Hey all!
After successfully implementing the hardware for a few mappers I thought it would be cool to implement the hardware for the game genie so that i could use some game genie codes with my emu!! Anyone know where I can find some good docs on how the GG codes and the hardware works?
I have no idea how this thing works except that it redirects addresses from the CPU or something like that.
I'd really appreciate any info you guys have!
THANKS!
Jonathon
Docs on game genie hardware?
Moderator: Moderators
These are the notes I have on it. You should take a look at its boot ROM and run it in an emulator with a debugger to see what it does. The Genie intercepts reads from $8000-$FFFF. It can intercept up to three addresses, and either unconditionally cause a new value to be read back, or do that only if the byte that would have been read back matches some compare value. The compare feature is basically a cheap way to make it work with bank switching, without it having to know exactly how it works, though it wouldn't work if a game happened to have the same byte at that address in different banks that get selected, and you wanted to patch in only one bank.
Original code writes 0 to $FFF0, $FFF1, $FFF0. Not sure whether this causes the GG to do anything. Original code then writes registers in reverse order. GG fills unused codes with $FF. $8000 should be written last, with low bit set, then written with zero.
I believe the disables and enables have the lowest bit corresdponding to the first code, highest bit the last.
EDIT: corrected $FF00 to $FFF0.
Original code writes 0 to $FFF0, $FFF1, $FFF0. Not sure whether this causes the GG to do anything. Original code then writes registers in reverse order. GG fills unused codes with $FF. $8000 should be written last, with low bit set, then written with zero.
Code: Select all
$8000 -DDDCCCG Disables, Compare enables, Genie enable
$8001 0HHHHHHH High bits of address (bit 15 assumed 1)
$8002 LLLLLLLL Low bits of address
$8003 CCCCCCCC Compare value (0 if unused)
$8004 RRRRRRRR Replacement value
$8005-$8008 Second code, same as above
$8009-$800C Third code, same as above
EDIT: corrected $FF00 to $FFF0.
Last edited by blargg on Fri Jun 11, 2010 1:48 am, edited 1 time in total.
Awesome Blargg!!! Thanks!! I'm actually very surprised how hard it is to find reverse engineering info on the GG. I thought for sure I would find a slew of info on the Wiki or on the NesDev front page.
Ideally I'd like to actually be able to run the GG software and have it control a my replication of the game genie hardware (to have it be the most authentic). I'm surprised no one has RE'd the hardware....but I guess once you know how the codes work why would you need to RE the original hardware that the software ran on. Lol.
If anyone has more notes/docs let me know! I might be able to get by with what I have now but I haven't read everything to know yet.
Pz!
Jonathon
Ideally I'd like to actually be able to run the GG software and have it control a my replication of the game genie hardware (to have it be the most authentic). I'm surprised no one has RE'd the hardware....but I guess once you know how the codes work why would you need to RE the original hardware that the software ran on. Lol.
If anyone has more notes/docs let me know! I might be able to get by with what I have now but I haven't read everything to know yet.
Pz!
Jonathon
Hello all! I just wanted to post an update on my emu regarding this. I just finished implementing the hardware for the original game genie in Verilog HDL for my emu. Works like a champ! It runs the original Game Genie ROM and can have an arbitrary number of codes and it has the ability to enable/disable codes during gameplay. Thanks a lot to Blargg for providing the RE'ing knowledge.
Just one minor correction to Blargg's original RE'ing info. he stated that the first address written to by the genie is $FF00. But it is in fact, $FFF0. So the full sequence is $FFF0, $FFF1, $FFF0.
Now I can finally play some of these ridiculously hard games for more than a minute. lol. This will be a great help when I'm play testing.
I also found more/duplicate info on the genie in this post:
http://nesdev.com/bbs/viewtopic.php?t=4271
Pz!
Jonathon
Just one minor correction to Blargg's original RE'ing info. he stated that the first address written to by the genie is $FF00. But it is in fact, $FFF0. So the full sequence is $FFF0, $FFF1, $FFF0.
Now I can finally play some of these ridiculously hard games for more than a minute. lol. This will be a great help when I'm play testing.
I also found more/duplicate info on the genie in this post:
http://nesdev.com/bbs/viewtopic.php?t=4271
Pz!
Jonathon