nesdev.org

I sometimes wonder how the homebrew scene originally came about. Were documents leaked from employees at Nintendo, or did someone simply take apart an NES and observed what chips were inside, and researched those chips from their original companies and then went through painstaking trial and error? I guess I find it a bit mysterious. I'm really glad all this information is available but I'm amazed someone figured this all out. How did they go about it? I don't think I'd even know where to start if I tried to figure it out from scratch.

I often wonder about this too. I think it takes a great amount of knowledge in electronics to figure the initial stuff out. Though if you can figure out what programming language something is coded in (which should be doable), then you can fetch the data from a ROM and disassemble it, and study it. If information wasn't leaked, I'd assume this is how a lot of the work was done.

Though there are people like Blargg and Kevtris who have figured out really precise timing stuff where I seriously have no idea how they did it. Like I said, it probably requires a great deal of knowledge in electronics to figure out. I don't have that, unfortunately.

Programmers of unlicensed companies already explained to us a bit of how they did it.

It all started with dumping the ROM of a game program, and by looking at the patterns of bytes they were able to figure out the CPU was basically a 6502. The 6502 was pretty well known, and it's instructions very well documented, so no problem there.

By looking at the program, it was possible to see how it interacted with the other things (such as video and audio).

Looking at how the chips were wired and all probably helped figuring out some of the memory map (what's RAM and what's ROM, things like that).

I imagine that it wasn't possible to get any documentation about the PPU from anyone else other than Nintendo, so I really think that most of it was figured out from looking at how the commercial games interacted with it.

Old NROM games have standard EPROMs in them, it should have been easy to dump them, and figure out the cartridge pinout. Studying disassembled code is comepletely insane tough. I guess it shoud take a while to figure that writes to $2007 writes to VRAM

Anyway, by replacing programms on NROM boards by their own, people can easily test stuff. When Nintendo made more advanced boards with non-standard pinouts, it was too late because the connector layout was already known.
That doesn't apply to other Nintendo conoles tough

I can only imagine the confusion of someone not knowing how the NES works, trying to see how SMB loads it's title screen.

Hacking the rom to change what's written to each reg (one at a time - there's only 8 PPU regs) would give a good initial way to narrow things down.

What I always thought was crazy was the Game Genie code book.

Memblers wrote: What I always thought was crazy was the Game Genie code book.

Were you thinking they came up with the codes by having a thousand monkeys on a thousand Nintendos entering random codes?

MottZilla wrote:

Memblers wrote: What I always thought was crazy was the Game Genie code book.

Were you thinking they came up with the codes by having a thousand monkeys on a thousand Nintendos entering random codes?

Haha, I've done that with one monkey (myself) and it was pretty fun. I can beat Friday the 13th with the homemade SSSSSS code.

Plus, it's funny to imagine someone at Codemasters driving to every game rental place in town. Having all these just-released NES carts sitting around. Someone got paid to basically hack every game in existence.

Bregalad wrote:I guess it shoud take a while to figure that writes to $2007 writes to VRAM

That would start by tracing the CPU address bus on the NES motherboard. As I understand it, there's an 8-way decoder on the NES board. The input is connected to A13 through A15, which can be 0, 2, 4, 6, 8, A, C, or E. When it's 0 (corresponding to a $0000-$1FFF access), the decoder pulls the WRAM chip select. When it's 2 (corresponding to a $2000-$3FFF access), the decoder pulls the PPU chip select. So they'd reason that writes to $2000-$2007 go to that chip. A signal going into the RF module that looks like NTSC video on an oscilloscope also connects to that chip; therefore, it's probably video.

But look how inaccurate the Nesticle PPU is, and it still runs a lot of popular games. So I guess NES game programmers must have programmed defensively, possibly to work around known changes and envisioned future changes to the PPU's low-level behavior. I remember reading Andrew Davie's The Three Stooges post-mortem on the nesdev Yahoo! Group, where he told a story about Nintendo lot check finding a problem with the game's sprite code that resulted in flicker after an hour or two of run time on one obscure PPU revision.