Hi. I run that GB dev wiki. I'd recommend using BGB for debugging work, which has a nice graphical debugger. It's for Windows, but its author explicitly supports running it under Wine. If you're interested in pointers on how to use it, I might be able to help you. I also remember that I once coded a Gameboy crackme for someone who needed something for a multi-part CTF. I could send it to you if you want to go deeper into GB reversing. Might make a good video.
This is awesome. I’m a CS student, last semester took a computer security course. Our professor had us do a project hack the hex code of an old DOS game called Ultima 5, we had to create a python script we could run to give us infinite health, mana, items, buff our stats, rename our characters, and so on. It was really hard to learn what we were at first but once we figured it out it was really fun and cool to have done it
As a kid, I remember thinking my Pokémon game’s map was created from the physical layout of the cartridge. The circuits on the PCB must’ve been the roads and the capacitors and VRMs were the buildings and towns. Different times haha. Great video.
That would kinda be a cool idea for a game I think. Tell the players that thy are already holding the map and the silkscreen would show town names and such in the cartridge that you could see through the plastic of
If you used multi-layer boards you could get all the connections you'd need for it to work and then use the topmost layer to lay out some traces that would be the map. They could still be functional too if you worked it out right
When I was dabbling with my Pokemon saves, I didn't spend the time to doctor the checksum properly. Instead, I found the easiest way was to use the emulator's built in hex editor to modify the RAM values during runtime (with the game paused). These then saved as normal.
This is really cool. For anyone wanting to keep their save and not do all this hassle, there’s a trick I’ve known and done myself. Turn on the game and just have it running. Open the cart first so you have access. While it running away out the batteries and after the new one is soldered on just save again. And boom everything is fine
It feels kinda wrong to use external tools on Pokémon Red, a game so broken that it lead to arbitrary code execution on not only the GameBoy line, but also the Nintendo 64!
"Broken" is a bit unfair in this context. They simply did not have storage for more checks.This can easily be verified by the fact that the Pokemon games are among the biggest few game boy roms in existence. It's more of a display of: Nothing is free. Not even the "magical performance gain" some people attribute to assembly. You mostly cut corners like checks. Higher level languages just went off in an entirely different direction. Just to have data types you need to allocate tons of storage just for metadata that tells the system how to treat the actual value. While on the GameBoy you just wrote the values and prayed nothing tries to mess with them in an uncontrolled fashion like god forbid overflow something. That's why a modern 32bit integer will never just use 4bytes. because 4 bytes would be just the payload. Then you have nothing that tells the program stuff like: How big is this? What type of data is it? So assuming just 1 bytes for each those 2 questions would be 6 bytes of total storage need. 5 if you say the data type is the first one and assign int32 its own number, but then you are limited to 256 data types of which signed and unsigned int32 already take up 2. But assuming IBM sort of standard the first few bytes usually indicate the length. And even then we haven't even touched on the additional code requirements to actually use this additional information. (And even then the computing cycles top check em.)
I have not held one of these kind of cartridges for a quarter of a century yet that thumbnail immediately reminded me of what it felt like to rest my thumb in that oval groove while I held these as a kid. The brain is crazy 😲
Flash wasn't feasible back then for this, the biggest reason was the Gameboy deals with writing individual bytes. Flash Memory has pages of data. You can read individual bytes but you must erase a "whole page" of data which is a huge chunk of data and then re-write all that data back including the changes you want to make. This wasn't feasable at all for the Gameboy. It needed to be able to read and write individual bytes. SRAM was actually somewhat expensive but worth it because you get the fined-grained control and it's really fast.
The gen 1 games did a hack and spillover extra vram buffering into the upper part of bank 0. It spills over frequently from the moment you turn on the game, the reason the sram is enabled when you open your trainer card is likely because it's using the extra vram buffer space while it's open. I've determined that the data isn't important at all to actual save data and you can safely wipe it out so in the Bulbapedia page I added that it was just garbage data leftover from vram buffering and that was safe to clean if desired.
2:39 it only existed for 2 years though it wasn't until the year 2000 that it found its way into flash drives. The drives weren't immediately popular for the simple reason that they were expensive. At the end of 2004, the magazine Computerworld had one flash drive listed for over $400. Considering these prices way later it made sense.
So to make sure I understand how the memory banks work, since all the player data etc could not fit in a single 8KB chunk mapped by the memory map, there was actually more than 8KB of RAM on the cartridge and by changing the bank you changed which 8KB chunk of the cartridge RAM you can see when accessing A000-BFFF? Amazing video by the way!!
Pretty much, it's one reason why I love writing homebrew games for the GB because I'm fascinated with the idea of bank switching and custom PCB designs. The creativity is endless.
Believe it or not, I thought about exactly this the last weeks. I started playing my old Pokémon games on my GBC during corona quarantine. While using these well known glitches to catch every Pokémon without trading etc, I thought about how it works (must be some buffer overflow obviously). Then I thought that it would be a great topic for a Live Overflow Video and... well... here it is :) Good job
Haha pretty easy to see why game shark codes were everywhere back in the day when they only had to contend with an 8 bit checksum. But I guess a checksum was implemented less for security, and more to prevent random bit flips from going undetected.
Checksums exist to detect unexpected flips in storage data, not unexpected flips in active memory. The GameShark family worked by hijacking the communication between the game cartridge and the console and patching the game's ROM on the fly. While Action Replay and other more modern cheat mechanisms work by hooking a small piece of code to be run every frame, locking specific RAM values to what the cheatcodes have set. PC game cheating software works in exactly the same way, implementing the same memory lock mechanism by taking advantage of the OS's native multitasking support and timers, and using special functions in the OS intended for debuggers, to gain access to the game processes' private memory. Either that or hooking custom code into the game that changes its behavior in more advanced ways. After all, nobody really cares about stopping you from cheating singleplayer games. If you want to cheat in your own singleplayer experience that's just for you and you alone anyway, that's your decision to make. In fact, there's also many online game servers that trust in the game client's logic, and will only react to desynchronization of the game instances across players. Thus, if hackers make a private lobby where their games are all running with the exact same modifications, their games will stay synchronized, and those servers will let these uniformly hacked lobbies play with no issues. This is my personal favorite approach to online play, since if me and my buddies are all hacking privately with the same rule changes applying to all of us equally, then it's not cheating anymore. We're basically just playing a new game. It's a less reliable server design though, and things can slip through the cracks... Unfortunately, there's also selecting normally unselectable characters, items and maps (if the devs don't account for it). Since they exist in every copy of the game, and those are technically valid object IDs, if those IDs end up on the network for any reason, many games will load those resources and allow those components to spawn online. That is cheating though, since hacking your game to select unselectable things doesn't usually allow other players to select them too.
@@3lH4ck3rC0mf0r7 Ah there was something back in the Black Ops 2 days where there was a camo for a weapon that you could only get if you pre-ordered the game. If you set the right item ID in memory it would show it, but as soon as you went into an online game the server would realise and it would be removed from your weapons. Interestingly though, there was a second set of IDs with one of them pointing to the same camo. That ID didn't get checked by the server - so you could essentially hack your account to be able to use it. (Although you needed to have bought another specific DLC camo for it to stick properly). I wouldn't call that cheating though - it was only a visual thing.
@@ChaosHillZone It is cheating if it affects gameplay in a way that puts the hacking player in unequal grounds compared to the other players. Super Smash Bros. Ultimate has a valid character ID for Giga Bowser in its code. Hack your game to select it, and you'll be playing as an overpowered boss character online. You can also select story-mode maps or special maps that are not designed to have Vs. matches playing on them, where their death boundaries do not conform to Vs. Match standards. I'd say selecting a hidden character is cheating, but selecting a hidden map may or may not be. A hidden map is weird for everybody, not just you, and it is just as likely to benefit any given player as it is to play against them, not just the hacker. Of course, the hacker is likely to pick maps that they'll know will favor them, but this also relies on the hacking player being granted their turn to pick a map. If it is another player's turn to pick the stage, this doesn't happen in the first place.
@@3lH4ck3rC0mf0r7 I get that, but a gun camo in call of duty doesn't give you any advantage whatsoever. Never have I not noticed an enemy because their gun was camouflaged. ...or maybe I have 😂
@@ChaosHillZone Yeah, I know. I wanted to put that example out there though, because I actually saw it in action (ZeRo made a video when a hacker entered one of his public arenas and this stuff is exactly what ensued) I know Nintendo pulls a lot of telemetry and uploads crash information of the games to the servers because I also use a modded Switch and had to turn off all that stuff (although I'm not subscribed to the online service, so I can't go online even if I was not modding), and given the game did crash for these guys several times in one of the hacked stages, I assume Nintendo had more than enough data sent to them to ban RareKirby's console on the next audit. But I can't know that for sure... And then there's the mess that is Fallout '76. Fallout '76 is special, because its servers completely trust all the game clients at an entity/engine level. That game just sends all the entity state changes caused by their players to the servers, and no sanitization of those state changes takes place. Meaning any silly scripthook will trigger state changes, get them processed by the game engine, and then the engine automatically just uploads those changes into the servers online, and into other people's games. This is insane, almost any mod shy of custom assets that would typically only work in a singleplayer game works online there. This went as far as freely spawning NPCs and entities left lingering in the game's code from older Fallout games, and outright _stealing inventory items from other players._ Yes, as in, you're in my render distance, and I get your inventory, while you look and find that all your items have disappeared. And let me say, that is not how any online mode should work.
You will also find these memory banks in your laptop's embedded controller. :-) When I was a kid, I used to hack Pokémon and other ROMs. The "encoding" is a reference to an index in a sprite map, and what we did was editing the characters (using a tool named TileLayer) and writing new translations for the Japanese games by editing the occurences of the "text" in a hex editor. That was a lot of fun and easy once you knew it. :)
I remember that whenever a box is changed in the Gen 1 games, that the game must be saved. Is it due to an internal RAM limitation that the one box limit is imposed?
So the game save has 4 banks. Bank 0 is mostly garbage but contains HOF data. Bank 1 is pretty much 99% of the game. Bank 2 and 3 are identical and they contain boxes 1-6 and 7-12. The way the game is designed, only 1 box is active at a time and that's to simplify code and memory usage. The game has a "cached box" or a "fake box" in bank 1. The box you are currently using is actually the fake box. When you change boxes it has to copy the fake box in bank 1 over the real box in bank 2 or 3 overwriting it. Then it has to copy the box you want to switch to from bank 2 or 3 to the fake box in bank 1 overwriting it. This is why the tedious save mechanism for bank switches. They didn't have to have this complicated system but they did it for performance since they gamble you won't change boxes too often.
My copies of Red and Blue still hold their saves, 22 years later. I wonder what the difference is. Gold died, but I know those games' batteries died more quickly due to the in-game clock feature. Didn't realize Red and Blue batteries could die too. Backing everything up onto Pokemon Stadium for now... a quick google search indicates that Stadium should be able to hold its save indefinitely.
oh shit, finally an liveoverflow video that i knew everything about cause i worked on a GBC/A rom & ram dumper myself few years ago (which i obviously used to look at pokemon red/blue & gold/silver xD ) however, i agree. the way the gameboy works and how it bypasses all of its limitations is soooo interresting! it , imo, clearly shows that back in the day they had to be very inventive to get something done! as for the ram being enabled and disabled, iirc it was deu to how the memory bank controller and sram were designed. for some games (depending on the cart type) if ram is enabled and the cartridge is powered off, the ram can get corrupt or wiped. at least thats what i noticed with super mario land 2 (MBC2, not 3)
that's why I wish RU-vid still had the star rating! that's a solid 3.5 out of 5 video, it's very basic, yet explains the fundamentals of "hacking" ideology. I found this video kinda disappointing since its mostly what most of us "tech" people do while debugging or troubleshooting, but for people getting into "hacking" its a very good video! I'm not boasting about being a super hacker, since that's literally how I started my career in computers, figuring out how games and software works made me understand how "electronics" work (the general logic). I wouldn't call it hacking though, that's just understanding how shit works, so a strong 3.5 out of 5, it's better then the avrage "hacking how to" video, but not very informative to anybody that already knows the very basics.
I tried a similar approach with an old DOS game, but it seemed to change very many things even after just opening and resaving the file, so the technique isn't always appropriate.
@@thiscateatspancakes2451 I think there's a run where they give the player a specific name to manipulate certain RNG. But that's probably unrelated to the random player ID.
@@bsharpmajorscale The player id is a separate thing all-together and doesn't have anything to do with the name. It's just extra security defense so that if you trade Pokemon with someone who has the same name, the game can differentiate which is a trade Pokemon and which isn't.
Flash memory didn't exist as we know it till 2000 and the first thumb drive came out around 2001 so the Gameboy pokemon games didn't have access to Flash memory till the GBA era.
When I was growing up playing Red & Blue I had no idea of the concept of saved game data only being held in place by a trickle of battery current. I turned Red on one day to find the save data gone. I was disappointed & confused to say the least.
Nice stuff ! Do you think it's possible to replace the RAM by flash memory on cartridges ? Should the code of the game be rewritten to fit such changes ? In some, make a new version of cartridges to expend memory and cpu/gpu to have optimized newer version of old games ? x)
oh yes, some time ago I read that the cartridge batteries will die .... checked my games.... found out saves of Red, Blue, Yellow, Silver and Crystal are gone.... I was so sad.... Mew, MissingNo, my special other Pokéfriends, all gone.... 😔😭
Please help me, make a video on how to see the status of the trainers' Pokemon in my ROM, I don't know which program to use to open the ROM, and see this
Is there an alternative for Sameboy on Linux that gives you the same options? Unfortunately the SDL version doesn't seem to support memory view like the cocoa version does
Maybe, it would be complicated because the gameboy has specific voltages and stuff which are really old, this is complicated with the MBC requirements. You would need to find a chip that is very compatible with both the MBC and Gameboy. Nothing's impossible with hardware but I wouldn't think it'd be worth it. Good luck though.
its not even piracy when you cant even get the game from official retailers, even if you buy an used cartridge, game freak does not recive any income from the sale therfore is the same as pirating
Important Fact: Standing Bodies Of Water are *always* level (level means no elevation or deviation from the starting point to the end). This is a scientific fact because this is observable, testable, repeatable, measurable, demonstrable by every single human being alive. This fact alone destroys the mathematical concept and religious idea known as the "heliocentric model". More specifically, this fact alone makes it impossible for us to live on an exterior of a pear-shaped sphere spinning at fantastical speeds going nowhere. Just before you start to attach straw man fallacies on to me, keep in mind these important things: There are three different sciences: Natural Science (which deals with the Objective World) Social Science (deals with societies and the relationship between people in societies) Formal Science (deals with languages such as mathematics which bares no connection to the Objective World) "What is the shape of the earth I stand upon?" this is a Natural Science question. Science does not belong to an institution or a group of people. It belongs to every single human being alive. We live in the present. Not in the past or the future. History can never be considered as a fact of reality in any way shape or form because of obvious reasons. We can't directly experience the past or the future. Just observing something is not a fact that something exists. We need observable, testable, repeatable, measurable, demonstrable practical proofs for something to be considered as a fact. This is also known as the Scientific Method. There is a difference between the corporeal world (the physical world) and the visible world. The reason why we can't conclude something as a fact based on our observations is because we know things get smaller based on how far they're from us when we see them through our eyes. If I see a railroad, the lines look like they're converging, but we know that's impossible because people measured the lines, and the lines are parallel. The lines don't actually meet in real life, it's just how we see things. Our eyes are spherical, we see euclidean (planar) world through spherical eyes. Without physically testing, repeating, measuring, and accessing something in full three dimensions, it's impossible to know exactly what it is that we're trying to quantify. Looking up at the sky does not give you measurable proof of the earth you stand upon. It's like looking up at the light in your room and then measuring the floor based on that light. It's absurd. Images and videos are never considered as scientific proofs because of obvious reasons. Images and videos can be manipulated, they're not tangible. We can't directly experience them. Mathematical equations bare no relation to the Objective World. Mathematics is just a language, like English. Just because something is mathematically correct does not make it real. It's like saying "I'm flying!", even though the sentence is grammatically correct, I'm obviously not flying right now. "Gravity" is a mathematical concept, it's pseudoscience. It does not have any practical proofs. Magical pulling forces don't exist in the Objective Reality. Motion only happens if something presses on something else (pressure variants). Pull is just a term for taking something closer to someone. Things falling down has got nothing to do with the shape of the earth. In the simplest sense things that weigh more than air fall, and things that weigh less than air float. Why do things even fall? No one has any practical proof for why things even have weight. The mathematical theorists are making assumptions about why things are falling, but understand that those are just assumptions, not facts. The sky, the Moon, the Sun, and the Stars are all intangibles. If every single human being can't observe, test, repeat, measure, demonstrate something in a practical fashion, it is considered a belief, or pseudoscience. Does every single human being has access to these lights in the sky? Obviously not. Not to mention stars look like flashing lights when looked through a Nikon COOLPIX P900 (It's still not a proof of anything because we can't move around them in full three dimensions). Admitting to yourself that you truly don't know something is the most honest realization you could have, it is how you progress further. For example, I do not know what the Sun is. The mathematical theorists are making assumptions of what the Sun is, and where it is located. They don't know what the Sun actually is, or where it is located. Unless I could move around the Sun in full three dimensions, the only possible stance I can have is "I don't know". Anything beyond that will be a belief. For example, if I say "The Sun is a cylinder-shaped object moving in the sky", it is just a belief because I can't move around the Sun in full three dimensions to know if it's a cylinder or a circle. The only thing I know is that it's a light in the sky moving in a straight line across the sky (because of how our eyes work it looks like the Sun is moving in an arc across the sky, but the Sun is actually moving across the sky in a straight line). Another example, "I know the full dimensions of earth" is also a belief because I never explored the whole world to know the full dimensions. Remember, something only becomes a fact if it's observable, testable, repeatable, measurable, demonstrable by every single human being alive. In this case, each and every individual should explore the Objective World to its fullest extent, listening to "authorities" is just a belief. The world "map" is also a concept, because every single human being didn't explored the whole world to verify or falsify the map. People are believing in whatever the "governments" say or show. People are literally believing in complete strangers and thinking the official "world map" is true and there is nothing more to explore because they see a blue sphere on their TV. Just because the majority of the population are believing something exists doesn't mean something actually exists in the Objective World. Once again, we need OTRMDPPs for something to be considered a fact of the Objective Reality. Letters before your name does not mean anything. Direct experience is the most important thing. If we can't experience something directly then most of the time it's useless for us. I can only represent myself. Personalities are OUT of the question. If I drop a brick on my head I know what's going to happen. The objective reality does not change based on your subjective opinions or beliefs. It is what it is. Why is this important? Well, the government and its associations are BLATANTLY lying about our existence, the shape of the world, and the dimensions of the world. What's more important than finding out how far the world extends? Full exploration is needed for further understanding of life's most important questions: where we are, why we're here, and what's it all about. Without knowing where we are everything we do is just a concept. For example, if I give you a board, and without giving you any instructions or rules, I want you to play a game, what game are you going to play? The government and its associations are telling you what you're suppose to do, what's expected of you, what you're not suppose to do. Who agreed to their "law" book? I certainly did not. How is it fair that the government and its associations (the police and the military) are imposing their subjective rules onto the human beings? Everyone has different rules about different things, subjective rules are personal, they're NOT objective. These governments, police, military are imposing their SUBJECTIVE rules onto others, this is nothing short of tyranny. Why can't we freely explore the objective world as much as we like? Why is there a physical, and mental restriction by the police, the military, and by psychopaths known as the governments? Remember, no one rules if no one obeys. "People are arguing and fighting over what game to play when they don't even know the board they're playing on" -Del (Beyond the imaginary curve youtube channel: ru-vid.com/show-UCvswlgeHodOejVN21TWweLw) (People are arguing about what to do without knowing the full dimensions of the world) Another analogy: if I erase your memory and put you in a confinement, what is the first thing you're going to look for? Where's the exit. But if I put some actors to distract you by showing you books and telling you there is no exit, then you'll never try to even think about the exit, there will be other brainwashed people just like you who'll brainwash you even more. Then some other actors will tell you what to do, what's expected of you, what you're not suppose to do, and what's the punishment for breaking their god-given "law" book, some other brainwashed people will also have weapons so that common people like you will forcefully follow my law book, which makes my job incredibly easy by making you a slave if that's what I was ever up to. Why should we accept slavery? Why should we accept strangers imposing their subjective versions of what's good and what's bad onto us? If you have OTRMDPPs (Observable, Testable, Repeatable, Measurable, Demonstrable Practical Proofs) that large Standing Bodies Of Water can bend, (sounds absurd to even think about it) please feel free to email me at MysteriousPlane@pm.me, but understand that I should be able to demonstrate your claims in a practical fashion, because that's how the Objective World works. No offense, but If your claims does not have any practical proofs, then I'm afraid I have to conclude that you're either blatantly lying or you're really stupid (Or for some reason you want to defend your religious beliefs, because the Earth being a sphere is a religious belief, a mathematical concept, it has no practical proofs, it has no relation to the Objective World, that being real life).
Because for some reason it's using MacRoman character encoding for the decoded characters, which is Apple's own encoding dating back to classic MacOS. Character 0xF0 happens to be the Apple logo, even if that has nothing to do with what 0xF0 represents in the game ROM.
