How to reverse engineer & patch a Game Boy ROM
Vložit
- čas přidán 18. 04. 2020
- In this video, we patch a Game Boy ROM using Ghidra!
The first two parts: • Hacking the Game Boy c...
Links from the Video:
- My ghidra scripts: github.com/ghidraninja/ghidra...
- GhidraBoy: github.com/Gekkio/GhidraBoy/
- Gekkio @ Disobey 2018: • Disobey 2018 - Reverse...
- Pokered: github.com/pret/pokered
Errata:
- It's DISOBEY, not Obey
You can also find me on Twitter: / ghidraninja - Věda a technologie
This is awesome, I applied the basic principles in your video and was able to reverse engineer a portion of my favorite all SNES game Chrono Trigger to find a portion of the code where experience is added. At first I found the value where the total experience was stored in ram, and use breakpoints to walk backwards until eventually I was able to find the code where it was calculated. In Chrono Trigger they calculate how much xp to add after each monster is killed in battle, and it's stored in a ram value that is then used after the battle is complete to display and ultimately add to the character's pools. There was a CLC just before the ADC, so i changed the opcode in that byte of the rom to the one for ASL, which doubles experience. I made a new game genie code from this and now I get to enjoy this game again without all the extra grinding required to level up. It's so much better than some of the other codes I've seen which just grant levels or experience.. the game plays much smoother and you still feel a sense of accomplishment. Anyway, thank you for walking through this, this is my first time diving into assembly even though I'm a veteran software developer of 25 years and it's alot of fun, I can't wait to make patches for my other favorite games now.
These tools are much nicer than the hex editors and patch makers we were using twenty something years ago when hacking all of the Pokémon encounters into a single game and translating G/S
bruh I remember being in a dalnet irc channel and translating gold and silver back in the day with a group of people. Small world.
I know Ghidra (and the fact it can output C like code), but I did not know it worked with GB roms. Thanks for the video.
It's because ghidra turns stuff into an intermediary language.
Well the GB is Z80 based. So it would be reletively easy to add support into ghidra
Wow. Great video! It's absolutely crazy how people have managed to reverse engineer the entire game that builds to a bit for bit identical to the real rom
Well, sure, you can get a disassembly that gets you something bit-for-bit identical when rebuilt fairly easily "just use a disassembler lol", the project is so much more than that though. If you just use a disassembler you get a barely usable blob of assembly. If you make any changes like adding code you will completely break the ROM, since lots of pointers would be badly disassembled and hence would now point to incorrect places, so you basically need to do the same as you would do with binary patching, add call instructions to some faraway unused place, add your code there, and return to the code being very careful you don't break anything.
The project is amazing because it actually documents all that code, split into many files, makes lots of changes so the code is easy to modify, has a really nice build system that lets you modify sprites as actual image files instead of just binary blobs of data compressed in a nonstandard manner, etc.
Loving these collaboration videos between you and LiveOverflow! Can't wait to see more!
You are amazing! Being able to create and explain how to make possible the biggest rumour on videogame history is just mind blowing. Thank you very much!!
My childhood right here. Patching modding game roms, adding new elements, and maps. Quality Content 🙂
Back then I stopped at making action replay codes.
Just found your channel and watched a few videos. Liked and subbed. Amazing vids and nostalgia overflow!
Legit just got so excited that you uploaded
Nice video ! I love this collaboration ! Hope this will get you some new subscribers ^^
Awesome Video!!! Game modding is what brought me into this field years ago, so there a tad of nostalgia for me too...
I just discovered your channel and I already love it !
Super cool video! I noticed your channel via LiveOverflow. Keep up the good work!
Actually, I discovered Live Overflow via *your* channel !
Ha I love that you made the truck move!!! Brings a smile to my face.
Awesome video and subscribed. I love Gameboy since I got one as a kid as well as reverse engineering gameboy games!
I didn't think it was that rare, but I'm subscribed to you and hadn't watched any LiveOverflow... hope you get some traffic in the reverse direction haha
Great vid! Next stop should be an arduino/esp based sd cartridge.
you could go a tiny step further and use an SRAM chip in combination with an ATmega/ESP. so when you start the gameboy it loads a program from SD into the SRAM chip, which then functions as ROM (ie the gameboy cannot write to it, only the ATmega/ESP can).
that way the gameboy doesn't have to access the ATmega/ESP directly, which should make the code easier as the ATmega/ESP doesn't need to constantly check for reads/writes from the gameboy, it just needs to load data into it once every time it's powered on.
Serious question hope you can help - how do you patch the GBA NES Classic games so they work correctly on an EverDrive X5? I own a dozen of these and want to play backups but they’ve got loads of unnecessary ram size checks and stuff like that which make them run like crap when detected.
1:32 Is BGB just as good as Sameboy?
The text scrolling doesn't bug me that much, but that was cool to see automated all the same. Thing is, wouldn't that affect all message box type scenes, including Hall Of Fame and such?
One thing I want to be able to do is dissect and disassemble compressed data.
I've been translating a Japanese-Only NeoGeo Pocket Color game, and while the text characters were uncompressed graphics, the menus use compressed graphics, which I cannot directly edit.
There is a NES Famicon ROM that I want to convert to an SNES ROM.. is that possible?
Hi, maybe I'm a little late but I'd like to know how you knew which steps to follow in order to export a functioning ROM. I mean, how did you know that you had to order each block of memory because otherwise it would't have worked? Did you learn it somewhere? If yes, where? I tried searching for this specific thing but didn't find anything, please share!
Nice, can't wait to watch this
These videos are soooooo good! Thankyou!
Do you have any tips how I could start to learn this stuff? The content of the video felt really advanced. I'm a software developer so Im advanced in programming and know the basics of Memory Adresses
From where start revese engineering and how to master it ??
I would like to do a hack rom of gen1, could you help me?
this guy is crazy...in a good way. amazing
Awesome and interesting video!!
So know MewTwos Cave is full of Truck Cabins!
Will there be videos about the GBA/GBA roms?
Your videos are like a rollercoaster
Not sure if that's a compliment :D
@@stacksmashing it is!
Very nice video!
Awesome, I'm a little lost, where did you learn to use Ghidra so well?
Thanks. It's great help to me. Could you advise me any hint to translate Japanese. I'm trying to translate Dragon Ball Z - Gokuu Hishouden. I can't read scripts by decoding shift-jis. I think it's kind of compress or something..
tysm that's so cool!
Thanks a lot for this video !
WOW, what a video!
Hey, could u make video tutorial for reverse engineer pokemon brilliant diamond?
im curious about how similar this is to GBA reverse engineering
brooo u are insaaaaane
Wow that was awesome
Amazing work thank you
Very fascinating stuff. I've always wanted to try to reverse engineer old games like this. It's too bad the game I want to reverse engineer uses some strange kind of compression making it difficult to decompile/disassemble the code. I'll get around to it eventually for sure though.
What game?
Great video! I'm interested in your course but unfortunately it's taking place during working hours. Will there be a fully remote course at some point or are you planning to deliver the course on a weekend sometime soon? I have a piece of firmware that I would like to tweak but struggling to get started so I'm definitely interested.
Good stuff
Could I suggest reverse engineer popular NES games, due to NesDevWiki all important registers are there explained in an exhausting detail, which would make reverse engineering easier
That's insane. About 12 years ago I had pointed out to someone on yahoo answers that asked if the mew myth was real, that it might be possible for someone to make a romhack that implements it via working in the ROM code...and someone has actually gone and done it.
I really don’t know what you are saying but I like it
Is it possible to modify sound files with this?
The Game Boy doesn't use sound files, it essentially has a mini digital synthesizer, and you sequence sounds by creating commands (very similar to how he does it in this video, actually), to create different wave forms. So you'd need to learn the registers/commands to control those, and then play around with it to get the sounds you want; you'd still be limited to those classic sounds though.
This is awesome..
That dont work on Windows. The debugger opens a console, but i cant write anytging into it, or have any more options.
By complete luck when I ^C on terminal I was able to execute commands, but the terminal doesn't look as a helpful as on MAC. I tried on WSL also but with similar results.
This is amazing content. Thank you for posting!
I'm trying to replicate the Mew Myth on the code, does anybody know what line is Vermillion Dock in wild_mons.asm?
It's line 94! :)
@@stacksmashing Thanks for the quick response, I love when the CZcamsrs respond to their comments (I know that when you've got 29,7m subscribers one more is nothing but consider-me subscribed), I'll try it tomorrow( I imagine that we're in different time zones). Keep making these amazing videos.
i know its old but... you say at 7:15 "go to the backtrace and use the earliest entry" ... WHICH backtrace ???
you dont show where it is and in the backtrace you have open, its dont there...
where i can get the similar point (by you "5d57")...
PS: im german and have to make it for german versions...
Amazing that people still hack GB games in 2020!
OMG this is so cool
Ah, Ghidra. The ol trusty NSA RE tool. It's quite fun once you get used to it.
Why
excelent video, i will try reverse engineering
nice...
I know this is probably a small thing but GBA4iOS? Jailbroken? :)
Nah just self-compiled :)
github.com/CocoaBob/GBA4iOS
stacksmashing / Ghidra Ninja Did you sign the IPA with AltStore or just push it with Xcode? Love to see people working on these things.
I compiled it myself and signed + installed it with Xcode
stacksmashing / Ghidra Ninja I see. Well great work anyways; love your content so keep up the great work. Some of the most educations but then simultaneously skill-testing content and experiences out there. Much love
Every Stacksmashing and LiveOverflow video ends in, "there was a MUCH simpler way of doing this"
Interesting. You should reverse and explain the missingno glitch.
@liveoverflow, who I did this series with, covered missingno!
m.czcams.com/video/bxzrtU7VtPU/video.html
You got very lucky that the game is so simple that it actually has a dedicated wait for dialogue loop. No event oriented programming here.
Hey
Could you maybe do some ds/3ds modding stuff
And i mean not save editor (the editors that are already finsished)
I mean real hex modding etc (i tried mod my game saves of animal crossing new horizons but its all in old chinese and doesnt make sence at all)
Would be nice
Nintendo ds/3ds or switch modding
Thanks in adventage
Sincerly,
3ds_hacker
@2:31 that certainly is the easy way.
Would be more interested in building teh game to register a smooth auto-scroll mod, instead of a janky hack.
I didnt get much of this, but its nice
A bit like females, I don’t get much of them but they are nice when I do
@@unnamedchannel1237 hahahah😂👍
Bist du Luxemburger?
Nop
0:08
Thats pokemon red and pokemon RED, not blue. You may be colorblind.
Thanks bro! It was hard to understand because im 13 and from germany but thanks! Sub from me ;)
Brilliant I have a challenge I know some brilliant mind like you Will solve it I need help with a Korean nintendo wii Locked on error 003 after update there is way to fix it but it's a painful and I can't find a modchip if there any way through software please and a lot of thanks to you for your time and work
All your item needs fulfilled!
Isn't that a reference to "All your base are belong to us"?
wtf? not all sentences beginning with "all your" are a reference to that meme, this doesnt even sound similar
also, pokemon red and blue predate that meme anyways
@@noxabellus it's an example of engrish, just like all your base are belong to us
@@iProgramInCpp 'All your item needs fulfilled' is valid as a sentence though (even if it would be better followed by 'here')
Imagine trying to write a debugger without having a debugger, for the debugger though..😂🎉
Please patch the truck, create a dungeon, let us catch mew ‘legit’ instead of doing the hack a the ?celladon? Bridge!:)
Now flash it to an empty card
ça c'est du parlé Anglais à la "accent Français" ...
You are singing.
.
"Joystick" is NOT the + that you can find in the console. Its called "D-PAD".
Refers to Red as Ash...
*Literally unwatchable*
*laughs in mew glitch*
😂
Disliked & reported to Nintendo, you flipping pirate