not used in TM0CNT_H 3-5 Not used 6 Timer IRQ Enable (0=Disable, 1=IRQ on Timer overflow) 7 Timer Start/Stop (0=Stop, 1=Operate) 8-15 Not used |
| GBA DMA Transfers |
Bit Expl.
0-4 Not used
5-6 Dest Addr Control (0=Increment,1=Decrement,2=Fixed,3=Increment/Reload)
7-8 Source Adr Control (0=Increment,1=Decrement,2=Fixed,3=Prohibited)
9 DMA Repeat (0=Off, 1=On) (Must be zero if Bit 11 set)
10 DMA Transfer Type (0=16bit, 1=32bit)
11 Game Pak DRQ - DMA3 only - (0=Normal, 1=DRQ <from> Game Pak, DMA3)
12-13 DMA Start Timing (0=Immediately, 1=VBlank, 2=HBlank, 3=Special)
The 'Special' setting (Start Timing=3) depends on the DMA channel:
DMA0=Prohibited, DMA1/DMA2=Sound FIFO, DMA3=Video Capture
14 IRQ upon end of Word Count (0=Disable, 1=Enable)
15 DMA Enable (0=Off, 1=On)
|
2N+2(n-1)S+xI |
| GBA Communication Ports |
| SIO Normal Mode |
Bit Expl. 0-3 Undocumented (current SC,SD,SI,SO state, as for General Purpose mode) 4-8 Not used (Should be 0, bits are read/write-able though) 9-13 Not used (Always 0, read only) 14 Not used (Should be 0, bit is read/write-able though) 15 Must be zero (0) for Normal/Multiplayer/UART modes |
Bit Expl. 0 Shift Clock (SC) (0=External, 1=Internal) 1 Internal Shift Clock (0=256KHz, 1=2MHz) 2 SI State (opponents SO) (0=Low, 1=High/None) --- (Read Only) 3 SO during inactivity (0=Low, 1=High) (applied ONLY when Bit7=0) 4-6 Not used (Read only, always 0 ?) 7 Start Bit (0=Inactive/Ready, 1=Start/Active) 8-11 Not used (R/W, should be 0) 12 Transfer Length (0=8bit, 1=32bit) 13 Must be "0" for Normal Mode 14 IRQ Enable (0=Disable, 1=Want IRQ upon completion) 15 Not used (Read only, always 0) |
(Expl. Old SO=LOW kept output until 1st clock bit received). (Expl. New SO=HIGH is automatically output at transfer completion). |
Step Sender 1st Recipient 2nd Recipient Transfer 1: DATA #0 --> UNDEF --> UNDEF --> Transfer 2: DATA #1 --> DATA #0 --> UNDEF --> Transfer 3: DATA #2 --> DATA #1 --> DATA #0 --> Transfer 4: DATA #3 --> DATA #2 --> DATA #1 --> |
| SIO Multi-Player Mode |
Bit Expl. 0-3 Undocumented (current SC,SD,SI,SO state, as for General Purpose mode) 4-8 Not used (Should be 0, bits are read/write-able though) 9-13 Not used (Always 0, read only) 14 Not used (Should be 0, bit is read/write-able though) 15 Must be zero (0) for Normal/Multiplayer/UART modes |
Bit Expl. 0-1 Baud Rate (0-3: 9600,38400,57600,115200 bps) 2 SI-Terminal (0=Parent, 1=Child) (Read Only) 3 SD-Terminal (0=Bad connection, 1=All GBAs Ready) (Read Only) 4-5 Multi-Player ID (0=Parent, 1-3=1st-3rd child) (Read Only) 6 Multi-Player Error (0=Normal, 1=Error) (Read Only) 7 Start/Busy Bit (0=Inactive, 1=Start/Busy) (Read Only for Slaves) 8-11 Not used (R/W, should be 0) 12 Must be "0" for Multi-Player mode 13 Must be "1" for Multi-Player mode 14 IRQ Enable (0=Disable, 1=Want IRQ upon completion) 15 Not used (Read only, always 0) |
GBAs Bits Delays Timeout 1 18 None Yes 2 36 1 Yes 3 54 2 Yes 4 72 3 None |
| SIO UART Mode |
Bit Expl. 0-3 Undocumented (current SC,SD,SI,SO state, as for General Purpose mode) 4-8 Not used (Should be 0, bits are read/write-able though) 9-13 Not used (Always 0, read only) 14 Not used (Should be 0, bit is read/write-able though) 15 Must be zero (0) for Normal/Multiplayer/UART modes |
Bit Expl. 0-1 Baud Rate (0-3: 9600,38400,57600,115200 bps) 2 CTS Flag (0=Send always/blindly, 1=Send only when SC=LOW) 3 Parity Control (0=Even, 1=Odd) 4 Send Data Flag (0=Not Full, 1=Full) (Read Only) 5 Receive Data Flag (0=Not Empty, 1=Empty) (Read Only) 6 Error Flag (0=No Error, 1=Error) (Read Only) 7 Data Length (0=7bits, 1=8bits) 8 FIFO Enable Flag (0=Disable, 1=Enable) 9 Parity Enable Flag (0=Disable, 1=Enable) 10 Send Enable Flag (0=Disable, 1=Enable) 11 Receive Enable Flag (0=Disable, 1=Enable) 12 Must be "1" for UART mode 13 Must be "1" for UART mode 14 IRQ Enable (0=Disable, 1=IRQ when any Bit 4/5/6 become set) 15 Not used (Read only, always 0) |
| SIO JOY BUS Mode |
Bit Expl. 0-3 Undocumented (current SC,SD,SI,SO state, as for General Purpose mode) 4-8 Not used (Should be 0, bits are read/write-able though) 9-13 Not used (Always 0, read only) 14 Must be "1" for JOY BUS Mode 15 Must be "1" for JOY BUS Mode |
Bit Expl. 0 Device Reset Flag (Command FFh) (Read/Acknowledge) 1 Receive Complete Flag (Command 14h or 15h?) (Read/Acknowledge) 2 Send Complete Flag (Command 15h or 14h?) (Read/Acknowledge) 3-5 Not used 6 IRQ when receiving a Device Reset Command (0=Disable, 1=Enable) 7-31 Not used |
Bit Expl. 0 Not used 1 Receive Status Flag (0=Remote GBA is/was receiving) (Read Only?) 2 Not used 3 Send Status Flag (1=Remote GBA is/was sending) (Read Only?) 4-5 General Purpose Flag (Not assigned, may be used for whatever purpose) 6-31 Not used |
Receive FFh (Command) Send 00h (GBA Type number LSB (or MSB?)) Send 04h (GBA Type number MSB (or LSB?)) Send XXh (lower 8bits of SIOSTAT register) |
Receive 00h (Command) Send 00h (GBA Type number LSB (or MSB?)) Send 04h (GBA Type number MSB (or LSB?)) Send XXh (lower 8bits of SIOSTAT register) |
Receive 15h (Command) Receive XXh (Lower 8bits of JOY_RECV_L) Receive XXh (Upper 8bits of JOY_RECV_L) Receive XXh (Lower 8bits of JOY_RECV_H) Receive XXh (Upper 8bits of JOY_RECV_H) Send XXh (lower 8bits of SIOSTAT register) |
Receive 14h (Command) Send XXh (Lower 8bits of JOY_TRANS_L) Send XXh (Upper 8bits of JOY_TRANS_L) Send XXh (Lower 8bits of JOY_TRANS_H) Send XXh (Upper 8bits of JOY_TRANS_H) Send XXh (lower 8bits of SIOSTAT register) |
| SIO General-Purpose Mode |
Bit Expl. 0 SC Data Bit (0=Low, 1=High) 1 SD Data Bit (0=Low, 1=High) 2 SI Data Bit (0=Low, 1=High) 3 SO Data Bit (0=Low, 1=High) 4 SC Direction (0=Input, 1=Output) 5 SD Direction (0=Input, 1=Output) 6 SI Direction (0=Input, 1=Output, but see below) 7 SO Direction (0=Input, 1=Output) 8 SI Interrupt Enable (0=Disable, 1=Enable) 9-13 Not used 14 Must be "0" for General-Purpose Mode 15 Must be "1" for General-Purpose or JOYBUS Mode |
| SIO Control Registers Summary |
R.15 R.14 S.13 S.12 Mode 0 x 0 0 Normal 8bit 0 x 0 1 Normal 32bit 0 x 1 0 Multiplay 16bit 0 x 1 1 UART (RS232) 1 0 x x General Purpose 1 1 x x JOY BUS |
Bit 0 1 2 3 4 5 6 7 8 9 10 11 Normal Master Rate SI/In SO/Out - - - Start - - - - Multi Baud Baud SI/In SD/In ID# Err Start - - - - UART Baud Baud CTS Parity S R Err Bits FIFO Parity Send Recv |
| GBA Wireless Adapter |
| GBA Wireless Adapter Games |
bit Generations series (Japan only) Boktai 2: Solar Boy Django (Konami) Boktai 3: Sabata's Counterattack Classic NES Series: Donkey Kong Classic NES Series: Dr. Mario Classic NES Series: Ice Climber Classic NES Series: Pac-Man Classic NES Series: Super Mario Bros. Classic NES Series: Xevious Digimon Racing (Bandai) (No Wireless Adapter support in European release) Dragon Ball Z: Buu's Fury (Atari) Famicom Mini Series: #13 Balloon Fight Famicom Mini Series: #12 Clu Clu Land Famicom Mini Series: #16 Dig Dug Famicom Mini Series: #02 Donkey Kong Famicom Mini Series: #15 Dr. Mario Famicom Mini Series: #03 Ice Climber Famicom Mini Series: #18 Makaimura Famicom Mini Series: #08 Mappy Famicom Mini Series: #11 Mario Bros. Famicom Mini Series: #06 Pac-Man Famicom Mini Series: #30 SD Gundam World Scramble Wars Famicom Mini Series: #01 Super Mario Bros. Famicom Mini Series: #21 Super Mario Bros. Famicom Mini Series: #19 Twin Bee Famicom Mini Series: #14 Wrecking Crew Famicom Mini Series: #07 Xevious Hamtaro: Ham-Ham Games (Nintendo) Lord of the Rings: The Third Age, The (EA Games) Mario Golf: Advance Tour (Nintendo) Mario Tennis: Power Tour (Nintendo) Mega Man Battle Network 5: Team Protoman (Capcom) Mega Man Battle Network 5: Team Colonel (Capcom) Mega Man Battle Network 6: Cybeast Falzar Mega Man Battle Network 6: Cybeast Gregar Momotaro Dentetsu G: Make a Gold Deck! (Japan only) Pokemon Emerald (Nintendo) Pokemon FireRed (Nintendo) Pokemon LeafGreen (Nintendo) Sennen Kazoku (Japan only) Shrek SuperSlam Sonic Advance 3 |
| GBA Wireless Adapter Login |
rcnt=8000h ;\ rcnt=80A0h ; rcnt=80A2h ; reset adapter or so wait ; rcnt=80A0h ;/ siocnt=5003h ;\set 32bit normal mode, 2MHz internal clock rcnt=0000h ;/ passes=0, index=0 @@lop: passes=passes+1, if passes>32 then ERROR ;give up (usually only 10 passses) recv.lo=siodata AND FFFFh ;response from adapter recv.hi=siodata/10000h ;adapter's own "NI" data if send.hi<>recv.lo then index=0, goto @@stuck ;<-- fallback to index=0 if (send.lo XOR FFFFh)<>recv.lo then goto @@stuck if (send.hi XOR FFFFh)<>recv.hi then goto @@stuck index=index+1 @@stuck: send.lo=halfword[@@key_string+index*2] send.hi=recv.hi XOR FFFFh siodata=send.lo+(send.hi*10000h) siocnt.bit7=1 ;<-- start transmission if index<4 then goto @@lop ret @@key_string db 'NINTENDO',01h,80h ;10 bytes (5 halfwords; index=0..4) |
GBA ADAPTER
xxxx494E ;\ <--> xxxxxxxx
xxxx494E ; "NI" <--> "NI"/; 494EB6B1 ;\
NOT("NI") /; B6B1494E ;/ <--> \; 494EB6B1 ; NOT("NI")
\; B6B1544E ;\"NT" <--> "NT"/; 544EB6B1 ;/
NOT("NT") /; ABB1544E ;/ <--> \; 544EABB1 ;\NOT("NT")
\; ABB14E45 ;\"EN" <--> "EN"/; 4E45ABB1 ;/
NOT("EN") /; B1BA4E45 ;/ <--> \; 4E45B1BA ;\NOT("EN")
\; B1BA4F44 ;\"DO" <--> "DO"/; 4F44B1BA ;/
NOT("DO") /; B0BB4F44 ;/ <--> \; 4F44B0BB ;\NOT("DO")
\; B0BB8001 ;-fin <--> fin-; 8001B0BB ;/
\ \ \ \
\ LSBs=Own \ LSBs=Inverse of
\ Data.From.Gba \ Prev.Data.From.Gba
\ \
MSBs=Inverse of MSBs=Own
Prev.Data.From.Adapter Data.From.Adapter
|
| GBA Wireless Adapter Commands |
GBA Adapter 9966ppcch 80000000h ;-send command (cc), and num param_words (pp) <param01> 80000000h ;\ <param02> 80000000h ; send "pp" parameter word(s), if any ... ... ;/ 80000000h 9966rraah ;-recv ack (aa=cc+80h), and num response_words (rr) 80000000? <reply01> ;\ 80000000? <reply02> ; recv "rr" response word(s), if any ... ... ;/ |
wait until [4000128h].Bit2=0 ;want SI=0 set [4000128h].Bit3=1 ;set SO=1 wait until [4000128h].Bit2=1 ;want SI=1 set [4000128h].Bit3=0,Bit7=1 ;set SO=0 and start 32bit transfer |
Cmd Para Reply Name 10h - - Hello (send immediately after login) 11h - 1 Good/Bad response to cmd 16h ? 12h 13h - 1 14h 15h 16h 6 - Introduce (send game/user name) 17h 1 - Config (send after Hello) (eg. param=003C0420h or 003C043Ch) 18h 19h 1Ah 1Bh 1Ch - - 1Dh - NN Get Directory? (receive list of game/user names?) 1Eh - NN Get Directory? (receive list of game/user names?) 1Fh 1 - Select Game for Download (send 16bit Game_ID) |
20h - 1 21h - 1 Good/Bad response to cmd 1Fh ? 22h 23h 24h - - 25h ;use EXT clock! 26h - - 27h - - Begin Download ? ;use EXT clock! 28h 29h 2Ah 2Bh 2Ch 2Dh 2Eh 2Fh |
30h 1 - 31h 32h 33h 34h 35h ;use EXT clock! 36h 37h ;use EXT clock! 38h 39h 3Ah 3Bh 3Ch 3Dh - - Bye (return to language select) 3Eh 3Fh |
| GBA Wireless Adapter Component Lists |
U1 32pin Freescale MC13190 (2.4 GHz ISM band transceiver) U2 48pin Freescale CT3000 or CT3001 (depending on adapter version) X3 2pin 9.5MHz crystal |
Sticker on Case:
"GAME BOY advance, WIRELESS ADAPTER"
"Pat.Pend.Made in Philipines, CE0125(!)B"
"MODEL NO./MODELE NO.AGB-015 D-63760 Grossosteim P/AGB-A-WA-EUR-2 E3"
PCB: "19-C046-04, A-7" (top side) and "B-7" and Microchip ",\\" (bottom side)
PCB: white stamp "3104, 94V-0, RU, TW-15"
PCB: black stamp "22FDE"
U1 32pin "Freescale 13190, 4WFQ" (MC13190) (2.4 GHz ISM band transceiver)
U2 48pin "Freescale CT3001, XAC0445" (bottom side)
X3 2pin "D959L4I" (9.5MHz) (top side) (ca. 19 clks per 2us)
|
D1 5pin "D6F, 44" (top side, below X3) U71 6pin ".., () 2" (top side, right of X3, tiny black chip) B71 6pin "[]" (top side, right of X3, small white chip) ANT 2pin on-board copper wings Q? 3pin (top side, above CN1) Q? 3pin (top side, above CN1) D? 2pin "72" (top side, above CN1) D3 2pin "F2" (top side, above CN1) U200 4pin "MSV" (top side, above CN1) U202 5pin "LXKA" (top side, right of CN1) U203 4pin "M6H" (top side, right of CN1) CN1 6pin connector to GBA link port (top side) |
U201 5pin "LXVB" (bottom side, near CN1) U72 4pin "BMs" (bottom side, near ANT, tiny black chip) FL70 ?pin "[] o26" (bottom side, near ANT, bigger white chip) B70 6pin "[]" (bottom side, near ANT, small white chip) |
Sticker on Case: N/A PCB: "19-C046-03, A-1" (top side) and "B-1" and Microchip ",\\" (bottom side) PCB: white stamp "3204, TW-15, RU, 94V-0" PCB: black stamp "23MN" or "23NH" or so (smeared) U1 32pin "Freescale 13190, 4FGD" (top side) U2 48pin "Freescale CT3000, XAB0425" (bottom side) ;CT3000 (not CT3001) X3 2pin "9.5SKSS4GT" (top side) |
D1 5pin "D6F, 31" (top side, below X3) U71 6pin "P3, () 2" (top side, right of X3, tiny black chip) B71 6pin "[]" (top side, right of X3, small white chip) ANT 2pin on-board copper wings Q70 3pin (top side, above CN1) D? 2pin "72" (top side, above CN1) D3 2pin "F2" (top side, above CN1) U200 4pin "MSV" (top side, above CN1) U202 5pin "LXKH" (top side, right of CN1) U203 4pin "M6H" (top side, right of CN1) CN1 6pin connector to GBA link port (top side) |
U201 5pin "LXV2" (bottom side, near CN1) U70 6pin "AAG" (bottom side, near ANT, tiny black chip) FL70 ?pin "[] o26" (bottom side, near ANT, bigger white chip) B70 6pin "[]" (bottom side, near ANT, small white chip) |
Sticker "N/A" vs "Grossosteim P/AGB-A-WA-EUR-2 E3" PCB-markings "19-C046-03, A-1, 3204" vs "19-C046-04, A-7, 3104" U1 "CT3000, XAB0425" vs "CT3001, XAC0445" Transistors One transistor (Q70) vs Two transistors (both nameless) U70/U72 U70 "AAG" (6pin) vs U72 "BMs" (4pin) |
| GBA Infrared Communication |
Bit Expl. 0 Transmission Data (0=LED Off, 1=LED On) 1 READ Enable (0=Disable, 1=Enable) 2 Reception Data (0=None, 1=Signal received) (Read only) 3 AMP Operation (0=Off, 1=On) 4 IRQ Enable Flag (0=Disable, 1=Enable) 5-15 Not used |
| GBA Keypad Input |
Bit Expl. 0 Button A (0=Pressed, 1=Released) 1 Button B (etc.) 2 Select (etc.) 3 Start (etc.) 4 Right (etc.) 5 Left (etc.) 6 Up (etc.) 7 Down (etc.) 8 Button R (etc.) 9 Button L (etc.) 10-15 Not used |
Bit Expl. 0 Button A (0=Ignore, 1=Select) 1 Button B (etc.) 2 Select (etc.) 3 Start (etc.) 4 Right (etc.) 5 Left (etc.) 6 Up (etc.) 7 Down (etc.) 8 Button R (etc.) 9 Button L (etc.) 10-13 Not used 14 Button IRQ Enable (0=Disable, 1=Enable) 15 Button IRQ Condition (0=Logical OR, 1=Logical AND) |
| GBA Interrupt Control |
Bit Expl. 0 Disable all interrupts (0=Disable All, 1=See IE register) 1-31 Not used |
Bit Expl. 0 LCD V-Blank (0=Disable) 1 LCD H-Blank (etc.) 2 LCD V-Counter Match (etc.) 3 Timer 0 Overflow (etc.) 4 Timer 1 Overflow (etc.) 5 Timer 2 Overflow (etc.) 6 Timer 3 Overflow (etc.) 7 Serial Communication (etc.) 8 DMA 0 (etc.) 9 DMA 1 (etc.) 10 DMA 2 (etc.) 11 DMA 3 (etc.) 12 Keypad (etc.) 13 Game Pak (external IRQ source) (etc.) 14-15 Not used |
Bit Expl. 0 LCD V-Blank (1=Request Interrupt) 1 LCD H-Blank (etc.) 2 LCD V-Counter Match (etc.) 3 Timer 0 Overflow (etc.) 4 Timer 1 Overflow (etc.) 5 Timer 2 Overflow (etc.) 6 Timer 3 Overflow (etc.) 7 Serial Communication (etc.) 8 DMA 0 (etc.) 9 DMA 1 (etc.) 10 DMA 2 (etc.) 11 DMA 3 (etc.) 12 Keypad (etc.) 13 Game Pak (external IRQ source) (etc.) 14-15 Not used |
00000018 b 128h ;IRQ vector: jump to actual BIOS handler 00000128 stmfd r13!,r0-r3,r12,r14 ;save registers to SP_irq 0000012C mov r0,4000000h ;ptr+4 to 03FFFFFC (mirror of 03007FFC) 00000130 add r14,r15,0h ;retadr for USER handler $+8=138h 00000134 ldr r15,[r0,-4h] ;jump to [03FFFFFC] USER handler 00000138 ldmfd r13!,r0-r3,r12,r14 ;restore registers from SP_irq 0000013C subs r15,r14,4h ;return from IRQ (PC=LR-4, CPSR=SPSR) |
Addr. Size Expl. 3007FFCh 4 Pointer to user IRQ handler (32bit ARM code) 3007FF8h 2 Interrupt Check Flag (for IntrWait/VBlankIntrWait functions) 3007FF4h 4 Allocated Area 3007FF0h 4 Pointer to Sound Buffer 3007FE0h 16 Allocated Area 3007FA0h 64 Default area for SP_svc Supervisor Stack (4 words/time) 3007F00h 160 Default area for SP_irq Interrupt Stack (6 words/time) |
SP_svc=03007FE0h SP_irq=03007FA0h SP_usr=03007F00h |
| GBA System Control |
Bit Expl. 0-1 SRAM Wait Control (0..3 = 4,3,2,8 cycles) 2-3 Wait State 0 First Access (0..3 = 4,3,2,8 cycles) 4 Wait State 0 Second Access (0..1 = 2,1 cycles) 5-6 Wait State 1 First Access (0..3 = 4,3,2,8 cycles) 7 Wait State 1 Second Access (0..1 = 4,1 cycles; unlike above WS0) 8-9 Wait State 2 First Access (0..3 = 4,3,2,8 cycles) 10 Wait State 2 Second Access (0..1 = 8,1 cycles; unlike above WS0,WS1) 11-12 PHI Terminal Output (0..3 = Disable, 4.19MHz, 8.38MHz, 16.78MHz) 13 Not used 14 Game Pak Prefetch Buffer (Pipe) (0=Disable, 1=Enable) 15 Game Pak Type Flag (Read Only) (0=GBA, 1=CGB) (IN35 signal) 16-31 Not used |
Bit Expl. 0 Undocumented. First Boot Flag (0=First, 1=Further) 1-7 Undocumented. Not used. |
Bit Expl. 0-6 Undocumented. Not used. 7 Undocumented. Power Down Mode (0=Halt, 1=Stop) |
Bit Expl.
0 Disable 32K+256K WRAM (0=Normal, 1=Disable) (when off: empty/prefetch)
From endrift: bit0 swaps 00000000h-01FFFFFFh and 02000000h-03FFFFFFh
in GBA mode (but keeps BIOS protection)
1 Unknown (Read/Write-able)
2 Unknown (Read/Write-able)
3 Unknown, CGB? (Read/Write-able)
From shinyquagsire23: bit3 seems to disable the CGB bootrom (carts
without SRAM will typically boot with Nintendo logo skipped, and
carts with SRAM will typically crash somehow)
4 Unused (0)
5 Enable 256K WRAM (0=Disable, 1=Normal) (when off: mirror of 32K WRAM)
6-23 Unused (0)
24-27 Wait Control WRAM 256K (0-14 = 15..1 Waitstates, 15=Lockup)
28-31 Unknown (Read/Write-able)
|
| GBA GamePak Prefetch |
1) opcodes with internal cycles (I) which do not change R15, shift/rotate
register-by-register, load opcodes (ldr,ldm,pop,swp), multiply opcodes
2) opcodes that load/store memory (ldr,str,ldm,stm,etc.)
|
"Opcodes in GamePak ROM with Internal Cycles which do not change R15" |
| GBA Cartridges |
| GBA Cartridge Header |
Address Bytes Expl. 000h 4 ROM Entry Point (32bit ARM branch opcode, eg. "B rom_start") 004h 156 Nintendo Logo (compressed bitmap, required!) 0A0h 12 Game Title (uppercase ascii, max 12 characters) 0ACh 4 Game Code (uppercase ascii, 4 characters) 0B0h 2 Maker Code (uppercase ascii, 2 characters) 0B2h 1 Fixed value (must be 96h, required!) 0B3h 1 Main unit code (00h for current GBA models) 0B4h 1 Device type (usually 00h) (bit7=DACS/debug related) 0B5h 7 Reserved Area (should be zero filled) 0BCh 1 Software version (usually 00h) 0BDh 1 Complement check (header checksum, required!) 0BEh 2 Reserved Area (should be zero filled) --- Additional Multiboot Header Entries --- 0C0h 4 RAM Entry Point (32bit ARM branch opcode, eg. "B ram_start") 0C4h 1 Boot mode (init as 00h - BIOS overwrites this value!) 0C5h 1 Slave ID Number (init as 00h - BIOS overwrites this value!) 0C6h 26 Not used (seems to be unused) 0E0h 4 JOYBUS Entry Pt. (32bit ARM branch opcode, eg. "B joy_start") |
U Unique Code (usually "A" or "B" or special meaning) TT Short Title (eg. "PM" for Pac Man) D Destination/Language (usually "J" or "E" or "P" or specific language) |
A Normal game; Older titles (mainly 2001..2003) B Normal game; Newer titles (2003..) C Normal game; Not used yet, but might be used for even newer titles F Famicom/Classic NES Series (software emulated NES games) K Yoshi and Koro Koro Puzzle (acceleration sensor) P e-Reader (dot-code scanner) (or NDS PassMe image when gamecode="PASS") R Warioware Twisted (cartridge with rumble and z-axis gyro sensor) U Boktai 1 and 2 (cartridge with RTC and solar sensor) V Drill Dozer (cartridge with rumble) |
Usually an abbreviation of the game title (eg. "PM" for "Pac Man") (unless that gamecode was already used for another game, then TT is just random) |
J Japan P Europe/Elsewhere F French S Spanish E USA/English D German I Italian |
Value Expl. 01h Joybus mode 02h Normal mode 03h Multiplay mode |
Value Expl. 01h Slave #1 02h Slave #2 03h Slave #3 |
| GBA Cartridge ROM |
| GBA Cart Backup IDs |
EEPROM_Vnnn EEPROM 512 bytes or 8 Kbytes (4Kbit or 64Kbit) SRAM_Vnnn SRAM 32 Kbytes (256Kbit) FLASH_Vnnn FLASH 64 Kbytes (512Kbit) (ID used in older files) FLASH512_Vnnn FLASH 64 Kbytes (512Kbit) (ID used in newer files) FLASH1M_Vnnn FLASH 128 Kbytes (1Mbit) |
| GBA Cart Backup SRAM/FRAM |
| GBA Cart Backup EEPROM |
2 bits "11" (Read Request) n bits eeprom address (MSB first, 6 or 14 bits, depending on EEPROM) 1 bit "0" |
4 bits - ignore these 64 bits - data (conventionally MSB first) |
2 bits "10" (Write Request) n bits eeprom address (MSB first, 6 or 14 bits, depending on EEPROM) 64 bits data (conventionally MSB first) 1 bit "0" |
| GBA Cart Backup Flash ROM |
[E005555h]=AAh, [E002AAAh]=55h, [E005555h]=90h (enter ID mode) dev=[E000001h], man=[E000000h] (get device & manufacturer) [E005555h]=AAh, [E002AAAh]=55h, [E005555h]=F0h (terminate ID mode) |
dat=[E00xxxxh] (read byte from address xxxx) |
[E005555h]=AAh, [E002AAAh]=55h, [E005555h]=80h (erase command) [E005555h]=AAh, [E002AAAh]=55h, [E005555h]=10h (erase entire chip) wait until [E000000h]=FFh (or timeout) |
[E005555h]=AAh, [E002AAAh]=55h, [E005555h]=80h (erase command) [E005555h]=AAh, [E002AAAh]=55h, [E00n000h]=30h (erase sector n) wait until [E00n000h]=FFh (or timeout) |
old=IME, IME=0 (disable interrupts) [E005555h]=AAh, [E002AAAh]=55h, [E005555h]=A0h (erase/write sector command) [E00xxxxh+00h..7Fh]=dat[00h..7Fh] (write 128 bytes) IME=old (restore old IME state) wait until [E00xxxxh+7Fh]=dat[7Fh] (or timeout) |
[E005555h]=AAh, [E002AAAh]=55h, [E005555h]=A0h (write byte command) [E00xxxxh]=dat (write byte to address xxxx) wait until [E00xxxxh]=dat (or timeout) |
[E005555h]=F0h (force end of write/erase command) |
[E005555h]=AAh, [E002AAAh]=55h, [E005555h]=B0h (select bank command) [E000000h]=bnk (write bank number 0..1) |
ID Name Size Sectors AverageTimings Timeouts/ms Waits D4BFh SST 64K 16x4K 20us?,?,? 10, 40, 200 3,2 1CC2h Macronix 64K 16x4K ?,?,? 10,2000,2000 8,3 1B32h Panasonic 64K 16x4K ?,?,? 10, 500, 500 4,2 3D1Fh Atmel 64K 512x128 ?,?,? ...40.., 40 8,8 1362h Sanyo 128K ? ?,?,? ? ? ? ? 09C2h Macronix 128K ? ?,?,? ? ? ? ? |
| GBA Cart Backup DACS |
| GBA Cart I/O Port (GPIO) |
bit0-3 Data Bits 0..3 (0=Low, 1=High) bit4-15 not used (0) |
bit0-3 Direction for Data Port Bits 0..3 (0=In, 1=Out) bit4-15 not used (0) |
bit0 Register 80000C4h..80000C8h Control (0=Write-Only, 1=Read/Write) bit1-15 not used (0) |
GPIO | Boktai | Wario Bit Pin | RTC SOL | GYR RBL -----------+---------+--------- 0 ROM.1 | SCK CLK | RES - 1 ROM.2 | SIO RST | CLK - 2 ROM.21 | CS - | DTA - 3 ROM.22 | - FLG | - MOT -----------+---------+--------- IRQ ROM.43 | IRQ - | - - |
| GBA Cart Real-Time Clock (RTC) |
NDS_________GBA_________GBA/Params___ stat2 control (1-byte) datetime datetime (7-byte) time time (3-byte) stat1 force reset (0-byte) clkadjust force irq (0-byte) alarm1/int1 always FFh (boktai contains code for writing 1-byte to it) alarm2 always FFh (unused) free always FFh (unused) |
Bit Dir Expl. 0 - Not used 1 R/W IRQ duty/hold related? 2 - Not used 3 R/W Per Minute IRQ (30s duty) (0=Disable, 1=Enable) 4 - Not used 5 R/W Unknown? 6 R/W 12/24-hour Mode (0=12h, 1=24h) (usually 1) 7 R Power-Off (auto cleared on read) (0=Normal, 1=Failure, time lost) |
Boktai series ;which/how many titles? P-Letter series ;which/how many titles? Rockman EXE 4.5 Real Operation |
| GBA Cart Solar Sensor |
strh 0001h,[80000c8h] ;-enable R/W mode strh 0007h,[80000c6h] ;-init I/O direction strh 0002h,[80000c4h] ;-reset counter to zero (high=reset) (I/O bit0) strh 0000h,[80000c4h] ;-clear reset (low=normal) mov r0,0 ;-initial level @@lop: strh 0001h,[80000c4h] ;-clock high ;\increase counter (I/O bit1) strh 0000h,[80000c4h] ;-clock low ;/ ldrh r1,[80000c4h] ;-read port (I/O bit3) tst r1,08h ;\ addeq r0,1 ; loop until voltage match (exit with r0=00h..FFh), tsteq r0,100h ; or until failure/timeout (exit with r0=100h) beq @@lop ;/ |
E8h total darkness (including LED light, or daylight on rainy days) Dxh close to a 100 Watt Bulb 5xh reaches max level in boktai's solar gauge 00h close to a tactical nuclear bomb dropped on your city |
| GBA Cart Tilt Sensor |
E008000h (W) Write 55h to start sampling E008100h (W) Write AAh to start sampling E008200h (R) Lower 8 bits of X axis E008300h (R) Upper 4 bits of X axis, and Bit7: ADC Status (0=Busy, 1=Ready) E008400h (R) Lower 8 bits of Y axis E008500h (R) Upper 4 bits of Y axis |
wait until [E008300h].Bit7=1 or until timeout ;wait ready x = ([E008300h] AND 0Fh)*100h + [E008200h] ;get x y = ([E008500h] AND 0Fh)*100h + [E008400h] ;get y [E008000h]=55h, [E008100h]=AAh ;start next conversion |
X ranged between 0x2AF to 0x477, center at 0x392. Huh? Y ranged between 0x2C3 to 0x480, center at 0x3A0. Huh? |
| GBA Cart Gyro Sensor |
GPIO.Bit0 (W) Start Conversion GPIO.Bit1 (W) Serial Clock GPIO.Bit2 (R) Serial Data GPIO.Bit3 (W) Used for Rumble (not gyro related) |
read_gyro: mov r1,8000000h ;-cartridge base address mov r0,01h ;\enable R/W access strh r0,[r1,0c8h] ;/ mov r0,0bh ;\init direction (gpio2=input, others=output) strh r0,[r1,0c6h] ;/ ldrh r2,[r1,0c4h] ;-get current state (for keeping gpio3=rumble) orr r2,3 ;\ strh r2,[r1,0c4h] ;gpio0=1 ; start ADC conversion bic r2,1 ; strh r2,[r1,0c4h] ;gpio0=0 ;/ mov r0,00010000h ;stop-bit ;\ bic r2,2 ; @@lop: ; ldrh r3,[r1,0c4h] ;get gpio2=data ; read 16 bits strh r2,[r1,0c4h] ;gpio1=0=clk=low ; (4 dummy bits, plus 12 data bits) movs r3,r3,lsr 3 ;gpio2 to cy=data ; adcs r0,r0,r0 ;merge data, cy=done; orr r3,r2,2 ;set bit1 and delay ; strh r3,[r1,0c4h] ;gpio1=1=clk=high ; bcc @@lop ;/ bic r0,0f000h ;-strip upper 4 dummy bits (isolate 12bit adc) bx lr |
354h rotated in anti-clockwise direction (shock-speed) 64Dh rotated in anti-clockwise direction (normal fast) 6A3h rotated in anti-clockwise direction (slow) 6C0h no rotation (stopped) 6DAh rotation in clockwise direction (slow) 73Ah rotation in clockwise direction (normal fast) 9E3h rotation in clockwise direction (shock-speed) |
| GBA Cart Rumble |
| GBA Cart e-Reader |
________________ | ShortStrip | |L L| |o Center o| |n Region n| |g g| | may contain | |S pictures, S| |t instructions t| |r etc. r| |i i| |p p| |___ShortStrip___| |
| GBA Cart e-Reader Overview |
| GBA Cart e-Reader I/O Ports |
0 Output to PGA.Pin93 (which seems to be not connected to anything) 1-3 Unknown, read/write-able (not used by e-Reader BIOS) 4-15 Always zero (0) |
0 Always zero (0) 1 Reset Something? (0=Normal, 1=Reset) 2 Unknown, always set (1) 3 Unknown, read/write-able (not used by e-Reader BIOS) 4-7 Always zero (0) 8 Unknown, read/write-able (not used by e-Reader BIOS) 9-15 Always zero (0) |
0-6 Max Brightness (00h..7Fh; 00h=All black, 7Fh=One or more white) 7-15 Always zero |
0-7 Max Darkness (00h..7Fh; 00h=One or more black, 7Fh=All white) 8-15 Always zero |
0-6 Block Intensity Boundaries (0..7Fh; 7Fh=Whole block gets black) 7 Always zero |
0 Serial Data (Low/High) 1 Serial Clock (Low/High) 2 Serial Direction (0=Input, 1=Output) 3 Led/Irq Enable (0=Off, 1=On; Enable LED and Gamepak IRQ) 4 Start Scan (0=Off, 1=Start) (0-to-1 --> Resync line 0) 5 Phi 16MHz Output (0=Off, 1=On; Enable Clock for Camera, and for LED) 6 Power 3V Enable (0=Off, 1=On; Enable 3V Supply for Camera) 7 Not used (always 0) (sometimes 1) (Read only) |
0 Not used (always 0) 1 Scanline Flag (1=Scanline Received, 0=Acknowledge) 2-3 Not used (always 0) 4 Strange Bit (0=Normal, 1=Force Resync/Line0 on certain interval?) 5 LED Anode Voltage (0=3.0V, 1=5.1V; requires E00FFB0h.Bit3+5 to be set) 6 Not used (always 0) 7 Input from PGA.Pin22, always high (not used by e-Reader) (Read Only) |
Port Expl. (e-Reader Setting) 00h Maybe Chip ID (12h) (not used by e-Reader BIOS) (Read Only) 01h (05h) ;-Bit0: 1=auto-repeat scanning? 02h (0Eh) 10h-11h Vertical Scroll (calib_data[30h]+7) 12h-13h Horizontal Scroll (0030h) 14h-15h Vertical Size (00F6h=246) 16h-17h Horizontal Size (0140h=320) 20h-21h H-Blank Duration (00C4h) 22h-23h (0400h) ;-Upper-Blanking in dot-clock units? 25h (var) ;-bit1: 0=enable [57h..5Ah] ? 26h (var) ;\maybe a 16bit value 27h (var) ;/ 28h (00h) 30h Brightness/contrast (calib_data[31h]+/-nn) 31h-33h (014h,014h,014h) 34h Brightness/contrast (02h) 50h-52h 8bit Read/Write (not used by e-Reader BIOS) 53h-55h 2bit Read/Write (not used by e-Reader BIOS) 56h 8bit Read/Write (not used by e-Reader BIOS) 57h-58h 16bit value, used to autodetect/adjust register[30h] (Read Only) 59h-5Ah 16bit value, used to autodetect/adjust register[30h] (Read Only) 80h-FFh Mirrors of 00h..7Fh (not used by e-Reader BIOS) |
Port Expl. (e-Reader Setting) 00h (22h) 01h (50h) 02h-03h Vertical Scroll (calib_data[30h]+28h) 04h-05h Horizontal Scroll (001Eh) 06h-07h Vertical Size (00F6h) ;=246 08h-09h Horizontal Size (0140h) ;=320 0Ah-0Ch (not used by e-Reader BIOS) 0Dh (01h) 0Eh-0Fh (01EAh) ;=245*2 10h-11h (00F5h) ;=245 12h-13h (20h,F0h) ;maybe min/max values? 14h-15h (31h,C0h) ;maybe min/max values? 16h (00h) 17h-18h (77h,77h) 19h-1Ch (30h,30h,30h,30h) 1Dh-20h (80h,80h,80h,80h) 21h-FFh (not used by e-Reader BIOS) |
E00D000 14h ID String ('Card-E Reader 2001',0,0)
E00D014 2 Sector Checksum (NOT(x+x/10000h); x=sum of all other halfwords)
|
E00D016 8x6 [00h] Intensity Boundaries for 8x6 blocks ;see E00FF80h..AFh E00D046 1 [30h] Vertical scroll (0..36h) ;see type1.reg10h/type2.reg02h E00D047 1 [31h] Brightness or contrast ;see type1.reg30h E00D048 2 [32h] LED Duration ;see E00FFB2h..B3h E00D04A 2 [34h] Not used? (0000h) E00D04C 2 [36h] Signed value, related to adjusting the 8x6 blocks E00D04E 4 [38h] Not used? (00000077h) E00D052 4 [3Ch] Camera Type (0=none,1=DV488800,2=Whatever?) |
E00D056 FAAh Not used (zerofilled) (included in above checksum) |
call ereader_power_on call ereader_initialize for z=1 to number_of_frames for y=0 to 245 Wait until E00FFB1h.Bit1 gets set by hardware (can be handled by IRQ) Copy 14h halfwords from DFC0000h to buf+y*28h via DMA3 Reset E00FFB1h.Bit1 by software next y ;(could now check DFC0028h..DFC0086h/DFC0088h for adjusting E00FF00h..2Fh) ;(could now show image on screen, that may require to stop/pause scanning) next z call ereader_power_off Ret |
[4000204h]=5803h ;Init waitstates, and enable Phi 16MHz [DFA0000h].Bit1=1 Wait(10ms) [E00FFB0h]=40h ;Enable Power3V and reset other bits [DFA0000h].Bit1=0 [E00FFB1h]=20h ;Enable Power5V and reset other bits Wait(40ms) [E00FFB1h].Bit4=0 ;...should be already 0 ? [E00FFB0h]=40h+27h ;Phi16MHz=On, SioDtaClkDir=HighHighOut Ret |
[E00FFB0h]=04h ;Power3V=Off, Disable Everything, SioDtaClkDir=LowLowOut [DFA0000h].Bit1=0 ;...should be already 0 [E00FFB1h].Bit5=0 ;Power5V=Off Ret |
IF calib_data[3Ch] AND 03h = 1 THEN init_camera_type1 [E00FFB0h].Bit4=1 ;ScanStart IF calib_data[3Ch] AND 03h = 2 THEN init_camera_type2 Copy calib_data[00h..2Fh] to [E00FF80h+00h..2Fh] ;Intensity Boundaries Copy calib_data[32h..33h] to [E00FFB2h+00h..01h] ;LED Duration LSB,MSB [E00FFB0h].Bit3=1 ;LedIrqOn Ret |
x=MIN(0,calib_data[31h]-0Bh) Set Sio Registers (as shown for Camera Type 1, except below values...) Set Sio Registers [30h]=x [25h]=04h, [26h]=58h, [27h]=6Ch ;(could now detect/adjust <x> based on Sio Registers [57h..5Ah]) Set Sio Registers [30h]=x [25h]=06h, [26h]=E8h, [27h]=6Ch Ret |
Wait(0.5ms) Set Sio Registers (as shown for Camera Type 2) Ret |
Begin Write(A) Write(B) Read(C) Read(D) End Idle PwrOff
Dir ooooooo ooooooo ooooooo iiiiiii iiiiiii ooooooo ooooooo ooooooo
Dta ---____ AAAAAAA BBBBBBB xxxxxCx xxxxxDx ______- ------- _______
Clk ------_ ___---_ ___---_ ___---_ ___---_ ___---- ------- _______
|
Delay: Wait circa 2.5us, Ret SioBegin: SioDta=1, SioDir=Out, SioClk=1, Delay, SioDta=0, Delay, SioClk=0, Ret SioEnd: SioDta=0, SioDir=Out, Delay, SioClk=1, Delay, SioDta=1, Ret SioRead1bit: ;out: databit SioDir=In, Delay, SioClk=1, Delay, databit=SioDta, SioClk=0, Ret SioWrite1bit: ;in: databit SioDta=databit, SioDir=Out, Delay, SioClk=1, Delay, SioClk=0, Ret SioReadByte: ;in: endflag - out: data for i=7 to 0, data.bit<i>=SioRead1bit, next i, SioWrite1bit(endflag), Ret SioWriteByte: ;in: data - out: errorflag for i=7 to 0, Delay(huh/why?), SioWrite1bit(data.bit<i>), next i errorflag=SioRead1bit, SioDir=Out(huh/why?), Ret SioWriteRegisters: ;in: index, len, buffer SioBegin SioWriteByte(22h) ;command (set_index) (and write_data) SioWriteByte(index) ;index for i=0 to len-1 SioWriteByte(buffer[i]) ;write data (and auto-increment index) next SioEnd ret SioReadRegisters: ;in: index, len - out: buffer SioBegin SioWriteByte(22h) ;command (set_index) (without any write_data here) SioWriteByte(index) ;index SioBegin SioWriteByte(23h) ;command (read_data) (using above index) for i=0 to len-1 if i=len-1 then endflag=1 else endflag=0 buffer[i]=SioReadByte(endflag) ;read data (and auto-increment index) next SioEnd Ret |
C000000h-C7FFFFFh ROM (8MB) C800000h-DF7FFFFh Open Bus DF80000h-DF80001h Useless Register (R/W) DF80002h-DF9FFFFh Mirrors of DF80000h-DF80001h DFA0000h-DFA0001h Reset Register (R/W) DFA0002h-DFBFFFFh Mirrors of DFA0000h-DFA0001h DFC0000h-DFC0027h Scanline Data (320 Pixels) (R) DFC0028h-DFC0087h Brightest Pixels of 8x6 Blocks (R) DFC0088h Darkest Pixel of whole Image (R) DFC0089h-DFC00FFh Always zero DFC0100h-DFDFFFFh Mirrors of DFC0000h-DFC00FFh DFE0000h-DFFFFFFh Open Bus E000000h-E00CFFFh FLASH Bank 0 - Data E00D000h-E00DFFFh FLASH Bank 0 - Calibration Data E00E000h-E00EFFFh FLASH Bank 0 - Copy of Calibration Data E00F000h-E00FF7Fh FLASH Bank 0 - Unused region E000000h-E00EFFFh FLASH Bank 1 - Data E00F000h-E00FF7Fh FLASH Bank 1 - Unused region E00FF80h-E00FFAFh Intensity Boundaries for 8x6 Blocks (R/W) E00FFB0h Control Register 0 (R/W) E00FFB1h Control Register 1 (R/W) E00FFB2h-E00FFB3h LED Duration (16bit) (R/W) E00FFB4h-E00FFBFh Always zero E00FFC0h-E00FFFFh Mirror of E00FF80h-E00FFBFh |
Actual Shape Scanned Shape
XXXXX X X
XXXXXXX X X X
XXXXXXXXX X X X XX
XXXXXXXXX X X X XX
XXXXXXX XXXXXXX
XXXXX XXXXX
|
| GBA Cart e-Reader Dotcode Format |
XXX BLOCK 1 XXX BLOCK 2 XXX
XXXXX XXXXX XXXXX
XXXXX X X X X X X X X X X X X XXXXX X X X X X X X X X X X X XXXXX
XXXXX XXXXX XXXXX
XXX HHHHHHHHHHHHHHHHHHHH...... XXX HHHHHHHHHHHHHHHHHHHH...... XXX
.......................... ..........................
...... 3 short lines ..... ..........................
A..................................A..................................A..
A.... 26 long lines ....A........ X = Sync Marks ........A..
A.... (each 34 data dots) ....A........ H = Block Header ........A..
A....(not all lines shown here)....A........ . = Data Bits ........A..
A..................................A........ A = Address Bits ........A..
...... 3 short lines ..... ..........................
...(each 26 data dots).... ..........................
XXX .......................... XXX .......................... XXX
XXXXX XXXXX XXXXX
XXXXX X X X X X X X X X X X X XXXXX X X X X X X X X X X X X XXXXX
XXXXX XXXXX XXXXX
XXX XXX XXX
<ca. 35 blank lines>
___Snip____________________________________________________________________
|
addr[0] = 03FFh
for i = 1 to 53
addr[i] = addr[i-1] xor ((i and (-i)) * 769h)
if (i and 07h)=0 then addr[i] = addr[i] xor (769h)
if (i and 0Fh)=0 then addr[i] = addr[i] xor (769h*2)
if (i and 1Fh)=0 then addr[i] = addr[i] xor (769h*4) xor (769h)
next i
|
00h Unknown (00h)
01h Dotcode type (02h=Short, 03h=Long)
02h Unknown (00h)
03h Address of 1st Block (01h=Short, 19h=Long)
04h Total Fragment Size (40h) ;64 bytes per fragment, of which,
;48 bytes are actual data, the remaining
05h Error-Info Size (10h) ;16 bytes are error-info
06h Unknown (00h)
07h Interleave Value (1Ch=Short, 2Ch=Long)
08h..17h 16 bytes Reed-solomon error correction info for Block Header
|
4bit 00h 01h 02h 03h 04h 05h 06h 07h 08h 09h 0Ah 0Bh 0Ch 0Dh 0Eh 0Fh 5bit 00h 01h 02h 12h 04h 05h 06h 16h 08h 09h 0Ah 14h 0Ch 0Dh 11h 10h |
RAW Offset Content 000h..001h 1st 2 bytes of RAW Header 002h 1st byte of 1st fragment 003h 1st byte of 2nd fragment ... ... 002h+I-1 1st byte of last fragment 002h+I 2nd byte of 1st fragment 003h+I 2nd byte of 2nd fragment ... ... 002h+I*2-1 2nd byte of last fragment ... ... |
| GBA Cart e-Reader Data Format |
Data Header (48 bytes) Main-Title (17 bytes, or 33 bytes) Sub-Title(s) (3+18 bytes, or 33 bytes) (for each strip) (optional) VPK Size (2 byte value, total length of VPK Data in ALL strips) NULL Value (4 bytes, contained ONLY in 1st strip of GBA strips) VPK Data (length as defined in VPK Size entry, see above) |
Data Header (48 bytes) Main-Title (17 bytes, or 33 bytes) Sub-Title(s) (3+18 bytes, or 33 bytes) (for each strip) (optional) VPK Data (continued from previous strip) |
00h-01h Fixed (00h,30h)
02h Fixed (01h) ;01h="Do not calculate Global Checksum" ?
03h Primary Type (see below)
04h-05h Fixed (00h,01h) (don't care)
06h-07h Strip Size (0510h=Short, 0810h=Long Strip) ((I-1)*30h) (MSB,LSB)
08h-0Bh Fixed (00h,00h,10h,12h)
0Ch-0Dh Region/Type (see below)
0Eh Strip Type (02h=Short Strip, 01h=Long Strip) (don't care)
0Fh Fixed (00h) (don't care)
10h-11h Unknown (whatever) (don't care)
12h Fixed (10h) ;10h="Do calculate Data Checksum" ?
13h-14h Data Checksum (see below) (MSB,LSB)
15h-19h Fixed (19h,00h,00h,00h,08h)
1Ah-21h ID String ('NINTENDO')
22h-25h Fixed (00h,22h,00h,09h)
26h-29h Size Info (see below)
2Ah-2Dh Flags (see below)
2Eh Header Checksum (entries [0Ch-0Dh,10h-11h,26h-2Dh] XORed together)
2Fh Global Checksum (see below)
|
0 Card Type (upper bit) (see below) 1 Unknown (usually opposite of Bit0) (don't care) 2-7 Unknown (usually zero) |
0-3 Unknown (don't care) 4-7 Card Type (lower bits) (see below) 8-11 Region/Version (0=Japan/Original, 1=Non-japan, 2=Japan/Plus) 12-15 Unknown (don't care) |
0 Unknown (don't care)
1-4 Strip Number (01h..Number of strips)
5-8 Number of Strips (01h..0Ch) (01h..08h for Japan/Original version)
9-23 Size of all Strips (excluding Headers and Main/Sub-Titles)
(same as "VPK Size", but also including the 2-byte "VPK Size" value,
plus the 4-byte NULL value; if it is present)
24-31 Fixed (02h) (don't care)
|
0 Permission to save (0=Start Immediately, 1=Prompt for FLASH Saving) 1 Sub-Title Flag (0=Yes, 1=None) (Japan/Original: always 0=Yes) 2 Application Type (0=GBA/Z80, 1=NES) (Japan/Original: always 0=Z80) 3-31 Zero (0) (don't care) |
Bit Expl.
0-3 h1, values 1..15 shown as "10..150", value 0 is not displayed
4-6 i3, values 0..7 shown as "A..G,#"
7-13 i2, values 0..98 shown as "01..99" values 99..127 as "A0..C8"
14-18 i1, values 0..31 shown as "A..Z,-,_,{HP},.,{ID?},:"
19-22 Unknown
23 Disable stats (0=Show as "HP: h1 ID: i1-i2-i3", 1=Don't show it)
|
00h --> end-byte 81h,40h --> SPC 81h,43h..97h --> punctuation marks 82h,4Fh..58h --> "0..9" 82h,60h..79h --> "A..Z" 82h,81h..9Ah --> "a..z" |
00 = end-byte
01 = spc
02..0B = 0..9
0C..AF = japanese
B0..B4 = dash, male, female, comma, round-dot
B5..C0 = !"%&~?/+-:.'
C1..DA = A..Z
DB..DF = unused (blank)
E0..E5 = japanese
E6..FF = a..z
N/A = #$()*;<=>@[\]^_`{|}
|
00h..01h Blank Screen (?) 02h..03h Dotcode Application with 17byte-title, with stats, load music A 04h..05h Dotcode Application with 17byte-title, with stats, load music B 06h..07h P-Letter Attacks 08h..09h Construction Escape 0Ah..0Bh Construction Action 0Ch..0Dh Construction Melody Box 0Eh Dotcode Application with 33byte-title, without stats, load music A 0Fh Game specific cards 10h..1Dh P-Letter Viewer 1Eh..1Fh Same as 0Eh and 0Fh (see above) |
| GBA Cart e-Reader Program Code |
IF e-Reader is Non-Japanese, AND [2000008h] is outside of range of 2000000h..20000E3h, AND only if booted from camera (not when booted from FLASH?), THEN [2000008h]=[2000008h]-0001610Ch ELSE [2000008h] kept intact |
Store "B 20000C0h" at 2000000h ;redirect to RAM-entrypoint Zerofill 2000004h..20000BFh ;erase header (for better compression rate) Store 01h,01h at 20000C4h ;indicate RAM boot |
http://problemkaputt.de/everynes.htm |
for i=17h to 0 for j=07h to 0, nmi = nmi shr 1, if carry then nmi = nmi xor 8646h, next j nmi = nmi xor (byte[dmca_data+i] shl 8) next i dmca_data: db 0,0,'DMCA NINTENDO E-READER' |
Bit0-14 Lower bits of Entrypoint (0..7FFFh = Address 8000h..FFFFh) Bit15 Nametable Mode (0=Vertical Mirroring, 1=Horizontal Mirroring) |
(NES limitations, 1 16K program rom + 1-2 8K CHR rom, mapper 0 and 1) ines mapper 1 would be MMC1, rather than CNROM (ines mapper 3)? but, there are more or less NONE games that have 16K PRG ROM + 16K VROM? |
CB [Prefix] E0 RET PO E2 JP PO,nn E4 CALL PO,nn 27 DAA 76 HALT ED [Prefix] E8 RET PE EA JP PE,nn EC CALL PE,nn D3 OUT (n),A DD [IX Prefix] F3 DI 08 EX AF,AF' F4 CALL P,nn DB IN A,(n) FD [IY Prefix] FB EI D9 EXX FC CALL M,nn xx RST 00h..38h |
76 WAIT A frames, D3 WAIT n frames, and C7/CF RST 0/8 used for API calls. |
retry: ld bc,data // ld hl,00c8h ;src/dst lop: ld a,[bc] // inc bc // ld e,a ;lsb ld a,[bc] // inc bc // ld d,a ;msb dw 0bcfh ;aka rst 8 // db 0bh ;[4000000h+hl]=de (DMA registers) inc hl // inc hl // ld a,l cp a,0dch // jr nz,lop mod1 equ $+1 dw 37cfh ;aka rst 8 // db 37h ;bx 3E700F0h ;below executed only on jap/plus... on jap/plus, above 37cfh is hl=[400010Ch] ld a,3Ah // ld [mod1],a ;bx 3E700F0h (3Ah instead 37h) ld hl,1 // ld [mod2],hl // ld [mod3],hl ;base (0200010Ch instead 0201610Ch) jr retry data: mod2 equ $+1 dd loader ;40000C8h dma2sad (loader) ;\ dd 030000F0h ;40000CCh dma2dad (mirrored 3E700F0h) ; relocate loader dd 8000000ah ;40000D0h dma2cnt (copy 0Ah x 16bit) ;/ mod3 equ $+1 dd main ;40000D4h dma3sad (main) ;\prepare main reloc dd 02000000h ;40000D8h dma3dad (2000000h) ;/dma3cnt see loader .align 2 ;alignment for 16bit-halfword org $+201600ch ;jap/plus: adjusted to org $+200000ch loader: mov r0,80000000h ;(dma3cnt, copy 10000h x 16bit) mov r1,04000000h ;i/o base strb r1,[r1,208h] ;ime=0 (better disable ime before moving ram) str r0,[r1,0DCh] ;dma3cnt (relocate to 2000000h) mov r15,2000000h ;start relocated code at 2000000h in ARM state main: ;...insert/append whatever ARM code here... end |
| GBA Cart e-Reader API Functions |
db 76h ;Wait8bit A db D3h,xxh ;Wait8bit xxh db C7h,xxh ;RST0_xxh db CFh,xxh ;RST8_xxh ld r,[00xxh] ;get system values (addresses differ on jap/ori) ld r,[00C2h..C3h] ;GetKeyStateSticky (jap/ori: 9F02h..9F03h) ld r,[00C4h..C5h] ;GetKeyStateRaw (jap/ori: 9F04h..9F05h) ld r,[00C0h..C1h] ;see Exit and ExitRestart ld r,[00D0h..D3h] ;see Mul16bit |
bx [30075FCh] ;ApiVector ;in: r0=func_no,r1,r2,r3,[sp+0],[sp+4],[sp+8]=params bx lr ;Exit ;in: r0 (0=Restart, 2=To_Menu) |
RST0_00h FadeIn, A speed, number of frames (0..x)
RST0_01h FadeOut
RST0_02h BlinkWhite
RST0_03h (?)
RST0_04h (?) blend_func_unk1
RST0_05h (?)
RST0_06h (?)
RST0_07h (?)
RST0_08h (?)
RST0_09h (?) _020264CC_check
RST0_0Ah (?) _020264CC_free
RST0_0Bh N/A (bx 0)
RST0_0Ch N/A (bx 0)
RST0_0Dh N/A (bx 0)
RST0_0Eh N/A (bx 0)
RST0_0Fh N/A (bx 0)
RST0_10h LoadSystemBackground, A number of background (1..101), E bg# (0..3)
RST0_11h SetBackgroundOffset, A=bg# (0..3), DE=X, BC=Y
RST0_12h SetBackgroundAutoScroll
RST0_13h SetBackgroundMirrorToggle
RST0_14h (?)
RST0_15h (?)
RST0_16h (?) write_000000FF_to_02029494_
RST0_17h (?)
RST0_18h (?)
RST0_19h SetBackgroundMode, A=mode (0..2)
RST0_1Ah (?)
RST0_1Bh (?)
RST0_1Ch (?)
RST0_1Dh (?)
RST0_1Eh (?)
RST0_1Fh (?)
RST0_20h LayerShow
RST0_21h LayerHide
RST0_22h (?)
RST0_23h (?)
RST0_24h ... [20264DCh+A*20h+1Ah]=DE, [20264DCh+A*20h+1Ch]=BC
RST0_25h (?)
RST0_26h (?)
RST0_27h (?)
RST0_28h (?)
RST0_29h (?)
RST0_2Ah (?)
RST0_2Bh (?)
RST0_2Ch (?)
RST0_2Dh LoadCustomBackground, A bg# (0..3), DE pointer to struct_background,
max. tile data size = 3000h bytes, max. map data size = 1000h bytes
RST0_2Eh GBA: N/A - Z80: (?)
RST0_2Fh (?)
RST0_30h CreateSystemSprite, - - (what "- -" ???)
RST0_31h SpriteFree, HL sprite handle
RST0_32h SetSpritePos, HL=sprite handle, DE=X, BC=Y
RST0_33h (?) sprite_unk2
RST0_34h SpriteFrameNext
RST0_35h SpriteFramePrev
RST0_36h SetSpriteFrame, HL=sprite handle, E=frame number (0..x)
RST0_37h (?) sprite_unk3
RST0_38h (?) sprite_unk4
RST0_39h SetSpriteAutoMove, HL=sprite handle, DE=X, BC=Y
RST0_3Ah (?) sprite_unk5
RST0_3Bh (?) sprite_unk6
RST0_3Ch SpriteAutoAnimate
RST0_3Dh (?) sprite_unk7
RST0_3Eh SpriteAutoRotateUntilAngle
RST0_3Fh SpriteAutoRotateByAngle
RST0_40h SpriteAutoRotateByTime
RST0_41h (?) sprite_unk8
RST0_42h SetSpriteAutoMoveHorizontal
RST0_43h SetSpriteAutoMoveVertical
RST0_44h (?) sprite_unk9
RST0_45h SpriteDrawOnBackground
RST0_46h SpriteShow, HL=sprite handle
RST0_47h SpriteHide, HL=sprite handle
RST0_48h SpriteMirrorToggle
RST0_49h (?) sprite_unk10
RST0_4Ah (?) sprite_unk11
RST0_4Bh (?) sprite_unk12
RST0_4Ch GetSpritePos
RST0_4Dh CreateCustomSprite
RST0_4Eh (?)
RST0_4Fh (?) sprite_unk14
RST0_50h (?) sprite_unk15
RST0_51h (?) sprite_unk16
RST0_52h (?) sprite_unk17
RST0_53h (?) sprite_unk18
RST0_54h (?)
RST0_55h (?) sprite_unk20
RST0_56h (?)
RST0_57h SpriteMove
RST0_58h (?) sprite_unk22
RST0_59h (?) sprite_unk23
RST0_5Ah (?) sprite_unk24
RST0_5Bh SpriteAutoScaleUntilSize, C=speed (higher value is slower),
HL=sprite handle, DE=size (0100h = normal size,
lower value = larger, higher value = smaller)
RST0_5Ch SpriteAutoScaleBySize
RST0_5Dh SpriteAutoScaleWidthUntilSize
RST0_5Eh SpriteAutoScaleHeightBySize
RST0_5Fh (?)
RST0_60h (?)
RST0_61h (?)
RST0_62h (?)
RST0_63h (?)
RST0_64h hl=[[2024D28h+a*4]+12h]
RST0_65h (?) sprite_unk25
RST0_66h SetSpriteVisible, HL=sprite handle, E=(0=not visible, 1=visible)
RST0_67h (?) sprite_unk26
RST0_68h (?) set_sprite_unk27
RST0_69h (?) get_sprite_unk27
RST0_6Ah (?)
RST0_6Bh (?)
RST0_6Ch (?)
RST0_6Dh (?)
RST0_6Eh hl=[hl+000Ah] ;r0=[r1+0Ah]
RST0_6Fh (?)
RST0_70h (?)
RST0_71h (?)
RST0_72h (?)
RST0_73h (?)
RST0_74h (?)
RST0_75h (?)
RST0_76h (?)
RST0_77h (?)
RST0_78h (?)
RST0_79h (?)
RST0_7Ah (?)
RST0_7Bh (?)
RST0_7Ch (?) _0202FD2C_unk12
RST0_7Dh Wait16bit ;HL=num_frames (16bit variant of Wait8bit opcode/function)
RST0_7Eh SetBackgroundPalette, HL=src_addr, DE=offset, C=num_colors (1..x)
RST0_7Fh GetBackgroundPalette(a,b,c)
RST0_80h SetSpritePalette, HL=src_addr, DE=offset, C=num_colors (1..x)
RST0_81h GetSpritePalette(a,b,c)
RST0_82h ClearPalette
RST0_83h (?) _0202FD2C_unk11
RST0_84h (?)
RST0_85h (?)
RST0_86h (?)
RST0_87h (?) _0202FD2C_unk8
RST0_88h (?) _0202FD2C_unk7
RST0_89h (?)
RST0_8Ah (?) _0202FD2C_unk6
RST0_8Bh (?) _0202FD2C_unk5
RST0_8Ch GBA: N/A - Z80: (?)
RST0_8Dh GBA: N/A - Z80: (?)
RST0_8Eh (?)
RST0_8Fh WindowHide
RST0_90h CreateRegion, H=bg# (0..3), L=palbank# (0..15),
D,E,B,C=x1,y1,cx,cy (in tiles), return: n/a (no$note: n/a ???)
RST0_91h SetRegionColor
RST0_92h ClearRegion
RST0_93h SetPixel
RST0_94h GetPixel
RST0_95h DrawLine
RST0_96h DrawRect
RST0_97h (?) _0202FD2C_unk4
RST0_98h SetTextColor, A=region handle, D=color foreground (0..15),
E=color background (0..15)
RST0_99h DrawText, A=region handle, BC=pointer to text, D=X, E=Y
(non-japan uses ASCII text, but japanese e-reader's use STH ELSE?)
RST0_9Ah SetTextSize
RST0_9Bh (?) RegionUnk7
RST0_9Ch (?) _0202FD2C_unk3
RST0_9Dh (?) _0202FD2C_unk2
RST0_9Eh (?) _0202FD2C_unk1
RST0_9Fh Z80: (?) - GBA: SetBackgroundModeRaw
RST0_A0h (?)
RST0_A1h (?)
RST0_A2h (?) RegionUnk6
RST0_A3h GBA: N/A - Z80: (?)
RST0_A4h GBA: N/A - Z80: (?)
RST0_A5h (?)
RST0_A6h (?)
RST0_A7h (?)
RST0_A8h (?)
RST0_A9h (?)
RST0_AAh (?)
RST0_ABh (?)
RST0_ACh (?)
RST0_ADh (?) RegionUnk5
RST0_AEh [202FD2Ch+122h]=A
RST0_AFh [202FD2Ch+123h]=A
RST0_B0h [202FD2Ch+124h]=A
RST0_B1h (?)
RST0_B2h (?)
RST0_B3h GBA: N/A - Z80: Sqrt ;hl=sqrt(hl)
RST0_B4h GBA: N/A - Z80: ArcTan ;hl=ArcTan2(hl,de)
RST0_B5h Sine ;hl=sin(a)*de
RST0_B6h Cosine ;hl=cos(a)*de
RST0_B7h (?)
RST0_B8h (?)
RST0_B9h N/A (bx 0)
RST0_BAh N/A (bx 0)
RST0_BBh N/A (bx 0)
RST0_BCh N/A (bx 0)
RST0_BDh N/A (bx 0)
RST0_BEh N/A (bx 0)
RST0_BFh N/A (bx 0)
Below Non-Japan and Japan/Plus only (not Japan/Ori)
RST0_C0h GetTextWidth(a,b)
RST0_C1h GetTextWidthEx(a,b,c)
RST0_C2h (?)
RST0_C3h Z80: N/A (bx 0) - GBA: (?)
RST0_C4h (?)
RST0_C5h (?)
RST0_C6h (?)
RST0_C7h (?)
RST0_C8h (?)
RST0_C9h (?)
RST0_CAh (?)
RST0_CBh (?)
RST0_CCh (?)
RST0_CDh N/A (bx lr)
RST0_CEh ;same as RST0_3Bh, but with 16bit mask
RST0_CFh ;same as RST0_3Eh, but with 16bit de
RST0_D0h ;same as RST0_3Fh, but with 16bit de
RST0_D1h ;same as RST0_5Bh, but with 16bit de
RST0_D2h ;same as RST0_5Ch, but with 16bit de
RST0_D3h ;same as RST0_5Dh, but with 16bit de
RST0_D4h ;same as RST0_5Eh, but with 16bit de
RST0_D5h (?)
RST0_D6h (?)
RST0_D7h ;[202FD2Ch+125h]=A
RST0_D8h (?)
RST0_D9h (?)
RST0_DAh (?)
RST0_DBh ;A=[3003E51h]
RST0_DCh ;[3004658h]=01h
RST0_DDh DecompressVPKorNonVPK
RST0_DEh FlashWriteSectorSingle(a,b)
RST0_DFh FlashReadSectorSingle(a,b)
RST0_E0h SoftReset
RST0_E1h GetCartridgeHeader ;[hl+0..BFh]=[8000000h..80000BFh]
RST0_E2h GBA: N/A - Z80: bx hl ;in: hl=addr, af,bc,de,sp=param, out: a
RST0_E3h Z80: N/A (bx 0) - GBA: (?)
RST0_E4h (?)
RST0_E5h (?)
RST0_E6h (?)
RST0_E7h (?)
RST0_E8h (?)
RST0_E9h ;[2029498h]=0000h
RST0_EAh Z80: N/A (bx 0) - GBA: InitMemory(a)
RST0_EBh (?) BL_irq_sio_dma3
RST0_ECh ;hl = [3003E30h]*100h + [3003E34h]
RST0_EDh FlashWriteSectorMulti(a,b,c)
RST0_EEh FlashReadPart(a,b,c)
RST0_EFh ;A=((-([2029416h] xor 1)) OR (+([2029416h] xor 1))) SHR 31
RST0_F0h (?) _unk1
RST0_F1h RandomInit ;in: hl=random_seed
RST0_F2h (?)
Below Japan/Plus only
RST0_F3h (?)
RST0_F4h (?)
RST0_F5h (?)
RST0_F6h (?)
RST0_F7h GBA: N/A - Z80: (?)
Below is undefined/garbage (values as so in Z80 mode)
Jap/Ori: RST0_C0h N/A (bx 0)
Jap/Ori: RST0_C1h..FFh Overlaps RST8 jump list
Non-Jap: RST0_F3h..FFh Overlaps RST8 jump list
Jap/Pls: RST0_F8h..FFh Overlaps RST8 jump list
|
RST8_00h GBA: N/A - Z80: Exit ;[00C0h]=a ;(1=restart, 2=exit) RST8_01h GBA: N/A - Z80: Mul8bit ;hl=a*e RST8_02h GBA: N/A - Z80: Mul16bit ;hl=hl*de, s32[00D0h]=hl*de RST8_03h Div ;hl=hl/de RST8_04h DivRem ;hl=hl mod de RST8_05h PlaySystemSound ;in: hl=sound_number RST8_06h (?) sound_unk1 RST8_07h Random8bit ;a=random(0..FFh) RST8_08h SetSoundVolume RST8_09h BcdTime ;[de+0..5]=hhmmss(hl*bc) RST8_0Ah BcdNumber ;[de+0..4]=BCD(hl), [de+5]=00h RST8_0Bh IoWrite ;[4000000h+hl]=de RST8_0Ch IoRead ;de=[4000000h+hl] RST8_0Dh GBA: N/A - Z80: (?) RST8_0Eh GBA: N/A - Z80: (?) RST8_0Fh GBA: N/A - Z80: (?) RST8_10h GBA: N/A - Z80: (?) RST8_11h DivSigned ;hl=hl/de, signed RST8_12h RandomMax ;a=random(0..a-1) RST8_13h SetSoundSpeed RST8_14h hl=[202FD20h]=[2024CACh] RST8_15h hl=[2024CACh]-[202FD20h] RST8_16h SoundPause RST8_17h SoundResume RST8_18h PlaySystemSoundEx RST8_19h IsSoundPlaying RST8_1Ah (?) RST8_1Bh (?) RST8_1Ch (?) RST8_1Dh GetExitCount ;a=[2032D34h] RST8_1Eh Permille ;hl=de*1000/hl RST8_1Fh GBA: N/A - Z80: ExitRestart;[2032D38h]=a, [00C0h]=0001h ;a=? RST8_20h GBA: N/A - Z80: WaitJoypad ;wait until joypad<>0, set hl=joypad RST8_21h GBA: N/A - Z80: (?) RST8_22h (?) _sound_unk7 RST8_23h (?) _sound_unk8 RST8_24h (?) _sound_unk9 RST8_25h (?) _sound_unk10 RST8_26h Mosaic ;bg<n>cnt.bit6=a.bit<n>, [400004Ch]=de RST8_27h (?) RST8_28h (?) RST8_29h (?) RST8_2Ah (?) get_8bit_from_2030110h RST8_2Bh (?) RST8_2Ch (?) get_16bit_from_2030112h ;jap/ori: hl=[20077B2h] RST8_2Dh (?) get_16bit_from_2030114h ;jap/ori: hl=[20077B4h] RST8_2Eh (?) RST8_2Fh PlayCustomSound(a,b) Below not for Japanese/Original (the renumbered functions can be theoretically used on japanese/original) (but, doing so would blow forwards compatibility with japanese/plus) RST8_30h (ori: none) GBA: N/A - Z80: (?) RST8_31h (ori: none) PlayCustomSoundEx(a,b,c) RST8_32h (ori: RST8_30h) BrightnessHalf ;[4000050h]=00FFh,[4000054h]=0008h RST8_33h (ori: RST8_31h) BrightnessNormal ;[4000050h]=0000h RST8_34h (ori: RST8_32h) N/A (bx lr) RST8_35h (ori: RST8_33h) (?) RST8_36h (ori: RST8_34h) ResetTimer ;[400010Ch]=00000000h, [400010Eh]=A+80h RST8_37h (ori: RST8_35h) GetTimer ;hl=[400010Ch] RST8_38h (ori: none) GBA: N/A - Z80: (?) Below is undefined/reserved/garbage (values as so in Z80 mode) (can be used to tweak jap/ori to start GBA-code from inside of Z80-code) (that, after relocating code to 3000xxxh via DMA via IoWrite function) RST8_39h (ori: RST8_36h) bx 0140014h RST8_3Ah (ori: RST8_37h) bx 3E700F0h RST8_3Bh (ori: RST8_38h) bx 3E70000h+1 RST8_3Ch (ori: RST8_39h) bx 3E703E6h+1 RST8_3Dh (ori: RST8_3Ah) bx 3E703E6h+1 RST8_3Eh (ori: RST8_3Bh) bx 3E703E6h+1 RST8_3Fh (ori: RST8_3Ch) bx 3E703E6h+1 40h-FFh (ori: 3Dh-FFh) bx ... |
RSTX_00h Wait8bit ;for 16bit: RST0_7Dh RSTX_01h GetKeyStateSticky() RSTX_02h GetKeyStateRaw() RSTX_03h (?) RSTX_04h (?) |
| GBA Cart e-Reader VPK Decompression |
collected32bit=80000000h ;initially empty (endflag in bit31)
for i=0 to 3, id[i]=read_bits(8), next i, if id[0..3]<>'vpk0' then error
dest_end=dest+read_bits(32) ;size of decompressed data (of all strips)
method=read_bits(8), if method>1 then error
tree_index=0, load_huffman_tree, disproot=tree_index
tree_index=tree_index+1, load_huffman_tree, lenroot=tree_index
;above stuff is contained only in the first strip. below loop starts at
;current location in first strip, and does then continue in further strips.
decompress_loop:
if read_bits(1)=0 then ;copy one uncompressed data byte,
[dest]=read_bits(8), dest=dest+1 ;does work without huffman trees
else
if disproot=-1 or lenroot=-1 then error ;compression does require trees
disp=read_tree(disproot)
if method=1 ;disp*4 is good for 32bit ARM opcodes
if disp>2 then disp=disp*4-8 else disp=disp+4*read_tree(disproot)-7
len=read_tree(lenroot)
if len=0 or disp<=0 or dest+len-1>dest_end then error ;whoops
for j=1 to len, [dest]=[dest-disp], dest=dest+1, next j
if dest<dest_end then decompress_loop
ret
|
mov data=0
for i=1 to num
shl collected32bit,1 ;move next bit to carry, or set zeroflag if empty
if zeroflag
collected32bit=[src+0]*1000000h+[src+1]*10000h+[src+2]*100h+[src+3]
src=src+4 ;read data in 32bit units, in reversed byte-order
carryflag=1 ;endbit
rcl collected32bit,1 ;move bit31 to carry (and endbit to bit0)
rcl data,1 ;move carry to data
next i
ret(data)
|
i=root_index
while node[i].right<>-1 ;loop until reaching data node
if read_bits(1)=1 then i=node[i].right else i=node[i].left
i=node[i].left ;get number of bits
i=read_bits(i) ;read that number of bits
ret(i) ;return that value
|
stacktop=sp if read_bits(1)=1 then tree_index=-1, ret ;exit (empty) node[tree_index].right=-1 ;indicate data node node[tree_index].left=read_bits(8) ;store data value if read_bits(1)=1 then ret ;exit (only 1 data node at root) push tree_index ;save previous (child) node tree_index=tree_index+1 jmp data_injump load_loop: push tree_index ;save previous (child) node tree_index=tree_index+1 if read_bits(1)=1 then parent_node data_injump: node[tree_index].right=-1 ;indicate data node node[tree_index].left=read_bits(8) ;store data value jmp load_loop parent_node: pop node[tree_index].right ;store 1st child pop node[tree_index].left ;store 2nd child if sp<>stacktop then jmp load_loop if read_bits(1)=0 then error ;end bit (must be 1) ret |
| GBA Cart e-Reader Error Correction |
reverse_byte_order(data,dtalen)
zerofill_error_bytes(data,errlen)
for i=dtalen-1 to errlen ;loop across data portion
z = rev[ data[i] xor data[errlen-1] ] ;
for j=errlen-1 to 0 ;loop across error-info portion
if j=0 then x=00h else x=data[j-1]
if z<>FFh then
y=gg[j], if y<>FFh then
y=y+z, if y>=FFh then y=y-FFh
x=x xor pow[y]
data[j]=x
next j
next i
invert_error_bytes(data,errlen)
reverse_byte_order(data,dtalen)
|
reverse_byte_order(data,dtalen)
invert_error_bytes(data,errlen)
make_rev(data,dtalen)
for i=78h to 78h+errlen-1
x=0, z=0
for j=0 to dtalen-1
y=data[j]
if y<>FFh then
y=y+z, if y>=FFh then y=y-FFh
x=x xor pow[y]
z=z+i, if z>=FFh then z=z-FFh
next j
if x<>0 then error
next i
;(if errors occured, could correct them now)
make_pow(data,dtalen)
invert_error_bytes(data,errlen)
reverse_byte_order(data,dtalen)
|
for i=0 to len-1, data[i]=rev[data[i]], next i |
for i=0 to len-1, data[i]=pow[data[i]], next i |
for i=0 to len-1, data[i]=data[i] xor FFh, next i |
for i=0 to len-1, data[i]=00h, next i |
for i=0 to (len-1)/2, x=data[i], data[i]=data[len-i], data[len-i]=x, next i |
x=01h, pow[FFh]=00h, rev[00h]=FFh
for i=00h to FEh
pow[i]=x, rev[x]=i, x=x*2, if x>=100h then x=x xor 187h
next i
|
gg[0]=pow[78h]
for i=1 to errlen-1
gg[i]=01h
for j=i downto 0
if j=0 then y=00h else y=gg[j-1]
x=gg[j], if x<>00h then
x=rev[x]+78h+i, if x>=FFh then x=x-FFh
y=y xor pow[x]
gg[j]=y
next j
next i
make_rev(gg,errlen)
|
00h,4Bh,EBh,D5h,EFh,4Ch,71h,00h,F4h,00h,71h,4Ch,EFh,D5h,EBh,4Bh |
pow = alpha_to, but generated as shown above rev = index_of, dito b0 = 78h nn = dtalen kk = dtalen-errlen %nn = MOD FFh (for the ereader that isn't MOD dtalen) -1 = FFh |
| GBA Cart e-Reader File Formats |
| GBA Cart Unknown Devices |
| GBA Cart Protections |
| GBA Flashcards |
configure_flashcard(9E2468Ah,9413h) ;unlock flash advance cards turbo=1, send_command(8000000h,90h) ;enter ID mode (both chips, if any) maker=[8000000h], device=[8000000h+2] IF maker=device THEN device=[8000000h+4] ELSE turbo=0 flashcard_read_mode ;exit ID mode search (maker+device*10000h) in device_list total/erase/write_block_size = list_entry SHL turbo |
FOR x=1 to len/erase_block_size send_command(dest,20h) ;erase sector command send_command(dest,D0h) ;confirm erase sector dest=dest+erase_block_size IF wait_busy=okay THEN NEXT x enter_read_mode ;exit erase/status mode |
siz=write_block_size FOR x=1 to len/siz IF siz=2 THEN send_command(dest,10h) ;write halfword command IF siz>2 THEN send_command(dest,E8h) ;write to buffer command IF siz>2 THEN send_command(dest,16-1) ;buffer size 16 halfwords (per chip) FOR y=1 TO siz/2 [dest]=[src], dest=dest+2, src=src+2 ;write data to buffer NEXT y IF siz>2 THEN send_command(dest,D0h) ;confirm write to buffer IF wait_busy=okay THEN NEXT x enter_read_mode ;exit write/status mode |
[adr]=val IF turbo THEN [adr+2]=val |
send_command(8000000h,FFh) ;exit status mode send_command(8000000h,FFh) ;again maybe more stable (as in jeff's source) |
start=time REPEAT stat=[8000000h] XOR 80h IF turbo THEN stat=stat OR ([8000000h+2] XOR 80h) IF (stat AND 7Fh)>0 THEN error IF (stat AND 80h)=0 THEN ready IF time-start>5secs THEN timeout UNTIL ready OR error OR timeout IF error OR timeout THEN send_command(8000000h,50h) ;clear status |
[930ECA8h]=5354h [802468Ah]=1234h, repeated 500 times [800ECA8h]=5354h [802468Ah]=5354h [802468Ah]=5678h, repeated 500 times [930ECA8h]=5354h [802468Ah]=5354h [8ECA800h]=5678h [80268A0h]=1234h [802468Ah]=ABCDh, repeated 500 times [930ECA8h]=5354h [adr]=val |
configure_flashcard(942468Ah,???) |
ID Code Total Erase Write Name -??-00DCh ? ? ? Hudson Cart (???) 00160089h 4M 128K 32 Intel i28F320J3A (Flash Advance) 00170089h 8M 128K 32 Intel i28F640J3A (Flash Advance) 00180089h 16M 128K 32 Intel i28F128J3A (Flash Advance) 00E200B0h ? 64K 2 Sharp LH28F320BJE ? (Nintendo) |
| GBA Cheat Devices |
| GBA Cheat Codes - General Info |
| GBA Cheat Codes - Codebreaker/Xploder |
0000xxxx 000y Enable Code 1 - Game ID 1aaaaaaa 000z Enable Code 2 - Hook Address 2aaaaaaa yyyy [aaaaaaa]=[aaaaaaa] OR yyyy 3aaaaaaa 00yy [aaaaaaa]=yy 4aaaaaaa yyyy [aaaaaaa+0..(cccc-1)*ssss]=yyyy+0..(cccc-1)*ssss iiiicccc ssss parameters for above code 5aaaaaaa cccc [aaaaaaa+0..(cccc-1)]=11,22,33,44,etc. 11223344 5566 parameter bytes 1..6 for above code (example) 77880000 0000 parameter bytes 7..8 for above code (padded with zero) 6aaaaaaa yyyy [aaaaaaa]=[aaaaaaa] AND yyyy 7aaaaaaa yyyy IF [aaaaaaa]=yyyy THEN (next code) 8aaaaaaa yyyy [aaaaaaa]=yyyy 9xyyxxxx xxxx Enable Code 0 - Encrypt all following codes (optional) Aaaaaaaa yyyy IF [aaaaaaa]<>yyyy THEN (next code) Baaaaaaa yyyy IF [aaaaaaa]>yyyy THEN (next code) (signed comparison) Caaaaaaa yyyy IF [aaaaaaa]<yyyy THEN (next code) (signed comparison) D0000020 yyyy IF [joypad] AND yyyy = 0 THEN (next code) Eaaaaaaa yyyy [aaaaaaa]=[aaaaaaa]+yyyy Faaaaaaa yyyy IF [aaaaaaa] AND yyyy THEN (next code) |
crc=FFFFh for i=0 to FFFFh x=byte[i] xor (crc/100h) x=x xor (x/10h) crc=(crc*100h) xor (x*1001h) xor (x*20h) next i |
for i=0 to 2Fh, swaplist[i]=i, next i
randomizer = 1111h xor byte[code+4] ;LSB value
for i=0 to 4Fh
exchange swaplist[random MOD 30h] with swaplist[random MOD 30h]
next i
halfword[seedlist+0] = halfword[code+0] ;LSW address
randomizer = 4EFAD1C3h
for i=0 to byte[code+3]-91h, randomizer=random, next i ;MSB address
word[seedlist+2]=random, halfword[seedlist+6]=random
randomizer = F254h xor byte[code+5] ;MSB value
for i=0 to byte[code+5]-01h, randomizer=random, next i ;MSB value
word[seedlist+8]=random, halfword[seedlist+12]=random
;note: byte[code+2] = don't care
ret
|
randomizer=randomizer*41C64E6Dh+3039h, x=(randomizer SHL 14 AND C0000000h) randomizer=randomizer*41C64E6Dh+3039h, x=(randomizer SHR 1 AND 3FFF8000h)+x randomizer=randomizer*41C64E6Dh+3039h, x=(randomizer SHR 16 AND 00007FFFh)+x return(x) |
for i=2Fh to 0
j=swaplist[i]
bitno1=(i AND 7), index1=xlatlist[i/8]
bitno2=(j AND 7), index2=xlatlist[j/8]
exchange [code+index1].bitno1 with [code+index2].bitno2
next i
word[code+0] = word[code+0] xor word[seedlist+8]
i = (byte[code+3]*1010000h + byte[code+0]*100h + byte[code+5])
i = (halfword[code+1]*10001h) xor (word[seedlist+2]) xor i
i = (byte[seedlist+0]*1010101h) xor (byte[seedlist+1]*1000000h) xor i
j = (byte[code+5] + (byte[code+0] xor byte[code+4])*100h)
j = (byte[seedlist+0]*101h) xor halfword[seedlist+6] xor j
word[code+0] = i, halfword[code+4] = j
|
| GBA Cheat Codes - Gameshark/Action Replay V1/V2 |
0aaaaaaa 000000xx [aaaaaaa]=xx 1aaaaaaa 0000xxxx [aaaaaaa]=xxxx 2aaaaaaa xxxxxxxx [aaaaaaa]=xxxxxxxx 3000cccc xxxxxxxx write xxxxxxxx to (cccc-1) addresses (list in next codes) aaaaaaaa aaaaaaaa parameter for above code, containing two addresses each aaaaaaaa 00000000 last parameter for above, zero-padded if only one address 60aaaaaa y000xxxx [8000000h+aaaaaa*2]=xxxx (ROM Patch) 8a1aaaaa 000000xx IF GS_Button_Down THEN [a0aaaaa]=xx 8a2aaaaa 0000xxxx IF GS_Button_Down THEN [a0aaaaa]=xxxx 80F00000 0000xxxx IF GS_Button_Down THEN slowdown xxxx * ? cycles per hook Daaaaaaa 0000xxxx IF [aaaaaaa]=xxxx THEN (next code) E0zzxxxx 0aaaaaaa IF [aaaaaaa]=xxxx THEN (next 'zz' codes) Faaaaaaa 00000x0y Enable Code - Hook Routine xxxxxxxx 001DC0DE Enable Code - Game Code ID (value at [0ACh] in cartridge) DEADFACE 0000xxyy Change Encryption Seeds |
y=1 - Executes code handler without backing up the LR register. y=2 - Executes code handler and backs up the LR register. y=3 - Replaces a 32-bit pointer used for long-branches. x=0 - Must turn GSA off before loading game. x=1 - Must not do that. |
y=0 wait for the code handler to enable the patch y=1 patch is enabled before the game starts y=2 unknown ? |
FOR I=1 TO 32
A=A + (V*16+S0) XOR (V+I*9E3779B9h) XOR (V/32+S1)
V=V + (A*16+S2) XOR (A+I*9E3779B9h) XOR (A/32+S3)
NEXT I
|
S0=09F4FBBDh S1=9681884Ah S2=352027E9h S3=F3DEE5A7h |
FOR y=0 TO 3
FOR x=0 TO 3
z = T1[(xx+x) AND FFh] + T2[(yy+y) AND FFh]
Sy = Sy*100h + (z AND FFh)
NEXT x
NEXT y
|
| GBA Cheat Codes - Pro Action Replay V3 |
C4aaaaaa 0000yyyy Enable Code - Hook Routine at [8aaaaaa] xxxxxxxx 001DC0DE Enable Code - ID Code [080000AC] DEADFACE 0000xxxx Enable Code - Change Encryption Seeds 00aaaaaa xxxxxxyy [a0aaaaa..a0aaaaa+xxxxxx]=yy 02aaaaaa xxxxyyyy [a0aaaaa..a0aaaaa+xxxx*2]=yyyy 04aaaaaa yyyyyyyy [a0aaaaa]=yyyyyyyy 40aaaaaa xxxxxxyy [ [a0aaaaa] + xxxxxx ]=yy (Indirect) 42aaaaaa xxxxyyyy [ [a0aaaaa] + xxxx*2 ]=yyyy (Indirect) 44aaaaaa yyyyyyyy [ [a0aaaaa] ]=yyyyyyyy (Indirect) 80aaaaaa 000000yy [a0aaaaa]=[a0aaaaa]+yy 82aaaaaa 0000yyyy [a0aaaaa]=[a0aaaaa]+yyyy 84aaaaaa yyyyyyyy [a0aaaaa]=[a0aaaaa]+yyyyyyyy C6aaaaaa 0000yyyy [4aaaaaa]=yyyy (I/O Area) C7aaaaaa yyyyyyyy [4aaaaaa]=yyyyyyyy (I/O Area) iiaaaaaa yyyyyyyy IF [a0aaaaa] <cond> <value> THEN <action> 00000000 60000000 ELSE (?) 00000000 40000000 ENDIF (?) 00000000 0800xx00 AR Slowdown : loops the AR xx times 00000000 00000000 End of the code list 00000000 10aaaaaa 000000zz 00000000 IF AR_BUTTON THEN [a0aaaaa]=zz 00000000 12aaaaaa 0000zzzz 00000000 IF AR_BUTTON THEN [a0aaaaa]=zzzz 00000000 14aaaaaa zzzzzzzz 00000000 IF AR_BUTTON THEN [a0aaaaa]=zzzzzzzz 00000000 18aaaaaa 0000zzzz 00000000 [8000000+aaaaaa*2]=zzzz (ROM Patch 1) 00000000 1Aaaaaaa 0000zzzz 00000000 [8000000+aaaaaa*2]=zzzz (ROM Patch 2) 00000000 1Caaaaaa 0000zzzz 00000000 [8000000+aaaaaa*2]=zzzz (ROM Patch 3) 00000000 1Eaaaaaa 0000zzzz 00000000 [8000000+aaaaaa*2]=zzzz (ROM Patch 4) |
00000000 80aaaaaa 000000yy ssccssss repeat cc times [a0aaaaa]=yy (with yy=yy+ss, a0aaaaa=a0aaaaa+ssss after each step) |
00000000 82aaaaaa 0000yyyy ssccssss repeat cc times [a0aaaaa]=yyyy (with yyyy=yyyy+ss, a0aaaaa=a0aaaaa+ssss*2 after each step) |
00000000 84aaaaaa yyyyyyyy ssccssss repeat cc times [a0aaaaa]=yyyyyyyy (with yyyy=yyyy+ss, a0aaaaa=a0aaaaa+ssss*4 after each step) |
<cond> <value> <action> 08 Equal = 00 8bit zz 00 execute next code 10 Not equal <> 02 16bit zzzz 40 execute next two codes 18 Signed < 04 32bit zzzzzzzz 80 execute all following 20 Signed > 06 (always false) codes until ELSE or ENDIF 28 Unsigned < C0 normal ELSE turn off all codes 30 Unsigned > 38 Logical AND |
For the "Always..." codes: - XXXXXXXX can be any authorised address except 00000000 (eg. use 02000000). - ZZZZZZZZ can be anything. - The "y" in the code data must be in the [1-7] range (which means not 0). typ=y,sub=0,siz=3 Always skip next line. typ=y,sub=1,siz=3 Always skip next 2 lines. typ=y,sub=2,siz=3 Always Stops executing all the codes below. typ=y,sub=3,siz=3 Always turn off all codes. |
adr mask = 003FFFFF n/a mask = 00C00000 ;not used xtr mask = 01000000 ;used only by I/O write, and MSB of Hook siz mask = 06000000 typ mask = 38000000 ;0=normal, other=conditional sub mask = C0000000 |
S0=7AA9648Fh S1=7FAE6994h S2=C0EFAAD5h S3=42712C57h |
| GBA Gameboy Player |
Drill Dozer (supports BOTH handheld-rumble and GBP-rumble?) Mario & Luigi: Superstar Saga Pokemon Pinball: Ruby & Sapphire Shikakui Atama wo Marukusuru Advance: Kokugo Sansu Rika Shakai Shikakui Atama wo Marukusuru Advance: Kanji Keisan Summon Night Craft Sword Monogatari: Hajimari no Ishi Super Mario Advance 4: Super Mario Bros. 3 |
Remudvance (FluBBA) (homebrew) Goomba (FluBBA) (8bit Gameboy Color Emulator for 32bit GBA) (homebrew) and, supposedly in "Tetanus on Drugs" (Tepples) (homebrew) |
Receive Response 0000494E 494EB6B1 xxxx494E 494EB6B1 B6B1494E 544EB6B1 B6B1544E 544EABB1 ABB1544E 4E45ABB1 ABB14E45 4E45B1BA B1BA4E45 4F44B1BA B1BA4F44 4F44B0BB B0BB4F44 8000B0BB B0BB8002 10000010 10000010 20000013 20000013 40000004 30000003 40000004 30000003 40000004 30000003 40000004 30000003 400000yy 30000003 40000004 |
| GBA Unpredictable Things |
WORD = [$+8] |
LSW = [$+4], MSW = [$+4] |
LSW = [$+4], MSW = [$+6] ;for opcodes at 4-byte aligned locations LSW = [$+2], MSW = [$+4] ;for opcodes at non-4-byte aligned locations |
LSW = [$+4], MSW = OldHI ;for opcodes at 4-byte aligned locations LSW = OldLO, MSW = [$+4] ;for opcodes at non-4-byte aligned locations |
OldLO=[$+2], OldHI=[$+2] |
OldLO=LSW(data), OldHI=MSW(data) Theoretically, this might also change if a DMA transfer occurs. |
| NDS Reference |
| DS Technical Data |
1x ARM946E-S 32bit RISC CPU, 66MHz (NDS9 video) (not used in GBA mode) 1x ARM7TDMI 32bit RISC CPU, 33MHz (NDS7 sound) (16MHz in GBA mode) |
4096KB Main RAM (8192KB in debug version) 96KB WRAM (64K mapped to NDS7, plus 32K mappable to NDS7 or NDS9) 60KB TCM/Cache (TCM: 16K Data, 32K Code) (Cache: 4K Data, 8K Code) 656KB VRAM (allocateable as BG/OBJ/2D/3D/Palette/Texture/WRAM memory) 4KB OAM/PAL (2K OBJ Attribute Memory, 2K Standard Palette RAM) 248KB Internal 3D Memory (104K Polygon RAM, 144K Vertex RAM) ?KB Matrix Stack, 48 scanline cache 8KB Wifi RAM 256KB Firmware FLASH (512KB in iQue variant, with chinese charset) 36KB BIOS ROM (4K NDS9, 16K NDS7, 16K GBA) |
2x LCD screens (each 256x192 pixel, 3 inch, 18bit color depth, backlight) 2x 2D video engines (extended variants of the GBA's video controller) 1x 3D video engine (can be assigned to upper or lower screen) 1x video capture (for effects, or for forwarding 3D to the 2nd 2D engine) |
16 sound channels (16x PCM8/PCM16/IMA-ADPCM, 6x PSG-Wave, 2x PSG-Noise) 2 sound capture units (for echo effects, etc.) Output: Two built-in stereo speakers, and headphones socket Input: One built-in microphone, and microphone socket |
Gamepad 4 Direction Keys, 8 Buttons Touchscreen (on lower LCD screen) |
Wifi IEEE802.11b |
Built-in Real Time Clock Power Managment Device Hardware divide and square root functions CP15 System Control Coprocessor (cache, tcm, pu, bist, etc.) |
NDS Slot (for NDS games) (encrypted 8bit data bus, and serial 1bit bus) GBA Slot (for NDS expansions, or for GBA games) (but not for DMG/CGB games) |
ROM: 16MB, 32MB, or 64MB EEPROM/FLASH/FRAM: 0.5KB, 8KB, 64KB, 256KB, or 512KB |
NDS Cartridge (NDS mode) Firmware FLASH (NDS mode) (eg. by patching firmware via ds-xboo cable) Wifi (NDS mode) GBA Cartridge (GBA mode) (without DMG/CGB support) (without SIO support) |
Built-in rechargeable Lithium ion battery, 3.7V 1000mAh (DS-Lite) External Supply: 5.2V DC |
| DS I/O Maps |
4000000h 4 2D Engine A - DISPCNT - LCD Control (Read/Write) 4000004h 2 2D Engine A+B - DISPSTAT - General LCD Status (Read/Write) 4000006h 2 2D Engine A+B - VCOUNT - Vertical Counter (Read only) 4000008h 50h 2D Engine A (same registers as GBA, some changed bits) 4000060h 2 DISP3DCNT - 3D Display Control Register (R/W) 4000064h 4 DISPCAPCNT - Display Capture Control Register (R/W) 4000068h 4 DISP_MMEM_FIFO - Main Memory Display FIFO (R?/W) 400006Ch 2 2D Engine A - MASTER_BRIGHT - Master Brightness Up/Down |
40000B0h 30h DMA Channel 0..3 40000E0h 10h DMA FILL Registers for Channel 0..3 4000100h 10h Timers 0..3 4000130h 2 KEYINPUT 4000132h 2 KEYCNT |
4000180h 2 IPCSYNC - IPC Synchronize Register (R/W) 4000184h 2 IPCFIFOCNT - IPC Fifo Control Register (R/W) 4000188h 4 IPCFIFOSEND - IPC Send Fifo (W) 40001A0h 2 AUXSPICNT - Gamecard ROM and SPI Control 40001A2h 2 AUXSPIDATA - Gamecard SPI Bus Data/Strobe 40001A4h 4 Gamecard bus timing/control 40001A8h 8 Gamecard bus 8-byte command out 40001B0h 4 Gamecard Encryption Seed 0 Lower 32bit 40001B4h 4 Gamecard Encryption Seed 1 Lower 32bit 40001B8h 2 Gamecard Encryption Seed 0 Upper 7bit (bit7-15 unused) 40001BAh 2 Gamecard Encryption Seed 1 Upper 7bit (bit7-15 unused) |
4000204h 2 EXMEMCNT - External Memory Control (R/W) 4000208h 2 IME - Interrupt Master Enable (R/W) 4000210h 4 IE - Interrupt Enable (R/W) 4000214h 4 IF - Interrupt Request Flags (R/W) 4000240h 1 VRAMCNT_A - VRAM-A (128K) Bank Control (W) 4000241h 1 VRAMCNT_B - VRAM-B (128K) Bank Control (W) 4000242h 1 VRAMCNT_C - VRAM-C (128K) Bank Control (W) 4000243h 1 VRAMCNT_D - VRAM-D (128K) Bank Control (W) 4000244h 1 VRAMCNT_E - VRAM-E (64K) Bank Control (W) 4000245h 1 VRAMCNT_F - VRAM-F (16K) Bank Control (W) 4000246h 1 VRAMCNT_G - VRAM-G (16K) Bank Control (W) 4000247h 1 WRAMCNT - WRAM Bank Control (W) 4000248h 1 VRAMCNT_H - VRAM-H (32K) Bank Control (W) 4000249h 1 VRAMCNT_I - VRAM-I (16K) Bank Control (W) |
4000280h 2 DIVCNT - Division Control (R/W) 4000290h 8 DIV_NUMER - Division Numerator (R/W) 4000298h 8 DIV_DENOM - Division Denominator (R/W) 40002A0h 8 DIV_RESULT - Division Quotient (=Numer/Denom) (R) 40002A8h 8 DIVREM_RESULT - Division Remainder (=Numer MOD Denom) (R) 40002B0h 2 SQRTCNT - Square Root Control (R/W) 40002B4h 4 SQRT_RESULT - Square Root Result (R) 40002B8h 8 SQRT_PARAM - Square Root Parameter Input (R/W) 4000300h 4 POSTFLG - Undoc 4000304h 2 POWCNT1 - Graphics Power Control Register (R/W) |
4000320h..6A3h |
4001000h 4 2D Engine B - DISPCNT - LCD Control (Read/Write) 4001008h 50h 2D Engine B (same registers as GBA, some changed bits) 400106Ch 2 2D Engine B - MASTER_BRIGHT - 16bit - Brightness Up/Down |
40021Axh .. DSi Registers 4004xxxh .. DSi Registers |
4100000h 4 IPCFIFORECV - IPC Receive Fifo (R) 4100010h 4 Gamecard bus 4-byte data in, for manual or dma read (R) (or W) |
4FFF0xxh .. Ensata Emulator Debug Registers 4FFFAxxh .. No$gba Emulator Debug Registers |
27FFD9Ch .. NDS9 Debug Stacktop / Debug Vector (0=None) DTCM+3FF8h 4 NDS9 IRQ Check Bits (hardcoded RAM address) DTCM+3FFCh 4 NDS9 IRQ Handler (hardcoded RAM address) |
27FFFFEh 2 Main Memory Control |
4000004h 2 DISPSTAT 4000006h 2 VCOUNT 40000B0h 30h DMA Channels 0..3 4000100h 10h Timers 0..3 4000120h 4 Debug SIODATA32 4000128h 4 Debug SIOCNT 4000130h 2 KEYINPUT 4000132h 2 KEYCNT 4000134h 2 Debug RCNT 4000136h 2 EXTKEYIN 4000138h 1 RTC Realtime Clock Bus 4000180h 2 IPCSYNC - IPC Synchronize Register (R/W) 4000184h 2 IPCFIFOCNT - IPC Fifo Control Register (R/W) 4000188h 4 IPCFIFOSEND - IPC Send Fifo (W) 40001A0h 2 AUXSPICNT - Gamecard ROM and SPI Control 40001A2h 2 AUXSPIDATA - Gamecard SPI Bus Data/Strobe 40001A4h 4 Gamecard bus timing/control 40001A8h 8 Gamecard bus 8-byte command out 40001B0h 4 Gamecard Encryption Seed 0 Lower 32bit 40001B4h 4 Gamecard Encryption Seed 1 Lower 32bit 40001B8h 2 Gamecard Encryption Seed 0 Upper 7bit (bit7-15 unused) 40001BAh 2 Gamecard Encryption Seed 1 Upper 7bit (bit7-15 unused) 40001C0h 2 SPI bus Control (Firmware, Touchscreen, Powerman) 40001C2h 2 SPI bus Data |
4000204h 2 EXMEMSTAT - External Memory Status 4000206h 2 WIFIWAITCNT 4000208h 4 IME - Interrupt Master Enable (R/W) 4000210h 4 IE - Interrupt Enable (R/W) 4000214h 4 IF - Interrupt Request Flags (R/W) 4000218h - IE2 ;\DSi only (additional ARM7 interrupt sources) 400021Ch - IF2 ;/ 4000240h 1 VRAMSTAT - VRAM-C,D Bank Status (R) 4000241h 1 WRAMSTAT - WRAM Bank Status (R) 4000300h 1 POSTFLG 4000301h 1 HALTCNT (different bits than on GBA) (plus NOP delay) 4000304h 2 POWCNT2 Sound/Wifi Power Control Register (R/W) 4000308h 4 BIOSPROT - Bios-data-read-protection address |
4000400h 100h Sound Channel 0..15 (10h bytes each) 40004x0h 4 SOUNDxCNT - Sound Channel X Control Register (R/W) 40004x4h 4 SOUNDxSAD - Sound Channel X Data Source Register (W) 40004x8h 2 SOUNDxTMR - Sound Channel X Timer Register (W) 40004xAh 2 SOUNDxPNT - Sound Channel X Loopstart Register (W) 40004xCh 4 SOUNDxLEN - Sound Channel X Length Register (W) 4000500h 2 SOUNDCNT - Sound Control Register (R/W) 4000504h 2 SOUNDBIAS - Sound Bias Register (R/W) 4000508h 1 SNDCAP0CNT - Sound Capture 0 Control Register (R/W) 4000509h 1 SNDCAP1CNT - Sound Capture 1 Control Register (R/W) 4000510h 4 SNDCAP0DAD - Sound Capture 0 Destination Address (R/W) 4000514h 2 SNDCAP0LEN - Sound Capture 0 Length (W) 4000518h 4 SNDCAP1DAD - Sound Capture 1 Destination Address (R/W) 400051Ch 2 SNDCAP1LEN - Sound Capture 1 Length (W) |
40021Axh .. DSi Registers 4004xxxh .. DSi Registers 4004700h 2 DSi SNDEXCNT Register ;\mapped even in DS mode 4004C0xh .. DSi GPIO Registers ;/ |
4100000h 4 IPCFIFORECV - IPC Receive Fifo (R) 4100010h 4 Gamecard bus 4-byte data in, for manual or dma read (R) (or W) |
4700000h 4 Disable ARM7 bootrom overlay (W) (3DS only) |
4800000h .. Wifi WS0 Region (32K) (Wifi Ports, and 8K Wifi RAM) 4808000h .. Wifi WS1 Region (32K) (mirror of above, other waitstates) |
380FFC0h 4 DSi7 IRQ IF2 Check Bits (hardcoded RAM address) (DSi only) 380FFDCh .. NDS7 Debug Stacktop / Debug Vector (0=None) 380FFF8h 4 NDS7 IRQ IF Check Bits (hardcoded RAM address) 380FFFCh 4 NDS7 IRQ Handler (hardcoded RAM address) |
| DS Memory Maps |
00000000h Instruction TCM (32KB) (not moveable) (mirror-able to 1000000h) 0xxxx000h Data TCM (16KB) (moveable) 02000000h Main Memory (4MB) 03000000h Shared WRAM (0KB, 16KB, or 32KB can be allocated to ARM9) 04000000h ARM9-I/O Ports 05000000h Standard Palettes (2KB) (Engine A BG/OBJ, Engine B BG/OBJ) 06000000h VRAM - Engine A, BG VRAM (max 512KB) 06200000h VRAM - Engine B, BG VRAM (max 128KB) 06400000h VRAM - Engine A, OBJ VRAM (max 256KB) 06600000h VRAM - Engine B, OBJ VRAM (max 128KB) 06800000h VRAM - "LCDC"-allocated (max 656KB) 07000000h OAM (2KB) (Engine A, Engine B) 08000000h GBA Slot ROM (max 32MB) 0A000000h GBA Slot RAM (max 64KB) FFFF0000h ARM9-BIOS (32KB) (only 3K used) |
00000000h ARM7-BIOS (16KB) 02000000h Main Memory (4MB) 03000000h Shared WRAM (0KB, 16KB, or 32KB can be allocated to ARM7) 03800000h ARM7-WRAM (64KB) 04000000h ARM7-I/O Ports 04800000h Wireless Communications Wait State 0 (8KB RAM at 4804000h) 04808000h Wireless Communications Wait State 1 (I/O Ports at 4808000h) 06000000h VRAM allocated as Work RAM to ARM7 (max 256K) 08000000h GBA Slot ROM (max 32MB) 0A000000h GBA Slot RAM (max 64KB) |
3D Engine Polygon RAM (52KBx2) 3D Engine Vertex RAM (72KBx2) Firmware (256KB) (built-in serial flash memory) GBA-BIOS (16KB) (not used in NDS mode) NDS Slot ROM (serial 8bit-bus, max 4GB with default protocol) NDS Slot FLASH/EEPROM/FRAM (serial 1bit-bus) |
| DS Memory Control |
| DS Memory Control - Cache and TCM |
ITCM 32K, base=00000000h (fixed, not move-able) DTCM 16K, base=moveable (default base=27C0000h) |
Data Cache 4KB, Instruction Cache 8KB 4-way set associative method Cache line 8 words (32 bytes) Read-allocate method (ie. writes are not allocating cache lines) Round-robin and Pseudo-random replacement algorithms selectable Cache Lockdown, Instruction Prefetch, Data Preload Data write-through and write-back modes selectable |
Region Name Address Size Cache WBuf Code Data - Background 00000000h 4GB - - - - 0 I/O and VRAM 04000000h 64MB - - R/W R/W 1 Main Memory 02000000h 4MB On On R/W R/W 2 ARM7-dedicated 027C0000h 256KB - - - - 3 GBA Slot 08000000h 128MB - - - R/W 4 DTCM 027C0000h 16KB - - - R/W 5 ITCM 01000000h 32KB - - R/W R/W 6 BIOS FFFF0000h 32KB On - R R 7 Shared Work 027FF000h 4KB - - - R/W |
| DS Memory Control - Cartridges and Main RAM |
0-1 32-pin GBA Slot SRAM Access Time (0-3 = 10, 8, 6, 18 cycles) 2-3 32-pin GBA Slot ROM 1st Access Time (0-3 = 10, 8, 6, 18 cycles) 4 32-pin GBA Slot ROM 2nd Access Time (0-1 = 6, 4 cycles) 5-6 32-pin GBA Slot PHI-pin out (0-3 = Low, 4.19MHz, 8.38MHz, 16.76MHz) 7 32-pin GBA Slot Access Rights (0=ARM9, 1=ARM7) 8-10 Not used (always zero) 11 17-pin NDS Slot Access Rights (0=ARM9, 1=ARM7) 12 Not used (always zero) 13 NDS:Always set? ;set/tested by DSi bootcode: Main RAM enable, CE2 pin? 14 Main Memory Interface Mode Switch (0=Async/GBA/Reserved, 1=Synchronous) 15 Main Memory Access Priority (0=ARM9 Priority, 1=ARM7 Priority) |
6 clks --> returns "Addr/2" 8 clks --> returns "Addr/2" 10 clks --> returns "Addr/2 OR FE08h" (or similar garbage) 18 clks --> returns "FFFFh" (High-Z) |
| DS Memory Control - WRAM |
0-1 ARM9/ARM7 (0-3 = 32K/0K, 2nd 16K/1st 16K, 1st 16K/2nd 16K, 0K/32K) 2-7 Not used |
| DS Memory Control - VRAM |
0 VRAM C enabled and allocated to NDS7 (0=No, 1=Yes) 1 VRAM D enabled and allocated to NDS7 (0=No, 1=Yes) 2-7 Not used (always zero) |
0-2 VRAM MST ;Bit2 not used by VRAM-A,B,H,I 3-4 VRAM Offset (0-3) ;Offset not used by VRAM-E,H,I 5-6 Not used 7 VRAM Enable (0=Disable, 1=Enable) |
VRAM SIZE MST OFS ARM9, Plain ARM9-CPU Access (so-called LCDC mode) A 128K 0 - 6800000h-681FFFFh B 128K 0 - 6820000h-683FFFFh C 128K 0 - 6840000h-685FFFFh D 128K 0 - 6860000h-687FFFFh E 64K 0 - 6880000h-688FFFFh F 16K 0 - 6890000h-6893FFFh G 16K 0 - 6894000h-6897FFFh H 32K 0 - 6898000h-689FFFFh I 16K 0 - 68A0000h-68A3FFFh VRAM SIZE MST OFS ARM9, 2D Graphics Engine A, BG-VRAM (max 512K) A,B,C,D 128K 1 0..3 6000000h+(20000h*OFS) E 64K 1 - 6000000h F,G 16K 1 0..3 6000000h+(4000h*OFS.0)+(10000h*OFS.1) VRAM SIZE MST OFS ARM9, 2D Graphics Engine A, OBJ-VRAM (max 256K) A,B 128K 2 0..1 6400000h+(20000h*OFS.0) ;(OFS.1 must be zero) E 64K 2 - 6400000h F,G 16K 2 0..3 6400000h+(4000h*OFS.0)+(10000h*OFS.1) VRAM SIZE MST OFS 2D Graphics Engine A, BG Extended Palette E 64K 4 - Slot 0-3 ;only lower 32K used F,G 16K 4 0..1 Slot 0-1 (OFS=0), Slot 2-3 (OFS=1) VRAM SIZE MST OFS 2D Graphics Engine A, OBJ Extended Palette F,G 16K 5 - Slot 0 ;16K each (only lower 8K used) VRAM SIZE MST OFS Texture/Rear-plane Image A,B,C,D 128K 3 0..3 Slot OFS(0-3) ;(Slot2-3: Texture, or Rear-plane) VRAM SIZE MST OFS Texture Palette E 64K 3 - Slots 0-3 ;OFS=don't care F,G 16K 3 0..3 Slot (OFS.0*1)+(OFS.1*4) ;ie. Slot 0, 1, 4, or 5 VRAM SIZE MST OFS ARM9, 2D Graphics Engine B, BG-VRAM (max 128K) C 128K 4 - 6200000h H 32K 1 - 6200000h I 16K 1 - 6208000h VRAM SIZE MST OFS ARM9, 2D Graphics Engine B, OBJ-VRAM (max 128K) D 128K 4 - 6600000h I 16K 2 - 6600000h VRAM SIZE MST OFS 2D Graphics Engine B, BG Extended Palette H 32K 2 - Slot 0-3 VRAM SIZE MST OFS 2D Graphics Engine B, OBJ Extended Palette I 16K 3 - Slot 0 ;(only lower 8K used) VRAM SIZE MST OFS <ARM7>, Plain <ARM7>-CPU Access C,D 128K 2 0..1 6000000h+(20000h*OFS.0) ;OFS.1 must be zero |
5000000h Engine A Standard BG Palette (512 bytes) 5000200h Engine A Standard OBJ Palette (512 bytes) 5000400h Engine B Standard BG Palette (512 bytes) 5000600h Engine B Standard OBJ Palette (512 bytes) 7000000h Engine A OAM (1024 bytes) 7000400h Engine B OAM (1024 bytes) |
| DS Memory Control - BIOS |
Opcodes at... Can read from Expl. 0..[BIOSPROT]-1 0..3FFFh Double-protected (when BIOSPROT is set) [BIOSPROT]..3FFFh [BIOSPROT]..3FFFh Normal-protected (always active) |
05ECh ldrb r3,[r3,12h] ;requires incoming r3=src-12h 05EEh pop r2,r4,r6,r7,r15 ;requires dummy values & THUMB retadr on stack |
| DS Memory Timings |
Bus clock = 33MHz (33.513982 MHz) (1FF61FEh Hertz) NDS7 clock = 33MHz (same as bus clock) NDS9 clock = 66MHz (internally twice bus clock; for cache/tcm) |
NDS7/CODE NDS9/CODE N32 S32 N16 S16 Bus N32 S32 N16 S16 Bus 9 2 8 1 16 9 9 4.5 4.5 16 Main RAM (read) (cache off) 1 1 1 1 32 4 4 2 2 32 WRAM,BIOS,I/O,OAM 2 2 1 1 16 5 5 2.5 2.5 16 VRAM,Palette RAM 16 12 10 6 16 19 19 9.5 9.5 16 GBA ROM (example 10,6 access) - - - - - 0.5 0.5 0.5 0.5 32 TCM, Cache_Hit - - - - - (--Load 8 words--) Cache_Miss |
NDS7/DATA NDS9/DATA N32 S32 N16 S16 Bus N32 S32 N16 S16 Bus 10 2 9 1 16 10 2 9 1 16 Main RAM (read) (cache off) 1 1 1 1 32 4 1 4 1 32 WRAM,BIOS,I/O,OAM 1? 2 1 1 16 5 2 4 1 16 VRAM,Palette RAM 15 12 9 6 16 19 12 13 6 16 GBA ROM (example 10,6 access) 9 10 9 10 8 13 10 13 10 8 GBA RAM (example 10 access) - - - - - 0.5 0.5 0.5 - 32 TCM, Cache_Hit - - - - - (--Load 8 words--) Cache_Miss - - - - - 11 11 11 - 32 Cache_Miss (BIOS) - - - - - 23 23 23 - 16 Cache_Miss (Main RAM) |
S16 and N16 do not exist (because thumb-double-fetching) (see there). S32 becomes N32 (ie. the ARM9 does NOT support fast sequential timing). |
Eg. an ARM9 N32 or S32 to 16bit bus will take: N16 + S16 + 3 waits. Eg. an ARM9 N32 or S32 to 32bit bus will take: N32 + 3 waits. |
Eg. LDRH on 16bit-data-bus is N16+3waits. Eg. LDR on 16bit-data-bus is N16+S16+3waits. Eg. LDM on 16bit-data-bus is N16+(n*2-1)*S16+3waits. |
That is NOT true for LDM (works only for LDR/LDRB/LDRH). That is NOT true for DATA in SAME memory region than CODE. That is NOT true for DATA in ITCM (no matter if CODE is in ITCM). |
| DS Video |
| DS Video Stuff |
0-4 Factor used for 6bit R,G,B Intensities (0-16, values >16 same as 16)
Brightness up: New = Old + (63-Old) * Factor/16
Brightness down: New = Old - Old * Factor/16
5-13 Not used
14-15 Mode (0=Disable, 1=Up, 2=Down, 3=Reserved)
16-31 Not used
|
write new LY values only in range of 202..212 write only while old LY values are in range of 202..212 |
Region______Engine A______________Engine B___________ I/O Ports 4000000h 4001000h Palette 5000000h (1K) 5000400h (1K) BG VRAM 6000000h (max 512K) 6200000h (max 128K) OBJ VRAM 6400000h (max 256K) 6600000h (max 128K) OAM 7000000h (1K) 7000400h (1K) |
Bit0-3 "COMMAND" (?) Bit4-7 "COMMAND2" (?) Bit8-11 "COMMAND3" (?) |
| DS Video BG Modes / Control |
Bit Engine Expl. 0-2 A+B BG Mode 3 A BG0 2D/3D Selection (instead CGB Mode) (0=2D, 1=3D) 4 A+B Tile OBJ Mapping (0=2D; max 32KB, 1=1D; max 32KB..256KB) 5 A+B Bitmap OBJ 2D-Dimension (0=128x512 dots, 1=256x256 dots) 6 A+B Bitmap OBJ Mapping (0=2D; max 128KB, 1=1D; max 128KB..256KB) 7-15 A+B Same as GBA 16-17 A+B Display Mode (Engine A: 0..3, Engine B: 0..1, GBA: Green Swap) 18-19 A VRAM block (0..3=VRAM A..D) (For Capture & above Display Mode=2) 20-21 A+B Tile OBJ 1D-Boundary (see Bit4) 22 A Bitmap OBJ 1D-Boundary (see Bit5-6) 23 A+B OBJ Processing during H-Blank (was located in Bit5 on GBA) 24-26 A Character Base (in 64K steps) (merged with 16K step in BGxCNT) 27-29 A Screen Base (in 64K steps) (merged with 2K step in BGxCNT) 30 A+B BG Extended Palettes (0=Disable, 1=Enable) 31 A+B OBJ Extended Palettes (0=Disable, 1=Enable) |
Mode BG0 BG1 BG2 BG3 0 Text/3D Text Text Text 1 Text/3D Text Text Affine 2 Text/3D Text Affine Affine 3 Text/3D Text Text Extended 4 Text/3D Text Affine Extended 5 Text/3D Text Extended Extended 6 3D - Large - |
BGxCNT.Bit7 BGxCNT.Bit2 Extended Affine Mode Selection 0 CharBaseLsb rot/scal with 16bit bgmap entries (Text+Affine mixup) 1 0 rot/scal 256 color bitmap 1 1 rot/scal direct color bitmap |
0 Display off (screen becomes white) 1 Graphics Display (normal BG and OBJ layers) 2 Engine A only: VRAM Display (Bitmap from block selected in DISPCNT.18-19) 3 Engine A only: Main Memory Display (Bitmap DMA transfer from Main RAM) |
engine A screen base: BGxCNT.bits*2K + DISPCNT.bits*64K engine B screen base: BGxCNT.bits*2K + 0 engine A char base: BGxCNT.bits*16K + DISPCNT.bits*64K engine B char base: BGxCNT.bits*16K + 0 |
bgcnt size text rotscal bitmap large bmp 0 256x256 128x128 128x128 512x1024 1 512x256 256x256 256x256 1024x512 2 256x512 512x512 512x256 - 3 512x512 1024x1024 512x512 - |
for BG0CNT, BG1CNT only: bit13 selects extended palette slot
(BG0: 0=Slot0, 1=Slot2, BG1: 0=Slot1, 1=Slot3)
|
| DS Video OBJs |
Bit4 Bit20-21 Dimension Boundary Total ;Notes 0 x 2D 32 32K ;Same as GBA 2D Mapping 1 0 1D 32 32K ;Same as GBA 1D Mapping 1 1 1D 64 64K 1 2 1D 128 128K 1 3 1D 256 256K ;Engine B: 128K max |
Bit6 Bit5 Bit22 Dimension Boundary Total ;Notes 0 0 x 2D/128 dots 8x8 dots 128K ;Source Bitmap width 128 dots 0 1 x 2D/256 dots 8x8 dots 128K ;Source Bitmap width 256 dots 1 0 0 1D 128 bytes 128K ;Source Width = Target Width 1 0 1 1D 256 bytes 256K ;Engine A only 1 1 x Reserved |
1D_BitmapVramAddress = TileNumber(0..3FFh) * BoundaryValue(128..256) 2D_BitmapVramAddress = (TileNo AND MaskX)*10h + (TileNo AND NOT MaskX)*80h |
| DS Video Extended Palettes |
standard palette --> 16-color tiles (with 16bit bgmap entries) (text)
256-color tiles (with 8bit bgmap entries) (rot/scal)
256-color bitmaps
backdrop-color (color 0)
extended palette --> 256-color tiles (with 16bit bgmap entries)(text,rot/scal)
|
16 colors x 16 palettes --> standard palette memory (=256 colors) 256 colors x 16 palettes --> extended palette memory (=4096 colors) |
| DS Video Capture and Main Memory Display Mode |
0-4 EVA (0..16 = Blending Factor for Source A) 5-7 Not used 8-12 EVB (0..16 = Blending Factor for Source B) 13-15 Not used 16-17 VRAM Write Block (0..3 = VRAM A..D) (VRAM must be allocated to LCDC) 18-19 VRAM Write Offset (0=00000h, 0=08000h, 0=10000h, 0=18000h) 20-21 Capture Size (0=128x128, 1=256x64, 2=256x128, 3=256x192 dots) 22-23 Not used 24 Source A (0=Graphics Screen BG+3D+OBJ, 1=3D Screen) 25 Source B (0=VRAM, 1=Main Memory Display FIFO) 26-27 VRAM Read Offset (0=00000h, 0=08000h, 0=10000h, 0=18000h) 28 Not used 29-30 Capture Source (0=Source A, 1=Source B, 2/3=Sources A+B blended) 31 Capture Enable (0=Disable/Ready, 1=Enable/Busy) |
Dest_Intensity = ( (SrcA_Intensitity * SrcA_Alpha * EVA)
+ (SrcB_Intensitity * SrcB_Alpha * EVB) ) / 16
Dest_Alpha = (SrcA_Alpha AND (EVA>0)) OR (SrcB_Alpha AND EVB>0))
|
- to Screen A (set DISPCNT to Main Memory Display mode), or - to Display Capture unit (set DISPCAPCNT to Main Memory Source). |
| DS Video Display System Block Diagram |
_____________ __________
VRAM A -->| 2D Graphics |--------OBJ->| |
VRAM B -->| Engine A |--------BG3->| Layering |
VRAM C -->| |--------BG2->| and |
VRAM D -->| |--------BG1->| Special |
VRAM E -->| | ___ | Effects |
VRAM F -->| |->|SEL| | | ______
VRAM G -->| - - - - - - | |BG0|-BG0->| |----o--->| |
| 3D Graphics |->|___| |__________| | |Select|
| Engine | | |Video |
|_____________|--------3D----------------. | |Input |
_______ _______ ___ | | | |
| | | |<-----------|SEL|<-' | |and |-->
| | | | _____ |A | | | |
VRAM A <--|Select | |Select | | |<-|___|<----' |Master|
VRAM B <--|Capture|<---|Capture|<--|Blend| ___ |Bright|
VRAM C <--|Dest. | |Source | |_____|<-|SEL|<----. |A |
VRAM D <--| | | | |B | | | |
|_______| |_______|<-----------|___|<-. | | |
_______ | | | |
VRAM A -->|Select | | | | |
VRAM B -->|Display|--------------------------------o------>| |
VRAM C -->|VRAM | | | |
VRAM D -->|_______| _____________ | | |
|Main Memory | | | |
Main ------DMA---->|Display FIFO |------------------o--->|______|
Memory |_____________|
_____________ __________ ______
VRAM C -->| 2D Graphics |--------OBJ->| Layering | | |
VRAM D -->| Engine B |--------BG3->| and | |Master|
VRAM H -->| |--------BG2->| Special |-------->|Bright|-->
VRAM I -->| |--------BG1->| Effects | |B |
|_____________|--------BG0->|__________| |______|
|
| DS Files - 2D Video |
____________________________ Nitro Color Palette _____________________________ |
000h 4 Chunk ID "RLCN" (aka NCLR backwards, Nitro Color Resource) 004h 2 Byte Order (FEFFh) 006h 2 Version (0100h) 008h 4 Total Filesize 00Ch 2 Offset to "TTLP" Chunk, aka Size of "RLCN" Chunk (0010h) 00Eh 2 Total number of following Chunks (1=TTLP) (or 2=TTLP+PMCP ?) |
000h 4 Chunk ID "TTLP" (aka PLTT backwards, Palette data) 004h 4 Chunk Size (eg. 0218h) 008h 4 Reportedly Color Depth (ie. "tile usage info") (3=4bpp, 4=8bpp) 00Ch 4 Zero 010h 4 Palette Data Size in bytes (eg. 200h) (or 200h-N? no, blah!) 014h 4 Offset from TTLP+8 to Palette Data? (always 10h) 018h N*2 Palete Data (16bit colors, 0000h..7FFFh) |
000h 4 Chunk ID "PMCP" (aka PCMP backwards, Palette CMP?) 004h 4 Chunk Size (reportedly always 12h ???) 008h 2 Number of palettes in file (uh?) 00Ah 2 Unused (BEEFh=Bullshit) 00Ch 4 Offset from PMCP+8 to Palette IDs? (always 08h) DATA N*2 "Palette ID numbers for each palette (starting from 0)" |
___________________________ Nitro Character Tiles ____________________________ |
eg. DSi Launcher "rom:\debug\DebugFont.NCGR" -- with SOPC chunk eg. DSi Launcher "rom:\layout\cmn\launcher_d.szs\.." -- without SOPC chunk |
000h 4 Chunk ID "RGCN" (aka NCGR backwards, Nitro Char Graphics Resource) 004h 2 Byte Order (FEFFh) 006h 2 Version (0101h) (unknown if 0100h does also exist?) 008h 4 Total Filesize 00Ch 2 Offset to "RAHC" Chunk, aka Size of "RGCN" Chunk (0010h) 00Eh 2 Total number of following Chunks (1=RAHC, or 2=RAHC+SOPC) |
000h 4 Chunk ID "RAHC" (aka CHAR backwards) 004h 4 Chunk Size (eg. 1420h) 008h 2 Tile Data Size in Kilobytes ;\or both set to FFFFh 00Ah 2 Unknown (always 20h) ;/(when size<>N*1024) 00Ch 4 Color Depth (3=4bpp, 4=8bpp) 010h 2 Zero ;or 10h (when SOPC not exists? kbyte size rounded up?) 012h 2 Zero ;or 20h (when SOPC not exists?) 014h 4 Zero 018h 4 Tile Data Size in Bytes (eg. 1400h) 01Ch 4 Offset from RAHC+8 to Tile Data? ;=always 18h 020h ... Tile Data (eg. 20h-byte zerofilled for 4bpp SPC char?) |
000h 4 Chunk ID "SOPC" (aka CPOS backwards) 004h 4 Chunk Size (10h) 008h 4 Zero 00Ch 2 Same as [00Ah] in RAHC chunk? (always 20h) 00Eh 2 Same as [008h] in RAHC chunk? (size in kilobytes) |
__________________________ Unknown Character Tiles ___________________________ |
NCGR (Nitro Character Graphic Resource) - Graphical Tiles --> see above NBGR (Nitro Basic Graphic Resource) - Graphical Tiles --> what ??? |
___________________________ Nitro BG Maps Screens ____________________________ |
000h 4 Chunk ID "RCSN" (aka NSCR backwards, Nitro Screen Resource) 004h 2 Byte Order (FEFFh) 006h 2 Version (0100h) 008h 4 Total Filesize 00Ch 2 Offset to "NRCS" Chunk, aka Size of "RCSN" Chunk (0010h) 00Eh 2 Total number of following Chunks (1=NRCS) |
000h 4 Chunk ID "NRCS" (aka SCRN backwards, Screen) 004h 4 Chunk Size 008h 4 Screen Width in pixels 00Ah 2 Screen Height in pixels 00Ch 4 Zero 010h 4 Screen Data Size (width/8)*(height/8)*2 014h N*2 Screen Data (16bit BG Map entries, palette+xyflip+tileno) |
____________________________ Nitro OBJ Animations ____________________________ |
000h 4 Chunk ID "RNAN" (aka NANR backwards, Nitro Animation Resource) 004h 2 Byte Order (FEFFh) 006h 2 Version (0100h) 008h 4 Total Filesize 00Ch 2 Offset to "KNBA" Chunk, aka Size of "RNAN" Chunk (0010h) 00Eh 2 Total number of following Chunks (1=KNBA, or 3=KNBA+LBAL+TXEU) |
000h 4 Chunk ID "KNBA" (aka ABNK backwards, Animation Bank) 004h 4 Chunk Size (always padded to 4-byte boundary if LABL chunk follows) 008h 2 Number of 16-byte Animation Blocks ;implies NumLabels in LABL chunk 00Ah 2 Number of 8-byte Frame Blocks 00Ch 4 Offset from KNBA+8 to Animation Blocks ;=18h 010h 4 Offset from KNBA+8 to Frame Blocks ;=[0Ch]+[08h]*10h 014h 4 Offset from KNBA+8 to Frame Data ;=[10h]+[0Ah]*8 018h 8 Zero DATA .. Animation Blocks (16-byte entries) 00h 4 Number of Frames 04h 2 Unknown (0) 06h 2 Unknown Always (1) ;reportedly "always unknown" 08h 4 Unknown (1..2) 0Ch 4 Offset from FrameBlock+0 to First Frame DATA .. Frame Blocks (8-byte entries) 00h 4 Offset from FrameData+0 to whatever? (always 4-byte aligned?) 04h 2 Frame Width ;3Ch or 01..06h ;Time in 60Hz units? num meta's? 06h 2 Unused (usually 0000h, or BEEFh=Bullshit) DATA .. Frame Data (2-byte entries) 00h 2 Unknown 16bit values? (maybe CELL index or whatever??) (CCCCh=?) |
000h 4 Chunk ID "LBAL" (aka LABL backwards, Labels) 004h 4 Chunk Size (not padded to 4-byte size, following TXEU is unaligned) 008h 4*N Offsets from LabelArea+0 to Labels (for each Animation Block) ... .. Label Area (ASCII Strings, terminated by 00h) |
000h 4 Chunk ID "TXEU" (aka UEXT backwards, Whatever Extension or so?) 004h 4 Chunk Size (0Ch) 008h 4 Unknown (usually 0) (reportedly 0 or 1) |
__________________________ Nitro OBJ Metatile Cells __________________________ |
000h 4 Chunk ID "RECN" (aka NCER backwards, Nitro Cell Resource) 004h 2 Byte Order (FEFFh) 006h 2 Version (0100h) 008h 4 Total Filesize 00Ch 2 Offset to "KBEC" Chunk, aka Size of "RECN" Chunk (0010h) 00Eh 2 Total number of following Chunks (1=KBEC, or 3=KBEC+LBAL+TXEU) |
000h 4 Chunk ID "KBEC" (aka CEBK backwards, Cell Bank)
004h 4 Chunk Size (always padded to 4-byte boundary if LABL chunk follows)
008h 2 Number of Metatiles
00Ah 2 Metatiles Entry Size (0=Normal 8 bytes, 1=Extended 16 bytes)
(DSi Launcher ..layout\cmn\launcher_u\.. uses 16-byte size)
00Ch 4 Offset from KBEC+8 to Metatile Table? (18h)
010h 4 Boundary Size (?) (but is ZERO in layout\cmn\launcher_u\)
"Specifies the area in which the image can be drawn,
multiplied by 64, ie. 2 means that the area is 128x128 pixels."
014h 0Ch Zero
020h .. Metatile Table (8 bytes each) (or 16 bytes)
... .. OBJ Attribute Table (6-bytes each)
|
000h 2 Number of OBJs 002h 2 Unknown 004h 4 OBJ Data Offset (from begin of OBJ Attr Table) (008h 2) Unknown (can be 02h,10h,48h,74h) (00Ah 2) Unknown (can be 08h) (00Ch 2) Unknown (can be FFA0h..FFF0h) ;\maybe extra coordinate offsets? (00Eh 2) Unknown (can be FFF0h..FFF9h) ;/ |
starts at Number of Cells * 8 | each cell is made up of 6 bytes) |
____________________________ Nitro Unknown Files ____________________________ |
.NMAR file (with "RAMN" header ID, and "KNBA"+"LBAL" chunks) .NMCR file (with "RCMN" header ID, and "KBCM" chunk) |
OBJ with 16bit x/y (instead 9bit/8bit)? OBJ with fractional x/y-stepping (moving/motion)? OBJ rotation/scaling? BG scroll offsets? BG tile replacement? |
000h 2 Unknown (000xh..007Ah, maybe time or so?) 002h 2 Unknown (signed 16bit?) 004h 2 Unknown (signed 16bit?) 006h 2 Unknown (0x21h, with x=0..8) |
_________________________ Nitro More Unknown Files __________________________ |
000h 4 ID "JNBL" 004h 2 Zero 006h 2 Number of 6-byte entries (01h or more) 008h N*6 Unknown |
000h 4 ID "JNCL" 004h 2 Zero (0000h) 006h 2 Number of 8-byte entries (01h or more) 008h N*8 Unknown (eg. 80h,10h,C0h,20h,00h,00h,00h,00h) |
000h 4 ID "JNLL" 004h 2 Zero (0000h) 006h 2 Number of 16-byte entries (01h or more) 008h N*16 Unknown (eg. 80h,50h,60h,10h,7Ch,29h,FFh,FDh,0Dh,19h,0,0,0,0,0,0) |
000h 4 ID "BNGL" ;this same as file extension (not JNGL) 004h 2 Zero (0000h) 006h 2 Number of ?-byte entries (01h or more) 008h 2 Unknown (can be 02h,04h,06h,0Ah) 00Ah 2 Number of ?-byte other entries maybe (01h or more) ... ... Entries? ... Other Entries? ... Maybe More Other Entries? |
______________________________ .ntft and .ntfp _______________________________ |
______________________________ .wmif and .wmpf _______________________________ |
000h 1Bh ID "Wild Magic Image File 3.00",00h 01Bh 4 Palette Filename Length (eg. 0Dh) 01Fh LEN Palette Filename (eg. "BG_Board.wmpf") ... 4 Texture Format (6=4bpp, 7=8bpp) ... 4 Texture Width in pixels ... 4 Texture Height in pixels ... .. Texture data |
000h 1Dh ID "Wild Magic Palette File 1.00",00h 01Dh 4 Zero? 021h 4 Number of Colors 025h .. Colors, 16bit (0000h..7FFFh) |
| DS Files - 3D Video (mostly unknown) |
.NSBMD (ID="BMD0") - Nitro Polygon Model .NSBTX (ID="BTX0") - Nitro Texture and Palette .NSBCA (ID="BCA0") - Nitro Skeletal Character Animation .NSBTP (ID="BTP0") - Nitro Texture Pattern-swap Animation .NSBTA (ID="BTA0") - Nitro Texture UV-change Animation (aka texcoords?) .NSBMA (ID="BMA0") - Nitro Material-swap Animation (whut?) .NSBVA (ID="BVA0") - Nitro Vis... Animation? |
000h 1 Dummy 0 001h 1 Amount of "objects" 002h 2 Size of this Header (that is... what? header up to names?) ... .. Probably followed by the three sections mentioned below...? |
Sub-Header 000h 2 Size of this Sub-Header, always = 8 002h 2 Size of this Unknown Section (that is... N*?+8 ...?) 004h 4 Constant = 0000017Fh Unknown Data (repeats * Amount of "objects") 008h 4 Unknown ;1st object 00Ch 4 ... ;2nd object? or 2nd word of 1st object? etc ;etc? |
The Data content depends on what the Dict is used for. It can contain 4 or 8 bytes of data stored directly, or it can contain a 2 or 4 byte offset to larger data). 000h 2 Size of each Data entry (siz) (usually 4 or 8) 002h 2 Size of this Data Info Section (that is... N*siz+8 ...?) 004h N*siz Data (siz bytes, for each "object") |
000h N*16 Name String (in ASCII maybe?) (for each "object") |
| DS Files - 3D Video BMD0 (Model Data) |
000h 4 ID "BMD0" (Basic Model Data) 004h 2 Byte Order (FEFFh) 006h 2 Version? (reportedly 1 or 2, in whatever audio/video files?) 008h 4 Total Filesize 00Ch 2 Size of this structure (always 16 ???) 00Eh 2 Number of chunks (1=MDL0 or 2=MDL0+TEX0) 010h 4 Offset to MDL0 Chunk 014h 4 Offset to TEX0 Chunk (if any?) (otherwise TEX0 is in NSBTX file) |
000h 4 Chunk ID "MDL0" (Model Block) 004h 4 Chunk Size 008h .. Model Dict (with 32bit offsets to Models from "Block_MDL0") ... .. Models |
000h 4 Size of Model (including these 4 bytes)
004h 4 Offset of Additional Model Data ;whut?
008h 4 Offset of Texture & Palette Offset ;?
00Ch 4 Offset of Display List Start ;?
010h 4 Offset of Display List End ;?
014h 1 Unknown
015h 1 Unknown
016h 1 Unknown
017h 1 Amount of Objects ;\
018h 1 Amount of Materials ; what for?
019h 1 Amount of Polygons ; is that just some usage comment,
020h 4 Unknown ; for statistical purposes?
024h 2 Amount of Vertices ;
026h 2 Amount of Surfaces ;
028h 2 Amount of Triangles ;
02Ah 2 Amount of Quads ;/
02Ch 2 Bounding box X (signed fixed point 1.3.12)
02Eh 2 Bounding box Y (signed fixed point 1.3.12)
030h 2 Bounding box Z (signed fixed point 1.3.12)
032h 2 Bounding box Width (signed fixed point 1.3.12)
034h 2 Bounding box Height (signed fixed point 1.3.12)
036h 2 Bounding box Depth (signed fixed point 1.3.12)
038h 4 Runtime use data
03Ch 4 Runtime use data
040h .. Polygonal Object Dict (with 32bit offsets to Objects from
"this Object Header")
... .. Object Definitions
|
In each definition: 000h 1 Transform Flag byte 001h 1 Unknown 002h 1 Unknown 003h 1 Unknown ... 4 Translation X (s32 signed fixed point 1.3.12) ;\ ... 4 Translation Y (s32 signed fixed point 1.3.12) ; when Flags.0=0 ... 4 Translation Z (s32 signed fixed point 1.3.12) ;/ ... 4 Scale X (s32 signed fixed point 1.3.12) ;\ ... 4 Scale Y (s32 signed fixed point 1.3.12) ; when Flags.2=0 ... 4 Scale Z (s32 signed fixed point 1.3.12) ;/ ... 4 Rotation A (s32 whatever, fixed point?) ;\ ... 4 Rotation B (s32 whatever, fixed point?) ; when Flags.1=0 ... 4 Rotation C (s32 whatever, fixed point?) ; and Flags.3=0 ... 4 Rotation D (s32 whatever, fixed point?) ;/ ... 2 Pivot Rotation A (signed fixed point 1.3.12) ;\when Flags.1=0 ... 2 Pivot Rotation B (signed fixed point 1.3.12) ;/and Flags.3=1 |
0 Translation (0=Yes, 1=No) 1 Rotation (0=Yes, 1=No) 2 Scaling (0=Yes, 1=No) 3 Rotation Type (0=Rotate A,B,C,D, 1=Pivot A,B) 4-7 Pivot Matrix (0..8, see below) (used when bit1=0 and bit3=1) |
0: | 1 0 0| 1: | 0 1 0| 2: | 0 0 1|
| 0 A B| | A 0 B| | A B 0|
| 0 B -A| | B 0 -A| | B -A 0|
|
3: | 0 A B| 4: | A 0 B| 5: | A B 0|
| 1 0 0| | 0 1 0| | 0 0 1|
| 0 B -A| | B 0 -A| | B -A 0|
|
6: | 0 A B| 7: | A 0 B| 8: | A B 0|
| 0 B -A| | B 0 -A| | B -A 0|
| 1 0 0| | 0 1 0| | 0 0 1|
|
000h .. Definitions |
Cmd Params Description 06h 3 params: Object ID, Parent ID, dummy 0 26h 4 params: Object ID, Parent ID, dummy 0, Stack ID 46h 4 params: Object ID, Parent ID, dummy 0, Stack ID 66h 5 params: Object ID, Parent ID, dummy 0, Stack ID, Restore ID |
00h 0 NOP (empty command) 01h 0 End of Bone/Skeleton Section 02h 2 params: Node ID, Visibility 03h 1 Set Polygon Stack ID? 04h 3 params: Material ID, 05h, Polygon ID 05h 1 ?? 06h 3 params: Object ID, Parent ID, Dummy 0 07h 1 ?? 08h 1 ?? 09h 8 ?? |
0Bh 0 BEGIN (indicate begin of Polygon/Material pairing) 2Bh 0 END (indicate end of Polygon/Material pairing) |
These are Material/Polygon pairing commands, 4 bytes. The lower nibble of 2nd Parameter must be 5. 04h 3 Material ID, 05, Polygon ID 24h 3 ... 44h 3 ... |
000h 2 Offset of Texture Section (relative to Texture & Palette Offset)
002h 2 Offset of Palette Section (relative to Texture & Palette Offset)
|
Dict struct Header;// Material Header: one Header object for each material
{// The 'Data' for this Header is like so:
000h 4 Offset of Material Definition, relative to the start of
this Material Section
}
|
Texture Section
Dict struct Header;// Texture Header: one Header object for each texture
{// The u32 'Data' for this Header is like so:
000h 2 Offset of Matching Data (relative to Texture & Palette
Offset)
002h 2 Amount of associated Materials (a texture can be in more
than one material)
}
|
Palette Section
Dict struct Header;// Palette Header: one Header object for each palette
{// The u32 'Data' for this Header is like so:
000h 2 Offset of Matching Data (relative to Texture & Palette
Offset)
002h 2 Amount of associated Materials (a palette can be in more
than one material)
}
|
Material Definition (repeats * Amount of Materials)
;// Usually 48 bytes for each material
|
Dict struct Header;// Polygon Header: one Header object for each material
{// The 'Data' for this Header is like so:
000h 4 Offset of Polygon Definition, relative to the start of this
Polygon Section
}
|
Polygon Definition (repeats * Amount of Polygons) (10h-bytes each)
000h 4 Unknown
004h 4 Unknown
008h 4 Offset of Display List, relative to Polygon Definition
00Ch 4 Size of Display List
|
Display List
// The Display List is actually packed geometry command.
// See the DStek specification for more information:
// http://www.akkit.org/info/gbatek.htm#ds3dvideo ;uh?
|
| DS Files - 3D Video BTX0 (Texture) |
000h 4 ID "BTX0" (Basic Texture) 004h 2 Byte Order (FEFFh) 006h 2 Version? (reportedly 1 or 2, in whatever audio/video files?) 008h 4 Total Filesize 00Ch 2 Size of this structure (always 16 ???) 00Eh 2 Number of chunks (1=TEX0) 010h 4 Offset to TEX0 Chunk |
000h 4 Chunk ID "TEX0" (Texture Block) 004h 4 Chunk Size 008h 4 Padding (0) 00Ch 2 Texture Data Size (bitshift << 3) ;\ 00Eh 2 Texture Dict Offset (03Ch) ; Texture 010h 4 Padding (0) ; 014h 4 Texture Data Offset ;/ 018h 4 Padding (0) 01Ch 2 Compressed Texture Data Size (bitshift << 3) ;\<-- Size 01Eh 2 Compressed Texture Dict? Offset (03Ch, again?); <-- Dict? 020h 4 Padding (0) ; 024h 4 Compressed Texture Data Offset ; <-- Data 028h 4 Compressed Texture Info Data Offset ;/<-- InfoData? 02Ch 4 Padding (0) 030h 4 Palette Data Size (bitshift << 3) ;\ 034h 4 Palette Dict Offset ; Palette 038h 4 Palette Data Offset ;/ 03Ch .. Texture Dict (with 8-byte entries, see below) N/A? ? Compressed Texture Dict? (maybe here? with whatever entries?) ... .. Palette Dict (with 4-byte entries, see below) ... .. Texture Data Section (unknown... maybe bitmap/pixels?) ... .. Compressed Texture Data Section (unknown...) ... .. Compressed Texture Info Data Section (unknown...) ... .. Palette Data Section (unknown... maybe palette/colors?) |
000h 2 Texture Offset (bitshift << 3), relative to the start
of Texture Data
002h 2 Parameters ;<-- probably "upper 16bit of TEXIMAGE_PARAM" ?
The format is, using knock-out description:
bit: 15..............0
0 b --CFFFHHHWWW----- <-- uh, is that "0 b" and 17bits???
where:
C = Palette ID
F = Format (0-7)
H = Height (8 << Height)
W = Width (8 << Width)
To Calculate the Data Size of a Texture:
Bit Depth = Format: <0, 8, 2, 4, 8, 2, 8, 16>
Width * Height * BitDepth / 8
004h 1 Width (should match W << 3)
005h 1 Unknown (is 00h or 80h)
006h 1 Height? (can be 0, 1, 2, 4, 8)
007h 1 Unknown (is 80h)
|
000h 2 u16 ;// (bitshift << 3) Palette Offset, relative to the start
of Palette Data
000h? 2 u16 ;// Unknown (is 0 or 1)
|
Unknown |
| DS Files - 3D Video BCA0 (Character Skeletal Animation) |
000h 4 ID "BCA0" (Basic Character Animation) 004h 2 Byte Order (FEFFh) 006h 2 Version? (reportedly 1 or 2, in whatever audio/video files?) 008h 4 Total Filesize 00Ch 2 Size of this structure (always 16 ???) 00Eh 2 Number of chunks (1=JNT0) 010h 4 Offset to JNT0 Chunk |
000h 4 Chunk ID "JNT0" (Joint Block) 004h 4 Chunk Size 008h .. Joint Dict (with 32bit offsets to Joints, from "Block_JNT0") |
000h 4 ID 'J.AC' (Joint Animation Content ?)
004h 2 Amount of Frames
006h 2 Amount of Objects (should be same as in BMD0 file)
008h 4 Unknown
00Ch 4 Offset to Unknown1 chunk. Relative to start of this block.
010h 4 Offset to Unknown2 chunk. Relative to start of this block.
014h 4 Object Info Offset (repeats * Amount of Objects), relative
to start of this Joint Section.
uh, is above meant to be Offset to first Object?
or an array with Offsets to all Objects?
... .. Object Info, for each object (supposedly here?)
... .. Unknown1
... .. Unknown2
... .. Reportedly "end of file" (is that possible with multiple joints?)
|
000h 2 Flag - Indicates what sort of Transformations are applied.
Bit0 - Unused?
Bit1 T Translate (0=Yes; data follows, 1=No?)
Bit2 - Unused?
Bit3 X Affects how WHICH data is stored but dunno WHERE?
Bit4 Y Affects how WHICH data is stored but dunno WHERE?
Bit5 Z Affects how WHICH data is stored but dunno WHERE?
Bit6 R Rotate (0=Yes; data follows, 1=No?)
Bit7 - Unused?
Bit8 r Affects how WHICH data is stored but dunno WHERE?
Bit9 S Scale (0=Yes; data follows, 1=No?)
Bit10 - Unused?
Bit11 x Affects how WHICH data is stored but dunno WHERE?
Bit12 y Affects how WHICH data is stored but dunno WHERE?
Bit13 z Affects how WHICH data is stored but dunno WHERE?
Bit14 - Unused?
Bit15 - Unused?
002h 1 Unknown (reportedly u32, 1-byte wide ???)
003h 1 ID Number (reportedly u32, 1-byte wide ???)
*** (Unknown what below crap means, it does probably refer to multiple
*** entries, for Translate, Rotate, and Scale; and possibly even to
*** multiple sub-entries for X,Y,Z or whatever?)
Transformation Info (Translation XYZ, Rotation, Scale XYZ) when WHAT=1
000h 4 Actual value (uh, WHICH value?)
Transformation Info (Translation XYZ, Rotation, Scale XYZ) when WHAT=0
000h 2 Unknown - typically 0000h
002h 2 Unknown
004h 4 Offset to data. Relative to "(Object Info Offset + 4)".
|
000h 2 Reportedly 36, 32 & 0. 002h 2 Unknown (reportedly signed) 004h 2 Unknown (reportedly signed) |
"All transformation offsets point somewhere in this section. It's clearly broken up into parts (Translation, Rotation & Scale), however I'm not totally sure how data is store in here yet." |
| DS Files - 3D Video BTP0/BTA0/BMA0/NVA0 (Unknown Animations) |
____________ DS Files - 3D Video BTP0 (Texture Pattern Animation) ____________ |
000h 4 ID "BTP0" (Texture Pattern Animation) ... .. XXX |
000h 4 Chunk ID "PAT0" (Pattern Block) 004h 4 Chunk Size ... .. Unknown |
________________ DS Files - 3D Video BTA0 (Texture Animation) ________________ |
000h 4 ID "BTA0" (Texture Animation) ... .. XXX |
000h 4 Chunk ID "SRT0" (maybe short for Scale/Rotate/Translate?) 004h 4 Chunk Size ... .. Unknown |
_______________ DS Files - 3D Video BMA0 (Material Animation) ________________ |
000h 4 ID "BMA0" (Material Animation) ... .. XXX |
000h 4 Chunk ID "MAT0" (Material Block) 004h 4 Chunk Size ... .. Unknown |
____________________ DS Files - 3D Video BVA0 (Unknown?) _____________________ |
000h 4 ID "BVA0" (whatever Vis... Animation?) ... .. XXX |
000h 4 Chunk ID "VIS0" (Visibility...?) 004h 4 Chunk Size ... .. Unknown |
| DS 3D Video |
| DS 3D Overview |
| DS 3D I/O Map |
Address Siz Name Expl. Rendering Engine (per Frame settings) 4000060h 2 DISP3DCNT 3D Display Control Register (R/W) 4000320h 1 RDLINES_COUNT Rendered Line Count Register (R) 4000330h 10h EDGE_COLOR Edge Colors 0..7 (W) 4000340h 1 ALPHA_TEST_REF Alpha-Test Comparision Value (W) 4000350h 4 CLEAR_COLOR Clear Color Attribute Register (W) 4000354h 2 CLEAR_DEPTH Clear Depth Register (W) 4000356h 2 CLRIMAGE_OFFSET Rear-plane Bitmap Scroll Offsets (W) 4000358h 4 FOG_COLOR Fog Color (W) 400035Ch 2 FOG_OFFSET Fog Depth Offset (W) 4000360h 20h FOG_TABLE Fog Density Table, 32 entries (W) 4000380h 40h TOON_TABLE Toon Table, 32 colors (W) Geometry Engine (per Polygon/Vertex settings) 4000400h 40h GXFIFO Geometry Command FIFO (W) 4000440h ... ... Geometry Command Ports (see below) 4000600h 4 GXSTAT Geometry Engine Status Register (R and R/W) 4000604h 4 RAM_COUNT Polygon List & Vertex RAM Count Register (R) 4000610h 2 DISP_1DOT_DEPTH 1-Dot Polygon Display Boundary Depth (W) 4000620h 10h POS_RESULT Position Test Results (R) 4000630h 6 VEC_RESULT Vector Test Results (R) 4000640h 40h CLIPMTX_RESULT Read Current Clip Coordinates Matrix (R) 4000680h 24h VECMTX_RESULT Read Current Directional Vector Matrix (R) |
Address Cmd Pa.Cy. N/A 00h - - NOP - No Operation (for padding packed GXFIFO commands) 4000440h 10h 1 1 MTX_MODE - Set Matrix Mode (W) 4000444h 11h - 17 MTX_PUSH - Push Current Matrix on Stack (W) 4000448h 12h 1 36 MTX_POP - Pop Current Matrix from Stack (W) 400044Ch 13h 1 17 MTX_STORE - Store Current Matrix on Stack (W) 4000450h 14h 1 36 MTX_RESTORE - Restore Current Matrix from Stack (W) 4000454h 15h - 19 MTX_IDENTITY - Load Unit Matrix to Current Matrix (W) 4000458h 16h 16 34 MTX_LOAD_4x4 - Load 4x4 Matrix to Current Matrix (W) 400045Ch 17h 12 30 MTX_LOAD_4x3 - Load 4x3 Matrix to Current Matrix (W) 4000460h 18h 16 35* MTX_MULT_4x4 - Multiply Current Matrix by 4x4 Matrix (W) 4000464h 19h 12 31* MTX_MULT_4x3 - Multiply Current Matrix by 4x3 Matrix (W) 4000468h 1Ah 9 28* MTX_MULT_3x3 - Multiply Current Matrix by 3x3 Matrix (W) 400046Ch 1Bh 3 22 MTX_SCALE - Multiply Current Matrix by Scale Matrix (W) 4000470h 1Ch 3 22* MTX_TRANS - Mult. Curr. Matrix by Translation Matrix (W) 4000480h 20h 1 1 COLOR - Directly Set Vertex Color (W) 4000484h 21h 1 9* NORMAL - Set Normal Vector (W) 4000488h 22h 1 1 TEXCOORD - Set Texture Coordinates (W) 400048Ch 23h 2 9 VTX_16 - Set Vertex XYZ Coordinates (W) 4000490h 24h 1 8 VTX_10 - Set Vertex XYZ Coordinates (W) 4000494h 25h 1 8 VTX_XY - Set Vertex XY Coordinates (W) 4000498h 26h 1 8 VTX_XZ - Set Vertex XZ Coordinates (W) 400049Ch 27h 1 8 VTX_YZ - Set Vertex YZ Coordinates (W) 40004A0h 28h 1 8 VTX_DIFF - Set Relative Vertex Coordinates (W) 40004A4h 29h 1 1 POLYGON_ATTR - Set Polygon Attributes (W) 40004A8h 2Ah 1 1 TEXIMAGE_PARAM - Set Texture Parameters (W) 40004ACh 2Bh 1 1 PLTT_BASE - Set Texture Palette Base Address (W) 40004C0h 30h 1 4 DIF_AMB - MaterialColor0 - Diffuse/Ambient Reflect. (W) 40004C4h 31h 1 4 SPE_EMI - MaterialColor1 - Specular Ref. & Emission (W) 40004C8h 32h 1 6 LIGHT_VECTOR - Set Light's Directional Vector (W) 40004CCh 33h 1 1 LIGHT_COLOR - Set Light Color (W) 40004D0h 34h 32 32 SHININESS - Specular Reflection Shininess Table (W) 4000500h 40h 1 1 BEGIN_VTXS - Start of Vertex List (W) 4000504h 41h - 1 END_VTXS - End of Vertex List (W) 4000540h 50h 1 392 SWAP_BUFFERS - Swap Rendering Engine Buffer (W) 4000580h 60h 1 1 VIEWPORT - Set Viewport (W) 40005C0h 70h 3 103 BOX_TEST - Test if Cuboid Sits inside View Volume (W) 40005C4h 71h 2 9 POS_TEST - Set Position Coordinates for Test (W) 40005C8h 72h 1 5 VEC_TEST - Set Directional Vector for Test (W) |
| DS 3D Display Control |
0 Texture Mapping (0=Disable, 1=Enable) 1 PolygonAttr Shading (0=Toon Shading, 1=Highlight Shading) 2 Alpha-Test (0=Disable, 1=Enable) (see ALPHA_TEST_REF) 3 Alpha-Blending (0=Disable, 1=Enable) (see various Alpha values) 4 Anti-Aliasing (0=Disable, 1=Enable) 5 Edge-Marking (0=Disable, 1=Enable) (see EDGE_COLOR) 6 Fog Color/Alpha Mode (0=Alpha and Color, 1=Only Alpha) (see FOG_COLOR) 7 Fog Master Enable (0=Disable, 1=Enable) 8-11 Fog Depth Shift (FOG_STEP=400h shr FOG_SHIFT) (see FOG_OFFSET) 12 Color Buffer RDLINES Underflow (0=None, 1=Underflow/Acknowledge) 13 Polygon/Vertex RAM Overflow (0=None, 1=Overflow/Acknowledge) 14 Rear-Plane Mode (0=Blank, 1=Bitmap) 15-31 Not used |
0 Translucent polygon Y-sorting (0=Auto-sort, 1=Manual-sort)
1 Depth Buffering (0=With Z-value, 1=With W-value)
(mode 1 does not function properly with orthogonal projections)
2-31 Not used
|
0-7 Screen/BG0 Coordinate X1 (0..255) (For Fullscreen: 0=Left-most) 8-15 Screen/BG0 Coordinate Y1 (0..191) (For Fullscreen: 0=Bottom-most) 16-23 Screen/BG0 Coordinate X2 (0..255) (For Fullscreen: 255=Right-most) 24-31 Screen/BG0 Coordinate Y2 (0..191) (For Fullscreen: 191=Top-most) |
0-14 W-Coordinate (Unsigned, 12bit integer, 3bit fractional part) 15-31 Not used (0000h=Closest, 7FFFh=Most Distant) |
0-4 Alpha-Test Comparision Value (0..31) (Draw pixels if Alpha>AlphaRef) 5-31 Not used |
| DS 3D Geometry Commands |
0-7 First Packed Command (or Unpacked Command) 8-15 Second Packed Command (or 00h=None) 16-23 Third Packed Command (or 00h=None) 24-31 Fourth Packed Command (or 00h=None) |
0-31 Parameter data for the previously sent (packed) command(s) |
- command1 (upper 24bit zero) - parameter(s) for command1 (if any) - command2 (upper 24bit zero) - parameter(s) for command2 (if any) - command3 (upper 24bit zero) - parameter(s) for command3 (if any) |
- command1,2,3,4 packed into one 32bit value (all bits used) - parameter(s) for command1 (if any) - parameter(s) for command2 (if any) - parameter(s) for command3 (if any) - parameter(s) for command4 (top-most packed command MUST have parameters) - command5,6 packed into one 32bit value (upper 16bit zero) - parameter(s) for command5 (if any) - parameter(s) for command6 (top-most packed command MUST have parameters) - command7,8,9 packed into one 32bit value (upper 8bit zero) - parameter(s) for command7 (if any) - parameter(s) for command8 (if any) - parameter(s) for command9 (top-most packed command MUST have parameters) |
| DS 3D Matrix Load/Multiply |
0-1 Matrix Mode (0..3)
0 Projection Matrix
1 Position Matrix (aka Modelview Matrix)
2 Position & Vector Simultaneous Set mode (used for Light+VEC_TEST)
3 Texture Matrix (see DS 3D Texture Coordinates chapter)
2-31 Not used
|
MTX_SCALE in Mode 2: uses ONLY Position Matrix MTX_PUSH/POP/STORE/RESTORE in Mode 1: uses BOTH Position AND Vector Matrices |
vice-versa for the scale command. |
ClipMatrix = PositionMatrix * ProjectionMatrix |
| DS 3D Matrix Types |
_ 4x4 Matrix _ _ Identity Matrix _ | m[0] m[1] m[2] m[3] | | 1.0 0 0 0 | | m[4] m[5] m[6] m[7] | | 0 1.0 0 0 | | m[8] m[9] m[10] m[11] | | 0 0 1.0 0 | |_m[12] m[13] m[14] m[15]_| |_ 0 0 0 1.0 _| |
_ 4x3 Matrix _ _ Translation Matrix _ | m[0] m[1] m[2] 0 | | 1.0 0 0 0 | | m[3] m[4] m[5] 0 | | 0 1.0 0 0 | | m[6] m[7] m[8] 0 | | 0 0 1.0 0 | |_m[9] m[10] m[11] 1.0 _| |_m[0] m[1] m[2] 1.0 _| |
_ 3x3 Matrix _ _ Scale Matrix _ | m[0] m[1] m[2] 0 | | m[0] 0 0 0 | | m[3] m[4] m[5] 0 | | 0 m[1] 0 0 | | m[6] m[7] m[8] 0 | | 0 0 m[2] 0 | |_ 0 0 0 1.0 _| |_ 0 0 0 1.0 _| |
| DS 3D Matrix Stack |
Matrix Stack________Valid Stack Area____Stack Pointer___________________ Projection Stack 0..0 (1 entry) 0..1 (1bit) (GXSTAT: 1bit) Coordinate Stack 0..30 (31 entries) 0..63 (6bit) (GXSTAT: 5bit only) Directional Stack 0..30 (31 entries) (uses Coordinate Stack Pointer) Texture Stack One..None? 0..1 (1bit) (GXSTAT: N/A) |
MTX_MODE = 0 --> Projection Stack MTX_MODE = 1 or 2 --> BOTH Coordinate AND Directional Stack MTX_MODE = 3 --> Texture Stack |
Parameter Bit0-5: Stack Offset (signed value, -30..+31) (usually +1) Parameter Bit6-31: Not used |
Parameter Bit0-4: Stack Address (0..30) (31 causes overflow in GXSTAT.15) Parameter Bit5-31: Not used |
Parameter Bit0-4: Stack Address (0..30) (31 causes overflow in GXSTAT.15) Parameter Bit5-31: Not used |
| DS 3D Matrix Examples (Projection) |
Perspective Projection Orthogonal Projection
__ __________
top __..--'' | top | |
| view | | view |
Eye ----|--------->| Eye ----|--------->|
|__volume | | volume |
bottom ''--..__| bottom|__________|
near far near far
|
| (2.0)/(r-l) 0 0 0 | | 0 (2.0)/(t-b) 0 0 | | 0 0 (2.0)/(n-f) 0 | | (l+r)/(l-r) (b+t)/(b-t) (n+f)/(n-f) 1.0 | |
| (2*n)/(r-l) 0 0 0 | | 0 (2*n)/(t-b) 0 0 | | (r+l)/(r-l) (t+b)/(t-b) (n+f)/(n-f) -1.0 | | 0 0 (2*n*f)/(n-f) 0 | |
| cos/(asp*sin) 0 0 0 | | 0 cos/sin 0 0 | | 0 0 (n+f)/(n-f) -1.0 | | 0 0 (2*n*f)/(n-f) 0 | |
| DS 3D Matrix Examples (Rotate/Scale/Translate) |
Load(Identity) ;no rotation/scaling used Load(Identity), Mul(Rotate), Mul(Scale) ;rotation/scaling (not so efficient) Load(Rotate), Mul(Scale) ;rotation/scaling (more efficient) |
Around X-Axis Around Y-Axis Around Z-Axis | 1.0 0 0 | | cos 0 sin | | cos sin 0 | | 0 cos sin | | 0 1.0 0 | | -sin cos 0 | | 0 -sin cos | | -sin 0 cos | | 0 0 1.0 | |
| DS 3D Matrix Examples (Maths Basics) |
| c11 c12 c13 c14 | | a11 a12 a13 a14 | | b11 b12 b13 b14 | | c21 c22 c23 c24 | = | a21 a22 a23 a24 | * | b21 b22 b23 b24 | | c31 c32 c33 c34 | | a31 a32 a33 a34 | | b31 b32 b33 b34 | | c41 c42 c43 c44 | | a41 a42 a43 a44 | | b41 b42 b43 b44 | |
cyx = ay1*b1x + ay2*b2x + ay3*b3x + ay4*b4x |
| b11 b12 b13 b14 |
| c11 c12 c13 c14 | = | a11 a12 a13 a14 | * | b21 b22 b23 b24 |
| b31 b32 b33 b34 |
| b41 b42 b43 b44 |
|
cyx = ay1*b1x + ay2*b2x + ay3*b3x + ay4*b4x |
cyx = ayx*n |
cyx = ayx +/- byx |
cyx = ay1*b1x + ay2*b2x + ay3*b3x + ay4*b4x |
| DS 3D Polygon Attributes |
0-3 Light 0..3 Enable Flags (each bit: 0=Disable, 1=Enable) 4-5 Polygon Mode (0=Modulation,1=Decal,2=Toon/Highlight Shading,3=Shadow) 6 Polygon Back Surface (0=Hide, 1=Render) ;Line-segments are always 7 Polygon Front Surface (0=Hide, 1=Render) ;rendered (no front/back) 8-10 Not used 11 Depth-value for Translucent Pixels (0=Keep Old, 1=Set New Depth) 12 Far-plane intersecting polygons (0=Hide, 1=Render/clipped) 13 1-Dot polygons behind DISP_1DOT_DEPTH (0=Hide, 1=Render) 14 Depth Test, Draw Pixels with Depth (0=Less, 1=Equal) (usually 0) 15 Fog Enable (0=Disable, 1=Enable) 16-20 Alpha (0=Wire-Frame, 1..30=Translucent, 31=Solid) 21-23 Not used 24-29 Polygon ID (00h..3Fh, used for translucent, shadow, and edge-marking) 30-31 Not used |
Parameter 1, Bit 0-4 Red Parameter 1, Bit 5-9 Green Parameter 1, Bit 10-14 Blue Parameter 1, Bit 15-31 Not used |
| DS 3D Polygon Definitions by Vertices |
Separate Tri. Triangle Strips Line Segment v0 v2___v4____v6 |\ v3 /|\ |\ /\ v0 v1 | \ /\ v0( | \ | \ / \ ------ |__\ /__\ \|__\|__\/____\ v2 v1 v2 v4 v5 v1 v3 v5 v7 |
Separate Quads Quadliteral Strips Prohibited Quads
v0__v3 v0__v2____v4 v10__ v0__v3 v4
/ \ v4____v7 / \ |\ _____ / /v11 \/ |\
/ \ | \ / \ | |v6 v8| / /\ v5| \
/______\ |_____\ /______\___|_|_____|/ /__\ /___\
v1 v2 v5 v6 v1 v3 v5 v7 v9 v2 v1 v6 v7
|
Parameter 1, Bit 0-1 Primitive Type (0..3, see below) Parameter 1, Bit 2-31 Not used |
0 Separate Triangle(s) ;3*N vertices per N triangles 1 Separate Quadliteral(s) ;4*N vertices per N quads 2 Triangle Strips ;3+(N-1) vertices per N triangles 3 Quadliteral Strips ;4+(N-1)*2 vertices per N quads |
Parameter 1, Bit 0-15 X-Coordinate (signed, with 12bit fractional part) Parameter 1, Bit 16-31 Y-Coordinate (signed, with 12bit fractional part) Parameter 2, Bit 0-15 Z-Coordinate (signed, with 12bit fractional part) Parameter 2, Bit 16-31 Not used |
Parameter 1, Bit 0-9 X-Coordinate (signed, with 6bit fractional part) Parameter 1, Bit 10-19 Y-Coordinate (signed, with 6bit fractional part) Parameter 1, Bit 20-29 Z-Coordinate (signed, with 6bit fractional part) Parameter 1, Bit 30-31 Not used |
Parameter 1, Bit 0-15 X-Coordinate (signed, with 12bit fractional part) Parameter 1, Bit 16-31 Y-Coordinate (signed, with 12bit fractional part) |
Parameter 1, Bit 0-15 X-Coordinate (signed, with 12bit fractional part) Parameter 1, Bit 16-31 Z-Coordinate (signed, with 12bit fractional part) |
Parameter 1, Bit 0-15 Y-Coordinate (signed, with 12bit fractional part) Parameter 1, Bit 16-31 Z-Coordinate (signed, with 12bit fractional part) |
Parameter 1, Bit 0-9 X-Difference (signed, with 9/12bit fractional part) Parameter 1, Bit 10-19 Y-Difference (signed, with 9/12bit fractional part) Parameter 1, Bit 20-29 Z-Difference (signed, with 9/12bit fractional part) Parameter 1, Bit 30-31 Not used |
( xx, yy, zz, ww ) = ( x, y, z, 1.0 ) * ClipMatrix |
screen_x = (xx+ww)*viewport_width / (2*ww) + viewport_x1 screen_y = (yy+ww)*viewport_height / (2*ww) + viewport_y1 |
| DS 3D Polygon Light Parameters |
0-9 Directional Vector's X component (1bit sign + 9bit fractional part) 10-19 Directional Vector's Y component (1bit sign + 9bit fractional part) 20-29 Directional Vector's Z component (1bit sign + 9bit fractional part) 30-31 Light Number (0..3) |
0-4 Red (0..1Fh) ;\light color this will be combined with 5-9 Green (0..1Fh) ; diffuse, specular, and ambient colors 10-14 Blue (0..1Fh) ;/upon execution of the normal command 15-29 Not used 30-31 Light Number (0..3) |
0-4 Diffuse Reflection Red ;\light(s) that directly hits the polygon, 5-9 Diffuse Reflection Green ; ie. max when NormalVector has opposite 10-14 Diffuse Reflection Blue ;/direction of LightVector 15 Set Vertex Color (0=No, 1=Set Diffuse Reflection Color as Vertex Color) 16-20 Ambient Reflection Red ;\light(s) that indirectly hits the polygon, 21-25 Ambient Reflection Green ; ie. assuming that light is reflected by 26-30 Ambient Reflection Blue ;/walls/floor, regardless of LightVector 31 Not used |
0-4 Specular Reflection Red ;\light(s) reflected towards the camera, 5-9 Specular Reflection Green ; ie. max when NormalVector is in middle of 10-14 Specular Reflection Blue ;/LightVector and ViewDirection 15 Specular Reflection Shininess Table (0=Disable, 1=Enable) 16-20 Emission Red ;\light emitted by the polygon itself, 21-25 Emission Green ; ie. regardless of light colors/vectors, 26-30 Emission Blue ;/and no matter if any lights are enabled 31 Not used |
0-7 Shininess 0 (unsigned fixed-point, 0bit integer, 8bit fractional part)
8-15 Shininess 1 ("")
16-23 Shininess 2 ("")
24-31 Shininess 3 ("")
|
0-9 X-Component of Normal Vector (1bit sign + 9bit fractional part) 10-19 Y-Component of Normal Vector (1bit sign + 9bit fractional part) 20-29 Z-Component of Normal Vector (1bit sign + 9bit fractional part) 30-31 Not used |
IF TexCoordTransformMode=2 THEN TexCoord=NormalVector*Matrix (see TexCoord)
NormalVector=NormalVector*DirectionalMatrix
VertexColor = EmissionColor
FOR i=0 to 3
IF PolygonAttrLight[i]=enabled THEN
DiffuseLevel = max(0,-(LightVector[i]*NormalVector))
ShininessLevel = max(0,(-HalfVector[i])*(NormalVector))^2
IF TableEnabled THEN ShininessLevel = ShininessTable[ShininessLevel]
;note: below processed separately for the R,G,B color components...
VertexColor = VertexColor + SpecularColor*LightColor[i]*ShininessLevel
VertexColor = VertexColor + DiffuseColor*LightColor[i]*DiffuseLevel
VertexColor = VertexColor + AmbientColor*LightColor[i]
ENDIF
NEXT i
|
LightVector[i] = (LightVector*DirectionalMatrix) HalfVector[i] = (LightVector[i]+LineOfSightVector)/2 |
LineOfSightVector = (0,0,-1.0) |
Specular Reflection WON'T WORK when the ProjectionMatrix is rotated (!) |
| DS 3D Shadow Polygons |
| DS 3D Texture Attributes |
Parameter 1, Bit 0-15 S-Coordinate (X-Coordinate in Texture Source) Parameter 1, Bit 16-31 T-Coordinate (Y-Coordinate in Texture Source) Both values are 1bit sign + 11bit integer + 4bit fractional part. A value of 1.0 (=1 SHL 4) equals to one Texel. |
0-15 Texture VRAM Offset div 8 (0..FFFFh -> 512K RAM in Slot 0,1,2,3)
(VRAM must be allocated as Texture data, see Memory Control chapter)
16 Repeat in S Direction (0=Clamp Texture, 1=Repeat Texture)
17 Repeat in T Direction (0=Clamp Texture, 1=Repeat Texture)
18 Flip in S Direction (0=No, 1=Flip each 2nd Texture) (requires Repeat)
19 Flip in T Direction (0=No, 1=Flip each 2nd Texture) (requires Repeat)
20-22 Texture S-Size (for N=0..7: Size=(8 SHL N); ie. 8..1024 texels)
23-25 Texture T-Size (for N=0..7: Size=(8 SHL N); ie. 8..1024 texels)
26-28 Texture Format (0..7, see below)
29 Color 0 of 4/16/256-Color Palettes (0=Displayed, 1=Made Transparent)
30-31 Texture Coordinates Transformation Mode (0..3, see below)
|
0 No Texture 1 A3I5 Translucent Texture 2 4-Color Palette Texture 3 16-Color Palette Texture 4 256-Color Palette Texture 5 4x4-Texel Compressed Texture 6 A5I3 Translucent Texture 7 Direct Texture |
0 Do not Transform texture coordinates 1 TexCoord source 2 Normal source 3 Vertex source |
Clamp _____ Repeat Repeat+Flip _____/ /////////// /\/\/\/\/\/ |
0-12 Palette Base Address (div8 or div10h, see below)
(Not used for Texture Format 7: Direct Color Texture)
(0..FFF8h/8 for Texture Format 2: ie. 4-color-palette Texture)
(0..17FF0h/10h for all other Texture formats)
13-31 Not used
|
| DS 3D Texture Formats |
Bit0-4: Color Index (0..31) of a 32-color Palette Bit5-7: Alpha (0..7; 0=Transparent, 7=Solid) |
Bit0-2: Color Index (0..7) of a 8-color Palette Bit3-7: Alpha (0..31; 0=Transparent, 31=Solid) |
Bit0-7 Upper 4-Texel row (LSB=first/left-most Texel)
Bit8-15 Next 4-Texel row ("")
Bit16-23 Next 4-Texel row ("")
Bit24-31 Lower 4-Texel row ("")
|
Bit0-13 Palette Offset in 4-byte steps; Addr=(PLTT_BASE*10h)+(Offset*4) Bit14-15 Transparent/Interpolation Mode (0..3, see below) |
slot1_addr = slot0_addr / 2 ;lower 64K of Slot1 assoc to Slot0 slot1_addr = slot2_addr / 2 + 10000h ;upper 64K of Slot1 assoc to Slot2 |
Texel Mode 0 Mode 1 Mode 2 Mode 3 0 Color 0 Color0 Color 0 Color 0 1 Color 1 Color1 Color 1 Color 1 2 Color 2 (Color0+Color1)/2 Color 2 (Color0*5+Color1*3)/8 3 Transparent Transparent Color 3 (Color0*3+Color1*5)/8 |
| DS 3D Texture Coordinates |
( S' T' ) = ( S T ) |
| m[0] m[1] |
( S' T' ) = ( S T 1/16 1/16 ) * | m[4] m[5] |
| m[8] m[9] |
| m[12] m[13] |
|
| m[0] m[1] |
( S' T' ) = ( Nx Ny Nz 1.0 ) * | m[4] m[5] |
| m[8] m[9] |
| S T |
|
| m[0] m[1] |
( S' T' ) = ( Vx Vy Vz 1.0 ) * | m[4] m[5] |
| m[8] m[9] |
| S T |
|
Matrix m[..] 1+19+12 (32bit) Vertex Vx,Vy,Vz 1+3+12 (16bit) Normal Nx,Ny,Nz 1+0+9 (10bit) Constant 1.0 0+1+0 (1bit) Constant 1/16 0+0+4 (4bit) TexCoord S,T 1+11+4 (16bit) Result S',T' 1+11+4 (16bit) <-------- clipped to that size ! |
| DS 3D Texture Blending |
R = ((Rt+1)*(Rv+1)-1)/64 G = ((Gt+1)*(Gv+1)-1)/64 B = ((Bt+1)*(Bv+1)-1)/64 A = ((At+1)*(Av+1)-1)/64 |
R = (Rt*At + Rv*(63-At))/64 ;except, when At=0: R=Rv, when At=31: R=Rt G = (Gt*At + Gv*(63-At))/64 ;except, when At=0: G=Gv, when At=31: G=Gt B = (Bt*At + Bv*(63-At))/64 ;except, when At=0: B=Bv, when At=31: B=Bt A = Av |
R = ((Rt+1)*(Rs+1)-1)/64 ;Rs=ToonTableRed[Rv] G = ((Gt+1)*(Gs+1)-1)/64 ;Gs=ToonTableGreen[Rv] B = ((Bt+1)*(Bs+1)-1)/64 ;Bs=ToonTableBlue[Rv] A = ((At+1)*(Av+1)-1)/64 |
R = ((Rt+1)*(Rs+1)-1)/64+Rs ;truncated to MAX=63 G = ((Gt+1)*(Gs+1)-1)/64+Gs ;truncated to MAX=63 B = ((Bt+1)*(Bs+1)-1)/64+Bs ;truncated to MAX=63 A = ((At+1)*(Av+1)-1)/64 |
| DS 3D Toon, Edge, Fog, Alpha-Blending, Anti-Aliasing |
Bit0-4: Red, Bit5-9: Green, Bit10-14: Blue, Bit15: Not Used |
Bit0-4: Red, Bit5-9: Green, Bit10-14: Blue, Bit15: Not Used |
0-4 Fog Color, Red ;\ 5-9 Fog Color, Green ; used only when DISP3DCNT.Bit6 is zero 10-14 Fog Color, Blue ;/ 15 Not used 16-20 Fog Alpha ;-used no matter of DISP3DCNT.Bit6 21-31 Not used |
0-14 Fog Offset (Unsigned) (0..7FFFh) 15-31 Not used |
FogDepthBoundary[n] = FOG_OFFSET + FOG_STEP*(n+1) ;with n = 0..31 |
0-6 Fog Density (00h..7Fh = None..Full) (usually increasing values) 7 Not used |
FrameBuffer[R] = (FogColor[R]*Density + FrameBuffer[R]*(128-Density)) / 128 FrameBuffer[G] = (FogColor[G]*Density + FrameBuffer[G]*(128-Density)) / 128 FrameBuffer[B] = (FogColor[B]*Density + FrameBuffer[B]*(128-Density)) / 128 FrameBuffer[A] = (FogColor[A]*Density + FrameBuffer[A]*(128-Density)) / 128 |
FrameBuf[R] = (Poly[R]*(Poly[A]+1) + FrameBuf[R]*(31-(Poly[A])) / 32 FrameBuf[G] = (Poly[G]*(Poly[A]+1) + FrameBuf[G]*(31-(Poly[A])) / 32 FrameBuf[B] = (Poly[B]*(Poly[A]+1) + FrameBuf[B]*(31-(Poly[A])) / 32 FrameBuf[A] = max(Poly[A],FrameBuf[A]) |
1) Alpha-Blending is disabled (DISP3DCNT.Bit3=0) 2) The polygon pixel is opaque (Poly[A]=31) 3) The old framebuffer value is totally transparent (FrameBuf[A]=0) |
Opaque polygons (except wire-frames) without Edge-Marking and Anti-Aliasing, and, all polygons with vertical right-edges (except line-segments). Plus, Translucent Polys when Alpha-Blending is disabled in DISP3DCNT.Bit3. |
| DS 3D Status |
0 BoxTest,PositionTest,VectorTest Busy (0=Ready, 1=Busy) 1 BoxTest Result (0=All Outside View, 1=Parts or Fully Inside View) 2-7 Not used 8-12 Position & Vector Matrix Stack Level (0..31) (lower 5bit of 6bit value) 13 Projection Matrix Stack Level (0..1) 14 Matrix Stack Busy (0=No, 1=Yes; Currently executing a Push/Pop command) 15 Matrix Stack Overflow/Underflow Error (0=No, 1=Error/Acknowledge/Reset) 16-24 Number of 40bit-entries in Command FIFO (0..256) (24) Command FIFO Full (MSB of above) (0=No, 1=Yes; Full) 25 Command FIFO Less Than Half Full (0=No, 1=Yes; Less than Half-full) 26 Command FIFO Empty (0=No, 1=Yes; Empty) 27 Geometry Engine Busy (0=No, 1=Yes; Busy; Commands are executing) 28-29 Not used 30-31 Command FIFO IRQ (0=Never, 1=Less than half full, 2=Empty, 3=Reserved) |
0-11 Number of Polygons currently stored in Polygon List RAM (0..2048) 12-15 Not used 16-28 Number of Vertices currently stored in Vertex RAM (0..6144) 13-15 Not used |
0-5 Minimum Number (minus 2) of buffered lines in previous frame (0..46) 6-31 Not used |
| DS 3D Tests |
Parameter 1, Bit 0-15 X-Coordinate Parameter 1, Bit 16-31 Y-Coordinate Parameter 2, Bit 0-15 Z-Coordinate Parameter 2, Bit 16-31 Width (presumably: X-Offset?) Parameter 3, Bit 0-15 Height (presumably: Y-Offset?) Parameter 3, Bit 16-31 Depth (presumably: Z-Offset?) All values are 1bit sign, 3bit integer, 12bit fractional part |
Parameter 1, Bit 0-15 X-Coordinate Parameter 1, Bit 16-31 Y-Coordinate Parameter 2, Bit 0-15 Z-Coordinate Parameter 2, Bit 16-31 Not used All values are 1bit sign, 3bit integer, 12bit fractional part. |
Parameter 1, Bit 0-9 X-Component Parameter 1, Bit 10-19 Y-Component Parameter 1, Bit 20-29 Z-Component Parameter 1, Bit 30-31 Not used All values are 1bit sign, 9bit fractional part. |
| DS 3D Rear-Plane |
--> 2D Layers --> 3D Polygons --> 3D Rear-plane --> 2D Layers --> 2D Backdrop |
0-4 Clear Color, Red 5-9 Clear Color, Green 10-14 Clear Color, Blue 15 Fog (enables Fog to the rear-plane) (doesn't affect Fog of polygons) 16-20 Alpha 21-23 Not used 24-29 Clear Polygon ID (affects edge-marking, at the screen-edges?) 30-31 Not used |
0-14 Clear Depth (0..7FFFh) (usually 7FFFh = most distant) 15 Not used 16-31 See Port 4000356h, CLRIMAGE_OFFSET |
Rear Color Bitmap (located in Texture Slot 2)
0-4 Clear Color, Red
5-9 Clear Color, Green
10-14 Clear Color, Blue
15 Alpha (0=Transparent, 1=Solid) (equivalent to 5bit-alpha 0 and 31)
Rear Depth Bitmap (located in Texture Slot 3)
0-14 Clear Depth, expanded to 24bit as X=(X*200h)+((X+1)/8000h)*1FFh
15 Clear Fog (Initial fog enable value)
|
Bit0-7 X-Offset (0..255; 0=upper row of bitmap) Bit8-14 Y-Offset (0..255; 0=left column of bitmap) |
| DS 3D Final 2D Output |
Brightness up/down with BG0 as 1st Target via EVY (as for 2D) Blending with BG0 as 2nd Target via EVA/EVB (as for 2D) Blending with BG0 as 1st Target via 3D Alpha-values (unlike as for 2D) |
| DS Sound |
| DS Sound Channels 0..15 |
Bit0-6 Volume Mul (0..127=silent..loud) Bit7 Not used (always zero) Bit8-9 Volume Div (0=Normal, 1=Div2, 2=Div4, 3=Div16) Bit10-14 Not used (always zero) Bit15 Hold (0=Normal, 1=Hold last sample after one-shot sound) Bit16-22 Panning (0..127=left..right) (64=half volume on both speakers) Bit23 Not used (always zero) Bit24-26 Wave Duty (0..7) ;HIGH=(N+1)*12.5%, LOW=(7-N)*12.5% (PSG only) Bit27-28 Repeat Mode (0=Manual, 1=Loop Infinite, 2=One-Shot, 3=Prohibited) Bit29-30 Format (0=PCM8, 1=PCM16, 2=IMA-ADPCM, 3=PSG/Noise) Bit31 Start/Status (0=Stop, 1=Start/Busy) |
Bit0-26 Source Address (must be word aligned, bit0-1 are always zero) Bit27-31 Not used |
Bit0-15 Timer Value, Sample frequency, timerval=-(33513982Hz/2)/freq |
Bit0-15 Loop Start, Sample loop start position
(counted in words, ie. N*4 bytes)
|
Bit0-21 Sound length (counted in words, ie. N*4 bytes) Bit22-31 Not used |
| DS Sound Control Registers |
Bit0-6 Master Volume (0..127=silent..loud) Bit7 Not used (always zero) Bit8-9 Left Output from (0=Left Mixer, 1=Ch1, 2=Ch3, 3=Ch1+Ch3) Bit10-11 Right Output from (0=Right Mixer, 1=Ch1, 2=Ch3, 3=Ch1+Ch3) Bit12 Output Ch1 to Mixer (0=Yes, 1=No) (both Left/Right) Bit13 Output Ch3 to Mixer (0=Yes, 1=No) (both Left/Right) Bit14 Not used (always zero) Bit15 Master Enable (0=Disable, 1=Enable) Bit16-31 Not used (always zero) |
Bit0-9 Sound Bias (0..3FFh, usually 200h) Bit10-31 Not used (always zero) |
| DS Sound Capture |
Bit0 Control of Associated Sound Channels (ANDed with Bit7)
SNDCAP0CNT: Output Sound Channel 1 (0=As such, 1=Add to Channel 0)
SNDCAP1CNT: Output Sound Channel 3 (0=As such, 1=Add to Channel 2)
Caution: Addition mode works only if BOTH Bit0 and Bit7 are set.
Bit1 Capture Source Selection
SNDCAP0CNT: Capture 0 Source (0=Left Mixer, 1=Channel 0/Bugged)
SNDCAP1CNT: Capture 1 Source (0=Right Mixer, 1=Channel 2/Bugged)
Bit2 Capture Repeat (0=Loop, 1=One-shot)
Bit3 Capture Format (0=PCM16, 1=PCM8)
Bit4-6 Not used (always zero)
Bit7 Capture Start/Status (0=Stop, 1=Start/Busy)
|
Bit0-26 Destination address (word aligned, bit0-1 are always zero) Bit27-31 Not used (always zero) |
Bit0-15 Buffer length (1..FFFFh words) (ie. N*4 bytes) Bit16-31 Not used |
1) Both Negative Bug - SNDCAPxCNT Bit1=1, Bit0=0 (addition disabled) Capture data is accidently set to -8000h if ch(a) and ch(b) are both <0. Otherwise the correct capture result is returned, ie. plain ch(a) data, not being affected by ch(b) (since addition is disabled). Workaround: Ensure that ch(a) and/or ch(b) are >=0 (or disabled). 2) Overflow Bug - SNDCAPxCNT Bit1=1, Bit0=1 (addition enabled) In this mode, Capture data isn't clipped to MinMax(-8000h,+7FFFh), instead, it is ANDed with FFFFh, so the sign bit is lost if the addition result ch(a)+ch(b) is less/greater than -8000h/+7FFFh. Workaround: Reduce ch(a)/ch(b) volume or data to avoid overflows. |
1) Addition Result for Capture(x) when using capture source=ch(a): Addition is performed always, no matter of SOUNDCNT.Bit12/13. And, no matter of ch(a) enable, result is plain ch(b) if ch(a) is disabled. Result is 16bit (plus fraction) with overflow error (see Capture Bugs). 2) Addition Result for Mixer (towards speakers, and capture source=mixer): Ch(b) is muted if ch(a) is disabled. Ch(b) is muted if ch(b) SOUNDCNT.Bit12/13 is set to "Ch(b) not to mixer". Result is 17bit (plus fraction) without overflow error. |
| DS Sound Block Diagrams |
_____
Ch0.L ------------->| | .------------------------------> to Capture 0
___ | | | ___
Ch1.L ---o->|Sel|-->| | | Ch0..Ch15 | |
| |___| |Left |--o---------------->| |
Ch2.L ---|--------->|Mixer| |Sel| ______ ____
| ___ | | Ch1 | | |Master| |Add |
Ch3.L -o-|->|Sel|-->| | .----------------->| |->|Volume|->|Bias|-> L
| | |___| | | | | | |______| |____|
Ch4.L -|-|--------->| | | Ch3 | |
... -|-|--------->| | | .--------------->| |
Ch15.L-|-|--------->|_____| | | ___ | |
| '------------------o-|->|Add| Ch1+Ch3 | |
'----------------------o->|___|-------->|___|
|
____ _________ ___ ___ ___ |FIFO|-->|Channel 0|-->|Vol|-->|Add|-o->|Pan|--> Ch0.L |____| |_________| |___| |___| | |___|--> Ch0.R ____ _________ ___ ^ | |FIFO|<--|Capture 0|<--|Sel|<----|---' |____| |_ _____ _| |___|<----|-------------- Left Mixer ____ _:Timer:_ ___ _|_ ___ |FIFO|-->|Channel 1|-->|Vol|-->|Sel|--->|Pan|--> Ch1.L |____| |_________| |___| |___| |___|--> Ch1.R |
____ _________ ___ ___ |FIFO|-->|Channel 4|-->|Vol|----------->|Pan|--> Ch4.L |____| |_________| |___| |___|--> Ch4.R |
| DS Sound Notes |
data.vol = data*N/128 pan.left = data*(128-N)/128 pan.right = data*N/128 master.vol = data*N/128/64 |
Step Bits Min Max 0 Incoming PCM16 Data 16.0 -8000h +7FFFh 1 Volume Divider (div 1..16) 16.4 -8000h +7FFFh 2 Volume Factor (mul N/128) 16.11 -8000h +7FFFh 3 Panning (mul N/128) 16.18 -8000h +7FFFh 4 Rounding Down (strip 10bit) 16.8 -8000h +7FFFh 5 Mixer (add channel 0..15) 20.8 -80000h +7FFF0h 6 Master Volume (mul N/128/64) 14.21 -2000h +1FF0h 7 Strip fraction 14.0 -2000h +1FF0h 8 Add Bias (0..3FFh, def=200h) 15.0 -2000h+0 +1FF0h+3FFh 9 Clip (min/max 0h..3FFh) 10.0 0 +3FFh |
0 12.5% "_______-_______-_______-" 1 25.0% "______--______--______--" 2 37.5% "_____---_____---_____---" 3 50.0% "____----____----____----" 4 62.5% "___-----___-----___-----" 5 75.0% "__------__------__------" 6 87.5% "_-------_-------_-------" 7 0.0% "________________________" |
X=X SHR 1, IF carry THEN Out=LOW, X=X XOR 6000h ELSE Out=HIGH |
Bit0-15 Initial PCM16 Value (Pcm16bit = -7FFFh..+7FFF) (not -8000h) Bit16-22 Initial Table Index Value (Index = 0..88) Bit23-31 Not used (zero) |
Diff = ((Data4bit AND 7)*2+1)*AdpcmTable[Index]/8 ;see rounding-error IF (Data4bit AND 8)=0 THEN Pcm16bit = Max(Pcm16bit+Diff,+7FFFh) IF (Data4bit AND 8)=8 THEN Pcm16bit = Min(Pcm16bit-Diff,-7FFFh) Index = MinMax (Index+IndexTable[Data4bit AND 7],0,88) |
Diff = AdpcmTable[Index]/8 IF (data4bit AND 1) THEN Diff = Diff + AdpcmTable[Index]/4 IF (data4bit AND 2) THEN Diff = Diff + AdpcmTable[Index]/2 IF (data4bit AND 4) THEN Diff = Diff + AdpcmTable[Index]/1 |
Max(+7FFFh) leaves -8000h unclipped (can happen if initial PCM16 was -8000h) Min(-7FFFh) clips -8000h to -7FFFh (possibly unlike windows .WAV files?) |
0007h,0008h,0009h,000Ah,000Bh,000Ch,000Dh,000Eh,0010h,0011h,0013h,0015h 0017h,0019h,001Ch,001Fh,0022h,0025h,0029h,002Dh,0032h,0037h,003Ch,0042h 0049h,0050h,0058h,0061h,006Bh,0076h,0082h,008Fh,009Dh,00ADh,00BEh,00D1h 00E6h,00FDh,0117h,0133h,0151h,0173h,0198h,01C1h,01EEh,0220h,0256h,0292h 02D4h,031Ch,036Ch,03C3h,0424h,048Eh,0502h,0583h,0610h,06ABh,0756h,0812h 08E0h,09C3h,0ABDh,0BD0h,0CFFh,0E4Ch,0FBAh,114Ch,1307h,14EEh,1706h,1954h 1BDCh,1EA5h,21B6h,2515h,28CAh,2CDFh,315Bh,364Bh,3BB9h,41B2h,4844h,4F7Eh 5771h,602Fh,69CEh,7462h,7FFFh |
X=000776d2h, FOR I=0 TO 88, Table[I]=X SHR 16, X=X+(X/10), NEXT I Table[3]=000Ah, Table[4]=000Bh, Table[88]=7FFFh, Table[89..127]=0000h |
| DS Files - Sound (SDAT etc.) |
| DS Sound Files - SDAT (Sound Data Archive) |
000h 4 ID "SDAT" ;alike "CSAR" on 3DS 004h 2 Byte Order (FEFFh) 006h 2 Version (0100h) 008h 4 Total Filesize 00Ch 2 Header Size (usually 40h) 00Eh 2 Number of Blocks (usually 4 = SYMB+INFO+FAT+FILE) (or 3=no SYMB) 010h 4+4 SYMB Block (Offset from SDAT+0, Size) ;=0,0 if above is 3=no SYMB 018h 4+4 INFO Block (Offset from SDAT+0, Size) ;\ 020h 4+4 FAT Block (Offset from SDAT+0, Size) ; always present 028h 4+4 FILE Block (Offset from SDAT+0, Size) ;/ 030h 10h Padding to 20h-byte boundary (0) |
_________________________________ SYMB Block _________________________________ |
000h 4 ID "SYMB" 004h 4 SYMB Block Size (rounded up to 4-byte boundary, unlike as in SDAT) 008h 4 File List SSEQ (Offset from SYMB+0) Sequences (songs) 00Ch 4 Folder List SSAR (Offset from SYMB+0) Sequence Archives (fx) 010h 4 File List BANK (Offset from SYMB+0) Banks 014h 4 File List SWAR (Offset from SYMB+0) Wave Archives (samples) 018h 4 File List Player (Offset from SYMB+0) Player (Group-related) 01Ch 4 File List Group (Offset from SYMB+0) Group (SSEQ+SSAR+BANK+SWAR) 020h 4 File List Player2 (Offset from SYMB+0) Player2 (Stream-related) 024h 4 File List STRM (Offset from SYMB+0) Wave Stream 028h 18h Reserved (0) 040h .. File/Folder Lists (see below) .. .. File/Folder Name Strings (ASCII, terminated by 0) .. .. Padding to 4-byte boundary (0) |
000h 4 Number of entries in this list (can be 0=None) 004h N*4 File Name (Offset from SYMB+0) |
000h 4 Number of entries in this list (can be 0=None) 004h N*(4+4) SSAR "Folder Name" and SSEQ "File List" (Offset's from SYMB+0) |
_________________________________ INFO Block _________________________________ |
000h 4 ID "INFO" 004h 4 INFO Block Size (same as in SDAT header) 008h 4 Info List SSEQ (Offset from INFO+0) Sequences (songs) 00Ch 4 Info List SSAR (Offset from INFO+0) Sequence Archives (fx) 010h 4 Info List BANK (Offset from INFO+0) Banks 014h 4 Info List SWAR (Offset from INFO+0) Wave Archives (samples) 018h 4 Info List Player (Offset from INFO+0) Player (Group-related) 01Ch 4 Info List Group (Offset from INFO+0) Group (SSEQ+SSAR+BANK+SWAR) 020h 4 Info List Player2 (Offset from INFO+0) Player2 (Stream-related) 024h 4 Info List STRM (Offset from INFO+0) Wave Stream 028h 18h Reserved (0) .. .. Info Lists (see below) .. .. Info Entries (see below) .. .. Padding to 4-byte boundary (0) |
000h 4 Number of entries in this list (can be 0=None) 004h N*4 Info Entries (Offset from INFO+0) |
000h 2 FAT fileID of SSEQ file ;for accessing this file 002h 2 Unknown 004h 2 bnk ;Associated BANK 006h 1 vol ;Volume 007h 1 cpr 008h 1 ppr 009h 1 ply 00Ah 2 Unknown (0) |
000h 2 FAT fileID of SSAR file 002h 2 unknown |
000h 2 FAT fileID of SBNK file 002h 2 unknown 004h 2 1st SWAR ;\ 006h 2 2nd SWAR ; Associated Wave Archives (FFFFh=Unused entry) 008h 2 3rd SWAR ; 00Ah 2 4th SWAR ;/ |
000h 2 FAT fileID of SWAR file 002h 2 unknown |
000h 1 Unknown 001h 3 Padding 004h 4 Unknown |
000h 4 Number of items in this group 004h N*(4+4) Array (with ID+Index pairs) |
000h 1 nCount ;number of USED entries in below array 001h 16 v[16] ;unknown array (UNUSED entries are set to FFh 011h 7 Reserved (0) |
000h 2 FAT fileID of STRM file ;for accessing the file 002h 2 Unknown 004h 1 vol ;volume 005h 1 pri ;priority? 006h 1 ply ;play? 007h 5 Reserved (0) |
____________________________ FAT and FILE Blocks _____________________________ |
000h 4 ID "FAT " 004h 4 FAT Block Size (same as in SDAT header) (0Ch+N*10h) 008h 4 Number of files 00Ch N*(4+4+8) File Entries (Offset from SDAT+0, Size, Zero) |
000h 4 ID "FILE" 004h 4 FILE Block Size (same as in SDAT header) 008h 4 Number of files (same as in FAT block) 00Ch 4 Reserved (0) 010h .. Files (SSEQ,SSAR,SBNK,SWAR,STRM) (at offsets specified in FAT) |
| DS Sound Files - SSEQ (Sound Sequence) |
000h 4 ID "SSEQ" ;\ 004h 2 Byte Order (FEFFh) ; 006h 2 Version (0100h) ; Main header 008h 4 Total Filesize ; 00Ch 2 Header Size (usually 10h) ; 00Eh 2 Number of Blocks (usually 1 = DATA) ;/ 010h 4 ID "DATA" ;\ 014h 4 Total Filesize, minus 10h ; Sub header 018h 4 Offset to data (from SSEQ+0) (1Ch) ;/ 01Ch .. Arrays of sequence data.. ;- |
cycle variable action 1 0 Add 160 2 160 Add 160 3 320 Subtract 240, process once, add 160 4 240 Subtract 240, process once, add 160 5 160 Add 160 6 320 Subtract 240, process once, add 160 7 240 Subtract 240, process once, add 160 8 160 Add 160 |
ID Parameter Description
00h-7Fh Velocity: 1 byte [0..127]
Duration: Variable Length
NOTE-ON. Duration is expressed in tick.
48 for quartet note.
Usually it is NOT a multiple of 3.
80h Duration: Variable Length
REST. It tells the SSEQ-sequencer to wait for
a certain tick. Usually it is a multiple of 3.
81h Bank & Program Number:
Variable Length
bits[0..7] is the program number,
bits[8..14] is the bank number.
Bank change is seldomly found,
so usually bank 0 is used.
FEh 2 bytes Indicates which tracks are used.
Bit0 for track 0, ... Bit15 for track 15.
If the bit is set, the corresponding track is used.
Indication begin of multitrack. Must be in the
beginning of the first track to work. A series
of event 0x93 follows.
93h 4 bytes 1st byte is track number [0..15]
The other 3 bytes are the relative adress of track data.
Add nDataOffset (usually 0x1C) to find out the absolute address.
SSEQ is similar to MIDI in that track data are
stored one after one track. Unlike mod music.
94h JUMP Address: 3 bytes
(Add nDataOffset (usually 0x1C) to find out the absolute address.)
JUMP. A jump must be backward. So that the
song will loop forever.
95h CALL Address: 3 bytes
(Add nDataOffset (usually 0x1C) to find out the absolute address.)
A0h-BFh See loveemu's sseq2mid for more details.
Some arithmetic operations / comparions.
Affect how SSEQ is to be played.
C0h 1 byte PAN (0..127, middle is 64, uh?)
C1h 1 byte VOLUME (0..127)
C2h 1 byte MASTER VOLUME (0..127)
C3h 1 byte TRANSPOSE (Channel Coarse Tuning) (0..64 = 64..128 in MIDI)
C4h 1 byte PITCH BEND
C5h 1 byte PITCH BEND RANGE
C6h 1 byte TRACK PRIORITY
C7h 1 byte MONO/POLY (0=Poly, 1=Mono)
C8h 1 byte TIE (unknown) (0=Off, 1=On)
C9h 1 byte PORTAMENTO CONTROL
CAh 1 byte MODULATION DEPTH (0=Off, 1=On)
CBh 1 byte MODULATION SPEED
CCh 1 byte MODULATION TYPE (0=Pitch, 1=Volume, 2=Pan)
CDh 1 byte MODULATION RANGE
CEh 1 byte PORTAMENTO ON/OFF
CFh 1 byte PORTAMENTO TIME
D0h 1 byte ATTACK RATE
D1h 1 byte DECAY RATE
D2h 1 byte SUSTAIN RATE
D3h 1 byte RELEASE RATE
D4h 1 byte LOOP START (how many times to be looped)
D5h 1 byte EXPRESSION
D6h 1 byte PRINT VARIABLE (unknown)
E0h 2 byte MODULATION DELAY
E1h 2 byte TEMPO
E3h 2 byte SWEEP PITCH
FCh - LOOP END (for LOOP START)
FDh - RETURN from CALL command
FFh - EOT: End Of Track
|
| DS Sound Files - SSAR (Sound Sequence Archive) |
000h 4 ID "SSAR" ;\ 004h 2 Byte Order (FEFFh) ; 006h 2 Version (0100h) ; Main header 008h 4 Total Filesize ; 00Ch 2 Header Size (usually 10h) ; 00Eh 2 Number of Blocks (usually 1 = DATA) ;/ 010h 4 ID "DATA" ;\ 014h 4 Total Filesize, minus 10h ; 018h 4 Offset to data (from SSAR+0) (20h+N*0Ch) ; Sub header 01Ch 4 Number of records ; 020h N*0Ch Records (12 bytes each) ;/ .. .. data... unknown content? alike SSEQ? ;- |
000h 4 nOffset ;relative offset of the archived SEQ file,
absolute offset = nOffset + SSAR::nDataOffset
004h 2 bnk ;bank
006h 1 vol ;volume
007h 1 cpr ;channel pressure
008h 1 ppr ;polyphonic pressure
009h 1 ply ;play
00Ah 2 reserved (0)
|
data... unknown content? alike SSEQ? |
| DS Sound Files - SBNK (Sound Bank) |
000h 4 ID "SBNK" ;\ 004h 2 Byte Order (FEFFh) ; 006h 2 Version (0100h) ; Main header 008h 4 Total Filesize ; 00Ch 2 Header Size (usually 10h) ; 00Eh 2 Number of Blocks (usually 1 = DATA) ;/ 010h 4 ID "DATA" ;\ 014h 4 Total Filesize, minus 10h ; 018h 20h Reserved (0) (for use at runtime) ; Sub header 038h 4 Number of Instruments (SWAV's) ; 03Ch N*4 Instrument Records (1+2+1 bytes per instr.) ;/ ... .. Instrument Data (depending of above records) ;- |
000h 1 fRecord ;can be either 0, 1..4, 16 or 17 001h 2 nOffset ;absolute offset of the data in file ;uh, misaligned? 003h 1 Reserved (0) |
00h 10 SWAV, SWAR, Note, Attack, Decay, Sustain, Release, Pan |
00h 1 Lower note (0..127) ;eg. 10 ;\notes 10..20 01h 1 Upper note (0..127) ;eg. 20 ;/ 02h+N*12 2 Unknown (usually 0001h) 04h+N*12 10 SWAV, SWAR, Note, Attack, Decay, Sustain, Release, Pan |
00h 1 End of 1st region (0..127) ;eg. 25 = notes 0..25 01h 1 End of 2nd region (0..127) ;eg. 35 = notes 26..35 02h 1 End of 3rd region (0..127) ;eg. 45 = notes 36..45 03h 1 End of 4th region (0..127) ;eg. 55 = notes 46..55 04h 1 End of 5th region (0..127) ;eg. 65 = notes 56..65 05h 1 End of 6th region (0..127) ;eg. 127 = notes 66..last 06h 1 End of 7th region (0..127) ;eg. 0 = none 07h 1 End of 8th region (0..127) ;eg. 0 = none 08h+N*12 2 Unknown (usually 0001h) 08h+N*12 10 SWAV, SWAR, Note, Attack, Decay, Sustain, Release, Pan |
00h 2 SWAV Number the swav used 02h 2 SWAR Mumber the swar used (see Info Block --> "BANK Info Entry") 04h 1 Note Number (0..127) 05h 1 Attack Rate (0..127, 127=fast) 06h 1 Decay Rate (0..127, 127=fast) 07h 1 Sustain Level (0..127, 127=stay at max, no decay) 08h 1 Release Rate (0..127, 127=fast) 09h 1 Pan (0..127, 64=middle) (uh, what=left, what=right?) |
. <-- max level (127)
/ \
/ \
/ '---------. <-- sustain level (0..127)
/ \
/ \
-----'---------------------'-- <-- min level (0)
Attack Decay Sustain Release
|
"The SEQ Player treats 0 as the 100% amplitude value and -92544 (723*128) as the 0% amplitude value. The starting ampltitude is 0% (-92544)." uh? |
"During the attack phase, in each cycle, the SSEQ Player calculates the new amplitude value: amplitude value = attack rate * amplitude value / 255. The attack phase stops when amplitude reaches 0." THAT IS... NON-LINEAR attack? |
"During the decay phase, in each cycle, the SSEQ Player calculates the new amplitude value: amplitude value = amplitude value - decay rate. Note the starting amplitude value is 0. The decay phase stops when amplitude reaches sustain level." THAT IS... LINEAR decay/release? |
| DS Sound Files - SWAR (Sound Wave Archive) |
000h 4 ID "SWAR" ;\ 004h 2 Byte Order (FEFFh) ; 006h 2 Version (0100h) ; Main header 008h 4 Total Filesize (including SWAV's) ; 00Ch 2 Header Size (usually 10h) ; 00Eh 2 Number of Blocks (usually 1 = DATA) ;/ 010h 4 ID "DATA" ;\ 014h 4 Total Filesize, minus 10h ; 018h 20h Reserved (0) (for use at runtime) ; Sub header 038h 4 Number of SWAV sample blocks ; 03Ch N*4 Offsets to Sample blocks (from SWAR+0) ;/ .. .. Sample blocks... starting with Type (0=PCM8, 1=PCM16, 2=IMA-ADPCM) |
| DS Sound Files - SWAV (Sound Wave Data) |
000h 4 ID "SWAV" ;\ 004h 2 Byte Order (FEFFh) ; 006h 2 Version (0100h) ; Main header 008h 4 Total Filesize ; 00Ch 2 Header Size (usually 10h) ; 00Eh 2 Number of Blocks (usually 1 = DATA) ;/ 010h 4 ID "DATA" ;\Sub header 014h 4 Total Filesize, minus 10h ;/ 018h .. Sample block (see below) |
000h 1 WaveType (0=PCM8, 1=PCM16, 2=IMA-ADPCM)
001h 1 Loop flag = TRUE|FALSE ;uh?
002h 2 Sampling Rate
004h 2 Time (ARM7_CLOCK / nSampleRate)
[ARM7_CLOCK: 33.513982MHz/2 = 1.6756991 E +7]
006h 2 Loop Offset, in 4-byte units
008h 4 Sound Length, in 4-byte units (exluding ADPCM header, if any)
00Ch ... Data... (samples) (with 32bit header in case of ADPCM)
|
| DS Sound Files - STRM (Sound Wave Stream) |
000h 4 ID "STRM" ;\
004h 2 Byte Order (FEFFh) ;
006h 2 Version (0100h) ; Main header
008h 4 Total Filesize ;
00Ch 2 Header Size (usually 10h) ;
00Eh 2 Number of Blocks (usually 2 = HEAD+DATA) ;/
010h 4 ID "HEAD" ;\
014h 4 Size of HEAD structure (uh, this is... 50h?) ;
018h 1 Type (0=PCM8, 1=PCM16, 2=IMA-ADPCM) ; Sub header
019h 1 Loop flag (?=TRUE|FALSE) ;uh? ;
01Ah 1 Channels (?=What) ;mono/stereo? ;
01Bh 1 Unknown (always 0) ;
01Ch 2 Sampling Rate (perhaps resampled from original) ;
01Eh 2 Time (1.0 / rate * ARM7_CLOCK / 32) ;
[ARM7_CLOCK: 33.513982MHz/2 = 1.6756991e7] ;
020h 4 Loop Offset (samples) ;
024h 4 Number of Samples ;
028h 4 Wave Data Offset (always 68h) ;
02Ch 4 Number of Blocks (per what?) ;
030h 4 Block Length (per Channel) ;
034h 4 Samples Per Block (per Channel) ;
038h 4 Last Block Length (per Channel) ;
03Ch 4 Samples Per Last Block (per Channel) ;
040h 20h Reserved (always 0) ;/
060h 4 ID "DATA" ;\Data header
064h 4 Data Size (8+N ?) ;/
068h N Wave Data blocks... ;-Sample data
|
| DS System and Built-in Peripherals |
| DS DMA Transfers |
0 Start Immediately 1 Start at V-Blank 2 Start at H-Blank (paused during V-Blank) 3 Synchronize to start of display 4 Main memory display 5 DS Cartridge Slot 6 GBA Cartridge Slot 7 Geometry Command FIFO |
0 Start Immediately 1 Start at V-Blank 2 DS Cartridge Slot 3 DMA0/DMA2: Wireless interrupt, DMA1/DMA3: GBA Cartridge Slot |
Bit0-31 Filldata |
| DS Timers |
| DS Interrupts |
0 Disable all interrupts (0=Disable All, 1=See IE register) 1-31 Not used |
0 LCD V-Blank 1 LCD H-Blank 2 LCD V-Counter Match 3 Timer 0 Overflow 4 Timer 1 Overflow 5 Timer 2 Overflow 6 Timer 3 Overflow 7 NDS7 only: SIO/RCNT/RTC (Real Time Clock) 8 DMA 0 9 DMA 1 10 DMA 2 11 DMA 3 12 Keypad 13 GBA-Slot (external IRQ source) / DSi: None such 14 Not used / DSi9: NDS-Slot Card change? 15 Not used / DSi: dito for 2nd NDS-Slot? 16 IPC Sync 17 IPC Send FIFO Empty 18 IPC Recv FIFO Not Empty 19 NDS-Slot Game Card Data Transfer Completion 20 NDS-Slot Game Card IREQ_MC 21 NDS9 only: Geometry Command FIFO 22 NDS7 only: Screens unfolding 23 NDS7 only: SPI bus 24 NDS7 only: Wifi / DSi9: XpertTeak DSP 25 Not used / DSi9: Camera 26 Not used / DSi9: Undoc, IF.26 set on FFh-filling 40021Axh 27 Not used / DSi: Maybe IREQ_MC for 2nd gamecard? 28 Not used / DSi: NewDMA0 29 Not used / DSi: NewDMA1 30 Not used / DSi: NewDMA2 31 Not used / DSi: NewDMA3 ? DSi7: any further new IRQs on ARM7 side... in bit13-15,21,25-26? |
0 DSi7: GPIO18[0] ;\ 1 DSi7: GPIO18[1] ; maybe 1.8V signals? 2 DSi7: GPIO18[2] ;/ 3 DSi7: Unused (0) 4 DSi7: GPIO33[0] unknown (related to "GPIO330" testpoint on mainboard?) 5 DSi7: GPIO33[1] Headphone connect (HP#SP) (static state) 6 DSi7: GPIO33[2] Powerbutton interrupt (short pulse upon key-down) 7 DSi7: GPIO33[3] sound enable output (ie. not a useful irq-input) 8 DSi7: SD/MMC Controller ;-Onboard eMMC and External SD Slot 9 DSi7: SD Slot Data1 pin ;-For SDIO hardware in External SD Slot 10 DSi7: SDIO Controller ;\Atheros Wifi Unit 11 DSi7: SDIO Data1 pin ;/ 12 DSi7: AES interrupt 13 DSi7: I2C interrupt 14 DSi7: Microphone Extended interrupt 15-31 DSi7: Unused (0) |
Bit 0-31 Pointer to IRQ Handler |
Bit 0-31 IRQ Flags (same format as IE/IF registers) |
| DS Maths |
0-1 Division Mode (0-2=See below) (3=Reserved; same as Mode 1) 2-13 Not used 14 Division by zero (0=Okay, 1=Division by zero error; 64bit Denom=0) 15 Busy (0=Ready, 1=Busy) (Execution time see below) 16-31 Not used |
Mode Numer / Denom = Result, Remainder ; Cycles 0 32bit / 32bit = 32bit , 32bit ; 18 clks 1 64bit / 32bit = 64bit , 32bit ; 34 clks 2 64bit / 64bit = 64bit , 64bit ; 34 clks |
DIV0 --> REMAIN=NUMER, RESULT=+/-1 (with sign opposite of NUMER) -MAX/-1 --> RESULT=-MAX (instead +MAX) |
0 Mode (0=32bit input, 1=64bit input) 1-14 Not used 15 Busy (0=Ready, 1=Busy) (Execution time is 13 clks, in either Mode) 16-31 Not used |
| DS Inter Process Communication (IPC) |
Bit Dir Expl. 0-3 R Data input from IPCSYNC Bit8-11 of remote CPU (00h..0Fh) 4-7 - Not used 8-11 R/W Data output to IPCSYNC Bit0-3 of remote CPU (00h..0Fh) 12 - Not used 13 W Send IRQ to remote CPU (0=None, 1=Send IRQ) 14 R/W Enable IRQ from remote CPU (0=Disable, 1=Enable) 15-31 - Not used |
Bit Dir Expl. 0 R Send Fifo Empty Status (0=Not Empty, 1=Empty) 1 R Send Fifo Full Status (0=Not Full, 1=Full) 2 R/W Send Fifo Empty IRQ (0=Disable, 1=Enable) 3 W Send Fifo Clear (0=Nothing, 1=Flush Send Fifo) 4-7 - Not used 8 R Receive Fifo Empty (0=Not Empty, 1=Empty) 9 R Receive Fifo Full (0=Not Full, 1=Full) 10 R/W Receive Fifo Not Empty IRQ (0=Disable, 1=Enable) 11-13 - Not used 14 R/W Error, Read Empty/Send Full (0=No Error, 1=Error/Acknowledge) 15 R/W Enable Send/Receive Fifo (0=Disable, 1=Enable) 16-31 - Not used |
Bit0-31 Send Fifo Data (max 16 words; 64bytes) |
Bit0-31 Receive Fifo Data (max 16 words; 64bytes) |
| DS Keypad |
0 Button X (0=Pressed, 1=Released) 1 Button Y (0=Pressed, 1=Released) 3 DEBUG button (0=Pressed, 1=Released/None such) 6 Pen down (0=Pressed, 1=Released/Disabled) (always 0 in DSi mode) 7 Hinge/folded (0=Open, 1=Closed) 2,4,5 Unknown / set 8..15 Unknown / zero |
| DS Absent Link Port |
NDS7 4000128h SIOCNT Bit15 "CKUP" New Bit in NORMAL/MULTI/UART mode (R/W) NDS7 4000128h SIOCNT Bit14 "N/A" Removed IRQ Bit in UART mode (?) NDS7 400012Ah SIOCNT_H Bit14 "TFEMP" New Bit (R/W) NDS7 400012Ah SIOCNT_H Bit15 "RFFUL" New Bit (always zero?) NDS7 400012Ch SIOSEL Bit0 "SEL" New Bit (always zero?) NDS7 4000140h JOYCNT Bit7 "MOD" New Bit (R/W) |
NDS9 4000120h SIODATA32 Bit0-31 Data (always zero?) NDS9 4000128h SIOCNT Bit2 "TRECV" New Bit (always zero?) NDS9 4000128h SIOCNT Bit3 "TSEND" New Bit (always zero?) NDS9 400012Ch SIOSEL Bit0 "SEL" New Bit (always zero?) |
| DS Real-Time Clock (RTC) |
Bit Expl. 0 Data I/O (0=Low, 1=High) 1 Clock Out (0=Low, 1=High) 2 Select Out (0=Low, 1=High/Select) 4 Data Direction (0=Read, 1=Write) 5 Clock Direction (should be 1=Write) 6 Select Direction (should be 1=Write) 3,8-11 Unused I/O Lines 7,12-15 Direction for Bit3,8-11 (usually 0) 16-31 Not used |
Init CS=LOW and /SCK=HIGH, and wait at least 1us Switch CS=HIGH, and wait at least 1us Send the Command byte (see bit-transfer below) Send/receive Parameter byte(s) associated with the command (see below) Switch CS to LOW |
Output /SCK=LOW and SIO=databit (when writing), then wait at least 5us Output /SCK=HIGH, wait at least 5us, then read SIO=databit (when reading) In either direction, data is output on (or immediately after) falling edge. |
Command Register
Fwd Rev
0 7 Fixed Code (must be 0)
1 6 Fixed Code (must be 1)
2 5 Fixed Code (must be 1)
3 4 Fixed Code (must be 0, or, DSi only: 1=Extended Command)
4-6 3-1 Command
Fwd Rev Parameter bytes (read/write access)
0 0 1 byte, status register 1
4 1 1 byte, status register 2
2 2 7 bytes, date & time (year,month,day,day_of_week,hh,mm,ss)
6 3 3 bytes, time (hh,mm,ss)
1* 4* 1 byte, int1, frequency duty setting
1* 4* 3 bytes, int1, alarm time 1 (day_of_week, hour, minute)
5 5 3 bytes, int2, alarm time 2 (day_of_week, hour, minute)
3 6 1 byte, clock adjustment register
7 7 1 byte, free register
Extended command (when above "fourth bit" was set, DSi only)
Fwd Rev Parameter bytes (read/write access)
0 0 3 byte, up counter (msw,mid,lsw) (read only)
4 1 1 byte, FOUT register setting 1
2 2 1 byte, FOUT register setting 2
6 3 reserved
1 4 3 bytes, alarm date 1 (year,month,day)
5 5 3 bytes, alarm date 2 (year,month,day)
3 6 reserved
7 7 reserved
7 0 Parameter Read/Write Access (0=Write, 1=Read)
|
Status Register 1
0 W Reset (0=Normal, 1=Reset)
1 R/W 12/24 hour mode (0=12 hour, 1=24 hour)
2-3 R/W General purpose bits
4 R Interrupt 1 Flag (1=Yes) ;auto-cleared on read
5 R Interrupt 2 Flag (1=Yes) ;auto-cleared on read
6 R Power Low Flag (0=Normal, 1=Power is/was low) ;auto-cleared on read
7 R Power Off Flag (0=Normal, 1=Power was off) ;auto-cleared on read
Power off indicates that the battery was removed or fully discharged,
all registers are reset to 00h (or 01h), and must be re-initialized.
Status Register 2
0-3 R/W INT1 Mode/Enable
0000b Disable
0x01b Selected Frequency steady interrupt
0x10b Per-minute edge interrupt
0011b Per-minute steady interrupt 1 (duty 30.0 seconds)
0100b Alarm 1 interrupt
0111b Per-minute steady interrupt 2 (duty 0.0079 seconds)
1xxxb 32kHz output
4-5 R/W General purpose bits
6 R/W INT2 Enable
0b Disable
1b Alarm 2 interrupt
7 R/W Test Mode (0=Normal, 1=Test, don't use) (cleared on Reset)
Clock Adjustment Register (to compensate oscillator inaccuracy)
0-7 R/W Adjustment (00h=Normal, no adjustment)
Free Register
0-7 R/W General purpose bits
|
Year Register
0-7 R/W Year (BCD 00h..99h = 2000..2099)
Month Register
0-4 R/W Month (BCD 01h..12h = January..December)
5-7 - Not used (always zero)
Day Register
0-5 R/W Day (BCD 01h..28h,29h,30h,31h, range depending on month/year)
6-7 - Not used (always zero)
Day of Week Register (septenary counter)
0-2 R/W Day of Week (00h..06h, custom assignment, usually 0=Monday?)
3-7 - Not used (always zero)
|
Hour Register
0-5 R/W Hour (BCD 00h..23h in 24h mode, or 00h..11h in 12h mode)
6 * AM/PM (0=AM before noon, 1=PM after noon)
* 24h mode: AM/PM flag is read only (PM=1 if hour = 12h..23h)
* 12h mode: AM/PM flag is read/write-able
* 12h mode: Observe that 12 o'clock is defined as 00h (not 12h)
7 - Not used (always zero)
Minute Register
0-6 R/W Minute (BCD 00h..59h)
7 - Not used (always zero)
Second Register
0-6 R/W Minute (BCD 00h..59h)
7 - Not used (always zero)
|
Alarm1 and Alarm2 Day of Week Registers (INT1 and INT2 each)
0-2 R/W Day of Week (00h..06h)
3-6 - Not used (always zero)
7 R/W Compare Enable (0=Alarm every day, 1=Alarm only at specified day)
Alarm1 and Alarm2 Hour Registers (INT1 and INT2 each)
0-5 R/W Hour (BCD 00h..23h in 24h mode, or 00h..11h in 12h mode)
6 R/W AM/PM (0=AM, 1=PM) (must be correct even in 24h mode?)
7 R/W Compare Enable (0=Alarm every hour, 1=Alarm only at specified hour)
Alarm1 and Alarm2 Minute Registers (INT1 and INT2 each)
0-6 R/W Minute (BCD 00h..59h)
7 R/W Compare Enable (0=Alarm every min, 1=Alarm only at specified min)
Selected Frequency Steady Interrupt Register (INT1 only) (when Stat2/Bit2=0)
0 R/W Enable 1Hz Frequency (0=Disable, 1=Enable)
1 R/W Enable 2Hz Frequency (0=Disable, 1=Enable)
2 R/W Enable 4Hz Frequency (0=Disable, 1=Enable)
3 R/W Enable 8Hz Frequency (0=Disable, 1=Enable)
4 R/W Enable 16Hz Frequency (0=Disable, 1=Enable)
The signals are ANDed when two or more frequencies are enabled,
ie. the /INT signal gets LOW when either of the signals is LOW.
5-7 R/W General purpose bits
|
Up Counter Msw
0-7 R Up Counter bit16-23 (non-BCD, 00h..FFh)
Up Counter Mid
0-7 R Up Counter bit8-15 (non-BCD, 00h..FFh)
Up Counter Lsw
0-7 R Up Counter bit0-7 (non-BCD, 00h..FFh)
|
Alarm 1 and Alarm 2 Year Register
0-7 R/W Year (BCD 00h..99h = 2000..2099)
Alarm 1 and Alarm 2 Month Register
0-4 R/W Month (BCD 01h..12h = January..December)
5 - Not used (always zero)
6 R/W Year Compare Enable (0=Ignore, 1=Enable)
7 R/W Month Compare Enable (0=Ignore, 1=Enable)
Alarm 1 and Alarm 2 Day Register
0-5 R/W Day (BCD 01h..28h,29h,30h,31h, range depending on month/year)
6 - Not used (always zero)
7 R/W Day Compare Enable (0=Ignore, 1=Enable)
|
FOUT Register Setting 1
0-7 R/W Enable bits (bit0=256Hz, bit1=512Hz, ..., bit7=32768Hz)
FOUT Register Setting 2
0-7 R/W Enable bits (bit0=1Hz, bit1=2Hz, ..., bit7=128Hz)
The above sixteen FOUT signals are ANDed when two or more frequencies are
enabled, ie. the FOUT signal gets LOW when either of the signals is LOW.
|
1 /INT 8 VDD 2 XOUT 7 SIO 3 XIN 6 /SCK 4 GND 5 CS |
| DS Serial Peripheral Interface Bus (SPI) |
0-1 Baudrate (0=4MHz/Firmware, 1=2MHz/Touchscr, 2=1MHz/Powerman., 3=512KHz) 2 DSi: Baudrate MSB (4=8MHz, 5..7=None/0Hz) (when SCFG_EXT7.bit9=1) 2 NDS: Not used (Zero) 3-6 Not used (Zero) 7 Busy Flag (0=Ready, 1=Busy) (presumably Read-only) 8-9 Device Select (0=Powerman., 1=Firmware, 2=Touchscr, 3=Reserved) 10 Transfer Size (0=8bit/Normal, 1=16bit/Bugged) 11 Chipselect Hold (0=Deselect after transfer, 1=Keep selected) 12-13 Not used (Zero) 14 Interrupt Request (0=Disable, 1=Enable) 15 SPI Bus Enable (0=Disable, 1=Enable) |
0-7 Data 8-15 Not used (always zero, even in bugged-16bit mode) |
| DS Touch Screen Controller (TSC) |
0-1 Power Down Mode Select 2 Reference Select (0=Differential, 1=Single-Ended) 3 Conversion Mode (0=12bit, max CLK=2MHz, 1=8bit, max CLK=3MHz) 4-6 Channel Select (0-7, see below) 7 Start Bit (Must be set to access Control Byte) |
0 Temperature 0 (requires calibration, step 2.1mV per 1'C accuracy) 1 Touchscreen Y-Position (somewhat 0B0h..F20h, or FFFh=released) 2 Battery Voltage (not used, connected to GND in NDS, always 000h) 3 Touchscreen Z1-Position (diagonal position for pressure measurement) 4 Touchscreen Z2-Position (diagonal position for pressure measurement) 5 Touchscreen X-Position (somewhat 100h..ED0h, or 000h=released) 6 AUX Input (connected to Microphone in the NDS) 7 Temperature 1 (difference to Temp 0, without calibration, 2'C accuracy) |
Mode /PENIRQ VREF ADC Recommended use 0 Enabled Auto Auto Differential Mode (Touchscreen, Penirq) 1 Disabled Off On Single-Ended Mode (Temperature, Microphone) 2 Enabled On Off Don't use 3 Disabled On On Don't use |
scr.x = (adc.x-adc.x1) * (scr.x2-scr.x1) / (adc.x2-adc.x1) + (scr.x1-1) scr.y = (adc.y-adc.y1) * (scr.y2-scr.y1) / (adc.y2-adc.y1) + (scr.y1-1) |
Rtouch = (Rx_plate*Xpos*(Z2pos/Z1pos-1))/4096 Rtouch = (Rx_plate*Xpos*(4096/Z1pos-1)-Ry_plate*(1-Ypos))/4096 |
touchval = Xpos*(Z2pos/Z1pos-1) |
K = (CAL.TP0-ADC.TP0) * 0.4 + CAL.KELVIN |
K = (ADC.TP1-ADC.TP0) * 8568 / 4096 |
Celsius: C = (K-273.15) Fahrenheit: F = (K-273.15)*9/5+32 Reaumur: R = (K-273.15)*4/5 Rankine: X = (K)*9/5 |
________
VCC 1|o |16 DCLK
X+ 2| |15 /CS
Y+ 3| TSC |14 DIN
X- 4| 2046 |13 BUSY
Y- 5| |12 DOUT
GND 6| |11 /PENIRQ
VBAT 7| |10 IOVDD
AUX 8|________|9 VREF
|
| DS Power Control |
0 Enable Flag for both LCDs (0=Disable) (Prohibited, see notes) 1 2D Graphics Engine A (0=Disable) (Ports 008h-05Fh, Pal 5000000h) 2 3D Rendering Engine (0=Disable) (Ports 320h-3FFh) 3 3D Geometry Engine (0=Disable) (Ports 400h-6FFh) 4-8 Not used 9 2D Graphics Engine B (0=Disable) (Ports 1008h-105Fh, Pal 5000400h) 10-14 Not used 15 Display Swap (0=Send Display A to Lower Screen, 1=To Upper Screen) 16-31 Not used |
Bit Expl. 0 Sound Speakers (0=Disable, 1=Enable) (Initial setting = 1) 1 Wifi (0=Disable, 1=Enable) (Initial setting = 0) 2-31 Not used |
Bit Expl. 0-1 WS0 nonsequential time (0-3 = 10, 8, 6, 18 cycles) ;\4800000h-4807FFFh 2 WS0 sequential time (0-1 = 6, 4 cycles) ;/ (used for RAM) 3-4 WS1 nonsequential time (0-3 = 10, 8, 6, 18 cycles) ;\4808000h-480FFFFh 5 WS1 sequential time (0-1 = 10, 4 cycles) ;/ (used for I/O) 6-15 Not used (zero) |
Bit Expl. 0-5 Not used (zero) 6-7 Power Down Mode (0=No function, 1=Enter GBA Mode, 2=Halt, 3=Sleep) |
Bit Expl. 0 Post Boot Flag (0=Boot in progress, 1=Boot completed) 1 NDS7: Not used (always zero), NDS9: Bit1 is read-writeable 2-7 Not used (always zero) |
| DS Power Management Device |
Index Register
Bit0-6 Register Select (0..3) (0..4 for DS-Lite) (0..7Fh for DSi)
Bit7 Register Direction (0=Write, 1=Read)
Register 0 - Powermanagement Control (R/W)
Bit0 Sound Amplifier Enable (0=Disable, 1=Enable)
(Old-DS: Disabled: Sound is very silent, but still audible)
(DS-Lite: Disabled: Sound is NOT audible)
(DSi in NDS Mode: R/W, but effect is unknown yet)
(DSi in DSi Mode: Not used, Bit0 is always 1)
Bit1 Sound Amplifier Mute (0=Normal, 1=Mute) (Old-DS Only, not DS-Lite)
(Old-DS: Muted: Sound is NOT audible, that works only if Bit0=1)
(DS-Lite: Not used, Bit1 is always zero)
(DSi in NDS Mode: R/W, but effect is unknown yet)
(DSi in DSi Mode: R/W, but effect is unknown yet)
Bit2 Lower Backlight (0=Disable, 1=Enable)
Bit3 Upper Backlight (0=Disable, 1=Enable)
Bit4 Power LED Blink Enable (0=Always ON, 1=Blinking OFF/ON)
Bit5 Power LED Blink Speed (0=Slow, 1=Fast) (only if Blink enabled)
(DSi: Power LED Blinking isn't supported, neither in NDS nor DSi mode)
Bit6 DS System Power (0=Normal, 1=Shut Down)
Bit7 Not used (always 0)
Register 1 - Battery Status (R)
Bit0 Battery Power LED Status (0=Power Good/Green, 1=Power Low/Red)
(DSi: Usually 0, not tested if it changes upon Power=Low)
Bit1-7 Not used
Register 2 - Microphone Amplifier Control (R/W)
Bit0 Amplifier (0=Disable, 1=Enable)
Bit1-7 Not used (always 0)
(DSi in NDS Mode: looks same as NDS, ie. only bit0 is R/W)
(DSi in DSi Mode: Not used, always FFh)
Register 3 - Microphone Amplifier Gain Control (R/W)
Bit0-1 Gain (0..3=Gain 20, 40, 80, 160)
Bit2-7 Not used (always 0)
(DSi in NDS Mode: looks same as NDS, ie. only bit0-1 are R/W)
(DSi in DSi Mode: Not used, always FFh)
Register 4 - DS-Lite and DSi Only - Backlight Levels/Power Source (R/W)
Bit0-1 Backlight Brightness (0..3=Low,Med,High,Max) (R/W)
(when bit2+3 are both set, then reading bit0-1 always returns 3)
Bit2 Force Max Brightness when Bit3=1 (0=No, 1=Yes) (R/W)
Bit3 External Power Present (0=No, 1=Yes) (Read-Only)
Bit4-7 Unknown (Always 4) (Read-Only)
(DSi in NDS Mode: looks same as in DSi mode)
(DSi in DSi Mode: Bit0-1 are R/W, but ignored, bit2-3 are always 0)
Register 10h - DSi Only - Backlight Mirrors & Reset (R/W)
Bit0 Reset (0=No, 1=Reboot DSi) (same/similar as BPTWL reset feature?)
Bit1 Unknown (R/W) (note: whatever it is, it isn't warmboot flag)
Bit2-3 Mirror of Register 0, bit2-3 (backlight enable bits) (R/W)
Bit4-7 Not used (always 0)
Bit5 Not used (always 0) - but DSi bootrom sets that bit on boot error?
(This register works in NDS mode and DSi mode, though it's mainly intended
for NDS mode, eg. DS Download Play uses the Reset bit to return to DSi menu)
(note: writing bit2 seems to affect BOTH bit1 and bit2 in register 0)
Register 1Fh and 20h - DSi Only (?)
DSi bootrom sets register 1Fh and 20h bit0-4 to value 1Fh on boot error,
unknown purpose, seems to have no effect, maybe prototype backlight level?
|
| DS Main Memory Control |
LDRH R0,[27FFFFEh] ;read one value STRH R0,[27FFFFEh] ;write should be same value as above STRH R0,[27FFFFEh] ;write should be same value as above STRH R0,[27FFFFEh] ;write any value STRH R0,[27FFFFEh] ;write any value LDRH R0,[2400000h+CR*2] ;read, address-bits are defining new CR value |
Bit Expl.
0-6 Reserved (Must be 7Fh)
7 Write Control
0=WE Single Clock Pulse Control without Write Suspend Function
1=WE Level Control with Write Suspend Function)
Burst Read/Single Write is not supported at WE Single Clock Mode.
8 Reserved (Must be 1)
9 Valid Clock Edge (0=Falling Edge, 1=Rising Edge)
10 Single Write (0=Burst Read/Burst Write, 1=Burst Read/Single Write)
11 Burst Sequence (0=Reserved, 1=Sequential)
12-14 Read Latency (1=3 clocks, 2=4 clocks, 3=5 clocks, other=Reserved)
15 Mode
0=Synchronous: Burst Read, Burst Write
1=Asynchronous: Page Read, Normal Write
In Mode 1 (Async), only the Partial Size bits are used,
all other bits, CR bits 0..18, must be "1".
16-18 Burst Length (2=8 Words, 3=16Words, 7=Continous, other=Reserved)
19-20 Partial Size (0=1MB, 1=512KB, 2=Reserved, 3=Deep/0 bytes)
|
STRH 2000h,[4000204h] ;EXMEMCNT, enable RAM, async mode LDRH R0,[27FFFFEh] STRH R0,[27FFFFEh] STRH R0,[27FFFFEh] STRH FFDFh,[27FFFFEh] STRH E732h,[27FFFFEh] LDRH R0,[27E57FEh] STRH 6000h,[4000204h] ;EXMEMCNT, enable RAM, normal mode |
| DS Backwards-compatible GBA-Mode |
--- NDS9: --- ZEROFILL VRAM A,B ;init black screen border (or other color/image) POWCNT=8003h ;enable 2D engine A on upper screen (0003h=lower) EXMEMCNT=... ;set Async Main Memory mode (clear bit14) IME=0 ;disable interrupts SWI 06h ;halt with interrupts disabled (lockdown) --- NDS7: --- POWERMAN.REG0=09h ;enable sound amplifier & upper backlight (05h=lower) IME=0 ;disable interrupts wait for VCOUNT=200 ;wait until VBlank SWI 1Fh with R2=40h ;enter GBA mode, by CustomHalt(40h) |
| DS Debug Registers (Emulator/Devkits) |
4FFFA00h..A0Fh R Emulation ID (16 bytes, eg. "no$gba v2.7", padded with 20h) 4FFFA10h W String Out (raw) 4FFFA14h W String Out (with %param's) 4FFFA18h W String Out (with %param's, plus linefeed) 4FFFA1Ch W Char Out (nocash) 4FFFA20h..A27h R Clock Cycles (64bit) 4FFFA28h..A3Fh - N/A |
4000640h (32bit) ;aka CLIPMTX_RESULT (mis-used to invoke detection) 4000006h (16bit) ;aka VCOUNT (mis-used to get detection result) 4FFF010h (32bit) ;use to initialize/unlock/reset something 4FFF000h (8bit) ;debug message character output (used when Ensata detected) |
[4000640h]=2468ACE0h ;CLIPMTX_RESULT (on real hardware it's read-only)
if ([4000006h] AND 1FFh)=10Eh ;VCOUNT (on real hardware it's 000h..106h)
[4FFF010h]=13579BDFh ;\initialize/reset something
[4FFF010h]=FDB97531h ;/
Ensata=true
else
Ensata=false
endif
|
| DS Cartridges, Encryption, Firmware |
| DS Cartridge Header |
Address Bytes Expl.
000h 12 Game Title (Uppercase ASCII, padded with 00h)
00Ch 4 Gamecode (Uppercase ASCII, NTR-<code>) (0=homebrew)
010h 2 Makercode (Uppercase ASCII, eg. "01"=Nintendo) (0=homebrew)
012h 1 Unitcode (00h=NDS, 02h=NDS+DSi, 03h=DSi) (bit1=DSi)
013h 1 Encryption Seed Select (00..07h, usually 00h)
014h 1 Devicecapacity (Chipsize = 128KB SHL nn) (eg. 7 = 16MB)
015h 7 Reserved (zero filled)
01Ch 1 Reserved (zero) (except, used on DSi)
01Dh 1 NDS Region (00h=Normal, 80h=China, 40h=Korea) (other on DSi)
01Eh 1 ROM Version (usually 00h)
01Fh 1 Autostart (Bit2: Skip "Press Button" after Health and Safety)
(Also skips bootmenu, even in Manual mode & even Start pressed)
020h 4 ARM9 rom_offset (4000h and up, align 1000h)
024h 4 ARM9 entry_address (2000000h..23BFE00h)
028h 4 ARM9 ram_address (2000000h..23BFE00h)
02Ch 4 ARM9 size (max 3BFE00h) (3839.5KB)
030h 4 ARM7 rom_offset (8000h and up)
034h 4 ARM7 entry_address (2000000h..23BFE00h, or 37F8000h..3807E00h)
038h 4 ARM7 ram_address (2000000h..23BFE00h, or 37F8000h..3807E00h)
03Ch 4 ARM7 size (max 3BFE00h, or FE00h) (3839.5KB, 63.5KB)
040h 4 File Name Table (FNT) offset
044h 4 File Name Table (FNT) size
048h 4 File Allocation Table (FAT) offset
04Ch 4 File Allocation Table (FAT) size
050h 4 File ARM9 overlay_offset
054h 4 File ARM9 overlay_size
058h 4 File ARM7 overlay_offset
05Ch 4 File ARM7 overlay_size
060h 4 Port 40001A4h setting for normal commands (usually 00586000h)
064h 4 Port 40001A4h setting for KEY1 commands (usually 001808F8h)
068h 4 Icon/Title offset (0=None) (8000h and up)
06Ch 2 Secure Area Checksum, CRC-16 of [[020h]..00007FFFh]
06Eh 2 Secure Area Delay (in 131kHz units) (051Eh=10ms or 0D7Eh=26ms)
070h 4 ARM9 Auto Load List Hook RAM Address (?) ;\endaddr of auto-load
074h 4 ARM7 Auto Load List Hook RAM Address (?) ;/functions
078h 8 Secure Area Disable (by encrypted "NmMdOnly") (usually zero)
080h 4 Total Used ROM size (remaining/unused bytes usually FFh-padded)
084h 4 ROM Header Size (4000h)
088h 4 Unknown, some rom_offset, or zero? (DSi: slightly different)
08Ch 8 Reserved (zero filled; except, [88h..93h] used on DSi)
094h 2 NAND end of ROM area ;\in 20000h-byte units (DSi: 80000h-byte)
096h 2 NAND start of RW area ;/usually both same address (0=None)
098h 18h Reserved (zero filled)
0B0h 10h Reserved (zero filled; or "DoNotZeroFillMem"=unlaunch fastboot)
0C0h 9Ch Nintendo Logo (compressed bitmap, same as in GBA Headers)
15Ch 2 Nintendo Logo Checksum, CRC-16 of [0C0h-15Bh], fixed CF56h
15Eh 2 Header Checksum, CRC-16 of [000h-15Dh]
160h 4 Debug rom_offset (0=none) (8000h and up) ;only if debug
164h 4 Debug size (0=none) (max 3BFE00h) ;version with
168h 4 Debug ram_address (0=none) (2400000h..27BFE00h) ;SIO and 8MB
16Ch 4 Reserved (zero filled) (transferred, and stored, but not used)
170h 90h Reserved (zero filled) (transferred, but not stored in RAM)
200h E00h Reserved (zero filled) (usually not transferred)
|
Delay,Cmd |
Cmd,Delay,Cmd ;for 2x repeat Cmd,Delay,Cmd,Cmd,Cmd,Cmd,Cmd,Cmd,Cmd,Cmd ;for 9x repeat |
U Unique Code (usually "A", "B", "C", or special meaning) TT Short Title (eg. "PM" for Pac Man) D Destination/Language (usually "J" or "E" or "P" or specific language) |
A NDS common games B NDS common games C NDS common games D DSi-exclusive games H DSiWare (system utilities and browser) (eg. HNGP=browser) I NDS and DSi-enhanced games with built-in Infrared port K DSiWare (dsiware games and flipnote) (eg. KGUV=flipnote) N NDS nintendo channel demo's japan (NTR-NTRJ-JPN) T NDS many games U NDS and DSi uncommon extra hardware (eg. NAND, ram, microSD, TV, azimuth) V DSi-enhanced games Y NDS many games |
Usually an abbreviation of the game title (eg. "PM" for "Pac Man") (unless that gamecode was already used for another game, then TT is just random) |
A Asian E English/USA I Italian M Swedish Q Danish U Australian B N/A F French J Japanese N Nor R Russian V EUR+AUS C Chinese G N/A K Korean O Int S Spanish W..Z Europe #3..5 D German H Dutch L USA #2 P Europe T USA+AUS |
| DS Cartridge Secure Area |
Value Expl. "encryObj" raw ID before encryption (raw ROM-image) (encrypted) encrypted ID after encryption (encrypted ROM-image) "encryObj" raw ID after decryption (verified by BIOS boot code) E7FFDEFFh,E7FFDEFFh destroyed ID (overwritten by BIOS after verify) |
000h..007h Secure Area ID (see above) 008h..00Dh Fixed (FFh,DEh,FFh,E7h,FFh,DEh) 00Eh..00Fh CRC16 across following 7E0h bytes, ie. [010h..7FFh] 010h..7FDh Unknown/random values, mixed with some THUMB SWI calls 7FEh..7FFh Fixed (00h,00h) |
| DS Cartridge Icon/Title |
0000h 2 Version (0001h, 0002h, 0003h, or 0103h)
0002h 2 CRC16 across entries 0020h..083Fh (all versions)
0004h 2 CRC16 across entries 0020h..093Fh (Version 0002h and up)
0006h 2 CRC16 across entries 0020h..0A3Fh (Version 0003h and up)
0008h 2 CRC16 across entries 1240h..23BFh (Version 0103h and up)
000Ah 16h Reserved (zero-filled)
0020h 200h Icon Bitmap (32x32 pix) (4x4 tiles, 4bit depth) (4x8 bytes/tile)
0220h 20h Icon Palette (16 colors, 16bit, range 0000h-7FFFh)
(Color 0 is transparent, so the 1st palette entry is ignored)
0240h 100h Title 0 Japanese (128 characters, 16bit Unicode)
0340h 100h Title 1 English ("")
0440h 100h Title 2 French ("")
0540h 100h Title 3 German ("")
0640h 100h Title 4 Italian ("")
0740h 100h Title 5 Spanish ("")
0840h 100h Title 6 Chinese ("") (Version 0002h and up)
0940h 100h Title 7 Korean ("") (Version 0003h and up)
0A40h 800h Zerofilled (probably reserved for Title 8..15)
|
1240h 1000h Icon Animation Bitmap 0..7 (200h bytes each, format as above) 2240h 100h Icon Animation Palette 0..7 (20h bytes each, format as above) 2340h 80h Icon Animation Sequence (16bit tokens) |
0840h 1C0h Unused/padding (FFh-filled) in Version 0001h 0940h C0h Unused/padding (FFh-filled) in Version 0002h 23C0h 40h Unused/padding (FFh-filled) in Version 0103h |
0001h = Original 0002h = With Chinese Title 0003h = With Chinese+Korean Titles 0103h = With Chinese+Korean Titles and animated DSi icon |
15 Flip Vertically (0=No, 1=Yes) 14 Flip Horizontally (0=No, 1=Yes) 13-11 Palette Index (0..7) 10-8 Bitmap Index (0..7) 7-0 Frame Duration (01h..FFh) (in 60Hz units) |
0000h 2 Version (0103h) 0002h 6 Reserved (zero-filled) 0008h 2 CRC16 across entries 0020h..119Fh (with initial value FFFFh) 000Ah 16h Reserved (zero-filled) 0020h 1000h Icon Animation Bitmap 0..7 (200h bytes each) ;\same format as 1020h 100h Icon Animation Palette 0..7 (20h bytes each) ; in Icon/Title 1120h 80h Icon Animation Sequence (16bit tokens) ;/ 11A0h 2E60h Garbage (random values, maybe due to eMMC decryption) |
| DS Cartridge Protocol |
0000000h-0000FFFh Header (unencrypted) 0001000h-0003FFFh Not read-able (zero filled in ROM-images) 0004000h-0007FFFh Secure Area, 16KBytes (first 2Kbytes with extra encryption) 0008000h-... Main Data Area |
XX00000h XX02FFFh DSi Not read-able (XX00000h=first megabyte after NDS area) XX03000h-XX06FFFh DSi ARM9i Secure Area (usually with modcrypt encryption) XX07000h-... DSi Main Data Area |
Command/Params Expl. Cmd Reply Len -- Unencrypted Load -- 9F00000000000000h Dummy (read HIGH-Z bytes) RAW RAW 2000h 0000000000000000h Get Cartridge Header RAW RAW 200h DSi:1000h 00aaaaaaaa000000h Get Cartridge Header (1T-ROM,NAND)RAW RAW 200h 9000000000000000h 1st Get ROM Chip ID RAW RAW 4 A000000000000000h Get 3DS encryption type (3DS) RAW RAW 4 00aaaaaaaa000000h Unencrypted Data (debug ver only) RAW RAW 200h 3Ciiijjjxkkkkkxxh Activate KEY1 Encryption (NDS) RAW RAW 0 3Diiijjjxkkkkkxxh Activate KEY1 Encryption (DSi) RAW RAW 0 3E00000000000000h Activate 16-byte commands (3DS) RAW RAW 0 -- Secure Area Load -- 4llllmmmnnnkkkkkh Activate KEY2 Encryption Mode KEY1 FIX 910h+0 1lllliiijjjkkkkkh 2nd Get ROM Chip ID KEY1 KEY2 910h+4 xxxxxxxxxxxxxxxxh Invalid - Get KEY2 Stream XOR 00h KEY1 KEY2 910h+... 2bbbbiiijjjkkkkkh Get Secure Area Block (4Kbytes) KEY1 KEY2 910h+10A8h 6lllliiijjjkkkkkh Optional KEY2 Disable KEY1 KEY2 910h+? Alllliiijjjkkkkkh Enter Main Data Mode KEY1 KEY2 910h+0 -- Main Data Load -- B7aaaaaaaa000000h Encrypted Data Read KEY2 KEY2 200h B800000000000000h 3rd Get ROM Chip ID KEY2 KEY2 4 xxxxxxxxxxxxxxxxh Invalid - Get KEY2 Stream XOR 00h KEY2 KEY2 ... B500000000000000h Whatever NAND related? (DSi?) KEY2 KEY2 0 D600000000000000h Whatever NAND related? (DSi?) KEY2 KEY2 4 |
aaaaaaaa 32bit ROM address (command B7 can access only 8000h and up) bbbb Secure Area Block number (0004h..0007h for addr 4000h..7000h) x,xx Random, not used in further commands (DSi: always zero) iii,jjj,llll Random, must be SAME value in further commands kkkkk Random, must be INCREMENTED after FURTHER commands mmm,nnn Random, used as KEY2-encryption seed |
____________ Unencrypted Commands (First Part of Boot Procedure) _____________ |
NDS/MROM --> Read 200h bytes from address 000h NDS/1T-ROM --> Read 200h bytes from address 000h NDS/NAND --> Read 200h bytes from address 000h DSi/MROM --> Read 1000h bytes from address 000h DSi/1T-ROM --> Read 8x200h bytes from address 000h,200h,400h,..,E00h DSi/NAND --> Read 8x200h bytes from address 000h,200h,400h,..,E00h |
1st byte - Manufacturer (eg. C2h=Macronix) (roughly based on JEDEC IDs) 2nd byte - Chip size (00h..7Fh: (N+1)Mbytes, F0h..FFh: (100h-N)*256Mbytes?) 3rd byte - Flags (see below) 4th byte - Flags (see below) |
0 Uses Infrared (but via SPI, unrelated to ROM) (also Jam with the Band) 1 Unknown (set in some 3DS carts) 2-6 Zero 7 Unknown (set in Kingdom Hearts - Re-Coded) |
0-2 Zero 3 NAND flag (0=ROM, 1=NAND) 4 3DS Flag (0=NDS/DSi, 1=3DS) 5 Unknown (0=Normal, 1=Support cmd B5h/D6h) 6 DSi flag (0=NDS/3DS, 1=DSi) (but also set in NDS Walk with Me) 7 Cart Protocol Variant (0=old/smaller MROM, 1=new/bigger 1T-ROM or NAND) |
C2h,07h,00h,00h NDS Macronix 8MB ROM (eg. DS Vision, with microSD slot) AEh,0Fh,00h,00h NDS Noname 16MB ROM (eg. Meine Tierarztpraxis) C2h,0Fh,00h,00h NDS Macronix 16MB ROM (eg. Metroid Demo) C2h,1Fh,00h,00h NDS Macronix 32MB ROM (eg. Over the Hedge) C2h,1Fh,00h,40h DSi Macronix 32MB ROM (eg. Art Academy, TWL-VAAV, SystemFlaw) 80h,3Fh,01h,E0h NDS SanDisk 64MB ROM+Infrared (eg. Walk with Me, NTR-IMWP) AEh,3Fh,00h,E0h DSi Noname 64MB ROM (eg. de Blob 2, TWL-VD2V) C2h,3Fh,00h,00h NDS Macronix 64MB ROM (eg. Ultimate Spiderman) C2h,3Fh,00h,40h DSi Macronix 64MB ROM (eg. Crime Lab, NTR-VAOP) 80h,7Fh,00h,80h NDS SanDisk 128MB ROM (DS Zelda, NTR-AZEP-0) 80h,7Fh,01h,E0h ? SanDisk? 128MB ROM+Infrared (P-letter SoulSilver, IPGE) C2h,7Fh,00h,80h NDS Macronix 128MB ROM (eg. Spirit Tracks, NTR-BKIP) C2h,7Fh,00h,C0h DSi Macronix 128MB ROM (eg. Cooking Coach, TWL-VCKE) ECh,7Fh,00h,88h NDS Samsung 128MB NAND (eg. Warioware D.I.Y., NTR-UORE) ECh,7Fh,01h,88h NDS Samsung 128MB NAND (eg. Jam with the Band, NTR-UXBP) ECh,7Fh,00h,E8h DSi Samsung 128MB NAND (eg. Face Training, TWL-USKV) 80h,FFh,80h,E0h NDS SanDisk? 256MB ROM (Kingdom Hearts - Re-Coded, NTR-BK9P) C2h,FFh,01h,C0h DSi Macronix 256MB ROM+Infrared (eg. P-Letter White) C2h,FFh,00h,80h NDS Macronix 256MB ROM (eg. Band Hero, NTR-BGHP) C2h,FEh,01h,C0h DSi Macronix 512MB ROM+Infrared (eg. P-Letter White 2) C2h,FEh,00h,90h 3DS Macronix probably 512MB? ROM (eg. Sims 3) 45h,FAh,00h,90h 3DS SanDisk? maybe... 1GB? ROM (eg. Starfox) C2h,F8h,00h,90h 3DS Macronix maybe... 2GB? ROM (eg. Kid Icarus) C2h,7Fh,00h,90h 3DS Macronix 128MB ROM CTR-P-AENJ MMinna no Ennichi C2h,FFh,00h,90h 3DS Macronix 256MB ROM CTR-P-AFSJ Pro Yakyuu Famista 2011 C2h,FEh,00h,90h 3DS Macronix 512MB ROM CTR-P-AFAJ Real 3D Bass FishingFishOn C2h,FAh,00h,90h 3DS Macronix 1GB ROM CTR-P-ASUJ Hana to Ikimono Rittai Zukan C2h,FAh,02h,90h 3DS Macronix 1GB ROM CTR-P-AGGW Luigis Mansion 2 ASiA CHT C2h,F8h,00h,90h 3DS Macronix 2GB ROM CTR-P-ACFJ Castlevania - Lords of Shadow C2h,F8h,02h,90h 3DS Macronix 2GB ROM CTR-P-AH4J Monster Hunter 4 AEh,FAh,00h,90h 3DS Noname? 1GB ROM CTR-P-AGKJ Gyakuten Saiban 5 AEh,FAh,00h,98h 3DS Noname? 1GB NAND CTR-P-EGDJ Tobidase Doubutsu no Mori 45h,FAh,00h,90h 3DS SanDisk? 1GB ROM CTR-P-AFLJ Fantasy Life 45h,F8h,00h,90h 3DS SanDisk? 2GB ROM CTR-P-AVHJ Senran Kagura Burst - Guren C2h,F0h,00h,90h 3DS Macronix 4GB ROM CTR-P-ABRJ Biohazard Revelations ?,?,?,? NDS ? ? (eg. Japanese TV Tuner, NTR-UNSJ) 00h,00h,00h,00h Cart Reset Busy (Face Training needs 20ms delay after reset) FFh,FFh,FFh,FFh None (no cartridge inserted) |
1) Command 2bbbbiiijjjkkkkkh loads ARM9i secure area (instead of ARM9 area) 2) Command B7aaaaaaaa000000h allows to read the 'whole' cartridge space |
____________ KEY1 Encrypted Commands (2nd Part of Boot procedure) ____________ |
________________ KEY2 Encrypted Commands (Main Data Transfer) ________________ |
___________________________________ Notes ___________________________________ |
1) Chip ID.Bit31=0 Used by older/smaller carts with up to 64MB ROM 2) Chip ID.Bit31=1 Used by newer/bigger carts with 64MB or more ROM |
| DS Cartridge Backup |
Type Total Size Page Size Chip/Example Game/Example EEPROM 0.5K bytes 16 bytes ST M95040-W (eg. Metroid Demo) EEPROM 8K bytes 32 bytes ST M95640-W (eg. Super Mario DS) EEPROM 64K bytes 128 bytes ST M95512-W (eg. Downhill Jam) EEPROM 128K bytes ? bytes ? (eg. Explorers of Sky) FLASH 256K bytes 256 bytes ST M45PE20 (eg. Skateland) FLASH 256K bytes Sanyo LE25FW203T (eg. Mariokart) FLASH 512K bytes 256 bytes ST M25PE40? (eg. which/any games?) FLASH 512K bytes ST 45PE40V6 (eg. DS Zelda, NTR-AZEP-0) FLASH 1024K bytes ST 45PE80V6 (eg. Spirit Tracks, NTR-BKIP) FLASH 8192K bytes MX25L6445EZNI-10G (Art Academy only, TWL-VAAV) FRAM 8K bytes No limit ? (eg. which/any games?) FRAM 32K bytes No limit Ramtron FM25L256? (eg. which/any games?) |
Type Max Writes per Page Data Retention EEPROM 100,000 40 years FLASH 100,000 20 years FRAM No limit 10 years |
06h WREN Write Enable Cmd, no parameters 04h WRDI Write Disable Cmd, no parameters 05h RDSR Read Status Register Cmd, read repeated status value(s) 01h WRSR Write Status Register Cmd, write one-byte value 9Fh RDID Read JEDEC ID (not supported on EEPROM/FLASH, returns FFh-bytes) |
03h RDLO Read from Memory 000h-0FFh Cmd, addr lsb, read byte(s) 0Bh RDHI Read from Memory 100h-1FFh Cmd, addr lsb, read byte(s) 02h WRLO Write to Memory 000h-0FFh Cmd, addr lsb, write 1..MAX byte(s) 0Ah WRHI Write to Memory 100h-1FFh Cmd, addr lsb, write 1..MAX byte(s) |
03h RD Read from Memory Cmd, addr msb,lsb, read byte(s) 02h WR Write to Memory Cmd, addr msb,lsb, write 1..MAX byte(s) |
As above, but with 24bit addr msb,mid,lsb ? |
0 WIP Write in Progress (1=Busy) (Read only) (always 0 for FRAM chips) 1 WEL Write Enable Latch (1=Enable) (Read only, except by WREN,WRDI) 2-3 WP Write Protect (0=None, 1=Upper quarter, 2=Upper Half, 3=All memory) |
4-7 ONEs Not used (all four bits are always set to "1" each) |
4-6 ZERO Not used (all three bits are always set to "0" each) 7 SRWD Status Register Write Disable (0=Normal, 1=Lock) (Only if /W=LOW) |
RDSR RDID Type (bus-width) FFh, FFh,FFh,FFh None (none) F0h, FFh,FFh,FFh EEPROM (with 8+1bit address bus) 00h, FFh,FFh,FFh EEPROM/FRAM (with 16bit address bus) ? ?,?,? EEPROM (with 24bit address bus) 00h, xxh,xxh,xxh FLASH (usually with 24bit address bus) |
Pin Name Expl. 1 /S Chip Select 2 Q Data Out 3 /W Write-Protect (not used in NDS, wired to VCC) 4 VSS Ground 5 D Data In 6 C Clock 7 /HOLD Transfer-pause (not used in NDS, wired to VCC) 8 VCC Supply 2.5 to 5.5V for M95xx0-W |
DS Vision (NDS cart with microSD slot... and maybe ALSO with EEPROM?) NAND carts can store data in a read/write-able portion of the "ROM" chip Typing Adventure does have SPI FLASH (but not directly wired to SPI bus) |
| DS Cartridge NAND |
ECh,7Fh,00h,88h NDS Samsung 128MB NAND (eg. Warioware D.I.Y., NTR-UORE) ECh,7Fh,01h,88h NDS Samsung 128MB NAND (eg. Jam with the Band, NTR-UXBP) ECh,7Fh,00h,E8h DSi Samsung 128MB NAND (eg. Face Training, TWL-USKV) |
00000000h ROM region (one large region) (R) 0xxx0000h RW region (split into several 128KByte blocks) (R/W) 07A00000h Reserved region (R) |
In ROM access mode: 9400000000000000h Len=200h NAND Read ID B2aaaaaaaa000000h Len=0 NAND Select 128Kbyte RW access mode B300000000000000h Len=04h Unknown (returns 00000000h) BB00000000000000h Len=200h Unknown (returns 1X 04 09 20 04, plus zeroes) In RW access mode (on DSi carts, this works ONLY in DSi mode): 81aaaaaaaa000000h Len=200h NAND Write to Write Buffer (must be issued 4x) 8200000000000000h Len=0 NAND Forward Write Buffer to NAND 8400000000000000h Len=0 NAND Discard Write Buffer 8500000000000000h Len=0 NAND Write Enable 8600000000000000h Len=0 Unknown 8700000000000000h Len=0 NAND Write Disable 8B00000000000000h Len=0 NAND Select ROM access mode In either mode: 0B00000000000000h Len=200h Returns cart header[000h..1FFh] 0C00000000000000h Len=200h Returns corrupted cart header[1F8h..3F7h] ?? 58h..5Fh Len=0 Unknown (looks same/similar as in 1T-ROM carts) 60h..68h Len=800h Unknown (looks same/similar as in 1T-ROM carts) B000000000000000h Len=04h Unknown (returns 01010101h) B500000000000000h Len=0 Unknown (looks same/similar as in SanDisk carts) B7aaaaaaaa000000h Len=200h NAND Read from ROM or RW area B800000000000000h Len=04h Read Chip ID D600000000000000h Len=04h NAND Read Status Further command(s) spotted in Face Training disassembly: 8800000000000000h Len=0 Unknown (is in disassembly, but fails on HW?) |
0-1 Unknown (usually zero) 2-3 Unknown (usually zero, but tested by DSi Launcher, not NAND related?) 4 NAND write enable 5 NAND status (0=busy, 1=ready) 6 Unknown (usually zero, but set by DeSmuME) 7 Unknown (possible error flag?) 8-15 Same as bit0-7 16-23 Same as bit0-7 24-31 Same as bit0-7 |
Values in Jam with the Band (nocash dump): 17 04 09 20 04, plus 1FBh zeroes Values in Face Training (nocash dump): 10 04 09 20 04, plus 1FBh zeroes |
Values in Jam with the Band (arisotura dump): 000h EC F1 00 95 40 00 00 00 00 00 00 00 00 00 00 00 ....@........... 010h 00 00 00 00 00 00 00 00 EC 00 9E A1 51 65 34 35 ............Qe45 020h 30 35 30 31 19 19 02 0A 00 00 00 00 00 00 00 00 0501............ 030h FF FF FF .. (1D0h bytes) (why not 00h's ???) ................ Values in Jam with the Band (nocash dump): 000h EC F1 00 95 40 00 00 00 00 00 00 00 00 00 00 00 ....@........... 010h 00 00 00 00 00 00 00 00 EC 00 3B 5A 32 9B 32 30 ..........;Z2.20 020h 35 35 30 30 19 19 02 0A 00 00 00 00 00 00 00 00 5500............ 030h 00 00 00 .. (1D0h bytes) ................ Values in Face Training (nocash dump): 000h EC F1 00 95 40 00 00 00 00 00 00 00 00 00 00 00 ....@........... 010h 00 00 00 00 00 00 00 00 EC 00 5A 36 5C 14 35 35 ..........Z6\.55 020h 32 36 30 36 04 04 08 0A 00 00 00 00 00 00 00 00 2606............ 030h 00 00 00 .. (1D0h bytes) ................ |
Values in Jam with the Band (arisotura dump): 079E0000h FF FF FF .. (1F800h bytes) ................ 079FF800h EC 00 9E A1 51 65 34 35 30 35 30 31 19 19 02 0A ....Qe450501.... 079FF810h 00 00 00 00 6D D6 DA 9B B0 24 22 88 79 3B BF EA ....m....$".y;.. 079FF820h E6 AC 5E FA 69 12 0D 52 5D 5B F5 80 FF FF FF FF ..^.i..R][...... 079FF830h FF FF FF .. (7D0h bytes) ................ Values in Jam with the Band (nocash dump): 079E0000h FF FF FF .. (1F800h bytes) ................ 079FF800h EC 00 3B 5A 32 9B 32 30 35 35 30 30 19 19 02 0A ..;Z2.205500.... 079FF810h 00 00 00 00 DD 58 84 07 F9 72 19 04 96 8C FF 67 .....X...r.....g 079FF820h 7F 66 B9 E5 FD F7 3F 1A AE 60 60 00 FF FF FF FF .f....?..``..... 079FF830h FF FF FF .. (7D0h bytes) ................ |
B2aaaaaaaa000000h - Select 128Kbyte RW access mode (unlesss already) 8500000000000000h - NAND Write Enable 81aaaaaaaa000000h - NAND Write to Write Buffer + Data[200h] 81aaaaaaaa000000h - NAND Write to Write Buffer + Data[200h] 81aaaaaaaa000000h - NAND Write to Write Buffer + Data[200h] 81aaaaaaaa000000h - NAND Write to Write Buffer + Data[200h] 8200000000000000h - NAND Forward Write Buffer to NAND D600000000000000h - NAND Read Status + Data[4] (...repeat reading status until bit5=1=ready...) 8400000000000000h - NAND Discard SRAM write 8B00000000000000h - NAND Select ROM access mode (if desired) |
PCB "DI X-7 C17-01" Chip "SAMSUNG 004, KLC2811ANB-P204, NTR-UORE-0" |
PCB (Unknown) Chip "SAMSUNG 013, KLC2811UOC-P30A, NTR-UXBP-0, WKA069J2" |
PCB "DI X-8 C17-01" U1 "SAMSUNG 031, KLC2811UOC-P309, TWL-USKV-0, WKE114(80?)" (this chip must be slightly different, for DSi mode support) |
| DS Cartridge I/O Ports |
0-1 SPI Baudrate (0=4MHz/Default, 1=2MHz, 2=1MHz, 3=512KHz) 2-5 Not used (always zero) 6 SPI Hold Chipselect (0=Deselect after transfer, 1=Keep selected) 7 SPI Busy (0=Ready, 1=Busy) (presumably Read-only) 8-12 Not used (always zero) 13 NDS Slot Mode (0=Parallel/ROM, 1=Serial/SPI-Backup) 14 Transfer Ready IRQ (0=Disable, 1=Enable) (for ROM, not for AUXSPI) 15 NDS Slot Enable (0=Disable, 1=Enable) (for both ROM and AUXSPI) |
0-7 Data 8-15 Not used (always zero) |
0-12 KEY1 gap1 length (0-1FFFh) (forced min 08F8h by BIOS) (leading gap) 13 KEY2 encrypt data (0=Disable, 1=Enable KEY2 Encryption for Data) 14 "SE" Unknown? (usually same as Bit13) (does NOT affect timing?) 15 KEY2 Apply Seed (0=No change, 1=Apply Encryption Seed) (Write only) 16-21 KEY1 gap2 length (0-3Fh) (forced min 18h by BIOS) (200h-byte gap) 22 KEY2 encrypt cmd (0=Disable, 1=Enable KEY2 Encryption for Commands) 23 Data-Word Status (0=Busy, 1=Ready/DRQ) (Read-only) 24-26 Data Block size (0=None, 1..6=100h SHL (1..6) bytes, 7=4 bytes) 27 Transfer CLK rate (0=6.7MHz=33.51MHz/5, 1=4.2MHz=33.51MHz/8) 28 KEY1 Gap CLKs (0=Hold CLK High during gaps, 1=Output Dummy CLK Pulses) 29 RESB Release Reset (0=Reset, 1=Release) (cannot be cleared once set) 30 Data Direction "WR" (0=Normal/read, 1=Write, for FLASH/NAND carts) 31 Block Start/Status (0=Ready, 1=Start/Busy) (IRQ See 40001A0h/Bit14) |
hdr[60h] hdr[64h] hdr[6Eh] 00586000h 001808F8h 051Eh ;older/faster MROM 00416657h 081808F8h 0D7Eh ;newer/slower 1T-ROM 00416657h 081808F8h 0D7Eh ;newer/slower NAND |
0-7 1st Command Byte (at 40001A8h) (eg. B7h) (MSB) 8-15 2nd Command Byte (at 40001A9h) (eg. addr bit 24-31) 16-23 3rd Command Byte (at 40001AAh) (eg. addr bit 16-23) 24-31 4th Command Byte (at 40001ABh) (eg. addr bit 8-15) (when aligned=even) 32-39 5th Command Byte (at 40001ACh) (eg. addr bit 0-7) (when aligned=00h) 40-47 6th Command Byte (at 40001ADh) (eg. 00h) 48-57 7th Command Byte (at 40001AEh) (eg. 00h) 56-63 8th Command Byte (at 40001AFh) (eg. 00h) (LSB) |
0-7 1st received Data Byte (at 4100010h) 8-15 2nd received Data Byte (at 4100011h) 16-23 3rd received Data Byte (at 4100012h) 24-31 4th received Data Byte (at 4100013h) |
For more info: |
| DS Cartridge NitroROM and NitroARC File Systems |
FNT = cart_hdr[040h] ;\origin as defined in ROM cartridge header FAT = cart_hdr[048h] ;/ IMG = 00000000h ;-origin at begin of ROM |
... ... Optional Header (eg. compression header, or RSA signature) 000h 4 Chunk Name "NARC" (Nitro Archive) ;\ 004h 2 Byte Order (FFFEh) (unlike usually, not FEFFh) ; 006h 2 Version (0100h) ; NARC 008h 4 File Size (from "NARC" ID to end of file) ; Header 00Ch 2 Chunk Size (0010h) ; 00Eh 2 Number of following chunks (0003h) ;/ 010h 4 Chunk Name "BTAF" (File Allocation Table Block) ;\ 014h 4 Chunk Size (including above chunk name) ; File 018h 2 Number of Files ; Allocation 01Ah 2 Reserved (0000h) ; Table 01Ch ... FAT (see below) ;/ ... 4 Chunk Name "BTNF" (File Name Table Block) ;\ ... 4 Chunk Size (including above chunk name) ; File Name ... ... FNT (see below) ; Table ... .. Padding for 4-byte alignment (FFh-filled, if any) ;/ ... 4 Chunk Name "GMIF" (File Image Block) ;\ ... 4 Chunk Size (including above chunk name) ; File Data ... ... IMG (File Data) ;/ |
000h 4 FNT Filename Table Offset (always at 10h) 004h 4 FNT Filename Table Size 008h 4 FAT Allocaton Table Offset (at above Offset+Size+Padding) 00Ch 4 FAT Allocaton Table Size 010h .. FNT Filename Table Data ... .. FAT Allocaton Table Data ... .. IMG File Data |
Addr Size Expl. 00h 4 Start address (originated at IMG base) (0=Unused Entry) 04h 4 End address (Start+Len) (0=Unused Entry) |
Addr Size Expl. 00h 4 Offset to Sub-table (originated at FNT base) 04h 2 ID of first file in Sub-table (0000h..EFFFh) |
06h 2 Total Number of directories (1..4096) |
06h 2 ID of parent directory (F000h..FFFEh) |
Addr Size Expl.
00h 1 Type/Length
01h..7Fh File Entry (Length=1..127, without ID field)
81h..FFh Sub-Directory Entry (Length=1..127, plus ID field)
00h End of Sub-Table
80h Reserved
01h LEN File or Sub-Directory Name, case-sensitive, without any ending
zero, ASCII 20h..7Eh, except for characters \/?"<>*:;|
|
LEN+1 2 Sub-Directory ID (F001h..FFFFh) ;see FNT+(ID AND FFFh)*8 |
Addr Size Expl. 00h 4 Overlay ID 04h 4 RAM Address ;Point at which to load 08h 4 RAM Size ;Amount to load 0Ch 4 BSS Size ;Size of BSS data region 10h 4 Static initialiser start address 14h 4 Static initialiser end address 18h 4 File ID (0000h..EFFFh) 1Ch 4 Reserved (zero) |
| DS Cartridge Unknown Commands |
Title Chip ID Commands... Metroid First Hunt 00000FC2 B7 B8 D8 Meine Tierarztpraxis 00000FAE B7 B8 D8 Meine Tierpension 00000FC2 B7 B8 D8 Nanostray 00000FC2 B7 B8 D8 Over the Hedge 00001FC2 B7 B8 D8 Tony Hawk's Skateland 00003FC2 B7 B8 Tony Hawk's Downhill Jam 00003FC2 B7 B8 Ultimate Spiderman 00003FC2 B7 B8 System Flaw (DSi) 40001FC2 B7 B8 F1 Biggest Loser (DSi) 40001FC2 B7 B8 F1 Cooking Coach (DSi) C0007FC2 58..5F 60..68 B7 B8 Walk with Me E0013F80 69..6C B5 B7 B8 D6 Face Training (DSI NAND) E8007FEC 0x 5x 6x 8x 94 Bx D6 (see NAND chapter) |
______________________________ Command 58h..68h ______________________________ |
______________________________ Command 69h..6Ch ______________________________ |
______________________________ Command B5h/D6h _______________________________ |
if chip_id AND 20000000h
get_nand_status(cmd_D6h)
if (nand_status AND 0Ch)<>0 ;whatever bits
whatever(cmd_B5h) ;whatever command
loop:
get_nand_status(cmd_D6h)
if (nand_status AND 20h)=0 then goto loop ;wait for ready flag
|
________________________________ Command D8h _________________________________ |
________________________________ Command F1h _________________________________ |
0000..0DFF FF-filled 0E00 1E 40 05 5A FF FF 0D 01 32 68 38 7A 23 3F FF FF 0E10 03 0B 00 00 03 09 FF FF FF FF FF FF FF FF FF FF 0E20 1E 40 05 03 0B 00 00 03 09 00 00 FF FF FF FF FF 0E30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0E40 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0E50 FF FF FF FF FF 5A FF 5E FF FF FF FF FF FF 5A FF 0E60 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0E70 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0E80..0FFF FF-filled 1000..3FFF mirrors of 0000-0FFF |
0000..0DFF FF-filled 0E00 11 16 08 5A FF FF 0D 0B 39 7C 40 8E 2A 53 FF FF 0E10 03 0A 07 05 05 04 00 00 07 00 7F FF 00 FF FF FF 0E20 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0E30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0E40 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0E50 FF FF FF FF FF 5A FF 5E FF FF FF FF FF FF 5A FF 0E60 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0E70 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0E80..0FFF FF-filled 1000..3FFF mirrors of 0000-0FFF |
| DS Cartridge PassMe/PassThrough |
Addr Siz Patch 004h 4 E59FF018h ;opcode LDR PC,[027FFE24h] at 27FFE04h 01Fh 1 04h ;set autostart bit 022h 1 01h ;set ARM9 rom offset to nn01nnnnh (above secure area) 024h 4 027FFE04h ;patch ARM9 entry address to endless loop 034h 4 080000C0h ;patch ARM7 entry address in GBA slot 15Eh 2 nnnnh ;adjust header crc16 |
0A0h GBA-style Title ("DSBooter")
0ACh GBA-style Gamecode ("PASS")
0C0h ARM7 Entrypoint (32bit ARM code)
|
| DS Cartridge GBA Slot |
NDS: Normal 32pin slot DS Lite: Short 32pin slot (GBA cards stick out) DSi: N/A (dropped support for GBA carts, and for DS-expansions) |
| DS Cart Rumble Pak |
VCC, GND, /WR, AD1, and IRQ (grounded) |
for i=0 to 0FFFh
if halfword[8000000h+i*2]<>(i and FFFDh) then <not_a_ds_rumble_pak>
next i
|
rumble_state = rumble_state xor 0002h halfword[8000000h]=rumble_state |
| DS Cart Slider with Rumble |
00h Product_ID (R) (03h) 01h Revision_ID (R) (10h=Rev. 1.0) (20h=Used in DS-option-pak) 02h Motion/Status Flags (R) 03h Delta_X (R) (signed 8bit) (automatically reset to 00h after reading) 04h Delta_Y (R) (signed 8bit) (automatically reset to 00h after reading) 05h SQUAL (R) (surface quality) (unsigned 8bit) 06h Average_Pixel (R) (unsigned 6bit, upper 2bit unused) 07h Maximum_Pixel (R) (unsigned 6bit, upper 2bit unused) 08h Reserved 09h Reserved 0Ah Configuration_bits (R/W) 0Bh Reserved 0Ch Data_Out_Lower (R) 0Dh Data_Out_Upper (R) 0Eh Shutter_Lower (R) 0Fh Shutter_Upper (R) 10h Frame_Period_Lower (R/W) 11h Frame_Period_Upper (R/W) |
7 Motion since last report or PD (0=None, 1=Motion occurred) 6 Reserved 5 LED Fault detected (0=No fault, 1=Fault detected) 4 Delta Y Overflow (0=No overflow, 1=Overflow occured) 3 Delta X Overflow (0=No overflow, 1=Overflow occured) 2 Reserved 1 Reserved 0 Resolution in counts per inch (0=400, 1=800) |
7 Reset Power up defaults (W) (0=No, 1=Reset)
6 LED Shutter Mode (0=LED always on, 1=LED only on when shutter is open)
5 Self Test (W) (0=No, 1=Perform all self tests)
4 Resolution in counts per inch (0=400, 1=800)
3 Dump 16x16 Pixel bitmap (0=No, 1=Dump via Data_Out ports)
2 Reserved
1 Reserved
0 Sleep Mode (0=Normal/Sleep after 1 second, 1=Always awake)
_______
|74273 |
/WR -----------------> |CLK | _____
AD1/SIO CLK ---------> |D1 Q1|--------------> CLK |74125|
AD2 power control ---> |D2 Q2|---> ____ | |
AD3/SIO DIR ---------> |D3 Q3|------o-|7400\________|/EN |
AD8 rumble on/off ---> |D? Q?|---> '-|____/ | |
AD0/SIO DTA ----o----> |D5 Q5|----------------------|A Y|--o--DTA
| |_______| |- - -| |
____ '-------------------------------------|Y A|--'
/RD ---|7400\______ ____ | |
/RD ---|____/ |7400\_____________________________|/EN |
A19 _______________|____/ |_____|
|
| DS Cart Expansion RAM |
Opera (8MB RAM) (official RAM expansion for Opera browser) EZ3/4/3-in-1 (8-16MB RAM, plus FLASH, plus rumble) Supercard (32MB) M3 (32MB) G6 (32MB) |
base=9000000h, size=800000h (8MB) unlock=1, lock=0 STRH [8240000h],lock/unlock |
base=8400000h, size=VAR (8MB..16MB) locking/unlocking/detection see below |
base=8000000h, size=1FFFFFEh (32MB minus last two bytes?) unlock=5 (RAM_RW), lock=3 (MEDIA) STRH [9FFFFFEh],A55Ah STRH [9FFFFFEh],A55Ah STRH [9FFFFFEh],lock/unlock STRH [9FFFFFEh],lock/unlock |
base=8000000h, size=2000000h (32MB) unlock=00400006h, lock=00400003h LDRH Rd,[8E00002h] LDRH Rd,[800000Eh] LDRH Rd,[8801FFCh] LDRH Rd,[800104Ah] LDRH Rd,[8800612h] LDRH Rd,[8000000h] LDRH Rd,[8801B66h] LDRH Rd,[8000000h+(lock/unlock)*2] LDRH Rd,[800080Eh] LDRH Rd,[8000000h] LDRH Rd,[80001E4h] LDRH Rd,[80001E4h] LDRH Rd,[8000188h] LDRH Rd,[8000188h] |
base=8000000h, size=2000000h (32MB) unlock=6, lock=3 LDRH Rd,[9000000h] LDRH Rd,[9FFFFE0h] LDRH Rd,[9FFFFECh] LDRH Rd,[9FFFFECh] LDRH Rd,[9FFFFECh] LDRH Rd,[9FFFFFCh] LDRH Rd,[9FFFFFCh] LDRH Rd,[9FFFFFCh] LDRH Rd,[9FFFF4Ah] LDRH Rd,[9FFFF4Ah] LDRH Rd,[9FFFF4Ah] LDRH Rd,[9200000h+(lock/unlock)*2] LDRH Rd,[9FFFFF0h] LDRH Rd,[9FFFFE8h] |
ez_ram_test: ;Based on DSLinux Amadeus' detection
ez_subfunc(9880000h,8000h) ;-SetRompage (OS mode)
ez_subfunc(9C40000h,1500h) ;-OpenNorWrite
[08400000h]=1234h ;\
if [08400000h]=1234h ; test writability at 8400000h
[8000000h]=4321h ; and non-writability at 8000000h
if [8000000h]<>4321h ;
return true ;/
ez_subfunc(9C40000h,D200h) ;CloseNorWrite
ez_subfunc(9880000h,0160h) ;SetRompage (0160h)
ez_subfunc(9C40000h,1500h) ;OpenNorWrite
[8400000h]=1234h ;\
if [8400000h]=1234h ; test writability at 8400000h
return true ;/
return false ;-failed
ez_subfunc(addr,data):
STRH [9FE0000h],D200h
STRH [8000000h],1500h
STRH [8020000h],D200h
STRH [8040000h],1500h
STRH [addr],data
STRH [9FC0000h],1500h
|
| DS Cart Infrared/Pedometers |
H8/300H Series Programming Manual (Hitachi, 257 pages) ;-Opcodes H8/38602R Group Hardware Manual (Renesas, 554 pages) ;-SFR's The addition of H8/38606 Group (Renesas, 6 pages) ;-FLASH/ROM/RAM |
BMA150 Triaxial digital acceleration sensor Data sheet (Bosch, 56 pages) SSD1850 Advance Information (Solomon System, 56 pages) ;-LCD driver http://dmitry.gr/?r=05.Projects&proj=28.%20pokewalker ;-Disassembly/Story http://forums.nesdev.com/viewtopic.php?f=23&t=21140#p265388 ;-Forum |
| DS Cart Infrared Cartridge SPI Commands |
OLD was used in Walk with Me (maybe also Active Health?) NEW was used in the P-Letter game series |
04h,04h Initial dummy in walk with me (bugged read or wrdi?) 00h,cmd,params[...] Savedata access 01h,00h,00h Infrared RX (none, len=0, plus dummy data=0) 01h,len,data[len] Infrared RX (OLD: max 84h bytes, NEW: max B8h bytes) 02h,data[...] Infrared TX (OLD: max 84h bytes, NEW: max B8h bytes) 02h,F2h,data[...] OLD: ignored (refuses to TX data starting with F2h) 03h,msb,lsb,data Memory Write 8bit ;\MOV.B 04h,msb,lsb,data Memory Read 8bit ;/ 05h,msb,lsb,data,data Memory Write 16bit ;\MOV.W (fails on 8bit SFRs?) 06h,msb,lsb,data,data Memory Read 16bit ;/ 07h,00h,num,num,num,... Blah, returns num params from previous spi command 08h..FFh OLD: Ignored (keeps awaiting a SPI command byte) 08h,ver NEW: Returns version (ver=AAh) 09h..FFh OLD: Ignored (returns zeropadding) |
| DS Cart Infrared Cartridge Memory Map |
[0FFD6h].0 Port 3 Data bit0 OUT IrDA PWDOWN (1=disable IrDA RX) [0FFD6h].1 Port 3 Data bit1 IN IrDA RXD ;\via serial IrDA registers [0FFD6h].2 Port 3 Data bit2 OUT IrDA TXD ;/ [0FFDBh].3 Port 8 Data bit3 OUT Savedata chipselect (0=select) (cmd 00h) [0FFDBh].2 Port 8 Data bit2 OUT LED color ;\used in UNUSED functions, [0FFDBh].3 Port 8 Data bit3 OUT LED color ; in OLD ROM only, and [0FFDEh].0 Port B Data bit0 IN Button input ;/conflicting with Savedata IrDA IR Transfers SPI NDS Console (and cmd 00h forwarding to Savedata) |
FB80h 200h undocumented and unused RAM, is R/W in my 38600R (!) FD80h 2 unused ;-unused FD82h 2 ir_callback ;\main callbacks for ir/spi polling FD84h 2 spi_callback ;/ FD86h 2 ir_timestamp ;-last ir access (for timeout)? FD88h 2 spi_timestamp ;-last spi access (for debug or so)? FD8Ah 1 initial_blah ;-initial state of Port 8.bit3 (not really used) FD8Bh 1 ir_rxbuf_wrptr ;-ir_rxbuf_wrptr (for incoming IR data)? FD8Ch 1 ir_rxbuf_rdptr ;-ir_rxbuf_rdptr (for forwarding to spi)? FD8Dh 84h spi_rx_buf ;-spi_rx_buf ;(also ir TX buf) FE11h 84h infrared_rx_buf ;-infrared_rx_buf FE95h 1 spi_index ;-spi_index FE96h 1 ir_tx_index ;-ir_tx_index (from spi buf to TX infrared) FE97h 1 ir_timeout_flag ;-ir_timeout_flag (or packet end or so?) FE98h 2 button_num_changes ;\ FE9Ah 2 button_num_pushes ; used only in FE9Ch 1 button_new_state ; UNUSED functions FE9Dh 1 button_old_state ; FE9Eh 1 button_newly_pushed ; FE9Fh 1 button_offhold ;/ FEA0h E0h stack_area (stacktop at FF80h) |
FB80h 200h undocumented and unused RAM, is R/W in my 38600R (!) FD80h 2 unused ;-unused FD82h 2 ir_callback ;\main callbacks for ir/spi polling FD84h 2 spi_callback ;/ FD86h 2 ir_timestamp ;-last ir access (for timeout)? FD88h 1 ir_rxbuf_wrptr ;-ir_rxbuf_wrptr (for incoming IR data)? FD89h 1 ir_rxbuf_rdptr ;-blah, always set to 0, never used FD8Ah 1 spi_index ;-spi_index FD8Bh 1 ir_tx_index ;-ir_tx_index (from spi buf to TX infrared) FD8Ch B8h spi_rx_buf ;-spi_rx_buf ;(also ir TX buf) FE44h B8h+1 infrared_rx_buf ;-infrared_rx_buf (plus space for appending 00h) FEFDh 1 ir_timeout_flag ;-ir_timeout_flag (or packet end or so?) FEFEh 82h stack_area (stacktop at FF80h) |
| DS Cart Infrared Activity Meter IR Commands |
sum=0, packet[2,3]=00h,00h ;-initial chksum
for i=0 to size-1
if (i and 1)=0 then sum=sum+packet[i]*100h ;\add in big-endian fashion
if (i and 1)=1 then sum=sum+packet[i] ;/
sum=(sum/10000h)+(sum AND FFFFh) ;\final adjust
sum=(sum/10000h)+(sum) ;/
packet[2,3]=sum,sum/100h ;-store in little-endian
|
08,xx,cc,cc,msb,lsb,data[..] CPU Memory Write (len=3Eh max) ;Reply=08 0A,xx,cc,cc,msb,lsb,len CPU Memory Read (len=40h max) ;Reply=0A 0A,xx,cc,cc,FB,9C,len CPU Memory Read FB9Ch with ClrFlag ;Reply=0A 20,xx,cc,cc,msb,lsb,data[..] Serial EEPROM Write (len=3Eh max) ;Reply=20 22,xx,cc,cc,msb,lsb,len Serial EEPROM Read (len=40h max) ;Reply=22 24,00,cc,cc,ss,ss,ss,ss Update Ringbuf_mm ;\ ;Reply=24 24,01,cc,cc,ss,ss,ss,ss Update Ringbuf_hh ; and set ;Reply=24 24,02,cc,cc,ss,ss,ss,ss Update Ringbuf_dd ; 32bit ;Reply=24 24,03,cc,cc,ss,mm,hh Set RTC hh:mm:ss ; seconds ;Reply=24 24,04,cc,cc,ss,ss,ss,ss Raw Set ssssssss ? ;/ ;Reply=24 24,xx,cc,cc,ss,ss,ss,ss Invalid (same as 24,04) ;Reply=24 26,xx,cc,cc Deadlock ;\both same (maybe ;Reply=26 28,xx,cc,cc Deadlock ;/Watchdog/reboot?) ;Reply=26 2A,xx,cc,cc,00,nn Stepback Ringbuf_hh ;\go back nn ;Reply=2A 2A,xx,cc,cc,01,nn Stepback Ringbuf_mm ; entries, ;Reply=2A 2A,xx,cc,cc,02,nn Stepback Ringbuf_dd ;/see [FCDAh] ;Reply=2A 2A,xx,cc,cc,xx,.. Invalid ;Reply=2A 2C,cs,cc,cc Toggle one LED on/off ;Reply=2C F4,xx,cc,cc Disconnect ;Reply=None F6,xx,cc,cc Force "Bad Chksum" reply ;Reply=FC FA,xx,cc,cc Connect ;Reply=F8 FE,... Noise ;\ignored, noise ;Reply=None FF,... Noise ;/ ;Reply=None xx,xx,cc,cc Invalid ;-ignored, invalid cmd ;Reply=None xx,xx,xx,xx Bad Chksum ;Reply=FC |
08,sq,cc,cc Reply to Cmd 08 (CPU Memory Write reply) 0A,sq,cc,cc,data[..] Reply to Cmd 0A (CPU Memory Read reply) 20,sq,cc,cc Reply to Cmd 20 (Serial EEPROM Write reply) 22,sq,cc,cc,data[..] Reply to Cmd 22 (Serial EEPROM Read reply) 26,xx,cc,cc Reply to Cmd 26 and 28 (Deadlock reply) 24,xx,cc,cc Reply to Cmd 24 (Update, or Set RTC time) 2A,xx,cc,cc Reply to Cmd 2A (Stepback, with result at [FCDAh]) 2C,cs,cc,cc Reply to Cmd 2C (LED reply) 80,FF,cc,cc Factory Reset and Hardware Test completed (or failed) F8,00,cc,cc Reply to Cmd FA (Connect reply) FC,xx,cc,cc Reply to Cmd's with Bad Chksum (and Cmd F6) FC Advertising Msg (after pressing button) (single byte) |
cc,cc Checksum (LITTLE-ENDIAN) msb,lsb Memory Address (big-endian) ss,ss,ss,ss Seconds since 2001 (big-endian) ss,mm,hh RTC time HH:MM:SS (BCD) (caution: smashes seconds since 2001) sq Increasing sequence number in Memory Access replies cs LED color/state (c=color red/green, s=state on/off) xx Whatever (don't care?) |
| DS Cart Infrared Activity Meter Memory Map |
[0FFD4h].0 Port 1 Data bit0 IN Factory Test (0=Test, 1=Normal) [0FFD4h].2 Port 1 Data bit2 OUT Set for sum of eight A/D conversions [0FFD6h].0 Port 3 Data bit0 OUT IrDA PWDOWN (1=disable IrDA RX) [0FFD6h].1 Port 3 Data bit1 IN IrDA RXD ;\via serial IrDA registers [0FFD6h].2 Port 3 Data bit2 OUT IrDA TXD ;/ [0FFDBh].2 Port 8 Data bit2 OUT LED color? [0FFDBh].3 Port 8 Data bit3 OUT LED color? [0FFDCh].0 Port 9 Data bit0 OUT SPI EEPROM chipselect (0=select) [0FFDEh].0 Port B Data bit0 IN Button input IrDA IR Transfers SPI SPI 8Kbyte EEPROM A/D Used to read two single-axis sensors (for step counting)? A/D Also used to read sum of eight A/D conversions (for wakeup from sleep)? |
FB80h 1 Button flags (bit7=curr.state, bit6=newly.pressed, bit5=old.state) FB81h 1 ... cleared if memread src was unique_id (and other cases) FB82h 1 ... sys/power mode ? FB83h 1 ... adc_mode, or power_saving? FB84h 1 ... clock change request FB85h 1 ... led_extra_mask (never CLEARED, except on boot, or maybe via IR) FB86h 1 adc_array_index (index in ADC array X/Y, wraps in range 00h..3Fh) FB87h 1 ... entrysize of current data in ringbuf (per newest TAG) or so? FB88h 1 SPI overrun error (probably nonsense, SPI clk can't outrun itself) FB89h 1 Unused FB8Ah 1 num_steps_curr_minute (00h..FCh) (no conflict with tag FDh,FEh,FFh) FB8Bh 1 rtc_event_flags (bit0=minute, bit1=hour, bit2=day, bit3=also.hour) FB8Ch 1 ... timing offhold for various stuff FB8Dh 1 some_shift_amount ;READ via IR FB8Eh 1 Daily goal reached flag (aka LED color) (bit0=reached, bit1=???) FB8Fh 1 ... timing for LED step pulses? FB90h 1 ... timing for LED step pulses? FB91h 1 ... flag for LED step pulse state? FB92h 1 Hour when new day starts (BCD, usually/always 03h) ;READ via IR FB93h 1 ... some flag for inactivity low-power mode ? FB94h 1 LED animation number (1..5, or 0=none) (factory test result) FB95h 1 Unused FB96h 1 New day flag FB97h 1 Fixed LED mask (this is a "fixed" setting from EEPROM) FB98h 1 Compare_ctrl_0 ;\for "Compare Control" HW registers (89h,89h) FB99h 1 Compare_ctrl_1 ;/ FB9Ah 1 New Goal flag (apply [FCF4h] as new goal, starting on next day?) FB9Bh 1 Unused FB9Ch 28h Unique ID ;READ via IR (initally set by NDS via RAM+EEPROM writes?) FBC4h 2 adc_current_x FBC6h 2 adc_current_y FBC8h 80h adc_array_x (40h x 16bit) FC48h 80h adc_array_y (40h x 16bit) FCC8h 2 adc_scale_factor_x ;\scale factors FCCAh 2 adc_scale_factor_y ;/ FCCCh 2 adc_scale_unused_z ;\semi-unused (written, but never read) FCCEh 2 adc_scale_unused_t ;/ FCD0h 2 ringbuf_mm_index (0020h..16A0h) ;READ via IR FCD2h 2 ringbuf_hh_index (16A1h..1C42h) ;READ via IR FBD4h 2 Unused FCD6h 2 ringbuf_dd_index (1C43h..1CDEh) ;READ via IR FCD8h 2 num_steps_curr_hour (16bit step counter for current hour) FCDAh 2 ringbuf_stepback_index (result from cmd_2Ah, to be read by cmd_0Ah) FCDCh 2 adc_inactivity_timer (time since last pedometer step) FCDEh 2 SPI overrun error counter (related to flag at FB88h) FCE0h 2 Unused FCE2h 2 adc_current_sum (sum of eight A/D conversions) FCE4h 4 seconds_counter (seconds since 1st Jan 2001?, initially 0D2B0B80h) FCE8h 4 num_steps_lifelong (lifelong TOTAL steps) FCECh 4 num_steps_today (step counter, for current day) FCF0h 4 Daily_goal (WRITTEN via IR, NDS cart default=3000 decimal) FCF4h 4 new_goal_steps (somewhat reload value for daily goal?) FCF8h 18h Unused FD10h 2 main_callback (main_adc_button_callback, or ir_callback) FD12h 40h ir_tx_data (buffer for Memory & EEPROM reads) FD52h 2 clk_callback (clk_whatever_callback, or 0=none) FD54h 2 ir_callback (ir_active_callback, or ir_dummy_callback) FD56h 2 ir_timestamp_last_byte (for sensing SHORT GAPs, aka end-of-packet) FD58h 2 RX chksum from hdr[2..3] FD5Ah 2 RX chksum from calculation FD5Ch 2 ir_timestamp_last_xfer (for sensing LONG GAPs, aka sleep mode) FD5Eh 1 Unused FD5Fh 1 ir_rx_len FD60h 1 ... semi-unused (set to 00h?) (but never read) FD61h 44h ir_rxtx_buf, hdr[4]+data[40h] FDA5h 1 ir_tx_hdr_len ;\memorized TX len+hdr[4] FDA6h 4 ir_tx_hdr_copy ;/(never actually used) FDAAh 1 bad_chksum_count, give up sending bad_chksum replies after 3 errors FDABh 1 bad_chksum_flag, request reply_FCh (bad_chksum) FDACh 80h ... array (40h x 16bit) ;\ FE2Ch 80h ... array (40h x 16bit) ; analog sine/cosine FEACh 4 ... dword ; stuff for converting FEB0h 4 ... dword ; adc to step counter? FEB4h 1 ... byte ; FEB5h 1 ... byte ;/ FEB6h 2 Incremented in main_adc_button_callback (but not used elsewhere) FEB8h 1 Unused ;\maybe meant to be 4-byte tx hdr, FEB9h 1 TX sequence number ; but only hdr[1] used (as increasing FEBAh 2 Unused ;/seq.no for memory read/write replies) FEBCh 4 ... array (2 x 16bit) FEC0h 4 ... array (2 x 16bit) FEC4h 4 ... array (2 x 16bit) FEC8h 4 ... array (2 x 16bit) FECEh B2h CPU Stack area, initial SP=FF80h |
EEPROM:0000h 9 ID "nintendo",00h (9 bytes) EEPROM:0009h 17h Unused (FFh-filled) EEPROM:0020h 1681h Ringbuf_mm ;steps per MINUTE for 4 days ;(24*60*4-1)*8bit EEPROM:16A1h 5A2h Ringbuf_hh ;steps per HOUR for 30 days ;(24*30+1)*16bit EEPROM:1C43h 9Ch Ringbuf_dd ;steps per DAY for 52 days ;(52)*24bit EEPROM:1CDFh 1 Unused (FFh) (padding ringbuf's to 20h-byte-boundary) EEPROM:1CE0h 200h Unused (FFh-filled) EEPROM:1EE0h 8+1 ADC_scale_values (4x16bit) ;RAM:FCC8h ;\ EEPROM:1EE9h 2+1 ADC sum_limit ;RAM:stack ; these EEPROM EEPROM:1EECh 3 Unused ; settings EEPROM:1EEFh 4+1 Num_steps_lifelong ;RAM:FCE8h ; have 1-byte EEPROM:1EF4h 1+1 Fixed LED Mask ;RAM:FB97h ; checksums EEPROM:1EF6h 2 Unused ; appended, and EEPROM:1EF8h 1+1 Some_shift_amount ;RAM:FB8Dh ; backups at EEPROM:1EFAh 4+1 Daily_goal ;RAM:FCF0h ; 1F40h-1F9Fh EEPROM:1EFFh 4+1 New_goal_steps ;RAM:FCF4h ; EEPROM:1F04h 28h+1 Unique ID ;RAM:FB9Ch ; EEPROM:1F2Dh 13h Unused (00h-filled) ;/ EEPROM:1F40h 60h Backup copies of above data at 1EE0h..1F3Fh ;-backups EEPROM:1FA0h 2 Error code (initially FFFFh) EEPROM:1FA2h 1 Reboot counter (initially 00h or 01h ?) EEPROM:1FA3h 5Dh Unused (FFh-filled) |
00xxh Zero steps for N minutes (N=max FCh) ;\in ringbuf_mm xxh N steps per minute (N=01h..FCh) ;/ xxxxh N steps per hour (N=0000h..FFFFh) ;-in ringbuf_hh xxxxxxh N steps per day (N=000000h..FFFFFFh) ;-in ringbuf_dd FDxxxxxxxxxxh Timestamp, reversed-BCD-digit-order, seconds since 2001 or so? FEh Newest entry marker? FFh Unused entry marker? |
| DS Cart Infrared P-Walker IR Commands |
EEPROM Commands (Cmd 02,04,0C,0E,82) ;\From NDS or Walker Connect Commands (Cmd F8,FA,FC) ;/ Peer Commands (Cmd 10...1C) ;-From Walker Unused Commands (Cmd's with * marking) ;-From Prototype tests? Other Commands (Cmd's other than above) ;-From NDS |
00,hi,..,lzss(..) EEPROM Write [hi00h..hi7Fh] Compressed ;Reply=04 80,hi,..,lzss(..) EEPROM Write [hi80h..hiFFh] Compressed ;Reply=04 02,hi,..,data(..) EEPROM Write [hi00h..hi7Fh] Raw ;Reply=04 82,hi,..,data(..) EEPROM Write [hi80h..hiFFh] Raw ;Reply=04 04,xx,.. EEPROM Write Reply ;SendMoreCmd(s) 06,hi,..,lo,data(nn)* CPU Memory Write [hilo+(0..nn-1)] ;Reply=06 0A,hi,..,lo,data(nn)* EEPROM Write Random Len [hilo+(0..nn-1)] ;Reply=04 0C,xx,..,hi,lo,nn EEPROM Read Request [hilo+(0..nn-1)] ;Reply=0E 0E,xx,..,data(nn) EEPROM Read Reply ;SendMoreCmd(s) 10,xx,..,data(68h) Peer Step 1 Request ;Reply=12 12,xx,..,data(68h) Peer Step 1 Reply ;SendMoreCmd(s) 14,xx,..,data(38h) Peer Step 2 Request ;Reply=16 16,xx,.. Peer Step 2 Reply ;Reply=16 or None 1C,xx,.. Peer Refuse ;Reply=None+Disconnect 20,xx,.. Identity Read Request ;Reply=22 24,xx,.. * Ping Request ;Reply=26 2A,xx,..,none? Unique ID Read Request ;Reply=2A 2C,xx,..,none? * Unique ID Read Request slightly other ;Reply=2A 32,xx,..,data(28h?) * Identity Write Request 1 ;Reply=34 36,xx,.. * Connection Error 1 ;Reply=None 38,xx,.. * Walk Start Silent ;Reply=38 40,xx,..,data(28h?) * Identity Write Request 2 ;Reply=42 44,xx,.. * Connection Error 2 ;Reply=None 4E,xx,.. Walk End Request ;Reply=50 52,xx,..,data(28h?)?? Identity Write Request 3 ;Reply=54 56,xx,.. * Connection Error 3 ;Reply=None 5A,xx,.. Walk Start Nonsilent ;Reply=5A 60,xx,..,data(28h?) * Identity Write Request 4 ;Reply=62 64,xx,.. * Connection Error 4 ;Reply=None 66,xx,.. * Walk End Request OTHER ;Reply=68 9C,xx,.. * Error Whatever ;Reply=9C+Disconnect 9E,xx,.. * Error Weird Participate ;Reply=9E+Disconnect A0,xx,.. * Weird Participate 1 ;Reply=A0 or 9E A2,xx,.. * Weird Participate 2 ;Reply=A2 or 9E A4,xx,.. * Weird Participate 3 ;Reply=A4 or 9E A6,xx,.. * Weird Participate 4 ;Reply=A6 or 9E A8,xx,.. * Weird Participate 5 ;Reply=A8 or 9E AA,xx,.. * Weird Participate 6 ;Reply=AA or 9E AC,xx,.. * Weird Participate 7 ;Reply=AC or 9E AE,xx,.. * Weird Participate 8 ;Reply=AE or 9E B8,xx,.. * Award Stamp Heart ;Reply=D8 BA,xx,.. * Award Stamp Spade ;Reply=DA BC,xx,.. * Award Stamp Diamond ;Reply=DC BE,xx,.. * Award Stamp Club ;Reply=DE C0,xx,.. * Award Special Map ;Reply=C0 C2,xx,.. * Award Event P-Letter ;Reply=C2 C4,xx,.. * Award Event Item ;Reply=C4 C6,xx,.. * Award Event Route ;Reply=C6 D0,xx,.. * Award All Stamps and Special Map ;Reply=C0 D2,xx,.. * Award All Stamps and Event P-Letter ;Reply=C2 D4,xx,.. * Award All Stamps and Event Item ;Reply=C4 D6,xx,.. * Award All Stamps and Event Route ;Reply=C6 D8,xx,.. * Connection Error 5 ;Reply=None F0,xx,..,data(71h) ?? Enroll Data (28h+40h+8+1 bytes) ;Reply=F0 F4,xx,.. * Disconnect ;Reply=None+Disconnect F8,02,.. Connection Reply from Walker ;SendCmd=1002 FA,01,.. Connection Request from NDS ;Reply=F802 FA,02,.. Connection Request from Walker ;Reply=F802 FA,xx,.. Connection Request invalid ;Reply=None+Disconnect FC Connection Beacon from Walker ;SendCmd=FA FE,01,..,data(8) * EEPROM Write [0008h..000Fh] ;Reply=FE xx * Ignored (single byte other than FC) ;Reply=None xx,xx,.. * Invalid Cmd ;Reply=None xx,xx,xxxx * Ignored (wrong 4-byte ID for Cmd 00-F7) ;Reply=None xx,xx,xxxx * Bad Checksum (disconnect if too often) ;Reply=None |
02,hi,..,data(nn) EEPROM Write ... ;Cmd=Peer 82,hi,..,data(nn) EEPROM Write ... ;Cmd=Peer 04,hi,.. EEPROM Write Reply ;Cmd=00/02/0A/80/82 06,hi,.. * CPU Memory Write Reply ;Cmd=06h 0C,02,..,hi,lo,nn EEPROM Read Request ;Peer, EEPROM Read ;Cmd=0Eh 0E,02,..,data(nn) EEPROM Read Reply ;Cmd=0Ch 10,02,..,data(68h) Peer Step 1 Request (after Connect Reply);Cmd=F8h 12,02,..,data(68h) Peer Step 1 Reply ;Cmd=10h 14,02,..,data(38h) Peer Step 2 Request ;Cmd=0Eh 16,02,.. Peer Step 2 Reply ;Cmd=14h/16h 1C,02,.. Peer Refuse ;Cmd=10h/12h 22,02,..,data(68h) Identitiy Read Reply ;Cmd=20h 26,02,.. * Ping Reply ;Cmd=24h 2A,02,..,data(28h) Unique ID Reply ;Cmd=2Ah/2Ch 34,02,.. * Identitiy Write 1 Reply ;Cmd=32h 38,02,.. * Walk Start silent Reply ;Cmd=38h 42,02,.. * Identitiy Write 2 Reply ;Cmd=40h 50,02,.. Walk End Reply ;Cmd=4Eh 54,02,.. ?? Identitiy Write 3 Reply ;Cmd=52h 5A,02,.. Walk Start nonsilent Reply ;Cmd=5Ah 62,02,.. * Identitiy Write 4 Reply ;Cmd=60h 68,02,.. * Walk End OTHER Reply ;Cmd=66h 9C,02,.. * Weird Whatever Reply-to-Reply? ;Cmd=9Ch 9E,02,..,data(11h) * Weird Participated Reply ;Cmd=A0h..AEh 9E,02,.. * Weird Participated Reply-to-Reply? ;Cmd=9Eh A0,02,..,data(11h) * Weird Participated Reply 1 ;Cmd=A0h A2,02,..,data(11h) * Weird Participated Reply 2 ;Cmd=A2h A4,02,..,data(11h) * Weird Participated Reply 3 ;Cmd=A4h A6,02,..,data(11h) * Weird Participated Reply 4 ;Cmd=A6h A8,02,..,data(11h) * Weird Participated Reply 5 ;Cmd=A8h AA,02,..,data(11h) * Weird Participated Reply 6 ;Cmd=AAh AC,02,..,data(11h) * Weird Participated Reply 7 ;Cmd=ACh AE,02,..,data(11h) * Weird Participated Reply 8 ;Cmd=AEh C0,02,.. * Award Special Map Reply ;Cmd=C0h/D0h C2,02,.. * Award Event P-Letter Reply ;Cmd=C2h/D2h C4,02,.. * Award Event Item Reply ;Cmd=C4h/D4h C6,02,.. * Award Event Route Reply ;Cmd=C6h/D6h C8,02,.. * Award Stamp Heart Reply ;Cmd=B8h CA,02,.. * Award Stamp Spade Reply ;Cmd=BAh CC,02,.. * Award Stamp Diamond Reply ;Cmd=BCh CE,02,.. * Award Stamp Club Reply ;Cmd=BEh F0,02,..,data(28h) ?? Enroll Reply ;Cmd=F0h F8,02,.. Connect Reply ;Cmd=FAh FA,02,.. Connect Request from walker ;Cmd=FCh FC Connection Beacon ;Button? FE,02,.. * EEPROM Write [0008h..000Fh] Reply ;Cmd=FEh -?- Checksum Error... has no reply? or maybe sends Beacons? |
.. short for 16bit Checksum at hdr[2..3] and 32bit Session ID at hdr[4..7] xx somewhat don't care (usually 01h=From NDS, or 02h=From Walker) |
SessionID = ConnectRequestRandomID XOR ConnectReplyRandomID. |
| DS Cart Infrared P-Walker Memory Map |
[0FFD4h].0 Port 1 Data bit0 OUT SPI LCD chipselect (0=select) [0FFD4h].1 Port 1 Data bit1 OUT SPI LCD access mode (0=Cmd, 1=Data) [0FFD4h].2 Port 1 Data bit2 OUT SPI EEPROM chipselect (0=select) [0FFD6h].0 Port 3 Data bit0 OUT IrDA PWDOWN (1=disable IrDA RX) [0FFD6h].1 Port 3 Data bit1 IN IrDA RXD ;\via serial IrDA registers [0FFD6h].2 Port 3 Data bit2 OUT IrDA TXD ;/ [0FFDBh].2 Port 8 Data bit2 ? [0FFDBh].3 Port 8 Data bit3 ? [0FFDBh].4 Port 8 Data bit4 OUT A/D related ... whatfor LCD? accel? batt? [0FFDCh].0 Port 9 Data bit0 OUT SPI Accelerometer chipselect (0=select) [0FFDEh].0 Port B Data bit0 IN ? ;\ [0FFDEh].2 Port B Data bit2 IN ? ; maybe buttons [0FFDEh].4 Port B Data bit4 IN ? ;/ [0FFDEh].5 Port B Data bit5 OUT ? Timer W General A/B/C Audio Frequency/Volume IrDA IR Transfers SPI SPI 64Kbyte EEPROM, LCD Cmd/Data, Accelerometer A/D whatfor LCD? accel? batt? |
F780h 60h Misc variables F7E0h 2 main_callback ;<-- F7E2h ECh Misc variables F8CEh 8+80h Infrared RX/TX buffer hdr+data (also misc/heap) F956h 62Ah Temp buffer, free RAM, and stack ;<-- FF80h - Stacktop (end of RAM) |
0772h Send IR packet (F8D6h=src, r0l=len, r0h=hdr[0], r1l=hdr[1]) 08D6h Default callback (when in IR transfer mode) 259Eh Watchdog refresh |
0000h 8 ID "nintendo" (set after initial power-up eeprom init)
0008h 8 ID whatever (set via Cmd F0h and FEh) (never read)
0010h 62h ???
0072h 1 Number of watchdog resets
0073h 0Dh ???
0080h 02h+1 ADC calibration (factory-provided) ;\
0083h 28h+1 Unique ID (set via Cmd F0h) ; with 1-byte
00ACh 40h+1 LCD ConfigCmds (set via Cmd F0h) ; checksums
00EDh 68h+1 Identity Data ("provisioned" at walk start time) ; and backup
0156h 18h+1 Health Data ("provisioned" at walk start time) ; copies at
016Fh 01h+1 Copy Flag (00h=Normal, A5h=copy was interrupted) ; 0180h-027Fh
0171h 0Fh Unused ;/
0180h 100h Backup copies of entries at 0080h-0017Fh
0280h ... Various Bitmaps
8C70h ... Various Garbage, Bitmaps, Items, Team, Route
CE8Ah 2 current watts written to eeprom by cmd 20h before replying
(likely so remote can read them directly). u16 BE
CE8Ch ... Various stuff
CEF0h 1Ch Historic step count per day. u32 each, BE,
[0] is yesterday, [1] is day before, etc...
CF0Ch ... Various stuff
|
__________________ Data Structures (in EEPROM and Packets) ___________________ |
00h 28h Generated by the DS game at pairing time, unique per walker |
00h 4 Unknown (LE, always 1?) ;\written from game packet at walk start 04h 4 Unknown (LE, always 1?) ; ;<-- 0 at walk end ;copied from [0] 08h 2 Unknown (LE, always 7?) ; 0Ah 2 Unknown (LE, always 7?) ;/ ;<-- 0 at walk end ;copied from [8?] 0Ch 2 TrainerTID 0Eh 2 TrainerSID 10h 28h Unique ID 38h 10h EventBitmap (aka bitfield with 128 event flags?) 48h 10h Trainer Name (8 chars, using a custom 16bit charset, non-unicode) 58h 1 Unknown 59h 1 Unknown 5Ah 1 Unknown 5Bh 1 Flags (bit0=PairedToGame, bit1=HasPoke, bit2=PokeJoinedOnAWalk) 5Ch 1 ProtoVer (02h) (written by DS, refuse peer's with other values) 5Dh 1 Unknown 5Eh 1 ProtoSubver (00h) (written by DS, refuse peer's with other values) 5Fh 1 Unknown (02h) (written by DS at walk start) 60h 4 LastSyncTime ;Big Endian ;in WHAT... maybe seconds since WHEN? 64h 4 StepCount ;Big Endian ;since WHEN... today? lifetime? lastsync? |
00h 4 curStepCount (since WHEN?) 04h 2 curWatts 06h 2 Unused 08h 4 Unknown, copied from IdentityData[00h] 0Ch 2 Unknown, copied from IdentityData[08h] 0Eh 2 Species 10h 16h P-Nickname (11 chars) ;\the actual names in bitmap format 26h 10h Trainer Name (8 chars) ;/are stored elsewhere in EEPROM? 36h 1 GenderForm 37h 1 HasSpecialForms (spinda, arceus, unown, etc.) |
00h 1 u8 contrastAndFlags (if 00h/FFh? commands at ROM:BEB8h will be used) 01h 3Fh u8 commands[3fh] (Commands, or FDh,NNh=Delay(NNh), FEh=End of list) |
00h 28h Unique ID ;always written 28h 40h LCD Config Data ;written or verified depending on byte[70h] 68h 8 Whatever ID ;always written to EEPROM:0008h 70h 1 LCD Action (00h=WriteA, 01h=Compare, 03h=WriteB, 02h/04h-FFh=Nop) |
00h 4 u32 lifetimeTotalSteps 04h 4 u32 todaySteps //zeroed at midnight 08h 4 u32 lastSyncTime 0Ch 2 u16 totalDays 0Eh 2 u16 curWatts 10h 2 u16 unk_0 12h 1 u8 unk_1 13h 1 u8 unk_2 14h 3 u8 padding[3] 17h 1 u8 settings (bit0=isOnSpecialRoute, bit1-2=Volume, bit3-6=Contrast) |
| DS Cart Infrared P-Walker Ports LCD Controller |
1st Byte 2nd Byte Description
00h+(0..Fh) - Set Column Address bit0-3 ;\VRAM xloc in 1-pixel units
10h+(0..7) - Set Column Address bit4-6 ;/
18h+(0..7) - Reserved
20h+(0..7) - Set Internal Regulator Resistor Ratio
(0..7 = 2.3, 3.0, 3.7, 4.4, 5.1, 5.8, 6.5, 7.2)
28h+(0..7) - Set Power Control Register
bit2: Internal Voltage Booster (0=Off, 1=On)
bit1: Internal Regulator (0=Off, 1=On)
bit0: Output Op-amp Buffer (0=Off, 1=On)
30h+(0..0Fh) - Reserved
40h 00h-xxh Set Display Start Line (0..127?) (ROW) ("scroll yloc")
41h+(0..2) 00h-xxh Same as above?
44h 00h-xxh Set Display Offset (0..63) (COM0=ROW0..63) (pinout?)
45h+(0..2) 00h-xxh Same as above?
48h 00h-xxh Set Multiplex Ratio (num lines, duty 1/((16..64)+icon))
49h+(0..2) 00h-xxh Same as above?
4Ch 00h-3Fh Set N-line Inversion (0=Off, 1..31=Reduce crosstalk?)
4Ch 20h-FFh Same as above?
4Dh+(0..2) 00h-FFh Same as above?
50h+(0..7) - Set LCD Bias (0..5=1/(4..9), 6=1/9, too)
57h+(0..0Ch) - Reserved
64h+(0..3) - Set DC-DC Converter Factor (0=2x/3x, 1=4x, 2/3=5x)
68h+(0..18h) - Reserved
81h 00h-3Fh Set Contrast (0..3Fh, 3Fh=Darkest)
82h OTP Set VL6 voltage (00h..0Fh = original+Signed4bit(N))
83h OTP OTP Programming?
84h+(0..7) - Reserved
88h 00h-FFh Set White Mode (bit0-3=FrameA, bit4-7=FrameB)
89h 00h-FFh Set White Mode (bit0-3=FrameC, bit4-7=FrameD)
8Ah 00h-FFh Set Light Gray Mode (bit0-3=FrameA, bit4-7=FrameB)
8Bh 00h-FFh Set Light Gray Mode (bit0-3=FrameC, bit4-7=FrameD)
8Ch 00h-FFh Set Dark Gray Mode (bit0-3=FrameA, bit4-7=FrameB)
8Dh 00h-FFh Set Dark Gray Mode (bit0-3=FrameC, bit4-7=FrameD)
8Eh 00h-FFh Set Black Mode (bit0-3=FrameA, bit4-7=FrameB)
8Fh 00h-FFh Set Black Mode (bit0-3=FrameC, bit4-7=FrameD)
Above defines the grayscale palette for color 0-3,
normally all frames should use the same setting.
Color 0 is usually white (set to zero), color 3 is
usually black (set to number of levels selected via
cmd 90h). Color 1 and 2 are usually light/dark gray,
set to desired contrast, which may depend on the LCD.
90h+(0..7) - Set PWM and FRC for gray-scale operation
bit0-1: Levels (0/1=Nine, 2=Twelve, 3=Fifteen Levels)
bit2: Frames (0=Four, 1=Three Frames)
Note: Nintendo uses "9 levels" ranging from "0 to 9"
(maybe level 0 is treated as off, thus not counted)
98h+(0..7) - Reserved
A0h+(0..1) - Set Segment Remap (0=Col00h is SEG0, 1=Col7Fh is SEG0)
Aka xflip mirror?
A2h+(0..1) - Set Icon Enable (0=Disable, 1=Enable)
A4h+(0..1) - Set Entire Display On/Off (0=Show RAM, 1=All Pixels On)
A6h+(0..1) - Set Inverse Display (0=Normal, 1=Inverse On/Off Pixels)
A8h+(0..1) - Set Power Save Mode (0=Standby, 1=Sleep)
AAh - Reserved
ABh - Start Internal Oscillator (needed after reset)
ACh+(0..1) ? Reserved
AEh+(0..1) - Set Display On/Off (0=Off, 1=On)
B0h+(0..0Fh) - Set Page Address (00h..0Fh) ;VRAM yloc in 8-pixel units
C0h+(0,8) - Set COM Output Scan Direction (0=Normal, 8=Remapped)
Remapped: COM[0..(N-1)] becomes COM[(N-1)..0])
Aka yflip mirror?
C1h+(0..6) - Same as above (Normal)
C9h+(0..6) - Same as above (Remapped)
D0h+(0..10h) - Reserved
E1h - Exit Power-save Mode (return from Sleep/Standby modes)
E2h - Software Reset (initialize some internal registers)
E3h - Reserved
E4h - Exit N-line Inversion mode
E5h+(0..2) - Reserved
E8h LEN+DTA Transfer VRAM Display Data (for 3-wire SPI mode only)
(LEN=00h-FFh, followed by LEN+1 data bytes)
E9h+(0..6) - Reserved
F0h+(0..0Fh) .. Test mode commands and Extended features
F0h 00h-03h Ext. Set VL6 Noise reduction (0=Enable, 3=Disable)
F1h 08h-0Fh Ext. Set TC Value per 'C (0=-0.05%, 1=-0.07%, 2..7=?)
F2h 00h-07h Ext. Oscillator Adjustment
(0..7 = -9%, -6%, -3%, +0%, +3%, +6%, +9%, +12%)
F7h 00h-01h Ext. Oscillator Source (0=Internal, 1=External, 2=UNDOC)
F6h 00h-1Fh Ext. Frame Frequency Adjust
bit0-2: FrameFQ (0..7 = 0..7)
bit3-4: Fosc (0-3 = 59kHz, 75kHz, 94kHz, 113kHz)
FBh X2h,X6h Ext. Lock/Unlock Interface (bit2: 0=Unlock, 1=Lock)
|
00h+(xloc) AND 0Fh ;Set Column Address bit0-3 10h+(xloc/10h) ;Set Column Address bit4-6 B0h+(yloc/8) ;Set Page Address (00h..0Ah, other=reserved?) |
1st byte = bitplane 1 ;\color 0..3 are usually white, lgray, dgray, black 2nd byte = bitplane 0 ;/(palette can be changed via cmd 88h-8Fh though) |
3-wire SPI Serial write-only (/CS, CLK, MOSI, with cmd E8h instead D/C pin) 4-wire SPI Serial write-only (/CS, CLK, MOSI, D/C=Data/Cmd) 12-wire 8080 Parallel read/write (/CS, D0-D7, D/C, /RD, /WR) 12-wire 6800 Parallel read/write (/CS, D0-D7, D/C, E, R/W) |
7 BUSY Chip is executing instruction (0=Ready, 1=Busy) 6 ON Display is On/Off (0=Off, 1=On) 5 RES Chip is executing reset (0=Ready, 1=Busy) 4-0 - Fixed Chip ID (08h=SSD1850) |
SSD0852 128x128 would allow double-buffer, but extended commands are wrong
SSD0858 104x65 close, but extended commands are wrong
SSD0859 128x81 could be correct (almost same as SSD1850)
SSD1820 128x65 wrong, lacks palette (command 88h-8Fh)
SSD1820A 128x65 wrong, lacks palette (command 88h-8Fh)
SSD1821 128x81 wrong, lacks palette (command 88h-8Fh)
SSD1850 128x65 could be correct (ysiz is good, but no double-buffering)
SSD1851 128x81 as above, but more lines than needed
SSD1852 128x128 would allow double-buffer, but extended commands are wrong
SSD1854 128x160 wrong, uses 2-byte command B0h,YYh lacks extended commands
(also cmd 18h,20h,4xh,50h,60h-63h,64h,82h,83h,etc. differ)
SSD1858 104x65 close, but lacks many extended commands
SSD1859 128x81 could be correct (almost same as SSD1850)
|
| DS Cart Infrared P-Walker Ports Accelerometer BMA150 |
00h Chip ID (bit7-3=Unused, bit2-0=02h) 01h Version (bit7-4=al_version, bit3-0=ml_version) (undefined values) 02h Acc X Low (bit7-6=DataLsb, bit5-1=Unused, bit0=NewDataFlag) 03h Acc X High (bit7-0=DataMsb) 04h Acc Y Low (bit7-6=DataLsb, bit5-1=Unused, bit0=NewDataFlag) 05h Acc Y High (bit7-0=DataMsb) 06h Acc Z Low (bit7-6=DataLsb, bit5-1=Unused, bit0=NewDataFlag) 07h Acc Z High (bit7-0=DataMsb) 08h Temperature (bit7-0=DataTempMsb) (Lsb not existing, except in Trimming?) 09h Status Flags (see below) 0Ah Control Flags (see below) 0Bh Config Flags (see below) 0Ch LG Threshold (bit7-0) 0Dh LG Duration (bit7-0) 0Eh HG Threshold (bit7-0) 0Fh HG Duration (bit7-0) 10h Any Motion Threshold (bit7-0) 11h Misc Stuff (bit7-6=AnyMotionDur, bit5-3=HG Hyst, bit2-0=LG Hyst) 12h Customer Reserved 1 (bit7-0) 13h Customer Reserved 2 (bit7-0) 14h Range/Bandwidth (bit7-5=Reserved, bit4-3=Range, bit2-0=Bandwidth) 15h Misc Flags (see below) 16h Trimming X Low (bit7-6=OffsetLsb, bit5-0=Gain) 17h Trimming Y Low (bit7-6=OffsetLsb, bit5-0=Gain) 18h Trimming Z Low (bit7-6=OffsetLsb, bit5-0=Gain) 19h Trimming T Low (bit7-6=OffsetLsb, bit5-0=Gain) 1Ah Trimming X High (bit7-0=OffsetMsb) 1Bh Trimming Y High (bit7-0=OffsetMsb) 1Ch Trimming Z High (bit7-0=OffsetMsb) 1Dh Trimming T High (bit7-0=OffsetMsb) 1Eh-22h BST reserved (official blank/green) 23h BST reserved (official blank/white) 24h-2Ah Not used (official gray/dither) 2Bh-3Dh EEPROM Defaults for Registers 0Bh-1Dh 3Eh-42h BST reserved (official blank/orange) 43h-49h Not used (official gray/dither) 4Ah-4Fh Not mentioned (official not here) 50h-7Fh BST reserved (official blank/cyan) |
7 ST Result 6-5 Not used (official piss/dither) 4 Alert Phase 3 LG_latched 2 HG_latched 1 LG_status 0 HG_status |
7 Reserved (official gray/dither) 6 Reset INT 5 Update IMAGE 4 EE_W (uh? maybe eeprom write?) 3 Self Test 1 2 Self Test 0 1 Soft Reset 0 Sleep |
7 Alert 6 Any Motion 5-4 Counter HG 3-2 Counter LG 1 Enable HG 0 Enable LG |
7 SPI4 6 enable_adv_INT 5 new_data_INT 4 latch_INT 3 shadow_dis 2-1 wake_up_pause 0 wake_up |
| DS Cart Infrared Component Lists |
Case "Nintendo, NTR-031. PAT. PEND., IMWPN1J12" PCB "DA A-4 IRU01-10" (two layers) plus "IRL01-01 "(brown extra film layer) U1 32pin "S906748-1, SanDisk, 11014-64B, P0A837.00, 0843, NTR-IMWP-1" (ROM) U2 32pin "38600R, A06V, AH00167, 0832" (CPU, ROM 8Kbyte, RAM 0.5KByte) U3 5pin "?" (OR-gate? flipflop?) (for forwarding SPI /CS to FLASH /CS) U4 8pin "45PE80VG, HPAMZ V5, KOR 833X, ST e3" (SPI FLASH 1024 Kbytes) U1' 7pin "5 S.. 9" IR transceiver (on brown film layer) X1 6pin "737Wv" ;7.37MHz? /FLASH.CS --|""""|-- GND R1,R2,RA1 resistors | U3 |-- /SPI.CS (from NDS) C1,C2,C3,C4,C5,C6 capacitors VDD33 --|____|-- U2.pinxxx |
PCB "DI Y-1 IRC02-01" (two layers, without brown extra film layer) U1 32pin "MXIC..." (ROM) U2 32pin "..." (CPU, ROM 8Kbyte, RAM 0.5KByte) U3 5pin "..." (OR-gate? flipflop?) (for forwarding SPI /CS to FLASH /CS) U4 8pin "..." (SPI FLASH) U5 7pin "..." IR transceiver X1 6pin "..." R1,R2,RA1 resistors C1,C2,C3,C4,C5,C6 capacitors |
Case "Nintendo DS, NTR-027, (C) 2008 Nintendo, NTR-A-HC, Made in Japan" Case "CE ./ VCI, ACN 060 566 083, Nintendo" PCB "NTR-DHC-01" (in water resistant case) Ux 32pin Side-A "38602R, F22V, AH04731, 0834" (CPU, ROM 16Kbyte, RAM 1KByte) U2 8pin Side-B "564X, 48H3, 30" (SPI EEPROM 8Kbyte, ST M95640-W or similar) U3 7pin Side-B "1 S. 9" IR transceiver ?? 2pin Side-A huge smd capacitor shaped thing, maybe analog 1-axis sensor? ?? 2pin Side-A huge smd capacitor shaped thing, maybe analog 1-axis sensor? Ux/Qx Side-A many small chips with 3-6 pins and few markings Xx 3pin Side-A "CB825" ;32.768-kHz or 38.4-kHz Crystal Resonator? Yx 6pin Side-A ":i] 3.68t" ;3.68MHz (115.2kHz*32) C1..C34 Plenty capacitors R1..R28 Plenty resistors BTI 2pin Side-B Battery holder (for CR2032 H, 3V) Button Side-A Push button (communication button) |< 4pin Side-A Two color LED |
Case "?"
PCB "NTR-PHC-01" (with green solder stop & unconventional black text layer)
U1 32pin Side-B "F38606, F04V, AK04052, 0942" (CPU,FLASH 48Kbyte,RAM 2KByte)
U2 4pin Side-A "?"
U3 4pin Side-A "?"
U4 4pin Side-A "M_RA"
U5 7pin Side-B IR transceiver
U6 8pin Side-A "Sxxxx, xxxx" (maybe SPI EEPROM?)
U7 12pin Side-B "043, A939, 021" (accelerometer?) (Bosch BMA150 ?)
U8 5pin Side-A "?"
Q1 6pin Side-A "Z4"
D1 3pin Side-A "?" dual diode or so
X1 3pin Side-B "EAJJ" ;32.768-kHz or 38.4-kHz Crystal Resonator?
Y1 6pin Side-B "3.68" ;3.68MHz (115.2kHz*32)
BZ1 2pin Side-B wires to piezo speaker (aka buzzer)
CN1 14pin Side-A LCD connector 14pin? or 2x14pin? (without backlight)
(with SSD1850 display controller (or similar) inside of LCD screen)
(96x64 2-bit greyscale screen) (reportedly with SPI bus)
BT+/- Side-B Battery contacts for removeable battery (for CR2032, 3V)
C1..C29 Plenty capacitors
R1..R22 Plenty resistors
SW's Side-A Three buttons (left, center, right)
|
PCB "SAMU-01" (with green solder stop & unconventional black text layer) U1 40pin Side-B "R5F101EEA, 1242KE415, SINGAPORE" (RL78 CPU) U2 7pin Side-B "845G2947" IR transceiver, with metal shield U3 16pin Side-B (not installed) U4 16pin Side-A --UNKNOWN MARKING, BAD PHOTO-- maybe accelerometer U5 4pin Side-A --UNKNOWN MARKING, BAD PHOTO-- maybe SPI EEPROM/FLASH U6 4pin Side-A (not installed) U7 7pin Side-B "I357, U231, 094" whatever, in metal shielded case X1 3pin Side-B "EABL" crystal or so BZ1 2pin Side-B wires to piezo speaker (aka buzzer) CN1 14pin Side-A LCD connector 14pin? or 2x14pin? (without backlight) BT+/- Side-B Battery contacts for removeable battery Q1 3pin Side-A Transistor or so D1..D2 Side-A Diodes (3pin each) C1..C29 Plenty capacitors R1..R22 Plenty resistors SW's Side-A Three buttons (left, center, right) |
| H8/386 SFRs |
F020h FLMCR1 FLASH Memory Control 1 F021h FLMCR2 FLASH Memory Control 2 F022h FLPWCR FLASH Memory Power Control F023h EBR1 FLASH Erase Block 1 F02Bh FENR FLASH Memory Enable F067h RTCFLG RTC Interrupt Flag F068h RSECDR RTC Seconds / Free running counter F069h RMINDR RTC Minutes F06Ah RHRDR RTC Hours F06Bh RWKDR RTC Day-of-week F06Ch RTCCR1 RTC Control 1 F06Dh RTCCR2 RTC Control 2 F06Fh RTCCSR RTC Clock Source Select F078h ICCR1 I2C Bus Control 1 F079h ICCR2 I2C Bus Control 2 F07Ah ICMR I2C Bus Mode F07Bh ICIER I2C Bus Interrupt Enable F07Ch ICSR I2C Bus Status F07Dh SAR I2C Slave Address F07Eh ICDRT I2C Bus Transmit Data F07Fh ICDRR I2C Bus Receive Data F085h PFCR System Port Function Control F086h PUCR8 Port 8 Pull-up Control F087h PUCR9 Port 9 Pull-up Control F08Ch PODR9 Port 9 Open-drain Control F0D0h TMB1 Timer B1 Mode F0D1h TC/LB1 Timer B1 Counter (R) / Load (W) F0DCh CMCR0 Compare Control 0 F0DDh CMCR1 Compare Control 1 F0DEh CMDR Compare Data F0E0h SSCRH SPI Synchronous Serial Control H (AccessState3) F0E1h SSCRL SPI Synchronous Serial Control L (AccessState3) F0E2h SSMR SPI Synchronous Serial Mode (AccessState3) F0E3h SSER SPI Synchronous Serial Enable (AccessState3) F0E4h SSSR SPI Synchronous Serial Status (AccessState3) F0E9h SSRDR SPI Synchronous Serial Receive Data (AccessState3) F0EBh SSTDR SPI Synchronous Serial Transmit Data (AccessState3) F0F0h TMRW Timer W Mode F0F1h TCRW Timer W Control F0F2h TIERW Timer W Interrupt Enable F0F3h TSRW Timer W Status F0F4h TIOR0 Timer W I/O control 0 F0F5h TIOR1 Timer W I/O control 1 F0F6h TCNT Timer W Counter (16bit) F0F8h GRA Timer W General A (16bit) F0FAh GRB Timer W General B (16bit) F0FCh GRC Timer W General C (16bit) F0FEh GRD Timer W General D (16bit) |
FF8Ch ECPWCR Async Event Counter PWM Compare (16bit) FF8Eh ECPWDR Async Event Counter PWM Data (16bit) FF91h SPCR IrDA UART Serial 3 Port Control FF92h AEGSR Async Event Input Pin Edge Select FF94h ECCR Async Event Counter Control FF95h ECCSR Async Event Counter Control/Status FF96h ECH Async Event Counter H FF97h ECL Async Event Counter L FF98h SMR3 IrDA UART Serial 3 Mode (AccessState3) FF99h BRR3 IrDA UART Serial 3 Bit Rate (AccessState3) FF9Ah SCR3 IrDA UART Serial 3 Control (AccessState3) FF9Bh TDR3 IrDA UART Serial 3 Transmit Data (AccessState3) FF9Ch SSR3 IrDA UART Serial 3 Status (AccessState3) FF9Dh RDR3 IrDA UART Serial 3 Receive Data (AccessState3) FFA6h SEMR IrDA UART Serial 3 Extended Mode (AccessState3) FFA7h IrCR IrDA Control FFB0h TMWD Timer WD Watchdog Mode FFB1h TCSRWD1 Timer WD Watchdog Control/Status 1 FFB2h TCSRWD2 Timer WD Watchdog Control/Status 2 FFB3h TCWD Timer WD Watchdog Counter FFBCh ADRR A/D Converter Result (16bit) FFBEh AMR A/D Converter Mode FFBFh ADSR A/D Converter Start FFC0h PMR1 Port 1 Mode FFC2h PMR3 Port 3 Mode FFCAh PMRB Port B Mode FFD4h PDR1 Port 1 Data FFD6h PDR3 Port 3 Data FFDBh PDR8 Port 8 Data FFDCh PDR9 Port 9 Data FFDEh PDRB Port B Data FFE0h PUCR1 Port 1 Pull-up Control FFE1h PUCR3 Port 3 Pull-up Control FFE4h PCR1 Port 1 Control FFE6h PCR3 Port 3 Control FFEBh PCR8 Port 8 Control FFECh PCR9 Port 9 Control FFF0h SYSCR1 System Control 1 FFF1h SYSCR2 System Control 2 FFF2h IEGR Interrupt Edge Select FFF3h IENR1 Interrupt Enable 1 FFF4h IENR2 Interrupt Enable 2 FFF5h OSCCR System Oscillator Control FFF6h IRR1 Interrupt Flag 1 FFF7h IRR2 Interrupt Flag 2 FFFAh CKSTPR1 Clock Stop 1 FFFBh CKSTPR2 Clock Stop 2 |
| H8/386 Exception Vectors |
0000h Reset/Watchdog 0002h Reserved 0004h Reserved 0006h Reserved 0008h Reserved 000Ah Reserved 000Ch Reserved 000Eh External NMI interrupt 0010h Trap 0 opcode 0012h Trap 1 opcode 0014h Trap 2 opcode 0016h Trap 3 opcode 0018h Reserved 001Ah CPU Direct transition by executing SLEEP 001Ch Reserved 001Eh Reserved 0020h External IRQ0 interrupt 0022h External IRQ1 interrupt 0024h External IRQAEC interrupt 0026h Reserved 0028h Reserved 002Ah Comparator COMP0 002Ch Comparator COMP1 002Eh RTC per 0.25 seconds (4Hz) ;0.25-second overflow 0030h RTC per 0.5 seconds (2Hz) ;0.5-second overflow 0032h RTC per second (1Hz) ;Second periodic overflow 0034h RTC per minute ;Minute periodic overflow 0036h RTC per hour ;Hour periodic overflow 0038h RTC per day ;Day-of-week periodic overflow 003Ah RTC per week (7 days) ;Week periodic overflow 003Ch RTC Free-running overflow 003Eh WDT overflow (interval timer) 0040h Asynchronous event counter overflow 0042h Timer B1 Overflow 0044h Serial SPI (or IIC2) (aka I2C ?) 0046h Timer W Overflow or Capture/compare A,B,C,D 0048h Reserved 004Ah IrDA UART Serial 3 004Ch A/D Conversion end 004Eh Reserved |
| H8/300H Operands |
R0..R6 32bit General Purpose ;\can be alternately used as R7 (SP) 32bit Stack Pointer ;/8bit/16bit registers (see below) PC 24bit Program Counter CCR 8bit Flags (occupies 16bit when pushed/stored in memory) |
.-----------------------.
| ERx | 32bit (ERx)
|-----------+-----------|
| Ex | Rx | 16bit (Rx)
'-----------+-----+-----|
' RxH | RxL | 8bit (RxB)
'-----'-----'
|
Normal Mode --> 16bit addressing (default) Extended Mode --> 24bit addressing |
Native Nocash @aa:8 [FFaa] Memory at FF00h..FFFFh (upper RAM and SFR's) @aa:16 [nnnn] @aa:24 [nnnnnn] @Erm [Erm] @(d:16,ERm) [ERm+nnnn] @(d:24,ERm) [ERm+nnnnnn] @ERm+ [ERm+] Memory access with post-increment @-ERm [ERm-] Memory access with pre-decrement (implied) [ER6+],[ER5+] Memory block transfer (EEPMOV) |
Native Nocash #nn:8,@aa:8 [FFaa].n RnB,@aa:8 [FFaa].RnB #nn:8,RdB RdB.n RnB,RdB RdB.RnB |
| H8/300H Opcodes |
0..7 8bit Registers R0H..R7H (bit8-15) ;\RxB 8..F 8bit Registers R0L..R7L (bit0-7) ;/ 0..7 16bit Registers R0..R7 (bit0-15) ;\Rx 8..F 16bit Registers E0..E7 (bit16-31) ;/ 0..7 32bit Registers ER0..ER7 (bit0-31) ;-ERx (in normal opcodes) 8..F 32bit Registers ER0..ER7 (bit0-31) ;-ERx (in opcodes marked *m,*s) |
Opcode Native Nocash States IxHUNZVC 0.. --> Misc 0xxx 1.. --> Misc 1xxx 2dnn MOV.B @aa:8,RdB MOV.B RdB,[FFaa] 4 ----nz0- 3snn MOV.B Rs,@aa:8 MOV.B [FFaa],Rs 4 ----nz0- 4cnn --> Jumps (relative 8bit range) 5.. --> Jumps (various) and unsigned mul/div 6.. --> Misx 6xxx 7.. --> Misc 7xxx 8dnn ADD.B #nn:8,RdB ADD.B RdB,nn 2 --h-nzvc 9dnn ADDX #nn:8,RdB ADC.B RdB,nn 2 --h-nzvc Adnn CMP.B #nn:8,RdB CMP.B RdB,nn 2 --h-nzvc Bdnn SUBX #nn:8,RdB SBC.B RdB,nn 2 --h-nzvc Cdnn OR.B #nn:8,RdB OR.B RdB,nn 2 ----nz0- Ddnn XOR.B #nn:8,RdB XOR.B RdB,nn 2 ----nz0- Ednn AND.B #nn:8,RdB AND.B RdB,nn 2 ----nz0- Fdnn MOV.B #nn:8,RdB MOV.B RdB,nn 2 ----nz0- |
0000 NOP NOP 2 -------- 01.. --> Misc 01xx ;Memory Load/Store (32bit ERn) etc. 020d STC.B CCR,RdB MOV.B RdB,CCR 2 -------- 030s LDC.B RsB,CCR MOV.B CCR,RsB 2 xxxxxxxx 04nn ORC #nn:8,CCR OR.B CCR,nn 2 xxxxxxxx 05nn XORC #nn:8,CCR XOR.B CCR,nn 2 xxxxxxxx 06nn ANDC #nn:8,CCR AND.B CCR,nn 2 xxxxxxxx 07nn LDC.B #nn:8,CCR MOV.B CCR,nn 2 xxxxxxxx 08sd ADD.B RsB,RdB ADD.B RdB,RsB 2 --h-nzvc 09sd ADD.W Rs,Rd ADD.W Rd,Rs 2 --h-nzvc 0A.. --> Increment/Add 0B.. --> Increment/Add 0Csd MOV.B RsB,RdB MOV.B RdB,RsB 2 ----nz0- 0Dsd MOV.W Rs,Rd MOV.W Rd,Rs 2 ----nz0- 0Esd ADDX RsB,RdB ADC.B RdB,RsB 2 --h-nzvc 0F0d DAA RdB DAA.B RdB 2 --U-nzUc 0Fsd *s MOV.L ERs,ERd MOV.L ERd,ERs 2 ----nz0- |
010069md MOV.L @ERm,ERd MOV.L ERd,[ERm] 8 ----nz0- 014069m0 LDC.W @ERm,CCR MOV.W CCR,[ERm] 6 xxxxxxxx 010069ms *m MOV.L ERs,@ERm MOV.L [ERm],ERs 8 ----nz0- 014069m0 *m STC.W CCR,@ERm MOV.W [ERm],CCR 6 -------- 01006B0dnnnn MOV.L @aa:16,ERd MOV.L ERd,[nnnn] 10 ----nz0- 01406B00nnnn LDC.W @aa:16,CCR MOV.W CCR,[nnnn] 8 xxxxxxxx 01006B2d00nnnnnn MOV.L @aa:24,ERd MOV.L ERd,[nnnnnn] 12 ----nz0- 01406B2000nnnnnn LDC.W @aa:24,CCR MOV.W CCR,[nnnnnn] 10 xxxxxxxx 01006B8snnnn MOV.L ERs,@aa:16 MOV.L [nnnn],ERs 10 ----nz0- 01406B80nnnn STC.W CCR,@aa:16 MOV.W [nnnn],CCR 8 -------- 01006BAs00nnnnnn MOV.L ERs,@aa:24 MOV.L [nnnnnn],ERs 12 ----nz0- 01406BA000nnnnnn STC.W CCR,@aa:24 MOV.W [nnnnnn],CCR 10 -------- 01006Dmd MOV.L @ERm+,ERd MOV.L ERd,[ERm+] 10 ----nz0- 01406Dm0 LDC.W @ERm+,CCR MOV.W CCR,[ERm+] 8 xxxxxxxx 01006Dms *m MOV.L ERs,@-ERm MOV.L [ERm-],ERs 10 ----nz0- 01406Dm0 *m STC.W CCR,@-ERm MOV.W [ERm-],CCR 8 -------- 01006Fmdnnnn MOV.L @(d:16,ERm),ERd MOV.L ERd,[ERm+nnnn] 10 ----nz0- 01406Fm0nnnn LDC.W @(d:16,ERm),CCR MOV.W CCR,[ERm+nnnn] 8 xxxxxxxx 01006Fmsnnnn *m MOV.L ERs,@(d:16,ERm) MOV.L [ERm+nnnn],ERs 10 ----nz0- 01406Fm0nnnn *m STC.W CCR,@(d:16,ERm) MOV.W [ERm+nnnn],CCR 8 -------- 010078m06B2d00.. MOV.L @(d:24,ERm),ERd MOV.L ERd,[ERm+nnnnnn] 14 ----nz0- 014078m06B2000.. LDC.W @(d:24,ERm),CCR MOV.W CCR,[ERm+nnnnnn] 12 xxxxxxxx 010078m06BAs00..*? MOV.L ERs,@(d:24,ERm) MOV.L [ERm+nnnnnn],ERs 14 ----nz0- 014078m06BA000.. STC.W CCR,@(d:24,ERm) MOV.W [ERm+nnnnnn],CCR 12 -------- 0180 SLEEP HALT 2 -------- 01C050sd MULXS.B RsB,Rd SMUL.B Rd,RsB 16 ----nz-- 01C052sd MULXS.W Rs,ERd SMUL.W ERd,Rs 24 ----nz-- 01D051sd DIVXS.B RsB,Rd SDIV.B Rd,RsB 16 ----nz-- 01D053sd DIVXS.W Rs,ERd SDIV.W ERd,Rs 24 ----nz-- 01F064sd OR.L ERs,ERd OR.L ERd,ERs 4 ----nz0- 01F065sd XOR.L ERs,ERd XOR.L ERd,ERs 4 ----nz0- 01F066sd AND.L E?Rs,ERd AND.L ERd,ERs 4 ----nz0- |
10.. --> Shift/Rotate (shift left) 11.. --> Shift/Rotate (shift right) 12.. --> Shift/Rotate (rotate left) 13.. --> Shift/Rotate (rotate right) 14sd OR.B RsB,RdB OR.B RdB,RsB 2 ----nz0- 15sd XOR.B RsB,RdB XOR.B RdB,RsB 2 ----nz0- 16sd AND.B RsB,RdB AND.B RdB,RsB 2 ----nz0- 17.. --> Not/Neg/Extend 18sd SUB.B RsB,RdB SUB.B RdB,RsB 2 --h-nzvc 19sd SUB.W Rs,Rd SUB.W Rd,Rs 2 --h-nzvc 1A.. --> Decrement/Subtract 1B.. --> Decrement/Subtract 1Csd CMP.B RsB,RdB CMP.B RdB,RsB 2 --h-nzvc 1Dsd CMP.W Rs,Rd CMP.W Rd,Rs 2 --h-nzvc 1Esd SUBX RsB,RdB SBC.B RdB,RsB 2 --h-nzvc 1F0d DAS RdB DAS.B RdB 2 --U-nzU? 1Fsd *s CMP.L ERs,ERd CMP.L ERd,ERs 2 --h-nzvc |
100d SHLL.B RdB SHL.B RdB 2 ----nz0c 101d SHLL.W Rd SHL.W Rd 2 ----nz0c 103d SHLL.L ERd SHL.L ERd 2 ----nz0c 108d SHAL.B RdB SAL.B RdB 2 ----nzvc 109d SHAL.W Rd SAL.W Rd 2 ----nzvc 10Bd SHAL.L ERd SAL.L ERd 2 ----nzvc 110d SHLR.B RdB SHR.B RdB 2 ----0z0c 111d SHLR.W Rd SHR.W Rd 2 ----0z0c 113d SHLR.L ERd SHR.L ERd 2 ----0z0c 118d SHAR.B RdB SAR.B RdB 2 ----nz0c 119d SHAR.W Rd SAR.W Rd 2 ----nz0c 11Bd SHAR.L ERd SAR.L ERd 2 ----nz0c 120d ROTXL.B RdB RCL.B RdB 2 ----nz0c 121d ROTXL.W Rd RCL.W Rd 2 ----nz0c 123d ROTXL.L ERd RCL.L ERd 2 ----nz0c 128d ROTL.B RdB ROL.B RdB 2 ----nz0c 129d ROTL.W Rd ROL.W Rd 2 ----nz0c 12Bd ROTL.L ERd ROL.L ERd 2 ----nz0c 130d ROTXR.B RdB RCR.B RdB 2 ----nz0c 131d ROTXR.W Rd RCR.W Rd 2 ----nz0c 133d ROTXR.L ERd RCR.L ERd 2 ----nz0c 138d ROTR.B RdB ROR.B RdB 2 ----nz0c 139d ROTR.W Rd ROR.W Rd 2 ----nz0c 13Bd ROTR.L ERd ROR.L ERd 2 ----nz0c |
170d NOT.B RdB NOT.B RdB 2 ----nz0- 171d NOT.W Rd NOT.W Rd 2 ----nz0- 173d NOT.L Rd NOT.L ERd 2 ----nz0- 175d EXTU.W Rd UMOV Rd,RdL ;or Ed,EdL? 2 ----0z0- 177d EXTU.L ERd UMOV ERd,Rd 2 ----0z0- 178d NEG.B RdB NEG.B RdB 2 --h-nzvc 179d NEG.W Rd NEG.W Rd 2 --h-nzvc 17Bd NEG.L Rd NEG.L ERd 2 --h-nzvc 17Dd EXTS.W Rd SMOV Rd,RdL ;or Ed,EdL? 2 ----nz0- 17Fd EXTS.L ERd SMOV ERd,Rd 2 ----nz0- |
0A0d INC.B RdB INC.B RdB,1 2 ----nzv- 1A0d DEC.B RdB DEC.B RdB,1 2 ----nzv- 0Asd *s ADD.L E?Rs,ERd ADD.L ERd,ERs 2 --h-nzvc 1Asd *s SUB.L ERs,ERd SUB.L ERd,ERs 2 --h-nzvc 0B0d ADDS #1,ERd INC.S ERd,1 2 -------- 1B0d SUBS #1,ERd DEC.S ERd,1 2 -------- 0B5d INC.W #1,Rd INC.W Rd,1 2 ----nzv- 1B5d DEC.W #1,Rd DEC.W Rd,1 2 ----nzv- 0B7d INC.L #1,ERd INC.L ERd,1 2 ----nzv- 1B7d DEC.L #1,ERd DEC.L ERd,1 2 ----nzv- 0B8d ADDS #2,ERd INC.S ERd,2 2 -------- 1B8d SUBS #2,ERd DEC.S ERd,2 2 -------- 0B9d ADDS #4,ERd INC.S ERd,4 2 -------- 1B9d SUBS #4,ERd DEC.S ERd,4 2 -------- 0BDd INC.W #2,Rd INC.W Rd,2 2 ----nzv- 1BDd DEC.W #2,Rd DEC.W Rd,2 2 ----nzv- 0BFd INC.L #2,ERd INC.L ERd,2 2 ----nzv- 1BFd DEC.L #2,ERd DEC.L ERd,2 2 ----nzv- |
50sd MULXU.B RsB,Rd UMUL.B Rd,RsB 14 ----nz-- 51sd DIVXU.B RsB,Rd UDIV.B Rd,RsB 14 ----nz-- 52sd MULXU.W Rs,ERd UMUL.W ERd,Rs 22 ----nz-- 53sd DIVXU.W Rs,ERd UDIV.W ERd,Rs 22 ----nz-- 5470 RTS RET 8,10 -------- 55nn BSR d:8 CALL $+/-nn 6,8 -------- 5670 RTE RETI 10 xxxxxxxx 57n0 TRAPA #n:2 TRAP 0..3 ;[0010h+n*2] 14 1x------ 58c0nnnn --> Jumps (relative 16bit range) 59s0 JMP @ERs JMP ERs 4 -------- 5Annnnnn JMP @aa:24 JMP nnnnnn 6 -------- 5Baa JMP @@aa:8 JMP [FFaa] 8,10 -------- 5C00nnnn BSR d:16 CALL $+/-nnnn 8,10 -------- 5Ds0 JSR @ERs CALL ERs 6,8 -------- 5Ennnnnn JSR @aa:24 CALL nnnnnn 8,10 -------- 5Faa JSR @@aa:8 CALL [FFaa] 8,12 -------- |
4cnn Bcc d:8 Jcc $+/-nn 4 -------- 58c0nnnn Bcc d:16 Jcc $+/-nnnn 6 -------- |
0 BRA or BT JMP ;always/true 1 BRN or BF - ;never/false 2 BHI JA ;unsigned-above 3 BLS JBE ;unsigned-below-equal 4 BCC or BHS JNC or JAE ;unsigned-above-equal 5 BCS or BLO JC or JB ;unsigned-below 6 BNE JNZ or JNE ;not equal/zero 7 BEQ JZ or JE ;equal/zero 8 BVC JNO ;signed-no overflow 9 BVS JO ;signed-n-overflow A BPL JNS ;signed-n-plus B BMI JS ;signed-n-minus C BGE JGE ;signed-n-greater-eq D BLT JL ;signed-n-less E BGT JG ;signed-n-greater F BLE JLE ;signed-n-less-equal |
60nd BSET RnB,RdB SET RdB.RnB 2 --------
61nd BNOT RnB,RdB NOT RdB.RnB 2 --------
62nd BCLR RnB,RdB CLR RdB.RnB 2 --------
63nd BTST RnB,RdB TST RdB.RnB 2 -----z--
64sd OR.W Rs,Rd OR.W Rd,Rs 2 ----nz0-
65sd XOR.W Rs,Rd XOR.W Rd,Rs 2 ----nz0-
66sd AND.W Rs,Rd AND.W Rd,Rs 2 ----nz0-
67nd *i B{I}ST #nn:8,RdB MOV RdB.n,{not} C 2 --------
68md MOV.B @ERm,RdB MOV.B RdB,[ERm] 4 ----nz0-
68ms *m MOV.B RsB,@ERm MOV.B [ERm],RsB 4 ----nz0-
69md MOV.W @ERm,Rd MOV.W Rd,[ERm] 4 ----nz0-
69ms *m MOV.W Rs,@ERm MOV.W [ERm],Rs 4 ----nz0-
6A0dnnnn MOV.B @aa:16,RdB MOV.B RdB,[aaaa] 6 ----nz0-
6A2d00nnnnnn MOV.B @aa:24,RdB MOV.B RdB,[aaaaaa] 8 ----nz0-
6A4dnnnn MOVFPE @aa:16,RdB MOV.B RdB,[periph:aaaa] * ----nz0-
6A8snnnn MOV.B RsB,@aa:16 MOV.B [aaaa],RsB 6 ----nz0-
6AAs00nnnnnn MOV.B RsB,@aa:24 MOV.B [aaaaaa],RsB 8 ----nz0-
6ACsnnnn MOVTPE RsB,@aa:16 MOV.B [periph:aaaa],RsB * ----nz0-
6B0dnnnn MOV.W @aa:16,Rd MOV.W Rd,[aaaa] 6 ----nz0-
6B2d00nnnnnn MOV.W @aa:24,Rd MOV.W Rd,[aaaaaa] 8 ----nz0-
6B8snnnn MOV.W Rs,@aa:16 MOV.W [aaaa],Rs 6 ----nz0-
6BAs00nnnnnn MOV.W Rs,@aa:24 MOV.W [aaaaaa],Rs 8 ----nz0-
6Cmd MOV.B @ERm+,RdB MOV.B RdB,[ERm+] 6 ----nz0-
6Cms *m MOV.B RsB,@-ERm MOV.B [ERm-],RsB 6 ----nz0-
6Dmd MOV.W @ERm+,RdB MOV.W RdB,[ERm+] 6 ----nz0-
6Dms *m MOV.W RsB,@-ERm MOV.W [ERm-],RsB 6 ----nz0-
6Emdnnnn MOV.B @(d:16,ERm),RdB MOV.B RdB,[ERm+nnnn] 6 ----nz0-
6Emsnnnn *m MOV.B RsB,@(d:16,ERm) MOV.B [ERm+nnnn],RsB 6 ----nz0-
6Fmdnnnn MOV.W @(d:16,ERm),Rd MOV.W Rd,[ERm+nnnn] 6 ----nz0-
6Fmsnnnn *m MOV.W Rs,@(d:16,ERm) MOV.W [ERm+nnnn],Rs 6 ----nz0-
|
70nd BSET #nn:8,RdB SET RdB.n 2 --------
71nd BNOT #nn:8,RdB NOT RdB.n 2 --------
72nd BCLR #nn:8,RdB CLR RdB.n 2 --------
73nd BTST #nn:8,RdB TST RdB.n 2 -----z--
74nd *i B{I}OR #nn:8,RdB OR C,{not} RdB.n 2 -------c
75nd *i B{I}XOR #nn:8,RdB XOR C,{not} RdB.n 2 -------c
76nd *i B{I}AND #nn:8,RdB AND C,{not} RdB.n 2 -------c
77nd *i B{I}LD #nn:8,RdB MOV C,{not} RdB.n 2 -------c
78m06A2d00nnnnnn MOV.B @(d:24,ERm),RdB MOV.B RdB,[ERm+nnnnnn] 10 ----nz0-
78m06AAs00nnnnnn MOV.B RsB,@(d:24,ERm) MOV.B [ERm+nnnnnn],RsB 10 ----nz0-
78m06B2d00nnnnnn MOV.W @(d:24,ERm),Rd MOV.W Rd,[ERm+nnnnnn] 10 ----nz0-
78m06BAs00nnnnnn*? MOV.W Rs,@(d:24,ERm) MOV.W [ERm+nnnnnn],Rs 10 ----nz0-
79.. --> Immediate (16bit)
7A.. --> Immediate (32bit)
7B5C498F EEPMOV.B MOV [ER6+],[ER5+],R4L- 8+4n --------
7BD4598F EEPMOV.W MOV [ER6+],[ER5+],R4- 8+4n --------
7C.. --> Bit Operations (Memory at ERm)
7D.. --> Bit Operations (Memory at ERm)
7E.. --> Bit Operations (Memory at FFaa)
7F.. --> Bit Operations (Memory at FFaa)
|
790dnnnn MOV.W #nnnn:16,Rd MOV.W Rd,nnnn 4 ----nz0- 791dnnnn ADD.W #nnnn:16,Rd ADD.W Rd,nnnn 4 --h-nzvc 792dnnnn CMP.W #nnnn:16,Rd CMP.W Rd,nnnn 4 --h-nzvc 793dnnnn SUB.W #nnnn:16,Rd SUB.W Rd,nnnn 4 --h-nzvc 794dnnnn OR.W #nnnn:16,Rd OR.W Rd,nnnn 4 ----nz0- 795dnnnn XOR.W #nnnn:16,Rd XOR.W Rd,nnnn 4 ----nz0- 796dnnnn AND.W #nnnn:16,Rd AND.W Rd,nnnn 4 ----nz0- 7A0dnnnnnnnn MOV.L #nnnnnnnn:32,E?Rd MOV.L E?Rd,nnnnnnnn 6 ----nz0- 7A1dnnnnnnnn ADD.L #nnnnnnnn:32,ERd ADD.L ERd,nnnnnnnn 6 --h-nzvc 7A2dnnnnnnnn CMP.L #nnnnnnnn:32,ERd CMP.L ERd,nnnnnnnn 6 --h-nzvc 7A3dnnnnnnnn SUB.L #nnnnnnnn:32,ERd SUB.L ERd,nnnnnnnn 6 --h-nzvc 7A4dnnnnnnnn OR.L #nnnnnnnn:32,ERd OR.L ERd,nnnnnnnn 6 ----nz0- 7A5dnnnnnnnn XOR.L #nnnnnnnn:32,ERd XOR.L ERd,nnnnnnnn 6 ----nz0- 7A6dnnnnnnnn AND.L #nnnnnnnn:32,ERd AND.L ERd,nnnnnnnn 6 ----nz0- |
7Cm074n0 *i B{I}OR #nn:8,@ERm OR C,{not} [ERm].n 6 -------c
7Cm075n0 *i B{I}XOR #nn:8,@ERm XOR C,{not} [ERm].n 6 -------c
7Cm076n0 *i B{I}AND #nn:8,@ERm AND C,{not} [ERm].n 6 -------c
7Cm077n0 *i B{I}LD #nn:8,@ERm MOV C,{not} [ERm].n 6 -------c
7Dm060n0 BSET RnB,@ERm SET [ERm].RnB 8 --------
7Dm061n0 BNOT RnB,@ERm NOT [ERm].RnB 8 --------
7Dm062n0 BCLR RnB,@ERm CLR [ERm].RnB 8 --------
7Dm063n0 BTST RnB,@ERm TST [ERm].RnB 8 -----z--
7Dm067n0 *i B{I}ST #nn:8,@ERm MOV [ERm].n,{not} C 8 --------
7Dm070n0 BSET #nn:8,@ERm SET [ERm].n 8 --------
7Dm071n0 BNOT #nn:8,@ERm NOT [ERm].n 8 --------
7Dm072n0 BCLR #nn:8,@ERm CLR [ERm].n 8 --------
7Dm073n0 BTST #nn:8,@ERm TST [ERm].n 8 -----z--
7Eaa74n0 *i B{I}OR #nn:8,@aa:8 OR C,{not} [FFaa].n 6 -------c
7Eaa75n0 *i B{I}XOR #nn:8,@aa:8 XOR C,{not} [FFaa].n 6 -------c
7Eaa76n0 *i B{I}AND #nn:8,@aa:8 AND C,{not} [FFaa].n 6 -------c
7Eaa77n0 *i B{I}LD #nn:8,@aa:8 MOV C,{not} [FFaa].n 6 -------c
7Faa60n0 BSET RnB,@aa:8 SET [FFaa].RnB 8 --------
7Faa61n0 BNOT RnB,@aa:8 NOT [FFaa].RnB 8 --------
7Faa62n0 BCLR RnB,@aa:8 CLR [FFaa].RnB 8 --------
7Faa63n0 BTST RnB,@aa:8 TST [FFaa].RnB 8 -----z--
7Faa67n0 *i B{I}ST #nn:8,@aa:8 MOV [FFaa].n,{not} C 8 --------
7Faa70n0 BSET #nn:8,@aa:8 SET [FFaa].n 8 --------
7Faa71n0 BNOT #nn:8,@aa:8 NOT [FFaa].n 8 --------
7Faa72n0 BCLR #nn:8,@aa:8 CLR [FFaa].n 8 --------
7Faa73n0 BTST #nn:8,@aa:8 TST [FFaa].n 8 -----z--
|
*i optional inverted source operand (when setting bit3 in the "n" digit) *s must have bit3 set in "s" digit *m must have bit3 set in "m" digit *? must have bit3 set-or-not-set (has conflicting info in official specs) E?Rs meant to be ERs (although official specs omit the E in some cases) E?Rd meant to be ERd (although official specs omit the E in some cases) xxxS meant to be Silent, no flags affected (although specs say Sign Extend) xxxX meant to mean Carry, or meant to mean nothing specific in other cases |
6DFn PUSH.W Rn ;MOV.W [ER7-],Rn 6D7n POP.W Rn ;MOV.W Rn,[ER7+] 01006DFn PUSH.L ERn ;MOV.L [ER7-],ERn 01006D7n POP.L ERn ;MOV.L ERn,[ER7+] |
---N/A--- MOV.L @aa:8,ERd MOV.L ERd,[FFaa] - ----nz0- ---N/A--- MOV.L ERs,@aa:8 MOV.L [FFaa],ERs - ----nz0- ---N/A--- MOV.W @aa:8,Rd MOV.W Rd,[FFaa] - ----nz0- ---N/A--- MOV.W Rs,@aa:8 MOV.W [FFaa],Rs - ----nz0- ---N/A--- SUB.B #nn:8,RdB SUB.B RdB,nn - --h-nzvc |
| DS Cart Unknown Extras |
typical Macronix ROM STMicroelectronics M25PE10 SPI FLASH memory, presumably 128K Broadcom BCM2070 Bluetooth controller 26MHz crystal oscillator |
NTR-UNSJ Japanese TV Tuner, with TV receiver NTR-UBRP Nintendo DS Brower, with RAM cart in GBA slot NTR-UAMA DS Vision Starter Kit, with microSD NTR-UEIJ Starry Sky Navigation, with azimuth NTR/TWL-Uxxx NAND carts (see NAND chapter) |
| DS Cart Cheat Action Replay DS |
ABCD-NNNNNNNN Game ID ;ASCII Gamecode [00Ch] and CRC32 across [0..1FFh] 00000000 XXXXXXXX manual hook codes (rarely used) (default is auto hook) 0XXXXXXX YYYYYYYY word[XXXXXXX+offset] = YYYYYYYY 1XXXXXXX 0000YYYY half[XXXXXXX+offset] = YYYY 2XXXXXXX 000000YY byte[XXXXXXX+offset] = YY 3XXXXXXX YYYYYYYY IF YYYYYYYY > word[XXXXXXX] ;unsigned ;\ 4XXXXXXX YYYYYYYY IF YYYYYYYY < word[XXXXXXX] ;unsigned ; for v1.54, 5XXXXXXX YYYYYYYY IF YYYYYYYY = word[XXXXXXX] ; when X=0, 6XXXXXXX YYYYYYYY IF YYYYYYYY <> word[XXXXXXX] ; uses 7XXXXXXX ZZZZYYYY IF YYYY > ((not ZZZZ) AND half[XXXXXXX]) ; [offset] 8XXXXXXX ZZZZYYYY IF YYYY < ((not ZZZZ) AND half[XXXXXXX]) ; instead of 9XXXXXXX ZZZZYYYY IF YYYY = ((not ZZZZ) AND half[XXXXXXX]) ; [XXXXXXX] AXXXXXXX ZZZZYYYY IF YYYY <> ((not ZZZZ) AND half[XXXXXXX]) ;/ BXXXXXXX 00000000 offset = word[XXXXXXX+offset] C0000000 YYYYYYYY FOR loopcount=0 to YYYYYYYY ;execute Y+1 times C4000000 00000000 offset = address of the C4000000 code ;v1.54 C5000000 XXXXYYYY counter=counter+1, IF (counter AND YYYY) = XXXX ;v1.54 C6000000 XXXXXXXX [XXXXXXXX]=offset ;v1.54 D0000000 00000000 ENDIF D1000000 00000000 NEXT loopcount D2000000 00000000 NEXT loopcount, and then FLUSH everything D3000000 XXXXXXXX offset = XXXXXXXX D4000000 XXXXXXXX datareg = datareg + XXXXXXXX D5000000 XXXXXXXX datareg = XXXXXXXX D6000000 XXXXXXXX word[XXXXXXXX+offset]=datareg, offset=offset+4 D7000000 XXXXXXXX half[XXXXXXXX+offset]=datareg, offset=offset+2 D8000000 XXXXXXXX byte[XXXXXXXX+offset]=datareg, offset=offset+1 D9000000 XXXXXXXX datareg = word[XXXXXXXX+offset] DA000000 XXXXXXXX datareg = half[XXXXXXXX+offset] DB000000 XXXXXXXX datareg = byte[XXXXXXXX+offset] ;bugged on pre-v1.54 DC000000 XXXXXXXX offset = offset + XXXXXXXX EXXXXXXX YYYYYYYY Copy YYYYYYYY parameter bytes to [XXXXXXXX+offset...] 44332211 88776655 parameter bytes 1..8 for above code (example) 0000AA99 00000000 parameter bytes 9..10 for above code (padded with 00s) FXXXXXXX YYYYYYYY Copy YYYYYYYY bytes from [offset..] to [XXXXXXX...] |
1st: Address used prior to launching game (eg. 23xxxxxh) 2nd: Address to write the hook at (inside the ARM7 executable) 3rd: Hook final address (huh?) 4th: Hook mode selection (0=auto, 1=mode1, 2=mode2) 5th: Opcode that replaces the hooked one (eg. E51DE004h) 6th: Address to store important stuff (default 23FE000h) 7th: Address to store the code handler (default 23FE074h) 8th: Address to store the code list (default 23FE564h) 9th: Must be 1 (00000001h) |
| DS Cart Cheat Codebreaker DS |
---Initialization--- 0000CR16 GAMECODE Specify Game ID, use Encrypted codes 8000CR16 GAMECODE Specify Game ID, use Unencrypted codes BEEFC0DE XXXXXXXX Change Encryption Keys A0XXXXXX YYYYYYYY Bootup-Hook 1, X=Address, Y=Value A8XXXXXX YYYYYYYY Bootup-Hook 2, X=Address, Y=Value F0XXXXXX TYYYYYYY Code-Hook 1 (T=Type,Y=CheatEngineAddr,X=HookAddr) F8XXXXXX TPPPPPPP Code-Hook 2 (T=Type,X=CheatEngineHookAddr,P=Params) ---General codes--- 00XXXXXX 000000YY [X]=YY 10XXXXXX 0000YYYY [X]=YYYY 20XXXXXX YYYYYYYY [X]=YYYYYYYY 60XXXXXX 000000YY ZZZZZZZZ 00000000 [[X]+Z]=YY 60XXXXXX 0000YYYY ZZZZZZZZ 10000000 [[X]+Z]=YYYY 60XXXXXX YYYYYYYY ZZZZZZZZ 20000000 [[X]+Z]=YYYYYYYY 30XXXXXX 000000YY [X]=[X] + YY 30XXXXXX 0001YYYY [X]=[X] + YYYY 38XXXXXX YYYYYYYY [X]=[X] + YYYYYYYY 70XXXXXX 000000YY [X]=[X] OR YY 70XXXXXX 001000YY [X]=[X] AND YY 70XXXXXX 002000YY [X]=[X] XOR YY 70XXXXXX 0001YYYY [X]=[X] OR YYYY 70XXXXXX 0011YYYY [X]=[X] AND YYYY 70XXXXXX 0021YYYY [X]=[X] XOR YYYY ---Memory fill/copy--- 40XXXXXX 2NUMSTEP 000000YY 000000ZZ byte[X+(0..NUM-1)*STEP*1]=Y+(0..NUM-1)*Z 40XXXXXX 1NUMSTEP 0000YYYY 0000ZZZZ half[X+(0..NUM-1)*STEP*2]=Y+(0..NUM-1)*Z 40XXXXXX 0NUMSTEP YYYYYYYY ZZZZZZZZ word[X+(0..NUM-1)*STEP*4]=Y+(0..NUM-1)*Z 50XXXXXX YYYYYYYY ZZZZZZZZ 00000000 copy Y bytes from [X] to [Z] ---Conditional codes (bugged)--- 60XXXXXX 000000YY ZZZZZZZZ 01c100VV IF [[X]+Z] .. VV THEN [[X]+Z]=YY 60XXXXXX 000000YY ZZZZZZZZ 01c0VVVV IF [[X]+Z] .. VVVV THEN [[X]+Z]=YY 60XXXXXX 0000YYYY ZZZZZZZZ 11c100VV IF [[X]+Z] .. VV THEN [[X]+Z]=YYYY 60XXXXXX 0000YYYY ZZZZZZZZ 11c0VVVV IF [[X]+Z] .. VVVV THEN [[X]+Z]=YYYY 60XXXXXX YYYYYYYY ZZZZZZZZ 21c100VV IF [[X]+Z] .. VV THEN [[X]+Z]=YYYYYYYY 60XXXXXX YYYYYYYY ZZZZZZZZ 21c0VVVV IF [[X]+Z] .. VVVV THEN [[X]+Z]=YYYYYYYY ---Conditional codes (working)--- D0XXXXXX NNc100YY IF [X] .. YY THEN exec max(1,NN) lines D0XXXXXX NNc0YYYY IF [X] .. YYYY THEN exec max(1,NN) lines |
0 IF [mem] = imm THEN ... 4 IF ([mem] AND imm) = 0 THEN ... 1 IF [mem] <> imm THEN ... 5 IF ([mem] AND imm) <> 0 THEN ... 2 IF [mem] < imm THEN ... (unsigned) 6 IF ([mem] AND imm) = imm THEN ... 3 IF [mem] > imm THEN ... (unsigned) 7 IF ([mem] AND imm) <> imm THEN ... |
GAMECODE Cartridge Header[00Ch] (32bit in reversed byte-order) CR16 Cartridge Header[15Eh] (16bit in normal byte-order) XXXXXX 27bit addr (actually 7 digits, XXXXXXX, overlaps 5bit code number) |
for i=4Fh to 00h
y=77628ECFh
if i>13h then y=59E5DC8Ah
if i>27h then y=054A7818h
if i>3Bh then y=B1BF0855h
address = (Key0-value) xor address
value = value - Key1 - (address ror 1Bh)
address = (address xor (value + y)) ror 13h
if (i>13h) then
if (i<=27h) or (i>3Bh) then x=Key2 xor Key1 xor Key0
else x=((Key2 xor Key1) and Key0) xor (Key1 and Key2)
value=value xor (x+y+address)
x = Secure[((i*4+00h) and FCh)+000h]
x = Secure[((i*4+34h) and FCh)+100h] xor x
x = Secure[((i*4+20h) and FCh)+200h] xor x
x = Secure[((i*4+08h) and FCh)+300h] xor x
address = address - (x ror 19h)
next i
|
Secure[0..7FFh] = Copy of the ENCRYPTED 1st 2Kbytes of the game's Secure Area Key0 = 0C2EAB3Eh, Key1 = E2AE295Dh, Key2 = E1ACC3FFh, Key3 = 70D3AF46h scramble_keys |
Key0 = Key0 + (XXXXXXXX ror 1Dh) Key1 = Key1 - (XXXXXXXX ror 05h) Key2 = Key2 xor (Key3 xor Key0) Key3 = Key3 xor (Key2 - Key1) scramble_keys |
for i=0 to FFh
y = byte(xlat_table[i])
Secure[i*4+000h] = (Secure[i*4+000h] xor Secure[y*4]) + Secure[y*4+100h]
Secure[i*4+400h] = (Secure[i*4+400h] xor Secure[y*4]) - Secure[y*4+200h]
next i
for i=0 to 63h
Key0 = Key0 xor (Secure[i*4] + Secure[i*4+190h])
Key1 = Key1 xor (Secure[i*4] + Secure[i*4+320h])
Key2 = Key2 xor (Secure[i*4] + Secure[i*4+4B0h])
Key3 = Key3 xor (Secure[i*4] + Secure[i*4+640h])
next i
Key0 = Key0 - Secure[7D0h]
Key1 = Key1 xor Secure[7E0h]
Key2 = Key2 + Secure[7F0h]
Key3 = Key3 xor Secure[7D0h] xor Secure[7F0h]
|
34h,59h,00h,32h,7Bh,D3h,32h,C9h,9Bh,77h,75h,44h,E0h,73h,46h,06h 0Bh,88h,B3h,3Eh,ACh,F2h,BAh,FBh,2Bh,56h,FEh,7Ah,90h,F7h,8Dh,BCh 8Bh,86h,9Ch,89h,00h,19h,CDh,4Ch,54h,30h,01h,93h,30h,01h,FCh,36h 4Dh,9Fh,FDh,D7h,32h,94h,AEh,BCh,2Bh,61h,DFh,B3h,44h,EAh,8Bh,A3h 2Bh,53h,33h,54h,42h,27h,21h,DFh,A9h,DDh,C0h,35h,58h,EFh,8Bh,33h B4h,D3h,1Bh,C7h,93h,AEh,32h,30h,F1h,CDh,A8h,8Ah,47h,8Ch,70h,0Ch 17h,4Eh,0Eh,A2h,85h,0Dh,6Eh,37h,4Ch,39h,1Fh,44h,98h,26h,D8h,A1h B6h,54h,F3h,AFh,98h,83h,74h,0Eh,13h,6Eh,F4h,F7h,86h,80h,ECh,8Eh EEh,4Ah,05h,A1h,F1h,EAh,B4h,D6h,B8h,65h,8Ah,39h,B3h,59h,11h,20h B6h,BBh,4Dh,88h,68h,24h,12h,9Bh,59h,38h,06h,FAh,15h,1Dh,40h,F0h 01h,77h,57h,F5h,5Dh,76h,E5h,F1h,51h,7Dh,B4h,FAh,7Eh,D6h,32h,4Fh 0Eh,C8h,61h,C1h,EEh,FBh,2Ah,FCh,ABh,EAh,97h,D5h,5Dh,E8h,FAh,2Ch 06h,CCh,86h,D2h,8Ch,10h,D7h,4Ah,CEh,8Fh,EBh,03h,16h,ADh,84h,98h F5h,88h,2Ah,18h,ACh,7Fh,F6h,94h,FBh,3Fh,00h,B6h,32h,A2h,ABh,28h 64h,5Ch,0Fh,C6h,23h,12h,0Ch,D2h,BAh,4Dh,A3h,F2h,C9h,86h,31h,57h 0Eh,F8h,ECh,E1h,A0h,9Ah,3Ch,65h,17h,18h,A0h,81h,D0h,DBh,D5h,AEh |
| DS Cart DLDI Driver |
00h 4 DLDI ID (EDh,A5h,8Dh,BFh) (aka BF8DA5EDh) ;\patching tools will
04h 8 DLDI String (20h,"Chishm",00h) ; refuse any other
0Ch 1 DLDI Version (01h in .dldi, don't care in .nds) ;/values
0Dh 1 Size of .dldi+BSS (rounded up to 1 SHL N bytes) (max 0Fh=32Kbytes)
0Eh 1 Sections to fix/destroy (see FIX_xxx)
0Fh 1 Space in .nds file (1 SHL N) (0Eh..0Fh in .nds, can be 0 in .dldi)
10h 48 ASCII Full Driver Name (max 47 chars, plus zero padding)
40h 4 Address of ALL start (text) ;-base address (BF800000h in .dldi)
44h 4 Address of ALL end (data) ;-for highly-unstable FIX_ALL addr.adjusts
48h 4 Address of GLUE start ;\for semi-stable FIX_GLUE addr.adjusts
4Ch 4 Address of GLUE end ;/ ("Interworking glue" for ARM-vs-THUMB)
50h 4 Address of GOT start ;\for semi-stable FIX_GOT addr.adjusts
54h 4 Address of GOT end ;/ ("Global Offset Table")
58h 4 Address of BSS start ;\for zerofilling "BSS" via FIX_BSS
5Ch 4 Address of BSS end ;/ ("Block Started by Symbol")
60h 4 ASCII Short Driver/Device Name (4 chars, eg. "MYHW" for MyHardware)
64h 4 Flags 2 (see FEATURE_xxx) (usually 13h=GbaSlot, or 23h=NdsSlot)
68h 4 Address of Function startup() ;<-- must be at offset +80h !! ;\
6Ch 4 Address of Function isInserted() ;out: 0=no/fail, 1=yes/okay ; all
70h 4 Address of Function readSectors(sector,numSectors,buf) ; return
74h 4 Address of Function writeSectors(sector,numSectors,buf) ; 0=fail,
78h 4 Address of Function clearStatus() ; 1=okay
7Ch 4 Address of Function shutdown() ;/
80h .. Driver Code (can/must begin with "startup()") ;\max 7F80h
.. .. Glue section (usually a small snippet within above code) ; bytes (when
.. .. GOT section (usually after above code) (pointer table) ; having 32K
.. .. BSS section (usually at end, may exceed .dldi filesize) ; allocated)
.. .. Optional two garbage NOPs at end of default.dldi ;/
|
0 FIX_ALL ;-installer uses highly-unstable guessing in whole dldi file 1 FIX_GLUE ;-installer uses semi-stable address guessing in GLUE area 2 FIX_GOT ;-installer uses semi-stable address guessing in GOT area 3 FIX_BSS ;-installer will zerofill BSS area 4-7 Reserved (0) |
0 FEATURE_MEDIUM_CANREAD 00000001h (usually set) 1 FEATURE_MEDIUM_CANWRITE 00000002h (a few carts can't write) 2-3 Reserved (0) 4 FEATURE_SLOT_GBA 00000010h (need EXMEMCNT bit7 adjusted) 5 FEATURE_SLOT_NDS 00000020h (need EXMEMCNT bit11 adjusted) 6-31 Reserved (0) |
dldi area should be located at a 40h-byte aligned address in ROM image. dldi area should be located in ARM9 (or ARM7) bootcode area. |
dldi[00h..0Bh] must contain DLDI ID word/string dldi[0Fh] must contain allocated size (0Eh=16Kbyte or 0Fh=32Kbyte) dldi[40h..43h] must contain RAM base address of DLDI block and other entries should contain valid dummy strings and dummy functions. |
dldi[0Fh] must be kept as in the old .nds file (not as in .dldi file) |
| DS Cart DLDI Driver - Guessed Address-Adjustments |
| DS Encryption by Gamecode/Idcode (KEY1) |
NDS.ARM7 ROM: 00000030h..00001077h (values 99 D5 20 5F ..) Blowfish/NDS-mode DSi.ARM9 ROM: FFFF99A0h..FFFFA9E7h (values 99 D5 20 5F ..) "" DSi.TCM Copy: 01FFC894h..01FFD8DBh (values 99 D5 20 5F ..) "" DSi.ARM7 ROM: 0000C6D0h..0000D717h (values 59 AA 56 8E ..) Blowfish/DSi-mode DSi.RAM Copy: 03FFC654h..03FFD69Bh (values 59 AA 56 8E ..) "" DSi.Debug: (stored in launcher) (values 69 63 52 05 ..) Blowfish/DSi-debug |
Y=[ptr+0]
X=[ptr+4]
FOR I=0 TO 0Fh (encrypt), or FOR I=11h TO 02h (decrypt)
Z=[keybuf+I*4] XOR X
X=[keybuf+048h+((Z SHR 24) AND FFh)*4]
X=[keybuf+448h+((Z SHR 16) AND FFh)*4] + X
X=[keybuf+848h+((Z SHR 8) AND FFh)*4] XOR X
X=[keybuf+C48h+((Z SHR 0) AND FFh)*4] + X
X=Y XOR X
Y=Z
NEXT I
[ptr+0]=X XOR [keybuf+40h] (encrypt), or [ptr+0]=X XOR [keybuf+4h] (decrypt)
[ptr+4]=Y XOR [keybuf+44h] (encrypt), or [ptr+4]=Y XOR [keybuf+0h] (decrypt)
|
encrypt_64bit(keycode+4)
encrypt_64bit(keycode+0)
[scratch]=0000000000000000h ;S=0 (64bit)
FOR I=0 TO 44h STEP 4 ;xor with reversed byte-order (bswap)
[keybuf+I]=[keybuf+I] XOR bswap_32bit([keycode+(I MOD modulo)])
NEXT I
FOR I=0 TO 1040h STEP 8
encrypt_64bit(scratch) ;encrypt S (64bit) by keybuf
[keybuf+I+0]=[scratch+4] ;write S to keybuf (first upper 32bit)
[keybuf+I+4]=[scratch+0] ;write S to keybuf (then lower 32bit)
NEXT I
|
if key=nds then copy [nds_arm7bios+0030h..1077h] to [keybuf+0..1047h] if key=dsi then copy [dsi_arm7bios+C6D0h..D717h] to [keybuf+0..1047h] [keycode+0]=[idcode] [keycode+4]=[idcode]/2 [keycode+8]=[idcode]*2 IF level>=1 THEN apply_keycode(modulo) ;first apply (always) IF level>=2 THEN apply_keycode(modulo) ;second apply (optional) [keycode+4]=[keycode+4]*2 [keycode+8]=[keycode+8]/2 IF level>=3 THEN apply_keycode(modulo) ;third apply (optional) |
init_keycode(firmware_header+08h,1,0Ch,nds) ;idcode (usually "MACP"), level 1 decrypt_64bit(firmware_header+18h) ;rominfo init_keycode(firmware_header+08h,2,0Ch,nds) ;idcode (usually "MACP"), level 2 decrypt ARM9 and ARM7 bootcode by decrypt_64bit (each 8 bytes) decompress ARM9 and ARM7 bootcode by LZ77 function (swi) calc CRC16 on decrypted/decompressed ARM9 bootcode followed by ARM7 bootcode |
init_keycode(cart_header+0Ch,1,08h,nds) ;gamecode, level 1, modulo 8 decrypt_64bit(cart_header+78h) ;rominfo (secure area disable) init_keycode(cart_header+0Ch,2,08h,nds) ;gamecode, level 2, modulo 8 encrypt_64bit all NDS KEY1 commands (1st command byte in MSB of 64bit value) after loading the secure_area, calculate secure_area crc, then decrypt_64bit(secure_area+0) ;first 8 bytes of secure area init_keycode(cart_header+0Ch,3,08h,nds) ;gamecode, level 3, modulo 8 decrypt_64bit(secure_area+0..7F8h) ;each 8 bytes in first 2K of secure init_keycode(cart_header+0Ch,1,08h,dsi) ;gamecode, level 1, modulo 8 encrypt_64bit all DSi KEY1 commands (1st command byte in MSB of 64bit value) |
| DS Encryption by Random Seed (KEY2) |
Seed0 = 58C56DE0E8h Seed1 = 5C879B9B05h |
Seed0 = (mmmnnn SHL 15)+6000h+Seedbyte Seed1 = 5C879B9B05h |
x = reversed_bit_order(seed0) ;ie. LSB(bit0) exchanged with MSB(bit38), etc. y = reversed_bit_order(seed1) |
x = (((x shr 5)xor(x shr 17)xor(x shr 18)xor(x shr 31)) and 0FFh)+(x shl 8) y = (((y shr 5)xor(y shr 23)xor(y shr 18)xor(y shr 31)) and 0FFh)+(y shl 8) data = (data xor x xor y) and 0FFh |
| DS Firmware Serial Flash Memory |
Chips used as wifi-flash: ID 20h,40h,12h - ST M45PE20 - 256 KBytes (Nintendo DS) (in my old DS) ID 20h,50h,12h - ST M35PE20 - 256 KBytes (Nintendo DS) (in my DS-Lite) ID 20h,80h,13h - ST M25PE40 - 512 KBytes (iQue DS, with chinese charset) ID 20h,40h,11h - ST 45PE10V6 - 128 Kbytes (Nintendo DSi) (in my DSi) ID 20h,58h,0Ch?- 5A32 - 4 Kbytes (Nintendo DSi, newer models) ID ? - 26FV032T - (Nintendo DSi, J27H020) (this has big package) ID ? - 5K32 - (3DS?) ID 62h,62h,0Ch - 32B, 3XH - 4 Kbytes (New3DS) Other similar chips (used in game cartridges): ID 20h,40h,13h - ST 45PE40V6 - 512 KBytes (DS Zelda, NTR-AZEP-0) ID 20h,40h,14h - ST 45PE80V6 - 1024 Kbytes (eg. Spirit Tracks, NTR-BKIP) +ID 62h,11h,00h - Sanyo ? - 512 Kbytes (P-Letter Diamond, ADAE) ID 62h,16h,00h - Sanyo LE25FW203T - 256 KBytes (Mariokart backup) +ID 62h,26h,11h - Sanyo ? - ? Kbytes (3DS: CTR-P-AXXJ) +ID 62h,26h,13h - Sanyo ? - ? Kbytes (3DS: CTR-P-APDJ) ID C2h,22h,11h - Macronix MX25L1021E? 128 Kbytes (eg. 3DS Starfox) ID C2h,22h,13h - Macronix ...? 512 Kbytes (eg. 3DS Kid Icarus, 3DS Sims 3) ID C2h,20h,17h - Macronix MX25L6445EZNI-10G 8192 Kbytes (DSi Art Academy) ID 01h,F0h,00h - Garbage/Infrared on SPI-bus? (eg. P-Letter White) ID 03h,F8h,00h - Garbage/Infrared on SPI-bus? (eg. P-Letter White 2) |
06h WREN Write Enable (No Parameters)
04h WRDI Write Disable (No Parameters)
9Fh RDID Read JEDEC Identification (Read 1..3 ID Bytes)
(Manufacturer, Device Type, Capacity)
05h RDSR Read Status Register (Read Status Register, endless repeated)
Bit7-2 Not used (zero)
Bit1 WEL Write Enable Latch (0=No, 1=Enable)
Bit0 WIP Write/Program/Erase in Progess (0=No, 1=Busy)
03h READ Read Data Bytes (Write 3-Byte-Address, read endless data stream)
0Bh FAST Read Data Bytes at Higher Speed (Write 3-Byte-Address, write 1
dummy-byte, read endless data stream) (max 25Mbit/s)
0Ah PW Page Write (Write 3-Byte-Address, write 1..256 data bytes)
(changing bits to 0 or 1) (reads unchanged data, erases the page,
then writes new & unchanged data) (11ms typ, 25ms max)
02h PP Page Program (Write 3-Byte-Address, write 1..256 data bytes)
(changing bits from 1 to 0) (1.2ms typ, 5ms max)
DBh PE Page Erase 100h bytes (Write 3-Byte-Address) (10ms typ, 20ms max)
D8h SE Sector Erase 10000h bytes (Write 3-Byte-Address) (1s typ, 5s max)
B9h DP Deep Power-down (No Parameters) (consumption 1uA typ, 10uA max)
(3us) (ignores all further instructions, except RDP)
ABh RDP Release from Deep Power-down (No Parameters) (30us)
|
Set Chip Select LOW to invoke the command Transmit the instruction byte Transmit any parameter bytes Transmit/receive any data bytes Set Chip Select HIGH to finish the command |
000000h..0002FFh Writeable only if /WP=HIGH (otherwise writes are ignored) 000300h..01F2FFh Not writeable (FFh-filled, writes are ignored) 01F300h..01FFFFh Writeable 020000h and up Mirrors of 0..01FFFFh (same read/write-ability as above) |
1 D Serial Data In (latched at rising clock edge) _________ 2 C Serial Clock (max 25MHz) /|o | 3 /RES Reset 1 -| | |- 8 4 /S Chip Select (instructions start at falling edge) 2 -| | |- 7 5 /W Write Protect (makes first 256 pages read-only) 3 -| |_________|- 6 6 VCC Supply (2.7V..3.6V typ) (4V max) (DS:VDD3.3) 4 -|/ |- 5 7 VSS Ground |___________| 8 Q Serial Data Out (changes at falling clock edge) |
1 /S Chip Select (instructions start at falling edge) ___________ 2 Q Serial Data Out (changes at falling clock edge) 1 -| o |- 8 3 /W Write Protect (makes first pages read-only) 2 -| |- 7 4 VSS Ground 3 -| |- 6 5 D Serial Data In (latched at rising clock edge) 4 -|___________|- 5 6 C Serial Clock 7 /RES Reset 8 VCC Supply (2.7V..3.6V typ) (DSi: VDD33) |
| DS Firmware Header |
00000h-00029h Firmware Header 0002Ah-001FFh Wifi Settings 00200h-3F9FFh Firmware Code/Data ;-NDS only (not DSi) 00200h-002FEh 00h-filled ;\ 002FFh 80h ; 00300h-1F2FFh FFh-filled (not write-able on 4K chips) ; DSi only (not NDS) 1F300h-1F3FEh FFh-filled (write-able) ; 1F3FFh Whatever Debug/Bootflags ; 1F400h-1F5FFh Wifi Access Point 4 ;\with WPA/WPA2 ; 1F600h-1F7FFh Wifi Access Point 5 ; support ; 1F800h-1F9FFh Wifi Access Point 6 ;/ ;/ 3FA00h-3FAFFh Wifi Access Point 1 ;\ 3FB00h-3FBFFh Wifi Access Point 2 ; Open/WEP only 3FC00h-3FCFFh Wifi Access Point 3 ;/ 3FD00h-3FDFFh Not used 3FE00h-3FEFFh User Settings Area 1 3FF00h-3FFFFh User Settings Area 2 |
Addr Size Expl.
000h 2 part3 romaddr/8 (arm9 gui code) (LZ/huffman compression)
002h 2 part4 romaddr/8 (arm7 wifi code) (LZ/huffman compression)
004h 2 part3/4 CRC16 arm9/7 gui/wifi code
006h 2 part1/2 CRC16 arm9/7 boot code
008h 4 firmware identifier (usually nintendo "MAC",nn) (or nocash "XBOO")
the 4th byte (nn) occassionally changes in different versions
00Ch 2 part1 arm9 boot code romaddr/2^(2+shift1) (LZSS compressed)
00Eh 2 part1 arm9 boot code 2800000h-ramaddr/2^(2+shift2)
010h 2 part2 arm7 boot code romaddr/2^(2+shift3) (LZSS compressed)
012h 2 part2 arm7 boot code 3810000h-ramaddr/2^(2+shift4)
014h 2 shift amounts, bit0-2=shift1, bit3-5=shift2, bit6-8=shift3,
bit9-11=shift4, bit12-15=firmware_chipsize/128K
016h 2 part5 data/gfx romaddr/8 (LZ/huffman compression)
018h 8 Optional KEY1-encrypted "enPngOFF"=Cartridge KEY2 Disable
(feature isn't used in any consoles, instead contains timestamp)
018h 5 Firmware version built timestamp (BCD minute,hour,day,month,year)
01Dh 1 Console type
FFh=Nintendo DS
20h=Nintendo DS-lite
57h=Nintendo DSi (also iQueDSi)
43h=iQueDS
63h=iQueDS-lite
The entry was unused (FFh) in older NDS, ie. replace FFh by 00h)
Bit0 seems to be DSi/iQue related
Bit1 seems to be DSi/iQue related
Bit2 seems to be DSi related
Bit3 zero
Bit4 seems to be DSi related
Bit5 seems to be DS-Lite related
Bit6 indicates presence of "extended" user settings (DSi/iQue)
Bit7 zero
01Eh 2 Unused (FFh-filled)
020h 2 User Settings Offset (div8) (usually last 200h flash bytes)
022h 2 Unknown (7EC0h or 0B51h)
024h 2 Unknown (7E40h or 0DB3h)
026h 2 part5 CRC16 data/gfx
028h 2 unused (FFh-filled)
02Ah-1FFh Wifi Calibration Data (see next chapter)
|
000h 1Dh Zerofilled (bootcode is in new eMMC chip, not on old FLASH chip) 01Dh 6 Same as on DS (header: Console Type and User Settings Offset) 022h 6 Zerofilled (bootcode is in new eMMC chip, not on old FLASH chip) 028h..1FCh Same as on DS (wifi calibration) 1FDh 1 Wifi Board (01h=DWM-W015, 02h=W024, 03h=W028) ;\this was 1FEh 1 Wifi Flash (20h=With access point 4/5/6) ; FFh-filled 1FFh 1 Same as on DS (FFh) ;/on DS 200h FFh Zerofilled ;\ 2FFh 1 Unknown (80h) ; this was 300h 1F000h FFh's (not write-able on 4K chips) ; bootcode 1F300h FFh FFh's (write-able) ;twl-debugger: 00h's ; on DS 1F3FFh 1 FFh ;twl-debugger: 40h ;/ |
| DS Firmware Wifi Calibration Data |
Addr Size Expl.
000h-029h Firmware Header (see previous chapter)
02Ah 2 CRC16 (with initial value 0) of [2Ch..2Ch+config_length-1]
02Ch 2 config_length (usually 0138h, ie. entries 2Ch..163h)
02Eh 1 Unused (00h)
02Fh 1 Version (0=v1..v4, 3=v5, 5=v6..v7,6=W006,15=W015,24=W024,34=N3DS)
030h 6 Unused (00h-filled) (DS-Lite and DSi: FF,FF,FF,FF,FF,00)
036h 6 48bit MAC address (v1-v5: 0009BFxxxxxx, v6-v7: 001656xxxxxx)
03Ch 2 list of enabled channels ANDed with 7FFE (Bit1..14 = Channel 1..14)
(usually 3FFEh, ie. only channel 1..13 enabled)
03Eh 2 Whatever Flags (usually FFFFh)
040h 1 RF Chip Type (NDS: usually 02h) (DS-Lite and DSi/3DS: usually 03h)
041h 1 RF Bits per entry at 0CEh (usually 18h=24bit=3byte) (Bit7=?)
042h 1 RF Number of entries at 0CEh (usually 0Ch)
043h 1 Unknown (usually 01h)
044h 2 Initial Value for [4808146h] ;W_CONFIG_146h
046h 2 Initial Value for [4808148h] ;W_CONFIG_148h
048h 2 Initial Value for [480814Ah] ;W_CONFIG_14Ah
04Ah 2 Initial Value for [480814Ch] ;W_CONFIG_14Ch
04Ch 2 Initial Value for [4808120h] ;W_CONFIG_120h
04Eh 2 Initial Value for [4808122h] ;W_CONFIG_122h
050h 2 Initial Value for [4808154h] ;W_CONFIG_154h
052h 2 Initial Value for [4808144h] ;W_CONFIG_144h
054h 2 Initial Value for [4808130h] ;W_CONFIG_130h
056h 2 Initial Value for [4808132h] ;W_CONFIG_132h
058h 2 Initial Value for [4808140h] ;W_CONFIG_140h ;maybe ACK timeout?
05Ah 2 Initial Value for [4808142h] ;W_CONFIG_142h
05Ch 2 Initial Value for [4808038h] ;W_POWER_TX
05Eh 2 Initial Value for [4808124h] ;W_CONFIG_124h
060h 2 Initial Value for [4808128h] ;W_CONFIG_128h
062h 2 Initial Value for [4808150h] ;W_CONFIG_150h
064h 69h Initial 8bit values for BB[0..68h]
0CDh 1 Unused (00h)
|
0CEh 24h Initial 24bit values for RF[0,4,5,6,7,8,9,0Ah,0Bh,1,2,3] 0F2h 54h Channel 1..14 2x24bit values for RF[5,6] 146h 0Eh Channel 1..14 8bit values for BB[1Eh] (usually somewhat B1h..B7h) 154h 0Eh Channel 1..14 8bit values for RF[9].Bit10..14 (usually 10h-filled) |
--- Type3 values are originated at 0CEh, following addresses depend on: --- 1) number of initial values, found at [042h] ;usually 29h 2) number of BB indices, found at [0CEh+[042h]] ;usually 02h 3) number of RF indices, found at [043h] ;usually 02h --- Below example addresses assume above values to be set to 29h,02h,02h --- 0CEh 29h Initial 8bit values for RF[0..28h] 0F7h 1 Number of BB indices per channel 0F8h 1 1st BB index 0F9h 14 1st BB data for channel 1..14 107h 1 2nd BB index 108h 14 2nd BB data for channel 1..14 116h 1 1st RF index 117h 14 1st RF data for channel 1..14 125h 1 2nd RF index 126h 14 2nd RF data for channel 1..14 134h 46 Unused (FFh-filled) |
162h 1 Unknown (usually 19h..1Ch) 163h 1 Unused (FFh) (Inside CRC16 region, with config_length=138h) 164h 99h Unused (FFh-filled) (Outside CRC16 region, with config_length=138h) 1FDh 1 DSi/3DS Wifi Board (01h=W015, 02h=W024, 03h=W028);\this was 1FEh 1 DSi/3DS Wifi Flash (20h=With access point 4/5/6) ; FFh-filled on DS 1FFh 1 DSi/3DS Same as on DS (FFh) ;/ |
| DS Firmware Wifi Internet Access Points |
Addr Siz Expl.
000h 64 Unknown (usually 00h-filled) (no Proxy supported on NDS)
040h 32 SSID (ASCII name of the access point) (padded with 00h's)
060h 32 SSID for WEP64 on AOSS router (each security level has its own SSID)
080h 16 WEP Key 1 (for type/size, see entry E6h)
090h 16 WEP Key 2 ;\
0A0h 16 WEP Key 3 ; (usually 00h-filled)
0B0h 16 WEP Key 4 ;/
0C0h 4 IP Address (0=Auto/DHCP)
0C4h 4 Gateway (0=Auto/DHCP)
0C8h 4 Primary DNS Server (0=Auto/DHCP)
0CCh 4 Secondary DNS Server (0=Auto/DHCP)
0D0h 1 Subnet Mask (0=Auto/DHCP, 1..1Ch=Leading Ones) (eg. 6 = FC.00.00.00)
0D1h .. Unknown (usually 00h-filled)
0E6h 1 WEP Mode (0=None, 1/2/3=5/13/16 byte hex, 5/6/7=5/13/16 byte ascii)
0E7h 1 Status (00h=Normal, 01h=AOSS, FFh=connection not configured/deleted)
0E8h 1 Zero (not SSID Length, ie. unlike as entry 4,5,6 on DSi)
0E9h 1 Unknown (usually 00h)
0EAh 2 DSi only: MTU (Max transmission unit) (576..1500, usually 1400)
0ECh 3 Unknown (usually 00h-filled)
0EFh 1 bit0/1/2 - connection 1/2/3 (1=Configured, 0=Not configured)
0F0h 6 Nintendo Wifi Connection (WFC) 43bit User ID
(ID=([F0h] AND 07FFFFFFFFFFh)*1000, shown as decimal string
NNNN-NNNN-NNNN-N000) (the upper 5bit of the last byte are
containing additional/unknown nonzero data)
0F6h 8 Unknown (nonzero stuff !?!)
0FEh 2 CRC16 for Entries 000h..0FDh (with initial value 0000h)
|
Addr Siz Expl. 000h 32 Proxy Authentication Username (ASCII string, padded with 00's) 000h 32 Proxy Authentication Password (ASCII string, padded with 00's) 040h 32 SSID (ASCII string, padded with 00's) (see [0E8h] for length) 060h .. Maybe same as NDS 080h 16 WEP Key (zerofilled for WPA) 0xxh .. Maybe same as NDS 0C0h 4 IP Address (0=Auto/DHCP) 0C4h 4 Gateway (0=Auto/DHCP) 0C8h 4 Primary DNS Server (0=Auto/DHCP) 0CCh 4 Secondary DNS Server (0=Auto/DHCP) 0D0h 1 Subnet Mask (0=Auto/DHCP, 1..1Ch=Leading Ones) (eg. 6 = FC.00.00.00) 0D1h .. Unknown (zerofilled) 0E6h 1 WEP (00h=None/WPA/WPA2, 01h/02h/03h/05h/06h/07h=WEP, same as NDS) 0E7h 1 WPA (00h=Normal, 10h=WPA/WPA2, 13h=WPS+WPA/WPA2, FFh=unused/deleted) 0E8h 1 SSID Length in characters (01h..20h, or 00h=unused) 0E9h 1 Unknown (usually 00h) 0EAh 2 MTU Value (Max transmission unit) (576..1500, usually 1400) 0ECh 3 Unknown (usually 00h-filled) 0EFh 1 bit0/1/2 - connection 4/5/6 (1=Configured, 0=Not configured) 0F0h 14 Zerofilled (or maybe ID as on NDS, if any such ID exists for DSi?) 0FEh 2 CRC16 for Entries 000h..0FDh (with initial value 0000h) 100h 32 Precomputed PSK (based on WPA/WPA2 password and SSID) ;\all zero 120h 64 WPA/WPA2 password (ASCII string, padded with 00's) ;/for WEP 160h 33 Zerofilled 181h 1 WPA (0=None/WEP, 4=WPA-TKIP, 5=WPA2-TKIP, 6=WPA-AES, 7=WPA2-AES) 182h 1 Proxy Enable (00h=None, 01h=Yes) 183h 1 Proxy Authentication (00h=None, 01h=Yes) 184h 48 Proxy Name (ASCII string, max 47 chars, padded with 00's) 1B4h 52 Zerofilled 1E8h 2 Proxy Port (16bit) 1EAh 20 Zerofilled 1FEh 2 CRC16 for Entries 100h..1FDh (with initial value 0000h) (0=deleted) |
| DS Firmware User Settings |
Addr Size Expl. 000h 2 Version (5) (Always 5, for all NDS/DSi Firmware versions) 002h 1 Favorite color (0..15) (0=Gray, 1=Brown, etc.) 003h 1 Birthday month (1..12) (Binary, non-BCD) 004h 1 Birthday day (1..31) (Binary, non-BCD) 005h 1 Not used (zero) 006h 20 Nickname string in UTF-16 format 01Ah 2 Nickname length in characters (0..10) 01Ch 52 Message string in UTF-16 format 050h 2 Message length in characters (0..26) 052h 1 Alarm hour (0..23) (Binary, non-BCD) 053h 1 Alarm minute (0..59) (Binary, non-BCD) 054h 2 056h 1 80h=enable alarm (huh?), bit 0..6=enable? 057h 1 Zero (1 byte) 058h 2x2 Touch-screen calibration point (adc.x1,y1) 12bit ADC-position 05Ch 2x1 Touch-screen calibration point (scr.x1,y1) 8bit pixel-position 05Eh 2x2 Touch-screen calibration point (adc.x2,y2) 12bit ADC-position 062h 2x1 Touch-screen calibration point (scr.x2,y2) 8bit pixel-position 064h 2 Language and Flags (see below) 066h 1 Year (2000..2255) (when having entered date in the boot menu) 067h 1 Unknown (usually 00h...08h or 78h..7Fh or so) 068h 4 RTC Offset (difference in seconds when RTC time/date was changed) 06Ch 4 Not used (FFh-filled, sometimes 00h-filled) (=MSBs of above?) |
070h 2 Update counter (used to check latest) (must be 0000h..007Fh) 072h 2 CRC16 of entries 00h..6Fh (70h bytes) 074h 8Ch Not used (FFh-filled) (or extended data, see below) |
074h 1 Unknown (01h) (maybe version?)
075h 1 Extended Language (0..5=Same as Entry 064h, plus 6=Chinese)
(for language 6, entry 064h defaults to english; for compatibility)
(for language 0..5, both entries 064h and 075h have same value)
076h 2 Bitmask for Supported Languages (Bit0..6)
(007Eh for iQue DS, ie. with chinese, but without japanese)
(0042h for iQue DSi, chinese (and english, but only for NDS mode))
(003Eh for DSi/EUR, ie. without chinese, and without japanese)
078h 86h Not used (FFh-filled on iQue DS, 00h-filled on DSi)
0FEh 2 CRC16 of entries 74h..FDh (8Ah bytes)
|
0..2 Language (0=Japanese, 1=English, 2=French, 3=German,
4=Italian, 5=Spanish, 6..7=Reserved) (for Chinese see Entry 075h)
(the language setting also implies time/data format)
3 GBA mode screen selection (0=Upper, 1=Lower)
4-5 Backlight Level (0..3=Low,Med,High,Max) (DS-Lite only)
6 Bootmenu Disable (0=Manual/bootmenu, 1=Autostart Cartridge)
7-8 ?
9 Settings Lost (1=Prompt for User Info, and Language, and Calibration)
10 Settings Okay (0=Prompt for User Info)
11 Settings Okay (0=Prompt for User Info) (Same as Bit10)
12 No function
13 Settings Okay (0=Prompt for User Info, and Language)
14 Settings Okay (0=Prompt for User Info) (Same as Bit10)
15 Settings Okay (0=Prompt for User Info) (Same as Bit10)
|
IF count1=((count0+1) AND 7Fh) THEN area1=newer ELSE area0=newer |
| DS Firmware Extended Settings |
Addr Siz Expl.
00h 8 ID "XbooInfo"
08h 2 CRC16 Value [0Ch..0Ch+Length-1]
0Ah 2 CRC16 Length (from 0Ch and up)
0Ch 1 Version (currently 01h)
0Dh 1 Update Count (newer = (older+1) AND FFh)
0Eh 1 Bootmenu Flags
Bit6 Important Info (0=Disable, 1=Enable)
Bit7 Bootmenu Screen (0=Upper, 1=Lower)
0Fh 1 GBA Border (0=Black, 1=Gray Line)
10h 2 Temperature Calibration TP0 ADC value (x16) (sum of 16 ADC values)
12h 2 Temperature Calibration TP1 ADC value (x16) (sum of 16 ADC values)
14h 2 Temperature Calibration Degrees Kelvin (x100) (0=none)
16h 1 Temperature Flags
Bit0-1 Format (0=Celsius, 1=Fahrenheit, 2=Reaumur, 3=Kelvin)
17h 1 Backlight Intensity (0=0ff .. FFh=Full)
18h 4 Date Century Offset (currently 20, for years 2000..2099)
1Ch 1 Date Month Recovery Value (1..12)
1Dh 1 Date Day Recovery Value (1..31)
1Eh 1 Date Year Recovery Value (0..99)
1Fh 1 Date/Time Flags
Bit0-1 Date Format (0=YYYY-MM-DD, 1=MM-DD-YYYY, 2=DD-MM-YYYY)
Bit2 Friendly Date (0=Raw Numeric, 1=With Day/Month Names)
Bit5 Time DST (0=Hide DST, 1=Show DST=On/Off)
Bit6 Time Seconds (0=Hide Seconds, 1=Show Seconds)
Bit7 Time Format (0=24 hour, 1=12 hour)
20h 1 Date Separator (Ascii, usually Slash, or Dot)
21h 1 Time Separator (Ascii, usually Colon, or Dot)
22h 1 Decimal Separator (Ascii, usually Comma, or Dot)
23h 1 Thousands Separator (Ascii, usually Comma, or Dot)
24h 1 Daylight Saving Time (Nth)
Bit 0-3 Activate on (0..4 = Last,1st,2nd,3rd,4th)
Bit 4-7 Deactivate on (0..4 = Last,1st,2nd,3rd,4th)
25h 1 Daylight Saving Time (Day)
Bit 0-3 Activate on (0..7 = Mon,Tue,Wed,Thu,Fri,Sat,Sun,AnyDay)
Bit 4-7 Deactivate on (0..7 = Mon,Tue,Wed,Thu,Fri,Sat,Sun,AnyDay)
26h 1 Daylight Saving Time (of Month)
Bit 0-3 Activate DST in Month (1..12)
Bit 4-7 Deactivate DST in Month (1..12)
27h 1 Daylight Saving Time (Flags)
Bit 0 Current DST State (0=Off, 1=On)
Bit 1 Adjust DST Enable (0=Disable, 1=Enable)
|
| DS File Formats |
| DS Files - Text Messages (MESG) |
000h 8 ID "MESGbmg1" ;or "GSEM1gmb" in Super Mario 64 DS 008h 4 Total Filesize ;or Filesize+1 in Super Mario 64 DS 00Ch 4 Number of Chunks (2=INF1+DAT1, 3=INF1+DAT1+MID1) 010h 1 Encoding (1=CP1252, 2=UTF-16, 3=Shift-JIS, 4=UTF-8) 011h 15 Padding (0) |
000h 4 Chunk ID "INF1" ;or "1FNI" in Super Mario 64 DS 004h 4 Chunk Size 008h 2 Number of messages (N) 00Ah 2 Size of each INF data in bytes ;or in BITs in Super Mario 64 DS 00Ch 4 "BMG file ID = ID for this BMG file (usually 0)" 010h N*siz Message Info (32bit offset from DAT1+8, and optional attributes) |
000h 4 Offset to the message (after DAT1+8 section header) 004h siz-4 Attributes/flags (if entrysize is bigger than 4 bytes) |
000h 4 Chunk ID "DAT1" ;or "1TAD" in Super Mario 64 DS 004h 4 Chunk Size ;or Size+1 in Super Mario 64 DS 008h .. Message strings (usually UTF-16, depending on Encoding in header) |
0000 End of String (except inside Escape sequences)
000A Linebreak
001A,nn,command,parameters Escape Sequences (nn=length in bytes)
001A,08,00,0000,00xx Set font size (64h=100%=Normal Size)
001A,08,00,0001,00xx Set text color to xx
001A,08,01,0000,24xx Draw Unicode char U+2460..246E ;"(1)"..("15)"
001A,08,01,0000,xxxx Draw Unicode char U+E068..F12B ;custom?
001A,06,02,0000 Draw Name of current player
001A,0A,02,0010,000x,000w Draw Integer from index x with w digits
001A,08,02,0011,00xx Unknown (with xx=0..8)
001A,08,02,0012,0000 Draw Name of a player
001A,08,02,0013,0000 Unknown
001A,08,02,0014,0000 Unknown
001A,08,02,0015,0000 Unknown
001A,0A,02,0016,0000,0000 Unknown
001A,08,02,0017,0000 Unknown
001A,08,02,0020,0000 Draw Name of a Wii friend
001A,08,03,0010,0000 Unknown
001A,0C,04,0000,000x,yyyy,zzzz Unknown (x=0..1, y=0524..14A4, and z=y+1)
0025,00xx,00yy,00zz Escape codes in form of "%xyz" (or similar)
00xx ASCII Characters 20h..7Eh
E0xx Custom button symbols (eg. in DSi Launcher)
|
0D Linebreak? 10..1F Escape codes? xx,xx Unknown (doesn't really look like english Shift-JIS characters) FF End of String |
000h 4 Chunk ID "MID1" 004h 4 Chunk Size 008h 2 Number of messages (same as in INF1 block) 00Ah 2 Unknown (usually 1000h) 00Ch 4 Padding (0) 010h 4*N Message IDs |
| DS Files - Text Manuals |
000h 4 ID "NTLI" 004h 2 Byte Order (FEFFh) 006h 2 Version (can be 0200h) 008h 4 Total Filesize 00Ch 2 Header Size (10h) 00Eh 4 Number of Chunks (usually 1 = mtl1) |
000h 4 Chunk ID "mtl1" 004h 4 Chunk Size 008h 4 Number of supported languages 00Ch 2*N Language IDs (two-letter ASCII spelled backwards) |
000h 4 ID "NTMC" 004h 2 Byte Order (FEFFh) 006h 2 Version (can be 0200h) 008h 4 Total Filesize 00Ch 2 Header Size (10h) 00Eh 4 Number of Chunks (usually 3 = nap1+txp1+mtc1) |
000h 4 Chunk ID "nap1" 004h 4 Chunk Size 008h 4 Number of chapters (aka pages) minus 1? (eg. 18h=19h) 00Ch 4*N Offsets to filenames (from nap+0Ch) ... .. Filenames (ASCII, terminated by 00h) |
000h 4 Chunk ID "txp1" 004h 4 Chunk Size 008h 4 Number of something?? minus 1 (eg. 25h=26h) 00Ch 4*N Offsets to something?? (from txp1+0Ch) ... .. Somewhat corrupt UTF-16 strings (many aborted with char 20xxh) |
000h 4 Chunk ID "mtc1" 004h 4 Chunk Size 008h 4 Number of dunno what (eg. 0Dh=Much more?) 00Ch 2*? 16bit Indices in txp1? (eg. 0000h..0025h) |
000h 4 ID "NTPC" 004h 2 Byte Order (FEFFh) 006h 2 Version (can be 0200h) 008h 4 Total Filesize 00Ch 2 Header Size (10h) 00Eh 4 Number of Chunks (usually 7 = nap1+txp1+pag1+pan1+pas1+txt1+pae1) |
000h 4 Chunk ID "nap1" 004h 4 Chunk Size (10h) 008h 4 Zero (unlike as in NTMC file) 00Ch 4 Unknown (4) |
000h 4 Chunk ID "txp1" 004h 4 Chunk Size 008h 4 Number of something?? minus 1 (eg. 02h=03h) 00Ch 4*N Offsets to something?? (from txp1+0Ch) ... .. UTF-16 strings (Headline, Body, Footer?) |
000h 4 Chunk ID "pag1" 004h 4 Chunk Size (10h) 008h 2? 0000h text color black? 00Ah 2? 0160h link color or so? 00Ch 2? 7FFFh bg color white? 00Eh 2? 0000h |
000h 4 Chunk ID "pan1" 004h 4 Chunk Size (10h) 008h 2? 0000h 00Ah 2? 0000h 00Ch 2? 0100h 00Eh 2? 0160h link color or so? |
000h 4 Chunk ID "pan1" 004h 4 Chunk Size (0Ch) 008h 4? 00000001h |
000h 4 Chunk ID "txt1"
004h 4 Chunk Size
008h 2? 0008h
00Ah 2? 0008h
00Ch 2? 00F0h
00Eh 2? 0150h
010h 2? 0001h
012h 2? 0015h Number of 8-byte entries? start/end line-wrapping list?
014h 2? 000Dh
016h 2? 0010h
018h 4? 00000000h
01Ch 4? 00001CE7h
020h 4? 00000000h
024h 4? 00000000h
028h N*8 Unknown 8-byte entries? (00xxh,0010h,0000h,00yyh)
Or maybe positioning for symbols/images/tables?
|
000h 4 Chunk ID "pae1" 004h 4 Chunk Size (08h) |
000h 2 Bitmap Width in bytes (eg. 0Fh, 10h, 14h, 40h, 60h) 002h 2 Bitmap Height (eg. 12h, 0Eh, 14h, 30h, 47h) 004h 1 Unknown (04h) (maybe color depth) 005h 1 Unknown (00h or 01h) (often same as [007h], but not always) 006h 2 Number of Palette entries (usually 10h, 80h, or 100h) 008h 8 Zerofilled 010h .. Palette data (with 16bit values in range 0000h..7FFFh) ... .. Bitmap data (seems to be always 8bpp) |
| DS Wireless Communications |
| DS Wifi I/O Map |
Address Dir Name r/w [Init] Description 4808000h R W_ID ---- [1440] Chip ID (1440h=DS, C340h=DS-Lite) 4808004h R/W W_MODE_RST 9fff [0000] Mode/Reset 4808006h R/W W_MODE_WEP --7f [0000] Mode/Wep modes 4808008h R/W W_TXSTATCNT ffff [0000] Beacon Status Request 480800Ah R/W W_X_00Ah ffff [0000] [bit7 - ingore rx duplicates] 4808010h R/W W_IF ackk [0000] Wifi Interrupt Request Flags 4808012h R/W W_IE ffff [0000] Wifi Interrupt Enable 4808018h R/W W_MACADDR_0 ffff [0000] Hardware MAC Address, 1st 2 bytes 480801Ah R/W W_MACADDR_1 ffff [0000] Hardware MAC Address, next 2 bytes 480801Ch R/W W_MACADDR_2 ffff [0000] Hardware MAC Address, last 2 bytes 4808020h R/W W_BSSID_0 ffff [0000] BSSID (first 2 bytes) 4808022h R/W W_BSSID_1 ffff [0000] BSSID (next 2 bytes) 4808024h R/W W_BSSID_2 ffff [0000] BSSID (last 2 bytes) 4808028h R/W W_AID_LOW ---f [0000] usually as lower 4bit of AID value 480802Ah R/W W_AID_FULL -7ff [0000] AID value assigned by a BSS. 480802Ch R/W W_TX_RETRYLIMIT ffff [0707] Tx Retry Limit (set from 00h-FFh) 480802Eh R/W W_INTERNAL ---1 [0000] 4808030h R/W W_RXCNT ff0e [0000] Receive control 4808032h R/W W_WEP_CNT ffff [0000] WEP engine enable 4808034h R? W_INTERNAL 0000 [0000] bit0,1 (see ports 004h,040h,1A0h) |
4808036h R/W W_POWER_US ---3 [0001] 4808038h R/W W_POWER_TX ---7 [0003] 480803Ch R/W W_POWERSTATE -r-2 [0200] 4808040h R/W W_POWERFORCE 8--1 [0000] 4808044h R W_RANDOM 0xxx [0xxx] 4808048h R/W W_POWER_? ---3 [0000] |
4808050h R/W W_RXBUF_BEGIN ffff [4000] 4808052h R/W W_RXBUF_END ffff [4800] 4808054h R W_RXBUF_WRCSR 0rrr [0000] 4808056h R/W W_RXBUF_WR_ADDR -fff [0000] 4808058h R/W W_RXBUF_RD_ADDR 1ffe [0000] 480805Ah R/W W_RXBUF_READCSR -fff [0000] 480805Ch R/W W_RXBUF_COUNT -fff [0000] 4808060h R W_RXBUF_RD_DATA rrrr [xxxx] 4808062h R/W W_RXBUF_GAP 1ffe [0000] 4808064h R/W W_RXBUF_GAPDISP -fff [0000] |
4808068h R/W W_TXBUF_WR_ADDR 1ffe [0000] 480806Ch R/W W_TXBUF_COUNT -fff [0000] 4808070h W W_TXBUF_WR_DATA xxxx [xxxx] 4808074h R/W W_TXBUF_GAP 1ffe [0000] 4808076h R/W W_TXBUF_GAPDISP 0fff [0000] 4808078h W W_INTERNAL mirr [mirr] Read: Mirror of 068h 4808080h R/W W_TXBUF_BEACON ffff [0000] Beacon Transmit Location 4808084h R/W W_TXBUF_TIM --ff [0000] Beacon TIM Index in Frame Body 4808088h R/W W_LISTENCOUNT --ff [0000] Listen Count 480808Ch R/W W_BEACONINT -3ff [0064] Beacon Interval 480808Eh R/W W_LISTENINT --ff [0000] Listen Interval 4808090h R/W W_TXBUF_CMD ffff [0000] Multiplay Command 4808094h R/W W_TXBUF_REPLY1 ffff [0000] Multiplay Next Reply 4808098h R W_TXBUF_REPLY2 0000 [0000] Multiplay Current Reply 480809Ch R/W W_INTERNAL ffff [0050] value 4x00h --> preamble+x*12h us? 48080A0h R/W W_TXBUF_LOC1 ffff [0000] 48080A4h R/W W_TXBUF_LOC2 ffff [0000] 48080A8h R/W W_TXBUF_LOC3 ffff [0000] 48080ACh W W_TXREQ_RESET fixx [0050] 48080AEh W W_TXREQ_SET fixx [0050] 48080B0h R W_TXREQ_READ --1f [0010] 48080B4h W W_TXBUF_RESET 0000 [0000] (used by firmware part4) 48080B6h R W_TXBUSY 0000 [0000] (used by firmware part4) 48080B8h R W_TXSTAT 0000 [0000] 48080BAh ? W_INTERNAL 0000 [0000] 48080BCh R/W W_PREAMBLE ---3 [0001] 48080C0h R/W x W_CMD_TOTALTIME ffff [0000] (used by firmware part4) 48080C4h R/W x W_CMD_REPLYTIME ffff [0000] (used by firmware part4) |
48080C8h ? W_INTERNAL 0000 [0000] 48080D0h R/W W_RXFILTER 1fff [0401] 48080D4h R/W W_CONFIG_0D4h ---3 [0001] 48080D8h R/W W_CONFIG_0D8h -fff [0004] 48080DAh R/W W_RX_LEN_CROP ffff [0602] 48080E0h R/W W_RXFILTER2 ---f [0008] |
48080E8h R/W W_US_COUNTCNT ---1 [0000] Microsecond counter enable 48080EAh R/W W_US_COMPARECNT ---1 [0000] Microsecond compare enable 48080ECh R/W W_CONFIG_0ECh 3f1f [3F03] 48080EEh R/W W_CMD_COUNTCNT ---1 [0001] 48080F0h R/W W_US_COMPARE0 fc-- [FC00] Microsecond compare, bits 0-15 48080F2h R/W W_US_COMPARE1 ffff [FFFF] Microsecond compare, bits 16-31 48080F4h R/W W_US_COMPARE2 ffff [FFFF] Microsecond compare, bits 32-47 48080F6h R/W W_US_COMPARE3 ffff [FFFF] Microsecond compare, bits 48-63 48080F8h R/W W_US_COUNT0 ffff [0000] Microsecond counter, bits 0-15 48080FAh R/W W_US_COUNT1 ffff [0000] Microsecond counter, bits 16-31 48080FCh R/W W_US_COUNT2 ffff [0000] Microsecond counter, bits 32-47 48080FEh R/W W_US_COUNT3 ffff [0000] Microsecond counter, bits 48-63 4808100h ? W_INTERNAL 0000 [0000] 4808102h ? W_INTERNAL 0000 [0000] 4808104h ? W_INTERNAL 0000 [0000] 4808106h ? W_INTERNAL 0000 [0000] 480810Ch R/W W_CONTENTFREE ffff [0000] ... 4808110h R/W W_PRE_BEACON ffff [0000] 4808118h R/W W_CMD_COUNT ffff [0000] 480811Ch R/W W_BEACON_COUNT ffff [0000] reloaded with W_BEACONINT |
4808120h R/W W_CONFIG_120h 81ff [0048] init from firmware[04Ch] 4808122h R/W W_CONFIG_122h ffff [4840] init from firmware[04Eh] 4808124h R/W W_CONFIG_124h ffff [0000] init from firmware[05Eh], or 00C8h 4808126h ? W_INTERNAL fixx [ 0080] 4808128h R/W W_CONFIG_128h ffff [0000] init from firmware[060h], or 07D0h 480812Ah ? W_INTERNAL fixx [1000] lower 12bit same as W_CONFIG_128h 4808130h R/W W_CONFIG_130h -fff [0142] init from firmware[054h] 4808132h R/W W_CONFIG_132h 8fff [8064] init from firmware[056h] 4808134h R/W W_POST_BEACON ffff [FFFF] ... 4808140h R/W W_CONFIG_140h ffff [0000] init from firmware[058h], or xx 4808142h R/W W_CONFIG_142h ffff [2443] init from firmware[05Ah] 4808144h R/W W_CONFIG_144h --ff [0042] init from firmware[052h] 4808146h R/W W_CONFIG_146h --ff [0016] init from firmware[044h] 4808148h R/W W_CONFIG_148h --ff [0016] init from firmware[046h] 480814Ah R/W W_CONFIG_14Ah --ff [0016] init from firmware[048h] 480814Ch R/W W_CONFIG_14Ch ffff [162C] init from firmware[04Ah] 4808150h R/W W_CONFIG_150h ff3f [0204] init from firmware[062h], or 202h 4808154h R/W W_CONFIG_154h 7a7f [0058] init from firmware[050h] |
4808158h W W_BB_CNT mirr [00B5] BB Access Start/Direction/Index 480815Ah W W_BB_WRITE ???? [0000] BB Access data byte to write 480815Ch R W_BB_READ 00rr [00B5] BB Access data byte read 480815Eh R W_BB_BUSY 000r [0000] BB Access Busy flag 4808160h R/W W_BB_MODE 41-- [0100] BB Access Mode 4808168h R/W W_BB_POWER 8--f [800D] BB Access Powerdown |
480816Ah ? W_INTERNAL 0000 [0001] (or 0000h?) 4808170h ? W_INTERNAL 0000 [0000] 4808172h ? W_INTERNAL 0000 [0000] 4808174h ? W_INTERNAL 0000 [0000] 4808176h ? W_INTERNAL 0000 [0000] 4808178h W W_INTERNAL fixx [0800] Read: mirror of 17Ch |
480817Ch R/W W_RF_DATA2 ffff [0800] 480817Eh R/W W_RF_DATA1 ffff [C008] 4808180h R W_RF_BUSY 000r [0000] 4808184h R/W W_RF_CNT 413f [0018] |
4808190h R/W W_INTERNAL ffff [0000] 4808194h R/W W_TX_HDR_CNT ---7 [0000] used by firmware part4 (0 or 6) 4808198h R/W W_INTERNAL ---f [0000] 480819Ch R W_RF_PINS fixx [0004] 48081A0h R/W W_X_1A0h -933 [0000] used by firmware part4 (0 or 823h) 48081A2h R/W W_X_1A2h ---3 [0001] used by firmware part4 48081A4h R/W W_X_1A4h ffff [0000] "Rate used when signal test..." |
48081A8h R W_RXSTAT_INC_IF rrrr [0000] Stats Increment Flags 48081AAh R/W W_RXSTAT_INC_IE ffff [0000] Stats Increment IRQ Enable 48081ACh R W_RXSTAT_OVF_IF rrrr [0000] Stats Half-Overflow Flags 48081AEh R/W W_RXSTAT_OVF_IE ffff [0000] Stats Half-Overflow IRQ Enable 48081B0h R/W W_RXSTAT --ff [0000] 48081B2h R/W W_RXSTAT ffff [0000] RX_LengthRateErrorCount 48081B4h R/W W_RXSTAT rrff [0000] ... firmware uses also MSB ... ? 48081B6h R/W W_RXSTAT ffff [0000] 48081B8h R/W W_RXSTAT --ff [0000] 48081BAh R/W W_RXSTAT --ff [0000] 48081BCh R/W W_RXSTAT ffff [0000] 48081BEh R/W W_RXSTAT ffff [0000] 48081C0h R/W W_TX_ERR_COUNT --ff [0000] TransmitErrorCount 48081C4h R W_RX_COUNT fixx [0000] |
48081D0h R/W W_CMD_STAT ff-- [0000] 48081D2h R/W W_CMD_STAT ffff [0000] 48081D4h R/W W_CMD_STAT ffff [0000] 48081D6h R/W W_CMD_STAT ffff [0000] 48081D8h R/W W_CMD_STAT ffff [0000] 48081DAh R/W W_CMD_STAT ffff [0000] 48081DCh R/W W_CMD_STAT ffff [0000] 48081DEh R/W W_CMD_STAT ffff [0000] |
48081F0h R/W W_INTERNAL ---3 [0000]
4808204h ? W_INTERNAL fixx [0000]
4808208h ? W_INTERNAL fixx [0000]
480820Ch W W_INTERNAL fixx [0050]
4808210h R W_TX_SEQNO fixx [0000]
4808214h R W_RF_STATUS XXXX [0009] (used by firmware part4)
480821Ch W W_IF_SET fbff [0000] Force Interrupt (set bits in W_IF)
4808220h R/W W_RAM_DISABLE ffff [0000] WifiRAM control
4808224h R/W W_INTERNAL ---3 [0003]
4808228h W W_X_228h fixx [0000] (used by firmware part4) (bit3)
4808230h R/W W_INTERNAL --ff [0047]
4808234h R/W W_INTERNAL -eff [0EFF]
4808238h R/W W_INTERNAL ffff [0000] ;rx_seq_no-60h+/-x ;why that?
;other day: fixed value, not seq_no related?
480823Ch ? W_INTERNAL fixx [0000] like W_TXSTAT... ONLY for beacons?
4808244h R/W W_X_244h ffff [0000] (used by firmware part4)
4808248h R/W W_INTERNAL ffff [0000]
480824Ch R W_INTERNAL fixx [0000] ;rx_mac_addr_0 ;\OverTheHedge
480824Eh R W_INTERNAL fixx [0000] ;rx_mac_addr_1 ;/writes FFFFh?
4808250h R W_INTERNAL fixx [0000] ;rx_mac_addr_2
4808254h ? W_CONFIG_254h fixx [0000] (read: FFFFh=DS, EEEEh=DS-Lite)
4808258h ? W_INTERNAL fixx [0000]
480825Ch ? W_INTERNAL fixx [0000]
4808260h ? W_INTERNAL fixx [ 0FEF]
4808264h R W_INTERNAL fixx [0000] ;rx_addr_1 (usually "rxtx_addr-x")
4808268h R W_RXTX_ADDR fixx [0005] ;rxtx_addr
4808270h R W_INTERNAL fixx [0000] ;rx_addr_2 (usually "rx_addr_1-1")
4808274h ? W_INTERNAL fixx [ 0001]
4808278h R/W W_INTERNAL ffff [000F]
480827Ch ? W_INTERNAL fixx [ 000A]
4808290h (R/W) W_X_290h fixx [FFFF] bit 0 = ? (used by firmware part4)
4808298h W W_INTERNAL fixx [0000]
48082A0h R/W W_INTERNAL ffff [0000]
48082A2h R W_INTERNAL XXXX [7FFF] 15bit shift reg (used during tx?)
48082A4h R W_INTERNAL fixx [0000] ;rx_rate_1 not ALWAYS same as 2C4h
48082A8h W W_INTERNAL fixx [0000]
48082ACh ? W_INTERNAL fixx [ 0038]
48082B0h W W_INTERNAL fixx [0000]
48082B4h R/W W_INTERNAL -1-3 [0000]
48082B8h ? W_INTERNAL fixx [0000] ;dsi launcher checks if zero
48082C0h R/W W_INTERNAL ---1 [0000]
48082C4h R W_INTERNAL fixx [000A] ;rx_rate_2 (0Ah,14h = 1,2 Mbit/s)
48082C8h R W_INTERNAL fixx [0000] ;rx_duration/length/rate (or so?)
48082CCh R W_INTERNAL fixx [0000] ;rx_framecontrol; from ieee header
48082D0h DIS W_INTERNAL ;"W_POWERACK" (internal garbage)
;normally DISABLED (unless FORCE)
48082F0h R/W W_INTERNAL ffff [0000]
48082F2h R/W W_INTERNAL ffff [0000]
48082F4h R/W W_INTERNAL ffff [0000]
48082F6h R/W W_INTERNAL ffff [0000]
|
4804000h W_MACMEM RX/TX Buffers (2000h bytes) (excluding below specials) 4805F60h Used for something, not included in the rx circular buffer. 4805F80h W_WEPKEY_0 (32 bytes) 4805FA0h W_WEPKEY_1 (32 bytes) 4805FC0h W_WEPKEY_2 (32 bytes) 4805FE0h W_WEPKEY_3 (32 bytes) |
[480xxxxh]=5A5Ah/A5A5h ;-initial dummy WifiRAM memfill values [4805F70h]=FFFFh ;\ [4805F72h]=FFFFh ; set to FFFFh by software [4805F76h]=FFFFh ; [4805F7Eh]=FFFFh ;/ |
[4805F6Eh]=0F00h (nothing received), or 0F01h (received something) |
[4805F70h]=Received MAC Address (6 bytes, looks same as port 480824Ch) [4805F76h]=xxx0h (increasing value, Sequence Control from packet header) |
[4805F7Eh]=xxx0h (next higher sequence number? ie. [4805F76h]+10h) |
| DS Wifi Control |
0-15 Chip ID (1440h on NDS, C340h on NDS-lite) |
0 Adjust some ports (0/1=see lists below) (R/W)
TX Master Enable for LOC1..3 and Beacon (0=Disable, 1=Enable)
1-12 Unknown (R/W)
13 Reset some ports (0=No change, 1=Reset/see list below) (Write-Only)
14 Reset some ports (0=No change, 1=Reset/see list below) (Write-Only)
15 Unknown (R/W)
|
0-2 Unknown, specify a software mode for wifi operation
(may be related to hardware but a correlation has not yet been found)
3-5 WEP Encryption Key Size:
0=Reserved (acts same as 1)
1=64bit WEP (IV=24bit + KEY=40bit) (aka 3+5 bytes) ;standard/us
2=128bit WEP (IV=24bit + KEY=104bit) (aka 3+13 bytes) ;standard/world
3=152bit WEP (IV=24bit + KEY=128bit) (aka 3+16 bytes) ;uncommon
4=Unknown, mabye 256bit WEP (IV=24bit + KEY=232bit) (aka 3+29 bytes)?
5=Reserved (acts same as 1)
6=Reserved (acts same as 1)
7=Reserved (acts same as 1)
6 Unknown
7-15 Always zero
|
Bit0-3 Multiplay Slave number (1..15, or 0) Bit4-15 Not used |
Bit0-10 Association ID (AID) (1..2007, or zero) Bit11-15 Not used |
0-14 Unknown (usually zero) 15 WEP Engine Enable (0=Disable, 1=Enable) |
0-10 Random 11-15 Not used (zero) |
X = (X AND 1) XOR (X ROL 1) ;(rotation within 11bit range) |
Bit Dir Expl. 0 R/W Unknown (this does NOT affect TX) 1 R/W Preamble (0=Long, 1=Short) (this does NOT affect TX) 2 W Preamble (0=Long, 1=Short) (this does affect TX) (only at 2Mbit/s) 3-15 - Always zero |
Type Carrier Signal SFD Value PLCP Header Data Long 128bit, 1Mbit 16bit, 1Mbit 48bit, 1Mbit N bits, 1Mbit or 2Mbit Short 56bit, 1Mbit 16bit, 1Mbit 48bit, 2Mbit N bits, 2Mbit |
[4808034h]=0002h ;W_INTERNAL [480819Ch]=0046h ;W_RF_PINS [4808214h]=0009h ;W_RF_STATUS [480827Ch]=0005h ;W_INTERNAL [48082A2h]=? ;...unstable? |
[480827Ch]=000Ah ;W_INTERNAL |
[4808056h]=0000h ;W_RXBUF_WR_ADDR [48080C0h]=0000h ;W_CMD_TOTALTIME [48080C4h]=0000h ;W_CMD_REPLYTIME [48081A4h]=0000h ;W_X_1A4h [4808278h]=000Fh ;W_INTERNAL ...Also, following may be affected (results are unstable though)... [48080AEh]=? ;or rather the actual port (which it is an mirror of) [48080BAh]=? ;W_INTERNAL (occassionally unstable) [4808204h]=? ;W_INTERNAL [480825Ch]=? ;W_INTERNAL [4808268h]=? ;W_RXTX_ADDR [4808274h]=? ;W_INTERNAL |
[4808006h]=0000h ;W_MODE_WEP [4808008h]=0000h ;W_TXSTATCNT [480800Ah]=0000h ;W_X_00Ah [4808018h]=0000h ;W_MACADDR_0 [480801Ah]=0000h ;W_MACADDR_1 [480801Ch]=0000h ;W_MACADDR_2 [4808020h]=0000h ;W_BSSID_0 [4808022h]=0000h ;W_BSSID_1 [4808024h]=0000h ;W_BSSID_2 [4808028h]=0000h ;W_AID_LOW [480802Ah]=0000h ;W_AID_FULL [480802Ch]=0707h ;W_TX_RETRYLIMIT [480802Eh]=0000h ;W_INTERNAL [4808050h]=4000h ;W_RXBUF_BEGIN [4808052h]=4800h ;W_RXBUF_END [4808084h]=0000h ;W_TXBUF_TIM [48080BCh]=0001h ;W_PREAMBLE [48080D0h]=0401h ;W_RXFILTER [48080D4h]=0001h ;W_CONFIG_0D4h [48080E0h]=0008h ;W_RXFILTER2 [48080ECh]=3F03h ;W_CONFIG_0ECh [4808194h]=0000h ;W_TX_HDR_CNT [4808198h]=0000h ;W_INTERNAL [48081A2h]=0001h ;W_X_1A2h [4808224h]=0003h ;W_INTERNAL [4808230h]=0047h ;W_INTERNAL |
| DS Wifi Interrupts |
0 Receive Complete (packet received and stored in the RX fifo) 1 Transmit Complete (packet is done being transmitted) (no matter if error) 2 Receive Event Increment (IRQ02, see W_RXSTAT_INC_IE) 3 Transmit Error Increment (IRQ03, see W_TX_ERR_COUNT) 4 Receive Event Half-Overflow (IRQ04, see W_RXSTAT_OVF_IE) 5 Transmit Error Half-Overflow (IRQ05, see W_TX_ERR_COUNT.Bit7) 6 Start Receive (IRQ06, a packet has just started to be received) 7 Start Transmit (IRQ07, a packet has just started to be transmitted) 8 Txbuf Count Expired (IRQ08, see W_TXBUF_COUNT) 9 Rxbuf Count Expired (IRQ09, see W_RXBUF_COUNT) 10 Not used (always zero, even when trying to set it with W_IF_SET) 11 RF Wakeup (IRQ11, see W_POWERSTATE) 12 Multiplay CMD done (or failed) (IRQ12, see W_CMD_COUNT) 13 Post-Beacon Timeslot (IRQ13, see W_POST_BEACON) 14 Beacon Timeslot (IRQ14, see W_BEACON_COUNT/W_US_COMPARE) 15 Pre-Beacon Timeslot (IRQ15, see W_BEACON_COUNT/W_PRE_BEACON) |
0-15 Enable Flags, same bits as W_IF (0=Disable, 1=Enable) |
0-15 Set corresponding bits in W_IF (0=No change, 1=Set Bit) |
Caution Caution Caution Caution Caution That means, when acknowledging IF.Bit24, then NO FURTHER wifi IRQs will be executed whilst and as long as (W_IF AND W_IE) is non-zero. |
| DS Wifi Power-Down Registers |
0 Disable W_US_COUNT and W_BB_ports (0=Enable, 1=Disable) 1 Unknown (usually 0) 2-15 Always zero |
0 Auto Wakeup (1=Leave Idle Mode a while after Pre-Beacon IRQ15) 1 Auto Sleep (0=Enter Idle Mode on Post-Beacon IRQ13) 2 Unknown 3 Unknown (Write-only) (used by firmware) 4-15 Always zero |
0 Unknown (usually 0) (R/W) 1 Request Power Enable (0=No, 1=Yes/queued) (R/W, but not always) 2-7 Always zero 8 Indicates that Bit9 is about the be cleared (Read only) 9 Current power state (0=Enabled, 1=Disabled) (Read only) 10-15 Always zero |
0 New value for W_POWERSTATE.Bit9 (0=Clear/Delayed, 1=Set/Immediately) 1-14 Always zero 15 Apply Bit0 to W_POWERSTATE.Bit9 (0=No, 1=Yes) |
(Doing this is okay. Switches to power down mode. Similar to IRQ13.) [4808034h]=0002h ;W_INTERNAL [480803Ch]=02xxh ;W_POWERSTATE [48080B0h]=0000h ;W_TXREQ_READ [480819Ch]=0046h ;W_RF_PINS [4808214h]=0009h ;W_RF_STATUS (idle) |
(Don't do this. After that sequence, the hardware seems to be messed up) W_POWERSTATE.Bit8 gets set to indicate the pending operation, while pending, changes to W_POWERFORCE aren't applied to W_POWERSTATE, while pending, W_POWERACK becomes Read/Write-able, writing 0000h to W_POWERACK does clear W_POWERSTATE.Bit8, and does apply POWERFORCE.Bit0 to W_POWERSTATE.Bit9 and does deactivate Port W_POWERACK again. |
0 Unknown 1 Unknown 2-15 Always zero |
| DS Wifi Receive Control |
0 Copy W_RXBUF_WR_ADDR to W_RXBUF_WRCSR (aka force RX buf empty) (W) 1-3 Unknown (R/W) 4-6 Always zero 7 Copy W_TXBUF_REPLY1 to W_TXBUF_REPLY2, set W_TXBUF_REPLY1 to 0000h (W) 8-14 Unknown (R/W) 15 Enable Queuing received data to RX FIFO (R/W) |
0 For Broadcasts? (0=Insist on W_BSSID, 1=Accept no matter of W_BSSID)
1 Unknown (usually zero)
2 Unknown (usually zero)
3 Unknown (usually zero)
4 Unknown (usually zero)
5 Unknown (usually zero)
6 Unknown (usually zero)
7 Unknown (0 or 1)
8 Empty Packets (0=Ignore, 1=Accept; with RXHDR[0]=801Fh)
9 Unknown (0 or 1)
10 Unknown (0 or 1) (when set, receives beacons, and maybe others)
11 Unknown (usually zero) ;reportedly "allow toDS" ?
12 Update W_RXBUF_WRCSR after IEEE header (instead after full packets?)
(setting bit12 causes a mess, where new "packets" in RX buf could
either contain RXHDR+IEEE header, or Data corresponding to that
headers, which could be useful only if there's a way to distinguish
between headers and data, and knowing the size of the data blocks).
13-15 Not used (always zero)
|
0000h = Disable receive. FFFFh = Enable receive. 0400h = Receives managment frames (and possibly others, too) |
DA=W_MACADDR is always received DA=Broadcast, and BSSID=W_BSSID is always received DA=Broadcast, and BSSID=other is received only if RXFILTER.bit0=1 |
0 Unknown (0=Receive Data Frames, 1=Ignore Data Frames) (?) 1 Unknown 2 Unknown 3 Unknown (usually set) 4-15 Not used (always zero) |
| DS Wifi Receive Buffer |
0-15 Byte-offset in Wifi Memory (usually 4000h..5FFEh) |
0-11 Halfword Address in RAM 12-15 Always zero |
0-11 Halfword Address in RAM 12-15 Always zero |
0 Always zero 1-12 Halfword Address in RAM for reading via W_RXBUF_RD_DATA 13-15 Always zero |
0-11 Halfword Address in RAM 12-15 Always zero |
0-15 Data |
0 Always zero 1-12 Halfword Address in RAM 13-15 Always zero |
Addr=Addr+2 and 1FFEh ;address increment (by W_RXBUF_RD_DATA read)
if Addr=RXBUF_END then ;normal begin/end wrapping (done before gap wraps)
Addr=RXBUF_BEGIN
if Addr=RXBUF_GAP then ;now gap-wrap (may include further begin/end wrap)
Addr=RXBUF_GAP+RXBUF_GAPDISP*2
if Addr>=RXBUF_END then Addr=Addr+RXBUF_BEGIN-RXBUF_END ;wrap more
|
0-11 Halfword Offset, used with W_RXBUF_GAP (see there) 12-15 Always zero |
0-11 Decremented on reads from W_RXBUF_RD_DATA 12-15 Always zero |
| DS Wifi Receive Statistics |
0-12 Increment Flags (see Port 48081B0h..1BFh) 13-15 Always zero |
0-12 Counter Increment Interrupt Enable (see 48081B0h..1BFh) (1=Enable) 13-15 Unknown (usually zero) |
0-12 Half-Overflow Flags (see Port 48081B0h..1BFh) 13-15 Always zero |
0-12 Half-Overflow Interrupt Enable (see Port 48081B0h..1BFh) (1=Enable) 13-15 Unknown (usually zero) |
Port Dir Bit Expl.
48081B0h R/W 0 W_RXSTAT ?
48081B1h - - Always 0 -
48081B2h R/W 1 W_RXSTAT ? "RX_RateErrorCount"
48081B3h R/W 2 W_RXSTAT Length>2348 error
48081B4h R/W 3 W_RXSTAT RXBUF Full error
48081B5h R 4? W_RXSTAT ? (R) (but seems to exist; used by firmware)
48081B6h R/W 5 W_RXSTAT Length=0 or Wrong FCS Error
48081B7h R/W 6 W_RXSTAT Packet Received Okay
(also increments on W_MACADDR mis-match)
(also increments on internal ACK packets)
(also increments on invalid IEEE type=3)
(also increments TOGETHER with 1BCh and 1BEh)
(not incremented on RXBUF_FULL error)
48081B8h R/W 7 W_RXSTAT ?
48081B9h - - Always 0 -
48081BAh R/W 8 W_RXSTAT ?
48081BBh - - Always 0 -
48081BCh R/W 9 W_RXSTAT WEP Error (when FC.Bit14 is set)
48081BDh R/W 10 W_RXSTAT ?
48081BEh R/W 11 W_RXSTAT (duplicated sequence control)
48081BFh R/W 12 W_RXSTAT ?
|
0-? Receive Okay Count (increments together with ports 48081B4h, 48081B7h) 8-? Receive Error Count (increments together with ports 48081B3h, 48081B6h) |
48081D0h Not used (always zero) 48081D1h..1DFh Client 1..15 Response Error (increments on missing replies) |
| DS Wifi Transmit Control |
0-3 Reset corresponding bits in W_TXREQ_READ (0=No change, 1=Reset) 4-15 Unknown (if any) |
0-3 Set corresponding bits in W_TXREQ_READ (0=No change, 1=Set) 4-15 Unknown (if any) |
0 Send W_TXBUF_LOC1 (1=Transfer, if enabled in W_TXBUF_LOC1.Bit15) 1 Send W_TXBUF_CMD (1=Transfer, if enabled in W_TXBUF_CMD.Bit15) 2 Send W_TXBUF_LOC2 (1=Transfer, if enabled in W_TXBUF_LOC2.Bit15) 3 Send W_TXBUF_LOC3 (1=Transfer, if enabled in W_TXBUF_LOC3.Bit15) 4 Unknown (Beacon?) (always 1, except when cleared via W_POWERFORCE) 5-15 Unknown/Not used |
0 W_TXBUF_LOC1 (1=Requested Transfer busy, or not yet started at all) 1 W_TXBUF_CMD (1=Requested Transfer busy, or not yet started at all) 2 W_TXBUF_LOC2 (1=Requested Transfer busy, or not yet started at all) 3 W_TXBUF_LOC3 (1=Requested Transfer busy, or not yet started at all) 4 W_TXBUF_BEACON (1=Beacon Transfer busy) 5-15 Unknown (if any) |
0 One (or more) Packet has Completed (1=Yes)
(No matter if successful, for that info see Bit1)
(No matter if ALL packets are done, for that info see Bit12-13)
1 Packet Failed (1=Error)
2-7 Unknown/Not used
8-11 Usually 0, ...but firmware is checking for values 03h,08h,0Bh
(gets set to 07h when transferred W_TXBUF_LOC1/2/3 did have Bit12=set)
(gets set to 00h otherwise)
(gets set to 03h after beacons ;if enabled in W_TXSTATCNT.Bit15)
(gets set to 08h after cmd's ;if enabled in W_TXSTATCNT.Bit14)
(gets set to 0Bh after cmd ack's ;if enabled in W_TXSTATCNT.Bit13)
(gets set to 04h after reply's ;if enabled in W_TXSTATCNT.Bit12)
12-13 Packet that updated W_TXSTAT (0=LOC1/BEACON/CMD/REPLY, 1=LOC2, 2=LOC3)
14-15 Unknown/Not used
|
0-11 Unknown (usually zero) (otherwise disables RXing multiplay REPLY's?) 12 Update W_TXSTAT=0401h and trigger IRQ01 after REPLY transmits (1=Yes) 13 Update W_TXSTAT=0B01h and trigger IRQ01 after CMD ACK transmits (1=Yes) 14 Update W_TXSTAT=0800h and trigger IRQ01 after CMD DATA transmits(1=Yes) 15 Update W_TXSTAT=0301h and trigger IRQ01 after BEACON transmits (1=Yes) |
0 IEEE FC.Bit12 and Duration (0=Auto/whatever, 1=Manual/Wifi RAM) 1 IEEE Frame Check Sequence (0=Auto/FCS/CRC32, 1=Manual/Wifi RAM) 2 IEEE Sequence Control (0=Auto/W_TX_SEQNO, 1=Manual/Wifi RAM) 3-15 Always zero |
0-11 Increments on IRQ07 (Transmit Start Interrupt) 12-15 Always zero |
| DS Wifi Transmit Buffers |
0 Always zero 1-12 Halfword Address in RAM for Writes via W_TXBUF_WR_DATA 13-15 Always zero |
0-15 Data to be written to address specified in W_TXBUF_WR_ADDR |
0 Always zero 1-12 Halfword Address 13-15 Always zero |
0-11 Halfword Offset (added to; if equal to W_TXBUF_GAP) 12-15 Always zero |
0-11 Halfword Address of TX Frame Header in RAM
12 For LOC1-3: When set, W_TXSTAT.bit8-10 are set to 07h after transfer
And, when set, the transferred frame-body gets messed up?
For BEACON: Unknown, no effect on W_TXSTAT
For CMD: Unknown, no effect on W_TXSTAT
13 IEEE Sequence Control (0=From W_TX_SEQNO, 1=Value in Wifi RAM)
For BEACON: Unknown (always uses W_TX_SEQNO) (no matter of bit13)
14 Unknown
15 Transfer Request (1=Request/Pending)
|
0 Disable LOC1 (0=No change, 1=Reset W_TXBUF_LOC1.Bit15) 1 Disable CMD (0=No change, 1=Reset W_TXBUF_CMD.Bit15) 2 Disable LOC2 (0=No change, 1=Reset W_TXBUF_LOC2.Bit15) 3 Disable LOC3 (0=No change, 1=Reset W_TXBUF_LOC3.Bit15) 4-5 Unknown/Not used 6 Disable REPLY2 (0=No change, 1=Reset W_TXBUF_REPLY2.Bit15) 7 Disable REPLY1 (0=No change, 1=Reset W_TXBUF_REPLY1.Bit15) 8-15 Unknown/Not used |
0-7 Location of TIM parameters within Beacon Frame Body 8-15 Not used/zero |
0-11 Decremented on writes to W_TXBUF_WR_DATA 12-15 Always zero |
| DS Wifi Transmit Errors |
0-7 Retry Count (usually 07h) 8-15 Unknown (usually 07h) |
0-7 TransmitErrorCount 8-15 Always zero |
| DS Wifi Status |
0 Reportedly "carrier sense" (maybe 1 during RX.DTA?) (usually 0)
1 TX.MAIN (RFU.Pin17) Transmit Data Phase (0=No, 1=Active)
2 Unknown (RFU.Pin3) Seems to be always high (Always 1=high?)
3-5 Not used (Always zero)
6 TX.ON (RFU.Pin14) Transmit Preamble+Data Phase (0=No, 1=Active)
Uhhh, no that seems to be still wrong...
Bit6 is often set, even when not transmitting anything...
7 RX.ON (RFU.Pin15) Receive Mode (0=No, 1=Enable)
8-15 Not used (Always zero)
|
0 RX.BUSY Receiving Preamble or Data (0=Idle or TX Busy, 1=RX Busy) 1 Data Phase (for both RX/TX mode) (0=Idle or Preamble, 1=Data) |
0-3 Current Transmit/Receive State:
0 = Initial value on Power-up (before raising W_MODE_RST.Bit0)
1 = RX Mode enabled (waiting for incoming data)
2 = Switching from RX to TX (takes a few clock cycles)
3 = TX Mode active (sending preamble and data)
4 = Switching from TX to RX (takes a few clock cycles)
5 = Multiplay: CMD was sent, waiting for replies (RF_PINS=0084h) (uh?)
Or rather: CMD was received, preparing reply? (on slave side!)
6 = RX (processing incoming data?)
7 = Switching from RX/REPLY to TX/ACK (between STAT=5 and STAT=8)
8 = Multiplay: Sending REPLY, or CMD-Ack (RF_PINS=0046h)
9 = Idle (upon IRQ13, and upon raising W_MODE_RST.Bit0)
4-15 Always zero?
|
0-11 Halfword address 12-15 Always zero |
| DS Wifi Timers |
0 Counter Enable (0=Disable, 1=Enable) 1-15 Always zero |
0-63 Counter Value in microseconds (incrementing) |
0 Compare Enable (0=Disable, 1=Enable) (IRQ14/IRQ15) 1 Force IRQ14 (0=No, 1=Force Now) (Write-only) 2-15 Always zero |
0 Block Beacon IRQ14 until W_US_COUNT=W_US_COMPARE (0=No, 1=Block) (W) 1-9 Always zero 10-63 Compare Value in milliseconds (aka microseconds/1024) (R/W) |
0-15 Decrementing Millisecond Counter (reloaded with W_BEACONINT upon IRQ14) |
0-15 Decrementing Millisecond Counter (reloaded with FFFFh upon IRQ14) |
0-9 Frequency in milliseconds of beacon transmission 10-15 Always zero |
0-15 Pre-Beacon Time in microseconds (static value, ie. NOT decrementing) |
0-7 Decremented by hardware at IRQ14 events (ie. once every beacon) 8-15 Always zero |
0-7 Listen Interval, counted in beacons (usually 02h) 8-15 Always zero |
0-15 Decrementing microsecond counter |
W_IF.Bit13=1 ;interrupt request |
[4808034h]=0002h ;W_INTERNAL ;(similar to W_POWERFORCE=8001h) [480803Ch]=02xxh ;W_POWERSTATE ;(W_TXREQ_READ.Bit4 is kept intact though) [480819Ch]=0046h ;W_RF_PINS.7=0;disable receive (enter idle mode) (RX.ON=Low) [4808214h]=0009h ;W_RF_STATUS=9;indicate idle mode |
W_BEACON_COUNT=W_BEACONINT ;next IRQ15/IRQ14 (Above is NOT done when IRQ14 was forced via W_US_COMPARECNT.Bit1) |
(Below IS ALSO DONE when IRQ14 was forced via W_US_COMPARECNT.Bit1)
W_IF.Bit14=1
W_POST_BEACON=FFFFh ;about 64 secs (ie. almost never) ;next IRQ13 ("never")
W_TXREQ_READ=W_TXREQ_READ AND FFF2h
if W_TXBUF_BEACON.15 then W_TXBUSY.Bit4=1
if W_LISTENCOUNT=00h then W_LISTENCOUNT=W_LISTENINT
W_LISTENCOUNT=W_LISTENCOUNT-1
|
W_RF_PINS.Bit7=0 ;disable receive (RX.ON=Low) W_RF_STATUS=2 ;indicate switching from RX to TX mode |
W_RF_PINS.Bit6=1 ;transmit preamble start (TX.ON=High) W_RF_STATUS=3 ;indicate TX mode |
W_POST_BEACON = W_POST_BEACON + TagDDhSteppingValue ;next IRQ13 |
W_IF.Bit7=1 ;interrupt request W_RF_PINS.Bit1=1 ;start data transfer (preamble finished now) (TX.MAIN=High) |
[TXBUF...] = W_TX_SEQNO*10h ;auto-adjust IEEE Sequence Control W_TX_SEQNO=W_TX_SEQNO+1 ;increase sequence number |
W_RF_PINS.Bit6=0 ;disable TX (TX.ON=Low) W_RF_STATUS=4 ;indicate switching from TX to RX mode |
W_IF.Bit1=1 ;interrupt request W_RF_PINS.Bit1=0 ;disable TX (TX.MAIN=Low) W_RF_PINS.Bit7=1 ;enable RX (RX.ON=High) W_RF_STATUS=1 ;indicate RX mode |
if W_US_COMPARECNT=1 then W_IF.Bit15=1 |
W_RF_PINS.Bit7=1 ;enable RX (RX.ON=High) ;\gets set like so a good while W_RF_STATUS=1 ;indicate RX mode ;/after IRQ15 (but not immediately) |
IRQ15 Pre-Beacon (beacon will be transferred soon) IRQ14 Beacon (beacon will be transferred very soon) (carrier starts) IRQ07 Tx Start (beacon transfer starts) (if enabled in W_TXBUF_BEACON.15) IRQ01 Tx End (beacon transfer done) (if enabled in W_TXSTATCNT.15) IRQ13 Post-Beacon (beacon transferred) (unless next IRQ14 occurs earlier) |
| DS Wifi Multiplay Master |
0 Enable W_CMD_COUNT (0=Disable, 1=Enable) 1-15 Always Zero |
0-15 Decremented once every 10 microseconds (Stopped at 0000h) |
0-15 Duration per ALL slave response packet(s) in microseconds |
0-15 Duration per SINGLE slave response packet in microseconds |
master_time = (master_bytes*4)+(60h) ;60h = 96 decimal = short preamble slave_time = (slave_bytes*4)+(0D0h..0D2h) all_slave_time = (EAh..F0h)+(slave_time+0Ah)*num_slaves txhdr[2] = slave_bits ;hardware header (*) ieee[2] = all_slave_time ;ieee header (duration/id) body[0] = slave_time ;duration per slave (for multiboot/pictochat) body[2] = slave_bits ;frame body -- required (*) [48080C0h] = all_slave_time ;W_CMD_TOTALTIME [48080C4h] = slave_time ;W_CMD_REPLYTIME duration per slave [4808118h] = (388h+(num_slaves*slave_time)+master_time+32h)/10 ;W_CMD_COUNT [4808090h] = 8000h+master_packet_address ;start transmit ;W_TXBUF_CMD |
After starting transfer via TXREQ and TXBUF_CMD write: TXBUSY=2 (formerly 0) (after TXBUF_CMD write, or sometimes a bit later) After about 50-500 microseconds: ;\ RF_STAT=3 (TXing) (formerly 2) ; RXTX_ADDR=0006h..0008h (TXbuf+0Ch..) (formerly in RXBUF) ; CMD SEQNO+1 ; After TX preamble: ; IF=80h (TX Start, for CMD) ; RXTX_ADDR=0009h..0xxxh (TXbuf..) ; After TX data: ; optional: IF=02h (TX Done, for CMD) (if enabled in TXSTATCNT); optional: TXSTAT=0800h (CMD done) (if enabled in TXSTATCNT); RF_STAT=5 (CMD done, prepare for REPLY) ;/ US=0017h ;\ RXTX_ADDR=rxbuf.. ; After RX preamble: ; IF=40h (RX Start, for REPLY) ; REPLY RXTX_ADDR=rxbuf.. ; (if any) After RX data: ; IF=01h (RX Done, for REPLY) ; WRCSR+18h (for REPLY) ;/ After a dozen microseconds: ;\ RF_STAT=7 ;Switching from REPLY to ACK ; RF_STAT=8 ;TXing ACK (shortly after above STAT=7) ; RXTX_ADDR=0FC0h (special dummy addr during TX ACK) ; After TX preamble: ; ACK IF=80h (TX Start, for ACK) ; After TX data: ; optional: IF=02h (TX Done, for ACK) (if enabled in TXSTATCNT); optional: TXSTAT=0B01h (ACK done) (if enabled in TXSTATCNT); TXBUSY=0000h (formerly 0002h) ; TXBUF_CMD.bit15=0 ; TXHDR_0=0001h (okay) (formerly 0000h) ; TXHDR_2=0000h (no error flags) (formerly 0002h) ; SEQNO+1 ; RF_STAT=1 ;RX awaiting ; IF=1000h (CMD timeslot done) (shortly AFTER above IF=02h) ;/ |
1. MP host sends the CMD frame, as soon as possible. after preamble,
IRQ7 is triggered
2. once the transfer is finished: if bit14 in W_TXSTATCNT is set,
W_TXSTAT is set to 0x0800, and IRQ1 is triggered
somewhere here: set W_RF_STATUS=5, RFPINS=0x0084
3. hardware waits for MP clients' replies, duration is:
16 + ((10 + W_CMD_REPLYTIME) * count_ones(client_mask_from_frame_body))
4. MP host sends the CMD ack. after preamble, IRQ7 is triggered
(this is why you get two IRQ7's from a CMD transfer)
5. during the ack transfer, W_RF_STATUS is 8, and W_RXTXADDR is 0x0FC0
6. once the transfer is finished: if bit13 in W_TXSTATCNT is set,
W_TXSTAT is set to 0x0B01, and IRQ1 is triggered.
7. the TX header of the CMD frame is adjusted: bits in TXheader[02] are
cleared to indicate that the corresponding clients responded
successfully. Nintendo software checks this.
|
| DS Wifi Multiplay Slave |
0-11 Halfword address 12-14 Unknown (the bits can be set, ie. they DO exist) 15 Enable |
At incoming CMD DATA packet: ;\
RF_STATUS=6 ;RX processing incoming stuff ;
After RX preamble: ; CMD
IRQ6 (RX Start, for CMD DATA) ; DATA
After RX data: ;
IRQ0 (RX Done, for CMD DATA) ;
WRCSR=WRCSR+(size of CMD DATA) ;
RF_STATUS=5 ;preparing REPLY ;
if REPLY2.bit15=1 ;
TXHDR[1]=TXHDR[0] ;<-- or sometimes random? ;\adjust TXHDR[0,1] ;
TXHDR[0]=01h ;<-- mark done/discarded ;/for <old> REPLY2 ;
REPLY2=REPLY1, REPLY1=0000h ;-forward new reply ;
if REPLY2.bit15=1 ;
TXHDR[4] incremented (unless already max FFh) ;\adjust TXHDR[4,5] ;
TXHDR[5]=00h ;/for <new> REPLY2 ;
TX_SEQNO incremented ;<-- done here if REPLY2 exists ;/
After some moment (at the AID_LOW slot?): ;\
RF_STATUS=8 ;TX sending REPLY ;
After TX preamble: ; REPLY
IRQ7 (TX Start, for REPLY) ;
After TX data: ;
RF_STATUS=1 ;RX awaiting next packet ;
optional: IRQ1 (TX Done) (only if enabled in TXSTATCNT, and REPLY2.bit15=1)
optional: TXSTAT=0401h (only if enabled in TXSTATCNT) ;
if REPLY2.bit15=0 ;
SEQNO increased ;<-- done here when REPLY2 is empty ;/
After some moment: ;\
RF_STATUS=6 ;RX processing incoming stuff ;
After RX preamble: ; CMD
IRQ6 (RX Start, for CMD ACK) ; ACK
After RX data: ;
IRQ0 (RX Done, for CMD ACK) ;
WRCSR=WRCSR+(size of CMD ACK) ;
RF_STATUS=1 ;RX awaiting next packet ;/
Thereafter, Nintendo's software seems to require a delay (at least
100h microseconds) before receiving the next CMD DATA packet.
|
| DS Wifi Configuration Ports |
W_CONFIG_140h = firmware[058h]+0202h ;1Mbit/s W_CONFIG_140h = firmware[058h]+0202h-6161h ;2Mbit/s with long preamble W_CONFIG_140h = firmware[058h]+0202h-6161h-6060h ;2Mbit/s with short preamble |
0-7 Decrease RX Length by N halfwords for Non-WEP packets (usually 2) 8-15 Decrease RX Length by N halfwords for WEP packets (usually 6) |
| DS Wifi Baseband Chip (BB) |
0-7 Index (00h-68h) 8-11 Not used (should be zero) 12-15 Direction (5=Write BB_WRITE to Chip, 6=Read from Chip to BB_READ) |
0-7 Data to be sent to chip (by following W_BB_CNT transfer) 8-15 Not used (should be zero) |
0-7 Data received from chip (from previous W_BB_CNT transfer) 8-15 Not used (always zero) |
0 Transfer Busy (0=Ready, 1=Busy) 1-15 Always zero |
0-7 Always zero 8 Unknown (usually 1) (no effect no matter what setting?) 9-13 Always zero 14 Unknown (usually 0) (W_BB_READ gets unstable when set) 15 Always zero |
0-3 Disable whatever (usually 0Dh=disable) 4-14 Always zero 15 Disable W_BB_ports (usually 1=Disable) |
Index Num Dir Expl. 00h 1 R always 6Dh (R) (Chip ID) 01h..0Ch 12 R/W 8bit R/W 0Dh..12h 6 - always 00h 13h..15h 3 R/W 8bit R/W 16h..1Ah 5 - always 00h 1Bh..26h 12 R/W 8bit R/W 27h 1 - always 00h 28h..4Ch R/W 8bit R/W 4Dh 1 R always 00h or BFh (depending on other regs) 4Eh..5Ch R/W 8bit R/W 5Dh 1 R always 01h (R) 5Eh..61h - always 00h 62h..63h 2 R/W 8bit R/W 64h 1 R always FFh or 3Fh (depending on other regs) 65h 1 R/W 8bit R/W 66h 1 - always 00h 67h..68h 2 R/W 8bit R/W 69h..FFh - always 00h |
Addr Initial Meaning
01h 0x9E [unsetting/resetting bit 7 initializes/resets the system?]
02h unknown (firmware is messing with this register)
06h unknown (firmware is messing with this register, too)
13h 0x00 CCA operation - criteria for receiving
0=only use Carrier Sense (CS)
1=only use Energy Detection (ED)
2=receive if CS OR ED
3=receive only if CS AND ED
1Eh 0xBB see change channels flowchart (Ext. Gain when RF[09h].bit16=0)
35h 0x1F Energy Detection (ED) criteria
value 0..61 (representing energy levels of -60dBm to -80dBm)
|
| DS Wifi RF Chip |
0-1 Upper 2bit of 18bit data 2-6 Index (00h..1Fh) (firmware uses only 00h..0Bh) 7 Command (0=Write data, 1=Read data) 8-15 Should be zero (not used with 24bit transfer) |
0-3 Command (5=Write data, 6=Read data) 4-15 Should be zero (not used with 20bit transfer) |
0-15 Lower 16bit of 18bit data |
0-7 Data (to be written to chip) (or being received from chip) 8-15 Index (usually 00h..28h) (index 40h..FFh are mirrors of 00h..3Fh) |
0 Transfer Busy (0=Ready, 1=Busy) 1-15 Always zero |
0-5 Transfer length (init from firmware[041h].Bit0-5) 6-7 Always zero 8 Unknown (init from firmware[041h].Bit7) 9-13 Always zero 14 Unknown (usually 0) 15 Always zero |
| DS Wifi RF9008 Registers |
Firmware Index Data (24bit) (4bit) (18bit) 00C007h = 00h + 0C007h ;-also set to 0C008h for power-down 129C03h = 04h + 29C03h 141728h = 05h + 01728h ;\these are also written when changing channels 1AE8BAh = 06h + 2E8BAh ;/ 1D456Fh = 07h + 1456Fh 23FFFAh = 08h + 3FFFAh 241D30h = 09h + 01D30h ;-bit10..14 should be also changed per channel? """"50h = """ + """50h ;firmware v5 and up uses narrower tx filter 280001h = 0Ah + 00001h 2C0000h = 0Bh + 00000h 069C03h = 01h + 29C03h 080022h = 02h + 00022h 0DFF6Fh = 03h + 1FF6Fh |
17-16 Reserved, program to zero (0) 15-14 Reference Divider Value (0=Div2, 1=Div3, 2=Div44, 3=Div1) 3 Sleep Mode Current (0=Normal, 1=Very Low) 2 RF VCO Regulator Enable (0=Disable, 1=Enable) 1 IF VCO Regulator Enable (0=Disable, 1=Enable) 0 IF VGA Regulator Enable (0=Disable, 1=Enable) |
17 IF PLL Enable (0=Disable, 1=Enable) 16 IF PLL KV Calibration Enable (0=Disable, 1=Enable) 15 IF PLL Coarse Tuning Enable (0=Disable, 1=Enable) 14 IF PLL Loop Filter Select (0=Internal, 1=External) 13 IF PLL Charge Pump Leakage Current (0=Minimum value, 1=2*Minimum value) 12 IF PLL Phase Detector Polarity (0=Positive, 1=Negative) 11 IF PLL Auto Calibration Enable (0=Disable, 1=Enable) 10 IF PLL Lock Detect Enable (0=Disable, 1=Enable) 9 IF PLL Prescaler Modulus (0=4/5 Mode, 1=8/9 Mode) 8-4 Reserved, program to zero (0) 3-0 IF VCO Coarse Tuning Voltage (N=Voltage*16/VDD) |
17-16 Reserved, program to zero (0) 15-0 IF PLL divide-by-N value |
17 Reserved, program to zero (0) 16-8 IF VCO KV Calibration, delta N value (signed) ;DeltaF=(DN/Fr) 7-4 IF VCO Coarse Tuning Default Value 3-0 IF VCO KV Calibration Default Value |
17-10 Same as for RF[01h] (but for RF, not for IF) 9 RF PLL Prescaler Modulus (0=8/9 Mode, 1=8/10 Mode) 8-0 Same as for RF[01h] (but for RF, not for IF) |
17-6 RF PLL Divide By N Value 5-0 RF PLL Numerator Value (Bits 23-18) |
17-0 RF PLL Numerator Value (Bits 17-0) |
17-10 Same as for RF[03h] (but for RF, not for IF) ;and, DN=(deltaF/Fr)*256 |
17-13 VCO1 Warm-up Time ;TVCO1=(approximate warm-up time)*(Fr/32) 12-8 VCO1 Tuning Gain Calibration ;TLOCK1=(approximate lock time)*(Fr/128) 7-3 VCO1 Coarse Tune Calibration Reference ;VALUE=(average time)*(Fr/32) 2-0 Lock Detect Resolution (0..7) |
17 Receiver DC Removal Loop (0=Enable DC Removal Loop, 1=Disable) 16 Internal Variable Gain for VGA (0=Disable/External, 1=Enable/Internal) 15 Internal Variable Gain Source (0=From TXVGC Bits, 1=From Power Control) 14-10 Transmit Variable Gain Select (TXVGC) (0..1Fh = High..low gain) 9-7 Receive Baseband Low Pass Filter (0=Wide Bandwidth, 7=Narrow) 6-4 Transmit Baseband Low Pass Filter (0=Wide Bandwidth, 7=Narrow) 3 Mode Switch (0=Single-ended mode, 1=Differential mode) 2 Input Buffer Enable TX (0=Input Buffer Controlled by TXEN, 1=By BBEN) 1 Internal Bias Enable (0=Disable/External, 1=Enable/Internal) 0 TX Baseband Filters Bypass (0=Not Bypassed, 1=Bypassed) |
17-15 Select MID_BIAS Level (1.6V through 2.6V) 14-9 Desired output power at antenna (N*0.5dBm) 8-3 Power Control loop-variation-adjustment Offset (signed, N*0.5dB) 2-0 Desired delay for using a single TX_PE line (N*0.5us) |
17-12 Desired MAX output power when PABIAS=MAX=2.6V (N*0.5dBm) 11-6 Desired MAX output power when PABIAS=MID_BIAS (N*0.5dBm) 5-0 Desired MAX output power when PABIAS=MIN=1.6V (N*0.5dBm) |
17 IF VCO Band Current Compensation (0=Disable, 1=Enable) 16 RF VCO Band Current Compensation (0=Disable, 1=Enable) 15-0 Reserved, program to zero (0) |
Not used. |
17-0 This is a test register for internal use only. |
Not used. |
17-0 Don't care (writing any value resets the chip) |
| DS Wifi Unknown Registers |
0-15 Unknown (usually zero) |
0-1 Unknown 2-3 Always zero 4-5 Unknown 6-7 Always zero 8 Unknown 9-10 Always zero 11 Unknown 12-15 Always zero |
0-1 Unknown. Firmware writes values 03h, 01h, and VAR. 2-15 Always zero |
0-1 Disable WifiRAM (0=Normal, other=locks memory at 4804000h-5FFFh) 2-4 Unknown (0=Normal, other=prevents/affects RX to ram?) 5 Disable Special Log? (0=Normal, 1=Prevent 4805F6Eh..5F77h updates) 6-15 Unknown (0=Normal, other=?) |
0 Unknown (R/W) (if present) 1-15 Not used |
| DS Wifi Unused Registers |
4800000h-4807FFFh Wifi WS0 Region (32K) ;used for RAM at 4804000h 4808000h-4808000h Wifi WS1 Region (32K) ;used for registers at 4808000h 4810000h-4FFFFFFh Not used (00h-filled) |
Wifi-WS0-Region Wifi-WS1-Region Content 4800000h-4800FFFh 4808000h-4808FFFh Registers 4801000h-4801FFFh 4809000h-4809FFFh Registers (mirror) 4802000h-4803FFFh 480A000h-480BFFFh Unused 4804000h-4805FFFh 480C000h-480DFFFh Wifi RAM (8K) 4806000h-4806FFFh 480E000h-480EFFFh Registers (mirror) 4807000h-4807FFFh 480F000h-480FFFFh Registers (mirror) |
2030h, 2044h, 2056h, 2080h, 2090h, 2094h, 2098h, 209Ch, 20A0h, 20A4h, 20A8h, 20AAh, 20B0h, 20B6h, 20BAh, 21C0h, 2208h, 2210h, 2244h, 31D0h, 31D2h, 31D4h, 31D6h, 31D8h, 31DAh, 31DCh, 31DEh. |
Read from (W) Mirrors to (NDS) Or to (NDS-Lite) 070h W_TXBUF_WR_DATA 060h W_RXBUF_RD_DATA 074h W_TXBUF_GAP 078h W_INTERNAL 068h W_TXBUF_WR_ADDR 074h W_TXBUF_GAP 0ACh W_TXREQ_RESET 09Ch W_INTERNAL ? (zero) 0AEh W_TXREQ_SET 09Ch W_INTERNAL ? (zero) 0B4h W_TXBUF_RESET 0B6h W_TXBUSY ? (zero) 158h W_BB_CNT 15Ch W_BB_READ ? (zero) 15Ah W_BB_WRITE ? (zero) ? (zero) 178h W_INTERNAL 17Ch W_RF_DATA2 ? (zero) 20Ch W_INTERNAL 09Ch W_INTERNAL ? (zero) 21Ch W_IF_SET 010h W_IF 010h |