i figured out some exact tech details on the Game Genie cart

This is an archive of a topic from NESdev BBS, taken in mid-October 2019 before a server upgrade.
View original topic
i figured out some exact tech details on the Game Genie cart
by on (#86811)
my emulator supports entering Game Genie codes like most others do, but what i really wanted was to be able to use the real Game Genie ROM for authenticity. i wanted to be able to enter codes through the actual Game Genie screen, and then my emulator determine the codes entered in it so it could handle starting the actual game and implementing the cheats when the player hits start.

the info to actually convert Genie codes into addresses and values is all over the place, but i couldn't find out what else i needed to accomplish this anywhere on the web, so i sat down and kinda reverse-engineered it.

in case anybody else wants to do the same thing in their emulator, i typed up a small doc to share what i found. this probably would be great to put in the nesdev wiki as well.

enjoy! :P


Code:
Game Genie technical notes v1.0
Nov. 25, 2011
===============================

This information was determined by Mike Chambers (aka king_crimson, aka king_crim)
(e-mail: miker00lz@gmail.com)

Overview
========

The NES Game Genie works by replacing values at a specified memory address
with a different value. Addresses and values are determined by 6 or 8 character
codes entered by a player. Some codes also specify a comparison value, which
indicates that the value at the given address should only be replaced if the
original value matches the comparison value.

The algorithm to convert Game Genie codes to addresses and values is already
well-documented, so I will not be covering that here. For that information,
a great document is at this URL:

http://tuxnes.sourceforge.net/gamegenie.html



What I wanted to accomplish here was being able to use the real Game Genie ROM
from Galoob in my NES emulator for authenticity, rather than entering the codes
through another method.

To determine the information described below, I manually converted some Game Genie
codes into address and comparison/replacement values. I then added code to my
NES emulator to dump CPU memory writes to addresses above $7FFF to the console.

I then compared the values written to these memory locations with the address/data
values I converted the Game Genie codes to. This gave me all the info I needed.

The Game Genie ROM writes the data to following specific memory addresses once the
code(s) are entered and the player hits start:


Code 1:
  $8004 = Replacement byte value
  $8003 = Comparison byte value (if $00, don't compare. always replace the value.)
  $8002 = Address low-byte value
  $8001 = Address high-byte value (bitwise OR this value with $80 for final address.)



Code 2:
  $8008 = Replacement byte value
  $8007 = Comparison byte value (if $00, don't compare. always replace the value.)
  $8006 = Address low-byte value
  $8005 = Address high-byte value (bitwise OR this value with $80 for final address.)



Code 3:
  $800C = Replacement byte value
  $800B = Comparison byte value (if $00, don't compare. always replace the value.)
  $800A = Address low-byte value
  $8009 = Address high-byte value (bitwise OR this value with $80 for final address.)




If values written to $8001, $8002, $8003, and $8004 are all $FF, there is no code 1.
If values written to $8005, $8006, $8007, and $8008 are all $FF, there is no code 2.
If values written to $8009, $800A, $800B, and $800C are all $FF, there is no code 3.


When player hits START at game genie screen to begin game on cart,
a value of $00 is written to $8000 immediately after the data described above is written.

by on (#87082)
Cool. Blargg reverse-engineered this stuff a long while back. I don't think the RE info has ever been placed in any unique document so I think what you've done is a good thing. Here is some more info from the forums. Including one post in which I did the same thing you did (for authenticity's sake) for my FPGA-NES. But ultimately, I just implemented my own custom game-genie hardware (inside the FPGA) which allows an arbitrary number of codes and is much faster than the giant finger. Lol.

http://nesdev.com/bbs/viewtopic.php?p=62151
http://nesdev.com/bbs/viewtopic.php?t=4271

Pz!

Jonathon

by on (#87151)
jwdonal wrote:
Cool. Blargg reverse-engineered this stuff a long while back. I don't think the RE info has ever been placed in any unique document so I think what you've done is a good thing. Here is some more info from the forums. Including one post in which I did the same thing you did (for authenticity's sake) for my FPGA-NES. But ultimately, I just implemented my own custom game-genie hardware (inside the FPGA) which allows an arbitrary number of codes and is much faster than the giant finger. Lol.

http://nesdev.com/bbs/viewtopic.php?p=62151
http://nesdev.com/bbs/viewtopic.php?t=4271

Pz!

Jonathon


oh, damn wish i'd have seen those before lol. looks like i was slightly off too, based on this:

Quote:
Next, two values are written to $8000. The first takes the following format:

Bit 0 = always set to 1
Bit 1 = set if code #1 is an 8-letter code
Bit 2 = set if code #2 is an 8-letter code
Bit 3 = set if code #3 is an 8-letter code
Bit 4 = set if code #1 is invalid (either no code inserted or bad length)
Bit 5 = set if code #2 is invalid
Bit 6 = set if code #3 is invalid
bit 7 = always set to 0


good to know. i am very surprised this info is not in the wiki!