There's no serial repeater as you are thinking of it, but there is a rather nifty loop code.

http://doc.kodewerx.net/hacking_nds.html#arcodetypes

Thanks bfoos,but could you give me a example with that loop code and the D1/D2 line,as it seems I have to have that in there so it knows to stop "looping".

AR NDS Code Type Information
Written By Kenobi

http://kodewerx.net/forum/viewtopic.php?t=98

Before starting :
=================

Compared to other AR (like the NGC or GBA ones) the NDS AR code handler offers a
lot of changes.

* First, the NDS AR doesn't wait to encounter a '00000000 00000000' code to stop
the code execution. It knows how much code have been entered and enabled,
and only stops when all of them have been have been processed.

* Second, the NDS AR uses temporary data. There are 3 kind of them :
- The first one is what I'll call the offset, which is a 32-bits value usually
added to the address of the code.
- The second one are what I'll call the Dx registers. They are four 32-bits, stored
before the code list, which is used by the AR to store/load data. I call them
'Dx repeat value', 'Dx next code to be executed', 'Dx code status' and 'Dx data'.
- Finally, there is the 'code execution status', which is a 32bits value that
tells the AR if a code can be executed, or can be skipped. This code execution
status is changed by the 'if' codes.

* Third, the NDS AR uses some kind of 'while... end' code type, which opens a
lot of new ways to make codes.


Official codes types :
======================

Most AR codes look like this :
ZXXXXXXX YYYYYYY

Z is the code type, XXXXXXX is the address, YYYYYYYY is the value.

Note : everytime the code handler is called, it clears all the value it uses
(ie. the offset, the code status, the Dx registers), and then executes all the
codes 'at once'.


RAM Write Codes :
-----------------

Type 0 : 32 bits write (str)
0XXXXXXX YYYYYYYY : writes word YYYYYYYY to [XXXXXXXX+offset].

Type 1 : 16 bits write (strh)
1XXXXXXX 0000YYYY : writes halfword YYYY to [XXXXXXXX+offset].

Type 2 : 8 bits write (strb)
2XXXXXXX 000000YY : writes byte YY to [XXXXXXXX+offset].


If... Codes (32bits):
---------------------

For all the If codes, if the check is false, execution status is stopped/turned
off (ie. following codes are disabled). Also, these 'If...' codes don't support
the offset :/... (but I made a hack for that, check the NDS AR HACK #1)
Also, 'If...' codes can be 'stacked' (up to 32 'If...' codes can be used at the
same time).

Type 3 : 32 bits If (code value)>(data at address) (bhi, "unsigned higher")
3XXXXXXX YYYYYYYY : checks if YYYYYYYY > (word at [XXXXXXXX]).
If not, the code(s) following this one are not executed (ie. execution status is
set to false) until a code type D0 or D2 is encountered, or until the end of the
code list is reached.

Type 4 : 32 bits If (code value)<data>(mask & data at address) (unsigned)
7XXXXXXX ZZZZYYYY : checks if (YYYY) > (not (ZZZZ) & halfword at [XXXX]).
If not, the code(s) following this one are not executed (ie. execution status is
set to false) until a code type D0 or D2 is encountered, or until the end of the
code list is reached.

Type 8 : 16 bits if (code value)<(mask & data at address) (unsigned)
8XXXXXXX ZZZZYYYY : checks if (YYYY) <not>D2 code type are always executed (even if the 'execution status' is
set off).

Type D0 : 'endif'.
D0000000 00000000 : loads the previous execution status (if none exists, the
execution status stays at 'execute codes').

Type D1 : Used to execute the loop set by the code type C (executes the code(s)
after the type C code n times (n being the 'Dx repeat value'), but does not
clear the Dx registers upon finishing).
D1000000 00000000 : if the 'Dx repeat value', set by code type C, is different
than 0, it is decremented and then the AR loads the 'Dx next code to be executed'
and the 'execution status' (=jumps back to the code following the type C code).
When the repeat value is 0, this code will load the saved code status value.

Type D2 : Used to apply the code type C setting (executes the code(s) after the
type C code n times, n being the Dx repeat value).
Also acts as a 'Full terminator' (clears all temporary data, ie. execution
status, offsets, code C settings...).
D2000000 00000000 : if the 'Dx repeat value', set by code type C, is different
than 0, it is decremented and then the AR loads the 'Dx next code to be executed'
and the 'execution status' (=jumps back to the code following the type C code).
When the repeat value is 0, this code will clear the code status, the offset
value, and the Dx data value (which can be set by codes DA, DB and DC).


Offset Set Code :
-----------------

Type D3 : set the 'offset' to the value of the code.
D3000000 XXXXXXXX : set the offset value to XXXXXXXX.


Add a value to the Dx Data Register :
-------------------------------------

Type D4 : adds the value of the code to the data register used by D6~DB.
D4000000 XXXXXXXX : adds XXXXXXXX to the 'Dx data'.
More arithmetical/logical operations can be set using the 'NDS AR HACK #2'.


Set the value of the Dx Data Register :
---------------------------------------

Type D5 : sets the data register used by D6~D8 to the value of the code.
D5000000 XXXXXXXX : sets the 'Dx data' to XXXXXXXX.


Incrementive write of the Dx Data Register (32/16/8bits) :
----------------------------------------------------------

Type D6 : 32-bits incrementive write of the data register (str).
D6000000 XXXXXXXX : writes the 'Dx data' word to [XXXXXXXX+offset], and
increments the offset by 4.

Type D7 : 16-bits incrementive write of the data register (strh).
D7000000 XXXXXXXX : writes the 'Dx data' halfword to [XXXXXXXX+offset], and
increments the offset by 2.

Type D8 : 8-bits incrementive write of the data register (strb).
D8000000 XXXXXXXX : writes the 'Dx data' byte to [XXXXXXXX+offset], and
increments the offset by 1.


Dx Data Register (32/16/8bits) Load Codes :
-------------------------------------------

Type D9 : 32-bits read to the data register (ldr).
D9000000 XXXXXXXX : loads the word at [XXXXXXXX+offset] and stores it in the
'Dx data'.

Type DA : 16-bits read to the data register (ldrh).
DA000000 XXXXXXXX : loads the halfword at [XXXXXXXX+offset] and stores it in
the 'Dx data'.

Type DB : 8-bits read to the data register (ldrb).
DB000000 XXXXXXXX : loads the byte at [XXXXXXXX+offset] and stores it in the
'Dx data'.
!!! This code is buggy. Check 'AR Hack #0' for the fix !!!


Add to Offset Code :
--------------------

Type DC : adds the offset 'data' to the current offset.
(some kind of dual offset)
DC000000 XXXXXXXX : offset = (offset + XXXXXXXX).


Patch Code :
------------

Type E : 'patch' code. Copies YYYYYYYY bytes from (curent code location + 8)
to [XXXXXXXX + offset].
EXXXXXXX YYYYYYYY
...
exemple :
EXXXXXXX 00000010
AAAAAAAA BBBBBBBB
CCCCCCCC DDDDDDDD
writes AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD to XXXXXXXX
If the execution status if set off, the AR skips all the line of the patch code
(skips (YYYYYYYY+7)>>2 codes).


Memory Copy Code :
------------------

Type F : memory copy code. It seems you have to use the code type D3, DC or B
before, to set the offset (which is then an address). Then D2 should be needed
to clear the offset (else it will affect all the next codes).
D3000000 XXXXXXXX
FYYYYYYY ZZZZZZZZ
should copy ZZZZZZZZ bytes from offset (=XXXXXXXX in this case) to YYYYYYYY
(YYYYYYYY if fixed, ie. no offset are added to it).


* The E and F type work as follow :

If the number of data to write/copy if >3, it is done with a ldr/str, and then 4
is removed from the number of data to copy.
Else, if the number of data to copy if <3, it's done with a ldrb/strb and then 1
is removed from the number of data to copy.
And it loops until the number of data to copy is eqal to zero.
That means that the first address to write to must be aligned in case of the
number of bytes to copy is superior to 3 (else there will be a 'bug' if the
number of code to write is > 3 and not a multiple of 4), and that the number of
bytes to write doesn't not have to be a multiple of 4 (can be any number).





NDS AR HACKS :
==============

The following codes modify the AR code handler.
As they write to a fixed address, they are not compatible with any game that
uses an 'm' code (as the 'm' code change the location of the code handler in
the memory).

NDS AR HACK #0 : DB Code type Fix :
-----------------------------------

The DB code type is buggy. When executed, it reads the byte from [address] to
the Dx data register, but it also adds the address to the offset, which screws
up the offset if the address is not 0.
I've 'reported' this bug to datel, not sure if anything will be done about it.
This code will make the DB code type work properly (without 'side effects') :

023FE4D8 0A000003


NDS AR HACK #1 : If... Codes :
------------------------------

Here are some code that change the 'If...' code type so they can use the offset.
I also precised the original code handler values in the 'No offset support' in
case you need to disable these hacks for any reason.
Used with the C code, theses codes could be useful to 'auto patch' some values
in a memory region.

Here are first the 'one by one' codes :

Code Type 3 :
Offset support :
023FE20C E5933000
No offset support
023FE20C E5903000

Code Type 4:
Offset support :
023FE224 E5933000
No offset support :
023FE224 E5903000

Code Type 5:
Offset support :
023FE23C E5933000
No offset support :
023FE23C E5903000

Code Type 6:
Offset support :
023FE254 E5933000
Offset support :
023FE254 E5903000

Code Type 7 :
Offset Support :
023FE26C E1D320B0
023FE270 E1E03004
No offset support :
023FE26C E1E03004
023FE270 E1D020B0

Code Type 8 :
Offset Support :
023FE290 E1D320B0
023FE294 E1E03004
No offset support :
023FE290 E1E03004
023FE294 E1D020B0

Code Type 9 :
Offset Support :
023FE2B4 E1D320B0
023FE2B8 E1E03004
No offset support :
023FE2B4 E1E03004
023FE2B8 E1D020B0

Code Type A :
Offset Support :
023FE2D8 E1D320B0
023FE2DC E1E03004
No offset support :
023FE2D8 E1E03004
023FE2DC E1D020B0


And here are some codes that modifies all the 'If...' code type at once :

Code Type 3->6 :
Offset Support :
C0000000 00000003
023FE20C E5933000
DC000000 00000018
D2000000 00000000
No offset support :
C0000000 00000003
023FE20C E5903000
DC000000 00000018
D2000000 00000000

Code Type 7->A :
Offset Support :
C0000000 00000003
023FE26C E1D320B0
023FE270 E1E03004
DC000000 00000024
D2000000 00000000
No offset Support :
C0000000 00000003
023FE26C E1E03004
023FE270 E1D020B0
DC000000 00000024
D2000000 00000000


NDS AR HACK #2 : ORR/AND/ADD Codes :
------------------------------------

These codes changes the behaviour of the D4 code type.
This could be useful to trigger an event bit on/off.

Makes the D4 code type execute a 'ORR' instruction.
023FE424 E1833004

Makes the D4 code type execute a 'AND' instruction.
023FE424 E0033004

Makes the D4 code type execute a 'ADD' instruction.
023FE424 E0833004


NDS AR HACK #3 : Add Dx Data to Offset Code :
---------------------------------------------

This code changes the D4 code type to make it add the Dx Data to the offset.

023FE424 E08AA003

Could be useful if the game's pointer's offset change.


NDS AR HACK #4 : Execute custom asm routine :
---------------------------------------------

This code changes the E code type to make it execute the data you entered.

023FE074 012FFF11

And to 'revert' to the normal effect of the E code type, use this one :

023FE074 E3520003

exemple :
023FE074 012FFF11
EXXXXXXX 00000010
AAAAAAAA BBBBBBBB
CCCCCCCC E12FFF1E

When the E code type will be encountered, the code handler will jump to and
execute (ie. bx to) the AAAAAAAA, BBBBBBBB, CCCCCCCC and E12FFF1E instructions (means the instructions must be in ARM, and not THUMB).

All the custom routines you make must end with E12FFF1E (bx r14).

Also, you must not touch the following registers (or you must push/pop them),
unless you know exactly what you are doing :

r4 (holds the number of bytes of data you entered in the E code type)
r5 ((holds the position of the data of the E code type from the start of the
code list) >> 2)
r7 (holds the 'execution status' data)
r9 (holds the starting address of the AR codes list)
r10 (holds the offset)
r11 (holds the total number of codes enabled in the AR)
r13 (SP)
r14 (LR)

On a side note, here is what the other register hold :

r0 holds the address of the E code type plus the offset (0XXXXXXX + offset)
r1 holds the starting address of the E code type data (what I used for the bx)
r2 holds a copy of the data of the E code type (00000010 in the exemple)
r3 is the same than r0
r6 holds what the next 'execution status' data would look when set to true
r8 holds what the next 'execution status' data would look when set to false
r12 holds the 'full' data of the E code type (EXXXXXXXX)

The advantages of this hack are :
- you can execute whatever you want (custom codes, and why not a code searcher ?).
- no need to find free space to store your asm routine.
- you can manipulate the AR data (for exemple, calculate the offset in a
complicated manner and store it in r10, or end the execution of code by setting
r11 to 0).
Only disadvantages :
- also 'screw up' the F code type (so you have to disable the hack before using any F code type).
- doesn't work with games that have an (m) code that relocates the AR code handler.