Hacking the Game Boy cartridge protection
stacksmashing
Views: 406666
Like: 13516
In this video we hack the GameBoy cartridge protection by building our own GameBoy cartridge using an FPGA!
You can find the FPGA source-code on my Github here:
– ModernVintageGame on the CIC chips:
– The Gbdev wiki:
Equipment used in the video:
– FPGA Board: Digilent Arty 7
– Level shifters: TXS0108E
– A GameBoy…
Errata:
– I messed up the resolution – the logo is 48px by 8px, not 96px by 16px!
You can also find me on Twitter:
15.07.2022
LOve the video. Amazing work and well explained. Maybe you can help. I got an idea of getting own quick code into GBC but don’t want to use expensive flash cart. I’m rather to build own small GBC cart store one game, maybe saves so with a battery. But can not find any source that could help build it. Maybe you know anything? Thx
Hmm … would it be possible to make a YM3812 cart that uses the audio pin to play Adlib music? It'd be neat to play FM synthesis tracker music on the gameboy.
this whole thing where the gameboy will lockup if it's not the nintendo logo sorta seems like a pc that locks up if u try to upgrade it but if u bypass that the company sues
This is the kind of content I crave.
If the Nintendo logo still needs to be in the cart the second time (check time) for the gb to boot, how isn't still a copyright infringement? Even if you don't display it, it is still there
You are an inspiration, I'm a small tech youtuber doing some videos on the pi, IT career tops etc.. love your content man.
it seems its purpose is not protection but just checking if pins are connected well.
Where is part 1???
Nice work. You could simplify the FPGA code slightly by just replacing the logo address range during the first read, and otherwise just always return the original ROM data. After all, the ROM already contains the correct logo.
Has an FPGA, voltage regulators and presumably a ton of other parts/boards – let's hack something that doesn't even have a backlight. 😂 You could probably just make a better gameboy. Upgrade to an OLED display, maybe some better audio, slim the device, convert it to 3.3v, and make it run any cartridge that will fit in the slot. You could probably pull it off with a RPi Pico. If so, you can run the Pico at 1.8v. You could make batteries last forever.
you should TOTALLY collab with the 8-bit guy, or TDNC (This Does Not Compute)!
Wow
W T F this content is so freaking amazing
32kb carthridge LUL
Amazing, can I ask you how to write a cartridge with a new game ?
I'm now wondering if there's a low tech way of doing this with discrete components, so a company at the time could cheaply and legally publish an unapproved game.
My thought: I conjecture that the Gameboy will always do the reads after the same set number of cartridge clock cycles, since there is no user input before then. Have a smaller, separate ROM store the unofficial logo and put the official one on the main ROM. A counter chip can count clock cycles, and switch the ROM chip over via chip enable signals right after the hacked logo is read.
What language is that at 6:49 ?
Love the vid awesome work. Just binge watching all your vids
Verilog is ugly. Sorry to say. It's almost like the last 25 years hasn't happened 😂
Great video though! Thank you!
every video i watch just blows my mind. its like decades of thinking 'what if', what if i got into this stuff and was good at it, what would it look like…? your videos are like painting the experience to my imagionation. Very satisfying. To see all this stuff is just incredible. I notice all the places I would have probably got stuck (so many times) and it just blows my mind. not to mentioned the quality of your editing. you are epic bro
Is think Nintendo's approach to lock the nintendo was actually pretty smart.
They still kept the private flashing of cards possible, but could prohibit the commercial use of it
Great content.
wait wha if you made it so that the audio pn plays rickroll upon first check lololol
a bit late, but i love the hack the planet reference
Isn't this just the Sega TMSS, which courts shot down?
i wonder if it could be done without a fpga
by using a second ROM that contains the logo and when the GB is turned on, the modded ROM starts until a few ms later and switches to the original ROM before the second logo read happens.
or (if the ROM is only filled halfway, basically having addr bit 16 allways 0) putting the logo at 0x8104 and flipping bit 16 x msec after turning on/first read.
Man this is so facinating, I wonder how hard it is for simple people to understand this.
Bruh… You can supply the expected functionality with a cheap eeprom but you went straight for fpga, lmao.
I guess it'll make the hack easier, though it would have been more fun to just use an eeprom, a counter, and a latch.
stack overflow is taken will it be stack flowsmash?
Dear Stacksmashing, In the past had a game from a company called "Sachen", no Nintendo logo appeared instead the logo "Sachen" and it still worked on the official gameboy
Are you a german?
2:15
Sega sued Accolade for that exact thing and lost the Cort case. If the system requires the logo to be displayed. Then there is no copyright infringement
accolade vs sega "Accolade's acts of reverse engineering Sega Genesis software to learn about its security systems and subsequent publishing of unlicensed Sega Genesis games are protected under the fair use doctrine of copyright law. Sega is held responsible for using its security system to place its trademark on Accolade's games."
Interesting
real programmers codes only in vim.
Remarkably simple. This is an excellent entry point for anyone looking to get into hardware hacking. Great video! 👍
Yah
3:05 did anyone notice the "hacked" and "nintendo" logo spells out "Hacked Nintendo"?
Hello, I have a nanoloop one cartridge (a homebrew for the GB) that boots fine in a first generation GB and a GB Pocket (after displayin a "Hello" instead of the Nintendo logo), so I guess that the technique you explain here was used in that cartridge. But the same cartridge will not boot in a super game boy (although it does show the "Hello"). Would that be because the SGB has an extra protection feature? It really intrigues me, but I have no idea why it does that. If you could share any theory it would be really appreciated. Thanks.
ok, now make among us on gameboy using the online multiplayer thing you made in the other video so people with gameboys can play the game with any device
res
For the level shifting, it may be a better idea to use IMO level shifting chips with external direction control like SN74LVC16T245 for the address and signal lines. Those chips needs control signals, but thise can be derived from the CS, RD and WR pins using some 74LVC1Gxx logic. This means for the target board it can be directly connected without the need of level shifters, and since those SN74LVCxxT245 chips contains line redrivers, you can even run longer wires with little ill effects. Also you can include an op amp like LMV321 to buffer the audio line, basically also a redriver.
You are an effin genius..
Hack The Planet! Hackers is such a great movie!
Is there a way to do this with a Gameboy advance and not having to use a big thing of tech ?
question: if i load a rom hack i made [with gb studio] onto a flash cart, will the nintendo logo show or will it show my name and lock?
sorry to bother but can someone tell me how and what to study to understand all this.
Bro big fan of yours from Lamatol village, golbazar-06 municipality, siraha district, sagarmatha zone, province no 2, nepal 🇳🇵
Cool!
Some days ago I bought the gamboy cartrdige breakout port and I want to build something similar to this. I am a newbie with this kind of projects and I have a doubt about the forwarder: do you synchronize in some shape or form the FPGA clock and GB one?
Thanks for these amazing videos!
Does anyone know if this applies to game boy colors?