Hack ROM to force a Language | | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

So I noticed there was an Action Replay code to force a NDS game to load the required language:

I have figured out a way to hack the NDS rom to load the required language. No Action Replay codes needed. I’m aware that some tools like the TwilightMenu++ allow you to do this, but this is more useful if you are injecting a NDS rom into a NDS Wii U Virtual Console game (

To find out what languages a NDS game supports, I would recommend checking this website ( It sadly doesn’t explain if the language loaded is based on the firmware, or if the user can pick (sometimes both methods are used). That you have to find out yourself.

From the few roms I have tried, this method seems to work perfectly. I will use Super Princess Peach (Europe) as a demonstration. This game supports English, French, German, Spanish, and Italian, and loads the language that is based on the firmware setting (if language is set to Japanese, the game will load in English).

Download the tools:

Install Notepad++:

1 – Extract the contents of the “Force Language Tools.7z” files.
2 – Place a copy of the NDS rom into the main “Force Language Tools” folder.

3 – Open DsSmuMe emulator: desmume-0.9.11-win32 > DeSmuME_0.9.11_x86.exe
4 – Click: Config > Firmware Settings


5 – Change “Language:” to the one you want to load.


6 – The required language will have loaded. In this example, Spanish has loaded, and there is no way select a different language in the game.


7 – Open: dsbuff_v1Final > dsbuff.exe
8 – Click “Browse…” and open the NDS rom.


9 – Click “Unpack”.


10 – Click on “Info” button next to the “Directory” text box.


11 – Locate and click on the “rom” folder.

Note: Make sure there is nothing inside the folder. If there is, then delete the contents.


12 – Click the “Green Tick” to unpack the contents.


13 – This will open a new folder. This is the contents of the rom.
14 – Make a copy of “arm9.bin” file.


15 – Place a copy of “arm9.bin” into the main folder.


16 – Open: no$gba > NO$GBA.EXE
17 – Click: Debug > Define Break/Condition


18 – Type in the following: [027FFCE4]?


19 – Click: Cartridge menu (FileName)
20 – Open the NDS rom.


21 – The game should freeze on the following instruction: add r0,r12,6h


22 – What we are interested in is the instruction above. It should be: ldrh r2,[r12,64h]

What it is doing is taking the R12 address, adding 64 hex bytes to the address, and storing the value stored at the new address into R2. So: 027FFC80 + hex(64) = 027FFCE4

That is the RAM offset that stores the language that is set in the firmware. What we are going to do is change the instruction to always load the required language value into R2.

Make a note of the address the “ldrh” is stored at. In this example: 020C98FC


23 – In the main folder, open “compile.asm” in Notepad++.


24 – Take the address you made a note of in Step 22, and remove the 02 from the beginning.

For example: 020C98FC > 0C98FC

At Line 20, place the new address after the “0x”:


25 – At Line 22, change the “English” text to one of the following:

  • English
  • French
  • German
  • Spanish
  • Italian
  • Japanese

26 – Save the changes to the “compile.asm” file.
27 – Click on the “make.bat” file in the main folder.


28 – If you see this message, the instruction was changed.


29 – Click the “Pack” icon.
30 – Click on “Info” button next to the “ROM Contents” text box.


31 – Locate and click on “rom” folder.


32 – Click the “Green Tick” to pack the contents.


33 – Choose a location to save the new NDS rom to, and give it a new name.


34 – Use the DeSmuMe emulator to test the rom. Change the “Language” in the “Firmware Settings” to one that is different to the forced language.


35 – Now the forced language will always load.




Click Here For The Original Story From This Source.


National Cyber Security