Post AiOKv41o76bFoa8Kye by Rib@fedi.rib.gay
(DIR) More posts by Rib@fedi.rib.gay
(DIR) Post #AiOKuyrLKaG5mgCPTM by Rib@fedi.rib.gay
2024-05-29T13:42:05.544Z
0 likes, 2 repeats
Finally, after years of searching, I have obtained a GBA cart with a Mega Drive/Genesis emulator on it (thanks to Ankos!). I have been wanting to research this for some time after seeing it on YouTube, and it turns out it is far more interesting than I anticipated. 🧵(1/14)
(DIR) Post #AiOKuzoXmTc6kHtgkS by Rib@fedi.rib.gay
2024-05-29T13:42:50.361Z
0 likes, 0 repeats
The first thing I did was attempt to dump the cart via actual hardware with a link cable. This was partially successful: the resulting ROM booted on emulator and showed a splash screen, but then crashed upon trying to boot the game. (2/14)
(DIR) Post #AiOKv0RBSoWQg7yXya by Rib@fedi.rib.gay
2024-05-29T13:43:00.691Z
0 likes, 0 repeats
I had already expected the cart to have some sort of mapper though, so I went to take a look at the code with a disassembler. (3/14)
(DIR) Post #AiOKv1BGhTNwz3XLo8 by Rib@fedi.rib.gay
2024-05-29T13:43:13.387Z
0 likes, 0 repeats
What I found was that the main ROM (internally named GASA_MENU), after showing the splash, actually copied a secondary, multi-boot (link cable boot) ROM (GASA_ENG) into the memory of the GBA and then executed that ROM. (4/14)
(DIR) Post #AiOKv1hskDTOcCnOds by Rib@fedi.rib.gay
2024-05-29T13:43:22.340Z
0 likes, 0 repeats
The trouble was, on analysing this second ROM, it seemed to only have around 0x8000 bytes of code. This is far less than would be needed to implement a full blown Genesis emulator. Furthermore, the code seemed to loop infinitely and never return execution back to the cart. (5/14)
(DIR) Post #AiOKv2LENuwsaFCoyW by Rib@fedi.rib.gay
2024-05-29T13:43:31.566Z
0 likes, 0 repeats
This means that there was no way it could, for instance, be loading a new bank onto the cart to jump back to the code there. At this point I was stumped, I had no idea how this could be working, and I figured there must be something I was missing in the code. (6/14)
(DIR) Post #AiOKv3ClAtlbGGFZPU by Rib@fedi.rib.gay
2024-05-29T13:44:01.369Z
0 likes, 0 repeats
While I was analysing the code, I had the game on in the background when I accidentally jostled the cart a little bit. Suddenly the screen and audio were completely filled with static. I reinserted the cart, and the game immediately started working again. (7/14)
(DIR) Post #AiOKv41o76bFoa8Kye by Rib@fedi.rib.gay
2024-05-29T13:44:17.458Z
0 likes, 0 repeats
This took me by surprise, as usually if the data lines of the cart are disconnected at all the game should completely crash, but instead it seemed to be working as if nothing had happened! (8/14)
(DIR) Post #AiOKv4ukooYIYzqDce by Rib@fedi.rib.gay
2024-05-29T13:44:28.023Z
0 likes, 0 repeats
So I tried it again, deliberately this time, and found that not only did the game not crash, it actually continued running the entire time the cart was partially disconnected! (9/14)
(DIR) Post #AiOKv5mzZ9wBHDDXA8 by Rib@fedi.rib.gay
2024-05-29T13:44:39.564Z
0 likes, 0 repeats
At this point I finally realised what was going on. The GBA was indeed just running a small amount of code from RAM in a loop. That code though, was interfacing with the cartridge to receive audio and video from A GENESIS ON A CHIP IN THE CART. (10/14)
(DIR) Post #AiOKv6UEyMX3RLS4Zc by Rib@fedi.rib.gay
2024-05-29T13:44:49.801Z
0 likes, 0 repeats
When the cart was disconnected, the audio+video was just reading off an open bus instead, which caused the static to appear. Meanwhile the game itself continued to run on the cartridge hardware. (11/14)
(DIR) Post #AiOKv7AQRWHBYBBlKK by Rib@fedi.rib.gay
2024-05-29T13:44:59.753Z
1 likes, 0 repeats
Turns out this wasn't a software emulator at all, but a hardware clone packed into a tiny chip. I have never seen such a tiny chip for this before, but it is the only reasonable explanation. I'm honestly incredibly impressed that they could pull this off. (12/14)