Advertising/Werbung: My new “Firmware reverse engineering with Ghidra” live online training is now available! Also, if you are interested in learning more about FPGAs, check out Dmitry’s trainings!
In this video we hack the GameBoy cartridge protection by building our own GameBoy cartridge using an FPGA!
You can find the FPGA source-code on my Github here:
– ModernVintageGame on the CIC chips:
– The Gbdev wiki:
Equipment used in the video:
– FPGA Board: Digilent Arty 7
– Level shifters: TXS0108E
– A GameBoy…
Errata:
– I messed up the resolution – the logo is 48px by 8px, not 96px by 16px!
You can also find me on Twitter:
Nguồn: https://zagran-tour.com/
Xem thêm bài viết khác: https://zagran-tour.com/game/
ISSOtm
•8 months ago
Just watched the video, it's all accurate and all, perfect!
Since I am from the GBDev community, there are a couple things I would like to point out:
There is a disassembly of all boot ROMs available on GitHub: https://github.com/ISSOtm/gb-bootroms ; the TOCTTOU can be seen there in the `dmg.asm` file
Nintendo was made aware of this flaw when designing the GBC, so its boot ROM reads the logo from the cart twice still, but the check is done from the data read the first time. However, for some reason, only the upper half of the logo is checked, despite everything being there for that.
Thank you again for making a clear and error-free educational video! 🙂
Phantom Works Studios ( PWS )
•8 months ago
wow really so in other words I would have to pay for there logo just to run it on the handheld? Thats like be having to pay Microsoft everytime I wanted to run a custom program that I made on C++ for windows ><
Sontapää11 Jokulainen
•8 months ago
Subbed.
Stefan Noack
•8 months ago
hm.. couldn't this be done with just a comparator and a flip-flop? the comparator triggers upon accessing the last logo byte and trips off the flip flop to switch an otherwise unused rom address line. this would waste half of the rom, but seems much less overkill than an fpga. this way it would have even been possible back in the day.
Beastinlosers
•8 months ago
What's the progress on the chip?
Türk oyuncu 2019
•8 months ago
Cıctendo
Mathias De Weerdt
•8 months ago
Could you make a video on how you made such a cardridge, seems interesting 🙂
Arron Degenerate
•8 months ago
Nintendo is fucking smart
Dove Fab
•8 months ago
Omg my childhood answer to why it it was black Nintendo logo had been answered!! I never knew why😱😱😱
EndOfLineTech
•8 months ago
Technically, (all that matters in a court room) (also psa, not that it reallly matters anymore) no matter what, Nintendo has the upper hand, even if you do this, you still have the word “Nintendo” and are using it to misrepresent one self and the cartridge
James Peters
•8 months ago
Do you think this would be possible using the new Raspberry Pi 4?
Gerrit Weiermann
•8 months ago
Just imagining a low cost wifi module that let kids develop their own games and upload them wireless 🙃
I wonder if the gameboy could provide enough power to connect an esp with it 🙂
Walaryne
•8 months ago
This is just the kinda stuff I love to watch.
A question though, is all the tooling for that particular FPGA board you have closed source? I've seen that stuff like PlatformIO has FPGA boards listed, but I don't know to what extent it operates with them.
etansivad
•8 months ago
This is wonderful. Thank you for posting it.
I'm really stunned with how far FPGA boards have progressed. I hope you release the GB cartridge soon! My son has been fascinated since I showed him how we can use my oscilloscope to sniff the datalines of the SNES controller bus in real time. This led into a discussion of different pin types and how we could sniff other types and how you might glitch them. This is perfect because I can setup a bread board to branch off from my Super Game boy.
rcsims313
•8 months ago
HACK THE PLANET!!!
Dani Moyano
•8 months ago
You guys have a lot of spare time in your life
Tim Seguine
•8 months ago
I always wondered why the logo was blank if you didn't insert a cartridge.
Smattless
•8 months ago
This channel is really neat.
Kamilake
•8 months ago
Awesome..!!!
BRAILOR js
•8 months ago
nice
Juan Gonzalez
•8 months ago
This is awesome! How did you learn all this stuff?
Johnson Long
•8 months ago
Product from 1985 has copyright laws,, all proper, all legal, safe product.
Product from 2019 china, no copy right law, copied technology, illegal, pirates, may explode in your pocket.
I'm Ethan
•8 months ago
Oh that's why my Gameboy Micro wouldn't display the Nintendo logo without a cartridge! Real interesting stuff! (Does that mean my hack cart has a trademark violation in it??)
Useful Videos
•8 months ago
you rarely see this kind of work.
stacksmashing / liveOverflow = Creativity
JGSHEW
•8 months ago
Why is the ROM only 32kb? Shouldn't 16 address pins make addressing possible for 64kb?
TERA3515
•8 months ago
Anyone press start/select when the Nintendo logo appears it makes it disappear and the game doesn’t boot
0906WEST
•8 months ago
Great content man. Keep it up! 👍🏻
keiseyku
•8 months ago
Would it be possible to hack 'gbc ONLY games' to work on gb?
o0julek0o
•8 months ago
I just hope the sacrificial cartridge was one of those awful sports games
Wombat
•8 months ago
Thanks! all we need now is some software to build our own games and load in pictures/ backgrounds from JPEGs…. that would be amazing
Joan Marin
•8 months ago
This is very awesome, would love to see something similar for the game boy advance
PASTRAMIKick
•8 months ago
Verilog looks better than VHDL, I've never liked VHDL but that's what I know
PASTRAMIKick
•8 months ago
They could've multiplexed the first 8 Address lines to behave as Data Lines sometimes, you'd only need an 8-bit latch to hold the address before a data read or write. That's how the old 8086 CPU worked, still a pretty cool workaround to having 8 extra pins.
Elliott Savva
•8 months ago
So the cartridge "protection" works just like in the Mega Drive? Interesting video by the way!
Diego Alvarado
•8 months ago
SEDENA 5521228800 govierno militar
Benrico Krog
•8 months ago
Here from liveoverflow✌🏼
Soumith Basina
•8 months ago
That was a clever way of copy protection! Really interesting video, well done!
Ryner Lute
•8 months ago
You can use an ice40 fpga or one of those chinese $5 fpgas for the cartridge. It's also possible to load the binaries of a game to the internal block ram of the fpga. Or if you're feeling adventurous, add a microsd card slot in which you can read from the fpga.
GM ELATRONIKS althu althaf
•8 months ago
Hi sir you please helping. Arduino program