Docs on game genie hardware?

This is an archive of a topic from NESdev BBS, taken in mid-October 2019 before a server upgrade.
View original topic
Docs on game genie hardware?
by on (#62123)
Hey all!

After successfully implementing the hardware for a few mappers I thought it would be cool to implement the hardware for the game genie so that i could use some game genie codes with my emu!! Anyone know where I can find some good docs on how the GG codes and the hardware works?

I have no idea how this thing works except that it redirects addresses from the CPU or something like that.

I'd really appreciate any info you guys have!

THANKS!

Jonathon :-D

by on (#62134)
These are the notes I have on it. You should take a look at its boot ROM and run it in an emulator with a debugger to see what it does. The Genie intercepts reads from $8000-$FFFF. It can intercept up to three addresses, and either unconditionally cause a new value to be read back, or do that only if the byte that would have been read back matches some compare value. The compare feature is basically a cheap way to make it work with bank switching, without it having to know exactly how it works, though it wouldn't work if a game happened to have the same byte at that address in different banks that get selected, and you wanted to patch in only one bank.

Original code writes 0 to $FFF0, $FFF1, $FFF0. Not sure whether this causes the GG to do anything. Original code then writes registers in reverse order. GG fills unused codes with $FF. $8000 should be written last, with low bit set, then written with zero.

Code:
$8000   -DDDCCCG    Disables, Compare enables, Genie enable

$8001   0HHHHHHH    High bits of address (bit 15 assumed 1)
$8002   LLLLLLLL    Low bits of address
$8003   CCCCCCCC    Compare value (0 if unused)
$8004   RRRRRRRR    Replacement value

$8005-$8008 Second code, same as above

$8009-$800C Third code, same as above


I believe the disables and enables have the lowest bit corresdponding to the first code, highest bit the last.

EDIT: corrected $FF00 to $FFF0.

by on (#62151)
Awesome Blargg!!! Thanks!! I'm actually very surprised how hard it is to find reverse engineering info on the GG. I thought for sure I would find a slew of info on the Wiki or on the NesDev front page.

Ideally I'd like to actually be able to run the GG software and have it control a my replication of the game genie hardware (to have it be the most authentic). I'm surprised no one has RE'd the hardware....but I guess once you know how the codes work why would you need to RE the original hardware that the software ran on. Lol.

If anyone has more notes/docs let me know! I might be able to get by with what I have now but I haven't read everything to know yet. ;)

Pz!

Jonathon :)

by on (#62160)
Does this mean a GG can't use a compare value of zero? Or is the highest bit of the address also the "Compare Enable" bit?

by on (#62163)
I would guess that the "compare enable" bit gets turned on only if it's a compare code, and the hardware ignores the comparison result if compare enable is turned off.

by on (#62195)
It'd be better to just implement your own GG hardware, that way you can have more codes and functionality like code enable/disable triggers etc.

by on (#62815)
Hello all! I just wanted to post an update on my emu regarding this. I just finished implementing the hardware for the original game genie in Verilog HDL for my emu. Works like a champ! It runs the original Game Genie ROM and can have an arbitrary number of codes and it has the ability to enable/disable codes during gameplay. Thanks a lot to Blargg for providing the RE'ing knowledge.

Just one minor correction to Blargg's original RE'ing info. he stated that the first address written to by the genie is $FF00. But it is in fact, $FFF0. So the full sequence is $FFF0, $FFF1, $FFF0.

Now I can finally play some of these ridiculously hard games for more than a minute. lol. This will be a great help when I'm play testing.

I also found more/duplicate info on the genie in this post:
http://nesdev.com/bbs/viewtopic.php?t=4271

Pz!

Jonathon :)