Experiences in the GBA BIOGRAPHIES

1

Experiences in the GBA BIOGRAPHIES

Keep in mind: This is a short article from my old dev blog. Outside web links have been updated, but the message is or else reposted verbatim.

So, that tweet went a little viral. Its the classic Video game Boy Development boot-up display, with the message altered to the oh-so-relatable Im Gay . I might have produced this as a computer animation, however instead Id spent a couple of days poring over paperwork and disassembly to in fact change the sprites in the systems BIOS documents. I assumed it could be intriguing to share the technological information concerning that.you can find more here gba_bios.zip download from Our Articles

For every one of my testing I was using the VisualBoyAdvance emulator. Its got some very good debug sights to imagine the state of the VRAM, a memory audience, and extremely favorably the disassembly of the energetic program code, along with the capability to tip instructions one-by-one.

My preliminary assumption was that the graphics information would certainly exist in an apparent layout in the BIOS, and that Id be able to spot it simply by disposing out the BIOS as an image, mapping each byte to a pixel. Ive used this strategy on various other reverse-engineering tasks and its normally extremely handy. In this situation, nevertheless, I showed up only worsening – no apparent formed data at all.

I attempted zeroing out various parts of the BIOS information, seeing if I might reason the place of the sprite data. This didnt job quite possibly – I managed to break the audio chime and later on handled to collapse the BIOS totally, so I scrapped that idea quite promptly.

I got to the verdict that the data should be compressed in some kind, and began checking out for sources regarding GBA data compression strategies. I stumbled across a project called dsdecmp which consisted of code for compression and decompression with numerous formulas used by the GBA and DS systems, and believed it may be useful.

I tried running dsdecmps LZ77 decompressor on the biographies, starting at each factor in the BIOS that can feasibly match the LZ77 data header, in the hopes that I could locate the pressed sprite data by sheer brute force, yet this additionally shown up a dead end.

At some point I knew I was mosting likely to need to get my hands unclean, and by stepping through the BIOS code one instruction at a time making use of VBAs disassembler, I was able to recognize the adhering to information flow:

  • Copy $ 370 bytes from $ 0000332C to $ 03000564
  • Decompress $ 370 bytes from $ 03000564 into $ 3C0 bytes at $ 03001564
  • Unwind $ 3C0 bytes from $ 03001564 into $ 800 bytes at $ 03000564
  • Broaden $ 800 bytes of 2bit graphics data from $ 03000564 into $ 2000 bytes of 8bit graphics data at $ 06000040

A quick note regarding the GBA memory design. The BIOS is mapped at address array $ 00000000-$ 00003FFF, theres some general-purpose RAM beginning at $ 03000000, and VRAM begins at $ 06000000. There are various other parts of addressable memory however theyre not pertinent right here. ( resource: GBATEK)

So its duplicating some compressed data from the BIOS into IRAM, unwinding it two times in IRAM, and then increasing it while replicating right into VRAM. After a bit reviewing the GBATEK documentation and contrasting against the pressed information, I had the ability to determine from the header bytes that the very first compression pass is Huffman and the 2nd pass is LZ77. So I assume the BIOS is actually carrying out the following steps making use of the BIOS decompression functions:

MemCopy($ 0000332C, $03000564, $370);// likely making use of CpuSet or CpuFastSet
HuffUnCompReadNormal($ 03000564, $03001564);.
LZ77UnCompReadNormalWrite8bit($ 03001564, $03000564);.
BitUnPack($ 03000564, $06000040, );.

I was able to bodge with each other some C# code to remove the sprite information and dispose it out to a photo file. I after that bodged together some more code to review the picture data, cut it to 2 little bits per pixel, and press the data in the manner the BIOS expects. I can after that just customize the photo documents, run the code, and Id obtain a changed BIOS file with the brand-new sprites.

This does not work constantly though. If the sprites have way too much decline, the compression wont have the ability to maintain the information under $ 370 bytes, and I think the halfway-stage pressed information has an upper dimension limitation too. Thankfully I procured the information I desired under the size restriction, but I did have a number of stopped working attempts while experimenting.

While Im certain lots of you desire my tooling for this, I wont be releasing it. Its a hacky and buggy mess Im not specifically proud of, and I don’t truly feel like tidying it up or fielding assistance requests. This ought to have offered you enough information to develop a comparable device on your own if youre truly figured out though;-RRB- Oh, and there was a bonus GDPR joke tweet that blew up a little bit as well, made with the same techniques.

S