Advertising/Werbung: My new “Firmware reverse engineering with Ghidra” live online training is now available! Also, if you are interested in learning more about FPGAs, check out Dmitry’s trainings!
In this video we hack the GameBoy cartridge protection by building our own GameBoy cartridge using an FPGA!
You can find the FPGA source-code on my Github here:
– ModernVintageGame on the CIC chips:
– The Gbdev wiki:
Equipment used in the video:
– FPGA Board: Digilent Arty 7
– Level shifters: TXS0108E
– A GameBoy…
Errata:
– I messed up the resolution – the logo is 48px by 8px, not 96px by 16px!
You can also find me on Twitter:
Nguồn: https://zagran-tour.com/
Xem thêm bài viết khác: https://zagran-tour.com/game/
Xem thêm Bài Viết:
- FFXV Director Hajime Tabata's New Project Revealed
- Aliens VS Predator 2 : Primal Hunt | PREDALIEN CHESTBURSTER (Predalien Campaign Part 1)
- Play it Right – Tiny Ninjas | Cardboard Rhino
- RoboCop 2 (3/11) Movie CLIP – Robo Flops (1990) HD
- ATTACK ON SHARK ISLAND – Island Time VR Gameplay – VR HTC Vive Gameplay
ISSOtm
•1 month ago
Just watched the video, it's all accurate and all, perfect!
Since I am from the GBDev community, there are a couple things I would like to point out:
There is a disassembly of all boot ROMs available on GitHub: https://github.com/ISSOtm/gb-bootroms ; the TOCTTOU can be seen there in the `dmg.asm` file
Nintendo was made aware of this flaw when designing the GBC, so its boot ROM reads the logo from the cart twice still, but the check is done from the data read the first time. However, for some reason, only the upper half of the logo is checked, despite everything being there for that.
Thank you again for making a clear and error-free educational video! 🙂
Phantom Works Studios ( PWS )
•1 month ago
wow really so in other words I would have to pay for there logo just to run it on the handheld? Thats like be having to pay Microsoft everytime I wanted to run a custom program that I made on C++ for windows ><
Sontapää11 Jokulainen
•1 month ago
Subbed.
Stefan Noack
•1 month ago
hm.. couldn't this be done with just a comparator and a flip-flop? the comparator triggers upon accessing the last logo byte and trips off the flip flop to switch an otherwise unused rom address line. this would waste half of the rom, but seems much less overkill than an fpga. this way it would have even been possible back in the day.
Beastinlosers
•1 month ago
What's the progress on the chip?
Türk oyuncu 2019
•1 month ago
Cıctendo
Mathias De Weerdt
•1 month ago
Could you make a video on how you made such a cardridge, seems interesting 🙂
Arron Degenerate
•1 month ago
Nintendo is fucking smart
Dove Fab
•1 month ago
Omg my childhood answer to why it it was black Nintendo logo had been answered!! I never knew why😱😱😱
EndOfLineTech
•1 month ago
Technically, (all that matters in a court room) (also psa, not that it reallly matters anymore) no matter what, Nintendo has the upper hand, even if you do this, you still have the word “Nintendo” and are using it to misrepresent one self and the cartridge
James Peters
•1 month ago
Do you think this would be possible using the new Raspberry Pi 4?
Gerrit Weiermann
•1 month ago
Just imagining a low cost wifi module that let kids develop their own games and upload them wireless 🙃
I wonder if the gameboy could provide enough power to connect an esp with it 🙂
Walaryne
•1 month ago
This is just the kinda stuff I love to watch.
A question though, is all the tooling for that particular FPGA board you have closed source? I've seen that stuff like PlatformIO has FPGA boards listed, but I don't know to what extent it operates with them.
etansivad
•1 month ago
This is wonderful. Thank you for posting it.
I'm really stunned with how far FPGA boards have progressed. I hope you release the GB cartridge soon! My son has been fascinated since I showed him how we can use my oscilloscope to sniff the datalines of the SNES controller bus in real time. This led into a discussion of different pin types and how we could sniff other types and how you might glitch them. This is perfect because I can setup a bread board to branch off from my Super Game boy.
rcsims313
•1 month ago
HACK THE PLANET!!!
Dani Moyano
•1 month ago
You guys have a lot of spare time in your life
Tim Seguine
•1 month ago
I always wondered why the logo was blank if you didn't insert a cartridge.
Smattless
•1 month ago
This channel is really neat.
Kamilake
•1 month ago
Awesome..!!!
BRAILOR js
•1 month ago
nice
Juan Gonzalez
•1 month ago
This is awesome! How did you learn all this stuff?
Johnson Long
•1 month ago
Product from 1985 has copyright laws,, all proper, all legal, safe product.
Product from 2019 china, no copy right law, copied technology, illegal, pirates, may explode in your pocket.
I'm Ethan
•1 month ago
Oh that's why my Gameboy Micro wouldn't display the Nintendo logo without a cartridge! Real interesting stuff! (Does that mean my hack cart has a trademark violation in it??)
Useful Videos
•1 month ago
you rarely see this kind of work.
stacksmashing / liveOverflow = Creativity
JGSHEW
•1 month ago
Why is the ROM only 32kb? Shouldn't 16 address pins make addressing possible for 64kb?
TERA3515
•1 month ago
Anyone press start/select when the Nintendo logo appears it makes it disappear and the game doesn’t boot
0906WEST
•1 month ago
Great content man. Keep it up! 👍🏻
keiseyku
•1 month ago
Would it be possible to hack 'gbc ONLY games' to work on gb?
o0julek0o
•1 month ago
I just hope the sacrificial cartridge was one of those awful sports games
Wombat
•1 month ago
Thanks! all we need now is some software to build our own games and load in pictures/ backgrounds from JPEGs…. that would be amazing
Joan Marin
•1 month ago
This is very awesome, would love to see something similar for the game boy advance
PASTRAMIKick
•1 month ago
Verilog looks better than VHDL, I've never liked VHDL but that's what I know
PASTRAMIKick
•1 month ago
They could've multiplexed the first 8 Address lines to behave as Data Lines sometimes, you'd only need an 8-bit latch to hold the address before a data read or write. That's how the old 8086 CPU worked, still a pretty cool workaround to having 8 extra pins.
Elliott Savva
•1 month ago
So the cartridge "protection" works just like in the Mega Drive? Interesting video by the way!
Diego Alvarado
•1 month ago
SEDENA 5521228800 govierno militar
Benrico Krog
•1 month ago
Here from liveoverflow✌🏼
Soumith Basina
•1 month ago
That was a clever way of copy protection! Really interesting video, well done!
Ryner Lute
•1 month ago
You can use an ice40 fpga or one of those chinese $5 fpgas for the cartridge. It's also possible to load the binaries of a game to the internal block ram of the fpga. Or if you're feeling adventurous, add a microsd card slot in which you can read from the fpga.
GM ELATRONIKS althu althaf
•1 month ago
Hi sir you please helping. Arduino program