From 7769aa9039e30b3e07c9bea54f91d2c41a2b7b32 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Sun, 15 Jan 2017 02:19:05 +0100
Subject: [PATCH 01/40] Add card id patch

---
 bootloader/source/card_patcher.c | 41 +++++++++++++++++++-------------
 1 file changed, 24 insertions(+), 17 deletions(-)

diff --git a/bootloader/source/card_patcher.c b/bootloader/source/card_patcher.c
index b9a82514e..0c15127a9 100644
--- a/bootloader/source/card_patcher.c
+++ b/bootloader/source/card_patcher.c
@@ -40,8 +40,9 @@ u32 cardReadStartSignature1[1] = {0xE92D4FF0};
 u32 a9cardReadSignature4[2]    = {0x040001A4, 0x04100010};
 u32 cardReadStartSignature4[1] = {0xE92D4070};
 
-u32 a9cardIdSignature[2]      = {0x040001A4,0x04100010};
-u32 cardIdStartSignature[1]   = {0xE92D4000};
+u32 a9cardIdSignature[3]      = {0x027FFE60,0x040001A4,0x04100010};  
+u32 cardIdStartSignature[1]   = {0xE92D4000,0xE24DD004,0xE3A0032E};   
+  
 u32 a9instructionBHI[1]       = {0x8A000001};
 u32 cardPullOutSignature1[4]   = {0xE92D4000,0xE24DD004,0xE201003F,0xE3500011};
 u32 cardPullOutSignature4[4]   = {0xE92D4008,0xE201003F,0xE3500011,0x1A00000D};
@@ -225,25 +226,27 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 	debug[0] = cardReadCachedOffset;
     dbg_printf("Card read cached found\n");	
 
-	/*	
+		
 	// Find the card id
+	u32 cardIdStartOffset = 0;
     u32 cardIdEndOffset =  
-        getOffsetA9((u32*)ndsHeader->arm9destination, ndsHeader->arm9binarySize,
+        getOffset((u32*)ndsHeader->arm9destination, ndsHeader->arm9binarySize,
               (u32*)a9cardIdSignature, 2, 1);
     if (!cardIdEndOffset) {
-        nocashMessage("Card id end not found\n");
-        return 0;
-    }	
-	debug[1] = cardIdEndOffset;	
-    u32 cardIdStartOffset =   
-        getOffsetA9((u32*)cardIdEndOffset, -0x100,
-              (u32*)cardIdStartSignature, 1, -1);
-    if (!cardIdStartOffset) {
-        nocashMessage("Card id start not found\n");
-        return 0;
-    }
-	debug[0] = cardIdStartOffset;
-    nocashMessage("Card id found\n");	*/		
+        dbg_printf("Card id end not found\n");
+    } else {
+		debug[1] = cardIdEndOffset;	
+		cardIdStartOffset =   
+			getOffset((u32*)cardIdEndOffset, -0x100,
+				  (u32*)cardIdStartSignature, 1, -1);
+		if (!cardIdStartOffset) {
+			dbg_printf("Card id start not found\n");
+		} else {
+			debug[0] = cardIdStartOffset;
+			dbg_printf("Card id found\n");	
+		}
+	}	
+
 	
 	/*u32 arenaLoOffset =   
         getOffsetA9((u32*)ndsHeader->arm9destination, 0x00300000,//, ndsHeader->arm9binarySize,
@@ -309,6 +312,10 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 	copyLoop ((u32*)cardReadStartOffset, cardReadPatch, 0xF0);		
 
 	copyLoop ((u32*)cardPullOutOffset, cardPullOutPatch, 0x5C);	
+	
+	if (cardIdStartOffset) {
+		copyLoop ((u32*)cardIdStartOffset, cardPullOutPatch, 0x4);	
+	}
 
 	dbg_printf("ERR_NONE");
 	return 0;

From e1171953cb3968baa2482beb9fc999c8e8f8aa71 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Sun, 15 Jan 2017 03:27:30 +0100
Subject: [PATCH 02/40] Add DSI WRAM setup

---
 arm7/source/main.c   | 16 ++++++++++++++++
 arm9/source/main.cpp | 15 +++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/arm7/source/main.c b/arm7/source/main.c
index e9c4eea1c..cf522befd 100644
--- a/arm7/source/main.c
+++ b/arm7/source/main.c
@@ -82,10 +82,26 @@ static u32 quickFind (const unsigned char* data, const unsigned char* search, u3
 
 static const unsigned char dldiMagicString[] = "\xED\xA5\x8D\xBF Chishm";	// Normal DLDI file
 
+void initMBK() {
+	// default dsiware settings
+	REG_MBK_1=0x8185898D;
+	REG_MBK_2=0x8084888C;
+	REG_MBK_3=0x9094989C;
+	REG_MBK_4=0x8084888C;
+	REG_MBK_5=0x9094989C;
+	REG_MBK_6=0x07F037C0;
+	//REG_MBK_6=0x080037C0;
+	REG_MBK_7=0x07C03740;
+	REG_MBK_8=0x07403700;
+	REG_MBK_9=0x3000000F;
+}
+
 //---------------------------------------------------------------------------------
 int main(void) {
 //---------------------------------------------------------------------------------
 	
+	initMBK();
+	
 	// Find the DLDI reserved space in the file
 	u32 patchOffset = quickFind (__NDSHeader->arm9destination, dldiMagicString, __NDSHeader->arm9binarySize, sizeof(dldiMagicString));
 	wordCommandAddr = (u32 *) (((u32)__NDSHeader->arm9destination)+patchOffset+0x80);
diff --git a/arm9/source/main.cpp b/arm9/source/main.cpp
index 2b7c9f383..10ba6f0aa 100644
--- a/arm9/source/main.cpp
+++ b/arm9/source/main.cpp
@@ -134,8 +134,23 @@ static void myFIFOValue32Handler(u32 value,void* data)
 	dbg_printf( "ARM7 data %x\n", value );
 }
 
+
+void initMBK() {
+	// default dsiware settings
+	REG_MBK_1=0x8185898D;
+	REG_MBK_2=0x8084888C;
+	REG_MBK_3=0x9094989C;
+	REG_MBK_4=0x8084888C;
+	REG_MBK_5=0x9094989C;
+	REG_MBK_6=0x00000000;
+	REG_MBK_7=0x07C03740;
+	REG_MBK_8=0x07403700; 
+}
+
 int main( int argc, char **argv) {
 
+	initMBK();
+
 	bool ntrMode = false;
 
 	// No! broke no$gba compatibility

From 5ea841843852497487ff3389c61335b72055dc68 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Sun, 15 Jan 2017 21:50:29 +0100
Subject: [PATCH 03/40] alternate save patches for some games

---
 bootloader/source/card_patcher.c | 213 +++++++++++++++++++++----------
 cardengine/source/cardEngine.c   |  16 ++-
 2 files changed, 153 insertions(+), 76 deletions(-)

diff --git a/bootloader/source/card_patcher.c b/bootloader/source/card_patcher.c
index 0c15127a9..e559de694 100644
--- a/bootloader/source/card_patcher.c
+++ b/bootloader/source/card_patcher.c
@@ -475,79 +475,154 @@ u32 savePatchV2 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
 	u32 srcAddr;
 	
 	u32* eepromProtect = (u32*) (JumpTableFunc + 0xE0);
-    dbg_printf("Eeprom protect:\t");
-	dbg_hexa(eepromProtect);
-	dbg_printf("\n");	
-	srcAddr = JumpTableFunc + 0xE0 - vAddrOfRelocSrc + relocDestAtSharedMem ;
-	u32 patchProtect = generateA7Instr(srcAddr,
-        arm7Function[0] );
-	*eepromProtect=patchProtect; 
-	
-	u32* cardId = (u32*) (JumpTableFunc + 0xE8);
-	dbg_printf("Card id:\t");
-	dbg_hexa(cardId);
-	dbg_printf("\n");
-	srcAddr = JumpTableFunc + 0xE8 - vAddrOfRelocSrc + relocDestAtSharedMem ;
-	u32 patchCardId = generateA7Instr(srcAddr,
-        arm7Function[7]);
-	*cardId=patchCardId;
-	
 	u32* cardRead = (u32*) (JumpTableFunc + 0x108);
-	dbg_printf("Card  read:\t");
-	dbg_hexa(cardRead);
-	dbg_printf("\n");
-	srcAddr =  JumpTableFunc + 0x108 - vAddrOfRelocSrc + relocDestAtSharedMem ;
-	u32 patchCardRead = generateA7Instr(srcAddr,
-        arm7Function[6]);
-	*cardRead=patchCardRead;
-	
-	u32* eepromRead = (u32*) (JumpTableFunc + 0x120);
-	dbg_printf("Eeprom read:\t");
-	dbg_hexa(eepromRead);
-	dbg_printf("\n");
-	srcAddr = JumpTableFunc + 0x120  - vAddrOfRelocSrc + relocDestAtSharedMem ;
-	u32 patchRead = generateA7Instr(srcAddr,
-        arm7Function[5]);
-	*eepromRead=patchRead;
-	
-	u32* eepromPageWrite = (u32*) (JumpTableFunc + 0x138);
-	dbg_printf("Eeprom page write:\t");
-	dbg_hexa(eepromPageWrite);
-	dbg_printf("\n");
-	srcAddr = JumpTableFunc + 0x138 - vAddrOfRelocSrc + relocDestAtSharedMem ;
-	u32 patchWrite = generateA7Instr(srcAddr,
-        arm7Function[3]);
-	*eepromPageWrite=patchWrite;
-	
-	u32* eepromPageProg = (u32*) (JumpTableFunc + 0x150);
-	dbg_printf("Eeprom page prog:\t");
-	dbg_hexa(eepromPageProg);
-	dbg_printf("\n");
-	srcAddr = JumpTableFunc + 0x150 - vAddrOfRelocSrc + relocDestAtSharedMem ;
-	u32 patchProg = generateA7Instr(srcAddr,
-        arm7Function[4]);
-	*eepromPageProg=patchProg;
-	
-	u32* eepromPageVerify = (u32*) (JumpTableFunc + 0x168);
-	dbg_printf("Eeprom verify:\t");
-	dbg_hexa(eepromPageVerify);
-	dbg_printf("\n");	
-	srcAddr =  JumpTableFunc + 0x168 - vAddrOfRelocSrc + relocDestAtSharedMem ;
-	u32 patchVerify = generateA7Instr(srcAddr,
-        arm7Function[2]);
-	*eepromPageVerify=patchVerify;	
+	if(*eepromProtect & 0xFF000000 == 0xEB000000 && *cardRead & 0xFF000000 == 0xEB000000) {
+		dbg_printf("Eeprom protect:\t");
+		dbg_hexa(eepromProtect);
+		dbg_printf("\n");	
+		srcAddr = JumpTableFunc + 0xE0 - vAddrOfRelocSrc + relocDestAtSharedMem ;
+		u32 patchProtect = generateA7Instr(srcAddr,
+			arm7Function[0] );
+		*eepromProtect=patchProtect; 
+		
+		u32* cardId = (u32*) (JumpTableFunc + 0xE8);
+		dbg_printf("Card id:\t");
+		dbg_hexa(cardId);
+		dbg_printf("\n");
+		srcAddr = JumpTableFunc + 0xE8 - vAddrOfRelocSrc + relocDestAtSharedMem ;
+		u32 patchCardId = generateA7Instr(srcAddr,
+			arm7Function[7]);
+		*cardId=patchCardId;		
+		
+		dbg_printf("Card  read:\t");
+		dbg_hexa(cardRead);
+		dbg_printf("\n");
+		srcAddr =  JumpTableFunc + 0x108 - vAddrOfRelocSrc + relocDestAtSharedMem ;
+		u32 patchCardRead = generateA7Instr(srcAddr,
+			arm7Function[6]);
+		*cardRead=patchCardRead;
+		
+		u32* eepromRead = (u32*) (JumpTableFunc + 0x120);
+		dbg_printf("Eeprom read:\t");
+		dbg_hexa(eepromRead);
+		dbg_printf("\n");
+		srcAddr = JumpTableFunc + 0x120  - vAddrOfRelocSrc + relocDestAtSharedMem ;
+		u32 patchRead = generateA7Instr(srcAddr,
+			arm7Function[5]);
+		*eepromRead=patchRead;
+		
+		u32* eepromPageWrite = (u32*) (JumpTableFunc + 0x138);
+		dbg_printf("Eeprom page write:\t");
+		dbg_hexa(eepromPageWrite);
+		dbg_printf("\n");
+		srcAddr = JumpTableFunc + 0x138 - vAddrOfRelocSrc + relocDestAtSharedMem ;
+		u32 patchWrite = generateA7Instr(srcAddr,
+			arm7Function[3]);
+		*eepromPageWrite=patchWrite;
+		
+		u32* eepromPageProg = (u32*) (JumpTableFunc + 0x150);
+		dbg_printf("Eeprom page prog:\t");
+		dbg_hexa(eepromPageProg);
+		dbg_printf("\n");
+		srcAddr = JumpTableFunc + 0x150 - vAddrOfRelocSrc + relocDestAtSharedMem ;
+		u32 patchProg = generateA7Instr(srcAddr,
+			arm7Function[4]);
+		*eepromPageProg=patchProg;
+		
+		u32* eepromPageVerify = (u32*) (JumpTableFunc + 0x168);
+		dbg_printf("Eeprom verify:\t");
+		dbg_hexa(eepromPageVerify);
+		dbg_printf("\n");	
+		srcAddr =  JumpTableFunc + 0x168 - vAddrOfRelocSrc + relocDestAtSharedMem ;
+		u32 patchVerify = generateA7Instr(srcAddr,
+			arm7Function[2]);
+		*eepromPageVerify=patchVerify;	
 
+			
+		u32* eepromPageErase = (u32*) (JumpTableFunc + 0x178);
+		dbg_printf("Eeprom page erase:\t");
+		dbg_hexa(eepromPageErase);
+		dbg_printf("\n");	
+		srcAddr = JumpTableFunc + 0x178 - vAddrOfRelocSrc + relocDestAtSharedMem ;
+		u32 patchErase = generateA7Instr(srcAddr,
+			arm7Function[1]);
+		*eepromPageErase=patchErase; 
+
+		arm7Function[8] = saveFileCluster;
+	} else {
+		dbg_printf("[Warning] Eeprom protect not found \n");
+		cardRead = (u32*) (JumpTableFunc + 0x100);
 		
-	u32* eepromPageErase = (u32*) (JumpTableFunc + 0x178);
-    dbg_printf("Eeprom page erase:\t");
-	dbg_hexa(eepromPageErase);
-	dbg_printf("\n");	
-	srcAddr = JumpTableFunc + 0x178 - vAddrOfRelocSrc + relocDestAtSharedMem ;
-	u32 patchErase = generateA7Instr(srcAddr,
-        arm7Function[1]);
-	*eepromPageErase=patchErase; 
+		if(*cardRead & 0xFF000000 == 0xEB000000) {
+			dbg_printf("[Error] CardRead not found:\n");
+			return 1;
+		}
+		
+		u32* cardId = (u32*) (JumpTableFunc + 0xE0);
+		dbg_printf("Card id:\t");
+		dbg_hexa(cardId);
+		dbg_printf("\n");
+		srcAddr = JumpTableFunc + 0xE0 - vAddrOfRelocSrc + relocDestAtSharedMem ;
+		u32 patchCardId = generateA7Instr(srcAddr,
+			arm7Function[7]);
+		*cardId=patchCardId;
+		
+		dbg_printf("Card  read:\t");
+		dbg_hexa(cardRead);
+		dbg_printf("\n");
+		srcAddr =  JumpTableFunc + 0x100 - vAddrOfRelocSrc + relocDestAtSharedMem ;
+		u32 patchCardRead = generateA7Instr(srcAddr,
+			arm7Function[6]);
+		*cardRead=patchCardRead;
+		
+		u32* eepromRead = (u32*) (JumpTableFunc + 0x118);
+		dbg_printf("Eeprom read:\t");
+		dbg_hexa(eepromRead);
+		dbg_printf("\n");
+		srcAddr = JumpTableFunc + 0x118  - vAddrOfRelocSrc + relocDestAtSharedMem ;
+		u32 patchRead = generateA7Instr(srcAddr,
+			arm7Function[5]);
+		*eepromRead=patchRead;
+		
+		u32* eepromPageWrite = (u32*) (JumpTableFunc + 0x130);
+		dbg_printf("Eeprom page write:\t");
+		dbg_hexa(eepromPageWrite);
+		dbg_printf("\n");
+		srcAddr = JumpTableFunc + 0x130 - vAddrOfRelocSrc + relocDestAtSharedMem ;
+		u32 patchWrite = generateA7Instr(srcAddr,
+			arm7Function[3]);
+		*eepromPageWrite=patchWrite;
+		
+		u32* eepromPageProg = (u32*) (JumpTableFunc + 0x148);
+		dbg_printf("Eeprom page prog:\t");
+		dbg_hexa(eepromPageProg);
+		dbg_printf("\n");
+		srcAddr = JumpTableFunc + 0x148 - vAddrOfRelocSrc + relocDestAtSharedMem ;
+		u32 patchProg = generateA7Instr(srcAddr,
+			arm7Function[4]);
+		*eepromPageProg=patchProg;
+		
+		u32* eepromPageVerify = (u32*) (JumpTableFunc + 0x160);
+		dbg_printf("Eeprom verify:\t");
+		dbg_hexa(eepromPageVerify);
+		dbg_printf("\n");	
+		srcAddr =  JumpTableFunc + 0x160 - vAddrOfRelocSrc + relocDestAtSharedMem ;
+		u32 patchVerify = generateA7Instr(srcAddr,
+			arm7Function[2]);
+		*eepromPageVerify=patchVerify;	
 
-	arm7Function[8] = saveFileCluster;
+			
+		u32* eepromPageErase = (u32*) (JumpTableFunc + 0x170);
+		dbg_printf("Eeprom page erase:\t");
+		dbg_hexa(eepromPageErase);
+		dbg_printf("\n");	
+		srcAddr = JumpTableFunc + 0x170 - vAddrOfRelocSrc + relocDestAtSharedMem ;
+		u32 patchErase = generateA7Instr(srcAddr,
+			arm7Function[1]);
+		*eepromPageErase=patchErase; 
+
+		arm7Function[8] = saveFileCluster;
+	}    
 	
 	return 0;
 }
diff --git a/cardengine/source/cardEngine.c b/cardengine/source/cardEngine.c
index 3c6ba4154..59ff4111f 100644
--- a/cardengine/source/cardEngine.c
+++ b/cardengine/source/cardEngine.c
@@ -201,13 +201,13 @@ void irqIPCSYNCEnable() {
 // ARM7 Redirected function
 
 bool eepromProtect (void) {
-	dbg_printf("\neepromProtect\n");	
+	dbg_printf("\narm7 eepromProtect\n");	
 	
 	return true;
 }
 
 bool eepromRead (u32 src, void *dst, u32 len) {
-	dbg_printf("\neepromRead\n");	
+	dbg_printf("\narm7 eepromRead\n");	
 	
 	dbg_printf("\nsrc : \n");
 	dbg_hexa(src);		
@@ -220,7 +220,7 @@ bool eepromRead (u32 src, void *dst, u32 len) {
 }
 
 bool eepromPageWrite (u32 dst, const void *src, u32 len) {
-	dbg_printf("\neepromPageWrite\n");	
+	dbg_printf("\narm7 eepromPageWrite\n");	
 	
 	dbg_printf("\nsrc : \n");
 	dbg_hexa(src);		
@@ -235,7 +235,7 @@ bool eepromPageWrite (u32 dst, const void *src, u32 len) {
 }
 
 bool eepromPageProg (u32 dst, const void *src, u32 len) {
-	dbg_printf("\neepromPageProg\n");	
+	dbg_printf("\narm7 eepromPageProg\n");	
 	
 	dbg_printf("\nsrc : \n");
 	dbg_hexa(src);		
@@ -250,7 +250,7 @@ bool eepromPageProg (u32 dst, const void *src, u32 len) {
 }
 
 bool eepromPageVerify (u32 dst, const void *src, u32 len) {
-	dbg_printf("\neepromPageVerify\n");	
+	dbg_printf("\narm7 eepromPageVerify\n");	
 	
 	dbg_printf("\nsrc : \n");
 	dbg_hexa(src);		
@@ -264,7 +264,7 @@ bool eepromPageVerify (u32 dst, const void *src, u32 len) {
 }
 
 bool eepromPageErase (u32 dst) {
-	dbg_printf("\eepromPageErase\n");	
+	dbg_printf("\narm7 eepromPageErase\n");	
 	
 	return true;
 }
@@ -276,8 +276,10 @@ u32 cardId (void) {
 }
 
 bool cardRead (u32 dma,  u32 src, void *dst, u32 len) {
-	dbg_printf("\cardRead\n");	
+	dbg_printf("\narm7 cardRead\n");	
 	
+	dbg_printf("\ndma : \n");
+	dbg_hexa(dma);		
 	dbg_printf("\nsrc : \n");
 	dbg_hexa(src);		
 	dbg_printf("\ndst : \n");

From be119ef6e5183022040d83ea0afc7aed8656dccf Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Sun, 15 Jan 2017 21:58:15 +0100
Subject: [PATCH 04/40] fix bug

---
 bootloader/source/card_patcher.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/bootloader/source/card_patcher.c b/bootloader/source/card_patcher.c
index e559de694..bbd803ce6 100644
--- a/bootloader/source/card_patcher.c
+++ b/bootloader/source/card_patcher.c
@@ -476,7 +476,8 @@ u32 savePatchV2 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
 	
 	u32* eepromProtect = (u32*) (JumpTableFunc + 0xE0);
 	u32* cardRead = (u32*) (JumpTableFunc + 0x108);
-	if(*eepromProtect & 0xFF000000 == 0xEB000000 && *cardRead & 0xFF000000 == 0xEB000000) {
+	if((((*eepromProtect) & 0xFF000000) == 0xEB000000) 
+		&& (((*cardRead) & 0xFF000000) == 0xEB000000)) {
 		dbg_printf("Eeprom protect:\t");
 		dbg_hexa(eepromProtect);
 		dbg_printf("\n");	
@@ -553,7 +554,7 @@ u32 savePatchV2 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
 		dbg_printf("[Warning] Eeprom protect not found \n");
 		cardRead = (u32*) (JumpTableFunc + 0x100);
 		
-		if(*cardRead & 0xFF000000 == 0xEB000000) {
+		if(((*cardRead) & 0xFF000000) == 0xEB000000) {
 			dbg_printf("[Error] CardRead not found:\n");
 			return 1;
 		}

From 4f10f52242c9f33484477391d4cba34df6079f79 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Sun, 15 Jan 2017 22:23:06 +0100
Subject: [PATCH 05/40] Fix bug

---
 bootloader/source/card_patcher.c | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/bootloader/source/card_patcher.c b/bootloader/source/card_patcher.c
index bbd803ce6..b83f7bfd8 100644
--- a/bootloader/source/card_patcher.c
+++ b/bootloader/source/card_patcher.c
@@ -193,9 +193,10 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
     if (!cardReadStartOffset) {
         dbg_printf("Card read start not found\n");
         return 0;
-    }
-	debug[0] = cardReadStartOffset;
-    dbg_printf("Card read found\n");	
+    }	
+	dbg_printf("Arm9 Card read:\t");
+	dbg_hexa(cardReadStartOffset);
+	dbg_printf("\n");
 
 	u32 cardPullOutOffset =   
         getOffset((u32*)ndsHeader->arm9destination, 0x00300000,//, ndsHeader->arm9binarySize,
@@ -204,8 +205,9 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
         dbg_printf("Card pull out handler not found\n");
         return 0;
     }
-	debug[0] = cardPullOutOffset;
-    dbg_printf("Card pull out handler found\n");
+	dbg_printf("Card pull out handler:\t");
+	dbg_hexa(cardPullOutOffset);
+	dbg_printf("\n");
 	
 	
     u32 cardReadCachedEndOffset =  
@@ -223,9 +225,9 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
         dbg_printf("Card read cached start not found\n");
         return 0;
     }
-	debug[0] = cardReadCachedOffset;
-    dbg_printf("Card read cached found\n");	
-
+	dbg_printf("Card read cached :\t");
+	dbg_hexa(cardReadCachedOffset);
+	dbg_printf("\n");
 		
 	// Find the card id
 	u32 cardIdStartOffset = 0;
@@ -242,8 +244,9 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 		if (!cardIdStartOffset) {
 			dbg_printf("Card id start not found\n");
 		} else {
-			debug[0] = cardIdStartOffset;
-			dbg_printf("Card id found\n");	
+			dbg_printf("Card id :\t");
+			dbg_hexa(cardIdStartOffset);
+			dbg_printf("\n");
 		}
 	}	
 
@@ -554,8 +557,10 @@ u32 savePatchV2 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
 		dbg_printf("[Warning] Eeprom protect not found \n");
 		cardRead = (u32*) (JumpTableFunc + 0x100);
 		
-		if(((*cardRead) & 0xFF000000) == 0xEB000000) {
+		if(((*cardRead) & 0xFF000000) != 0xEB000000) {
 			dbg_printf("[Error] CardRead not found:\n");
+			dbg_hexa(cardRead);
+			dbg_printf("\n");
 			return 1;
 		}
 		

From 5186dc6f8d1e1e665f1dbc42e79f5f8b04e1ee1a Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Tue, 17 Jan 2017 00:26:46 +0100
Subject: [PATCH 06/40] mpu reconfiguration code

---
 bootloader/source/card_patcher.c | 111 ++++++++++++++++++++++---------
 bootloader/source/card_patcher.h |  22 ++++++
 2 files changed, 101 insertions(+), 32 deletions(-)

diff --git a/bootloader/source/card_patcher.c b/bootloader/source/card_patcher.c
index b83f7bfd8..6acd26a09 100644
--- a/bootloader/source/card_patcher.c
+++ b/bootloader/source/card_patcher.c
@@ -62,6 +62,12 @@ u32 irqEnableStartSignature4[4] = {0xE92D4010, 0xE1A04000, 0xEBFFFFF6, 0xE59FC02
 
 u32 arenaLowSignature[4] = {0xE1A00100,0xE2800627,0xE2800AFF,0xE5801DA0};  
 
+u32 mpuInitSignature[1] = {0xEE060F12};
+// sdk < 3 version
+u32 mpuInitData1[1] = {0x27C0023};
+// sdk >= 3 version
+u32 mpuInitData3[1] = {0x27E0021};
+
 //
 // Look in @data for @find and return the position of it.
 //
@@ -168,8 +174,10 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 	u32* cardPullOutSignature = cardPullOutSignature1;
 	u32* cardReadCachedStartSignature = cardReadCachedStartSignature1;
 	u32* cardReadCachedEndSignature = cardReadCachedEndSignature1;
+	u32* mpuInitData = mpuInitData1;
 	if(moduleParams->sdk_version > 0x3000000 && moduleParams->sdk_version < 0x4000000) {
 		cardReadCachedEndSignature = cardReadCachedEndSignature3;
+		mpuInitData = mpuInitData3;
 	} else if(moduleParams->sdk_version > 0x4000000) {
 		a9cardReadSignature = a9cardReadSignature4;
 		cardReadStartSignature = cardReadStartSignature4;
@@ -249,7 +257,47 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 			dbg_printf("\n");
 		}
 	}	
-
+	
+	// Find the mpu init
+	u32* mpuDataOffset = 0;
+    u32 mpuStartOffset =  
+        getOffset((u32*)ndsHeader->arm9destination, ndsHeader->arm9binarySize,
+              (u32*)mpuInitSignature, 1, 1);
+    if (!mpuStartOffset) {
+        dbg_printf("Mpu init not found\n");
+    } else {
+		mpuDataOffset =   
+			getOffset((u32*)mpuStartOffset, 0x100,
+				  (u32*)mpuInitData, 1, 1);
+		if (!mpuDataOffset) {
+			dbg_printf("Mpu data not found\n");
+		} else {
+			dbg_printf("Mpu data :\t");
+			dbg_hexa((u32)mpuDataOffset);
+			dbg_printf("\n");
+		}
+	}	
+	
+	/*if(mpuDataOffset) {
+		// change the region 2 configuration
+		*mpuDataOffset = PAGE_8M  | 0x03000000 | 1;	
+		// change intruction access
+		mpuDataOffset[7] = 0x5100111;	
+		// change data access
+		mpuDataOffset[8] = 0x15111111;	
+	}*/
+		
+	// patch out all further mpu reconfiguration	
+	/*while(mpuStartOffset) {
+		mpuStartOffset = getOffset(mpuStartOffset+4, ndsHeader->arm9binarySize,
+              (u32*)mpuInitSignature, 1, 1);
+		if(mpuStartOffset) {
+			dbg_printf("Mpu init :\t");
+			dbg_hexa(mpuStartOffset);
+			dbg_printf("\n");
+			*((u32*)mpuStartOffset) = 0xE3A00000 ;
+		}
+	}	*/
 	
 	/*u32 arenaLoOffset =   
         getOffsetA9((u32*)ndsHeader->arm9destination, 0x00300000,//, ndsHeader->arm9binarySize,
@@ -266,15 +314,15 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 			
 		u32* oldArenaLow = (u32*) *((u32*)arenaLoOffset);
 		
-		//*((u32*)arenaLoOffset) = *((u32*)arenaLoOffset) + 0x800; // shrink heap by 8 kb
-		//*(vu32*)(0x027FFDA0) = *((u32*)arenaLoOffset);	
+		// *((u32*)arenaLoOffset) = *((u32*)arenaLoOffset) + 0x800; // shrink heap by 8 kb
+		// *(vu32*)(0x027FFDA0) = *((u32*)arenaLoOffset);	
 		debug[12] = *((u32*)arenaLoOffset);
 
 		u32 arenaLo2Offset =   
 			getOffsetA9((u32*)ndsHeader->arm9destination, 0x00100000,//, ndsHeader->arm9binarySize,
 				  oldArenaLow, 1, 1);	
 		
-		//*((u32*)arenaLo2Offset) = *((u32*)arenaLo2Offset) + 0x800; // shrink heap by 8 kb
+		// *((u32*)arenaLo2Offset) = *((u32*)arenaLo2Offset) + 0x800; // shrink heap by 8 kb
 			
 		debug[13] = arenaLo2Offset;
 	}*/
@@ -304,8 +352,7 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 	*((u32*)patches[5]) = ((u32*)*card_struct)+6;	
 	if(moduleParams->sdk_version > 0x3000000) {
 		*((u32*)patches[5]) = ((u32*)*card_struct)+7;	
-	}
-	
+	}	
 	
 	*((u32*)patches[7]) = cardPullOutOffset+4;
 	*((u32*)patches[8]) = cardReadCachedOffset;
@@ -453,7 +500,7 @@ u32 savePatchV2 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
     u32 amal_8CBC = returned_A0_with_MKDS;
 	
 	dbg_printf("amal_8CBC: ");
-	dbg_hexa(amal_8CBC);
+	dbg_hexa((u32)amal_8CBC);
 	dbg_printf("\n");
 
     // no, no idea what this is yet
@@ -470,7 +517,7 @@ u32 savePatchV2 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
         + 8);
 		
 	dbg_printf("aFinalLocation: ");
-	dbg_hexa(aFinalLocation);
+	dbg_hexa((u32)aFinalLocation);
 	dbg_printf("\n");
 	
 	u32* patches =  (u32*) cardEngineLocation[0];
@@ -482,7 +529,7 @@ u32 savePatchV2 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
 	if((((*eepromProtect) & 0xFF000000) == 0xEB000000) 
 		&& (((*cardRead) & 0xFF000000) == 0xEB000000)) {
 		dbg_printf("Eeprom protect:\t");
-		dbg_hexa(eepromProtect);
+		dbg_hexa((u32)eepromProtect);
 		dbg_printf("\n");	
 		srcAddr = JumpTableFunc + 0xE0 - vAddrOfRelocSrc + relocDestAtSharedMem ;
 		u32 patchProtect = generateA7Instr(srcAddr,
@@ -491,7 +538,7 @@ u32 savePatchV2 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
 		
 		u32* cardId = (u32*) (JumpTableFunc + 0xE8);
 		dbg_printf("Card id:\t");
-		dbg_hexa(cardId);
+		dbg_hexa((u32)cardId);
 		dbg_printf("\n");
 		srcAddr = JumpTableFunc + 0xE8 - vAddrOfRelocSrc + relocDestAtSharedMem ;
 		u32 patchCardId = generateA7Instr(srcAddr,
@@ -499,7 +546,7 @@ u32 savePatchV2 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
 		*cardId=patchCardId;		
 		
 		dbg_printf("Card  read:\t");
-		dbg_hexa(cardRead);
+		dbg_hexa((u32)cardRead);
 		dbg_printf("\n");
 		srcAddr =  JumpTableFunc + 0x108 - vAddrOfRelocSrc + relocDestAtSharedMem ;
 		u32 patchCardRead = generateA7Instr(srcAddr,
@@ -508,7 +555,7 @@ u32 savePatchV2 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
 		
 		u32* eepromRead = (u32*) (JumpTableFunc + 0x120);
 		dbg_printf("Eeprom read:\t");
-		dbg_hexa(eepromRead);
+		dbg_hexa((u32)eepromRead);
 		dbg_printf("\n");
 		srcAddr = JumpTableFunc + 0x120  - vAddrOfRelocSrc + relocDestAtSharedMem ;
 		u32 patchRead = generateA7Instr(srcAddr,
@@ -517,7 +564,7 @@ u32 savePatchV2 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
 		
 		u32* eepromPageWrite = (u32*) (JumpTableFunc + 0x138);
 		dbg_printf("Eeprom page write:\t");
-		dbg_hexa(eepromPageWrite);
+		dbg_hexa((u32)eepromPageWrite);
 		dbg_printf("\n");
 		srcAddr = JumpTableFunc + 0x138 - vAddrOfRelocSrc + relocDestAtSharedMem ;
 		u32 patchWrite = generateA7Instr(srcAddr,
@@ -526,7 +573,7 @@ u32 savePatchV2 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
 		
 		u32* eepromPageProg = (u32*) (JumpTableFunc + 0x150);
 		dbg_printf("Eeprom page prog:\t");
-		dbg_hexa(eepromPageProg);
+		dbg_hexa((u32)eepromPageProg);
 		dbg_printf("\n");
 		srcAddr = JumpTableFunc + 0x150 - vAddrOfRelocSrc + relocDestAtSharedMem ;
 		u32 patchProg = generateA7Instr(srcAddr,
@@ -535,7 +582,7 @@ u32 savePatchV2 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
 		
 		u32* eepromPageVerify = (u32*) (JumpTableFunc + 0x168);
 		dbg_printf("Eeprom verify:\t");
-		dbg_hexa(eepromPageVerify);
+		dbg_hexa((u32)eepromPageVerify);
 		dbg_printf("\n");	
 		srcAddr =  JumpTableFunc + 0x168 - vAddrOfRelocSrc + relocDestAtSharedMem ;
 		u32 patchVerify = generateA7Instr(srcAddr,
@@ -545,7 +592,7 @@ u32 savePatchV2 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
 			
 		u32* eepromPageErase = (u32*) (JumpTableFunc + 0x178);
 		dbg_printf("Eeprom page erase:\t");
-		dbg_hexa(eepromPageErase);
+		dbg_hexa((u32)eepromPageErase);
 		dbg_printf("\n");	
 		srcAddr = JumpTableFunc + 0x178 - vAddrOfRelocSrc + relocDestAtSharedMem ;
 		u32 patchErase = generateA7Instr(srcAddr,
@@ -559,14 +606,14 @@ u32 savePatchV2 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
 		
 		if(((*cardRead) & 0xFF000000) != 0xEB000000) {
 			dbg_printf("[Error] CardRead not found:\n");
-			dbg_hexa(cardRead);
+			dbg_hexa((u32)cardRead);
 			dbg_printf("\n");
 			return 1;
 		}
 		
 		u32* cardId = (u32*) (JumpTableFunc + 0xE0);
 		dbg_printf("Card id:\t");
-		dbg_hexa(cardId);
+		dbg_hexa((u32)cardId);
 		dbg_printf("\n");
 		srcAddr = JumpTableFunc + 0xE0 - vAddrOfRelocSrc + relocDestAtSharedMem ;
 		u32 patchCardId = generateA7Instr(srcAddr,
@@ -574,7 +621,7 @@ u32 savePatchV2 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
 		*cardId=patchCardId;
 		
 		dbg_printf("Card  read:\t");
-		dbg_hexa(cardRead);
+		dbg_hexa((u32)cardRead);
 		dbg_printf("\n");
 		srcAddr =  JumpTableFunc + 0x100 - vAddrOfRelocSrc + relocDestAtSharedMem ;
 		u32 patchCardRead = generateA7Instr(srcAddr,
@@ -583,7 +630,7 @@ u32 savePatchV2 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
 		
 		u32* eepromRead = (u32*) (JumpTableFunc + 0x118);
 		dbg_printf("Eeprom read:\t");
-		dbg_hexa(eepromRead);
+		dbg_hexa((u32)eepromRead);
 		dbg_printf("\n");
 		srcAddr = JumpTableFunc + 0x118  - vAddrOfRelocSrc + relocDestAtSharedMem ;
 		u32 patchRead = generateA7Instr(srcAddr,
@@ -592,7 +639,7 @@ u32 savePatchV2 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
 		
 		u32* eepromPageWrite = (u32*) (JumpTableFunc + 0x130);
 		dbg_printf("Eeprom page write:\t");
-		dbg_hexa(eepromPageWrite);
+		dbg_hexa((u32)eepromPageWrite);
 		dbg_printf("\n");
 		srcAddr = JumpTableFunc + 0x130 - vAddrOfRelocSrc + relocDestAtSharedMem ;
 		u32 patchWrite = generateA7Instr(srcAddr,
@@ -601,7 +648,7 @@ u32 savePatchV2 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
 		
 		u32* eepromPageProg = (u32*) (JumpTableFunc + 0x148);
 		dbg_printf("Eeprom page prog:\t");
-		dbg_hexa(eepromPageProg);
+		dbg_hexa((u32)eepromPageProg);
 		dbg_printf("\n");
 		srcAddr = JumpTableFunc + 0x148 - vAddrOfRelocSrc + relocDestAtSharedMem ;
 		u32 patchProg = generateA7Instr(srcAddr,
@@ -610,7 +657,7 @@ u32 savePatchV2 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
 		
 		u32* eepromPageVerify = (u32*) (JumpTableFunc + 0x160);
 		dbg_printf("Eeprom verify:\t");
-		dbg_hexa(eepromPageVerify);
+		dbg_hexa((u32)eepromPageVerify);
 		dbg_printf("\n");	
 		srcAddr =  JumpTableFunc + 0x160 - vAddrOfRelocSrc + relocDestAtSharedMem ;
 		u32 patchVerify = generateA7Instr(srcAddr,
@@ -620,7 +667,7 @@ u32 savePatchV2 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
 			
 		u32* eepromPageErase = (u32*) (JumpTableFunc + 0x170);
 		dbg_printf("Eeprom page erase:\t");
-		dbg_hexa(eepromPageErase);
+		dbg_hexa((u32)eepromPageErase);
 		dbg_printf("\n");	
 		srcAddr = JumpTableFunc + 0x170 - vAddrOfRelocSrc + relocDestAtSharedMem ;
 		u32 patchErase = generateA7Instr(srcAddr,
@@ -764,44 +811,44 @@ u32 savePatchV1 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
 	
 	u32* eepromPageErase = (u32*) (JumpTableFunc + 0x10);
     dbg_printf("Eeprom page erase:\t");
-	dbg_hexa(eepromPageErase);
+	dbg_hexa((u32)eepromPageErase);
 	dbg_printf("\n");	
 	*eepromPageErase=arm7Function[1];
 		
 	u32* eepromPageVerify = (u32*) (JumpTableFunc + 0x2C);
 	dbg_printf("Eeprom verify:\t");
-	dbg_hexa(eepromPageVerify);
+	dbg_hexa((u32)eepromPageVerify);
 	dbg_printf("\n");	
 	*eepromPageVerify=arm7Function[2];
 		
 	u32* eepromPageWrite = (u32*) (JumpTableFunc + 0x48);
 	dbg_printf("Eeprom page write:\t");
-	dbg_hexa(eepromPageWrite);
+	dbg_hexa((u32)eepromPageWrite);
 	dbg_printf("\n");
 	*eepromPageWrite=arm7Function[3];
 		
 	u32* eepromPageProg = (u32*) (JumpTableFunc + 0x64);
 	dbg_printf("Eeprom page prog:\t");
-	dbg_hexa(eepromPageProg);
+	dbg_hexa((u32)eepromPageProg);
 	dbg_printf("\n");
 	*eepromPageProg=arm7Function[4];
 	
 	u32* eepromRead = (u32*) (JumpTableFunc + 0x80);
 	dbg_printf("Eeprom read:\t");
-	dbg_hexa(eepromRead);
+	dbg_hexa((u32)eepromRead);
 	dbg_printf("\n");
 	*eepromRead=arm7Function[5];
 		
 	u32* cardRead = (u32*) (JumpTableFunc + 0xA0);
 	dbg_printf("Card  read:\t");
-	dbg_hexa(cardRead);
+	dbg_hexa((u32)cardRead);
 	dbg_printf("\n");
 	*cardRead=arm7Function[6];
 		
 	// different patch for card id
 	u32* cardId = (u32*) (JumpTableFunc + 0xAC);
 	dbg_printf("Card id:\t");
-	dbg_hexa(cardId);
+	dbg_hexa((u32)cardId);
 	dbg_printf("\n");
 	u32 srcAddr = JumpTableFunc + 0xAC - vAddrOfRelocSrc + relocDestAtSharedMem ;
 	u32 patchCardID = generateA7Instr(srcAddr,
@@ -812,7 +859,7 @@ u32 savePatchV1 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
     if (anotherWramAddr > 0x37F7FFF && anotherWramAddr < 0x3810000) {
         u32* current = (u32*)(JumpTableFunc + 0xD0);
         dbg_printf("???:\t\t\t");
-		dbg_hexa(current);
+		dbg_hexa((u32)current);
 		dbg_printf("\n");		
 		
 		*current=arm7Function[0];
diff --git a/bootloader/source/card_patcher.h b/bootloader/source/card_patcher.h
index 9b032e92d..bbb0f78c5 100644
--- a/bootloader/source/card_patcher.h
+++ b/bootloader/source/card_patcher.h
@@ -22,6 +22,28 @@
 #include <nds/memory.h>
 #include <nds/ndstypes.h>
 
+#define PAGE_4K		(0b01011 << 1)
+#define PAGE_8K		(0b01100 << 1)
+#define PAGE_16K	(0b01101 << 1)
+#define PAGE_32K	(0b01110 << 1)
+#define PAGE_64K	(0b01111 << 1)
+#define PAGE_128K	(0b10000 << 1)
+#define PAGE_256K	(0b10001 << 1)
+#define PAGE_512K	(0b10010 << 1)
+#define PAGE_1M		(0b10011 << 1)
+#define PAGE_2M		(0b10100 << 1)
+#define PAGE_4M		(0b10101 << 1)
+#define PAGE_8M		(0b10110 << 1)
+#define PAGE_16M	(0b10111 << 1)
+#define PAGE_32M	(0b11000 << 1)
+#define PAGE_64M	(0b11001 << 1)
+#define PAGE_128M	(0b11010 << 1)
+#define PAGE_256M	(0b11011 << 1)
+#define PAGE_512M	(0b11100 << 1)
+#define PAGE_1G		(0b11101 << 1)
+#define PAGE_2G		(0b11110 << 1)
+#define PAGE_4G		(0b11111 << 1)
+
 typedef struct 
 {
 	u32 auto_load_list_offset;

From b38479f8d9200193975dff7772bbc9332575cd36 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Tue, 17 Jan 2017 00:34:23 +0100
Subject: [PATCH 07/40] mpu reconfiguration ok

---
 bootloader/source/card_patcher.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/bootloader/source/card_patcher.c b/bootloader/source/card_patcher.c
index 6acd26a09..bc3c1d061 100644
--- a/bootloader/source/card_patcher.c
+++ b/bootloader/source/card_patcher.c
@@ -62,11 +62,11 @@ u32 irqEnableStartSignature4[4] = {0xE92D4010, 0xE1A04000, 0xEBFFFFF6, 0xE59FC02
 
 u32 arenaLowSignature[4] = {0xE1A00100,0xE2800627,0xE2800AFF,0xE5801DA0};  
 
-u32 mpuInitSignature[1] = {0xEE060F12};
+u32 mpuInitSignature[1] = {0xEE060F13};
 // sdk < 3 version
-u32 mpuInitData1[1] = {0x27C0023};
+u32 mpuInitData1[1] = {0x8000035};
 // sdk >= 3 version
-u32 mpuInitData3[1] = {0x27E0021};
+u32 mpuInitData3[1] = {0x8000035};
 
 //
 // Look in @data for @find and return the position of it.
@@ -278,14 +278,14 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 		}
 	}	
 	
-	/*if(mpuDataOffset) {
-		// change the region 2 configuration
+	if(mpuDataOffset) {
+		// change the region 3 configuration
 		*mpuDataOffset = PAGE_8M  | 0x03000000 | 1;	
 		// change intruction access
-		mpuDataOffset[7] = 0x5100111;	
+		//mpuDataOffset[7] = 0x5100111;	
 		// change data access
-		mpuDataOffset[8] = 0x15111111;	
-	}*/
+		//mpuDataOffset[8] = 0x15111111;	
+	}
 		
 	// patch out all further mpu reconfiguration	
 	/*while(mpuStartOffset) {

From fd962e6a521db048d31a64dcc2db0948f851f9d9 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Tue, 17 Jan 2017 00:48:35 +0100
Subject: [PATCH 08/40] give instruction access to region 3

---
 bootloader/source/card_patcher.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bootloader/source/card_patcher.c b/bootloader/source/card_patcher.c
index bc3c1d061..df6e4c011 100644
--- a/bootloader/source/card_patcher.c
+++ b/bootloader/source/card_patcher.c
@@ -282,7 +282,7 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 		// change the region 3 configuration
 		*mpuDataOffset = PAGE_8M  | 0x03000000 | 1;	
 		// change intruction access
-		//mpuDataOffset[7] = 0x5100111;	
+		mpuDataOffset[5] = 0x5111111;	
 		// change data access
 		//mpuDataOffset[8] = 0x15111111;	
 	}

From 5fb59e25ff46267eea7ab86e1b7fe9cbe9e590ad Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Tue, 17 Jan 2017 21:43:13 +0100
Subject: [PATCH 09/40] Switch back to region 2 patching

---
 bootloader/source/card_patcher.c | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/bootloader/source/card_patcher.c b/bootloader/source/card_patcher.c
index df6e4c011..b37c53b31 100644
--- a/bootloader/source/card_patcher.c
+++ b/bootloader/source/card_patcher.c
@@ -62,6 +62,13 @@ u32 irqEnableStartSignature4[4] = {0xE92D4010, 0xE1A04000, 0xEBFFFFF6, 0xE59FC02
 
 u32 arenaLowSignature[4] = {0xE1A00100,0xE2800627,0xE2800AFF,0xE5801DA0};  
 
+
+u32 mpuInitRegion2Signature[1] = {0xEE060F12};
+// sdk < 3 version
+u32 mpuInitRegion2Data1[1] = {0x27C0023};
+// sdk >= 3 version
+u32 mpuInitRegion2Data3[1] = {0x27E0021};
+
 u32 mpuInitSignature[1] = {0xEE060F13};
 // sdk < 3 version
 u32 mpuInitData1[1] = {0x8000035};
@@ -175,9 +182,11 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 	u32* cardReadCachedStartSignature = cardReadCachedStartSignature1;
 	u32* cardReadCachedEndSignature = cardReadCachedEndSignature1;
 	u32* mpuInitData = mpuInitData1;
+	u32* mpuInitRegion2Data = mpuInitRegion2Data1;
 	if(moduleParams->sdk_version > 0x3000000 && moduleParams->sdk_version < 0x4000000) {
 		cardReadCachedEndSignature = cardReadCachedEndSignature3;
 		mpuInitData = mpuInitData3;
+		mpuInitRegion2Data = mpuInitRegion2Data3;
 	} else if(moduleParams->sdk_version > 0x4000000) {
 		a9cardReadSignature = a9cardReadSignature4;
 		cardReadStartSignature = cardReadStartSignature4;
@@ -258,6 +267,7 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 		}
 	}	
 	
+	
 	// Find the mpu init
 	u32* mpuDataOffset = 0;
     u32 mpuStartOffset =  
@@ -268,7 +278,7 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
     } else {
 		mpuDataOffset =   
 			getOffset((u32*)mpuStartOffset, 0x100,
-				  (u32*)mpuInitData, 1, 1);
+				  (u32*)mpuInitRegion2Data, 1, 1);
 		if (!mpuDataOffset) {
 			dbg_printf("Mpu data not found\n");
 		} else {
@@ -282,22 +292,26 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 		// change the region 3 configuration
 		*mpuDataOffset = PAGE_8M  | 0x03000000 | 1;	
 		// change intruction access
-		mpuDataOffset[5] = 0x5111111;	
+		//mpuDataOffset[5] = 0x5111111;	
+		mpuDataOffset[6] = 0x5111111;	
 		// change data access
 		//mpuDataOffset[8] = 0x15111111;	
 	}
+	
+	
+	
 		
 	// patch out all further mpu reconfiguration	
-	/*while(mpuStartOffset) {
+	while(mpuStartOffset) {
 		mpuStartOffset = getOffset(mpuStartOffset+4, ndsHeader->arm9binarySize,
-              (u32*)mpuInitSignature, 1, 1);
+              (u32*)mpuInitRegion2Signature, 1, 1);
 		if(mpuStartOffset) {
 			dbg_printf("Mpu init :\t");
 			dbg_hexa(mpuStartOffset);
 			dbg_printf("\n");
 			*((u32*)mpuStartOffset) = 0xE3A00000 ;
 		}
-	}	*/
+	}	
 	
 	/*u32 arenaLoOffset =   
         getOffsetA9((u32*)ndsHeader->arm9destination, 0x00300000,//, ndsHeader->arm9binarySize,

From aa81e4d1143f8ed5bb309852cb0c1e680a7d4160 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Tue, 17 Jan 2017 21:48:17 +0100
Subject: [PATCH 10/40] Add data access

---
 bootloader/source/card_patcher.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bootloader/source/card_patcher.c b/bootloader/source/card_patcher.c
index b37c53b31..dcbd83d5f 100644
--- a/bootloader/source/card_patcher.c
+++ b/bootloader/source/card_patcher.c
@@ -295,7 +295,7 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 		//mpuDataOffset[5] = 0x5111111;	
 		mpuDataOffset[6] = 0x5111111;	
 		// change data access
-		//mpuDataOffset[8] = 0x15111111;	
+		mpuDataOffset[7] = 0x15111111;	
 	}
 	
 	

From 5eec86f721e905448ae19b904378026b96dfbb84 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Tue, 17 Jan 2017 22:15:10 +0100
Subject: [PATCH 11/40] Add and arm9 cardengine c binary

---
 Makefile                                      |  14 +-
 bootloader/Makefile                           |  11 +-
 bootloader/source/boot.c                      |   5 +-
 bootloader/source/card_patcher.c              |   3 +-
 bootloader/source/hook.c                      |   2 +-
 {cardengine => cardengine_arm7}/Makefile      |   2 +-
 {cardengine => cardengine_arm7}/cardengine.ld |   0
 {cardengine => cardengine_arm7}/source/bios.s |   0
 {cardengine => cardengine_arm7}/source/card.h |   0
 .../source/cardEngine.c                       |   0
 .../source/cardEngine.h                       |   0
 .../source/card_engine_header.s               |   0
 .../source/debugToFile.c                      |   0
 .../source/debugToFile.h                      |   0
 .../source/debugprint.s                       |   0
 .../source/disc_io.h                          |   0
 {cardengine => cardengine_arm7}/source/fat.c  |   0
 {cardengine => cardengine_arm7}/source/fat.h  |   0
 .../source/sdmmc.c                            |   0
 .../source/sdmmc.h                            |   0
 cardengine_arm9/Makefile                      | 132 +++++++++++
 cardengine_arm9/cardengine.ld                 | 198 ++++++++++++++++
 cardengine_arm9/source/cardEngine.c           |  48 ++++
 cardengine_arm9/source/cardEngine.h           |  36 +++
 cardengine_arm9/source/card_engine_header.s   | 218 ++++++++++++++++++
 cardengine_arm9/source/debugprint.s           |  82 +++++++
 nds-bootstrap.pnproj                          |   2 +-
 nds-bootstrap.pnps                            |   2 +-
 28 files changed, 740 insertions(+), 15 deletions(-)
 rename {cardengine => cardengine_arm7}/Makefile (99%)
 rename {cardengine => cardengine_arm7}/cardengine.ld (100%)
 rename {cardengine => cardengine_arm7}/source/bios.s (100%)
 rename {cardengine => cardengine_arm7}/source/card.h (100%)
 rename {cardengine => cardengine_arm7}/source/cardEngine.c (100%)
 rename {cardengine => cardengine_arm7}/source/cardEngine.h (100%)
 rename {cardengine => cardengine_arm7}/source/card_engine_header.s (100%)
 rename {cardengine => cardengine_arm7}/source/debugToFile.c (100%)
 rename {cardengine => cardengine_arm7}/source/debugToFile.h (100%)
 rename {cardengine => cardengine_arm7}/source/debugprint.s (100%)
 rename {cardengine => cardengine_arm7}/source/disc_io.h (100%)
 rename {cardengine => cardengine_arm7}/source/fat.c (100%)
 rename {cardengine => cardengine_arm7}/source/fat.h (100%)
 rename {cardengine => cardengine_arm7}/source/sdmmc.c (100%)
 rename {cardengine => cardengine_arm7}/source/sdmmc.h (100%)
 create mode 100644 cardengine_arm9/Makefile
 create mode 100644 cardengine_arm9/cardengine.ld
 create mode 100644 cardengine_arm9/source/cardEngine.c
 create mode 100644 cardengine_arm9/source/cardEngine.h
 create mode 100644 cardengine_arm9/source/card_engine_header.s
 create mode 100644 cardengine_arm9/source/debugprint.s

diff --git a/Makefile b/Makefile
index b14a870e3..44f50515f 100644
--- a/Makefile
+++ b/Makefile
@@ -115,9 +115,9 @@ endif
 
 export GAME_TITLE := $(TARGET)
 
-.PHONY: cardengine sdengine bootloader bootstub BootStrap clean
+.PHONY: cardengine_arm7 cardengine_arm9 sdengine bootloader bootstub BootStrap clean
 
-all:	cardengine sdengine bootloader bootstub $(TARGET).nds
+all:	cardengine_arm7 cardengine_arm9 sdengine bootloader bootstub $(TARGET).nds
 
 dist:	all
 	@rm	-fr	hbmenu
@@ -150,8 +150,11 @@ dldi/dsisd.dldi:
 sdengine: data
 	@$(MAKE) -C sdengine
 	
-cardengine: data
-	@$(MAKE) -C cardengine
+cardengine_arm7: data
+	@$(MAKE) -C cardengine_arm7
+	
+cardengine_arm9: data
+	@$(MAKE) -C cardengine_arm9
 
 #---------------------------------------------------------------------------------
 #$(BUILD):
@@ -168,7 +171,8 @@ clean:
 	@$(MAKE) -C bootstub clean
 	@$(MAKE) -C arm9 clean
 	@$(MAKE) -C arm7 clean
-	@$(MAKE) -C cardengine clean
+	@$(MAKE) -C cardengine_arm7 clean
+	@$(MAKE) -C cardengine_arm9 clean
 	@$(MAKE) -C sdengine clean
 	@$(MAKE) -C dldi clean
 		
diff --git a/bootloader/Makefile b/bootloader/Makefile
index 32af0a69c..b8cf6b1b2 100644
--- a/bootloader/Makefile
+++ b/bootloader/Makefile
@@ -117,10 +117,15 @@ sdengine.bin.o : sdengine.bin
 sdengine.bin:
 	cp $(CURDIR)/../../data/sdengine.bin sdengine.bin
 	
-cardengine.bin.o : cardengine.bin
+cardengine_arm7.bin.o : cardengine_arm7.bin
 
-cardengine.bin:
-	cp $(CURDIR)/../../data/cardengine.bin cardengine.bin
+cardengine_arm7.bin:
+	cp $(CURDIR)/../../data/cardengine_arm7.bin cardengine_arm7.bin
+	
+cardengine_arm9.bin.o : cardengine_arm9.bin
+
+cardengine_arm9.bin:
+	cp $(CURDIR)/../../data/cardengine_arm9.bin cardengine_arm9.bin
 
 -include $(DEPENDS)
 
diff --git a/bootloader/source/boot.c b/bootloader/source/boot.c
index 57109fecf..9621dc72d 100644
--- a/bootloader/source/boot.c
+++ b/bootloader/source/boot.c
@@ -51,7 +51,8 @@ Helpful information:
 #include "dldi_patcher.h"
 #include "card.h"
 #include "card_patcher.h"
-#include "cardengine_bin.h"
+#include "cardengine_arm7_bin.h"
+#include "cardengine_arm9_bin.h"
 #include "boot.h"
 #include "hook.h"
 #include "common.h"
@@ -349,7 +350,7 @@ int main (void) {
 			}
 		} else {	
 			nocashMessage("dldi Patch Unsuccessful try to patch card");
-			copyLoop (SD_ENGINE_LOCATION, (u32*)cardengine_bin, cardengine_bin_size);	
+			copyLoop (SD_ENGINE_LOCATION, (u32*)cardengine_arm7_bin, cardengine_arm7_bin_size);	
 
 			module_params_t* params = findModuleParams(NDS_HEAD);
 			if(params)
diff --git a/bootloader/source/card_patcher.c b/bootloader/source/card_patcher.c
index dcbd83d5f..6bee4adce 100644
--- a/bootloader/source/card_patcher.c
+++ b/bootloader/source/card_patcher.c
@@ -18,7 +18,8 @@
 
 #include "card_patcher.h"
 #include "common.h"
-#include "cardengine_bin.h"
+#include "cardengine_arm9_bin.h"
+#include "cardengine_arm7_bin.h"
 #include "debugToFile.h"
 
 // Subroutine function signatures arm7
diff --git a/bootloader/source/hook.c b/bootloader/source/hook.c
index 860d5e00b..921735907 100644
--- a/bootloader/source/hook.c
+++ b/bootloader/source/hook.c
@@ -18,7 +18,7 @@
 
 #include "hook.h"
 #include "common.h"
-#include "cardengine_bin.h"
+#include "cardengine_arm7_bin.h"
 #include "sdengine_bin.h"
 #include "fat.h"
 
diff --git a/cardengine/Makefile b/cardengine_arm7/Makefile
similarity index 99%
rename from cardengine/Makefile
rename to cardengine_arm7/Makefile
index d32487b57..f67d1cdc4 100644
--- a/cardengine/Makefile
+++ b/cardengine_arm7/Makefile
@@ -16,7 +16,7 @@ include $(DEVKITARM)/ds_rules
 # INCLUDES is a list of directories containing header files
 # SPECS is the directory containing the important build and link files
 #---------------------------------------------------------------------------------
-export TARGET		:=	cardengine
+export TARGET		:=	cardengine_arm7
 BUILD		:=	build
 SOURCES		:=	source
 DATA		:=	data
diff --git a/cardengine/cardengine.ld b/cardengine_arm7/cardengine.ld
similarity index 100%
rename from cardengine/cardengine.ld
rename to cardengine_arm7/cardengine.ld
diff --git a/cardengine/source/bios.s b/cardengine_arm7/source/bios.s
similarity index 100%
rename from cardengine/source/bios.s
rename to cardengine_arm7/source/bios.s
diff --git a/cardengine/source/card.h b/cardengine_arm7/source/card.h
similarity index 100%
rename from cardengine/source/card.h
rename to cardengine_arm7/source/card.h
diff --git a/cardengine/source/cardEngine.c b/cardengine_arm7/source/cardEngine.c
similarity index 100%
rename from cardengine/source/cardEngine.c
rename to cardengine_arm7/source/cardEngine.c
diff --git a/cardengine/source/cardEngine.h b/cardengine_arm7/source/cardEngine.h
similarity index 100%
rename from cardengine/source/cardEngine.h
rename to cardengine_arm7/source/cardEngine.h
diff --git a/cardengine/source/card_engine_header.s b/cardengine_arm7/source/card_engine_header.s
similarity index 100%
rename from cardengine/source/card_engine_header.s
rename to cardengine_arm7/source/card_engine_header.s
diff --git a/cardengine/source/debugToFile.c b/cardengine_arm7/source/debugToFile.c
similarity index 100%
rename from cardengine/source/debugToFile.c
rename to cardengine_arm7/source/debugToFile.c
diff --git a/cardengine/source/debugToFile.h b/cardengine_arm7/source/debugToFile.h
similarity index 100%
rename from cardengine/source/debugToFile.h
rename to cardengine_arm7/source/debugToFile.h
diff --git a/cardengine/source/debugprint.s b/cardengine_arm7/source/debugprint.s
similarity index 100%
rename from cardengine/source/debugprint.s
rename to cardengine_arm7/source/debugprint.s
diff --git a/cardengine/source/disc_io.h b/cardengine_arm7/source/disc_io.h
similarity index 100%
rename from cardengine/source/disc_io.h
rename to cardengine_arm7/source/disc_io.h
diff --git a/cardengine/source/fat.c b/cardengine_arm7/source/fat.c
similarity index 100%
rename from cardengine/source/fat.c
rename to cardengine_arm7/source/fat.c
diff --git a/cardengine/source/fat.h b/cardengine_arm7/source/fat.h
similarity index 100%
rename from cardengine/source/fat.h
rename to cardengine_arm7/source/fat.h
diff --git a/cardengine/source/sdmmc.c b/cardengine_arm7/source/sdmmc.c
similarity index 100%
rename from cardengine/source/sdmmc.c
rename to cardengine_arm7/source/sdmmc.c
diff --git a/cardengine/source/sdmmc.h b/cardengine_arm7/source/sdmmc.h
similarity index 100%
rename from cardengine/source/sdmmc.h
rename to cardengine_arm7/source/sdmmc.h
diff --git a/cardengine_arm9/Makefile b/cardengine_arm9/Makefile
new file mode 100644
index 000000000..e5ea5115c
--- /dev/null
+++ b/cardengine_arm9/Makefile
@@ -0,0 +1,132 @@
+#---------------------------------------------------------------------------------
+.SUFFIXES:
+#---------------------------------------------------------------------------------
+
+ifeq ($(strip $(DEVKITARM)),)
+$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
+endif
+
+include $(DEVKITARM)/ds_rules
+
+#---------------------------------------------------------------------------------
+# TARGET is the name of the output
+# BUILD is the directory where object files & intermediate files will be placed
+# SOURCES is a list of directories containing source code
+# DATA is a list of directories containing data files
+# INCLUDES is a list of directories containing header files
+# SPECS is the directory containing the important build and link files
+#---------------------------------------------------------------------------------
+export TARGET		:=	cardengine_arm9
+BUILD		:=	build
+SOURCES		:=	source
+DATA		:=	data
+INCLUDES	:=	include
+
+
+#---------------------------------------------------------------------------------
+# options for code generation
+#---------------------------------------------------------------------------------
+ARCH	:=	-mthumb-interwork
+
+CFLAGS	:=	-g -Wall -O2\
+			-mcpu=arm7tdmi -mtune=arm7tdmi -fomit-frame-pointer\
+			-ffast-math \
+			$(ARCH)
+
+CFLAGS	+=	$(INCLUDE) -DARM7 -std=gnu99
+
+CXXFLAGS	:= $(CFLAGS) -fno-rtti -fno-exceptions
+
+ASFLAGS	:=	-g $(ARCH)
+LDFLAGS	=	-nostartfiles -T ../cardengine.ld -g $(ARCH) -Wl,-Map,$(TARGET).map
+
+LIBS	:= 
+
+#---------------------------------------------------------------------------------
+# list of directories containing libraries, this must be the top level containing
+# include and lib
+#---------------------------------------------------------------------------------
+LIBDIRS	:=	$(LIBNDS)
+ 
+  
+#---------------------------------------------------------------------------------
+# no real need to edit anything past this point unless you need to add additional
+# rules for different file extensions
+#---------------------------------------------------------------------------------
+ifneq ($(BUILD),$(notdir $(CURDIR)))
+#---------------------------------------------------------------------------------
+ 
+export OUTPUT	:=	$(CURDIR)/../data/$(TARGET)
+
+export VPATH	:=	$(foreach dir,$(SOURCES),$(CURDIR)/$(dir)) \
+			$(foreach dir,$(DATA),$(CURDIR)/$(dir))
+
+export DEPSDIR	:=	$(CURDIR)/$(BUILD)
+
+CFILES		:=	$(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.c)))
+CPPFILES	:=	$(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.cpp)))
+SFILES		:=	$(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.s)))
+BINFILES	:=	$(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.*)))
+
+#---------------------------------------------------------------------------------
+# use CXX for linking C++ projects, CC for standard C
+#---------------------------------------------------------------------------------
+ifeq ($(strip $(CPPFILES)),)
+#---------------------------------------------------------------------------------
+	export LD	:=	$(CC)
+#---------------------------------------------------------------------------------
+else
+#---------------------------------------------------------------------------------
+	export LD	:=	$(CXX)
+#---------------------------------------------------------------------------------
+endif
+#---------------------------------------------------------------------------------
+
+export OFILES	:=	$(addsuffix .o,$(BINFILES)) \
+			$(CPPFILES:.cpp=.o) $(CFILES:.c=.o) $(SFILES:.s=.o)
+
+export INCLUDE	:=	$(foreach dir,$(INCLUDES),-I$(CURDIR)/$(dir)) \
+			$(foreach dir,$(LIBDIRS),-I$(dir)/include) \
+			-I$(CURDIR)/$(BUILD)
+
+export LIBPATHS	:=	$(foreach dir,$(LIBDIRS),-L$(dir)/lib)
+
+.PHONY: $(BUILD) clean all
+ 
+#---------------------------------------------------------------------------------
+all: $(BUILD)
+
+$(BUILD):
+	@[ -d $@ ] || mkdir -p $@
+	@$(MAKE) --no-print-directory -C $(BUILD) -f $(CURDIR)/Makefile
+ 
+#---------------------------------------------------------------------------------
+clean:
+	@echo clean ...
+	@rm -fr $(BUILD) $(TARGET).bin $(TARGET).elf
+ 
+ 
+#---------------------------------------------------------------------------------
+else
+ 
+DEPENDS	:=	$(OFILES:.o=.d)
+ 
+#---------------------------------------------------------------------------------
+# main targets
+#---------------------------------------------------------------------------------
+$(OUTPUT).bin			:	$(CURDIR)/$(TARGET).elf
+$(CURDIR)/$(TARGET).elf	:	$(OFILES)
+
+
+#---------------------------------------------------------------------------------
+%.bin: %.elf
+	@$(OBJCOPY) -O binary $< $@
+	@echo built ... $(notdir $@)
+ 
+
+-include $(DEPENDS)
+
+ 
+#---------------------------------------------------------------------------------------
+endif
+#---------------------------------------------------------------------------------------
diff --git a/cardengine_arm9/cardengine.ld b/cardengine_arm9/cardengine.ld
new file mode 100644
index 000000000..fede2970e
--- /dev/null
+++ b/cardengine_arm9/cardengine.ld
@@ -0,0 +1,198 @@
+OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm", "elf32-littlearm")
+OUTPUT_ARCH(arm)
+ENTRY(_start)
+
+MEMORY {
+
+	vram	: ORIGIN = 0x03700000, LENGTH = 16K /* WRAM C  */
+}
+
+__vram_start	=	ORIGIN(vram);
+__vram_top	=	ORIGIN(vram)+ LENGTH(vram);
+__sp_irq	=	__vram_top - 0x60;
+__sp_svc	=	__sp_irq - 0x100;
+__sp_usr	=	__sp_svc - 0x100;
+
+__irq_flags	=	__vram_top - 8;
+__irq_vector	=	__vram_top - 4;
+
+SECTIONS
+{
+	.init	:
+	{
+		__text_start = . ;
+		KEEP (*(.init))
+		. = ALIGN(4);  /* REQUIRED. LD is flaky without it. */
+	} >vram = 0xff
+		
+	.plt : 
+	{ 
+		*(.plt) 
+	} >vram = 0xff
+
+	.text :   /* ALIGN (4): */
+	{
+
+		*(.text*)
+		*(.stub)
+		/* .gnu.warning sections are handled specially by elf32.em.  */
+		*(.gnu.warning)
+		*(.gnu.linkonce.t*)
+		*(.glue_7)
+		*(.glue_7t)
+		. = ALIGN(4);  /* REQUIRED. LD is flaky without it. */
+	} >vram = 0xff
+
+	.fini           :
+	{
+		KEEP (*(.fini))
+	} >vram =0xff
+
+	__text_end = . ;
+
+	.rodata :
+	{
+		*(.rodata)
+		*all.rodata*(*)
+		*(.roda)
+		*(.rodata.*)
+		*(.gnu.linkonce.r*)
+		SORT(CONSTRUCTORS)
+		. = ALIGN(4);   /* REQUIRED. LD is flaky without it. */
+	} >vram = 0xff
+
+	.ARM.extab   : { *(.ARM.extab* .gnu.linkonce.armextab.*) } >vram
+	__exidx_start = .;
+	.ARM.exidx   : { *(.ARM.exidx* .gnu.linkonce.armexidx.*) } >vram
+	__exidx_end = .;
+
+/* Ensure the __preinit_array_start label is properly aligned.  We
+   could instead move the label definition inside the section, but
+   the linker would then create the section even if it turns out to
+   be empty, which isn't pretty.  */
+	. = ALIGN(32 / 8);
+	PROVIDE (__preinit_array_start = .);
+	.preinit_array     : { KEEP (*(.preinit_array)) } >vram = 0xff
+	PROVIDE (__preinit_array_end = .);
+	PROVIDE (__init_array_start = .);
+	.init_array     : { KEEP (*(.init_array)) } >vram = 0xff
+	PROVIDE (__init_array_end = .);
+	PROVIDE (__fini_array_start = .);
+	.fini_array     : { KEEP (*(.fini_array)) } >vram = 0xff
+	PROVIDE (__fini_array_end = .);
+
+	.ctors :
+	{
+	/* gcc uses crtbegin.o to find the start of the constructors, so
+		we make sure it is first.  Because this is a wildcard, it
+		doesn't matter if the user does not actually link against
+		crtbegin.o; the linker won't look for a file to match a
+		wildcard.  The wildcard also means that it doesn't matter which
+		directory crtbegin.o is in.  */
+		KEEP (*crtbegin.o(.ctors))
+		KEEP (*(EXCLUDE_FILE (*crtend.o) .ctors))
+		KEEP (*(SORT(.ctors.*)))
+		KEEP (*(.ctors))
+		. = ALIGN(4);   /* REQUIRED. LD is flaky without it. */
+	} >vram = 0xff
+
+	.dtors :
+	{
+		KEEP (*crtbegin.o(.dtors))
+		KEEP (*(EXCLUDE_FILE (*crtend.o) .dtors))
+		KEEP (*(SORT(.dtors.*)))
+		KEEP (*(.dtors))
+		. = ALIGN(4);   /* REQUIRED. LD is flaky without it. */
+	} >vram = 0xff
+
+	.eh_frame :
+	{
+		KEEP (*(.eh_frame))
+		. = ALIGN(4);   /* REQUIRED. LD is flaky without it. */
+	} >vram = 0xff
+
+	.gcc_except_table :
+	{
+		*(.gcc_except_table)
+		. = ALIGN(4);   /* REQUIRED. LD is flaky without it. */
+	} >vram = 0xff
+	.jcr            : { KEEP (*(.jcr)) } >vram = 0
+	.got            : { *(.got.plt) *(.got) } >vram = 0
+
+	
+	.vram ALIGN(4) :
+	{
+		__vram_start = ABSOLUTE(.) ;
+		*(.vram)
+		*vram.*(.text)
+		. = ALIGN(4);   /* REQUIRED. LD is flaky without it. */
+		__vram_end = ABSOLUTE(.) ;
+	} >vram = 0xff
+
+
+	.data ALIGN(4) : 	{
+		__data_start = ABSOLUTE(.);
+		*(.data)
+		*(.data.*)
+		*(.gnu.linkonce.d*)
+		CONSTRUCTORS
+		. = ALIGN(4);
+		__data_end = ABSOLUTE(.) ;
+	} >vram = 0xff
+
+
+
+	.bss ALIGN(4) :
+	{
+		__bss_start = ABSOLUTE(.);
+		__bss_start__ = ABSOLUTE(.);
+		*(.dynbss)
+		*(.gnu.linkonce.b*)
+		*(.bss*)
+		*(COMMON)
+		. = ALIGN(4);    /* REQUIRED. LD is flaky without it. */
+	} >vram
+
+	__bss_end = . ;
+	__bss_end__ = . ;
+
+	_end = . ;
+	__end__ = . ;
+	PROVIDE (end = _end);
+
+	/* Stabs debugging sections.  */
+	.stab 0 : { *(.stab) }
+	.stabstr 0 : { *(.stabstr) }
+	.stab.excl 0 : { *(.stab.excl) }
+	.stab.exclstr 0 : { *(.stab.exclstr) }
+	.stab.index 0 : { *(.stab.index) }
+	.stab.indexstr 0 : { *(.stab.indexstr) }
+	.comment 0 : { *(.comment) }
+	/*	DWARF debug sections.
+		Symbols in the DWARF debugging sections are relative to the beginning
+		of the section so we begin them at 0.  */
+	/* DWARF 1 */
+	.debug          0 : { *(.debug) }
+	.line           0 : { *(.line) }
+	/* GNU DWARF 1 extensions */
+	.debug_srcinfo  0 : { *(.debug_srcinfo) }
+	.debug_sfnames  0 : { *(.debug_sfnames) }
+	/* DWARF 1.1 and DWARF 2 */
+	.debug_aranges  0 : { *(.debug_aranges) }
+	.debug_pubnames 0 : { *(.debug_pubnames) }
+	/* DWARF 2 */
+	.debug_info     0 : { *(.debug_info) }
+	.debug_abbrev   0 : { *(.debug_abbrev) }
+	.debug_line     0 : { *(.debug_line) }
+	.debug_frame    0 : { *(.debug_frame) }
+	.debug_str      0 : { *(.debug_str) }
+	.debug_loc      0 : { *(.debug_loc) }
+	.debug_macinfo  0 : { *(.debug_macinfo) }
+	/* SGI/MIPS DWARF 2 extensions */
+	.debug_weaknames 0 : { *(.debug_weaknames) }
+	.debug_funcnames 0 : { *(.debug_funcnames) }
+	.debug_typenames 0 : { *(.debug_typenames) }
+	.debug_varnames  0 : { *(.debug_varnames) }
+	.stack 0x80000 : { _stack = .; *(.stack) }
+	/* These must appear regardless of  .  */
+}
diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
new file mode 100644
index 000000000..24a1d6b2d
--- /dev/null
+++ b/cardengine_arm9/source/cardEngine.c
@@ -0,0 +1,48 @@
+/*
+    NitroHax -- Cheat tool for the Nintendo DS
+    Copyright (C) 2008  Michael "Chishm" Chisholm
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <nds.h> 
+#include <nds/fifomessages.h>
+#include "cardEngine.h"
+
+static bool initialized = false;
+static bool initializedIRQ = false;
+static bool calledViaIPC = false;
+extern vu32* volatile cardStruct;
+extern vu32* volatile cacheStruct;
+extern u32 fileCluster;
+extern u32 saveCluster;
+extern u32 sdk_version;
+vu32* volatile sharedAddr = (vu32*)0x027FFB08;
+
+
+u32 cardId (void) {
+	nocashMessage("\narm9 cardId\n");
+
+	return	1;
+}
+
+bool cardRead (u32 dma,  u32 src, void *dst, u32 len) {
+	nocashMessage("\narm9 cardRead\n");	
+	
+	return true;
+}
+
+
+
+
diff --git a/cardengine_arm9/source/cardEngine.h b/cardengine_arm9/source/cardEngine.h
new file mode 100644
index 000000000..0ccf17135
--- /dev/null
+++ b/cardengine_arm9/source/cardEngine.h
@@ -0,0 +1,36 @@
+/*
+    NitroHax -- Cheat tool for the Nintendo DS
+    Copyright (C) 2008  Michael "Chishm" Chisholm
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef CARD_ENGINE_ARM9_H
+#define CARD_ENGINE_ARM9_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define is_aligned(POINTER, BYTE_COUNT) \
+    (((uintptr_t)(const void *)(POINTER)) % (BYTE_COUNT) == 0)
+
+u32 cardId (void);
+bool cardRead (u32 dma,  u32 src, void *dst, u32 len);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // CARD_ENGINE_ARM9_H
diff --git a/cardengine_arm9/source/card_engine_header.s b/cardengine_arm9/source/card_engine_header.s
new file mode 100644
index 000000000..61d49111d
--- /dev/null
+++ b/cardengine_arm9/source/card_engine_header.s
@@ -0,0 +1,218 @@
+@---------------------------------------------------------------------------------
+	.section ".init"
+@---------------------------------------------------------------------------------
+	.global _start
+	.align	4
+	.arm
+
+.global card_engine_start
+.global card_engine_start_sync
+.global card_engine_end
+.global cardStruct
+.global cacheStruct
+.global patches_offset
+.global sdk_version
+.global fileCluster
+.global saveCluster
+
+#define ICACHE_SIZE	0x2000
+#define DCACHE_SIZE	0x1000
+#define CACHE_LINE_SIZE	32
+
+
+patches_offset:
+	.word	patches
+intr_vblank_orig_return:
+	.word	0x00000000
+intr_fifo_orig_return:
+	.word	0x00000000
+sdk_version:
+	.word	0x00000000
+fileCluster:
+	.word	0x00000000
+cardStruct:
+	.word	0x00000000
+cacheStruct:
+	.word	0x00000000
+	
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+
+card_engine_start:
+
+vblankHandler:
+@ Hook the return address, then go back to the original function
+	stmdb	sp!, {lr}
+	adr 	lr, code_handler_start_vblank
+	ldr 	r0,	intr_vblank_orig_return
+	bx  	r0
+
+fifoHandler:	
+@ Hook the return address, then go back to the original function
+	stmdb	sp!, {lr}
+	adr 	lr, code_handler_start_fifo
+	ldr 	r0,	intr_fifo_orig_return
+	bx  	r0
+	
+code_handler_start_vblank:
+	push	{r0-r12} 
+	bl	_blx_r3_stub		@ jump to myIrqHandler
+	
+	@ exit after return
+	b	exit
+	
+code_handler_start_fifo:
+	push	{r0-r12} 
+	bl	_blx_r3_stub		@ jump to myIrqHandler
+  
+  
+    @ exit after return
+	b	exit
+	
+@---------------------------------------------------------------------------------
+_blx_r3_stub:
+@---------------------------------------------------------------------------------
+	bx	r3	
+	
+@---------------------------------------------------------------------------------
+
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+
+exit:	
+	pop   	{r0-r12} 
+	pop  	{lr}
+	bx  lr
+
+.pool
+
+.global fastCopy32
+.type	fastCopy32 STT_FUNC
+@ r0 : src, r1 : dst, r2 : len
+fastCopy32:
+    stmfd   sp!, {r3-r11,lr}
+	@ copy 512 bytes
+	mov     r10, r0	
+	mov     r9, r1	
+	mov     r8, r2	
+loop_fastCopy32:
+	ldmia   r10!, {r0-r7}
+	stmia   r9!,  {r0-r7}
+	subs    r8, r8, #32  @ 4*8 bytes
+	bgt     loop_fastCopy32
+	ldmfd   sp!, {r3-r11,lr}
+    bx      lr
+
+card_engine_end:
+
+patches:
+.word	card_read_arm9
+.word	card_pull_out_arm9
+.word	vblankHandler
+.word	fifoHandler
+.word	cardStructArm9
+.word   cacheFlushRef
+.word   readCachedRef
+
+@---------------------------------------------------------------------------------
+card_read_arm9:
+@---------------------------------------------------------------------------------
+    stmfd   sp!, {r0-r11,lr}
+	str 	r0, cacheRef
+	
+begin:	
+	@ registers used r0,r1,r2,r3,r5,r8,r11
+    ldr     r3,=0x4000100     @IPC_SYNC & command value
+    ldr     r8,=0x027FFB08    @shared area command			
+    ldr     r4, cardStructArm9	
+    ldr     r5, [R4]      @SRC
+	ldr     r1, [R4,#0x8] @LEN
+	ldr     r0, [R4,#0x4] @DST
+	mov     r2, #0x2400	
+	
+	@page computation
+	mov     r9, #0x200
+	rsb     r10, r9, #0
+	and     r11, r5, r10
+	
+	@ check for cmd2
+	cmp     r11, r5
+	bne     cmd1	
+	cmp     r1, #1024
+	blt     cmd1	
+	sub     r7, r8, #(0x027FFB08 - 0x026FFB08) @below dtcm
+	cmp     r0, r7
+	bgt     cmd1
+	sub     r7, r8, #(0x027FFB08 - 0x019FFB08) @above itcm
+	cmp     r0, r7
+	blt     cmd1
+	ands    r10, r0, #3
+	bne     cmd1
+	
+cmd2:
+	sub r7, r8, #(0x027FFB08 - 0x025FFB08) @cmd2 marker
+	@r0 dst, r1 len
+	ldr r9, cacheFlushRef
+	blx r9  			@ cache flush code
+	b 	send_cmd
+
+cmd1:	
+	mov     R1, #0x200
+	mov     r5, r11       @ current page	
+    sub     r7, r8, #(0x027FFB08 - 0x027ff800) @cmd1 marker
+
+send_cmd:
+	@dst, len, src, marker
+    stmia r8, {r0,r1,r5,r7}
+    
+    @sendIPCSync
+    strh    r2, [r3,#0x80]
+
+loop_wait:
+    ldr r9, [r8,#12]
+    cmp r9,#0
+    bne loop_wait	
+
+	@ check for cmd2
+	cmp     r1, #0x200
+	bne     exitfunc
+	
+	ldr 	r9, cacheRef
+	add     r9,r9,#0x20	@ cache buffer
+	mov     r10,r7	
+
+	@ copy 512 bytes
+	mov     r8, #512	
+loop_copy:
+	ldmia   r10!, {r0-r7}
+	stmia   r9!,  {r0-r7}
+	subs    r8, r8, #32  @ 4*8 bytes
+	bgt     loop_copy
+
+	ldr 	r0, cacheRef	
+	str     r11, [r0, #8]	@ cache page
+	
+	ldr r9, readCachedRef
+	blx r9  		
+	
+	cmp r0,#0	
+	bne begin
+
+exitfunc:	
+    ldmfd   sp!, {r0-r11,lr}
+    bx      lr
+
+cardStructArm9:
+.word    0x00000000     
+cacheFlushRef:
+.word    0x00000000  
+readCachedRef:
+.word    0x00000000  
+cacheRef:
+.word    0x00000000  
+.pool
+@---------------------------------------------------------------------------------
+
+@---------------------------------------------------------------------------------
+card_pull_out_arm9:
+@---------------------------------------------------------------------------------
+	bx      lr
+@---------------------------------------------------------------------------------
\ No newline at end of file
diff --git a/cardengine_arm9/source/debugprint.s b/cardengine_arm9/source/debugprint.s
new file mode 100644
index 000000000..0ecfc8e89
--- /dev/null
+++ b/cardengine_arm9/source/debugprint.s
@@ -0,0 +1,82 @@
+/*---------------------------------------------------------------------------------
+
+	Copyright (C) 2008 - 2010
+		Mukunda Johnson (eKid)
+		Jason Rogers (dovoto)
+		Dave Murphy (WinterMute)
+
+	This software is provided 'as-is', without any express or implied
+	warranty.  In no event will the authors be held liable for any
+	damages arising from the use of this software.
+
+	Permission is granted to anyone to use this software for any
+	purpose, including commercial applications, and to alter it and
+	redistribute it freely, subject to the following restrictions:
+
+	1.	The origin of this software must not be misrepresented; you
+		must not claim that you wrote the original software. If you use
+		this software in a product, an acknowledgment in the product
+		documentation would be appreciated but is not required.
+
+	2.	Altered source versions must be plainly marked as such, and
+		must not be misrepresented as being the original software.
+
+	3.	This notice may not be removed or altered from any source
+		distribution.
+
+---------------------------------------------------------------------------------*/
+        .text
+        .thumb
+        .align
+
+        .thumb_func
+//---------------------------------------------------------------------------------
+        .global nocashWrite
+//---------------------------------------------------------------------------------
+// no$gba debug output function
+//---------------------------------------------------------------------------------
+nocashWrite:  // params = { string, length }
+//---------------------------------------------------------------------------------
+	b	1f
+
+        .thumb_func
+//---------------------------------------------------------------------------------
+        .global nocashMessage
+//---------------------------------------------------------------------------------
+// no$gba debug output function
+//---------------------------------------------------------------------------------
+nocashMessage:  // params = { string }
+//---------------------------------------------------------------------------------
+ 
+// max string length == 120 bytes
+//---------------------------------------------------------------------------------
+// copy string into buffer
+//---------------------------------------------------------------------------------
+	mov	r1,#120
+1:	push	{r4}
+        ldr     r4,=buffer  // get buffer address
+        mov     r2, #0      // r2 = read/write position
+3:      ldrb    r3, [r0,r2] // load character
+        strb    r3, [r4,r2] // store character
+        cmp     r3, #0      // character == NULL?
+        beq     3f          // yes, send message
+        add     r2, #1      // increment read/write position
+        cmp     r2, r1      // max length == 120
+        bne     3b          // loop if < 120 characters
+ 
+	mov	r0,#0
+	strb	r0,[r4,r2]
+//---------------------------------------------------------------------------------
+// send message to no$
+//---------------------------------------------------------------------------------
+3:      mov     r12,r12     // first ID
+        b       2f          // skip the text section
+        .hword  0x6464      // second ID
+        .hword  0           // flags
+buffer:
+        .space  120         // data
+2:	pop	{r4}
+	bx      lr          // exit
+ 
+//---------------------------------------------------------------------------------
+        .pool
diff --git a/nds-bootstrap.pnproj b/nds-bootstrap.pnproj
index 169f3cdf1..a0e88ad70 100644
--- a/nds-bootstrap.pnproj
+++ b/nds-bootstrap.pnproj
@@ -1 +1 @@
-<Project name="nds-bootstrap"><Folder name="bootloader"><Folder name="source"><File path="bootloader\source\sdmmc.h"></File><File path="bootloader\source\arm7clear.s"></File><File path="bootloader\source\arm9clear.arm.c"></File><File path="bootloader\source\bios.s"></File><File path="bootloader\source\boot.c"></File><File path="bootloader\source\boot.h"></File><File path="bootloader\source\card.h"></File><File path="bootloader\source\cheat_engine.s"></File><File path="bootloader\source\common.h"></File><File path="bootloader\source\disc_io.h"></File><File path="bootloader\source\dldi_patcher.c"></File><File path="bootloader\source\dldi_patcher.h"></File><File path="bootloader\source\encryption.c"></File><File path="bootloader\source\encryption.h"></File><File path="bootloader\source\fat.c"></File><File path="bootloader\source\fat.h"></File><File path="bootloader\source\io_dldi.h"></File><File path="bootloader\source\io_dldi.s"></File><File path="bootloader\source\load_crt0.s"></File><File path="bootloader\source\read_bios.h"></File><File path="bootloader\source\read_bios.s"></File><File path="bootloader\source\sdmmc.c"></File><File path="bootloader\source\hook.c"></File><File path="bootloader\source\hook.h"></File><File path="bootloader\source\mpu_setup.s"></File><File path="bootloader\source\card_patcher.c"></File><File path="bootloader\source\card_patcher.h"></File><File path="bootloader\source\debugToFile.c"></File><File path="bootloader\source\debugToFile.h"></File></Folder><File path="bootloader\Makefile"></File><File path="bootloader\load.ld"></File></Folder><Folder name="arm7"><Folder name="source"><File path="arm7\source\main.c"></File><File path="arm7\source\ntrcheck.c"></File><File path="arm7\source\ntrcheck.h"></File><File path="arm7\source\cheat_engine_arm7.c"></File><File path="arm7\source\cheat_engine_arm7.h"></File><File path="arm7\source\sdmmcEngine.c"></File><File path="arm7\source\sdmmcEngine.h"></File><File path="arm7\source\mpu_setup.s"></File></Folder><File path="arm7\Makefile"></File><File path="arm7\ds_arm7_ram.ld"></File><File path="arm7\ds_arm7_ram.specs"></File></Folder><Folder name="arm9"><Folder name="source"><File path="arm9\source\inifile.cpp"></File><File path="arm9\source\inifile.h"></File><File path="arm9\source\nds_loader_arm9.c"></File><File path="arm9\source\nds_loader_arm9.h"></File><File path="arm9\source\stringtool.cpp"></File><File path="arm9\source\stringtool.h"></File><File path="arm9\source\main.cpp"></File><File path="arm9\source\bootsplash.h"></File><File path="arm9\source\bootsplash.c"></File><File path="arm9\source\bios_decompress_callback.c"></File><File path="arm9\source\bios_decompress_callback.h"></File><File path="arm9\source\cheat.cpp"></File><File path="arm9\source\cheat.h"></File><File path="arm9\source\cheat_engine.c"></File><File path="arm9\source\cheat_engine.h"></File><File path="arm9\source\crc.c"></File><File path="arm9\source\crc.h"></File><File path="arm9\source\nds_card.c"></File><File path="arm9\source\nds_card.h"></File></Folder><File path="arm9\Makefile"></File></Folder><Folder name="bootstub"><File path="bootstub\Makefile"></File><File path="bootstub\bootstub.s"></File></Folder><Folder name="conf"><Folder name="no$gba"><File path="conf\no$gba\nds-bootstrap.ini"></File></Folder><File path="conf\bootstrap.argv"></File><File path="conf\nds-bootstrap.ini"></File></Folder><Folder name="dldi"><Folder name="source"><File path="dldi\source\dldi_header.s"></File><File path="dldi\source\iointerface.c"></File><File path="dldi\source\sdmmc.c"></File><File path="dldi\source\sdmmc.h"></File><File path="dldi\source\mpu_setup.s"></File><File path="dldi\source\memcpy.c"></File></Folder><File path="dldi\dldi.ld"></File><File path="dldi\dsisd.ini"></File><File path="dldi\Makefile"></File></Folder><Folder name="sdengine"><Folder name="source"><File path="sdengine\source\bios.s"></File><File path="sdengine\source\debugprint.s"></File><File path="sdengine\source\sdmmc.c"></File><File path="sdengine\source\sdmmc.h"></File><File path="sdengine\source\sdmmcEngine.c"></File><File path="sdengine\source\sdmmcEngine.h"></File><File path="sdengine\source\sdmmc_engine_header.s"></File><File path="sdengine\source\fat.c"></File><File path="sdengine\source\fat.h"></File><File path="sdengine\source\card.h"></File><File path="sdengine\source\debugToFile.c"></File><File path="sdengine\source\debugToFile.h"></File></Folder><File path="sdengine\Makefile"></File><File path="sdengine\sdengine.ld"></File></Folder><Folder name="cardengine"><Folder name="source"><File path="cardengine\source\bios.s"></File><File path="cardengine\source\card.h"></File><File path="cardengine\source\card_engine_header.s"></File><File path="cardengine\source\cardEngine.c"></File><File path="cardengine\source\cardEngine.h"></File><File path="cardengine\source\debugprint.s"></File><File path="cardengine\source\debugToFile.c"></File><File path="cardengine\source\debugToFile.h"></File><File path="cardengine\source\disc_io.h"></File><File path="cardengine\source\fat.c"></File><File path="cardengine\source\fat.h"></File><File path="cardengine\source\sdmmc.c"></File><File path="cardengine\source\sdmmc.h"></File></Folder><File path="cardengine\Makefile"></File><File path="cardengine\cardengine.ld"></File></Folder><File path="Makefile"></File><File path="build_cia.bat"></File><File path="build_cia.sh"></File><File path="icon.bmp"></File><File path="patch_ndsheader_dsiware.py"></File><File path=".travis.yml"></File></Project>
\ No newline at end of file
+<Project name="nds-bootstrap"><Folder name="bootloader"><Folder name="source"><File path="bootloader\source\sdmmc.h"></File><File path="bootloader\source\arm7clear.s"></File><File path="bootloader\source\arm9clear.arm.c"></File><File path="bootloader\source\bios.s"></File><File path="bootloader\source\boot.c"></File><File path="bootloader\source\boot.h"></File><File path="bootloader\source\card.h"></File><File path="bootloader\source\cheat_engine.s"></File><File path="bootloader\source\common.h"></File><File path="bootloader\source\disc_io.h"></File><File path="bootloader\source\dldi_patcher.c"></File><File path="bootloader\source\dldi_patcher.h"></File><File path="bootloader\source\encryption.c"></File><File path="bootloader\source\encryption.h"></File><File path="bootloader\source\fat.c"></File><File path="bootloader\source\fat.h"></File><File path="bootloader\source\io_dldi.h"></File><File path="bootloader\source\io_dldi.s"></File><File path="bootloader\source\load_crt0.s"></File><File path="bootloader\source\read_bios.h"></File><File path="bootloader\source\read_bios.s"></File><File path="bootloader\source\sdmmc.c"></File><File path="bootloader\source\hook.c"></File><File path="bootloader\source\hook.h"></File><File path="bootloader\source\mpu_setup.s"></File><File path="bootloader\source\card_patcher.c"></File><File path="bootloader\source\card_patcher.h"></File><File path="bootloader\source\debugToFile.c"></File><File path="bootloader\source\debugToFile.h"></File></Folder><File path="bootloader\Makefile"></File><File path="bootloader\load.ld"></File></Folder><Folder name="arm7"><Folder name="source"><File path="arm7\source\main.c"></File><File path="arm7\source\ntrcheck.c"></File><File path="arm7\source\ntrcheck.h"></File><File path="arm7\source\cheat_engine_arm7.c"></File><File path="arm7\source\cheat_engine_arm7.h"></File><File path="arm7\source\sdmmcEngine.c"></File><File path="arm7\source\sdmmcEngine.h"></File><File path="arm7\source\mpu_setup.s"></File></Folder><File path="arm7\Makefile"></File><File path="arm7\ds_arm7_ram.ld"></File><File path="arm7\ds_arm7_ram.specs"></File></Folder><Folder name="arm9"><Folder name="source"><File path="arm9\source\inifile.cpp"></File><File path="arm9\source\inifile.h"></File><File path="arm9\source\nds_loader_arm9.c"></File><File path="arm9\source\nds_loader_arm9.h"></File><File path="arm9\source\stringtool.cpp"></File><File path="arm9\source\stringtool.h"></File><File path="arm9\source\main.cpp"></File><File path="arm9\source\bootsplash.h"></File><File path="arm9\source\bootsplash.c"></File><File path="arm9\source\bios_decompress_callback.c"></File><File path="arm9\source\bios_decompress_callback.h"></File><File path="arm9\source\cheat.cpp"></File><File path="arm9\source\cheat.h"></File><File path="arm9\source\cheat_engine.c"></File><File path="arm9\source\cheat_engine.h"></File><File path="arm9\source\crc.c"></File><File path="arm9\source\crc.h"></File><File path="arm9\source\nds_card.c"></File><File path="arm9\source\nds_card.h"></File></Folder><File path="arm9\Makefile"></File></Folder><Folder name="bootstub"><File path="bootstub\Makefile"></File><File path="bootstub\bootstub.s"></File></Folder><Folder name="conf"><Folder name="no$gba"><File path="conf\no$gba\nds-bootstrap.ini"></File></Folder><File path="conf\bootstrap.argv"></File><File path="conf\nds-bootstrap.ini"></File></Folder><Folder name="dldi"><Folder name="source"><File path="dldi\source\dldi_header.s"></File><File path="dldi\source\iointerface.c"></File><File path="dldi\source\sdmmc.c"></File><File path="dldi\source\sdmmc.h"></File><File path="dldi\source\mpu_setup.s"></File><File path="dldi\source\memcpy.c"></File></Folder><File path="dldi\dldi.ld"></File><File path="dldi\dsisd.ini"></File><File path="dldi\Makefile"></File></Folder><Folder name="sdengine"><Folder name="source"><File path="sdengine\source\bios.s"></File><File path="sdengine\source\debugprint.s"></File><File path="sdengine\source\sdmmc.c"></File><File path="sdengine\source\sdmmc.h"></File><File path="sdengine\source\sdmmcEngine.c"></File><File path="sdengine\source\sdmmcEngine.h"></File><File path="sdengine\source\sdmmc_engine_header.s"></File><File path="sdengine\source\fat.c"></File><File path="sdengine\source\fat.h"></File><File path="sdengine\source\card.h"></File><File path="sdengine\source\debugToFile.c"></File><File path="sdengine\source\debugToFile.h"></File></Folder><File path="sdengine\Makefile"></File><File path="sdengine\sdengine.ld"></File></Folder><Folder name="cardengine_arm7"><File path="cardengine_arm7\cardengine.ld"></File><File path="cardengine_arm7\Makefile"></File></Folder><Folder name="cardengine_arm9"><File path="cardengine_arm9\cardengine.ld"></File><File path="cardengine_arm9\Makefile"></File></Folder><File path="Makefile"></File><File path="build_cia.bat"></File><File path="build_cia.sh"></File><File path="icon.bmp"></File><File path="patch_ndsheader_dsiware.py"></File><File path=".travis.yml"></File></Project>
\ No newline at end of file
diff --git a/nds-bootstrap.pnps b/nds-bootstrap.pnps
index 5b1b82cf4..13fdf2a8a 100644
--- a/nds-bootstrap.pnps
+++ b/nds-bootstrap.pnps
@@ -1 +1 @@
-<pd><ViewState><e p="nds-bootstrap\bootloader" x="true"></e><e p="nds-bootstrap" x="true"></e><e p="nds-bootstrap\arm7" x="false"></e><e p="nds-bootstrap\arm9" x="false"></e><e p="nds-bootstrap\bootloader\source" x="true"></e><e p="nds-bootstrap\cardengine" x="true"></e><e p="nds-bootstrap\sdengine" x="false"></e><e p="nds-bootstrap\bootstub" x="false"></e><e p="nds-bootstrap\cardengine\source" x="true"></e><e p="nds-bootstrap\conf" x="false"></e><e p="nds-bootstrap\dldi" x="false"></e></ViewState></pd>
\ No newline at end of file
+<pd><ViewState><e p="nds-bootstrap\bootloader" x="true"></e><e p="nds-bootstrap\cardengine_arm7" x="true"></e><e p="nds-bootstrap" x="true"></e><e p="nds-bootstrap\arm7" x="false"></e><e p="nds-bootstrap\arm9" x="false"></e><e p="nds-bootstrap\bootloader\source" x="false"></e><e p="nds-bootstrap\sdengine" x="false"></e><e p="nds-bootstrap\bootstub" x="false"></e><e p="nds-bootstrap\cardengine_arm9" x="true"></e><e p="nds-bootstrap\conf" x="false"></e><e p="nds-bootstrap\dldi" x="false"></e></ViewState></pd>
\ No newline at end of file

From 0a0b9cdb850e9a7bcaed5d5862b62e8e014e6708 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Tue, 17 Jan 2017 23:50:49 +0100
Subject: [PATCH 12/40] remap dsi wram

---
 arm7/source/main.c               | 22 +++++++++++++++++-----
 arm9/source/main.cpp             | 18 +++++++++++-------
 bootloader/source/boot.c         |  2 +-
 bootloader/source/card_patcher.c |  4 ++--
 bootloader/source/hook.c         | 12 ++++++------
 cardengine_arm7/cardengine.ld    |  2 +-
 cardengine_arm7/source/fat.c     |  4 ++--
 nds-bootstrap.pnproj             |  2 +-
 nds-bootstrap.pnps               |  2 +-
 sdengine/sdengine.ld             |  2 +-
 10 files changed, 43 insertions(+), 27 deletions(-)

diff --git a/arm7/source/main.c b/arm7/source/main.c
index cf522befd..205744997 100644
--- a/arm7/source/main.c
+++ b/arm7/source/main.c
@@ -83,17 +83,29 @@ static u32 quickFind (const unsigned char* data, const unsigned char* search, u3
 static const unsigned char dldiMagicString[] = "\xED\xA5\x8D\xBF Chishm";	// Normal DLDI file
 
 void initMBK() {
-	// default dsiware settings
+	// give all DSI WRAM to arm7 at boot
+	
+	// arm7 is master of WRAM-A/B/C
+	REG_MBK_9=0x30FFFF0F;
+	
+	// WRAM-A fully mapped to arm7
 	REG_MBK_1=0x8185898D;
+	
+	// WRAM-B fully mapped to arm7
 	REG_MBK_2=0x8084888C;
 	REG_MBK_3=0x9094989C;
+	
+	// WRAM-C fully mapped to arm7
 	REG_MBK_4=0x8084888C;
 	REG_MBK_5=0x9094989C;
-	REG_MBK_6=0x07F037C0;
-	//REG_MBK_6=0x080037C0;
-	REG_MBK_7=0x07C03740;
+	
+	// WRAM mapped to the 0x3700000 - 0x37AFFFF area 
+	// WRAM-A mapped to the 0x3780000 - 0x37BFFFF area : 256k
+	REG_MBK_6=0x07C03780;
+	// WRAM-B mapped to the 0x3740000 - 0x377FFFF area : 256k
+	REG_MBK_7=0x07803740;
+	// WRAM-C mapped to the 0x3700000 - 0x373FFFF area : 256k
 	REG_MBK_8=0x07403700;
-	REG_MBK_9=0x3000000F;
 }
 
 //---------------------------------------------------------------------------------
diff --git a/arm9/source/main.cpp b/arm9/source/main.cpp
index 10ba6f0aa..d93fc12d8 100644
--- a/arm9/source/main.cpp
+++ b/arm9/source/main.cpp
@@ -137,14 +137,18 @@ static void myFIFOValue32Handler(u32 value,void* data)
 
 void initMBK() {
 	// default dsiware settings
-	REG_MBK_1=0x8185898D;
-	REG_MBK_2=0x8084888C;
-	REG_MBK_3=0x9094989C;
-	REG_MBK_4=0x8084888C;
-	REG_MBK_5=0x9094989C;
+	//REG_MBK_1=0x8185898D;
+	//REG_MBK_2=0x8084888C;
+	//REG_MBK_3=0x9094989C;
+	//REG_MBK_4=0x8084888C;
+	//REG_MBK_5=0x9094989C;
+		
+	// WRAM-A not mapped (reserved to arm7)
 	REG_MBK_6=0x00000000;
-	REG_MBK_7=0x07C03740;
-	REG_MBK_8=0x07403700; 
+	// WRAM-B mapped to the 0x3740000 - 0x377FFFF area : 256k
+	REG_MBK_7=0x07803740;
+	// WRAM-C mapped to the 0x3700000 - 0x373FFFF area : 256k
+	REG_MBK_8=0x07403700;
 }
 
 int main( int argc, char **argv) {
diff --git a/bootloader/source/boot.c b/bootloader/source/boot.c
index 9621dc72d..4e3f3ce38 100644
--- a/bootloader/source/boot.c
+++ b/bootloader/source/boot.c
@@ -70,7 +70,7 @@ void sdmmc_controller_init();
 
 #define CHEAT_ENGINE_LOCATION	0x027FE000
 #define CHEAT_DATA_LOCATION  	0x06010000
-#define SD_ENGINE_LOCATION  	0x037C0000
+#define SD_ENGINE_LOCATION  	0x03780000
 
 const char* bootName = "BOOT.NDS";
 
diff --git a/bootloader/source/card_patcher.c b/bootloader/source/card_patcher.c
index 6bee4adce..ab86d85ea 100644
--- a/bootloader/source/card_patcher.c
+++ b/bootloader/source/card_patcher.c
@@ -173,7 +173,7 @@ void ensureArm9Decompressed(const tNDSHeader* ndsHeader, module_params_t* module
 
 u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_params_t* moduleParams) {	
 
-	u32* debug = (u32*)0x037C4000;
+	u32* debug = (u32*)0x03784000;
 	debug[4] = ndsHeader->arm9destination;
 	debug[8] = moduleParams->sdk_version;
 	
@@ -888,7 +888,7 @@ u32 savePatchV1 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_pa
 }
 
 u32 patchCardNdsArm7 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_params_t* moduleParams, u32 saveFileCluster ) {
-	u32* debug = (u32*)0x037C4000;
+	u32* debug = (u32*)0x03784000;
 	
 	u32* irqEnableStartSignature = irqEnableStartSignature1;	
 	if(moduleParams->sdk_version > 0x4000000) {
diff --git a/bootloader/source/hook.c b/bootloader/source/hook.c
index 921735907..da47ab1a5 100644
--- a/bootloader/source/hook.c
+++ b/bootloader/source/hook.c
@@ -58,7 +58,7 @@ static const u32 homebrewSigPatched[5] = {
 	0xE5012008, // str    r2, [r1,#-8]     @ irqhandler
 	0xE501F004, // str    r0, [r1,#-4]     @ irqsig 
 	0xEA000000, // b      got_handler
-	0x037C0010  // DCD 	  0x037C0010       
+	0x03780010  // DCD 	  0x03780010       
 };
  
 // accelerator patch for IPC_SYNC v2007
@@ -72,9 +72,9 @@ static const u32 homebrewAccelSig2007[4] = {
 };	
 
 static const u32 homebrewAccelSig2007Patched[4] = {
-	0x47104A00   , // LDR     R2, =0x037C0014
+	0x47104A00   , // LDR     R2, =0x03780020
 	               // BX      R2
-	0x037C0020   , // 
+	0x03780020   , // 
 				   // 
 	0x881A4B10   , // ...
 	0x430A2108   , // ...
@@ -91,9 +91,9 @@ static const u32 homebrewAccelSig2010[4] = {
 };	
 
 static const u32 homebrewAccelSig2010Patched[4] = {
-	0x47104A00   , // LDR     R2, =0x037C0014
+	0x47104A00   , // LDR     R2, =0x03780020
 	               // BX      R2
-	0x037C0020   , // 
+	0x03780020   , // 
 				   // 
 	0x22088819   , // ...
 	0x0412430A   , // ...
@@ -285,7 +285,7 @@ int hookNdsHomebrew (const tNDSHeader* ndsHeader, const u32* cheatData, u32* che
 int hookNdsRetail (const tNDSHeader* ndsHeader, aFile file, const u32* cheatData, u32* cheatEngineLocation, u32* cardEngineLocation) {
 	u32* hookLocation = NULL;
 	u32* hookAccel = NULL;
-	u32* debug = (u32*)0x037C4000;
+	u32* debug = (u32*)0x03784000;
 	
 	nocashMessage("hookNdsRetail");
 
diff --git a/cardengine_arm7/cardengine.ld b/cardengine_arm7/cardengine.ld
index 5b58a57c5..e9e616100 100644
--- a/cardengine_arm7/cardengine.ld
+++ b/cardengine_arm7/cardengine.ld
@@ -4,7 +4,7 @@ ENTRY(_start)
 
 MEMORY {
 
-	vram	: ORIGIN = 0x037C0000, LENGTH = 16K /* WRAM A  */
+	vram	: ORIGIN = 0x03780000, LENGTH = 16K /* WRAM A  */
 }
 
 __vram_start	=	ORIGIN(vram);
diff --git a/cardengine_arm7/source/fat.c b/cardengine_arm7/source/fat.c
index b629033f5..a9d5db0c7 100644
--- a/cardengine_arm7/source/fat.c
+++ b/cardengine_arm7/source/fat.c
@@ -195,10 +195,10 @@ enum {FS_UNKNOWN, FS_FAT12, FS_FAT16, FS_FAT32} discFileSystem;
 // Global sector buffer to save on stack space
 unsigned char globalBuffer[BYTES_PER_SECTOR];
 
-#define CLUSTER_CACHE      0x37D5000 // WRAM C
+#define CLUSTER_CACHE      0x3795000 // WRAM C
 #define CLUSTER_CACHE_SIZE 0x20000 // 128K
 
-#define ONE_CACHE  0x37C5000 // WRAM A
+#define ONE_CACHE  0x3785000 // WRAM A
 #define ONE_CACHE_SIZE 0x10000 // 64K
 
 static u32* lastClusterCacheUsed = (u32*) CLUSTER_CACHE;
diff --git a/nds-bootstrap.pnproj b/nds-bootstrap.pnproj
index a0e88ad70..32fb62a4e 100644
--- a/nds-bootstrap.pnproj
+++ b/nds-bootstrap.pnproj
@@ -1 +1 @@
-<Project name="nds-bootstrap"><Folder name="bootloader"><Folder name="source"><File path="bootloader\source\sdmmc.h"></File><File path="bootloader\source\arm7clear.s"></File><File path="bootloader\source\arm9clear.arm.c"></File><File path="bootloader\source\bios.s"></File><File path="bootloader\source\boot.c"></File><File path="bootloader\source\boot.h"></File><File path="bootloader\source\card.h"></File><File path="bootloader\source\cheat_engine.s"></File><File path="bootloader\source\common.h"></File><File path="bootloader\source\disc_io.h"></File><File path="bootloader\source\dldi_patcher.c"></File><File path="bootloader\source\dldi_patcher.h"></File><File path="bootloader\source\encryption.c"></File><File path="bootloader\source\encryption.h"></File><File path="bootloader\source\fat.c"></File><File path="bootloader\source\fat.h"></File><File path="bootloader\source\io_dldi.h"></File><File path="bootloader\source\io_dldi.s"></File><File path="bootloader\source\load_crt0.s"></File><File path="bootloader\source\read_bios.h"></File><File path="bootloader\source\read_bios.s"></File><File path="bootloader\source\sdmmc.c"></File><File path="bootloader\source\hook.c"></File><File path="bootloader\source\hook.h"></File><File path="bootloader\source\mpu_setup.s"></File><File path="bootloader\source\card_patcher.c"></File><File path="bootloader\source\card_patcher.h"></File><File path="bootloader\source\debugToFile.c"></File><File path="bootloader\source\debugToFile.h"></File></Folder><File path="bootloader\Makefile"></File><File path="bootloader\load.ld"></File></Folder><Folder name="arm7"><Folder name="source"><File path="arm7\source\main.c"></File><File path="arm7\source\ntrcheck.c"></File><File path="arm7\source\ntrcheck.h"></File><File path="arm7\source\cheat_engine_arm7.c"></File><File path="arm7\source\cheat_engine_arm7.h"></File><File path="arm7\source\sdmmcEngine.c"></File><File path="arm7\source\sdmmcEngine.h"></File><File path="arm7\source\mpu_setup.s"></File></Folder><File path="arm7\Makefile"></File><File path="arm7\ds_arm7_ram.ld"></File><File path="arm7\ds_arm7_ram.specs"></File></Folder><Folder name="arm9"><Folder name="source"><File path="arm9\source\inifile.cpp"></File><File path="arm9\source\inifile.h"></File><File path="arm9\source\nds_loader_arm9.c"></File><File path="arm9\source\nds_loader_arm9.h"></File><File path="arm9\source\stringtool.cpp"></File><File path="arm9\source\stringtool.h"></File><File path="arm9\source\main.cpp"></File><File path="arm9\source\bootsplash.h"></File><File path="arm9\source\bootsplash.c"></File><File path="arm9\source\bios_decompress_callback.c"></File><File path="arm9\source\bios_decompress_callback.h"></File><File path="arm9\source\cheat.cpp"></File><File path="arm9\source\cheat.h"></File><File path="arm9\source\cheat_engine.c"></File><File path="arm9\source\cheat_engine.h"></File><File path="arm9\source\crc.c"></File><File path="arm9\source\crc.h"></File><File path="arm9\source\nds_card.c"></File><File path="arm9\source\nds_card.h"></File></Folder><File path="arm9\Makefile"></File></Folder><Folder name="bootstub"><File path="bootstub\Makefile"></File><File path="bootstub\bootstub.s"></File></Folder><Folder name="conf"><Folder name="no$gba"><File path="conf\no$gba\nds-bootstrap.ini"></File></Folder><File path="conf\bootstrap.argv"></File><File path="conf\nds-bootstrap.ini"></File></Folder><Folder name="dldi"><Folder name="source"><File path="dldi\source\dldi_header.s"></File><File path="dldi\source\iointerface.c"></File><File path="dldi\source\sdmmc.c"></File><File path="dldi\source\sdmmc.h"></File><File path="dldi\source\mpu_setup.s"></File><File path="dldi\source\memcpy.c"></File></Folder><File path="dldi\dldi.ld"></File><File path="dldi\dsisd.ini"></File><File path="dldi\Makefile"></File></Folder><Folder name="sdengine"><Folder name="source"><File path="sdengine\source\bios.s"></File><File path="sdengine\source\debugprint.s"></File><File path="sdengine\source\sdmmc.c"></File><File path="sdengine\source\sdmmc.h"></File><File path="sdengine\source\sdmmcEngine.c"></File><File path="sdengine\source\sdmmcEngine.h"></File><File path="sdengine\source\sdmmc_engine_header.s"></File><File path="sdengine\source\fat.c"></File><File path="sdengine\source\fat.h"></File><File path="sdengine\source\card.h"></File><File path="sdengine\source\debugToFile.c"></File><File path="sdengine\source\debugToFile.h"></File></Folder><File path="sdengine\Makefile"></File><File path="sdengine\sdengine.ld"></File></Folder><Folder name="cardengine_arm7"><File path="cardengine_arm7\cardengine.ld"></File><File path="cardengine_arm7\Makefile"></File></Folder><Folder name="cardengine_arm9"><File path="cardengine_arm9\cardengine.ld"></File><File path="cardengine_arm9\Makefile"></File></Folder><File path="Makefile"></File><File path="build_cia.bat"></File><File path="build_cia.sh"></File><File path="icon.bmp"></File><File path="patch_ndsheader_dsiware.py"></File><File path=".travis.yml"></File></Project>
\ No newline at end of file
+<Project name="nds-bootstrap"><Folder name="bootloader"><Folder name="source"><File path="bootloader\source\sdmmc.h"></File><File path="bootloader\source\arm7clear.s"></File><File path="bootloader\source\arm9clear.arm.c"></File><File path="bootloader\source\bios.s"></File><File path="bootloader\source\boot.c"></File><File path="bootloader\source\boot.h"></File><File path="bootloader\source\card.h"></File><File path="bootloader\source\cheat_engine.s"></File><File path="bootloader\source\common.h"></File><File path="bootloader\source\disc_io.h"></File><File path="bootloader\source\dldi_patcher.c"></File><File path="bootloader\source\dldi_patcher.h"></File><File path="bootloader\source\encryption.c"></File><File path="bootloader\source\encryption.h"></File><File path="bootloader\source\fat.c"></File><File path="bootloader\source\fat.h"></File><File path="bootloader\source\io_dldi.h"></File><File path="bootloader\source\io_dldi.s"></File><File path="bootloader\source\load_crt0.s"></File><File path="bootloader\source\read_bios.h"></File><File path="bootloader\source\read_bios.s"></File><File path="bootloader\source\sdmmc.c"></File><File path="bootloader\source\hook.c"></File><File path="bootloader\source\hook.h"></File><File path="bootloader\source\mpu_setup.s"></File><File path="bootloader\source\card_patcher.c"></File><File path="bootloader\source\card_patcher.h"></File><File path="bootloader\source\debugToFile.c"></File><File path="bootloader\source\debugToFile.h"></File></Folder><File path="bootloader\Makefile"></File><File path="bootloader\load.ld"></File></Folder><Folder name="arm7"><Folder name="source"><File path="arm7\source\main.c"></File><File path="arm7\source\ntrcheck.c"></File><File path="arm7\source\ntrcheck.h"></File><File path="arm7\source\cheat_engine_arm7.c"></File><File path="arm7\source\cheat_engine_arm7.h"></File><File path="arm7\source\sdmmcEngine.c"></File><File path="arm7\source\sdmmcEngine.h"></File><File path="arm7\source\mpu_setup.s"></File></Folder><File path="arm7\Makefile"></File><File path="arm7\ds_arm7_ram.ld"></File><File path="arm7\ds_arm7_ram.specs"></File></Folder><Folder name="arm9"><Folder name="source"><File path="arm9\source\inifile.cpp"></File><File path="arm9\source\inifile.h"></File><File path="arm9\source\nds_loader_arm9.c"></File><File path="arm9\source\nds_loader_arm9.h"></File><File path="arm9\source\stringtool.cpp"></File><File path="arm9\source\stringtool.h"></File><File path="arm9\source\main.cpp"></File><File path="arm9\source\bootsplash.h"></File><File path="arm9\source\bootsplash.c"></File><File path="arm9\source\bios_decompress_callback.c"></File><File path="arm9\source\bios_decompress_callback.h"></File><File path="arm9\source\cheat.cpp"></File><File path="arm9\source\cheat.h"></File><File path="arm9\source\cheat_engine.c"></File><File path="arm9\source\cheat_engine.h"></File><File path="arm9\source\crc.c"></File><File path="arm9\source\crc.h"></File><File path="arm9\source\nds_card.c"></File><File path="arm9\source\nds_card.h"></File></Folder><File path="arm9\Makefile"></File></Folder><Folder name="bootstub"><File path="bootstub\Makefile"></File><File path="bootstub\bootstub.s"></File></Folder><Folder name="conf"><Folder name="no$gba"><File path="conf\no$gba\nds-bootstrap.ini"></File></Folder><File path="conf\bootstrap.argv"></File><File path="conf\nds-bootstrap.ini"></File></Folder><Folder name="dldi"><Folder name="source"><File path="dldi\source\dldi_header.s"></File><File path="dldi\source\iointerface.c"></File><File path="dldi\source\sdmmc.c"></File><File path="dldi\source\sdmmc.h"></File><File path="dldi\source\mpu_setup.s"></File><File path="dldi\source\memcpy.c"></File></Folder><File path="dldi\dldi.ld"></File><File path="dldi\dsisd.ini"></File><File path="dldi\Makefile"></File></Folder><Folder name="sdengine"><Folder name="source"><File path="sdengine\source\bios.s"></File><File path="sdengine\source\debugprint.s"></File><File path="sdengine\source\sdmmc.c"></File><File path="sdengine\source\sdmmc.h"></File><File path="sdengine\source\sdmmcEngine.c"></File><File path="sdengine\source\sdmmcEngine.h"></File><File path="sdengine\source\sdmmc_engine_header.s"></File><File path="sdengine\source\fat.c"></File><File path="sdengine\source\fat.h"></File><File path="sdengine\source\card.h"></File><File path="sdengine\source\debugToFile.c"></File><File path="sdengine\source\debugToFile.h"></File></Folder><File path="sdengine\Makefile"></File><File path="sdengine\sdengine.ld"></File></Folder><Folder name="cardengine_arm7"><Folder name="source"><File path="cardengine_arm7\source\bios.s"></File><File path="cardengine_arm7\source\card.h"></File><File path="cardengine_arm7\source\card_engine_header.s"></File><File path="cardengine_arm7\source\cardEngine.c"></File><File path="cardengine_arm7\source\cardEngine.h"></File><File path="cardengine_arm7\source\debugprint.s"></File><File path="cardengine_arm7\source\debugToFile.c"></File><File path="cardengine_arm7\source\debugToFile.h"></File><File path="cardengine_arm7\source\disc_io.h"></File><File path="cardengine_arm7\source\fat.c"></File><File path="cardengine_arm7\source\fat.h"></File><File path="cardengine_arm7\source\sdmmc.c"></File><File path="cardengine_arm7\source\sdmmc.h"></File></Folder><File path="cardengine_arm7\cardengine.ld"></File><File path="cardengine_arm7\Makefile"></File></Folder><Folder name="cardengine_arm9"><Folder name="source"><File path="cardengine_arm9\source\card_engine_header.s"></File><File path="cardengine_arm9\source\cardEngine.c"></File><File path="cardengine_arm9\source\cardEngine.h"></File><File path="cardengine_arm9\source\debugprint.s"></File></Folder><File path="cardengine_arm9\cardengine.ld"></File><File path="cardengine_arm9\Makefile"></File></Folder><File path="Makefile"></File><File path="build_cia.bat"></File><File path="build_cia.sh"></File><File path="icon.bmp"></File><File path="patch_ndsheader_dsiware.py"></File><File path=".travis.yml"></File></Project>
\ No newline at end of file
diff --git a/nds-bootstrap.pnps b/nds-bootstrap.pnps
index 13fdf2a8a..c80a3dfcd 100644
--- a/nds-bootstrap.pnps
+++ b/nds-bootstrap.pnps
@@ -1 +1 @@
-<pd><ViewState><e p="nds-bootstrap\bootloader" x="true"></e><e p="nds-bootstrap\cardengine_arm7" x="true"></e><e p="nds-bootstrap" x="true"></e><e p="nds-bootstrap\arm7" x="false"></e><e p="nds-bootstrap\arm9" x="false"></e><e p="nds-bootstrap\bootloader\source" x="false"></e><e p="nds-bootstrap\sdengine" x="false"></e><e p="nds-bootstrap\bootstub" x="false"></e><e p="nds-bootstrap\cardengine_arm9" x="true"></e><e p="nds-bootstrap\conf" x="false"></e><e p="nds-bootstrap\dldi" x="false"></e></ViewState></pd>
\ No newline at end of file
+<pd><ViewState><e p="nds-bootstrap\bootloader" x="true"></e><e p="nds-bootstrap\cardengine_arm7" x="true"></e><e p="nds-bootstrap\cardengine_arm7\source" x="true"></e><e p="nds-bootstrap\arm9" x="false"></e><e p="nds-bootstrap\bootloader\source" x="false"></e><e p="nds-bootstrap\cardengine_arm9\source" x="true"></e><e p="nds-bootstrap\sdengine" x="false"></e><e p="nds-bootstrap\bootstub" x="false"></e><e p="nds-bootstrap\cardengine_arm9" x="true"></e><e p="nds-bootstrap\conf" x="false"></e><e p="nds-bootstrap\dldi" x="false"></e><e p="nds-bootstrap" x="true"></e><e p="nds-bootstrap\arm7" x="false"></e></ViewState></pd>
\ No newline at end of file
diff --git a/sdengine/sdengine.ld b/sdengine/sdengine.ld
index 46a632b70..5334379ac 100644
--- a/sdengine/sdengine.ld
+++ b/sdengine/sdengine.ld
@@ -4,7 +4,7 @@ ENTRY(_start)
 
 MEMORY {
 
-	vram	: ORIGIN = 0x037C0000, LENGTH = 10K
+	vram	: ORIGIN = 0x03780000, LENGTH = 16K
 }
 
 __vram_start	=	ORIGIN(vram);

From f3e3d6ac0f7d0dfad09649dfb2ca5319c0494a58 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Wed, 18 Jan 2017 00:54:17 +0100
Subject: [PATCH 13/40] WRAM-B & C mapped to the arm7 at boot

---
 arm7/source/main.c                  | 10 +++++-----
 arm9/source/main.cpp                | 12 ++++++++++--
 bootloader/source/boot.c            | 12 +++++++-----
 cardengine_arm7/source/cardEngine.c | 10 +++++-----
 4 files changed, 27 insertions(+), 17 deletions(-)

diff --git a/arm7/source/main.c b/arm7/source/main.c
index 205744997..1db3abb52 100644
--- a/arm7/source/main.c
+++ b/arm7/source/main.c
@@ -86,18 +86,18 @@ void initMBK() {
 	// give all DSI WRAM to arm7 at boot
 	
 	// arm7 is master of WRAM-A/B/C
-	REG_MBK_9=0x30FFFF0F;
+	REG_MBK_9=0x70FFFF0F;
 	
 	// WRAM-A fully mapped to arm7
 	REG_MBK_1=0x8185898D;
 	
 	// WRAM-B fully mapped to arm7
-	REG_MBK_2=0x8084888C;
-	REG_MBK_3=0x9094989C;
+	REG_MBK_2=0x8185898D;
+	REG_MBK_3=0x9195999D;
 	
 	// WRAM-C fully mapped to arm7
-	REG_MBK_4=0x8084888C;
-	REG_MBK_5=0x9094989C;
+	REG_MBK_4=0x8185898D;
+	REG_MBK_5=0x9195999D;
 	
 	// WRAM mapped to the 0x3700000 - 0x37AFFFF area 
 	// WRAM-A mapped to the 0x3780000 - 0x37BFFFF area : 256k
diff --git a/arm9/source/main.cpp b/arm9/source/main.cpp
index d93fc12d8..8d6b7e652 100644
--- a/arm9/source/main.cpp
+++ b/arm9/source/main.cpp
@@ -142,13 +142,21 @@ void initMBK() {
 	//REG_MBK_3=0x9094989C;
 	//REG_MBK_4=0x8084888C;
 	//REG_MBK_5=0x9094989C;
+	
+	// WRAM-B fully mapped to arm7
+	REG_MBK_2=0x8185898D;
+	REG_MBK_3=0x9195999D;
+	
+	// WRAM-C fully mapped to arm7
+	REG_MBK_4=0x8185898D;
+	REG_MBK_5=0x9195999D;
 		
 	// WRAM-A not mapped (reserved to arm7)
 	REG_MBK_6=0x00000000;
 	// WRAM-B mapped to the 0x3740000 - 0x377FFFF area : 256k
-	REG_MBK_7=0x07803740;
+	REG_MBK_7=0x00000000;
 	// WRAM-C mapped to the 0x3700000 - 0x373FFFF area : 256k
-	REG_MBK_8=0x07403700;
+	REG_MBK_8=0x00000000;
 }
 
 int main( int argc, char **argv) {
diff --git a/bootloader/source/boot.c b/bootloader/source/boot.c
index 4e3f3ce38..fdfea8baf 100644
--- a/bootloader/source/boot.c
+++ b/bootloader/source/boot.c
@@ -70,7 +70,8 @@ void sdmmc_controller_init();
 
 #define CHEAT_ENGINE_LOCATION	0x027FE000
 #define CHEAT_DATA_LOCATION  	0x06010000
-#define SD_ENGINE_LOCATION  	0x03780000
+#define ENGINE_LOCATION_ARM7  	0x03780000
+#define ENGINE_LOCATION_ARM9  	0x03700000
 
 const char* bootName = "BOOT.NDS";
 
@@ -342,7 +343,7 @@ int main (void) {
 			u32 patchOffset = quickFind ((u8*)((u32*)NDS_HEAD)[0x0A], dldiMagicString, ((u32*)NDS_HEAD)[0x0B], sizeof(dldiMagicString));
 			u32* wordCommandAddr = (u32 *) (((u32)((u32*)NDS_HEAD)[0x0A])+patchOffset+0x80);
 			
-			int error = hookNdsHomebrew(NDS_HEAD, (const u32*)CHEAT_DATA_LOCATION, (u32*)CHEAT_ENGINE_LOCATION, (u32*)SD_ENGINE_LOCATION, wordCommandAddr);
+			int error = hookNdsHomebrew(NDS_HEAD, (const u32*)CHEAT_DATA_LOCATION, (u32*)CHEAT_ENGINE_LOCATION, (u32*)ENGINE_LOCATION_ARM7, wordCommandAddr);
 			if(error == ERR_NONE) {
 				nocashMessage("dldi hook Sucessfull");
 			} else {
@@ -350,7 +351,8 @@ int main (void) {
 			}
 		} else {	
 			nocashMessage("dldi Patch Unsuccessful try to patch card");
-			copyLoop (SD_ENGINE_LOCATION, (u32*)cardengine_arm7_bin, cardengine_arm7_bin_size);	
+			copyLoop (ENGINE_LOCATION_ARM7, (u32*)cardengine_arm7_bin, cardengine_arm7_bin_size);	
+			copyLoop (ENGINE_LOCATION_ARM9, (u32*)cardengine_arm9_bin, cardengine_arm9_bin_size);	
 
 			module_params_t* params = findModuleParams(NDS_HEAD);
 			if(params)
@@ -358,9 +360,9 @@ int main (void) {
 				ensureArm9Decompressed(NDS_HEAD, params);
 			}
 			
-			patchCardNds(NDS_HEAD,SD_ENGINE_LOCATION,params,saveFileCluster);
+			patchCardNds(NDS_HEAD,ENGINE_LOCATION_ARM7,params,saveFileCluster);
 			
-			int error = hookNdsRetail(NDS_HEAD, file, (const u32*)CHEAT_DATA_LOCATION, (u32*)CHEAT_ENGINE_LOCATION, (u32*)SD_ENGINE_LOCATION);
+			int error = hookNdsRetail(NDS_HEAD, file, (const u32*)CHEAT_DATA_LOCATION, (u32*)CHEAT_ENGINE_LOCATION, (u32*)ENGINE_LOCATION_ARM7);
 				if(error == ERR_NONE) {
 				nocashMessage("card hook Sucessfull");
 			} else {
diff --git a/cardengine_arm7/source/cardEngine.c b/cardengine_arm7/source/cardEngine.c
index 59ff4111f..ed39bfb6f 100644
--- a/cardengine_arm7/source/cardEngine.c
+++ b/cardengine_arm7/source/cardEngine.c
@@ -212,7 +212,7 @@ bool eepromRead (u32 src, void *dst, u32 len) {
 	dbg_printf("\nsrc : \n");
 	dbg_hexa(src);		
 	dbg_printf("\ndst : \n");
-	dbg_hexa(dst);
+	dbg_hexa((u32)dst);
 	dbg_printf("\nlen : \n");
 	dbg_hexa(len);
 	
@@ -223,7 +223,7 @@ bool eepromPageWrite (u32 dst, const void *src, u32 len) {
 	dbg_printf("\narm7 eepromPageWrite\n");	
 	
 	dbg_printf("\nsrc : \n");
-	dbg_hexa(src);		
+	dbg_hexa((u32)src);		
 	dbg_printf("\ndst : \n");
 	dbg_hexa(dst);
 	dbg_printf("\nlen : \n");
@@ -238,7 +238,7 @@ bool eepromPageProg (u32 dst, const void *src, u32 len) {
 	dbg_printf("\narm7 eepromPageProg\n");	
 	
 	dbg_printf("\nsrc : \n");
-	dbg_hexa(src);		
+	dbg_hexa((u32)src);		
 	dbg_printf("\ndst : \n");
 	dbg_hexa(dst);
 	dbg_printf("\nlen : \n");
@@ -253,7 +253,7 @@ bool eepromPageVerify (u32 dst, const void *src, u32 len) {
 	dbg_printf("\narm7 eepromPageVerify\n");	
 	
 	dbg_printf("\nsrc : \n");
-	dbg_hexa(src);		
+	dbg_hexa((u32)src);		
 	dbg_printf("\ndst : \n");
 	dbg_hexa(dst);
 	dbg_printf("\nlen : \n");
@@ -283,7 +283,7 @@ bool cardRead (u32 dma,  u32 src, void *dst, u32 len) {
 	dbg_printf("\nsrc : \n");
 	dbg_hexa(src);		
 	dbg_printf("\ndst : \n");
-	dbg_hexa(dst);
+	dbg_hexa((u32)dst);
 	dbg_printf("\nlen : \n");
 	dbg_hexa(len);
 	

From 8b33e03116829ff76332c2109e344e5c406788d8 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Wed, 18 Jan 2017 01:58:19 +0100
Subject: [PATCH 14/40] Transfer data via DSI WRAM

---
 arm7/source/main.c                          |   2 +-
 arm9/source/main.cpp                        |   4 +-
 bootloader/source/boot.c                    |   2 +-
 bootloader/source/card_patcher.c            |   8 +-
 bootloader/source/card_patcher.h            |   2 +-
 cardengine_arm9/source/card_engine_header.s | 153 ++++++++++----------
 6 files changed, 83 insertions(+), 88 deletions(-)

diff --git a/arm7/source/main.c b/arm7/source/main.c
index 1db3abb52..4c6c7ce03 100644
--- a/arm7/source/main.c
+++ b/arm7/source/main.c
@@ -86,7 +86,7 @@ void initMBK() {
 	// give all DSI WRAM to arm7 at boot
 	
 	// arm7 is master of WRAM-A/B/C
-	REG_MBK_9=0x70FFFF0F;
+	REG_MBK_9=0x3000000F;
 	
 	// WRAM-A fully mapped to arm7
 	REG_MBK_1=0x8185898D;
diff --git a/arm9/source/main.cpp b/arm9/source/main.cpp
index 8d6b7e652..07946c930 100644
--- a/arm9/source/main.cpp
+++ b/arm9/source/main.cpp
@@ -154,9 +154,9 @@ void initMBK() {
 	// WRAM-A not mapped (reserved to arm7)
 	REG_MBK_6=0x00000000;
 	// WRAM-B mapped to the 0x3740000 - 0x377FFFF area : 256k
-	REG_MBK_7=0x00000000;
+	REG_MBK_7=0x07803740;
 	// WRAM-C mapped to the 0x3700000 - 0x373FFFF area : 256k
-	REG_MBK_8=0x00000000;
+	REG_MBK_8=0x07403700;
 }
 
 int main( int argc, char **argv) {
diff --git a/bootloader/source/boot.c b/bootloader/source/boot.c
index fdfea8baf..1846320ad 100644
--- a/bootloader/source/boot.c
+++ b/bootloader/source/boot.c
@@ -360,7 +360,7 @@ int main (void) {
 				ensureArm9Decompressed(NDS_HEAD, params);
 			}
 			
-			patchCardNds(NDS_HEAD,ENGINE_LOCATION_ARM7,params,saveFileCluster);
+			patchCardNds(NDS_HEAD,ENGINE_LOCATION_ARM7,ENGINE_LOCATION_ARM9,params,saveFileCluster);
 			
 			int error = hookNdsRetail(NDS_HEAD, file, (const u32*)CHEAT_DATA_LOCATION, (u32*)CHEAT_ENGINE_LOCATION, (u32*)ENGINE_LOCATION_ARM7);
 				if(error == ERR_NONE) {
diff --git a/bootloader/source/card_patcher.c b/bootloader/source/card_patcher.c
index ab86d85ea..311e7a40e 100644
--- a/bootloader/source/card_patcher.c
+++ b/bootloader/source/card_patcher.c
@@ -376,7 +376,7 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 	
 	copyLoop ((u32*)cardReadStartOffset, cardReadPatch, 0xF0);		
 
-	copyLoop ((u32*)cardPullOutOffset, cardPullOutPatch, 0x5C);	
+	copyLoop ((u32*)(cardPullOutOffset-12), cardPullOutPatch, 0x5C);	
 	
 	if (cardIdStartOffset) {
 		copyLoop ((u32*)cardIdStartOffset, cardPullOutPatch, 0x4);	
@@ -932,11 +932,11 @@ u32 patchCardNdsArm7 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 	return 0;
 }
 
-u32 patchCardNds (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_params_t* moduleParams, u32 saveFileCluster ) {
+u32 patchCardNds (const tNDSHeader* ndsHeader, u32* cardEngineLocationArm7, u32* cardEngineLocationArm9, module_params_t* moduleParams, u32 saveFileCluster ) {
 	dbg_printf("patchCardNds");
 
-	patchCardNdsArm9(ndsHeader, cardEngineLocation, moduleParams);
-	patchCardNdsArm7(ndsHeader, cardEngineLocation, moduleParams, saveFileCluster);
+	patchCardNdsArm9(ndsHeader, cardEngineLocationArm9, moduleParams);
+	patchCardNdsArm7(ndsHeader, cardEngineLocationArm7, moduleParams, saveFileCluster);
 
 	dbg_printf("ERR_NONE");
 	return 0;
diff --git a/bootloader/source/card_patcher.h b/bootloader/source/card_patcher.h
index bbb0f78c5..e7106ca41 100644
--- a/bootloader/source/card_patcher.h
+++ b/bootloader/source/card_patcher.h
@@ -64,6 +64,6 @@ void ensureArm9Decompressed(const tNDSHeader* ndsHeader, module_params_t* module
 arm7_hookGame
 Adds a hook in the game's ARM7 binary to our own code
 -------------------------------------------------------------------------*/
-u32 patchCardNds (const tNDSHeader* ndsHeader, u32* cardEngineLocation, module_params_t* moduleParams, u32 saveFileCluster);
+u32 patchCardNds (const tNDSHeader* ndsHeader, u32* cardEngineLocationArm7, u32* cardEngineLocationArm9, module_params_t* moduleParams, u32 saveFileCluster);
 
 #endif // CARD_PATCHER_H
\ No newline at end of file
diff --git a/cardengine_arm9/source/card_engine_header.s b/cardengine_arm9/source/card_engine_header.s
index 61d49111d..7f31bf045 100644
--- a/cardengine_arm9/source/card_engine_header.s
+++ b/cardengine_arm9/source/card_engine_header.s
@@ -106,97 +106,29 @@ card_engine_end:
 patches:
 .word	card_read_arm9
 .word	card_pull_out_arm9
+.word	0x0
 .word	vblankHandler
 .word	fifoHandler
 .word	cardStructArm9
+.word   card_pull
 .word   cacheFlushRef
 .word   readCachedRef
+.word   0x0
 
 @---------------------------------------------------------------------------------
 card_read_arm9:
 @---------------------------------------------------------------------------------
     stmfd   sp!, {r0-r11,lr}
-	str 	r0, cacheRef
-	
-begin:	
+		
 	@ registers used r0,r1,r2,r3,r5,r8,r11
-    ldr     r3,=0x4000100     @IPC_SYNC & command value
-    ldr     r8,=0x027FFB08    @shared area command			
-    ldr     r4, cardStructArm9	
-    ldr     r5, [R4]      @SRC
-	ldr     r1, [R4,#0x8] @LEN
-	ldr     r0, [R4,#0x4] @DST
-	mov     r2, #0x2400	
-	
-	@page computation
-	mov     r9, #0x200
-	rsb     r10, r9, #0
-	and     r11, r5, r10
+    ldr     r0,=0x4004044     
+    ldr     r1,=0x8084888C    	
+	ldr     r2,=0x4004048    
+	ldr     r3,=0x9094989C
+	str     r1,[r0]
+	str     r3,[r2]
 	
-	@ check for cmd2
-	cmp     r11, r5
-	bne     cmd1	
-	cmp     r1, #1024
-	blt     cmd1	
-	sub     r7, r8, #(0x027FFB08 - 0x026FFB08) @below dtcm
-	cmp     r0, r7
-	bgt     cmd1
-	sub     r7, r8, #(0x027FFB08 - 0x019FFB08) @above itcm
-	cmp     r0, r7
-	blt     cmd1
-	ands    r10, r0, #3
-	bne     cmd1
-	
-cmd2:
-	sub r7, r8, #(0x027FFB08 - 0x025FFB08) @cmd2 marker
-	@r0 dst, r1 len
-	ldr r9, cacheFlushRef
-	blx r9  			@ cache flush code
-	b 	send_cmd
-
-cmd1:	
-	mov     R1, #0x200
-	mov     r5, r11       @ current page	
-    sub     r7, r8, #(0x027FFB08 - 0x027ff800) @cmd1 marker
-
-send_cmd:
-	@dst, len, src, marker
-    stmia r8, {r0,r1,r5,r7}
     
-    @sendIPCSync
-    strh    r2, [r3,#0x80]
-
-loop_wait:
-    ldr r9, [r8,#12]
-    cmp r9,#0
-    bne loop_wait	
-
-	@ check for cmd2
-	cmp     r1, #0x200
-	bne     exitfunc
-	
-	ldr 	r9, cacheRef
-	add     r9,r9,#0x20	@ cache buffer
-	mov     r10,r7	
-
-	@ copy 512 bytes
-	mov     r8, #512	
-loop_copy:
-	ldmia   r10!, {r0-r7}
-	stmia   r9!,  {r0-r7}
-	subs    r8, r8, #32  @ 4*8 bytes
-	bgt     loop_copy
-
-	ldr 	r0, cacheRef	
-	str     r11, [r0, #8]	@ cache page
-	
-	ldr r9, readCachedRef
-	blx r9  		
-	
-	cmp r0,#0	
-	bne begin
-
-exitfunc:	
     ldmfd   sp!, {r0-r11,lr}
     bx      lr
 
@@ -215,4 +147,67 @@ cacheRef:
 card_pull_out_arm9:
 @---------------------------------------------------------------------------------
 	bx      lr
-@---------------------------------------------------------------------------------
\ No newline at end of file
+@---------------------------------------------------------------------------------
+
+@---------------------------------------------------------------------------------
+card_pull:
+@---------------------------------------------------------------------------------
+	ldr     r0,=0x4004044     
+    ldr     r1,=0x8084888C	
+	ldr     r2,=0x4004048    
+	ldr     r3,=0x9094989C
+	str     r1,[r0]
+	str     r3,[r2]
+	ldr     r0,=0x400404C    	
+	ldr     r2,=0x4004050   
+	str     r1,[r0]
+	str     r3,[r2]
+	bx lr
+	.pool
+cacheFlush:
+    stmfd   sp!, {r0-r11,lr}
+	
+	@disable interrupt	
+	ldr r8,= 0x4000208
+	ldr r11,[r8]
+	mov r7, #0
+	str r7, [r8]		
+	
+//---------------------------------------------------------------------------------
+IC_InvalidateAll:
+/*---------------------------------------------------------------------------------
+	Clean and invalidate entire data cache
+---------------------------------------------------------------------------------*/
+	mcr	p15, 0, r7, c7, c5, 0
+		
+//---------------------------------------------------------------------------------
+DC_FlushAll:
+/*---------------------------------------------------------------------------------
+	Clean and invalidate a range
+---------------------------------------------------------------------------------*/
+	mov	r1, #0
+outer_loop:
+	mov	r0, #0
+inner_loop:
+	orr	r2, r1, r0			@ generate segment and line address
+	mcr p15, 0, r7, c7, c10, 4
+	mcr	p15, 0, r2, c7, c14, 2		@ clean and flush the line
+	add	r0, r0, #CACHE_LINE_SIZE
+	cmp	r0, #DCACHE_SIZE/4
+	bne	inner_loop
+	add	r1, r1, #0x40000000
+	cmp	r1, #0
+	bne	outer_loop
+	
+//---------------------------------------------------------------------------------	
+DC_WaitWriteBufferEmpty:
+//---------------------------------------------------------------------------------               
+    MCR     p15, 0, R7,c7,c10, 4
+	
+	@restore interrupt
+	str r11, [r8]
+	
+    ldmfd   sp!, {r0-r11,lr}
+    bx      lr
+	.pool
+	
\ No newline at end of file

From 9323204c7d16b28d4389195b2af45fab713c1e1c Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Sat, 21 Jan 2017 00:18:46 +0100
Subject: [PATCH 15/40] read function rewritten in c

---
 bootloader/source/card_patcher.c            |  2 +-
 cardengine_arm9/source/cardEngine.c         | 93 +++++++++++++++++++--
 cardengine_arm9/source/cardEngine.h         |  2 +-
 cardengine_arm9/source/card_engine_header.s | 43 ++++++++--
 4 files changed, 125 insertions(+), 15 deletions(-)

diff --git a/bootloader/source/card_patcher.c b/bootloader/source/card_patcher.c
index 311e7a40e..06486b27f 100644
--- a/bootloader/source/card_patcher.c
+++ b/bootloader/source/card_patcher.c
@@ -376,7 +376,7 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 	
 	copyLoop ((u32*)cardReadStartOffset, cardReadPatch, 0xF0);		
 
-	copyLoop ((u32*)(cardPullOutOffset-12), cardPullOutPatch, 0x5C);	
+	copyLoop ((u32*)(cardPullOutOffset), cardPullOutPatch, 0x5C);	
 	
 	if (cardIdStartOffset) {
 		copyLoop ((u32*)cardIdStartOffset, cardPullOutPatch, 0x4);	
diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
index 24a1d6b2d..88608c06a 100644
--- a/cardengine_arm9/source/cardEngine.c
+++ b/cardengine_arm9/source/cardEngine.c
@@ -20,15 +20,12 @@
 #include <nds/fifomessages.h>
 #include "cardEngine.h"
 
-static bool initialized = false;
-static bool initializedIRQ = false;
-static bool calledViaIPC = false;
 extern vu32* volatile cardStruct;
-extern vu32* volatile cacheStruct;
-extern u32 fileCluster;
-extern u32 saveCluster;
+//extern vu32* volatile cacheStruct;
 extern u32 sdk_version;
 vu32* volatile sharedAddr = (vu32*)0x027FFB08;
+extern volatile int (*readCachedRef)(u32*); // this pointer is not at the end of the table but at the handler pointer corresponding to the current irq
+u32 currentSector = 0;
 
 
 u32 cardId (void) {
@@ -37,10 +34,90 @@ u32 cardId (void) {
 	return	1;
 }
 
-bool cardRead (u32 dma,  u32 src, void *dst, u32 len) {
+void cardRead (u32* cacheStruct) {
 	nocashMessage("\narm9 cardRead\n");	
 	
-	return true;
+	u32 commandRead;
+	u32 src = cardStruct[0];
+	u32 len = cardStruct[1];
+	u32* dst = (u32*) cardStruct[2];
+	
+	u32 page = (src/512)*512;
+	
+	u32 sector = (src/0x8000)*0x8000;
+
+	
+	if(page = src && len > 0x8000 && dst < 0x02700000 && dst > 0x02000000 && ((u32)dst)%4==0) {
+		// read directly at arm7 level
+		commandRead = 0x025FFB08;
+		
+		cacheFlush();
+		
+		sharedAddr[0] = dst;
+		sharedAddr[1] = len;
+		sharedAddr[2] = src;
+		sharedAddr[3] = commandRead;
+		
+		IPC_SendSync(0xEE24);
+		
+		while(sharedAddr[3] != (vu32)0);
+		
+	} else {
+		// read via the WRAM cache
+		while(len > 0) {
+			// read max 32k via the WRAM cache
+			if(!currentSector || sector != currentSector) {
+				// send a command to the arm7 to fill the WRAM cache
+				commandRead = 0x027ff800;
+				
+				// transfer the WRAM-B cache to the arm7
+				REG_MBK_2=0x8185898D;
+				REG_MBK_3=0x9195999D;
+				
+				// write the command
+				sharedAddr[0] = 0x03740000;
+				sharedAddr[1] = 0x8000;
+				sharedAddr[2] = sector;
+				sharedAddr[3] = commandRead;
+				
+				IPC_SendSync(0xEE24);	
+
+				while(sharedAddr[3] != (vu32)0);	
+				
+				// transfer back the WRAM-B cache to the arm9
+				REG_MBK_2=0x8084888C;
+				REG_MBK_3=0x9094989C;
+				
+				currentSector = sector;
+			}			
+			
+			if(len>512 && len % 32 == 0) {
+				// copy directly
+				fastCopy32(0x03740000-sector+src,dst,len);
+			} else {
+				bool remainToRead = true;
+				u32 src2 = cardStruct[0];
+				while (remainToRead && (src2-sector < 0x8000) ) {
+					u32 src2 = cardStruct[0];
+					u32 len2 = cardStruct[1];
+					// read via the 512b ram cache
+					u32* cacheBuffer = cacheStruct + 0x20;
+					u32* cachePage = cacheStruct + 8;
+					fastCopy32(0x03740000+src2-sector, cacheBuffer, 512);
+					*cachePage = page;
+					remainToRead = (*readCachedRef)(cacheStruct);
+				}
+			}
+			if(len < 0x8000) len =0;
+			else {
+				// bigger than 32k unaligned command
+				len = len - 0x8000 + (src-sector) ;
+				src = sector + 0x8000;
+				dst = dst + 0x8000 - (src-sector);
+				sector = page = src;
+			}			
+		}
+	}	
 }
 
 
diff --git a/cardengine_arm9/source/cardEngine.h b/cardengine_arm9/source/cardEngine.h
index 0ccf17135..23515bb2d 100644
--- a/cardengine_arm9/source/cardEngine.h
+++ b/cardengine_arm9/source/cardEngine.h
@@ -27,7 +27,7 @@ extern "C" {
     (((uintptr_t)(const void *)(POINTER)) % (BYTE_COUNT) == 0)
 
 u32 cardId (void);
-bool cardRead (u32 dma,  u32 src, void *dst, u32 len);
+void cardRead (u32* cacheStruct);
 
 #ifdef __cplusplus
 }
diff --git a/cardengine_arm9/source/card_engine_header.s b/cardengine_arm9/source/card_engine_header.s
index 7f31bf045..d6bc6308a 100644
--- a/cardengine_arm9/source/card_engine_header.s
+++ b/cardengine_arm9/source/card_engine_header.s
@@ -103,6 +103,7 @@ loop_fastCopy32:
 
 card_engine_end:
 
+.global readCachedRef
 patches:
 .word	card_read_arm9
 .word	card_pull_out_arm9
@@ -118,18 +119,24 @@ patches:
 @---------------------------------------------------------------------------------
 card_read_arm9:
 @---------------------------------------------------------------------------------
-    stmfd   sp!, {r0-r11,lr}
+    stmfd   sp!, {r4-r11,lr}
 		
 	@ registers used r0,r1,r2,r3,r5,r8,r11
-    ldr     r0,=0x4004044     
-    ldr     r1,=0x8084888C    	
+	ldr     r4,=0x4004044     
+    ldr     r1,=0x8084888C	
 	ldr     r2,=0x4004048    
 	ldr     r3,=0x9094989C
-	str     r1,[r0]
+	str     r1,[r4]
 	str     r3,[r2]
+	ldr     r4,=0x400404C    	
+	ldr     r2,=0x4004050   
+	str     r1,[r4]
+	str     r3,[r2]
+	ldr		r3, =cardRead
+	bx		r3 @ jump to myIrqHandler
 	
     
-    ldmfd   sp!, {r0-r11,lr}
+    ldmfd   sp!, {r4-r11,lr}
     bx      lr
 
 cardStructArm9:
@@ -143,6 +150,30 @@ cacheRef:
 .pool
 @---------------------------------------------------------------------------------
 
+@---------------------------------------------------------------------------------
+card_id_arm9:
+@---------------------------------------------------------------------------------
+    stmfd   sp!, {r4-r11,lr}
+		
+	@ registers used r0,r1,r2,r3,r5,r8,r11
+	ldr     r4,=0x4004044     
+    ldr     r1,=0x8084888C	
+	ldr     r2,=0x4004048    
+	ldr     r3,=0x9094989C
+	str     r1,[r4]
+	str     r3,[r2]
+	ldr     r4,=0x400404C    	
+	ldr     r2,=0x4004050   
+	str     r1,[r4]
+	str     r3,[r2]
+	ldr		r3, =cardId
+	bx		r3 @ jump to myIrqHandler
+	
+    
+    ldmfd   sp!, {r4-r11,lr}
+    bx      lr
+@---------------------------------------------------------------------------------
+
 @---------------------------------------------------------------------------------
 card_pull_out_arm9:
 @---------------------------------------------------------------------------------
@@ -164,6 +195,8 @@ card_pull:
 	str     r3,[r2]
 	bx lr
 	.pool
+.global cacheFlush
+.type	cacheFlush STT_FUNC
 cacheFlush:
     stmfd   sp!, {r0-r11,lr}
 	

From 52a9b6540d8a255971e96f483809d8f18693bd6a Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Sat, 21 Jan 2017 01:06:05 +0100
Subject: [PATCH 16/40] restore logging

---
 bootloader/source/card_patcher.c            |  3 ++
 cardengine_arm7/source/cardEngine.c         | 28 +++++++++----------
 cardengine_arm9/source/card_engine_header.s | 31 +++++++++------------
 3 files changed, 30 insertions(+), 32 deletions(-)

diff --git a/bootloader/source/card_patcher.c b/bootloader/source/card_patcher.c
index 06486b27f..4f57e6ecb 100644
--- a/bootloader/source/card_patcher.c
+++ b/bootloader/source/card_patcher.c
@@ -916,6 +916,9 @@ u32 patchCardNdsArm7 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 	debug[0] = cardIrqEnableOffset;
     dbg_printf("irq enable found\n");
 	
+	
+	cardEngineLocation[3] = moduleParams->sdk_version;
+	
 	u32* patches =  (u32*) cardEngineLocation[0];
 	u32* cardIrqEnablePatch = (u32*) patches[2];
 	u32* cardCheckPullOutPatch = (u32*) patches[1];
diff --git a/cardengine_arm7/source/cardEngine.c b/cardengine_arm7/source/cardEngine.c
index ed39bfb6f..3ee9d62df 100644
--- a/cardengine_arm7/source/cardEngine.c
+++ b/cardengine_arm7/source/cardEngine.c
@@ -71,10 +71,10 @@ void runCardEngineCheck (void) {
 
 	if(*(vu32*)(0x027FFB14) == (vu32)0x027ff800)
     {
-        //dbg_printf("\ncard read received\n");			
+        dbg_printf("\ncard read received\n");			
 			
 		if(calledViaIPC) {
-			//dbg_printf("\ntriggered via IPC\n");
+			dbg_printf("\ntriggered via IPC\n");
 		}
 				
 		// old sdk version
@@ -83,7 +83,7 @@ void runCardEngineCheck (void) {
 		u32 len = *(vu32*)(sharedAddr+1);
 		u32 marker = *(vu32*)(sharedAddr+3);
 		
-		/*dbg_printf("\nstr : \n");
+		dbg_printf("\nstr : \n");
 		dbg_hexa(cardStruct);		
 		dbg_printf("\nsrc : \n");
 		dbg_hexa(src);		
@@ -92,18 +92,18 @@ void runCardEngineCheck (void) {
 		dbg_printf("\nlen : \n");
 		dbg_hexa(len);
 		dbg_printf("\nmarker : \n");
-		dbg_hexa(marker);*/
+		dbg_hexa(marker);
 		
 		fileRead(0x027ff800 ,romFile,src,len);
 		
-		//dbg_printf("\nread \n");
+		dbg_printf("\nread \n");
 		
 		
 		if(is_aligned(dst,4) || is_aligned(len,4)) {
-			//dbg_printf("\n aligned read : \n");
+			dbg_printf("\n aligned read : \n");
 			//*(vu32*)(0x027FFB0C) = (vu32)2;
 		} else {
-			//dbg_printf("\n misaligned read : \n");
+			dbg_printf("\n misaligned read : \n");
 			//*(vu32*)(0x027FFB0C) = (vu32)0;
 		}	
 		*(vu32*)(0x027FFB14) = 0;	
@@ -111,10 +111,10 @@ void runCardEngineCheck (void) {
 	
 	if(*(vu32*)(0x027FFB14) == (vu32)0x025FFB08)
     {
-        //dbg_printf("\ncard read received v2\n");
+        dbg_printf("\ncard read received v2\n");
 		
 		if(calledViaIPC) {
-			//dbg_printf("\ntriggered via IPC\n");
+			dbg_printf("\ntriggered via IPC\n");
 		}
 		
 		// old sdk version
@@ -123,7 +123,7 @@ void runCardEngineCheck (void) {
 		u32 len = *(vu32*)(sharedAddr+1);
 		u32 marker = *(vu32*)(sharedAddr+3);
 		
-		/*dbg_printf("\nstr : \n");
+		dbg_printf("\nstr : \n");
 		dbg_hexa(cardStruct);		
 		dbg_printf("\nsrc : \n");
 		dbg_hexa(src);		
@@ -132,17 +132,17 @@ void runCardEngineCheck (void) {
 		dbg_printf("\nlen : \n");
 		dbg_hexa(len);
 		dbg_printf("\nmarker : \n");
-		dbg_hexa(marker);*/
+		dbg_hexa(marker);
 		
 		fileRead(dst,romFile,src,len);
 		
-		//dbg_printf("\nread \n");
+		dbg_printf("\nread \n");
 		
 		if(is_aligned(dst,4) || is_aligned(len,4)) {
-			//dbg_printf("\n aligned read : \n");
+			dbg_printf("\n aligned read : \n");
 			//*(vu32*)(0x027FFB0C) = (vu32)2;
 		} else {
-			//dbg_printf("\n misaligned read : \n");
+			dbg_printf("\n misaligned read : \n");
 			//*(vu32*)(0x027FFB0C) = (vu32)0;
 		}			
 		*(vu32*)(0x027FFB14) = 0;		
diff --git a/cardengine_arm9/source/card_engine_header.s b/cardengine_arm9/source/card_engine_header.s
index d6bc6308a..3f7ff5247 100644
--- a/cardengine_arm9/source/card_engine_header.s
+++ b/cardengine_arm9/source/card_engine_header.s
@@ -133,12 +133,15 @@ card_read_arm9:
 	str     r1,[r4]
 	str     r3,[r2]
 	ldr		r3, =cardRead
-	bx		r3 @ jump to myIrqHandler
 	
-    
+	push    {lr}
+	bl		_blx_r3_stub_card_read	
+    pop  	{lr}
+
     ldmfd   sp!, {r4-r11,lr}
     bx      lr
-
+_blx_r3_stub_card_read:
+	bx	r3		
 cardStructArm9:
 .word    0x00000000     
 cacheFlushRef:
@@ -154,24 +157,16 @@ cacheRef:
 card_id_arm9:
 @---------------------------------------------------------------------------------
     stmfd   sp!, {r4-r11,lr}
-		
-	@ registers used r0,r1,r2,r3,r5,r8,r11
-	ldr     r4,=0x4004044     
-    ldr     r1,=0x8084888C	
-	ldr     r2,=0x4004048    
-	ldr     r3,=0x9094989C
-	str     r1,[r4]
-	str     r3,[r2]
-	ldr     r4,=0x400404C    	
-	ldr     r2,=0x4004050   
-	str     r1,[r4]
-	str     r3,[r2]
-	ldr		r3, =cardId
-	bx		r3 @ jump to myIrqHandler
-	
+
+	ldr		r3, =cardId	
+	push    {lr}
+	bl		_blx_r3_stub_card_id
+	pop  	{lr}
     
     ldmfd   sp!, {r4-r11,lr}
     bx      lr
+_blx_r3_stub_card_id:
+	bx	r3		
 @---------------------------------------------------------------------------------
 
 @---------------------------------------------------------------------------------

From 73db2ef1bb37bf4abf27946df88ae544187e5311 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Sat, 21 Jan 2017 17:17:45 +0100
Subject: [PATCH 17/40] bug fixes + logging

---
 cardengine_arm7/source/cardEngine.c         | 30 ++++++++++-
 cardengine_arm9/source/cardEngine.c         | 16 +++++-
 cardengine_arm9/source/card_engine_header.s | 56 +++++++++++++++------
 3 files changed, 85 insertions(+), 17 deletions(-)

diff --git a/cardengine_arm7/source/cardEngine.c b/cardengine_arm7/source/cardEngine.c
index 3ee9d62df..0c940e35d 100644
--- a/cardengine_arm7/source/cardEngine.c
+++ b/cardengine_arm7/source/cardEngine.c
@@ -67,6 +67,35 @@ void runCardEngineCheck (void) {
 	int oldIME = enterCriticalSection();
 	
 	initLogging();
+	
+	if(*(vu32*)(0x027FFB14) == (vu32)0x026ff800)
+    {
+        dbg_printf("\ncard read received\n");			
+			
+		if(calledViaIPC) {
+			dbg_printf("\ntriggered via IPC\n");
+		}
+				
+		u32 src = *(vu32*)(sharedAddr+2);
+		u32 dst = *(vu32*)(sharedAddr);
+		u32 len = *(vu32*)(sharedAddr+1);
+		u32 marker = *(vu32*)(sharedAddr+3);
+		
+		dbg_printf("\nstr : \n");
+		dbg_hexa(cardStruct);		
+		dbg_printf("\nsrc : \n");
+		dbg_hexa(src);		
+		dbg_printf("\ndst : \n");
+		dbg_hexa(dst);
+		dbg_printf("\nlen : \n");
+		dbg_hexa(len);
+		dbg_printf("\nmarker : \n");
+		dbg_hexa(marker);
+		
+		dbg_printf("\nlog only \n");
+		
+		*(vu32*)(0x027FFB14) = 0;	
+	}
 
 
 	if(*(vu32*)(0x027FFB14) == (vu32)0x027ff800)
@@ -77,7 +106,6 @@ void runCardEngineCheck (void) {
 			dbg_printf("\ntriggered via IPC\n");
 		}
 				
-		// old sdk version
 		u32 src = *(vu32*)(sharedAddr+2);
 		u32 dst = *(vu32*)(sharedAddr);
 		u32 len = *(vu32*)(sharedAddr+1);
diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
index 88608c06a..3197d3b66 100644
--- a/cardengine_arm9/source/cardEngine.c
+++ b/cardengine_arm9/source/cardEngine.c
@@ -45,9 +45,23 @@ void cardRead (u32* cacheStruct) {
 	u32 page = (src/512)*512;
 	
 	u32 sector = (src/0x8000)*0x8000;
+	
+	// send a log command for debug purpose
+	// -------------------------------------
+	commandRead = 0x026ff800;	
+	
+	sharedAddr[0] = dst;
+	sharedAddr[1] = len;
+	sharedAddr[2] = src;
+	sharedAddr[3] = commandRead;
+	
+	IPC_SendSync(0xEE24);
+	
+	while(sharedAddr[3] != (vu32)0);
+	// -------------------------------------
 
 	
-	if(page = src && len > 0x8000 && dst < 0x02700000 && dst > 0x02000000 && ((u32)dst)%4==0) {
+	if(page == src && len > 0x8000 && dst < 0x02700000 && dst > 0x02000000 && ((u32)dst)%4==0) {
 		// read directly at arm7 level
 		commandRead = 0x025FFB08;
 		
diff --git a/cardengine_arm9/source/card_engine_header.s b/cardengine_arm9/source/card_engine_header.s
index 3f7ff5247..4f11c8b91 100644
--- a/cardengine_arm9/source/card_engine_header.s
+++ b/cardengine_arm9/source/card_engine_header.s
@@ -121,18 +121,24 @@ card_read_arm9:
 @---------------------------------------------------------------------------------
     stmfd   sp!, {r4-r11,lr}
 		
-	@ registers used r0,r1,r2,r3,r5,r8,r11
+	@ get back the WRAM B & C to arm9
 	ldr     r4,=0x4004044     
     ldr     r1,=0x8084888C	
-	ldr     r2,=0x4004048    
+	sub     r2, r4, #(0x4004044 - 0x4004048)
 	ldr     r3,=0x9094989C
 	str     r1,[r4]
 	str     r3,[r2]
-	ldr     r4,=0x400404C    	
-	ldr     r2,=0x4004050   
+	sub     r4, r2, #(0x4004048 - 0x400404C)
+	sub     r2, r4, #(0x400404C - 0x4004050)
 	str     r1,[r4]
 	str     r3,[r2]
+	
 	ldr		r3, =cardRead
+	ldr     r1, =0xE92D4FF0
+wait_for_wram_card_read:
+	ldr     r2, [r3]
+	cmp     r1, r2
+	bne     wait_for_wram_card_read
 	
 	push    {lr}
 	bl		_blx_r3_stub_card_read	
@@ -141,7 +147,8 @@ card_read_arm9:
     ldmfd   sp!, {r4-r11,lr}
     bx      lr
 _blx_r3_stub_card_read:
-	bx	r3		
+	bx	r3	
+.pool	
 cardStructArm9:
 .word    0x00000000     
 cacheFlushRef:
@@ -150,7 +157,6 @@ readCachedRef:
 .word    0x00000000  
 cacheRef:
 .word    0x00000000  
-.pool
 @---------------------------------------------------------------------------------
 
 @---------------------------------------------------------------------------------
@@ -166,7 +172,8 @@ card_id_arm9:
     ldmfd   sp!, {r4-r11,lr}
     bx      lr
 _blx_r3_stub_card_id:
-	bx	r3		
+	bx	r3	
+.pool	
 @---------------------------------------------------------------------------------
 
 @---------------------------------------------------------------------------------
@@ -178,18 +185,37 @@ card_pull_out_arm9:
 @---------------------------------------------------------------------------------
 card_pull:
 @---------------------------------------------------------------------------------
-	ldr     r0,=0x4004044     
+	stmfd   sp!, {r4-r11,lr}
+		
+	@ get back the WRAM B & C to arm9
+	ldr     r4,=0x4004044     
     ldr     r1,=0x8084888C	
-	ldr     r2,=0x4004048    
+	sub     r2, r4, #(0x4004044 - 0x4004048)
 	ldr     r3,=0x9094989C
-	str     r1,[r0]
+	str     r1,[r4]
 	str     r3,[r2]
-	ldr     r0,=0x400404C    	
-	ldr     r2,=0x4004050   
-	str     r1,[r0]
+	sub     r4, r2, #(0x4004048 - 0x400404C)
+	sub     r2, r4, #(0x400404C - 0x4004050)
+	str     r1,[r4]
 	str     r3,[r2]
-	bx lr
-	.pool
+	
+	ldr		r3, =cardRead
+	ldr     r1, =0xE92D4FF0
+wait_for_wram_card_pull:
+	ldr     r2, [r3]
+	cmp     r1, r2
+	bne     wait_for_wram_card_pull
+	
+	@ push    {lr}
+	@ bl		_blx_r3_stub_card_pull	
+    @ pop  	{lr}
+
+    ldmfd   sp!, {r4-r11,lr}
+    bx      lr
+_blx_r3_stub_card_pull:
+	@bx	r3		
+.pool
+
 .global cacheFlush
 .type	cacheFlush STT_FUNC
 cacheFlush:

From 5204dc41272d39eb77e9e8a6cccde4a14e0012df Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Sat, 21 Jan 2017 17:28:19 +0100
Subject: [PATCH 18/40] bug fix

---
 bootloader/source/card_patcher.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/bootloader/source/card_patcher.c b/bootloader/source/card_patcher.c
index 4f57e6ecb..f9b5f5a91 100644
--- a/bootloader/source/card_patcher.c
+++ b/bootloader/source/card_patcher.c
@@ -360,7 +360,10 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 	debug[6] = *card_struct;
 	//debug[7] = *cache_struct;
 	
-	cardEngineLocation[5] = *card_struct;
+	cardEngineLocation[5] = ((u32*)*card_struct)+6;
+	if(moduleParams->sdk_version > 0x3000000) {
+		cardEngineLocation[5] = ((u32*)*card_struct)+7;	
+	}		
 	//cardEngineLocation[6] = *cache_struct;
 	
 	// cache management alternative

From 90286a8cc2e924433b678c48ab7fd6bac0b56117 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Sat, 21 Jan 2017 17:37:24 +0100
Subject: [PATCH 19/40] bug fixes

---
 cardengine_arm9/source/cardEngine.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
index 3197d3b66..2867812bf 100644
--- a/cardengine_arm9/source/cardEngine.c
+++ b/cardengine_arm9/source/cardEngine.c
@@ -39,8 +39,8 @@ void cardRead (u32* cacheStruct) {
 	
 	u32 commandRead;
 	u32 src = cardStruct[0];
-	u32 len = cardStruct[1];
-	u32* dst = (u32*) cardStruct[2];
+	u32* dst = (u32*) cardStruct[1];
+	u32 len = cardStruct[2];
 	
 	u32 page = (src/512)*512;
 	
@@ -82,7 +82,7 @@ void cardRead (u32* cacheStruct) {
 			// read max 32k via the WRAM cache
 			if(!currentSector || sector != currentSector) {
 				// send a command to the arm7 to fill the WRAM cache
-				commandRead = 0x027ff800;
+				commandRead = 0x025FFB08;
 				
 				// transfer the WRAM-B cache to the arm7
 				REG_MBK_2=0x8185898D;
@@ -113,7 +113,7 @@ void cardRead (u32* cacheStruct) {
 				u32 src2 = cardStruct[0];
 				while (remainToRead && (src2-sector < 0x8000) ) {
 					u32 src2 = cardStruct[0];
-					u32 len2 = cardStruct[1];
+					u32 len2 = cardStruct[2];
 					// read via the 512b ram cache
 					u32* cacheBuffer = cacheStruct + 0x20;
 					u32* cachePage = cacheStruct + 8;

From c7287823dfc041c8bf7e6552c2192b23b5272731 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Sun, 22 Jan 2017 01:38:27 +0100
Subject: [PATCH 20/40] debug

---
 cardengine_arm7/source/cardEngine.c |  5 ++-
 cardengine_arm9/source/cardEngine.c | 54 ++++++++++++++++++++++++-----
 2 files changed, 50 insertions(+), 9 deletions(-)

diff --git a/cardengine_arm7/source/cardEngine.c b/cardengine_arm7/source/cardEngine.c
index 0c940e35d..beb4783e5 100644
--- a/cardengine_arm7/source/cardEngine.c
+++ b/cardengine_arm7/source/cardEngine.c
@@ -53,7 +53,10 @@ void initLogging() {
 		dbg_printf("logging initialized\n");		
 		dbg_printf("sdk version :");
 		dbg_hexa(sdk_version);		
-		dbg_printf("\n");		
+		dbg_printf("\n");	
+		dbg_printf("rom file :");
+		dbg_hexa(fileCluster);	
+		dbg_printf("\n");	
 		dbg_printf("save file :");
 		dbg_hexa(saveCluster);	
 		dbg_printf("\n");			
diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
index 2867812bf..9f2991728 100644
--- a/cardengine_arm9/source/cardEngine.c
+++ b/cardengine_arm9/source/cardEngine.c
@@ -84,9 +84,14 @@ void cardRead (u32* cacheStruct) {
 				// send a command to the arm7 to fill the WRAM cache
 				commandRead = 0x025FFB08;
 				
+				// set a synchronisation marker on the WRAM block before transfer
+				*(vu32*)(0x03740000) = (vu32)0xDEADBABE;
+				
 				// transfer the WRAM-B cache to the arm7
-				REG_MBK_2=0x8185898D;
-				REG_MBK_3=0x9195999D;
+				REG_MBK_2=(vu32)0x8185898D;
+				REG_MBK_3=(vu32)0x9195999D;
+				
+				while(*(vu32*)(0x03740000) == (vu32)0xDEADBABE);	
 				
 				// write the command
 				sharedAddr[0] = 0x03740000;
@@ -102,23 +107,56 @@ void cardRead (u32* cacheStruct) {
 				REG_MBK_2=0x8084888C;
 				REG_MBK_3=0x9094989C;
 				
+				while(*(vu32*)(0x03740000) == (vu32)0);	
+				
 				currentSector = sector;
 			}			
 			
-			if(len>512 && len % 32 == 0) {
+			if(len>512 && len % 32 == 0 && ((u32)dst)%4 == 0) {
+				// send a log command for debug purpose
+				// -------------------------------------
+				commandRead = 0x026ff800;	
+				
+				sharedAddr[0] = dst;
+				sharedAddr[1] = len;
+				sharedAddr[2] = 0x03740000+src-sector;
+				sharedAddr[3] = commandRead;
+				
+				IPC_SendSync(0xEE24);
+				
+				while(sharedAddr[3] != (vu32)0);
+				// -------------------------------------
+			
 				// copy directly
-				fastCopy32(0x03740000-sector+src,dst,len);
-			} else {
+				fastCopy32(0x03740000+src-sector,dst,len);	
+			} else {			
 				bool remainToRead = true;
 				u32 src2 = cardStruct[0];
 				while (remainToRead && (src2-sector < 0x8000) ) {
-					u32 src2 = cardStruct[0];
+					src2 = cardStruct[0];
 					u32 len2 = cardStruct[2];
-					// read via the 512b ram cache
+					u32 page2 = (src2/512)*512;
+					
 					u32* cacheBuffer = cacheStruct + 0x20;
 					u32* cachePage = cacheStruct + 8;
+					
+					// send a log command for debug purpose
+					// -------------------------------------
+					commandRead = 0x026ff800;	
+					
+					sharedAddr[0] = cacheBuffer;
+					sharedAddr[1] = len2;
+					sharedAddr[2] = 0x03740000+src2-sector;
+					sharedAddr[3] = commandRead;
+					
+					IPC_SendSync(0xEE24);
+					
+					while(sharedAddr[3] != (vu32)0);
+					// -------------------------------------
+						
+					// read via the 512b ram cache
 					fastCopy32(0x03740000+src2-sector, cacheBuffer, 512);
-					*cachePage = page;
+					*cachePage = page2;
 					remainToRead = (*readCachedRef)(cacheStruct);
 				}
 			}

From e8700a49b06e4c9b395d486f61f6970de3188a43 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Sun, 22 Jan 2017 02:07:59 +0100
Subject: [PATCH 21/40] bug fix

---
 cardengine_arm9/source/cardEngine.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
index 9f2991728..e06812c3c 100644
--- a/cardengine_arm9/source/cardEngine.c
+++ b/cardengine_arm9/source/cardEngine.c
@@ -46,7 +46,7 @@ void cardRead (u32* cacheStruct) {
 	
 	u32 sector = (src/0x8000)*0x8000;
 	
-	// send a log command for debug purpose
+	/*// send a log command for debug purpose
 	// -------------------------------------
 	commandRead = 0x026ff800;	
 	
@@ -58,7 +58,7 @@ void cardRead (u32* cacheStruct) {
 	IPC_SendSync(0xEE24);
 	
 	while(sharedAddr[3] != (vu32)0);
-	// -------------------------------------
+	// -------------------------------------*/
 
 	
 	if(page == src && len > 0x8000 && dst < 0x02700000 && dst > 0x02000000 && ((u32)dst)%4==0) {
@@ -113,7 +113,7 @@ void cardRead (u32* cacheStruct) {
 			}			
 			
 			if(len>512 && len % 32 == 0 && ((u32)dst)%4 == 0) {
-				// send a log command for debug purpose
+				/*// send a log command for debug purpose
 				// -------------------------------------
 				commandRead = 0x026ff800;	
 				
@@ -125,7 +125,7 @@ void cardRead (u32* cacheStruct) {
 				IPC_SendSync(0xEE24);
 				
 				while(sharedAddr[3] != (vu32)0);
-				// -------------------------------------
+				// -------------------------------------*/
 			
 				// copy directly
 				fastCopy32(0x03740000+src-sector,dst,len);	
@@ -137,10 +137,10 @@ void cardRead (u32* cacheStruct) {
 					u32 len2 = cardStruct[2];
 					u32 page2 = (src2/512)*512;
 					
-					u32* cacheBuffer = cacheStruct + 0x20;
-					u32* cachePage = cacheStruct + 8;
+					u32* cacheBuffer = cacheStruct + 8;
+					u32* cachePage = cacheStruct + 2;
 					
-					// send a log command for debug purpose
+					/*// send a log command for debug purpose
 					// -------------------------------------
 					commandRead = 0x026ff800;	
 					
@@ -152,7 +152,7 @@ void cardRead (u32* cacheStruct) {
 					IPC_SendSync(0xEE24);
 					
 					while(sharedAddr[3] != (vu32)0);
-					// -------------------------------------
+					// -------------------------------------*/
 						
 					// read via the 512b ram cache
 					fastCopy32(0x03740000+src2-sector, cacheBuffer, 512);

From 0e25e7df2a57e0849cfcab627ef976a9170c11e8 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Sun, 22 Jan 2017 18:08:31 +0100
Subject: [PATCH 22/40] synchronization mechanism

---
 cardengine_arm9/source/cardEngine.c         | 30 ++++++++++++++++-----
 cardengine_arm9/source/card_engine_header.s | 30 ---------------------
 2 files changed, 23 insertions(+), 37 deletions(-)

diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
index e06812c3c..6c82c01b2 100644
--- a/cardengine_arm9/source/cardEngine.c
+++ b/cardengine_arm9/source/cardEngine.c
@@ -46,7 +46,7 @@ void cardRead (u32* cacheStruct) {
 	
 	u32 sector = (src/0x8000)*0x8000;
 	
-	/*// send a log command for debug purpose
+	// send a log command for debug purpose
 	// -------------------------------------
 	commandRead = 0x026ff800;	
 	
@@ -85,13 +85,13 @@ void cardRead (u32* cacheStruct) {
 				commandRead = 0x025FFB08;
 				
 				// set a synchronisation marker on the WRAM block before transfer
-				*(vu32*)(0x03740000) = (vu32)0xDEADBABE;
+				*(vu32*)(0x03748000) = (vu32)0xDEADBABE;
 				
 				// transfer the WRAM-B cache to the arm7
 				REG_MBK_2=(vu32)0x8185898D;
 				REG_MBK_3=(vu32)0x9195999D;
 				
-				while(*(vu32*)(0x03740000) == (vu32)0xDEADBABE);	
+				while(*(vu32*)(0x03748000) == (vu32)0xDEADBABE);	
 				
 				// write the command
 				sharedAddr[0] = 0x03740000;
@@ -107,13 +107,13 @@ void cardRead (u32* cacheStruct) {
 				REG_MBK_2=0x8084888C;
 				REG_MBK_3=0x9094989C;
 				
-				while(*(vu32*)(0x03740000) == (vu32)0);	
+				while(*(vu32*)(0x03748000) != (vu32)0xDEADBABE);	
 				
 				currentSector = sector;
 			}			
 			
 			if(len>512 && len % 32 == 0 && ((u32)dst)%4 == 0) {
-				/*// send a log command for debug purpose
+				// send a log command for debug purpose
 				// -------------------------------------
 				commandRead = 0x026ff800;	
 				
@@ -125,7 +125,7 @@ void cardRead (u32* cacheStruct) {
 				IPC_SendSync(0xEE24);
 				
 				while(sharedAddr[3] != (vu32)0);
-				// -------------------------------------*/
+				// -------------------------------------
 			
 				// copy directly
 				fastCopy32(0x03740000+src-sector,dst,len);	
@@ -160,7 +160,23 @@ void cardRead (u32* cacheStruct) {
 					remainToRead = (*readCachedRef)(cacheStruct);
 				}
 			}
-			if(len < 0x8000) len =0;
+			if(len < 0x8000) {
+				len =0;
+				// send a log command for debug purpose
+				// -------------------------------------
+				commandRead = 0x026ff800;	
+				
+				sharedAddr[0] = dst;
+				sharedAddr[1] = len;
+				sharedAddr[2] = src;
+				sharedAddr[3] = commandRead;
+				
+				IPC_SendSync(0xEE24);
+				
+				while(sharedAddr[3] != (vu32)0);
+				// -------------------------------------
+			
+			}
 			else {
 				// bigger than 32k unaligned command
 				len = len - 0x8000 + (src-sector) ;
diff --git a/cardengine_arm9/source/card_engine_header.s b/cardengine_arm9/source/card_engine_header.s
index 4f11c8b91..8f66efc1a 100644
--- a/cardengine_arm9/source/card_engine_header.s
+++ b/cardengine_arm9/source/card_engine_header.s
@@ -185,37 +185,7 @@ card_pull_out_arm9:
 @---------------------------------------------------------------------------------
 card_pull:
 @---------------------------------------------------------------------------------
-	stmfd   sp!, {r4-r11,lr}
-		
-	@ get back the WRAM B & C to arm9
-	ldr     r4,=0x4004044     
-    ldr     r1,=0x8084888C	
-	sub     r2, r4, #(0x4004044 - 0x4004048)
-	ldr     r3,=0x9094989C
-	str     r1,[r4]
-	str     r3,[r2]
-	sub     r4, r2, #(0x4004048 - 0x400404C)
-	sub     r2, r4, #(0x400404C - 0x4004050)
-	str     r1,[r4]
-	str     r3,[r2]
-	
-	ldr		r3, =cardRead
-	ldr     r1, =0xE92D4FF0
-wait_for_wram_card_pull:
-	ldr     r2, [r3]
-	cmp     r1, r2
-	bne     wait_for_wram_card_pull
-	
-	@ push    {lr}
-	@ bl		_blx_r3_stub_card_pull	
-    @ pop  	{lr}
-
-    ldmfd   sp!, {r4-r11,lr}
     bx      lr
-_blx_r3_stub_card_pull:
-	@bx	r3		
-.pool
-
 .global cacheFlush
 .type	cacheFlush STT_FUNC
 cacheFlush:

From 93086e6bd82810e3ab7890d45bb276a8ca944b59 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Sun, 22 Jan 2017 19:36:41 +0100
Subject: [PATCH 23/40] switch back to region 3

---
 bootloader/source/card_patcher.c    | 27 ++++++++++++++-------------
 cardengine_arm9/Makefile            |  2 +-
 cardengine_arm9/source/cardEngine.c |  6 +++---
 3 files changed, 18 insertions(+), 17 deletions(-)

diff --git a/bootloader/source/card_patcher.c b/bootloader/source/card_patcher.c
index f9b5f5a91..5435bcef7 100644
--- a/bootloader/source/card_patcher.c
+++ b/bootloader/source/card_patcher.c
@@ -70,11 +70,9 @@ u32 mpuInitRegion2Data1[1] = {0x27C0023};
 // sdk >= 3 version
 u32 mpuInitRegion2Data3[1] = {0x27E0021};
 
-u32 mpuInitSignature[1] = {0xEE060F13};
-// sdk < 3 version
-u32 mpuInitData1[1] = {0x8000035};
-// sdk >= 3 version
-u32 mpuInitData3[1] = {0x8000035};
+u32 mpuInitRegion3Signature[1] = {0xEE060F13};
+u32 mpuInitRegion3Data[1] = {0x8000035};
+
 
 //
 // Look in @data for @find and return the position of it.
@@ -182,11 +180,9 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 	u32* cardPullOutSignature = cardPullOutSignature1;
 	u32* cardReadCachedStartSignature = cardReadCachedStartSignature1;
 	u32* cardReadCachedEndSignature = cardReadCachedEndSignature1;
-	u32* mpuInitData = mpuInitData1;
 	u32* mpuInitRegion2Data = mpuInitRegion2Data1;
 	if(moduleParams->sdk_version > 0x3000000 && moduleParams->sdk_version < 0x4000000) {
 		cardReadCachedEndSignature = cardReadCachedEndSignature3;
-		mpuInitData = mpuInitData3;
 		mpuInitRegion2Data = mpuInitRegion2Data3;
 	} else if(moduleParams->sdk_version > 0x4000000) {
 		a9cardReadSignature = a9cardReadSignature4;
@@ -273,13 +269,13 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 	u32* mpuDataOffset = 0;
     u32 mpuStartOffset =  
         getOffset((u32*)ndsHeader->arm9destination, ndsHeader->arm9binarySize,
-              (u32*)mpuInitSignature, 1, 1);
+              (u32*)mpuInitRegion3Signature, 1, 1);
     if (!mpuStartOffset) {
         dbg_printf("Mpu init not found\n");
     } else {
 		mpuDataOffset =   
 			getOffset((u32*)mpuStartOffset, 0x100,
-				  (u32*)mpuInitRegion2Data, 1, 1);
+				  (u32*)mpuInitRegion3Data, 1, 1);
 		if (!mpuDataOffset) {
 			dbg_printf("Mpu data not found\n");
 		} else {
@@ -292,18 +288,23 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 	if(mpuDataOffset) {
 		// change the region 3 configuration
 		*mpuDataOffset = PAGE_8M  | 0x03000000 | 1;	
+		
+		/*// Region 2 settings
 		// change intruction access
-		//mpuDataOffset[5] = 0x5111111;	
 		mpuDataOffset[6] = 0x5111111;	
 		// change data access
-		mpuDataOffset[7] = 0x15111111;	
+		mpuDataOffset[7] = 0x15111111;	*/
+		
+		//	Region 3 settings	
+		// change intruction access
+		mpuDataOffset[5] = 0x5111111;	
 	}
 	
 	
 	
 		
 	// patch out all further mpu reconfiguration	
-	while(mpuStartOffset) {
+	/*while(mpuStartOffset) {
 		mpuStartOffset = getOffset(mpuStartOffset+4, ndsHeader->arm9binarySize,
               (u32*)mpuInitRegion2Signature, 1, 1);
 		if(mpuStartOffset) {
@@ -312,7 +313,7 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 			dbg_printf("\n");
 			*((u32*)mpuStartOffset) = 0xE3A00000 ;
 		}
-	}	
+	}*/
 	
 	/*u32 arenaLoOffset =   
         getOffsetA9((u32*)ndsHeader->arm9destination, 0x00300000,//, ndsHeader->arm9binarySize,
diff --git a/cardengine_arm9/Makefile b/cardengine_arm9/Makefile
index e5ea5115c..f3bcd2e25 100644
--- a/cardengine_arm9/Makefile
+++ b/cardengine_arm9/Makefile
@@ -33,7 +33,7 @@ CFLAGS	:=	-g -Wall -O2\
 			-ffast-math \
 			$(ARCH)
 
-CFLAGS	+=	$(INCLUDE) -DARM7 -std=gnu99
+CFLAGS	+=	$(INCLUDE) -DARM9 -std=gnu99
 
 CXXFLAGS	:= $(CFLAGS) -fno-rtti -fno-exceptions
 
diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
index 6c82c01b2..35cf0b4b0 100644
--- a/cardengine_arm9/source/cardEngine.c
+++ b/cardengine_arm9/source/cardEngine.c
@@ -29,17 +29,17 @@ u32 currentSector = 0;
 
 
 u32 cardId (void) {
-	nocashMessage("\narm9 cardId\n");
+	//nocashMessage("\narm9 cardId\n");
 
 	return	1;
 }
 
 void cardRead (u32* cacheStruct) {
-	nocashMessage("\narm9 cardRead\n");	
+	//nocashMessage("\narm9 cardRead\n");	
 	
 	u32 commandRead;
 	u32 src = cardStruct[0];
-	u32* dst = (u32*) cardStruct[1];
+	u32* dst = (u32*) (cardStruct[1]);
 	u32 len = cardStruct[2];
 	
 	u32 page = (src/512)*512;

From 58e8385e5e1d7cc2bc59b542aafc74cd1331b72e Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Sun, 22 Jan 2017 20:44:50 +0100
Subject: [PATCH 24/40] bug fix

---
 bootloader/source/boot.c            | 3 +++
 cardengine_arm9/source/cardEngine.c | 5 +----
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/bootloader/source/boot.c b/bootloader/source/boot.c
index 1846320ad..ec2abf68a 100644
--- a/bootloader/source/boot.c
+++ b/bootloader/source/boot.c
@@ -353,6 +353,9 @@ int main (void) {
 			nocashMessage("dldi Patch Unsuccessful try to patch card");
 			copyLoop (ENGINE_LOCATION_ARM7, (u32*)cardengine_arm7_bin, cardengine_arm7_bin_size);	
 			copyLoop (ENGINE_LOCATION_ARM9, (u32*)cardengine_arm9_bin, cardengine_arm9_bin_size);	
+			
+			// set a synchronisation marker on the WRAM block 
+			*(vu32*)(0x03748000) = (vu32)0xDEADBABE;
 
 			module_params_t* params = findModuleParams(NDS_HEAD);
 			if(params)
diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
index 35cf0b4b0..4c6ed8ec2 100644
--- a/cardengine_arm9/source/cardEngine.c
+++ b/cardengine_arm9/source/cardEngine.c
@@ -84,9 +84,6 @@ void cardRead (u32* cacheStruct) {
 				// send a command to the arm7 to fill the WRAM cache
 				commandRead = 0x025FFB08;
 				
-				// set a synchronisation marker on the WRAM block before transfer
-				*(vu32*)(0x03748000) = (vu32)0xDEADBABE;
-				
 				// transfer the WRAM-B cache to the arm7
 				REG_MBK_2=(vu32)0x8185898D;
 				REG_MBK_3=(vu32)0x9195999D;
@@ -112,7 +109,7 @@ void cardRead (u32* cacheStruct) {
 				currentSector = sector;
 			}			
 			
-			if(len>512 && len % 32 == 0 && ((u32)dst)%4 == 0) {
+			if((len>512) && ((len % 32) == 0) && ((u32)dst)%4 == 0) {
 				// send a log command for debug purpose
 				// -------------------------------------
 				commandRead = 0x026ff800;	

From 899e3899fbe510cc33f3f858f77722fd39e45071 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Sun, 22 Jan 2017 22:45:28 +0100
Subject: [PATCH 25/40] Switch to region 1 + bug fix

---
 bootloader/source/card_patcher.c            | 37 +++++++++++++++++----
 cardengine_arm9/source/cardEngine.c         | 12 ++++---
 cardengine_arm9/source/card_engine_header.s |  2 --
 3 files changed, 38 insertions(+), 13 deletions(-)

diff --git a/bootloader/source/card_patcher.c b/bootloader/source/card_patcher.c
index 5435bcef7..8dde8507b 100644
--- a/bootloader/source/card_patcher.c
+++ b/bootloader/source/card_patcher.c
@@ -63,6 +63,10 @@ u32 irqEnableStartSignature4[4] = {0xE92D4010, 0xE1A04000, 0xEBFFFFF6, 0xE59FC02
 
 u32 arenaLowSignature[4] = {0xE1A00100,0xE2800627,0xE2800AFF,0xE5801DA0};  
 
+u32 mpuInitRegion1Signature[1] = {0xEE060F11};
+u32 mpuInitRegion1Data1[1] = {0x200002D};
+// sdk >= 4 version
+u32 mpuInitRegion1Data4[1] = {0x200002D};
 
 u32 mpuInitRegion2Signature[1] = {0xEE060F12};
 // sdk < 3 version
@@ -73,6 +77,7 @@ u32 mpuInitRegion2Data3[1] = {0x27E0021};
 u32 mpuInitRegion3Signature[1] = {0xEE060F13};
 u32 mpuInitRegion3Data[1] = {0x8000035};
 
+u32 mpuInitCache[1] = {0xE3A00042};
 
 //
 // Look in @data for @find and return the position of it.
@@ -181,6 +186,7 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 	u32* cardReadCachedStartSignature = cardReadCachedStartSignature1;
 	u32* cardReadCachedEndSignature = cardReadCachedEndSignature1;
 	u32* mpuInitRegion2Data = mpuInitRegion2Data1;
+	u32* mpuInitRegion1Data = mpuInitRegion1Data1;
 	if(moduleParams->sdk_version > 0x3000000 && moduleParams->sdk_version < 0x4000000) {
 		cardReadCachedEndSignature = cardReadCachedEndSignature3;
 		mpuInitRegion2Data = mpuInitRegion2Data3;
@@ -190,6 +196,7 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 		cardPullOutSignature = cardPullOutSignature4;
 		cardReadCachedStartSignature = cardReadCachedStartSignature4;
 		cardReadCachedEndSignature = cardReadCachedEndSignature4;
+		mpuInitRegion1Data = mpuInitRegion1Data4;
 	} 	
 
 	// Find the card read
@@ -275,7 +282,7 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
     } else {
 		mpuDataOffset =   
 			getOffset((u32*)mpuStartOffset, 0x100,
-				  (u32*)mpuInitRegion3Data, 1, 1);
+				  (u32*)mpuInitRegion1Data, 1, 1);
 		if (!mpuDataOffset) {
 			dbg_printf("Mpu data not found\n");
 		} else {
@@ -286,9 +293,13 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 	}	
 	
 	if(mpuDataOffset) {
+		// change the region 1 configuration
+		*mpuDataOffset = PAGE_32M  | 0x02000000 | 1;	
+	
+	
 		// change the region 3 configuration
-		*mpuDataOffset = PAGE_8M  | 0x03000000 | 1;	
-		
+		//*mpuDataOffset = PAGE_8M  | 0x03000000 | 1;	
+
 		/*// Region 2 settings
 		// change intruction access
 		mpuDataOffset[6] = 0x5111111;	
@@ -297,23 +308,35 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 		
 		//	Region 3 settings	
 		// change intruction access
-		mpuDataOffset[5] = 0x5111111;	
+		//mpuDataOffset[5] = 0x5103011;		
+		// change data access
+		//mpuDataOffset[6] = 0x15113011;
 	}
 	
+	// Find the mpu cache init
+    /*u32* mpuCacheOffset =  
+        getOffset((u32*)mpuStartOffset, 0x100,
+              (u32*)mpuInitCache, 1, 1);
+    if (!mpuCacheOffset) {
+        dbg_printf("Mpu init cache not found\n");
+    } else {
+		*mpuCacheOffset = 0xE3A00046;
+	}	*/
+	
 	
 	
 		
 	// patch out all further mpu reconfiguration	
-	/*while(mpuStartOffset) {
+	while(mpuStartOffset) {
 		mpuStartOffset = getOffset(mpuStartOffset+4, ndsHeader->arm9binarySize,
-              (u32*)mpuInitRegion2Signature, 1, 1);
+              (u32*)mpuInitRegion1Signature, 1, 1);
 		if(mpuStartOffset) {
 			dbg_printf("Mpu init :\t");
 			dbg_hexa(mpuStartOffset);
 			dbg_printf("\n");
 			*((u32*)mpuStartOffset) = 0xE3A00000 ;
 		}
-	}*/
+	}
 	
 	/*u32 arenaLoOffset =   
         getOffsetA9((u32*)ndsHeader->arm9destination, 0x00300000,//, ndsHeader->arm9binarySize,
diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
index 4c6ed8ec2..548af5dea 100644
--- a/cardengine_arm9/source/cardEngine.c
+++ b/cardengine_arm9/source/cardEngine.c
@@ -25,7 +25,7 @@ extern vu32* volatile cardStruct;
 extern u32 sdk_version;
 vu32* volatile sharedAddr = (vu32*)0x027FFB08;
 extern volatile int (*readCachedRef)(u32*); // this pointer is not at the end of the table but at the handler pointer corresponding to the current irq
-u32 currentSector = 0;
+static u32 currentSector = 0;
 
 
 u32 cardId (void) {
@@ -88,7 +88,9 @@ void cardRead (u32* cacheStruct) {
 				REG_MBK_2=(vu32)0x8185898D;
 				REG_MBK_3=(vu32)0x9195999D;
 				
-				while(*(vu32*)(0x03748000) == (vu32)0xDEADBABE);	
+				while(*(vu32*)(0x03748000) != (vu32)0xDEADBABE) {
+					cacheFlush();
+				}
 				
 				// write the command
 				sharedAddr[0] = 0x03740000;
@@ -104,7 +106,9 @@ void cardRead (u32* cacheStruct) {
 				REG_MBK_2=0x8084888C;
 				REG_MBK_3=0x9094989C;
 				
-				while(*(vu32*)(0x03748000) != (vu32)0xDEADBABE);	
+				while(*(vu32*)(0x03748000) != (vu32)0xDEADBABE) {
+					cacheFlush();
+				}
 				
 				currentSector = sector;
 			}			
@@ -152,7 +156,7 @@ void cardRead (u32* cacheStruct) {
 					// -------------------------------------*/
 						
 					// read via the 512b ram cache
-					fastCopy32(0x03740000+src2-sector, cacheBuffer, 512);
+					fastCopy32(0x03740000+page2-sector, cacheBuffer, 512);
 					*cachePage = page2;
 					remainToRead = (*readCachedRef)(cacheStruct);
 				}
diff --git a/cardengine_arm9/source/card_engine_header.s b/cardengine_arm9/source/card_engine_header.s
index 8f66efc1a..616348b55 100644
--- a/cardengine_arm9/source/card_engine_header.s
+++ b/cardengine_arm9/source/card_engine_header.s
@@ -140,9 +140,7 @@ wait_for_wram_card_read:
 	cmp     r1, r2
 	bne     wait_for_wram_card_read
 	
-	push    {lr}
 	bl		_blx_r3_stub_card_read	
-    pop  	{lr}
 
     ldmfd   sp!, {r4-r11,lr}
     bx      lr

From 7890f63d39cbb60ca31d6948a108b1df9b9afe09 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Sun, 22 Jan 2017 22:55:24 +0100
Subject: [PATCH 26/40] Bug fix

---
 cardengine_arm9/source/cardEngine.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
index 548af5dea..ec51a41f2 100644
--- a/cardengine_arm9/source/cardEngine.c
+++ b/cardengine_arm9/source/cardEngine.c
@@ -88,7 +88,7 @@ void cardRead (u32* cacheStruct) {
 				REG_MBK_2=(vu32)0x8185898D;
 				REG_MBK_3=(vu32)0x9195999D;
 				
-				while(*(vu32*)(0x03748000) != (vu32)0xDEADBABE) {
+				while(*(vu32*)(0x03748000) == (vu32)0xDEADBABE) {
 					cacheFlush();
 				}
 				
@@ -141,13 +141,13 @@ void cardRead (u32* cacheStruct) {
 					u32* cacheBuffer = cacheStruct + 8;
 					u32* cachePage = cacheStruct + 2;
 					
-					/*// send a log command for debug purpose
+					// send a log command for debug purpose
 					// -------------------------------------
 					commandRead = 0x026ff800;	
 					
 					sharedAddr[0] = cacheBuffer;
 					sharedAddr[1] = len2;
-					sharedAddr[2] = 0x03740000+src2-sector;
+					sharedAddr[2] = 0x03740000+page2-sector;
 					sharedAddr[3] = commandRead;
 					
 					IPC_SendSync(0xEE24);

From 9995056b60143b7298eba36ea63e43edb2306e2f Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Sun, 22 Jan 2017 23:02:59 +0100
Subject: [PATCH 27/40] Remove logging to look at performance

---
 cardengine_arm7/source/cardEngine.c | 18 +++++++++---------
 cardengine_arm9/source/cardEngine.c | 12 ++++++------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/cardengine_arm7/source/cardEngine.c b/cardengine_arm7/source/cardEngine.c
index beb4783e5..7b4238fda 100644
--- a/cardengine_arm7/source/cardEngine.c
+++ b/cardengine_arm7/source/cardEngine.c
@@ -142,10 +142,10 @@ void runCardEngineCheck (void) {
 	
 	if(*(vu32*)(0x027FFB14) == (vu32)0x025FFB08)
     {
-        dbg_printf("\ncard read received v2\n");
+        //dbg_printf("\ncard read received v2\n");
 		
 		if(calledViaIPC) {
-			dbg_printf("\ntriggered via IPC\n");
+			//dbg_printf("\ntriggered via IPC\n");
 		}
 		
 		// old sdk version
@@ -154,7 +154,7 @@ void runCardEngineCheck (void) {
 		u32 len = *(vu32*)(sharedAddr+1);
 		u32 marker = *(vu32*)(sharedAddr+3);
 		
-		dbg_printf("\nstr : \n");
+		/*dbg_printf("\nstr : \n");
 		dbg_hexa(cardStruct);		
 		dbg_printf("\nsrc : \n");
 		dbg_hexa(src);		
@@ -163,17 +163,17 @@ void runCardEngineCheck (void) {
 		dbg_printf("\nlen : \n");
 		dbg_hexa(len);
 		dbg_printf("\nmarker : \n");
-		dbg_hexa(marker);
+		dbg_hexa(marker);*/
 		
 		fileRead(dst,romFile,src,len);
 		
-		dbg_printf("\nread \n");
+		//dbg_printf("\nread \n");
 		
 		if(is_aligned(dst,4) || is_aligned(len,4)) {
-			dbg_printf("\n aligned read : \n");
+			//dbg_printf("\n aligned read : \n");
 			//*(vu32*)(0x027FFB0C) = (vu32)2;
 		} else {
-			dbg_printf("\n misaligned read : \n");
+			//dbg_printf("\n misaligned read : \n");
 			//*(vu32*)(0x027FFB0C) = (vu32)0;
 		}			
 		*(vu32*)(0x027FFB14) = 0;		
@@ -185,7 +185,7 @@ void runCardEngineCheck (void) {
 //---------------------------------------------------------------------------------
 void myIrqHandlerFIFO(void) {
 //---------------------------------------------------------------------------------
-	nocashMessage("myIrqHandlerFIFO");
+	//nocashMessage("myIrqHandlerFIFO");
 	
 	calledViaIPC = true;
 	
@@ -194,7 +194,7 @@ void myIrqHandlerFIFO(void) {
 
 
 void myIrqHandlerVBlank(void) {
-	nocashMessage("myIrqHandlerVBlank");
+	//nocashMessage("myIrqHandlerVBlank");
 	
 	calledViaIPC = false;
 	
diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
index ec51a41f2..218009cf4 100644
--- a/cardengine_arm9/source/cardEngine.c
+++ b/cardengine_arm9/source/cardEngine.c
@@ -46,7 +46,7 @@ void cardRead (u32* cacheStruct) {
 	
 	u32 sector = (src/0x8000)*0x8000;
 	
-	// send a log command for debug purpose
+	/*// send a log command for debug purpose
 	// -------------------------------------
 	commandRead = 0x026ff800;	
 	
@@ -114,7 +114,7 @@ void cardRead (u32* cacheStruct) {
 			}			
 			
 			if((len>512) && ((len % 32) == 0) && ((u32)dst)%4 == 0) {
-				// send a log command for debug purpose
+				/*// send a log command for debug purpose
 				// -------------------------------------
 				commandRead = 0x026ff800;	
 				
@@ -126,7 +126,7 @@ void cardRead (u32* cacheStruct) {
 				IPC_SendSync(0xEE24);
 				
 				while(sharedAddr[3] != (vu32)0);
-				// -------------------------------------
+				// -------------------------------------*/
 			
 				// copy directly
 				fastCopy32(0x03740000+src-sector,dst,len);	
@@ -141,7 +141,7 @@ void cardRead (u32* cacheStruct) {
 					u32* cacheBuffer = cacheStruct + 8;
 					u32* cachePage = cacheStruct + 2;
 					
-					// send a log command for debug purpose
+					/*// send a log command for debug purpose
 					// -------------------------------------
 					commandRead = 0x026ff800;	
 					
@@ -163,7 +163,7 @@ void cardRead (u32* cacheStruct) {
 			}
 			if(len < 0x8000) {
 				len =0;
-				// send a log command for debug purpose
+				/*// send a log command for debug purpose
 				// -------------------------------------
 				commandRead = 0x026ff800;	
 				
@@ -175,7 +175,7 @@ void cardRead (u32* cacheStruct) {
 				IPC_SendSync(0xEE24);
 				
 				while(sharedAddr[3] != (vu32)0);
-				// -------------------------------------
+				// -------------------------------------*/
 			
 			}
 			else {

From 877e543733da0be7dbc48cc80db1f5fd36fac099 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Sun, 22 Jan 2017 23:37:07 +0100
Subject: [PATCH 28/40] deactivate no more needed cache

---
 cardengine_arm7/source/fat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cardengine_arm7/source/fat.c b/cardengine_arm7/source/fat.c
index a9d5db0c7..6f80db1b1 100644
--- a/cardengine_arm7/source/fat.c
+++ b/cardengine_arm7/source/fat.c
@@ -790,7 +790,7 @@ void buildFatTableCache (aFile file) {
 	
 	if(file.currentCluster == CLUSTER_EOF) {
 		file.fatTableCached = true;
-		file.oneClusterCached = true;
+		file.oneClusterCached = false;
 	}
 	
 	file.currentOffset=0;

From d55097c58ff029e308bc68bf2f33612d33b037c7 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Mon, 23 Jan 2017 00:24:31 +0100
Subject: [PATCH 29/40] Some optimizations

---
 bootloader/source/card_patcher.c            |  2 +-
 cardengine_arm9/source/cardEngine.c         | 21 +++++++++++----------
 cardengine_arm9/source/card_engine_header.s | 17 +++++++++++++++--
 3 files changed, 27 insertions(+), 13 deletions(-)

diff --git a/bootloader/source/card_patcher.c b/bootloader/source/card_patcher.c
index 8dde8507b..3db6d24dd 100644
--- a/bootloader/source/card_patcher.c
+++ b/bootloader/source/card_patcher.c
@@ -334,7 +334,7 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 			dbg_printf("Mpu init :\t");
 			dbg_hexa(mpuStartOffset);
 			dbg_printf("\n");
-			*((u32*)mpuStartOffset) = 0xE3A00000 ;
+			*((u32*)mpuStartOffset) = 0xE1A00000 ;
 		}
 	}
 	
diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
index 218009cf4..97eff6519 100644
--- a/cardengine_arm9/source/cardEngine.c
+++ b/cardengine_arm9/source/cardEngine.c
@@ -37,6 +37,8 @@ u32 cardId (void) {
 void cardRead (u32* cacheStruct) {
 	//nocashMessage("\narm9 cardRead\n");	
 	
+	u32* cacheBuffer = cacheStruct + 8;
+	u32* cachePage = cacheStruct + 2;
 	u32 commandRead;
 	u32 src = cardStruct[0];
 	u32* dst = (u32*) (cardStruct[1]);
@@ -46,7 +48,7 @@ void cardRead (u32* cacheStruct) {
 	
 	u32 sector = (src/0x8000)*0x8000;
 	
-	/*// send a log command for debug purpose
+	// send a log command for debug purpose
 	// -------------------------------------
 	commandRead = 0x026ff800;	
 	
@@ -86,10 +88,11 @@ void cardRead (u32* cacheStruct) {
 				
 				// transfer the WRAM-B cache to the arm7
 				REG_MBK_2=(vu32)0x8185898D;
-				REG_MBK_3=(vu32)0x9195999D;
+				REG_MBK_3=(vu32)0x9195999D;				
 				
+				cacheFlush();
 				while(*(vu32*)(0x03748000) == (vu32)0xDEADBABE) {
-					cacheFlush();
+					DC_FlushRange((vu32*)0x03748000, 4);
 				}
 				
 				// write the command
@@ -106,15 +109,16 @@ void cardRead (u32* cacheStruct) {
 				REG_MBK_2=0x8084888C;
 				REG_MBK_3=0x9094989C;
 				
+				DC_FlushRange((vu32*)0x03748000, 4);
 				while(*(vu32*)(0x03748000) != (vu32)0xDEADBABE) {
-					cacheFlush();
+					DC_FlushRange((vu32*)0x03748000, 4);
 				}
 				
 				currentSector = sector;
 			}			
 			
-			if((len>512) && ((len % 32) == 0) && ((u32)dst)%4 == 0) {
-				/*// send a log command for debug purpose
+			if(0 && (len>512) && ((len % 32) == 0) && ((u32)dst)%4 == 0) {
+				// send a log command for debug purpose
 				// -------------------------------------
 				commandRead = 0x026ff800;	
 				
@@ -138,9 +142,6 @@ void cardRead (u32* cacheStruct) {
 					u32 len2 = cardStruct[2];
 					u32 page2 = (src2/512)*512;
 					
-					u32* cacheBuffer = cacheStruct + 8;
-					u32* cachePage = cacheStruct + 2;
-					
 					/*// send a log command for debug purpose
 					// -------------------------------------
 					commandRead = 0x026ff800;	
@@ -163,7 +164,7 @@ void cardRead (u32* cacheStruct) {
 			}
 			if(len < 0x8000) {
 				len =0;
-				/*// send a log command for debug purpose
+				// send a log command for debug purpose
 				// -------------------------------------
 				commandRead = 0x026ff800;	
 				
diff --git a/cardengine_arm9/source/card_engine_header.s b/cardengine_arm9/source/card_engine_header.s
index 616348b55..6a4bcfaa0 100644
--- a/cardengine_arm9/source/card_engine_header.s
+++ b/cardengine_arm9/source/card_engine_header.s
@@ -89,7 +89,7 @@ exit:
 @ r0 : src, r1 : dst, r2 : len
 fastCopy32:
     stmfd   sp!, {r3-r11,lr}
-	@ copy 512 bytes
+	@ copy r2 bytes
 	mov     r10, r0	
 	mov     r9, r1	
 	mov     r8, r2	
@@ -232,4 +232,17 @@ DC_WaitWriteBufferEmpty:
     ldmfd   sp!, {r0-r11,lr}
     bx      lr
 	.pool
-	
\ No newline at end of file
+	
+.global DC_FlushRange
+.type	DC_FlushRange STT_FUNC
+DC_FlushRange:
+	MOV             R12, #0
+	ADD             R1, R1, R0
+	BIC             R0, R0, #0x1F
+loop_flush_range :
+	MCR             p15, 0, R12,c7,c10, 4
+	MCR             p15, 0, R0,c7,c14, 1
+	ADD             R0, R0, #0x20
+	CMP             R0, R1
+	BLT             loop_flush_range
+	BX              LR
\ No newline at end of file

From 2d22a1b498766d6f13e964747d159d8297e80507 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Mon, 23 Jan 2017 01:11:12 +0100
Subject: [PATCH 30/40] minor modifications

---
 bootloader/source/boot.c                    |  3 +-
 cardengine_arm7/source/fat.c                |  2 +-
 cardengine_arm9/source/cardEngine.c         | 40 +++++++++++----------
 cardengine_arm9/source/card_engine_header.s |  8 ++---
 4 files changed, 27 insertions(+), 26 deletions(-)

diff --git a/bootloader/source/boot.c b/bootloader/source/boot.c
index ec2abf68a..42980c8eb 100644
--- a/bootloader/source/boot.c
+++ b/bootloader/source/boot.c
@@ -72,6 +72,7 @@ void sdmmc_controller_init();
 #define CHEAT_DATA_LOCATION  	0x06010000
 #define ENGINE_LOCATION_ARM7  	0x03780000
 #define ENGINE_LOCATION_ARM9  	0x03700000
+#define MARKER_ADDRESS 			0x03760000
 
 const char* bootName = "BOOT.NDS";
 
@@ -355,7 +356,7 @@ int main (void) {
 			copyLoop (ENGINE_LOCATION_ARM9, (u32*)cardengine_arm9_bin, cardengine_arm9_bin_size);	
 			
 			// set a synchronisation marker on the WRAM block 
-			*(vu32*)(0x03748000) = (vu32)0xDEADBABE;
+			*((vu32*)MARKER_ADDRESS) = (vu32)0xDEADBABE;
 
 			module_params_t* params = findModuleParams(NDS_HEAD);
 			if(params)
diff --git a/cardengine_arm7/source/fat.c b/cardengine_arm7/source/fat.c
index 6f80db1b1..64ca39799 100644
--- a/cardengine_arm7/source/fat.c
+++ b/cardengine_arm7/source/fat.c
@@ -195,7 +195,7 @@ enum {FS_UNKNOWN, FS_FAT12, FS_FAT16, FS_FAT32} discFileSystem;
 // Global sector buffer to save on stack space
 unsigned char globalBuffer[BYTES_PER_SECTOR];
 
-#define CLUSTER_CACHE      0x3795000 // WRAM C
+#define CLUSTER_CACHE      0x3795000 // WRAM A
 #define CLUSTER_CACHE_SIZE 0x20000 // 128K
 
 #define ONE_CACHE  0x3785000 // WRAM A
diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
index 97eff6519..bf55ef32b 100644
--- a/cardengine_arm9/source/cardEngine.c
+++ b/cardengine_arm9/source/cardEngine.c
@@ -20,6 +20,9 @@
 #include <nds/fifomessages.h>
 #include "cardEngine.h"
 
+#define READ_SIZE_ARM7 0x8000
+#define MARKER_ADDRESS 0x03760000
+
 extern vu32* volatile cardStruct;
 //extern vu32* volatile cacheStruct;
 extern u32 sdk_version;
@@ -46,7 +49,7 @@ void cardRead (u32* cacheStruct) {
 	
 	u32 page = (src/512)*512;
 	
-	u32 sector = (src/0x8000)*0x8000;
+	u32 sector = (src/READ_SIZE_ARM7)*READ_SIZE_ARM7;
 	
 	// send a log command for debug purpose
 	// -------------------------------------
@@ -63,7 +66,7 @@ void cardRead (u32* cacheStruct) {
 	// -------------------------------------*/
 
 	
-	if(page == src && len > 0x8000 && dst < 0x02700000 && dst > 0x02000000 && ((u32)dst)%4==0) {
+	if(page == src && len > READ_SIZE_ARM7 && dst < 0x02700000 && dst > 0x02000000 && ((u32)dst)%4==0) {
 		// read directly at arm7 level
 		commandRead = 0x025FFB08;
 		
@@ -86,18 +89,19 @@ void cardRead (u32* cacheStruct) {
 				// send a command to the arm7 to fill the WRAM cache
 				commandRead = 0x025FFB08;
 				
+				cacheFlush();
+				
 				// transfer the WRAM-B cache to the arm7
 				REG_MBK_2=(vu32)0x8185898D;
-				REG_MBK_3=(vu32)0x9195999D;				
+				REG_MBK_3=(vu32)0x9195999D;					
 				
-				cacheFlush();
-				while(*(vu32*)(0x03748000) == (vu32)0xDEADBABE) {
-					DC_FlushRange((vu32*)0x03748000, 4);
+				while(*((vu32*)MARKER_ADDRESS) == (vu32)0xDEADBABE) {
+					DC_FlushRange((vu32*)MARKER_ADDRESS, 4);
 				}
 				
 				// write the command
 				sharedAddr[0] = 0x03740000;
-				sharedAddr[1] = 0x8000;
+				sharedAddr[1] = READ_SIZE_ARM7;
 				sharedAddr[2] = sector;
 				sharedAddr[3] = commandRead;
 				
@@ -106,18 +110,18 @@ void cardRead (u32* cacheStruct) {
 				while(sharedAddr[3] != (vu32)0);	
 				
 				// transfer back the WRAM-B cache to the arm9
-				REG_MBK_2=0x8084888C;
-				REG_MBK_3=0x9094989C;
+				REG_MBK_2=(vu32)0x8084888C;
+				REG_MBK_3=(vu32)0x9094989C;
 				
-				DC_FlushRange((vu32*)0x03748000, 4);
-				while(*(vu32*)(0x03748000) != (vu32)0xDEADBABE) {
-					DC_FlushRange((vu32*)0x03748000, 4);
+				DC_FlushRange((vu32*)MARKER_ADDRESS, 4);
+				while(*((vu32*)MARKER_ADDRESS) != (vu32)0xDEADBABE) {
+					DC_FlushRange((vu32*)MARKER_ADDRESS, 4);
 				}
 				
 				currentSector = sector;
 			}			
 			
-			if(0 && (len>512) && ((len % 32) == 0) && ((u32)dst)%4 == 0) {
+			if((len>512) && ((len % 32) == 0) && ((u32)dst)%4 == 0) {
 				// send a log command for debug purpose
 				// -------------------------------------
 				commandRead = 0x026ff800;	
@@ -137,7 +141,7 @@ void cardRead (u32* cacheStruct) {
 			} else {			
 				bool remainToRead = true;
 				u32 src2 = cardStruct[0];
-				while (remainToRead && (src2-sector < 0x8000) ) {
+				while (remainToRead && (src2-sector < READ_SIZE_ARM7) ) {
 					src2 = cardStruct[0];
 					u32 len2 = cardStruct[2];
 					u32 page2 = (src2/512)*512;
@@ -162,7 +166,7 @@ void cardRead (u32* cacheStruct) {
 					remainToRead = (*readCachedRef)(cacheStruct);
 				}
 			}
-			if(len < 0x8000) {
+			if(len < READ_SIZE_ARM7) {
 				len =0;
 				// send a log command for debug purpose
 				// -------------------------------------
@@ -181,9 +185,9 @@ void cardRead (u32* cacheStruct) {
 			}
 			else {
 				// bigger than 32k unaligned command
-				len = len - 0x8000 + (src-sector) ;
-				src = sector + 0x8000;
-				dst = dst + 0x8000 - (src-sector);
+				len = len - READ_SIZE_ARM7 + (src-sector) ;
+				src = sector + READ_SIZE_ARM7;
+				dst = dst + READ_SIZE_ARM7 - (src-sector);
 				sector = page = src;
 			}			
 		}
diff --git a/cardengine_arm9/source/card_engine_header.s b/cardengine_arm9/source/card_engine_header.s
index 6a4bcfaa0..b2713e2b4 100644
--- a/cardengine_arm9/source/card_engine_header.s
+++ b/cardengine_arm9/source/card_engine_header.s
@@ -121,14 +121,10 @@ card_read_arm9:
 @---------------------------------------------------------------------------------
     stmfd   sp!, {r4-r11,lr}
 		
-	@ get back the WRAM B & C to arm9
-	ldr     r4,=0x4004044     
+	@ get back the WRAM C to arm9    
     ldr     r1,=0x8084888C	
-	sub     r2, r4, #(0x4004044 - 0x4004048)
 	ldr     r3,=0x9094989C
-	str     r1,[r4]
-	str     r3,[r2]
-	sub     r4, r2, #(0x4004048 - 0x400404C)
+	ldr     r4,=0x400404C 
 	sub     r2, r4, #(0x400404C - 0x4004050)
 	str     r1,[r4]
 	str     r3,[r2]

From 9296c5c8afc680e9349c3e919f488f5d3fe132fc Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Mon, 23 Jan 2017 22:50:55 +0100
Subject: [PATCH 31/40] Set REG_MBK using vu8

---
 bootloader/source/boot.c            |  6 +++--
 cardengine_arm9/source/cardEngine.c | 38 ++++++++++++++++++-----------
 2 files changed, 28 insertions(+), 16 deletions(-)

diff --git a/bootloader/source/boot.c b/bootloader/source/boot.c
index 42980c8eb..737baa44a 100644
--- a/bootloader/source/boot.c
+++ b/bootloader/source/boot.c
@@ -72,7 +72,8 @@ void sdmmc_controller_init();
 #define CHEAT_DATA_LOCATION  	0x06010000
 #define ENGINE_LOCATION_ARM7  	0x03780000
 #define ENGINE_LOCATION_ARM9  	0x03700000
-#define MARKER_ADDRESS 			0x03760000
+#define MARKER_ADDRESS_1 0x03740000
+#define MARKER_ADDRESS_2 0x03746004
 
 const char* bootName = "BOOT.NDS";
 
@@ -356,7 +357,8 @@ int main (void) {
 			copyLoop (ENGINE_LOCATION_ARM9, (u32*)cardengine_arm9_bin, cardengine_arm9_bin_size);	
 			
 			// set a synchronisation marker on the WRAM block 
-			*((vu32*)MARKER_ADDRESS) = (vu32)0xDEADBABE;
+			*((vu32*)MARKER_ADDRESS_1) = (vu32)0xDEADBABE;
+			*((vu32*)MARKER_ADDRESS_2) = (vu32)0xDEADBABE;			
 
 			module_params_t* params = findModuleParams(NDS_HEAD);
 			if(params)
diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
index bf55ef32b..bb75b8ce7 100644
--- a/cardengine_arm9/source/cardEngine.c
+++ b/cardengine_arm9/source/cardEngine.c
@@ -20,8 +20,11 @@
 #include <nds/fifomessages.h>
 #include "cardEngine.h"
 
-#define READ_SIZE_ARM7 0x8000
-#define MARKER_ADDRESS 0x03760000
+#define READ_SIZE_ARM7 0x6000
+#define MARKER_ADDRESS_1 0x03740000
+#define MARKER_ADDRESS_2 0x03746004
+#define BUFFER_ADDRESS 0x03740004
+#define REG_MBK_B	(*(vu8*)0x4004047)
 
 extern vu32* volatile cardStruct;
 //extern vu32* volatile cacheStruct;
@@ -92,15 +95,18 @@ void cardRead (u32* cacheStruct) {
 				cacheFlush();
 				
 				// transfer the WRAM-B cache to the arm7
-				REG_MBK_2=(vu32)0x8185898D;
-				REG_MBK_3=(vu32)0x9195999D;					
+				REG_MBK_B=(vu8)0x81;					
 				
-				while(*((vu32*)MARKER_ADDRESS) == (vu32)0xDEADBABE) {
-					DC_FlushRange((vu32*)MARKER_ADDRESS, 4);
+				while(*((vu32*)MARKER_ADDRESS_1) == (vu32)0xDEADBABE) {
+					DC_FlushRange((vu32*)MARKER_ADDRESS_1, 4);
+				}
+				
+				while(*((vu32*)MARKER_ADDRESS_2) == (vu32)0xDEADBABE) {
+					DC_FlushRange((vu32*)MARKER_ADDRESS_2, 4);
 				}
 				
 				// write the command
-				sharedAddr[0] = 0x03740000;
+				sharedAddr[0] = BUFFER_ADDRESS;
 				sharedAddr[1] = READ_SIZE_ARM7;
 				sharedAddr[2] = sector;
 				sharedAddr[3] = commandRead;
@@ -110,12 +116,16 @@ void cardRead (u32* cacheStruct) {
 				while(sharedAddr[3] != (vu32)0);	
 				
 				// transfer back the WRAM-B cache to the arm9
-				REG_MBK_2=(vu32)0x8084888C;
-				REG_MBK_3=(vu32)0x9094989C;
+				REG_MBK_B=(vu8)0x80;
+				
+				DC_FlushRange((vu32*)MARKER_ADDRESS_1, 4);
+				while(*((vu32*)MARKER_ADDRESS_1) != (vu32)0xDEADBABE) {
+					DC_FlushRange((vu32*)MARKER_ADDRESS_1, 4);
+				}
 				
-				DC_FlushRange((vu32*)MARKER_ADDRESS, 4);
-				while(*((vu32*)MARKER_ADDRESS) != (vu32)0xDEADBABE) {
-					DC_FlushRange((vu32*)MARKER_ADDRESS, 4);
+				DC_FlushRange((vu32*)MARKER_ADDRESS_2, 4);
+				while(*((vu32*)MARKER_ADDRESS_2) != (vu32)0xDEADBABE) {
+					DC_FlushRange((vu32*)MARKER_ADDRESS_2, 4);
 				}
 				
 				currentSector = sector;
@@ -128,7 +138,7 @@ void cardRead (u32* cacheStruct) {
 				
 				sharedAddr[0] = dst;
 				sharedAddr[1] = len;
-				sharedAddr[2] = 0x03740000+src-sector;
+				sharedAddr[2] = BUFFER_ADDRESS+src-sector;
 				sharedAddr[3] = commandRead;
 				
 				IPC_SendSync(0xEE24);
@@ -161,7 +171,7 @@ void cardRead (u32* cacheStruct) {
 					// -------------------------------------*/
 						
 					// read via the 512b ram cache
-					fastCopy32(0x03740000+page2-sector, cacheBuffer, 512);
+					fastCopy32(BUFFER_ADDRESS+page2-sector, cacheBuffer, 512);
 					*cachePage = page2;
 					remainToRead = (*readCachedRef)(cacheStruct);
 				}

From e473f251f07f8248efb0209ed4ebbfc6f5bbead0 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Mon, 23 Jan 2017 23:08:35 +0100
Subject: [PATCH 32/40] bug fix

---
 cardengine_arm9/source/cardEngine.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
index bb75b8ce7..137518a96 100644
--- a/cardengine_arm9/source/cardEngine.c
+++ b/cardengine_arm9/source/cardEngine.c
@@ -54,7 +54,7 @@ void cardRead (u32* cacheStruct) {
 	
 	u32 sector = (src/READ_SIZE_ARM7)*READ_SIZE_ARM7;
 	
-	// send a log command for debug purpose
+	/*// send a log command for debug purpose
 	// -------------------------------------
 	commandRead = 0x026ff800;	
 	
@@ -132,7 +132,7 @@ void cardRead (u32* cacheStruct) {
 			}			
 			
 			if((len>512) && ((len % 32) == 0) && ((u32)dst)%4 == 0) {
-				// send a log command for debug purpose
+				/*// send a log command for debug purpose
 				// -------------------------------------
 				commandRead = 0x026ff800;	
 				
@@ -147,7 +147,7 @@ void cardRead (u32* cacheStruct) {
 				// -------------------------------------*/
 			
 				// copy directly
-				fastCopy32(0x03740000+src-sector,dst,len);	
+				fastCopy32(BUFFER_ADDRESS+src-sector,dst,len);	
 			} else {			
 				bool remainToRead = true;
 				u32 src2 = cardStruct[0];
@@ -178,7 +178,7 @@ void cardRead (u32* cacheStruct) {
 			}
 			if(len < READ_SIZE_ARM7) {
 				len =0;
-				// send a log command for debug purpose
+				/*// send a log command for debug purpose
 				// -------------------------------------
 				commandRead = 0x026ff800;	
 				

From 6b3fe21592e8fb30a744a465044b4b96c3502ab2 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Tue, 24 Jan 2017 01:36:27 +0100
Subject: [PATCH 33/40] Remove uneeded synchronization

---
 cardengine_arm7/source/cardEngine.c         |  2 ++
 cardengine_arm9/Makefile                    |  2 +-
 cardengine_arm9/source/cardEngine.c         | 26 ++++++++++-----------
 cardengine_arm9/source/card_engine_header.s | 20 +++++++---------
 4 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/cardengine_arm7/source/cardEngine.c b/cardengine_arm7/source/cardEngine.c
index 7b4238fda..c5e753caf 100644
--- a/cardengine_arm7/source/cardEngine.c
+++ b/cardengine_arm7/source/cardEngine.c
@@ -248,6 +248,8 @@ bool eepromRead (u32 src, void *dst, u32 len) {
 	dbg_hexa(len);
 	
 	fileRead(dst,savFile,src,len);
+	
+	return true;
 }
 
 bool eepromPageWrite (u32 dst, const void *src, u32 len) {
diff --git a/cardengine_arm9/Makefile b/cardengine_arm9/Makefile
index f3bcd2e25..cff8f1523 100644
--- a/cardengine_arm9/Makefile
+++ b/cardengine_arm9/Makefile
@@ -33,7 +33,7 @@ CFLAGS	:=	-g -Wall -O2\
 			-ffast-math \
 			$(ARCH)
 
-CFLAGS	+=	$(INCLUDE) -DARM9 -std=gnu99
+CFLAGS	+=	$(INCLUDE) -DARM9 -fPIC -std=gnu99
 
 CXXFLAGS	:= $(CFLAGS) -fno-rtti -fno-exceptions
 
diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
index 137518a96..32896335e 100644
--- a/cardengine_arm9/source/cardEngine.c
+++ b/cardengine_arm9/source/cardEngine.c
@@ -20,10 +20,10 @@
 #include <nds/fifomessages.h>
 #include "cardEngine.h"
 
-#define READ_SIZE_ARM7 0x6000
+#define READ_SIZE_ARM7 0x8000
 #define MARKER_ADDRESS_1 0x03740000
 #define MARKER_ADDRESS_2 0x03746004
-#define BUFFER_ADDRESS 0x03740004
+#define BUFFER_ADDRESS 0x03740000
 #define REG_MBK_B	(*(vu8*)0x4004047)
 
 extern vu32* volatile cardStruct;
@@ -43,11 +43,11 @@ u32 cardId (void) {
 void cardRead (u32* cacheStruct) {
 	//nocashMessage("\narm9 cardRead\n");	
 	
-	u32* cacheBuffer = cacheStruct + 8;
+	u8* cacheBuffer = (u8*)(cacheStruct + 8);
 	u32* cachePage = cacheStruct + 2;
 	u32 commandRead;
 	u32 src = cardStruct[0];
-	u32* dst = (u32*) (cardStruct[1]);
+	u8* dst = (u8*) (cardStruct[1]);
 	u32 len = cardStruct[2];
 	
 	u32 page = (src/512)*512;
@@ -92,18 +92,19 @@ void cardRead (u32* cacheStruct) {
 				// send a command to the arm7 to fill the WRAM cache
 				commandRead = 0x025FFB08;
 				
+				//DC_FlushRange((vu32*)BUFFER_ADDRESS, READ_SIZE_ARM7);
 				cacheFlush();
 				
 				// transfer the WRAM-B cache to the arm7
 				REG_MBK_B=(vu8)0x81;					
 				
-				while(*((vu32*)MARKER_ADDRESS_1) == (vu32)0xDEADBABE) {
+				/*while(*((vu32*)MARKER_ADDRESS_1) == (vu32)0xDEADBABE) {
 					DC_FlushRange((vu32*)MARKER_ADDRESS_1, 4);
 				}
 				
 				while(*((vu32*)MARKER_ADDRESS_2) == (vu32)0xDEADBABE) {
 					DC_FlushRange((vu32*)MARKER_ADDRESS_2, 4);
-				}
+				}*/
 				
 				// write the command
 				sharedAddr[0] = BUFFER_ADDRESS;
@@ -118,7 +119,7 @@ void cardRead (u32* cacheStruct) {
 				// transfer back the WRAM-B cache to the arm9
 				REG_MBK_B=(vu8)0x80;
 				
-				DC_FlushRange((vu32*)MARKER_ADDRESS_1, 4);
+				/*DC_FlushRange((vu32*)MARKER_ADDRESS_1, 4);
 				while(*((vu32*)MARKER_ADDRESS_1) != (vu32)0xDEADBABE) {
 					DC_FlushRange((vu32*)MARKER_ADDRESS_1, 4);
 				}
@@ -126,7 +127,7 @@ void cardRead (u32* cacheStruct) {
 				DC_FlushRange((vu32*)MARKER_ADDRESS_2, 4);
 				while(*((vu32*)MARKER_ADDRESS_2) != (vu32)0xDEADBABE) {
 					DC_FlushRange((vu32*)MARKER_ADDRESS_2, 4);
-				}
+				}*/
 				
 				currentSector = sector;
 			}			
@@ -147,11 +148,11 @@ void cardRead (u32* cacheStruct) {
 				// -------------------------------------*/
 			
 				// copy directly
-				fastCopy32(BUFFER_ADDRESS+src-sector,dst,len);	
+				fastCopy32(BUFFER_ADDRESS+(src-currentSector),dst,len);	
 			} else {			
 				bool remainToRead = true;
 				u32 src2 = cardStruct[0];
-				while (remainToRead && (src2-sector < READ_SIZE_ARM7) ) {
+				while (remainToRead && (src2-currentSector < READ_SIZE_ARM7) ) {
 					src2 = cardStruct[0];
 					u32 len2 = cardStruct[2];
 					u32 page2 = (src2/512)*512;
@@ -171,7 +172,7 @@ void cardRead (u32* cacheStruct) {
 					// -------------------------------------*/
 						
 					// read via the 512b ram cache
-					fastCopy32(BUFFER_ADDRESS+page2-sector, cacheBuffer, 512);
+					fastCopy32(BUFFER_ADDRESS+(page2-currentSector), cacheBuffer, 512);
 					*cachePage = page2;
 					remainToRead = (*readCachedRef)(cacheStruct);
 				}
@@ -192,8 +193,7 @@ void cardRead (u32* cacheStruct) {
 				while(sharedAddr[3] != (vu32)0);
 				// -------------------------------------*/
 			
-			}
-			else {
+			} else {
 				// bigger than 32k unaligned command
 				len = len - READ_SIZE_ARM7 + (src-sector) ;
 				src = sector + READ_SIZE_ARM7;
diff --git a/cardengine_arm9/source/card_engine_header.s b/cardengine_arm9/source/card_engine_header.s
index b2713e2b4..ce22ff339 100644
--- a/cardengine_arm9/source/card_engine_header.s
+++ b/cardengine_arm9/source/card_engine_header.s
@@ -122,19 +122,17 @@ card_read_arm9:
     stmfd   sp!, {r4-r11,lr}
 		
 	@ get back the WRAM C to arm9    
-    ldr     r1,=0x8084888C	
-	ldr     r3,=0x9094989C
-	ldr     r4,=0x400404C 
-	sub     r2, r4, #(0x400404C - 0x4004050)
-	str     r1,[r4]
-	str     r3,[r2]
+	ldr     R3,=0x4004000 	
+	MOV     R2, #0xFFFFFF80	
+	STRB    R2, [R3,#0x4F]
 	
 	ldr		r3, =cardRead
-	ldr     r1, =0xE92D4FF0
-wait_for_wram_card_read:
-	ldr     r2, [r3]
-	cmp     r1, r2
-	bne     wait_for_wram_card_read
+	
+	@ldr     r1, =0xE92D4FF0
+@wait_for_wram_card_read:
+	@ldr     r2, [r3]
+	@cmp     r1, r2
+	@bne     wait_for_wram_card_read
 	
 	bl		_blx_r3_stub_card_read	
 

From 3a15f358a23c864ddbcac14b87dad64c07734828 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Tue, 24 Jan 2017 19:49:06 +0100
Subject: [PATCH 34/40] try to fix the bug

---
 cardengine_arm7/source/cardEngine.c         |  7 +++--
 cardengine_arm9/source/cardEngine.c         | 31 ++++++++++++---------
 cardengine_arm9/source/card_engine_header.s |  5 ++++
 3 files changed, 27 insertions(+), 16 deletions(-)

diff --git a/cardengine_arm7/source/cardEngine.c b/cardengine_arm7/source/cardEngine.c
index c5e753caf..baa29c1f7 100644
--- a/cardengine_arm7/source/cardEngine.c
+++ b/cardengine_arm7/source/cardEngine.c
@@ -142,7 +142,7 @@ void runCardEngineCheck (void) {
 	
 	if(*(vu32*)(0x027FFB14) == (vu32)0x025FFB08)
     {
-        //dbg_printf("\ncard read received v2\n");
+        dbg_printf("\ncard read received v2\n");
 		
 		if(calledViaIPC) {
 			//dbg_printf("\ntriggered via IPC\n");
@@ -154,7 +154,7 @@ void runCardEngineCheck (void) {
 		u32 len = *(vu32*)(sharedAddr+1);
 		u32 marker = *(vu32*)(sharedAddr+3);
 		
-		/*dbg_printf("\nstr : \n");
+		dbg_printf("\nstr : \n");
 		dbg_hexa(cardStruct);		
 		dbg_printf("\nsrc : \n");
 		dbg_hexa(src);		
@@ -163,7 +163,8 @@ void runCardEngineCheck (void) {
 		dbg_printf("\nlen : \n");
 		dbg_hexa(len);
 		dbg_printf("\nmarker : \n");
-		dbg_hexa(marker);*/
+		dbg_hexa(marker);
+		//*/
 		
 		fileRead(dst,romFile,src,len);
 		
diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
index 32896335e..f5ca3e86c 100644
--- a/cardengine_arm9/source/cardEngine.c
+++ b/cardengine_arm9/source/cardEngine.c
@@ -54,7 +54,7 @@ void cardRead (u32* cacheStruct) {
 	
 	u32 sector = (src/READ_SIZE_ARM7)*READ_SIZE_ARM7;
 	
-	/*// send a log command for debug purpose
+	// send a log command for debug purpose
 	// -------------------------------------
 	commandRead = 0x026ff800;	
 	
@@ -130,10 +130,15 @@ void cardRead (u32* cacheStruct) {
 				}*/
 				
 				currentSector = sector;
-			}			
+			}		
+		
+			u32 len2=len;
+			if((src - currentSector) + len2 > READ_SIZE_ARM7){
+				len2 = len2 - ((src - currentSector) + len2 - READ_SIZE_ARM7);
+			}
 			
-			if((len>512) && ((len % 32) == 0) && ((u32)dst)%4 == 0) {
-				/*// send a log command for debug purpose
+			if((len2>512) && ((len2 % 32) == 0) && ((u32)dst)%4 == 0) {
+				// send a log command for debug purpose
 				// -------------------------------------
 				commandRead = 0x026ff800;	
 				
@@ -148,16 +153,15 @@ void cardRead (u32* cacheStruct) {
 				// -------------------------------------*/
 			
 				// copy directly
-				fastCopy32(BUFFER_ADDRESS+(src-currentSector),dst,len);	
+				fastCopy32(BUFFER_ADDRESS+(src-currentSector),dst,len2);	
 			} else {			
 				bool remainToRead = true;
 				u32 src2 = cardStruct[0];
 				while (remainToRead && (src2-currentSector < READ_SIZE_ARM7) ) {
 					src2 = cardStruct[0];
-					u32 len2 = cardStruct[2];
 					u32 page2 = (src2/512)*512;
 					
-					/*// send a log command for debug purpose
+					// send a log command for debug purpose
 					// -------------------------------------
 					commandRead = 0x026ff800;	
 					
@@ -177,9 +181,9 @@ void cardRead (u32* cacheStruct) {
 					remainToRead = (*readCachedRef)(cacheStruct);
 				}
 			}
-			if(len < READ_SIZE_ARM7) {
+			if(len == len2) {
 				len =0;
-				/*// send a log command for debug purpose
+				// send a log command for debug purpose
 				// -------------------------------------
 				commandRead = 0x026ff800;	
 				
@@ -195,10 +199,11 @@ void cardRead (u32* cacheStruct) {
 			
 			} else {
 				// bigger than 32k unaligned command
-				len = len - READ_SIZE_ARM7 + (src-sector) ;
-				src = sector + READ_SIZE_ARM7;
-				dst = dst + READ_SIZE_ARM7 - (src-sector);
-				sector = page = src;
+				len = len - len2;
+				src = src + len2;
+				dst = dst + len2;
+				page = (src/512)*512;
+				sector = (src/READ_SIZE_ARM7)*READ_SIZE_ARM7;
 			}			
 		}
 	}	
diff --git a/cardengine_arm9/source/card_engine_header.s b/cardengine_arm9/source/card_engine_header.s
index ce22ff339..b243c36ca 100644
--- a/cardengine_arm9/source/card_engine_header.s
+++ b/cardengine_arm9/source/card_engine_header.s
@@ -128,6 +128,11 @@ card_read_arm9:
 	
 	ldr		r3, =cardRead
 	
+	mov     r1, #0x200000
+	wait_loop_card_read_arm9:
+		subs    r1, r1, #1
+		bgt     wait_loop_card_read_arm9
+	
 	@ldr     r1, =0xE92D4FF0
 @wait_for_wram_card_read:
 	@ldr     r2, [r3]

From 34604afb0c6b511b4a2b8789d2433ef0f5d0fc68 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Tue, 24 Jan 2017 19:49:39 +0100
Subject: [PATCH 35/40] remove test

---
 cardengine_arm9/source/card_engine_header.s | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/cardengine_arm9/source/card_engine_header.s b/cardengine_arm9/source/card_engine_header.s
index b243c36ca..ce22ff339 100644
--- a/cardengine_arm9/source/card_engine_header.s
+++ b/cardengine_arm9/source/card_engine_header.s
@@ -128,11 +128,6 @@ card_read_arm9:
 	
 	ldr		r3, =cardRead
 	
-	mov     r1, #0x200000
-	wait_loop_card_read_arm9:
-		subs    r1, r1, #1
-		bgt     wait_loop_card_read_arm9
-	
 	@ldr     r1, =0xE92D4FF0
 @wait_for_wram_card_read:
 	@ldr     r2, [r3]

From 5c7332f54153a8c0bffd3edd51aa4b29c7db97b7 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Tue, 24 Jan 2017 23:50:58 +0100
Subject: [PATCH 36/40] bug fixes

---
 cardengine_arm9/source/cardEngine.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
index f5ca3e86c..07bab15af 100644
--- a/cardengine_arm9/source/cardEngine.c
+++ b/cardengine_arm9/source/cardEngine.c
@@ -143,7 +143,7 @@ void cardRead (u32* cacheStruct) {
 				commandRead = 0x026ff800;	
 				
 				sharedAddr[0] = dst;
-				sharedAddr[1] = len;
+				sharedAddr[1] = len2;
 				sharedAddr[2] = BUFFER_ADDRESS+src-sector;
 				sharedAddr[3] = commandRead;
 				
@@ -157,15 +157,14 @@ void cardRead (u32* cacheStruct) {
 			} else {			
 				bool remainToRead = true;
 				u32 src2 = cardStruct[0];
-				while (remainToRead && (src2-currentSector < READ_SIZE_ARM7) ) {
-					src2 = cardStruct[0];
+				while (remainToRead && (src2-currentSector+512 <= READ_SIZE_ARM7) ) {
 					u32 page2 = (src2/512)*512;
 					
 					// send a log command for debug purpose
 					// -------------------------------------
 					commandRead = 0x026ff800;	
 					
-					sharedAddr[0] = cacheBuffer;
+					sharedAddr[0] = page2;
 					sharedAddr[1] = len2;
 					sharedAddr[2] = 0x03740000+page2-sector;
 					sharedAddr[3] = commandRead;
@@ -179,6 +178,7 @@ void cardRead (u32* cacheStruct) {
 					fastCopy32(BUFFER_ADDRESS+(page2-currentSector), cacheBuffer, 512);
 					*cachePage = page2;
 					remainToRead = (*readCachedRef)(cacheStruct);
+					src2 = cardStruct[0];
 				}
 			}
 			if(len == len2) {

From b9447302d70849d844971ba255a5685a873d08f9 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Tue, 24 Jan 2017 23:54:12 +0100
Subject: [PATCH 37/40] Comment out logging : it works !!

---
 cardengine_arm7/source/cardEngine.c | 4 ++--
 cardengine_arm9/source/cardEngine.c | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/cardengine_arm7/source/cardEngine.c b/cardengine_arm7/source/cardEngine.c
index baa29c1f7..7eb3ca471 100644
--- a/cardengine_arm7/source/cardEngine.c
+++ b/cardengine_arm7/source/cardEngine.c
@@ -142,7 +142,7 @@ void runCardEngineCheck (void) {
 	
 	if(*(vu32*)(0x027FFB14) == (vu32)0x025FFB08)
     {
-        dbg_printf("\ncard read received v2\n");
+        //dbg_printf("\ncard read received v2\n");
 		
 		if(calledViaIPC) {
 			//dbg_printf("\ntriggered via IPC\n");
@@ -154,7 +154,7 @@ void runCardEngineCheck (void) {
 		u32 len = *(vu32*)(sharedAddr+1);
 		u32 marker = *(vu32*)(sharedAddr+3);
 		
-		dbg_printf("\nstr : \n");
+		/*dbg_printf("\nstr : \n");
 		dbg_hexa(cardStruct);		
 		dbg_printf("\nsrc : \n");
 		dbg_hexa(src);		
diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
index 07bab15af..e6ac5e8a1 100644
--- a/cardengine_arm9/source/cardEngine.c
+++ b/cardengine_arm9/source/cardEngine.c
@@ -54,7 +54,7 @@ void cardRead (u32* cacheStruct) {
 	
 	u32 sector = (src/READ_SIZE_ARM7)*READ_SIZE_ARM7;
 	
-	// send a log command for debug purpose
+	/*// send a log command for debug purpose
 	// -------------------------------------
 	commandRead = 0x026ff800;	
 	
@@ -138,7 +138,7 @@ void cardRead (u32* cacheStruct) {
 			}
 			
 			if((len2>512) && ((len2 % 32) == 0) && ((u32)dst)%4 == 0) {
-				// send a log command for debug purpose
+				/*// send a log command for debug purpose
 				// -------------------------------------
 				commandRead = 0x026ff800;	
 				
@@ -160,7 +160,7 @@ void cardRead (u32* cacheStruct) {
 				while (remainToRead && (src2-currentSector+512 <= READ_SIZE_ARM7) ) {
 					u32 page2 = (src2/512)*512;
 					
-					// send a log command for debug purpose
+					/*// send a log command for debug purpose
 					// -------------------------------------
 					commandRead = 0x026ff800;	
 					
@@ -184,7 +184,7 @@ void cardRead (u32* cacheStruct) {
 			if(len == len2) {
 				len =0;
 				// send a log command for debug purpose
-				// -------------------------------------
+				/*// -------------------------------------
 				commandRead = 0x026ff800;	
 				
 				sharedAddr[0] = dst;

From f0c019a684e2baad9ea8a0010385a66e853d71d5 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Wed, 25 Jan 2017 00:06:12 +0100
Subject: [PATCH 38/40] one bug less

---
 cardengine_arm9/source/cardEngine.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
index e6ac5e8a1..3264a3d0d 100644
--- a/cardengine_arm9/source/cardEngine.c
+++ b/cardengine_arm9/source/cardEngine.c
@@ -54,7 +54,7 @@ void cardRead (u32* cacheStruct) {
 	
 	u32 sector = (src/READ_SIZE_ARM7)*READ_SIZE_ARM7;
 	
-	/*// send a log command for debug purpose
+	// send a log command for debug purpose
 	// -------------------------------------
 	commandRead = 0x026ff800;	
 	
@@ -138,7 +138,7 @@ void cardRead (u32* cacheStruct) {
 			}
 			
 			if((len2>512) && ((len2 % 32) == 0) && ((u32)dst)%4 == 0) {
-				/*// send a log command for debug purpose
+				// send a log command for debug purpose
 				// -------------------------------------
 				commandRead = 0x026ff800;	
 				
@@ -154,13 +154,18 @@ void cardRead (u32* cacheStruct) {
 			
 				// copy directly
 				fastCopy32(BUFFER_ADDRESS+(src-currentSector),dst,len2);	
+				
+				// update cardi common
+				cardStruct[0] = src+len2;
+				cardStruct[1] = dst + len2;
+				cardStruct[2] = len - len2;
 			} else {			
 				bool remainToRead = true;
 				u32 src2 = cardStruct[0];
 				while (remainToRead && (src2-currentSector+512 <= READ_SIZE_ARM7) ) {
 					u32 page2 = (src2/512)*512;
 					
-					/*// send a log command for debug purpose
+					// send a log command for debug purpose
 					// -------------------------------------
 					commandRead = 0x026ff800;	
 					
@@ -184,7 +189,7 @@ void cardRead (u32* cacheStruct) {
 			if(len == len2) {
 				len =0;
 				// send a log command for debug purpose
-				/*// -------------------------------------
+				// -------------------------------------
 				commandRead = 0x026ff800;	
 				
 				sharedAddr[0] = dst;

From 4f19414b142c16f336b68be03a13b7aa079db976 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Wed, 25 Jan 2017 00:21:18 +0100
Subject: [PATCH 39/40] one last bug removed

---
 cardengine_arm9/source/cardEngine.c | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
index 3264a3d0d..bf19b15c6 100644
--- a/cardengine_arm9/source/cardEngine.c
+++ b/cardengine_arm9/source/cardEngine.c
@@ -54,7 +54,7 @@ void cardRead (u32* cacheStruct) {
 	
 	u32 sector = (src/READ_SIZE_ARM7)*READ_SIZE_ARM7;
 	
-	// send a log command for debug purpose
+	/*// send a log command for debug purpose
 	// -------------------------------------
 	commandRead = 0x026ff800;	
 	
@@ -138,7 +138,7 @@ void cardRead (u32* cacheStruct) {
 			}
 			
 			if((len2>512) && ((len2 % 32) == 0) && ((u32)dst)%4 == 0) {
-				// send a log command for debug purpose
+				/*// send a log command for debug purpose
 				// -------------------------------------
 				commandRead = 0x026ff800;	
 				
@@ -156,16 +156,16 @@ void cardRead (u32* cacheStruct) {
 				fastCopy32(BUFFER_ADDRESS+(src-currentSector),dst,len2);	
 				
 				// update cardi common
-				cardStruct[0] = src+len2;
+				cardStruct[0] = src + len2;
 				cardStruct[1] = dst + len2;
 				cardStruct[2] = len - len2;
 			} else {			
 				bool remainToRead = true;
 				u32 src2 = cardStruct[0];
-				while (remainToRead && (src2-currentSector+512 <= READ_SIZE_ARM7) ) {
+				while (remainToRead && (src2-currentSector < READ_SIZE_ARM7) ) {
 					u32 page2 = (src2/512)*512;
 					
-					// send a log command for debug purpose
+					/*// send a log command for debug purpose
 					// -------------------------------------
 					commandRead = 0x026ff800;	
 					
@@ -188,7 +188,7 @@ void cardRead (u32* cacheStruct) {
 			}
 			if(len == len2) {
 				len =0;
-				// send a log command for debug purpose
+				/*// send a log command for debug purpose
 				// -------------------------------------
 				commandRead = 0x026ff800;	
 				
@@ -204,9 +204,9 @@ void cardRead (u32* cacheStruct) {
 			
 			} else {
 				// bigger than 32k unaligned command
-				len = len - len2;
-				src = src + len2;
-				dst = dst + len2;
+				len = cardStruct[2];
+				src = cardStruct[0];
+				dst = cardStruct[1];
 				page = (src/512)*512;
 				sector = (src/READ_SIZE_ARM7)*READ_SIZE_ARM7;
 			}			

From 492827bf72843552d075aa9fa63ecde74729d6b7 Mon Sep 17 00:00:00 2001
From: ahezard <ahezard@gmail.com>
Date: Wed, 25 Jan 2017 00:53:32 +0100
Subject: [PATCH 40/40] Fix bug with somes games

---
 bootloader/source/card_patcher.c    | 10 ++++++++++
 cardengine_arm9/source/cardEngine.c |  4 ++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/bootloader/source/card_patcher.c b/bootloader/source/card_patcher.c
index 3db6d24dd..6a57afa59 100644
--- a/bootloader/source/card_patcher.c
+++ b/bootloader/source/card_patcher.c
@@ -68,6 +68,8 @@ u32 mpuInitRegion1Data1[1] = {0x200002D};
 // sdk >= 4 version
 u32 mpuInitRegion1Data4[1] = {0x200002D};
 
+u32 mpuInitRegion1DataAlt[1] = {0x200002B};
+
 u32 mpuInitRegion2Signature[1] = {0xEE060F12};
 // sdk < 3 version
 u32 mpuInitRegion2Data1[1] = {0x27C0023};
@@ -292,6 +294,14 @@ u32 patchCardNdsArm9 (const tNDSHeader* ndsHeader, u32* cardEngineLocation, modu
 		}
 	}	
 	
+	if(!mpuDataOffset) {
+		// try to found it
+		for (int i = 0; i<0x100; i++) {
+			mpuDataOffset = (u32*)(mpuStartOffset+i);
+			if(((*mpuDataOffset) & 0xFFFFFF00) == 0x02000000) break;
+		}
+	}
+	
 	if(mpuDataOffset) {
 		// change the region 1 configuration
 		*mpuDataOffset = PAGE_32M  | 0x02000000 | 1;	
diff --git a/cardengine_arm9/source/cardEngine.c b/cardengine_arm9/source/cardEngine.c
index bf19b15c6..b57b19a01 100644
--- a/cardengine_arm9/source/cardEngine.c
+++ b/cardengine_arm9/source/cardEngine.c
@@ -92,8 +92,8 @@ void cardRead (u32* cacheStruct) {
 				// send a command to the arm7 to fill the WRAM cache
 				commandRead = 0x025FFB08;
 				
-				//DC_FlushRange((vu32*)BUFFER_ADDRESS, READ_SIZE_ARM7);
-				cacheFlush();
+				DC_FlushRange((vu32*)BUFFER_ADDRESS, READ_SIZE_ARM7);
+				//cacheFlush();
 				
 				// transfer the WRAM-B cache to the arm7
 				REG_MBK_B=(vu8)0x81;