Super Game Boy boot ROM dumped

gameboy_boot_rom_dump_hardware

[Costis] managed to dump a copy of the boot ROM for the Nintendo Super Game Boy. This small piece of code (256 bytes) writes a graphic to the display at boot time as it loads the ROM on the game cartridge. He was able to dump the code by finding the exact point at which the device locks down the boot ROM. Just as that point approached he overclocked the device causing it operate so fast it couldn’t write the lockout bits into the register. Once past that single point of security, he executes a code that writes the boot rom out to a different address that he is able to read from. He’s got a copy of the dump along with the explanation up for your enjoyment.

[Thanks Anthony]

31 thoughts on “Super Game Boy boot ROM dumped

  1. There was great news in the GB scene a short while ago, when Neviksti from CherryRom forums announced that he had been able to extract the BIOS image from the original GameBoy by decapping the chip, staining the ROM, and using a really powerful microscope to individually resolve and read out each bit one by one.

    Damn..

  2. This is an awesome. I likely think this because its out of my league at the present time. And reading bits manually on a stained rom? That is just hardcore (or maybe over the top?).

  3. so he spoonfed clocks to the cpu until the crucial point, then superclocked it so that the write cycles got choked and then went on. this is brilliantly clever! i hope there will be a de1 port of fpgaboy, too :D

  4. The best hacks are the most useless, why he would want to do this i don’t know, but full marks for effort, i agree with Entropia, it makes a nice change to see a real hack, still don’t know why a SGB though, but well done

  5. I think this is very cool as well, anybody mind answering why however? Like why would somebody want to extract the GB bios or the super game boy boot rom? Aren’t these retro emulators (especially GB ones) more then excellent as it is?

    Thanks!

  6. Sometimes a hack is cool, not because it’s useful in itself, but because of what it inspires.

    We all know there are good GB emulators out there, but seeing this has got me wondering what other systems can be broken with a well-timed race condition?

    I’m thinking phones with a useful amount of processing power and a few in/out connections etc.

    For me, the joy of a hack is often that wonderful feeling of being someplace you shouldn’t be. ;-)

    Surely I can’t be the only one whose greatest pleasures are the guilty ones?

  7. @WeblionX
    seriosly i had something like that but it was a switch. i was takeing the place of a formor admin and he had labled a box “DO NOT USE” and its critical to it functioning…

  8. There must be many ways to get in without such a silly thing as using a microscope, and this is just one of them, clever though this one.

  9. using a microscope to read bits under a microscope = obsessed

    Finding a JTAG, DMA injection, and RAM bus tapping are pretty common now days with embedded reversing.

    If you reverse, and you can’t do that and manually analyze machine code, AND unpack mutating and virtualized protectors/packers you’re pretty much out of the scene unless you’re cracking PE with poor protectors in batches.

  10. I’m amazed this works. I mean, when you overclock it, one of any number of things could go wrong, and he was very lucky that the processor state was kept/recovered to a working state, and that the PC was successfully incremented while the flags register wasn’t.

  11. Fuck yeah! That is what hacking is all about! Mad propz to that guy!

    Also, to anyone who ever does die-staining to reverse engineer anything. You have my utmost respect!

    Hack the planet!

  12. First off: Nice, we finally have something worth reading again.

    Second: I’m surprised this works. All of the wires that are in that bunch are bound to cause signal integrity issues. Regardless, kudos.

  13. This is the true essence of classical hacking: wondering if you can do something difficult, then satisfying your curiosity with hard work and cleverness! If all human activity was based around solving an immediate practical problem, humankind would never have developed beyond perfecting the bow and arrow. After you do the “useless” interesting thing, some other guy who has a related problem adapts it and advances us all forward.

  14. The people asking “why aren’t current Game Boy emulators good enough” and calling this hack useless are broadcasting their ignorance for all to see.

    Current Game Boy emulators support SGB games through kludgy hacks that trick the games into thinking they’re running on a real SGB. You can’t use any of the features that were available on the original SGB. Having an actual boot ROM opens the door for properly emulating a Super Game Boy *and* the SNES to which it’s connected.

  15. WHO ARE YOU AND WHAT HAVE YOU DONE WITH THE HACKADAY CREW!? My god, leave them where ever you have them, and keep doing these kinds of things!

    Besides being a rat nest of wires, this is what hacking is. Well even the rat nest of wires is too. Props my friend, keep it up and ignore the bad writes. You are indeed a hacker.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s