Advertising/Werbung: My new “Firmware reverse engineering with Ghidra” live online training is now available! Also, if you are interested in learning more about FPGAs, check out Dmitry’s trainings!
In this video we hack the GameBoy cartridge protection by building our own GameBoy cartridge using an FPGA!
You can find the FPGA source-code on my Github here:
– ModernVintageGame on the CIC chips:
– The Gbdev wiki:
Equipment used in the video:
– FPGA Board: Digilent Arty 7
– Level shifters: TXS0108E
– A GameBoy…
Errata:
– I messed up the resolution – the logo is 48px by 8px, not 96px by 16px!
You can also find me on Twitter:
Nguồn: https://zagran-tour.com/
Xem thêm bài viết khác: https://zagran-tour.com/game/
Just watched the video, it's all accurate and all, perfect!
Since I am from the GBDev community, there are a couple things I would like to point out:
There is a disassembly of all boot ROMs available on GitHub: https://github.com/ISSOtm/gb-bootroms ; the TOCTTOU can be seen there in the `dmg.asm` file
Nintendo was made aware of this flaw when designing the GBC, so its boot ROM reads the logo from the cart twice still, but the check is done from the data read the first time. However, for some reason, only the upper half of the logo is checked, despite everything being there for that.
Thank you again for making a clear and error-free educational video! 🙂
wow really so in other words I would have to pay for there logo just to run it on the handheld? Thats like be having to pay Microsoft everytime I wanted to run a custom program that I made on C++ for windows ><
Subbed.
hm.. couldn't this be done with just a comparator and a flip-flop? the comparator triggers upon accessing the last logo byte and trips off the flip flop to switch an otherwise unused rom address line. this would waste half of the rom, but seems much less overkill than an fpga. this way it would have even been possible back in the day.
What's the progress on the chip?
Cıctendo
Could you make a video on how you made such a cardridge, seems interesting 🙂
Nintendo is fucking smart
Omg my childhood answer to why it it was black Nintendo logo had been answered!! I never knew why😱😱😱
Technically, (all that matters in a court room) (also psa, not that it reallly matters anymore) no matter what, Nintendo has the upper hand, even if you do this, you still have the word “Nintendo” and are using it to misrepresent one self and the cartridge
Do you think this would be possible using the new Raspberry Pi 4?
Just imagining a low cost wifi module that let kids develop their own games and upload them wireless 🙃
I wonder if the gameboy could provide enough power to connect an esp with it 🙂
This is just the kinda stuff I love to watch.
A question though, is all the tooling for that particular FPGA board you have closed source? I've seen that stuff like PlatformIO has FPGA boards listed, but I don't know to what extent it operates with them.
This is wonderful. Thank you for posting it.
I'm really stunned with how far FPGA boards have progressed. I hope you release the GB cartridge soon! My son has been fascinated since I showed him how we can use my oscilloscope to sniff the datalines of the SNES controller bus in real time. This led into a discussion of different pin types and how we could sniff other types and how you might glitch them. This is perfect because I can setup a bread board to branch off from my Super Game boy.
HACK THE PLANET!!!
You guys have a lot of spare time in your life
I always wondered why the logo was blank if you didn't insert a cartridge.
This channel is really neat.
Awesome..!!!
nice
This is awesome! How did you learn all this stuff?
Product from 1985 has copyright laws,, all proper, all legal, safe product.
Product from 2019 china, no copy right law, copied technology, illegal, pirates, may explode in your pocket.
Oh that's why my Gameboy Micro wouldn't display the Nintendo logo without a cartridge! Real interesting stuff! (Does that mean my hack cart has a trademark violation in it??)
you rarely see this kind of work.
stacksmashing / liveOverflow = Creativity
Why is the ROM only 32kb? Shouldn't 16 address pins make addressing possible for 64kb?
Anyone press start/select when the Nintendo logo appears it makes it disappear and the game doesn’t boot
Great content man. Keep it up! 👍🏻
Would it be possible to hack 'gbc ONLY games' to work on gb?
I just hope the sacrificial cartridge was one of those awful sports games
Thanks! all we need now is some software to build our own games and load in pictures/ backgrounds from JPEGs…. that would be amazing
This is very awesome, would love to see something similar for the game boy advance
Verilog looks better than VHDL, I've never liked VHDL but that's what I know
They could've multiplexed the first 8 Address lines to behave as Data Lines sometimes, you'd only need an 8-bit latch to hold the address before a data read or write. That's how the old 8086 CPU worked, still a pretty cool workaround to having 8 extra pins.
So the cartridge "protection" works just like in the Mega Drive? Interesting video by the way!
SEDENA 5521228800 govierno militar
Here from liveoverflow✌🏼
That was a clever way of copy protection! Really interesting video, well done!
You can use an ice40 fpga or one of those chinese $5 fpgas for the cartridge. It's also possible to load the binaries of a game to the internal block ram of the fpga. Or if you're feeling adventurous, add a microsd card slot in which you can read from the fpga.
Hi sir you please helping. Arduino program