----How I analyzed GW_INSTALL.nds----
I used a modified DeSmuME and NDS Disassembler 2nd [NDSDIS2].
I executed GW_INSTALL.nds. After that, I dumped the nds firmware and compared it with a firmware which was dumped before the emulator execute GW_INSTALL.nds.
I also checked SPICNT(0x040001C0), which is used to control SPI.
----Result of the Analysis----
I found it modified the firmware.
It set 1 to bit 8-9 of SPICNT to modify the firmware.
That means it tried to access the firmware. And there are some differences between the firmware after execute GW_INSTALL.nds and the firmware before that.
I show addresses and the firmware which was modified by GW_INSTALL.nds.
0x0787A-0x07897
Code: Select all
0x07870: E9 FF 67 49 F9 E4 47 97 30 93 F8 6D BC 5D 1D BC
0x07880: AA 26 BD 8E 8D 5F BE 32 FE 5E DC 97 FF B1 A2 DC
0x07890: 4B 76 6D 6E 3F CC DC 25 97 0F 44 C5 EE 17 BD 5C
Code: Select all
0x1FE00: B9 F2 10 00 AE 2B 27 00 ED 0D DC BA 9C F1 18 00
0x1FE10: 90 B6 10 00 00 B0 FA 00 00 02 20 00 B9 F2 10 00
0x1FE20: 00 90 27 00 01 00 00 00 E1 49 15 00 38 6F 27 00
0x1FE30: AC 82 1B 00 DC D5 18 00 40 83 27 00 00 02 10 00
0x1FE40: CC 48 00 00 60 3D 14 00 B9 F2 10 00 00 90 27 00
0x1FE50: 00 00 2B 00 F9 02 10 00 F9 02 10 00 F9 02 10 00
0x1FE60: F9 02 10 00 F9 02 10 00 F9 02 10 00 E1 49 15 00
0x1FE70: 51 00 CD C2 E1 49 15 00 20 90 27 00 8C 53 10 00
0x1FE80: 00 90 00 00 58 39 1B 00 E5 04 21 00 00 DA 19 00
0x1FE90: 00 75 01 00 86 DF 21 00 00 C1 1A 00 22 DA 1D 00
0x1FEA0: 91 FE 16 00 00 01 10 00 BC 4C 14 00 00 00 2B 00
0x1FEB0: 00 90 00 00 E1 49 15 00 AC EF 22 00 88 5C 10 00
0x1FEC0: 00 00 0E 00 90 03 25 00 C0 FA 1E 00 91 FE 16 00
0x1FED0: 8C 53 10 00 24 6B 03 00 60 3D 14 00 CD 05 0E AA
0x1FE74-0x1FEDB is written at 0x9F1C-0x9F83 in GW_INSTALL.nds.
0x1FEFE-0x1FEFF
Code: Select all
0x1FEF0: DF 39 77 03 28 30 CC 79 4E 43 87 E8 F6 6C A2 31
Code: Select all
0x1FF50: 6E 00 A5 42 F2 AA 44 20 F5 94 EC 77 74 4B 46 1A
Code: Select all
0x1FF70: 52 00 A1 B6 EE 52 4D FE 54 5C 5E 5C 5A 97 92 6A
Code: Select all
0x1FFB0: BB 15 DE 97 B9 F2 10 00 00 FE 01 00 00 01 00 00
0x1FFC0: E1 49 15 00 00 94 27 00 FC 34 13 00 D0 8C 1E 00
0x1FFD0: 8C 53 10 00 9C 94 27 F0 60 3D 14 00 66 1D F8 A0
0x1FFFE-0x1FFFF
Code: Select all
0x1FFE0: A9 03 68 77 1A DA 5B E2 4F 5F 12 BE FF AC 6E 95
Code: Select all
0x233D0: 0F C1 0E CF FF AE A3 05 5D 60 B6 85 A1 AA DF 12
0x233E0: E6 EF 5F 5A BF 94 43 93 39 1E A3 D5 17 1B EB 50
0x233F0: 0D 95 D1 9B 5E 13 73 DA A0 F1 FC 62 C0 5C 96 A2
I uploaded those firmwares.
ORIG_FIRM.BIN
GW_INSTALL_FIRM.BIN
EDIT: I got DS firmware and tested again. I wrote the result.