Reverse engineering the Genius GB Pocket Station

Discussion of programming and development for the original Game Boy and Game Boy Color.
Post Reply
BennVenn
Posts: 107
Joined: Sat Mar 29, 2014 10:01 pm
Location: Australia
Contact:

Reverse engineering the Genius GB Pocket Station

Post by BennVenn » Thu Apr 07, 2016 2:57 am

Hey!

I'm writing up a series of GB hacking pages, starting of with reverse engineering the pocket station (going to re-program the CPLD once reversed to see how close I got), then going onto defeating copy protection on GBA games (YES! I have found a bunch of GBA bootlegs with actual copy protection, smart stuff too!), and a few other projects I have going on.

This is my first real go at 'blogging' so feel free to jump in and give pointers. I've started a FB page where you'll find links to my latest blogs.

Also happy to do a section on coding mappers in CPLD's, I'm building a NES USB flash cart so that'll be documented too, as well as my new NES cart dumper which will be available in a couple of weeks. Anything related you want to see, we can make it happen.

Lots going on!

Come by and say hi.

Ben

User avatar
Dwedit
Posts: 4236
Joined: Fri Nov 19, 2004 7:35 pm
Contact:

Re: Reverse engineering the Genius GB Pocket Station

Post by Dwedit » Thu Apr 07, 2016 9:35 am

The only GBA thing I ever saw with copy protection was the GBA Movie Player, which tried to lock itself if you sequentially read the ROM.
Here come the fortune cookies! Here come the fortune cookies! They're wearing paper hats!

tepples
Posts: 21750
Joined: Sun Sep 19, 2004 11:12 pm
Location: NE Indiana, USA (NTSC)
Contact:

Re: Reverse engineering the Genius GB Pocket Station

Post by tepples » Thu Apr 07, 2016 10:25 am

Wait, this isn't about Sony's first attempt at a handheld in the PlayStation family?

There was a GBA Video cartridge with a mapper that had the movies Shrek and Shark Tale on it. (Not to be confused with a 2-in-1 game cartridge that had video game adaptations of Shrek 2 and Shark Tale.) Usually a GBA Video cartridge holds about 45 minutes of compressed video (half a movie) in 32 MiB, the maximum GBA cart size without a mapper, but this video is about 4 times as long. Was the Shrek and Shark Tale cartridge ever reverse engineered?

BennVenn
Posts: 107
Joined: Sat Mar 29, 2014 10:01 pm
Location: Australia
Contact:

Re: Reverse engineering the Genius GB Pocket Station

Post by BennVenn » Thu Apr 07, 2016 3:10 pm

Forgot to link - wwww.facebook.com/BennVennElectronics

No, not the playstation gadget, a gameboy powered cart 'cloning' device.

The gba cart I own is a bootleg of 'the hulk' but others have contacted me with copies of pokemon which also cannot be dumped.

When dumping the cart stays in a high-z state. Sequential or random access reads are all of a floating bus.
The GBA can read the cart fine so it must be either timing or read sequence to unlock the cart.

I applied external 3.3v to the cart, booted it in the gba then moved it to my dumper and tried a dump. All I could get was a header with 'nlEncrypted' repeated over and over. Bizarre huh!?!?

I might take a look for the shrek cart.

BennVenn
Posts: 107
Joined: Sat Mar 29, 2014 10:01 pm
Location: Australia
Contact:

Re: Reverse engineering the Genius GB Pocket Station

Post by BennVenn » Thu Apr 07, 2016 5:00 pm

https://web.archive.org/web/20151205094 ... &start=150

Gba videos have been dumped, no copy protection just a mapper

ccovell
Posts: 1006
Joined: Sun Mar 19, 2006 9:44 pm
Location: Japan
Contact:

Re: Reverse engineering the Genius GB Pocket Station

Post by ccovell » Fri Apr 08, 2016 3:15 am

Quite a cool write-up, keep it coming!

(I was a tad disappointed; I was imagining it was this thing: http://reinerziegler.de/gbst.jpg )

BennVenn
Posts: 107
Joined: Sat Mar 29, 2014 10:01 pm
Location: Australia
Contact:

Re: Reverse engineering the Genius GB Pocket Station

Post by BennVenn » Fri Apr 08, 2016 3:54 am

Thanks :-)

Wow that looks like a cool piece of gear!

I was thinking last week about building something similar, but SD card powered. Marketing it to retro gaming stores where you can go in and transfer saves to and from your carts, for save battery replacements/backups etc...

zzo38
Posts: 1050
Joined: Mon Feb 07, 2011 12:46 pm

Re: Reverse engineering the Genius GB Pocket Station

Post by zzo38 » Mon Jun 06, 2016 10:38 pm

Dwedit wrote:The only GBA thing I ever saw with copy protection was the GBA Movie Player, which tried to lock itself if you sequentially read the ROM.
Does that include if you sequentially read it backward?
[url=gopher://zzo38computer.org/].[/url]

BennVenn
Posts: 107
Joined: Sat Mar 29, 2014 10:01 pm
Location: Australia
Contact:

Re: Reverse engineering the Genius GB Pocket Station

Post by BennVenn » Tue Jun 07, 2016 12:27 am

zzo38 wrote:
Dwedit wrote:The only GBA thing I ever saw with copy protection was the GBA Movie Player, which tried to lock itself if you sequentially read the ROM.
Does that include if you sequentially read it backward?
I think he means, you can set the GBA cart address to say 0x00000 and it will automatically increment the address every time you read a word from it. This doesn't work backwards.

zzo38
Posts: 1050
Joined: Mon Feb 07, 2011 12:46 pm

Re: Reverse engineering the Genius GB Pocket Station

Post by zzo38 » Tue Jun 07, 2016 10:02 am

BennVenn wrote:
zzo38 wrote:
Dwedit wrote:The only GBA thing I ever saw with copy protection was the GBA Movie Player, which tried to lock itself if you sequentially read the ROM.
Does that include if you sequentially read it backward?
I think he means, you can set the GBA cart address to say 0x00000 and it will automatically increment the address every time you read a word from it. This doesn't work backwards.
O, then you must set the address by yourself in your own codes instead.
[url=gopher://zzo38computer.org/].[/url]

Post Reply