Back to Blog
Dragon warrior rom dump6/6/2023 ![]() I’ve learned that some of the Game Boy Chinese cartridges are sold without battery in them. Reverse engineering a patched Game Boy ROM from a Chinese cartridge without battery Due to my circumstances, I had to follow the second one, and luckily I was successful. The first one is preferable, mainly because the second one may end up being unsuccessful. I came up with two procedures to figure out how to flash the cartridges. I couldn’t find any datasheet on any of the chips, the most I could find are references to the SAMSUNG chips, which seem to be the flash chips. Under the blob there’s probably a chip that acts as a memory controller (MBC5), then one chip will be the flash and the other the SRAM, which keeps its memory after the Game Boy powers off thanks to the battery. We can see that each PCB has two chips that can be seen, a blob and a battery. My first idea was to take a look inside, figure out the flash chip model, find the datasheet and learn how such flash chip is reprogrammed. Grandia - Parallel Trippers | ROM + MBC5 + RAM + Battery | 4096 | 32ĭragon Warrior III | ROM + MBC5 + RAM + Battery | 4096 | 32 ![]() ![]() The games were: Game name | Cart type | ROM (Kb) | RAM (Kb) I choose two games that have big ROMs, to make sure the corresponding flash chip in the cartridges would be big enough to fit most of the Game Boy ROMs. I started by ordering two Game Boy Chinese cartridges from AliExpress. I’ll give details on how I figure out the process. What I will be explaining is how to reflash a Game Boy Chinese cartridge, which I haven’t found explained anywhere. There are already several other projects that do this like the Arduino based GBCartRead by Alex from Inside Gadgets. Information about how to build such system is widely available on the Internet, so I will not be explaining how to do it. I wrote the computer side software in Rust. I built a device that allows all this using the NUCLEO-F411RE ARM development board programmed using the libopencm3. This is already an interesting project, as it allows dumping ROMs from physical cartridges, storing saves, and rewriting them (with the possibility of editing the saved game on your computer). Also rewriting the SRAM would be straightforward. On one hand, the device would allow reading the ROM and SRAM of the cartridge, supporting several memory block controllers (that’s the mechanism Game Boy cartridges use to access more memory than the supported by the 16 bit address space that the Game Boy offers). With all this, I decided to build a Game Boy cartridge reader/writer. Not only that, but these cartridges use flash memory to store the ROM, and so have the potential to be reflashed! I confirmed this fact after learning about a commercial device called the jeoy-joebag, developed by BennVenn After some reading on reddit, I learned that Chinese manufacturers are selling unlicensed Game Boy cartridges at very cheap prices ($5). In the past I considered buying a Game Boy flashcart so that I could run demos and other scene ROMs on real hardware comfortably, but the price of such carts is a bit high. I’ve also played a bit with Game Boy programming. For the past few years I have been interested in the Game Boy: I’ve written an emulator in C (without sound), I developed a physical cartridge “emulator” using a microcontroller, and most recently I’ve built a project to interface my PC with the Game Link.
0 Comments
Read More
Leave a Reply. |