Reverse engineering the Genius GB Pocket Station

Discussion of programming and development for the original Game Boy and Game Boy Color.
Post Reply
BennVenn
Posts: 107
Joined: Sat Mar 29, 2014 10:01 pm
Location: Australia
Contact:

Reverse engineering the Genius GB Pocket Station

Post by BennVenn »

Hey!

I'm writing up a series of GB hacking pages, starting of with reverse engineering the pocket station (going to re-program the CPLD once reversed to see how close I got), then going onto defeating copy protection on GBA games (YES! I have found a bunch of GBA bootlegs with actual copy protection, smart stuff too!), and a few other projects I have going on.

This is my first real go at 'blogging' so feel free to jump in and give pointers. I've started a FB page where you'll find links to my latest blogs.

Also happy to do a section on coding mappers in CPLD's, I'm building a NES USB flash cart so that'll be documented too, as well as my new NES cart dumper which will be available in a couple of weeks. Anything related you want to see, we can make it happen.

Lots going on!

Come by and say hi.

Ben
User avatar
Dwedit
Posts: 4922
Joined: Fri Nov 19, 2004 7:35 pm
Contact:

Re: Reverse engineering the Genius GB Pocket Station

Post by Dwedit »

The only GBA thing I ever saw with copy protection was the GBA Movie Player, which tried to lock itself if you sequentially read the ROM.
Here come the fortune cookies! Here come the fortune cookies! They're wearing paper hats!
tepples
Posts: 22705
Joined: Sun Sep 19, 2004 11:12 pm
Location: NE Indiana, USA (NTSC)
Contact:

Re: Reverse engineering the Genius GB Pocket Station

Post by tepples »

Wait, this isn't about Sony's first attempt at a handheld in the PlayStation family?

There was a GBA Video cartridge with a mapper that had the movies Shrek and Shark Tale on it. (Not to be confused with a 2-in-1 game cartridge that had video game adaptations of Shrek 2 and Shark Tale.) Usually a GBA Video cartridge holds about 45 minutes of compressed video (half a movie) in 32 MiB, the maximum GBA cart size without a mapper, but this video is about 4 times as long. Was the Shrek and Shark Tale cartridge ever reverse engineered?
BennVenn
Posts: 107
Joined: Sat Mar 29, 2014 10:01 pm
Location: Australia
Contact:

Re: Reverse engineering the Genius GB Pocket Station

Post by BennVenn »

Forgot to link - wwww.facebook.com/BennVennElectronics

No, not the playstation gadget, a gameboy powered cart 'cloning' device.

The gba cart I own is a bootleg of 'the hulk' but others have contacted me with copies of pokemon which also cannot be dumped.

When dumping the cart stays in a high-z state. Sequential or random access reads are all of a floating bus.
The GBA can read the cart fine so it must be either timing or read sequence to unlock the cart.

I applied external 3.3v to the cart, booted it in the gba then moved it to my dumper and tried a dump. All I could get was a header with 'nlEncrypted' repeated over and over. Bizarre huh!?!?

I might take a look for the shrek cart.
BennVenn
Posts: 107
Joined: Sat Mar 29, 2014 10:01 pm
Location: Australia
Contact:

Re: Reverse engineering the Genius GB Pocket Station

Post by BennVenn »

https://web.archive.org/web/20151205094 ... &start=150

Gba videos have been dumped, no copy protection just a mapper
ccovell
Posts: 1045
Joined: Sun Mar 19, 2006 9:44 pm
Location: Japan
Contact:

Re: Reverse engineering the Genius GB Pocket Station

Post by ccovell »

Quite a cool write-up, keep it coming!

(I was a tad disappointed; I was imagining it was this thing: http://reinerziegler.de/gbst.jpg )
BennVenn
Posts: 107
Joined: Sat Mar 29, 2014 10:01 pm
Location: Australia
Contact:

Re: Reverse engineering the Genius GB Pocket Station

Post by BennVenn »

Thanks :-)

Wow that looks like a cool piece of gear!

I was thinking last week about building something similar, but SD card powered. Marketing it to retro gaming stores where you can go in and transfer saves to and from your carts, for save battery replacements/backups etc...
zzo38
Posts: 1096
Joined: Mon Feb 07, 2011 12:46 pm

Re: Reverse engineering the Genius GB Pocket Station

Post by zzo38 »

Dwedit wrote:The only GBA thing I ever saw with copy protection was the GBA Movie Player, which tried to lock itself if you sequentially read the ROM.
Does that include if you sequentially read it backward?
(Free Hero Mesh - FOSS puzzle game engine)
BennVenn
Posts: 107
Joined: Sat Mar 29, 2014 10:01 pm
Location: Australia
Contact:

Re: Reverse engineering the Genius GB Pocket Station

Post by BennVenn »

zzo38 wrote:
Dwedit wrote:The only GBA thing I ever saw with copy protection was the GBA Movie Player, which tried to lock itself if you sequentially read the ROM.
Does that include if you sequentially read it backward?
I think he means, you can set the GBA cart address to say 0x00000 and it will automatically increment the address every time you read a word from it. This doesn't work backwards.
zzo38
Posts: 1096
Joined: Mon Feb 07, 2011 12:46 pm

Re: Reverse engineering the Genius GB Pocket Station

Post by zzo38 »

BennVenn wrote:
zzo38 wrote:
Dwedit wrote:The only GBA thing I ever saw with copy protection was the GBA Movie Player, which tried to lock itself if you sequentially read the ROM.
Does that include if you sequentially read it backward?
I think he means, you can set the GBA cart address to say 0x00000 and it will automatically increment the address every time you read a word from it. This doesn't work backwards.
O, then you must set the address by yourself in your own codes instead.
(Free Hero Mesh - FOSS puzzle game engine)
Post Reply