3
edits
Changes
Jump to navigation
Jump to search
mLine 1:
Line 1: − + + − + − Regular VC titles: an emulator application + VC ROM in the NCCH [[RomFS]](among other things in the RomFS). The emulator build includes support for all supported VC platforms, not specific to just the included ROM platform.+ + + + + + + − + Line 17:
Line 24: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 22:
Line 181: − + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 38:
Line 247: − + − + − + − |- − | 0x338 − | 0x4 − | GBA ROM Filesize − |- − | 0x344 − | 0x4 − | GBA ROM Filesize − |- − | 0x350 − | 0x4 − | Magic '.CAA' − |- − | 0x35A − | 0x2 − | High two bytes of GBA ROM file size − + − + − + − + − Support for RTC and 1m-flash chips is not implemented in AGB_FIRM.+ − + − Manufacturer info:+ − GBA games' SDK-provided save code only supports a range of manufacturers from which Nintendo was buying memory from around the time of that game's development. As such, most games don't support a generic emulated storage chip. This byte appears to select a manufacturer info set to emulate. This has been observed to be 0x90, 0xC0, and (in one EEPROM-based game), 0x80.+ − + − + − + − + + + + + − + Line 95:
Line 292: − + Line 103:
Line 300: − + − + − + Line 116:
Line 313: − + Line 142:
Line 339: + + +
→data.bin structure
There's two types of VC titles: regular VC titles, and dedicated GBA VC titles.
There are several types of VC titles: NES/GB/GBC VC titles, SNES VC titles, GameGear VC titles and GBA VC titles.
Except for GBA VC, the games are ran using emulators.
=Regular VC=
=NES/GB/GBC VC=
An emulator application + VC ROM in the NCCH [[RomFS]] (among other things in the RomFS).
The original emulator builds include support for all these three platforms, not specific to just the included ROM platform. However, releases intended for NES games have a red menu, optional switching between the two controllers, a different X button mapping (B instead of menu), optional [[Download Play]] support, and [http://s27.postimg.org/60v4yuw8z/IMG_20140921_001103.jpg a never used multi-rom support]; while Game Boy versions have a green theme and optional 3D border.
Early builds (of Ambassador NES games at least) did not support savestates.
The emulator officially used for Pokemon games removes savestate support in favor of a Link Cable "implementation" involving hooking the games' network functions according to the patch files. ([https://gbatemp.net/attachments/vc-wireless-link-patch-documentation-txt.72966/ Partial documentation of the patch format])
This emulator includes GBA support, however the GBA emulation for this this is somewhat slow. This was presumably implemented before AGB_FIRM was.
This emulator includes GBA support, however the GBA emulation for this this is somewhat slow. This was presumably implemented before AGB_FIRM was.
Unlike Wii VC, the 3DS VC ROMs for NES use the "TNES" header.
Unlike Wii VC, the 3DS VC ROMs for NES use [http://pastebin.com/KLeWt2W3 the "TNES" header].
==RomFS==
==RomFS==
* "rom:/<rom_name>.patch" rom_name = filename from the rom directory. This .ini contains patches for the ROM.
* "rom:/<rom_name>.patch" rom_name = filename from the rom directory. This .ini contains patches for the ROM.
* "rom:/shader.shbin" GPU shader.
* "rom:/shader.shbin" GPU shader.
==Savedata==
The savedata can contain:
* "rsm1.dat": Same format as the below rsm2.dat. Probably used for the "restore-point".
* "rsm2.dat": Current emulator save-state, for storing/loading state at VC-title launch/exit.
* "sav.dat": The actual savedata used by the emulated ROM.
* "SecureValue": The random number used by [[Anti Savegame Restore]]. No known version of the emulator implements both savestates and secure value.
Overwriting sav.dat with 0xFF-bytes doesn't have any affect on the actual emulator. Doing that with most of the rsm*.dat data doesn't crash anything.
=SNES VC=
An emulator application + VC ROM in the NCCH [[RomFS]] (among other things in the RomFS).
SNES VC titles are New 3DS exclusive.
==RomFS==
* "rom:/ErrorMessage/" This directory contains text used by the emulator app.
* "rom:/shader/" This directory contains .shbin GPU shaders used by the emulator app.
* "rom:/VCM/" This directory contains text used by the emulator app.
* "rom:/caravel.bcsar" This file contains audio used by the emulator app.
* "rom:/ctrl_change.arc" This file contains graphics used by the emulator app.
* "rom:/data.bin" This file contains the ROM and other data. See below for documentation.
* "rom:/ErrorMessage.arc" This file contains graphics used by the emulator app.
* "rom:/KTR-XXXX.icn" Copy of the SMDH of the game.
* "rom:/shader.shbin" GPU shader.
* "rom:/nnfont_RectDrawerShader.shbin" GPU shader.
* "rom:/VCM.arc" This file contains graphics used by the emulator app.
===data.bin structure===
The file begins with a header (all values are little-endian):
{| class="wikitable" border="1"
|-
! START
! SIZE
! DESCRIPTION
|-
| 0x00
| 0x4
| Always 0x00000100
|-
| 0x04
| 0x4
| File size
|-
| 0x08
| 0x4
| Always 0x00000030
|-
| 0x0C
| 0x4
| Always 0x00000050
|-
| 0x10
| 0x4
| Start of the ROM (always 0x00000060 in official VC)
|-
| 0x14
| 0x4
| End of the ROM
|-
| 0x18
| 0x4
| Start of the footer region (presumably an index for the PCM audio samples). Matches end of file/file size if PCM data is missing
|-
| 0x1C
| 0x4
| Always 0
|-
| 0x20
| 0x4
| Start of decompressed SDD-1 graphics data region. Matches end of file/file size if no SDD-1 chip is present
|-
| 0x24
| 0x8
| Product ID (KTR-XXXX), determines filenames in savedata
|-
| 0x2C
| 0x4
| Always 0
|-
| 0x30
| 0x1
| Emulation speed in FPS (always 0x3C in official VC)
|-
| 0x31
| 0x3
| ROM size
|-
| 0x34
| 0x1
| Always 0
|-
| 0x35
| 0x3
| Size of the converted PCM audio samples region (starting after ROM). 0 if PCM data is missing
|-
| 0x38
| 0x1
| Always 0
|-
| 0x39
| 0x2
| Footer region size. 0 if PCM data is missing
|-
| 0x3B
| 0x2
| Always 0
|-
| 0x3D
| 0x2
| Preset ID (varies for each game). A full list of know Preset IDs (shared by WiiU/SNESC/Switch SNES emulators) can be found [https://docs.google.com/spreadsheets/d/1PbIPVA4NpFEXs1zk249aR3FSuBTY3r-ajpTq3dP3GnQ here]
|-
| 0x3F
| 0x1
| Always 0x2
|-
| 0x40
| 0x1
| Sound volume
|-
| 0x41
| 0x1
| ROM type (0x15 == HiROM/0x14 == LoROM)
|-
| 0x42
| 0xE
| Always 0
|-
| 0x50
| 0x4
| Always 0x00000003
|-
| 0x54
| 0x4
| Always 0x00000001
|-
| 0x58
| 0x8
| Always 0
|}
The 0x60 header is followed by the SNES ROM, often altered to replace audio samples with pointers to external PCM audio files converted from the game, presumably to speed up emulation (these pointers can be found by looking for "PCMF" in the ROM, as seen on [https://github.com/Plombo/vcromclaim/blob/master/snesrestore.py Wii VC]).
The ROM is then optionally followed by the PCM audio files, by the SDD-1 decompressed graphics data (the emulator doesn't properly emulate the chip, presumably because of hardware constraints) and by a footer which appears to be an index for the PCM audio data.
There are no setting fields for specific cart features, with the exception of Special Chip, and it appears that the emulator has "game presets" stored in its own code, which determines more game-specific settings. The Special Chip can also be enabled by the game Preset ID. Each official VC release has [https://docs.google.com/spreadsheets/d/1PbIPVA4NpFEXs1zk249aR3FSuBTY3r-ajpTq3dP3GnQ/edit#gid=490971147 a different preset ID] in the header. The supported Special Chips are: DSP1, C4 and DSP2.
A similar structure can be found on Wii U, SNES Classic and Switch Mini emulator [https://gist.github.com/anpage/c1085055db0242ea3c7558dab56712a5]
==Savedata==
The savedata contains:
* "KTR-XXXX.cfg": Appears to contain the "preset ID" and possibly more game/save information.
* "KTR-XXXX.vea": Current emulator save-state, for storing/loading state at VC-title launch/exit.
* "KTR-XXXX.ves": The actual savedata used by the emulated ROM.
Filenames are determined in the ROM header.
=GBA VC=
=GBA VC=
===Footer===
===Footer===
All values in the GBA VC footer are little-endian.
All values in the GBA VC footer and related structures are little-endian.
{| class="wikitable" border="1"
|-
! START
! SIZE
! DESCRIPTION
|-
| 0x00
| 0x4
| Magic '.CAA'
|-
| 0x04
| 0x4
| Must be 1
|-
| 0x08
| 0x4
| Offset to array of config descriptors
|-
| 0x0C
| 0x4
| Number of config descriptors << 4
|}
====Config descriptor====
{| class="wikitable" border="1"
|-
! START
! SIZE
! DESCRIPTION
|-
| 0x0
| 0x4
| If 1, then this config descriptor is used. If 0, and the following value is not 0, then the GBA VC load fails outright (causes result 0xC900464F). Otherwise, this config descriptor is skipped.
|-
| 0x4
| 0x4
| Offset to config
|-
| 0x8
| 0x4
| Size of config (unused by the function that parses this, which hardcodes the config size (0x324) to memcpy)
|-
| 0xC
| 0x4
| Padding
|}
====Config====
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
|-
|-
| 0x020
| 0x020
| 0x1
| 0x4
| Manufacturer info select (see below)
| LCD ghosting (01-FF, lower values equal more ghosting)
|-
|-
| 0x024
| 0x024
| 0x300
| 0x300
| Unknown, three different types of this data have been observed.
| Video LUT (black to full, rgbrgbrgb...)?,<br/>three different types of this data have been observed.
|}
|}
Save types:
Save types:
* EEPROM (various sizes, IDs specified in footer): 0x2
* 0x0: EEPROM 8k
* SRAM/FRAM (128k): 0xE
* 0x1: EEPROM 8k (?)
* Flash (512k): 0x9
* 0x2: EEPROM 64k
* 0x3: EEPROM 64k (?)
* 0x4: Flash 512k (Atmel, ID: 0x3D1F) + RTC
* 0x5: Flash 512k (Atmel, ID: 0x3D1F)
* 0x6: Flash 512k (SST, ID: 0xD4BF) + RTC
* 0x7: Flash 512k (SST, ID: 0xD4BF)
* SRAM games up to and including V111 use 0xC0. Above use 0x90.
* 0x8: Flash 512k (Panasonic, ID: 0x1B32) + RTC
* FRAM V103 uses 0xC0. V104+ don't exist, and lower versions also likely use 0xC0.
* 0x9: Flash 512k (Panasonic, ID: 0x1B32)
* Flash V124 was observed 0x90, V131 was observed 0xC0.
* 0xA: Flash 1Mbit (Macronix, ID: 0x09C2) + RTC
* EEPROM-based games vary wildly, since they can likely specify chip info in the 0x10-region of the footer.
* 0xB: Flash 1Mbit (Macronix, ID: 0x09C2)
* 0xC: Flash 1Mbit (Sanyo, ID: 0x1362) + RTC
* 0xD: Flash 1Mbit (Sanyo, ID: 0x1362)
* 0xE: SRAM/FRAM 256k
Everything above 0xE results in no save chip and nothing being saved to NAND.
===NAND Savegame===
===NAND Savegame===
AGB_FIRM saves its active save memory to NAND on exit, this is then immediately picked up by NATIVE_FIRM on reboot by checking [[CONFIG_Registers#CFG_BOOTENV|CFG_BOOTENV]]. From there, this is verified and copied out to SD. The savegame format is as follows:
AGB_FIRM saves its active save memory to NAND on exit, this is then immediately picked up by NATIVE_FIRM on reboot by checking [[CONFIG_Registers#CFG_BOOTENV|CFG_BOOTENV]]. From there, this is verified and copied out to SD (also see below). The savegame format is as follows:
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
| 0x10
| 0x10
| 0x10
| 0x10
| AES-MAC of the SHA256 hash of 0x30..0x200 + the entire save itself, keyslot 0x24, keyY from process9 .rodata
| AES-CMAC of the SHA256 hash of 0x30..0x200 + the entire save itself, keyslot 0x24, keyY from process9 .rodata
|-
|-
| 0x20
| 0x20
|-
|-
| 0x30
| 0x30
| 0x40
| 0x4
| Always 0x1?
| Always 0x1
|-
|-
| 0x34
| 0x34
| 0x4
| 0x4
| ? (observed 0x1, may change though)
| Number of times saved (unused?)
|-
|-
| 0x38
| 0x38
| 0x40
| 0x40
| 0x10
| 0x10
| eMMC CID from the console the save was made on (verified on load)
| SD card CID from the console the save was made on (verified on load)
|-
|-
| 0x50
| 0x50
| Always 0xFF
| Always 0xFF
|}
|}
===NAND Savegame on SD===
A NAND savegame copied to the SD by process9 is identical to its counterpart on the NAND partition, save for the CMAC. For SD copies on retail units, the CMAC is recalculated as the AES-CMAC of the (SHA256 hash of ("CTR-SIGN" + AGB TitleID (little endian) + SHA256 hash of ("CTR-SAV0" + SHA256 hash of (0x30..0x200 + the entire save itself)))), using keyslot 0x30 set up with the keyY from movable.sed. For SD copies on devkit units, the CMAC is recalculated using the SHA256 hash of 0x30..0x200 + the entire save itself, using a different key from process9 .rodata.