Hacked Punch-Out Controlled With Actual Punches

November 10, 2021 by Dave Rowntree 6 Comments

In a slightly safer departure away from jetpack roller-skating and flinging around bolts of lightning, [Ian Charnas] has been hacking retro video games. After a lot of hard work [Ian] has managed to add pose estimation to control the character in the NES boxing game “Punch-Out.” Surely he can’t get hurt doing that? No, but since it wasn’t fair to hurt the poor suffering characters, without taking any damage himself, he added electric-shock feedback to give the game a bit more, ahem, punch. See, you can get hurt playing video games!

By starting with Google MoveNet, which is a pre-baked skeletal tracking model which can run in a browser using TensorFlowJS, he defined some simple heuristics for the various boxing moves usually performed with the game controller. Next, he needed to get the game. Being a all-round good guy, [Ian] bought an original copy of the game cartridge to obtain the license, then using the USB CopyNES from RetroUSB, dumped out the game binary for the next step.

Emulation of the NES hardware was chosen, taken care of by FCEUX, in order to run the game and the posture model on the same machine. This simplified the control of the game, since it would be somewhat more work to have it run on the original NES. By using emscripten, FCEUX was cross-compiled to WebAssembly, and so both the game and control side are both in the land of JavaScript. To be honest, after playing the game a little, [Ian] found it far too fast to be playable with posture control, as opposed to much faster button pressing, so some game hacking was required. Emulation made this much easier.

It took [Ian] around two months of disassembling the game binary, and figuring out the game logic around the characters in order to slow them down enough to make it playable, but he did manage it. You can be the judge, since he bought a bunch more cartridges to unlock more license copies, you can play it too. Just don’t add the electric-shock part, nobody needs to be administered electric shock therapy from a two inch high bright orange Mike Tyson!

Continue reading “Hacked Punch-Out Controlled With Actual Punches” →

the conversion from hynix SRAM to FRAM on a Pokemon Yellow PCB

Pokemon Time Capsule

November 8, 2021 by Matthew Carlson 17 Comments

The precious Pokemon we spent hours capturing in the early nineties remain trapped, not just by pokeballs, but within a cartridge ravaged by time. Generally, Pokemon games before the GameBoy Advance era had SRAM and a small coin cell to save state as NVRAM (Non-volatile random access memory) was more expensive. These coin cells last 10-15 years, and many of the Pokemon games came out 20 years ago. [9943246367] decided to ditch the battery and swap the SRAM for a proper NVRAM on a Pokemon Yellow cartridge, 23 years later.

The magic that makes it work is a FRAM (ferroelectric random access memory) made by Cypress that is pin-compatible with the 256K SRAM (made by SK Hynix) on the original game cartridge PCB. While FRAM data will only last 10 years, it is a write-after-read process so as long as you load your save file every 10 years, you can keep your Pokemon going for decades. For stability, [9943246367] added a 10k pull-up on the inverted CE (chip enable) pin to make sure the FRAM is disabled when not in use. A quick test shows it works beautifully. Overall, a clever and easy to have to preserve your Pokemon properly.

Since you’re replacing the chip, you will lose the data if you haven’t already. Perhaps you can use [Selim’s] Pokemon Transporter to transport your pokemon safely from the SRAM to the FRAM.

Adding Wireless Charging To The Switch Lite

October 13, 2021 by Tom Nardi 3 Comments

The Nintendo Switch is a monstrously popular machine, and it’s had no difficulty raking in the bucks for the Japanese gaming giant, but there’s no denying that it’s technologically a bit behind the curve. Until the long-rumored “Pro” version of the Switch materializes, industrious gamers like [Robotanv] will simply have to make up for Nintendo’s Luddite ways by hacking in their own upgraded hardware.

In this case, [Robotanv] wanted to add Qi wireless charging to his Switch Lite. He figured that if all of his other mobile devices supported the convenient charging standard, why not his portable gaming system? Luckily, the system already supports the increasingly ubiquitous USB-C, so finding an aftermarket Qi receiver that would connect to it was no problem. He just needed to install it into the handheld’s case.

After liberating the Qi receiver from its protective pouch enclosure to get it a bit thinner, [Robotanv] taped it to the inside of the system’s case and ran thin wires to the rear of the USB-C port. As luck would have it, Nintendo was kind enough to put some test pads for the power pins right behind the port, which made for an ideal spot to connect the charger.

At first he only connected the positive and negative lines from the charger, but quickly realized he also had to connect the CC pin to get the juice flowing. After that, it was just a matter of buttoning the system back up. All told, it looks like a pretty simple modification for anyone who’s not bashful about taking a soldering iron to their $199 console.

We’ve seen these Qi receivers retrofitted into devices before, and it remains an excellent way to add the feature not only to commercial products, but to your own projects.

Continue reading “Adding Wireless Charging To The Switch Lite” →

Mouse And Keyboard Controls On The N64

October 1, 2021 by Lewin Day 11 Comments

The Nintendo 64 was one of the consoles that properly heralded in the era of 3D gaming. However, its controller is of a design we wouldn’t consider ideal today. For the FPS games that were so popular on the N64, a mouse and keyboard could do much better. [The Hypocaust] set out to make it happen.

The N64 polls the controller and receives button and analog stick data in return. Four bytes are sent by the controller, with 14 bits covering the buttons and 8 bits covering the horizontal and vertical axes of the analog stick, respectively. Thus, if keyboard presses and mouse movements from a PC could be pumped to a microcontroller which reformatted the data into signals the N64 could understand, everything would work nicely.

Initial attempts to get things working with code borrowed from a [James Read] faced an issue of a 3-second lag between keypresses and actions reaching the N64. Upgrading to a faster microcontroller only made things worse, taking the lag out to a full 16 seconds. The problem? The code borrowed for the project was storing keypresses in a buffer that was creating the delay. Once eliminated, the system worked.

An installer for the software is available, but you’ll have to be comfortable with running a strange executable if you want to use it. We’ve seen similar work before too, such as the USB64 project. Video after the break.

Continue reading “Mouse And Keyboard Controls On The N64” →

EM-Glitching For Nintendo DSi Boot ROMs

September 11, 2021 by Jenny List 2 Comments

Some hacker events are muddy and dusty affairs in distant fields, others take place in darkened halls, but I went to one that can be experienced as a luxury break in a European city steeped in culture and history. Newline takes place at Hackerspace Gent, in the Belgian city of that name, and I was there last weekend to catch the atmosphere as well as the programme of talks and workshops. And of those a good start was made by [PoroCYon], whose fascinating introduction to the glitching techniques involved in recovering the boot ROMs from a Nintendo DSi taught us plenty of things we hadn’t seen before.

The talk which you’ll find below the break starts by describing the process of glitching — using power supply interference to interrupt the operation of a microprocessor and avoid certain instructions — to bypass security code. It then moves on to some of the protection mechanisms used in the various generations of Nintendo consoles and handhelds, before moving on to the work on the DSi at which point the talk moved onto a field which may be old hat in glitching circles but was new to me; that of EM glitching.

EM glitching involves using a small coil to generate precisely timed electromagnetic pulses which induce the glitch voltages in the chip. The fascinating part is that the EM probe can be made small enough to target individual areas of the chip, so using it involves a brute-force technique trying all combinations of timing and position with the probe held in a computer-controlled X-Y mount.

The DSi has two processors on board, this achieves success with the ARM7 but leaves its companion ARM9 as yet untapped. There are a promising set of attack vectors left to try, of which the ARM7 placing the ARM9 into a state from which it can be glitched seems to be the most promising. It’s fairly obvious that there’s plenty more to come from this quarter.

More details of the talk can be found in this repository, and for those interested in EM glitching you can find out more in this video and in this project using it to attack a Gecko microcontroller.

Continue reading “EM-Glitching For Nintendo DSi Boot ROMs” →

GateBoy Is A Game Boy Emulated At Gate Level

September 7, 2021 by Lewin Day 26 Comments

Old game systems are typically the most popular targets for emulation. With huge communities of fans wanting to recreate the good times of yesteryear, most old systems have all been brought back to life in this manner. However, some simply dive into emulation for the technical challenge, and [Austin Appleby] has done just that with GateBoy.

GateBoy is a project to emulate the Game Boy logic gate by logic gate. It’s a lower level approach that builds upon earlier work [Austin] did on a project called MetroBoy, which we featured previously.

The emulator was created by painstakingly reverse-engineering the logic of the Game Boy. This was done by poring over die shots of the actual DMG-01 CPU silicon. GateBoy emulates most of the chip, though avoids the audio hardware at this stage.

Presently, GateBoy runs at roughly 6-8 frames per second on a modern 4GHz CPU. As it turns out, emulating all those gates and the various clock phases at play in the DMG-01 takes plenty of processing power. However, compilation optimizations do a lot of heavy lifting, so in some regards, GateBoy runs impressively quickly for what it is.

[Austin] still has plenty of work to do before GateBoy is completely operational, and there are some strange quirks of the Game Boy hardware that still need to be figured out. Regardless, it’s a fantastic academic exercise and a noble effort indeed. Meanwhile, you might like to check out the Game Boy emulator that runs just one single game.

Pokemon Time Machine Lets You Really Catch ‘Em All

August 25, 2021 by Tom Nardi 14 Comments

Since 1996 the Pokemon series of games has moved through eight distinct generations, which roughly parallel the lineage of Nintendo’s handheld gaming systems. While the roster of “pocket monsters” has been updated steadily, players have had the option of bringing captured Pokemon from the older games into the newer releases. But there’s always been a gap in this capability. Due to hardware differences, the Game Boy and Game Boy Color generations of games were physically unable to communicate with the titles released for the Game Boy Advance.

But soon, that may no longer be the case. [Selim] is hard at work on Lanette’s Poke Transporter, a hardware and software solution for bringing Pokemon from the first and second generation games onto the third generation GBA games. Once they’ve been loaded there, players can move the creatures all the way up into the contemporary Pokemon games via official means.

The first Pokemon to make the generational leap.

The project was started in July of 2020, with [Selim] first focusing on the logistical challenges of bringing such early Pokemon into the newer games. Because so much changed between the different generations, there are many sanity checks that need to be made during the transfer. For example, the moves and techniques that the creatures are able to learn isn’t necessarily consistent between these early entries into the series. But after about a year of effort, the software side worked reliably on emulated games, and it was time to start thinking about the hardware.

Ultimately, [Selim] wants to create a physical device into which players can insert their Pokemon cartridges and trigger an automatic transfer. The code is already able to read and write to the cartridges, and has been ported over to Arduino so it doesn’t need a computer to run. A few prototype PCBs have been created, and beyond the inevitable bodges, it seems like they’re functional. There’s still breadboards and jumpers for as far as the eye can see, but this is the first step towards producing a dedicated Pokemon “time machine” that can transport them from the late 1990s to the present day.

With [stacksmashing] recently showing that the Raspberry Pi Pico is fast enough to emulate the Game Boy’s “Link Cable” accessory, and the protocol for trading Pokemon over the wire fairly well understood, we wonder if one day this technique couldn’t be done in real-time between linked handhelds. If you can make two copies of Tetris connect to each other over the Internet, it seems like you’d have enough time to fiddle with a Charizard’s stats.