Gameboy Color Boot ROM

top_view_full

It’s only been a week since the Super Gameboy’s boot ROM was dumped by [Costis] and he’s already at it again. This time he’s managed to grab the Gameboy Color’s boot ROM. He found the newer Gameboy Color’s hardware is able to cope with a clock speed up to 100MHz, so the original clock increase trick he used on the Super Gameboy wouldn’t work again.

Instead he discovered a quick disconnection of clock and power before 0xFF50 would make the Gameboy jump to a random area within the ROM. Then it was only a matter of entropy, luck, and some special NOP instructions until eventually he had the boot ROM. Keep up the good work [Costis].

33 thoughts on “Gameboy Color Boot ROM

  1. “Nobody means to be rude when then ask “where do you find the time?” or they say “you have too much time on your hands!”. I understand they mean “wow, that must have taken a long time”. I do find it strange that people can spend an entire weekend watching television (sports, dramas, reality shows) and nobody asks or says the same thing. It’s almost as if our culture has begun to look down on the concept of putting forth effort.”

    ~Dr Doug Frankenstein.

  2. I need to tape the great Dr. Doug Frankenstein’s amazing quote onto my robot.

    I get asked the “too much time on your hands?” thing a lot. I usually ask if smoking pot and playing videogames all day would be a better hobby. They usually stfu.

  3. How about smoking pot and studying botany allowing you to grow more pot which you could then smoke and then study biology which would enable you to grow more pot then you could smoke that pot and study microcontrollers and design an automated garden further freeing up more time to smoke pot and play video games.

    Good job on the boot rom dump, very cool indeed.

  4. “I usually ask if smoking pot and playing videogames all day would be a better hobby.”

    There is absolutely nothing wrong with smoking pot and playing video games all day. There is also nothing wrong with smoking pot and hacking old handheld’s all day.

    I guess you could also do it without the smoking pot part, but why? =D

  5. Those who are continually popping up those recurring “what’s the point” questions, ask yourself this:

    Why did you take up programming?

    Why do you crack open that odd gadget now and then?

    Why do you pour over those data sheets and reference manuals for hours on end?

    Why do you manipulate and operate things outside their specs?

    Have you actually done any of the things mentioned above?

    …more than once in your lifetime?

    If not, why are you on this site?

    If yes, then you should know the answer why.

  6. this is really cool and a lot of work but why work with the SGB/GBC why not the GBA or DS? ive seen amazing hacks done with the GBC already but i mean the GBC is a pretty limited handheld… imagine what could be done with more powerful handhelds…..

  7. For those who feel the need to ask why…it’s simple. You first need to have the boot ROM code figured out before you can begin to do the really cool stuff like put a Linux or other custom OS on. there are other things you can do once you have broken that code open as well…like make custom ones to replace it, that will give expanded/new functionality. A tremendous hack and well done.

  8. @snowdruid

    The Boot ROM in the GBA and NDS is easier to dump becasue it isn’t locked for the code on the card. In fact.

    Those dumps are usefull in the way that they can make the emulators boot just like the original hardware. This will give the user more of the feeling of actually playing on real hardware. In addition, it will help the emulator developers to intergrate support for the unknown I/O feautres of the GBC.

    Some sources states that there is actually a third ROM area inside the GBC CPU dice, at the size of 512 bytes, but that migth just be for decoding purposes (like the IBM PC/XT uses a small piece of ROM [U44] to decode what bank of memory is being addressed).

  9. @frode
    my point exactly its a big achievement all right but why bother with the “old” hardware when the new hardware is easier to hack and way more powerfull

    and as far as i know there are plenty of emulator out there most of them work perfectly with all the games…… i dont really think this will make that much of a difference in that perspective

    but hey thats only my opinion ^^

  10. Want the answer? Here’s the answer: All current Game Boy emulators may run “just fine” to the ignorant folks who just use emulators for L33T FR33 G4M3Z!!111!1one, but for those of us who are actually interested in emulating the systems accurately to the way the hardware actually works, this is a godsend. It means that we no longer have to kludge games into booting by forcing the Z80 CPU to jump directly to 0x100 from power-up, which is not accurate to the way a Z80 works by any stretch of the imagination.

    And for the record, using the actual Game Boy Color boot ROM in MESS – the only emulator to support it thus far – allows you to use certain GBC features that are not currently emulated by any other emulator, such as the ability to select certain special palettes for mono GB games running on the GBC by holding down the D-pad on boot-up.

    Now shut the fuck up already about this “what’s the point” bullshit.

  11. I didn’t say any game didn’t work, but almost all emulators will start the game directly without the GBC intro. It’s not for compability, but for more accurate emulation of the startup sequence (both visually and technically).

    Anyways, the BIOS of the GBA and NDS has already been dumped a long time ago, and there is simply no need to do it again.

  12. @At the the “Why people”

    Because it hasn’t been done and it’s interesting? It also means that emulators come another leap forward in accuracy.. This stuff isn’t going to work forever and the life expectancy can only go down with all the “collectors” spraying WD40 and shit into these things.

  13. @why ask why

    >You first need to have the boot ROM
    >code figured out before you can begin
    >to do the really cool stuff like put a Linux

    Eh? There is already homebrew for the GB.. you could write an OS for the GB, but what would be the point in that,.. there’s not that much memory etc to waste on things you don’t need.

    >like make custom ones to replace it,

    The reason these are difficult to dump is that the ROM is embedded inside the same package as something else (like the CPU or something) and doesn’t expose any lines that could be used to read it directly.. so the only way of reading this type of ROM is via something that has access to it; In this case access to the ROM is disabled before any external code can be executed. So it’s “impossible” to read the ROM. Hence you need hacks like this or do like the guy did with the original GB;- Dissolve the casing off of the chip and manually read the bits from the ROM with a microscope. Not much fun eh?

    >that will give expanded/new functionality.

    You can’t replace this ROM, it’s embedded in the chip! you don’t need to replace it either.. you can load your own code from the cartridge bus.

  14. Of course this hack is pointless. Gameboy emulators work perfectly, and making gameboy games does not require knowledge of the boot ROM.

    However, that boot ROM is information, and even useless information can’t sit around forever before someone will try to reverse-engineer it, just to prove that it can be done.

    Also, as others have said, the concepts used here can be applied to other electronics, and I suspect that some badly-engineered DRM chips may be feeling the effects of this sooner or later, as clock speeds climb.

  15. > You can’t replace this ROM, it’s embedded in the chip! you don’t need to replace it either.. you can load your own code from the cartridge bus.

    When your goal is to replicate a game boy in an FPGA (like the OP, or someone else in the scene is doing) you do need the data, and you can indeed replace it.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.