Gameboy Color boot ROM

top_view_full

It’s only been a week since the Super Gameboy’s boot ROM was dumped by [Costis] and he’s already at it again. This time he’s managed to grab the Gameboy Color’s boot ROM. He found the newer Gameboy Color’s hardware is able to cope with a clock speed up to 100MHz, so the original clock increase trick he used on the Super Gameboy wouldn’t work again.

Instead he discovered a quick disconnection of clock and power before 0xFF50 would make the Gameboy jump to a random area within the ROM. Then it was only a matter of entropy, luck, and some special NOP instructions until eventually he had the boot ROM. Keep up the good work [Costis].

Comments

  1. gman says:

    who would have this much time on their hands? what is the point of this?

  2. Hiroe says:

    “Nobody means to be rude when then ask “where do you find the time?” or they say “you have too much time on your hands!”. I understand they mean “wow, that must have taken a long time”. I do find it strange that people can spend an entire weekend watching television (sports, dramas, reality shows) and nobody asks or says the same thing. It’s almost as if our culture has begun to look down on the concept of putting forth effort.”

    ~Dr Doug Frankenstein.

  3. medix says:

    Thanks Hiroe. More people need to hear that.

  4. andrew says:

    Hiroe I was just about to copy-paste that too :)

  5. Pilotgeek says:

    I need to tape the great Dr. Doug Frankenstein’s amazing quote onto my robot.

    I get asked the “too much time on your hands?” thing a lot. I usually ask if smoking pot and playing videogames all day would be a better hobby. They usually stfu.

  6. Dom says:

    It looks impressive but what is the end goal?

  7. Ayush says:

    Thank you Hiroe

    gman…what the hell? I ask you…what have you contributed to this society?

  8. M4CGYV3R says:

    “I usually ask if smoking pot and playing videogames all day would be a better hobby.”

    That’s not a great use of your time, but if you smoke pot and write your own video games, that makes it more worthwhile.

  9. Thedudefrommiamivice says:

    How about smoking pot and studying botany allowing you to grow more pot which you could then smoke and then study biology which would enable you to grow more pot then you could smoke that pot and study microcontrollers and design an automated garden further freeing up more time to smoke pot and play video games.

    Good job on the boot rom dump, very cool indeed.

  10. djdrewsgrl09 says:

    That is pretty cool.

    @Thedudefrommiamivice – your really retarded for your stupid pot comment. an just so you know.. it is not dump, it is good information.

  11. AMediumPace says:

    I think djdrewsgrl09 doesn’t know what a dump is.

  12. Gosh says:

    “I usually ask if smoking pot and playing videogames all day would be a better hobby.”

    There is absolutely nothing wrong with smoking pot and playing video games all day. There is also nothing wrong with smoking pot and hacking old handheld’s all day.

    I guess you could also do it without the smoking pot part, but why? =D

  13. clark says:

    @djdrewsgrl09 – and now thanks to your comment, we have the pot calling the kettle black.

    C’mon google these terms before commenting or taking a dump on this thread.

  14. SZ says:

    The only question that remains:
    Will it play the melody of Funky Town?

  15. octel says:

    @djdrewsgrl09
    You just took a big dump on this thread

    (Also, learn basic English. “Your” is not the same as “you’re”.)

  16. Ed says:

    Nice work!

    I wish I had the skills and the equipment to do this sort of thing.

  17. Tachikoma says:

    Those who are continually popping up those recurring “what’s the point” questions, ask yourself this:

    Why did you take up programming?

    Why do you crack open that odd gadget now and then?

    Why do you pour over those data sheets and reference manuals for hours on end?

    Why do you manipulate and operate things outside their specs?

    Have you actually done any of the things mentioned above?

    …more than once in your lifetime?

    If not, why are you on this site?

    If yes, then you should know the answer why.

  18. snowdruid says:

    this is really cool and a lot of work but why work with the SGB/GBC why not the GBA or DS? ive seen amazing hacks done with the GBC already but i mean the GBC is a pretty limited handheld… imagine what could be done with more powerful handhelds…..

  19. irlolcopter says:

    No ones answered the question.. What is the significance of this? custom boot images?

    +1 for the automated pot garden

  20. why ask why says:

    For those who feel the need to ask why…it’s simple. You first need to have the boot ROM code figured out before you can begin to do the really cool stuff like put a Linux or other custom OS on. there are other things you can do once you have broken that code open as well…like make custom ones to replace it, that will give expanded/new functionality. A tremendous hack and well done.

  21. frode says:

    @snowdruid

    The Boot ROM in the GBA and NDS is easier to dump becasue it isn’t locked for the code on the card. In fact.

    Those dumps are usefull in the way that they can make the emulators boot just like the original hardware. This will give the user more of the feeling of actually playing on real hardware. In addition, it will help the emulator developers to intergrate support for the unknown I/O feautres of the GBC.

    Some sources states that there is actually a third ROM area inside the GBC CPU dice, at the size of 512 bytes, but that migth just be for decoding purposes (like the IBM PC/XT uses a small piece of ROM [U44] to decode what bank of memory is being addressed).

  22. snowdruid says:

    @frode
    my point exactly its a big achievement all right but why bother with the “old” hardware when the new hardware is easier to hack and way more powerfull

    and as far as i know there are plenty of emulator out there most of them work perfectly with all the games…… i dont really think this will make that much of a difference in that perspective

    but hey thats only my opinion ^^

  23. MooglyGuy says:

    Want the answer? Here’s the answer: All current Game Boy emulators may run “just fine” to the ignorant folks who just use emulators for L33T FR33 G4M3Z!!111!1one, but for those of us who are actually interested in emulating the systems accurately to the way the hardware actually works, this is a godsend. It means that we no longer have to kludge games into booting by forcing the Z80 CPU to jump directly to 0x100 from power-up, which is not accurate to the way a Z80 works by any stretch of the imagination.

    And for the record, using the actual Game Boy Color boot ROM in MESS – the only emulator to support it thus far – allows you to use certain GBC features that are not currently emulated by any other emulator, such as the ability to select certain special palettes for mono GB games running on the GBC by holding down the D-pad on boot-up.

    Now shut the fuck up already about this “what’s the point” bullshit.

  24. medix says:

    @Thedudefrommiamivice: Sounds like you need a hobby as well.

  25. frode says:

    I didn’t say any game didn’t work, but almost all emulators will start the game directly without the GBC intro. It’s not for compability, but for more accurate emulation of the startup sequence (both visually and technically).

    Anyways, the BIOS of the GBA and NDS has already been dumped a long time ago, and there is simply no need to do it again.

  26. cantido says:

    @At the the “Why people”

    Because it hasn’t been done and it’s interesting? It also means that emulators come another leap forward in accuracy.. This stuff isn’t going to work forever and the life expectancy can only go down with all the “collectors” spraying WD40 and shit into these things.

  27. cantido says:

    @why ask why

    >You first need to have the boot ROM
    >code figured out before you can begin
    >to do the really cool stuff like put a Linux

    Eh? There is already homebrew for the GB.. you could write an OS for the GB, but what would be the point in that,.. there’s not that much memory etc to waste on things you don’t need.

    >like make custom ones to replace it,

    The reason these are difficult to dump is that the ROM is embedded inside the same package as something else (like the CPU or something) and doesn’t expose any lines that could be used to read it directly.. so the only way of reading this type of ROM is via something that has access to it; In this case access to the ROM is disabled before any external code can be executed. So it’s “impossible” to read the ROM. Hence you need hacks like this or do like the guy did with the original GB;- Dissolve the casing off of the chip and manually read the bits from the ROM with a microscope. Not much fun eh?

    >that will give expanded/new functionality.

    You can’t replace this ROM, it’s embedded in the chip! you don’t need to replace it either.. you can load your own code from the cartridge bus.

  28. its not switching the gb off, but the clock

  29. Phazmatis says:

    Of course this hack is pointless. Gameboy emulators work perfectly, and making gameboy games does not require knowledge of the boot ROM.

    However, that boot ROM is information, and even useless information can’t sit around forever before someone will try to reverse-engineer it, just to prove that it can be done.

    Also, as others have said, the concepts used here can be applied to other electronics, and I suspect that some badly-engineered DRM chips may be feeling the effects of this sooner or later, as clock speeds climb.

  30. cantido says:

    @Phazmatis

    You might want to read mooglyguy’s post before you start tooting your own, ill informed, horn.

  31. r4v5 says:

    > You can’t replace this ROM, it’s embedded in the chip! you don’t need to replace it either.. you can load your own code from the cartridge bus.

    When your goal is to replicate a game boy in an FPGA (like the OP, or someone else in the scene is doing) you do need the data, and you can indeed replace it.

  32. 100 MHz for a GameBoy, that’s pretty much for this “old” hardware, is there anyway to overclock the first GameBoy (not the Color one)?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 93,625 other followers