Nitro Hax

Nintendo DS cheat tool

NitroHax screen shot Nitro Hax is a cheat tool for official games running on the Nintendo DS. It supports any Action Replay DS code type with a few important additions.

Download

The latest version is 0.94. It is available here. Source is available under the GPL v3 license. Code under development is on GitHub.

How to use it

  1. Patch NitroHax.nds with a DLDI file if you need to.
  2. Copy the NitroHax.nds file to your media device.
  3. Place an Action Replay XML file on your media device.
  4. Start NitroHax.nds from your media device.
    One of the following will be loaded automatically if it is found (in order of preference): If no file is found, browse for and select a file to open.
  5. Remove your media device if you want to.
  6. Remove any card that is in Slot-1.
  7. Insert the DS game into Slot-1.
  8. Choose the cheats you want to enable.
    Some cheats are enabled by default and others may be always on. This is specified in the XML file.
    The keys are:
  9. When you are done, exit the cheat menu.
  10. The game will then start with cheats running.

Custom code types

In addition to the standard Action Replay DS code types described on EnHacklopedia's Action Replay DS page, Nitro Hax supports the following custom codes.

CF000000 00000000: Code list end

Code used internally to specify the end of the cheat code list. It does not need to be specified manually.

CF000001 xxxxxxxx: Relocate cheat engine

Relocate the cheat engine to address xxxxxxxx. The cheat engine and all data are moved to the given address, which should be accessible from the ARM7.

CF000002 xxxxxxxx: Hook address

Change the hook address to xxxxxxxx. The hook should be a function pointer that is called regularly. By default the ARM7's VBlank interrupt handler is hooked. This code overrides the default.

C100000x yyyyyyyy: Call function with arguments

Call a function with between 0 and 4 arguments. The argument list follows this code, which has the parameters:

For example, to call a function at 0x02049A48 with the three arguments r0 = 0x00000010, r1 = 0x134CBA9C, and r2 = 0x12345678, you would use:

C1000003 02049A48
00000010 134CBA9C
12345678 00000000

C200000x yyyyyyyy: Run ARM/THUMB code

Run ARM or THUMB code stored in the cheat list.

For example:

C2000000 00000010
AAAAAAAA BBBBBBBB
CCCCCCCC E12FFF1E

This will run the code AAAAAAAA BBBBBBBB CCCCCCCC in ARM mode. The E12FFF1E (bx lr) is needed at the end to return to the cheat engine.

The above instructions are based on those written by kenobi.

C4000000 xxxxxxxx: Scratch space

Provide 4 bytes of scratch space to safely store data. Sets the offset register to point to the first word of this code. Storing data at [offset+4] will save over the top of xxxxxxxx.

This is based on a Trainer Toolkit code.

C5000000 xxxxyyyy: Counter

Each time the cheat engine is executed, the counter is incremented by 1. If (counter & yyyy) == xxxx then execution status is set to true, else it is set to false.

This is based on a Trainer Toolkit code.

C6000000 xxxxxxxx: Store offset

Stores the offset register to the address xxxxxxxx.

This is based on a Trainer Toolkit code.

D400000x yyyyyyyy: Dx Data operation

Performs the operation Data = Data ? yyyyyyyy where ? is determined by x as follows:

If-type codes

For codes begining with 3-9 or A (if-type codes), the offset register can be used for address calculations. If the lowest bit of the code's address is set then the offset is added to the address. If the address is 0x00000000 then the offset is used instead.

For example, if the code 32009001 00001000 is run and the offset register is currently 0x000000AC, then:

  1. the address is taken from the first code word as 0x02009000,
  2. the offset is added (because the lowest bit of the first codeword is set to 1) to give an address of 0x020090AC,
  3. the memory at address 0x020090AC is read, and the value compared to 0x00001000 (the second codeword).
  4. Now (since the code starts with 3) if the codeword value is greater than the value read from memory, then the rest of the codes in the list will be executed, otherwise they will be skipped until the next D0000000 00000000 code is reached.

Acknowledgements