Super Game Boy boot ROM dumped

posted Sep 18th 2009 10:45am by Mike Szczys
filed under: gameboy hacks, security hacks

gameboy_boot_rom_dump_hardware

[Costis] managed to dump a copy of the boot ROM for the Nintendo Super Game Boy. This small piece of code (256 bytes) writes a graphic to the display at boot time as it loads the ROM on the game cartridge. He was able to dump the code by finding the exact point at which the device locks down the boot ROM. Just as that point approached he overclocked the device causing it operate so fast it couldn’t write the lockout bits into the register. Once past that single point of security, he executes a code that writes the boot rom out to a different address that he is able to read from. He’s got a copy of the dump along with the explanation up for your enjoyment.

[Thanks Anthony]

Comments [30]

tagged: boot, game boy, rom, super game boy

Reader Comments

You know that red button you’re not supposed to press? Press it.

Posted at 11:02 am on Sep 18th, 2009 by WeblionX

There was great news in the GB scene a short while ago, when Neviksti from CherryRom forums announced that he had been able to extract the BIOS image from the original GameBoy by decapping the chip, staining the ROM, and using a really powerful microscope to individually resolve and read out each bit one by one.

Damn..

Posted at 11:02 am on Sep 18th, 2009 by john

I guess this would be useful for more perfectly emulating the GB? In any case, nice hack.

Posted at 11:23 am on Sep 18th, 2009 by nave.notnilc

A nice hack for a change. Getting tired of all the useless email-notifier-Arduino-crappies.

Posted at 11:50 am on Sep 18th, 2009 by Entropia

But did they get it to twitter via Zigbee?

it’s not a hack unless it’s twittering with a zigbee!

Posted at 11:54 am on Sep 18th, 2009 by farthead

This is an awesome. I likely think this because its out of my league at the present time. And reading bits manually on a stained rom? That is just hardcore (or maybe over the top?).

Posted at 11:59 am on Sep 18th, 2009 by Chris

so he spoonfed clocks to the cpu until the crucial point, then superclocked it so that the write cycles got choked and then went on. this is brilliantly clever! i hope there will be a de1 port of fpgaboy, too :D

Posted at 12:06 pm on Sep 18th, 2009 by svofski

The best hacks are the most useless, why he would want to do this i don’t know, but full marks for effort, i agree with Entropia, it makes a nice change to see a real hack, still don’t know why a SGB though, but well done

Posted at 12:42 pm on Sep 18th, 2009 by Funky Gibbon

‘Grats hack a day. This is worthy!

Posted at 1:06 pm on Sep 18th, 2009 by Brandonman

i am very impressed!

Posted at 1:16 pm on Sep 18th, 2009 by beStill

I think this is very cool as well, anybody mind answering why however? Like why would somebody want to extract the GB bios or the super game boy boot rom? Aren’t these retro emulators (especially GB ones) more then excellent as it is?

Thanks!

Posted at 1:31 pm on Sep 18th, 2009 by Mark

this is indeed a hack

Posted at 2:23 pm on Sep 18th, 2009 by lol

Sometimes a hack is cool, not because it’s useful in itself, but because of what it inspires.

We all know there are good GB emulators out there, but seeing this has got me wondering what other systems can be broken with a well-timed race condition?

I’m thinking phones with a useful amount of processing power and a few in/out connections etc.

For me, the joy of a hack is often that wonderful feeling of being someplace you shouldn’t be. ;-)

Surely I can’t be the only one whose greatest pleasures are the guilty ones?

Posted at 2:57 pm on Sep 18th, 2009 by Richard

Maybe this could somehow assist with a tv display for the DS.

Posted at 5:14 pm on Sep 18th, 2009 by RamenAlchemist

@WeblionX
seriosly i had something like that but it was a switch. i was takeing the place of a formor admin and he had labled a box “DO NOT USE” and its critical to it functioning…

Posted at 6:36 pm on Sep 18th, 2009 by monkeyslayer56

useless

Posted at 7:08 pm on Sep 18th, 2009 by Bill Hates

This guy knows his stuff but man I wish he used something better then like a iphone camera to document the project.

Posted at 7:24 pm on Sep 18th, 2009 by LukeS

There must be many ways to get in without such a silly thing as using a microscope, and this is just one of them, clever though this one.

Posted at 7:49 pm on Sep 18th, 2009 by Wwhat

!, thats allot of wires! but still awesome.

Posted at 8:16 pm on Sep 18th, 2009 by TheFish

using a microscope to read bits under a microscope = obsessed

Finding a JTAG, DMA injection, and RAM bus tapping are pretty common now days with embedded reversing.

If you reverse, and you can’t do that and manually analyze machine code, AND unpack mutating and virtualized protectors/packers you’re pretty much out of the scene unless you’re cracking PE with poor protectors in batches.

Posted at 10:15 pm on Sep 18th, 2009 by tjhooker

@tjhooker: hack a day isn’t really about the scene

Posted at 11:44 pm on Sep 18th, 2009 by Kyle

I’m amazed this works. I mean, when you overclock it, one of any number of things could go wrong, and he was very lucky that the processor state was kept/recovered to a working state, and that the PC was successfully incremented while the flags register wasn’t.

Posted at 12:14 am on Sep 19th, 2009 by O Mattos

Very impressive hack! Do that to some satellite dishes and you will be rolling in the dough. :)

Posted at 12:38 am on Sep 19th, 2009 by Alan Parekh

Fuck yeah! That is what hacking is all about! Mad propz to that guy!

Also, to anyone who ever does die-staining to reverse engineer anything. You have my utmost respect!

Hack the planet!

Posted at 4:22 am on Sep 19th, 2009 by Bah

Useless hacks are the best hacks; practicality is boring, leave that for the engineers.

Posted at 8:04 am on Sep 19th, 2009 by devin

First off: Nice, we finally have something worth reading again.

Second: I’m surprised this works. All of the wires that are in that bunch are bound to cause signal integrity issues. Regardless, kudos.

Posted at 9:14 am on Sep 19th, 2009 by ngth

This is the true essence of classical hacking: wondering if you can do something difficult, then satisfying your curiosity with hard work and cleverness! If all human activity was based around solving an immediate practical problem, humankind would never have developed beyond perfecting the bow and arrow. After you do the “useless” interesting thing, some other guy who has a related problem adapts it and advances us all forward.

Posted at 10:43 am on Sep 19th, 2009 by Don Cross

The people asking “why aren’t current Game Boy emulators good enough” and calling this hack useless are broadcasting their ignorance for all to see.

Current Game Boy emulators support SGB games through kludgy hacks that trick the games into thinking they’re running on a real SGB. You can’t use any of the features that were available on the original SGB. Having an actual boot ROM opens the door for properly emulating a Super Game Boy *and* the SNES to which it’s connected.

Posted at 1:46 pm on Sep 19th, 2009 by MooglyGuy

WHO ARE YOU AND WHAT HAVE YOU DONE WITH THE HACKADAY CREW!? My god, leave them where ever you have them, and keep doing these kinds of things!

Besides being a rat nest of wires, this is what hacking is. Well even the rat nest of wires is too. Props my friend, keep it up and ignore the bad writes. You are indeed a hacker.

Posted at 3:20 pm on Sep 19th, 2009 by Greycode

He’s one of my heroes. I already wondered what he was up to lately.

Posted at 3:43 pm on Sep 19th, 2009 by DarkFader

Super Game Boy boot ROM dumped

Recent Posts

Reader Comments

Leave a Reply

Hacks

Resources

RSS newsfeeds

Most commented on (30 days)

Recent comments