Hi,
I'm usually a lurker in this forum but I thought some of you might get a kick out of this insane thing.
What I'm trying to do is finding an over complicated way to run code on a PAL SNES, with the ultimate goal being uploading something to the SPC... without using a flashcart
A few things:
- I have some, but limited knowledge of 65816 ASM, and very limited knowledge of Z80 ASM (I'll explain why this is important)
- I'm doing this for fun, not for piracy. I realize that games are larger than 128k RAM anyway.
- I'm not being too cheap for a flashcart, I already own a sd2snes, this is just for fun.
My current plan is to abuse ACE glitches on a Gameboy game to run code, which then uploads data to the SNES through a special command in the Super Gameboy (Look at Space Invaders GB for an example). Here's a more detailed rundown:
1. Make Arduino to Gameboy Link Cable interface
2. Abuse this link cable ACE glitch to get code running on the Gameboy
3. Uploading a small program that overwrites the save file with data streaming in from the link cable.
(This is so I can run code when the game starts, I need this since the Super Gameboy itself doesn't have a link port)
4. Make a custom save file that 1. contains the same uploader program to "reflash", 2. contains a program that uploads code (~2KB) to the SNES and instructs the SGB to jump to that code.
(5.) Not sure if this could work, but since the code is running in WRAM at this point, couldn't I perform a cartswap and have the code copy itself to SRAM of a SNES cart?
6. Make a TASBot-type device that basically streams data through the controller port to overwrite the whole 128k of memory (Maybe even a basic client-server thing where the code running on the SNES can request more data)
7. and finally: Upload music to the SPC and jam out in triumph.
This is how far I am:
I soldered a link cable to some jumper wires and hooked it up to my Arduino.
I successfully uploaded the hello world that was included with the ACE demo.
I successfully replaced the save file using the link cable. That's about 32kb of data. (Actually about 24kb since I left out the last unused bank because else it wouldn't fit on my Arduino Nano's flash)
I used the ASM code from the link in step 2, and made my own "server" for it on the Arduino. (It's actually not that hard to keep the Gameboy happy with the link, as long as you're responding within 5ms)
Lastly, I found a way to make the game jump to the code stored in SRAM. It's quite straightforward. There's a map script pointer that is normally used ingame to trigger cutscenes,
but you can point it at any address you want and it'll do an absolute jump to there. The pointer and everything else in that bank of memory gets copied from/to SRAM everytime the save gets saved/loaded.
Successfully tested all of this with a German Pokemon Blue cart and a Bootleg Pokemon "Cock" cart (It's a crappy immature ROM hack, based on American Pokemon Red. Don't judge me, it was a joke gift ).
And here's where the SNESdev part comes in.
Now that I have code running on the Super Gameboy, i'm trying to figure out how to actually break out,
I couldn't find any documentation on the command interface of the Super Gameboy.
Also, how would I sync the button-mashing Arduino to the SNES? is there a clock signal on the controller port?
If anyone is interested in this strange thing, I'll post some pictures, videos and maybe updates.
I'm usually a lurker in this forum but I thought some of you might get a kick out of this insane thing.
What I'm trying to do is finding an over complicated way to run code on a PAL SNES, with the ultimate goal being uploading something to the SPC... without using a flashcart
A few things:
- I have some, but limited knowledge of 65816 ASM, and very limited knowledge of Z80 ASM (I'll explain why this is important)
- I'm doing this for fun, not for piracy. I realize that games are larger than 128k RAM anyway.
- I'm not being too cheap for a flashcart, I already own a sd2snes, this is just for fun.
My current plan is to abuse ACE glitches on a Gameboy game to run code, which then uploads data to the SNES through a special command in the Super Gameboy (Look at Space Invaders GB for an example). Here's a more detailed rundown:
1. Make Arduino to Gameboy Link Cable interface
2. Abuse this link cable ACE glitch to get code running on the Gameboy
3. Uploading a small program that overwrites the save file with data streaming in from the link cable.
(This is so I can run code when the game starts, I need this since the Super Gameboy itself doesn't have a link port)
4. Make a custom save file that 1. contains the same uploader program to "reflash", 2. contains a program that uploads code (~2KB) to the SNES and instructs the SGB to jump to that code.
(5.) Not sure if this could work, but since the code is running in WRAM at this point, couldn't I perform a cartswap and have the code copy itself to SRAM of a SNES cart?
6. Make a TASBot-type device that basically streams data through the controller port to overwrite the whole 128k of memory (Maybe even a basic client-server thing where the code running on the SNES can request more data)
7. and finally: Upload music to the SPC and jam out in triumph.
This is how far I am:
I soldered a link cable to some jumper wires and hooked it up to my Arduino.
I successfully uploaded the hello world that was included with the ACE demo.
I successfully replaced the save file using the link cable. That's about 32kb of data. (Actually about 24kb since I left out the last unused bank because else it wouldn't fit on my Arduino Nano's flash)
I used the ASM code from the link in step 2, and made my own "server" for it on the Arduino. (It's actually not that hard to keep the Gameboy happy with the link, as long as you're responding within 5ms)
Lastly, I found a way to make the game jump to the code stored in SRAM. It's quite straightforward. There's a map script pointer that is normally used ingame to trigger cutscenes,
but you can point it at any address you want and it'll do an absolute jump to there. The pointer and everything else in that bank of memory gets copied from/to SRAM everytime the save gets saved/loaded.
Successfully tested all of this with a German Pokemon Blue cart and a Bootleg Pokemon "Cock" cart (It's a crappy immature ROM hack, based on American Pokemon Red. Don't judge me, it was a joke gift ).
And here's where the SNESdev part comes in.
Now that I have code running on the Super Gameboy, i'm trying to figure out how to actually break out,
I couldn't find any documentation on the command interface of the Super Gameboy.
Also, how would I sync the button-mashing Arduino to the SNES? is there a clock signal on the controller port?
If anyone is interested in this strange thing, I'll post some pictures, videos and maybe updates.