Announcement

Collapse

Forum Rules and Etiquette

Our mission ...

This forum is part of our mission to promote the preservation of vintage computers through education and outreach. (In real life we also run events and have a museum.) We encourage you to join us, participate, share your knowledge, and enjoy.

This forum has been around in this format for over 15 years. These rules and guidelines help us maintain a healthy and active community, and we moderate the forum to keep things on track. Please familiarize yourself with these rules and guidelines.


Rule 1: Remain civil and respectful

There are several hundred people who actively participate here. People come from all different backgrounds and will have different ways of seeing things. You will not agree with everything you read here. Back-and-forth discussions are fine but do not cross the line into rude or disrespectful behavior.

Conduct yourself as you would at any other place where people come together in person to discuss their hobby. If you wouldn't say something to somebody in person, then you probably should not be writing it here.

This should be obvious but, just in case: profanity, threats, slurs against any group (sexual, racial, gender, etc.) will not be tolerated.


Rule 2: Stay close to the original topic being discussed
  • If you are starting a new thread choose a reasonable sub-forum to start your thread. (If you choose incorrectly don't worry, we can fix that.)
  • If you are responding to a thread, stay on topic - the original poster was trying to achieve something. You can always start a new thread instead of potentially "hijacking" an existing thread.



Rule 3: Contribute something meaningful

To put things in engineering terms, we value a high signal to noise ratio. Coming here should not be a waste of time.
  • This is not a chat room. If you are taking less than 30 seconds to make a post then you are probably doing something wrong. A post should be on topic, clear, and contribute something meaningful to the discussion. If people read your posts and feel that their time as been wasted, they will stop reading your posts. Worse yet, they will stop visiting and we'll lose their experience and contributions.
  • Do not bump threads.
  • Do not "necro-post" unless you are following up to a specific person on a specific thread. And even then, that person may have moved on. Just start a new thread for your related topic.
  • Use the Private Message system for posts that are targeted at a specific person.


Rule 4: "PM Sent!" messages (or, how to use the Private Message system)

This forum has a private message feature that we want people to use for messages that are not of general interest to other members.

In short, if you are going to reply to a thread and that reply is targeted to a specific individual and not of interest to anybody else (either now or in the future) then send a private message instead.

Here are some obvious examples of when you should not reply to a thread and use the PM system instead:
  • "PM Sent!": Do not tell the rest of us that you sent a PM ... the forum software will tell the other person that they have a PM waiting.
  • "How much is shipping to ....": This is a very specific and directed question that is not of interest to anybody else.


Why do we have this policy? Sending a "PM Sent!" type message basically wastes everybody else's time by making them having to scroll past a post in a thread that looks to be updated, when the update is not meaningful. And the person you are sending the PM to will be notified by the forum software that they have a message waiting for them. Look up at the top near the right edge where it says 'Notifications' ... if you have a PM waiting, it will tell you there.

Rule 5: Copyright and other legal issues

We are here to discuss vintage computing, so discussing software, books, and other intellectual property that is on-topic is fine. We don't want people using these forums to discuss or enable copyright violations or other things that are against the law; whether you agree with the law or not is irrelevant. Do not use our resources for something that is legally or morally questionable.

Our discussions here generally fall under "fair use." Telling people how to pirate a software title is an example of something that is not allowable here.


Reporting problematic posts

If you see spam, a wildly off-topic post, or something abusive or illegal please report the thread by clicking on the "Report Post" icon. (It looks like an exclamation point in a triangle and it is available under every post.) This send a notification to all of the moderators, so somebody will see it and deal with it.

If you are unsure you may consider sending a private message to a moderator instead.


New user moderation

New users are directly moderated so that we can weed spammers out early. This means that for your first 10 posts you will have some delay before they are seen. We understand this can be disruptive to the flow of conversation and we try to keep up with our new user moderation duties to avoid undue inconvenience. Please do not make duplicate posts, extra posts to bump your post count, or ask the moderators to expedite this process; 10 moderated posts will go by quickly.

New users also have a smaller personal message inbox limit and are rate limited when sending PMs to other users.


Other suggestions
  • Use Google, books, or other definitive sources. There is a lot of information out there.
  • Don't make people guess at what you are trying to say; we are not mind readers. Be clear and concise.
  • Spelling and grammar are not rated, but they do make a post easier to read.
See more
See less

Disassembling the GBC Boot ROM.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Disassembling the GBC Boot ROM.

    Some time ago, the Boot ROM of the Gameboy Color was dumped. This was the first successful attempt after several failed attempts over the past 10 years. When it was put online, somebody did try to make a disassembly of it, however, that disassembly is not complete and rather badly comented/organized. That's why I try to make a more readable disassembly of the ROM myself.

    for those of you who have seen the original GB boot ROM disassembly, it seems rather simple. In the case of the original GB, it's in fact simple because it is made to only support GB games, hence no checks to see if the game has suppor for certain functions that appeared afterwards. The GBC boot code is ten times more complex, because it has to keep backwards-compability with GB games, SuperGB games, GBPocket games, partally colored GB games, and GBC games. In addition, the boot code also has a routine for selecting the palette for certain GB games, and the startup-screne which is far more complex than the startup-screne of the original GB.

    One odd thing is that it seems to contain some kind of database. What it does is that if the License within the header of the inserted cartridge equals 01, it calculates the sum of the title (also within the header) and looks it up in a table with 78 entries. If it is found, it's offset into the table is in most causes used as a pointer into a final table. In a few other causes, the 4th character of the title is compared with 2 or 3 different characters from a third table before setteling on a pointer to the final table. The final value returned is used when setting up the palette for original GB games. I have posted the tables below:
    Code:
    Explanation:
    "Checksum" is the sum of the 16 bytes making up the tiltle.
    "Compare" is what the 4th byte of the title is compared to, in the causes where it is compared.
    "C" is the pointer into the final table.
    
    How to use the tables:
    First find the sum of the title stored in the game cartridge.
    Look it up in the table of checksums.
    If the value in the thable doesn't have an "v" under itself, find the C number corresponding to the table offset.
    If there is a "v", compare the 4th byte of the header with the two or three values in the coloumn below the "v", and find the corresponding C number.
    Look up the value with the offset of C in the final table.
    The lower 5 bits of this value is stored in $D008, the upper 3 bits is rotated 3 to the left and stored in $D00B.
    
    ----------
    
    Anything not listed:                                                       C = 00
    
    Checksum:	db $00,$88,$16,$36,$D1,$DB,$F2,$3C,$8C,$92,$3D,$5C,$58,$C9 C = 00 -> 0D
    Checksum:	db $3E,$70,$1D,$59,$69,$19,$35,$A8,$14,$AA,$75,$95,$99,$34 C = 0E -> 1B
    Checksum:	db $6F,$15,$FF,$97,$4B,$90,$17,$10,$39,$F7,$F6,$A2,$49,$4E C = 1C -> 29
    Checksum:	db $43,$68,$E0,$8B,$F0,$CE,$0C,$29,$E8,$B7,$86,$9A,$52,$01 C = 2A -> 37
    Checksum:	db $9D,$71,$9C,$BD,$5D,$6D,$67,$3F,$6B                     C = 38 -> 40
    
    Checksum:	db $B3,$46,$28,$A5,$C6,$D3,$27,$61,$18,$66,$6A,$BF,$0D,$F4
                        v   v   v   v   v   v   v   v   v   v   v   v   v   v
    Compare:	db $42,$45,$46,$41,$41,$52,$42,$45,$4B,$45,$4B,$20,$52,$2D C = 41 -> 4E
    Compare:	db $55,$52,$41,$52,$20,$49,$4E,$41,$49,$4C,$49,$43,$45,$20 C = 4F -> 5C
    Compare:	db $52                                                     C = 5D
    
    
    Final table:	db $7C,$08,$12,$A3,$A2,$07,$87,$4B,$20,$12,$65,$A8,$16,$A9 C = 00 -> 0D
    		db $86,$B1,$68,$A0,$87,$66,$12,$A1,$30,$3C,$12,$85,$12,$64 C = 0E -> 1B
    		db $1B,$07,$06,$6F,$6E,$6E,$AE,$AF,$6F,$B2,$AF,$B2,$A8,$AB C = 1C -> 29
    		db $6F,$AF,$86,$AE,$A2,$A2,$12,$AF,$13,$12,$A1,$6E,$AF,$AF C = 2A -> 37
    		db $AD,$06,$4C,$6E,$AF,$AF,$12,$7C,$AC,$A8,$6A,$6E,$13,$A0 C = 38 -> 45
    		db $2D,$A8,$2B,$AC,$64,$AC,$6D,$87,$BC,$60,$B4,$13,$72,$7C C = 46 -> 53
    		db $B5,$AE,$AE,$7C,$7C,$65,$A2,$6C,$64,$85                 C = 54 -> 5D
    Last edited by per; January 30, 2010, 06:15 PM.
    Current systems owned by me:
    Vintage:IBM PC/XT submodel 087 ( 1983 ), [Kon]tiki-100 rev. C (1983), Compaq Portable I ( 1984 ), IBM PC/XT submodel 078 ( 1985 ), IBM PC/XT286 ( ~1986 ), 3x Nintendo Entertainement Systems ( 1987 ).
    Obsolete:Commodore A500 ( ~1990 ), IBM PS/2 model 70/386 type 8570-161 ( 1991 ), Atari Lynx II ( ~1992 ), Generic Intel 486SX PC ( ~1993 ), AT/T Globalyst Pentium w/FDIV bug MB ( 1994 ), Compaq 486DX4 laptop ( ~1995 ).

    #2
    I've finally figured what the numbers in the table means. It is used to select what palette to be used.

    The lower 5 bits of the byte derived from the final table is used as a pointer to an entry in a palette index table. Each entry in this index table refers to three different 8-byte (4 color) palettes in a big table containing raw palette-data, I have named them palette a, palette b, and palette c. There are a total of 28 entries in this table.

    The upper 3 bits are used to determin what of palette a/b/c to store where. Here is a table:

    Code:
    __0: OBJ0 = Palette c
    __1: OBJ0 = Palette a
    00_: OBJ1 = Palette c
    01_: OBJ1 = Palette a
    10_: OBJ1 = Palette b
    ___: BG0  = Palette c
    In other words:
    OBJ0 can be Palette a or c
    OBJ1 can be Palette a, b or c
    BG0 can only be Palette c

    Conclusion:
    So what this piece of code actually does is to:
    1. Determin if the game actually is from Nintendo.
    2. Identify the game based on the sum of the title, and eventually the 4th character of more than one game has the same sum.
    3. Look up palette details based on the game ID.
    4. Generate palettes for OBJ0, OBJ1 and BG0 based on the palette details.


    This thus proves that many older Nintendo-games got preset palettes buildt into the boot code of the GBC. In fact, according to the table of palette details, the exact number of games is 93 (not including "default"). However, it is to note that several of those actually does use the same palette details as the default palette.
    Last edited by per; February 1, 2010, 03:27 AM.
    Current systems owned by me:
    Vintage:IBM PC/XT submodel 087 ( 1983 ), [Kon]tiki-100 rev. C (1983), Compaq Portable I ( 1984 ), IBM PC/XT submodel 078 ( 1985 ), IBM PC/XT286 ( ~1986 ), 3x Nintendo Entertainement Systems ( 1987 ).
    Obsolete:Commodore A500 ( ~1990 ), IBM PS/2 model 70/386 type 8570-161 ( 1991 ), Atari Lynx II ( ~1992 ), Generic Intel 486SX PC ( ~1993 ), AT/T Globalyst Pentium w/FDIV bug MB ( 1994 ), Compaq 486DX4 laptop ( ~1995 ).

    Comment


      #3
      what CPU is the GBC using? I've always loved doing things like this, but could only ever disassemble on x86 machines...
      I'm surprised that after all these years, no one else has worked on doing this. I think the world of emulation just got a bit better!

      Comment


        #4
        Originally posted by hargle View Post
        what CPU is the GBC using? I've always loved doing things like this, but could only ever disassemble on x86 machines...
        I'm surprised that after all these years, no one else has worked on doing this. I think the world of emulation just got a bit better!
        Well, the GBC and the original GB uses a variation of the Z80 CPU, but some of the instructions have been changed/removed. There are lots of information on this online.

        The reason nobody has been able to dump the GBC boot code before this fall is because it is locked out of the memory-map before custom code can be run. Since the ROM is located within the CPU IC, you can't just connect a ROM-dumper to it either. They managed to dump the original GB boot code almost 10 years ago by using a microscope ans certain etching solutions, but the GBC uses NAND-based ROM where this procedure don't work.

        However, this fall somebody came up with the great idea of playing around with the clock input before the lockout instruction was reached, thus confusing the CPU to a degree where it just skipped the instruction. This way custom code could be run while the boot code still were mapped in memory.

        They have added support for the Boot-code in MESS, but it's currently the only emulator supporting it. This gives MESS a much closer-to-reality emulation of the games since the palettes are just as they are on a real GBC, in comparasion to the grayscale emulation in all other emulators.
        Current systems owned by me:
        Vintage:IBM PC/XT submodel 087 ( 1983 ), [Kon]tiki-100 rev. C (1983), Compaq Portable I ( 1984 ), IBM PC/XT submodel 078 ( 1985 ), IBM PC/XT286 ( ~1986 ), 3x Nintendo Entertainement Systems ( 1987 ).
        Obsolete:Commodore A500 ( ~1990 ), IBM PS/2 model 70/386 type 8570-161 ( 1991 ), Atari Lynx II ( ~1992 ), Generic Intel 486SX PC ( ~1993 ), AT/T Globalyst Pentium w/FDIV bug MB ( 1994 ), Compaq 486DX4 laptop ( ~1995 ).

        Comment


          #5
          I'm just done with the disassembling and analysis of the code. It's really amazing how much they could actually fit within 1Kb.

          So, here is the boot process:
          1. Setup stack
          2. Initalize system (clear memory and turn sound-system on)
          3. Load old welcome splash (Load the "Nintendo" logo from the cartridge and store a 2x scaled version in video-RAM bank 0 at object 01h -> 0Ch for upper row and object 0Dh -> 18h for lower row. Load the "(R)" symbol to video-RAM bank 0 at object 19h).
          4. Load new welcome splash (Load the "GAME BOY" logo into video-RAM bank 1 (object 08 -> 17 for upper row, object 18 -> 27 for middle row and object 28 -> 37 for lower row) after scaling it 2x vertically. Load and translate the "Nintendo" logo unscaled into video-RAM bank 1 object 38 -> 3D. Load the (R) symbol to video-RAM bank 1 object 3E.)
          5. Map new welcome splash (assign the "GAME BOY" logo a palette making it the same color as used on the general background, and map it on the screen).
          6. Setup palettes to use durning the welcome splash.
          7. Identify game (using the title checksum and eventually the 4th character).
          8. Get spesific palette for that game, else get default palette.
          9. Turn on LCD and run welcome splash (At one point, map the "Nintendo(R)" part, then reassigning palettes to certain mapped objects in a certain way to get the "uncovering" effect, at last play two sounds). While running welcome splash, if a non-GBC game is used, the keypad will also be checked. If a valid keycombination is found, New palettes will be setup for the next frame of the welcome splash, and new palettes will be gotten for in-game use. In addition, there will be an eventual short delay added on the last frame (the last frame is being repeated) if the keypress was done toward the end of the animation, and durning this delay, another valid keypress can be done causing the delay to reset.
          10. Check the first half of the logo in the game-cartridge, halt if incorrect.
          11. Check general header checksum, halt if incorrect.
          12. White out the display by increasing the color-components of all palettes and reset data and maps in video-RAM bank 1, but only maps in video-RAM bank 0. The resets are done using DMA.
          13. Set system mode, if GBC flag is set in the header, just write 80h to port FF4Ch, if GBC-flag not set, write 04h to port FF4Ch and 01h to FF6Ch, then load palettes for use in-game, test if the game is one of two different titles, and if so, map the original scaled "Nintendo(R)" logo on the screen for compability.
          14. Write 11h to port FF50h to lock out the code from the memory-map.

          I only know one of the games that needs the original-style logo mapped, and that's "X - Xekkusu". When it starts, it takes wathever mapped to the screen and adds "Presents" under it, then it blanks out the display. When running in a regular emulator, it just starts by saying "Presents", but while using the boot rom (and the emulator supports it), it then says "Nintendo(R) Presents". I don't know the other game that does this, but it's 16-byte title field (in the header) sums up to 43h.
          Attached Files
          Current systems owned by me:
          Vintage:IBM PC/XT submodel 087 ( 1983 ), [Kon]tiki-100 rev. C (1983), Compaq Portable I ( 1984 ), IBM PC/XT submodel 078 ( 1985 ), IBM PC/XT286 ( ~1986 ), 3x Nintendo Entertainement Systems ( 1987 ).
          Obsolete:Commodore A500 ( ~1990 ), IBM PS/2 model 70/386 type 8570-161 ( 1991 ), Atari Lynx II ( ~1992 ), Generic Intel 486SX PC ( ~1993 ), AT/T Globalyst Pentium w/FDIV bug MB ( 1994 ), Compaq 486DX4 laptop ( ~1995 ).

          Comment

          Working...
          X