My findings while reverse-engineering Pokémon Super Mystery Dungeon for the 3DS. Includes writeups for discovered game mechanics and an importable Ghidra project XML that includes function names etc.
- Obtain the game ROM (US version) by for example dumping the cartridge using GodMode9.
- Extract the ExeFS of the rom using a tool such as .Net 3DS toolkit .
- Convert the 3DS executable into an ELF using ctr-elf. MD-5 checksum should be
818A4462B4D1977D2135AEC37956A375. - Create a new Ghidra project, import the ELF-file, but do not analyze the file.
- Go to File -> Add to program and choose the XML-file from this repository.
Unfortunately, since Ghidra doesn't export local variable names for some reason, the only way for me to share them is by sharing the decompiled output of the well-annotated functions as text-files. They can be found in this repository.
- CTRPluginFramework3DS to perform narrowing RAM searches for values. These memory addresses can then be used as watchpoints for finding relevant functions in the code.
- The GDB stub in the Luma 3DS custom firmware to perform active analysis, i.e. debug the game on console.