Codebreaker (Nintendo DS)

From Wiki -
Jump to: navigation, search
Codebreaker cartridge

Code Breaker is a Game Enhancer developed by Pelican Accessories for Nintendo DS. The original model of the Codebreaker was identical to the GameShark in that it would use codes to hack the game. It was well known for having a more user friendly interface and design than the GameShark.

Using CBDSCrypt

CBDSCrypt is a utility developed by kenobi. It is capable of both encrypting and decrypting codes for the Codebreaker DS, as well as creating master codes. A rom of the game the codes are for is required in order to use this application. To use the program, simply run it, and then drag and drop the rom image on top of the program. Paste the codes that are to be encrypted or decrypted into the left textarea, and press the appropriate button "encrypt" or "decrypt" and the resulting codes will appear in the right text area.

Master codes can be generated by pressing the (M) button. This program uses two methods to generate potential master codes, Parasyte's method and kenobi's method. Parasyte's method entails finding the location of the following instructions in both of the ARM executables:

Inst Operands Comments
ldr r1, =intr_table @ 0xE59F1008
ldr r0, [r1,r0,LSL#2] @ 0xE7910100
ldr lr, =ret_loc @ 0xE59FE004
bx r0 @ 0xE12FFF10

They might not be found in the ARM9 executable because of decompression, but it will always be in plain sight in the ARM7. All that is necessary is to hook that =retloc, which is always 2 words after that bx r0. It is done the same way as hooking any other pointer. This is also how Kwurdi's automatic hook search has functioned for the last two and half years, and it hasn't failed yet.

Kenobi's method involves simulating the ARDS's automated (M) code finder. To start, search for the 32-bit value 0x0380FFF8, beginning at the ARM7 executable. After this is found, search for the following 0x0380FFF8. Following this, search backwards for the first bx r14 (0xE12FFF13). Subtract 4 from this address and then convert it to a RAM address. To convert it to a RAM address, take the address and subtract the 32-bit value that is located at 0x30 in the ROM; then add the 32-bit value that is located at 0x38 in the ROM. The (M) code is F2[ram address] 023FC000.


External Links

PlayStation - Dreamcast - PlayStation 2
Game Boy - Game Boy Advance - Nintendo DS