Docs on game genie hardware?

Discuss emulation of the Nintendo Entertainment System and Famicom.

Moderator: Moderators

Post Reply
User avatar
jwdonal
Posts: 719
Joined: Sat Jun 27, 2009 11:05 pm
Location: New Mexico, USA
Contact:

Docs on game genie hardware?

Post by jwdonal »

Hey all!

After successfully implementing the hardware for a few mappers I thought it would be cool to implement the hardware for the game genie so that i could use some game genie codes with my emu!! Anyone know where I can find some good docs on how the GG codes and the hardware works?

I have no idea how this thing works except that it redirects addresses from the CPU or something like that.

I'd really appreciate any info you guys have!

THANKS!

Jonathon :-D
User avatar
blargg
Posts: 3715
Joined: Mon Sep 27, 2004 8:33 am
Location: Central Texas, USA
Contact:

Post by blargg »

These are the notes I have on it. You should take a look at its boot ROM and run it in an emulator with a debugger to see what it does. The Genie intercepts reads from $8000-$FFFF. It can intercept up to three addresses, and either unconditionally cause a new value to be read back, or do that only if the byte that would have been read back matches some compare value. The compare feature is basically a cheap way to make it work with bank switching, without it having to know exactly how it works, though it wouldn't work if a game happened to have the same byte at that address in different banks that get selected, and you wanted to patch in only one bank.

Original code writes 0 to $FFF0, $FFF1, $FFF0. Not sure whether this causes the GG to do anything. Original code then writes registers in reverse order. GG fills unused codes with $FF. $8000 should be written last, with low bit set, then written with zero.

Code: Select all

$8000   -DDDCCCG    Disables, Compare enables, Genie enable

$8001   0HHHHHHH    High bits of address (bit 15 assumed 1)
$8002   LLLLLLLL    Low bits of address
$8003   CCCCCCCC    Compare value (0 if unused)
$8004   RRRRRRRR    Replacement value

$8005-$8008 Second code, same as above

$8009-$800C Third code, same as above
I believe the disables and enables have the lowest bit corresdponding to the first code, highest bit the last.

EDIT: corrected $FF00 to $FFF0.
Last edited by blargg on Fri Jun 11, 2010 1:48 am, edited 1 time in total.
User avatar
jwdonal
Posts: 719
Joined: Sat Jun 27, 2009 11:05 pm
Location: New Mexico, USA
Contact:

Post by jwdonal »

Awesome Blargg!!! Thanks!! I'm actually very surprised how hard it is to find reverse engineering info on the GG. I thought for sure I would find a slew of info on the Wiki or on the NesDev front page.

Ideally I'd like to actually be able to run the GG software and have it control a my replication of the game genie hardware (to have it be the most authentic). I'm surprised no one has RE'd the hardware....but I guess once you know how the codes work why would you need to RE the original hardware that the software ran on. Lol.

If anyone has more notes/docs let me know! I might be able to get by with what I have now but I haven't read everything to know yet. ;)

Pz!

Jonathon :)
User avatar
Dwedit
Posts: 4921
Joined: Fri Nov 19, 2004 7:35 pm
Contact:

Post by Dwedit »

Does this mean a GG can't use a compare value of zero? Or is the highest bit of the address also the "Compare Enable" bit?
Here come the fortune cookies! Here come the fortune cookies! They're wearing paper hats!
tepples
Posts: 22705
Joined: Sun Sep 19, 2004 11:12 pm
Location: NE Indiana, USA (NTSC)
Contact:

Post by tepples »

I would guess that the "compare enable" bit gets turned on only if it's a compare code, and the hardware ignores the comparison result if compare enable is turned off.
User avatar
kyuusaku
Posts: 1665
Joined: Mon Sep 27, 2004 2:13 pm

Post by kyuusaku »

It'd be better to just implement your own GG hardware, that way you can have more codes and functionality like code enable/disable triggers etc.
User avatar
jwdonal
Posts: 719
Joined: Sat Jun 27, 2009 11:05 pm
Location: New Mexico, USA
Contact:

Post by jwdonal »

Hello all! I just wanted to post an update on my emu regarding this. I just finished implementing the hardware for the original game genie in Verilog HDL for my emu. Works like a champ! It runs the original Game Genie ROM and can have an arbitrary number of codes and it has the ability to enable/disable codes during gameplay. Thanks a lot to Blargg for providing the RE'ing knowledge.

Just one minor correction to Blargg's original RE'ing info. he stated that the first address written to by the genie is $FF00. But it is in fact, $FFF0. So the full sequence is $FFF0, $FFF1, $FFF0.

Now I can finally play some of these ridiculously hard games for more than a minute. lol. This will be a great help when I'm play testing.

I also found more/duplicate info on the genie in this post:
http://nesdev.com/bbs/viewtopic.php?t=4271

Pz!

Jonathon :)
Post Reply