Jump to content

Bootleg With Save Chip


Recommended Posts

27 minutes ago, humble said:

GARY

Doing a search for that string in ASCII, ANSI, and EBCDIC in my legit save file and the bootleg ROM returned no results.  I`m guessing Nintendo is using some other encoding scheme but I admittedly have not investigated that deeply.  I`m hoping this won`t take too much of a more experienced person`s time.  :)

Indeed, Gen 1 have their own encoding.

https://bulbapedia.bulbagarden.net/wiki/Character_encoding_(Generation_I)

So you'll have to search for 86 80 91 98
 

29 minutes ago, humble said:

Not sure if this would affect it or not, but I`m using a Flash BOY with ``GBX Driver 2.0 build - Mar 29 2017`` to take save file and ROM downloads.  Am I allowed to upload my legit save file and the upper 1MB of the bootleg ROM (which I`ve verified does not include the original game code) to this forum?  It may make things easier.    Both files I`m working with are in a fresh 0:00 game timer state. 

Your legit save file? As in the save file from a none bootleg cart? I don't see why that would help.

Probably shouldn't upload part of the bootleg ROM.

Link to comment
Share on other sites

3 hours ago, theSLAYER said:

Indeed, Gen 1 have their own encoding.

https://bulbapedia.bulbagarden.net/wiki/Character_encoding_(Generation_I)

So you'll have to search for 86 80 91 98

Interesting!  I`ve used that site before, but I didn`t realize they included data like that.

That hex pattern was found twice in the legit cart`s SRAM dump, and three times in the bootleg ROM.  In the SRAM, it is at locations 25F6-25F9 and 4BF2-4BF5. 


The 25F6 block location appears to stand alone:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00
86 80 91 98 50
89 8E 87 8D 50 50
01 00 00 01 E1 13 BA 02 00 26 09 C7 05 04 01 00 00 00 04 04 04 10 40 C7 40 B0 40 00 FF 00 00 00 00 00 00 00 00 00 00 FF 00 00

The 4BF2 block location is surrounded by similar looking patterns:
8D 84 80 92 87 50
89 80 82 8A 50
8D 84 80 92 87 50
89 80 82 8A 50
8D 84 80 92 87 50
89 80 82 8A 50
8D 84 80 92 87 50
89 80 82 8A 50
8D 84 80 92 87 50
89 80 82 8A 50
8D 84 80 92 87 50
89 80 82 8A 50
8D 84 80 92 87 50
89 80 82 8A 50
8D 84 80 92 87 50
89 80 82 8A 50
8D 84 86 80 91 98 50
89 8E 87 8D 50 8D 89 84 85 85 50 00 00 00 00 00 00

HOWEVER, on the bootleg rom, it only matches in one location (other than 684E-6851 and 689B-689E which are identical hits at the same locations in the Legit ROM), which is 1165F6-1165F9, which is outside the legit ROM`s memory boundaries.  This location looks similar to the legit SRAM location`s 25F6 block :
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00
86 80 91 98 50
89 8E 87 8D 50 50
01 00 00 01 58 94 BA 02 00 26 12 C7 06 03 00 01 00 00 04 04 04 10 40 C7 40 B0 40 00 FF 00 00 00 00 00 00 00 00 00 00 FF 00 00 00 00 00 00 00 00 00 00 FF 00 00 00 00

Since 4BF2 is 25FC away FROM 25F6 in the legit`s SRAM, I went to 118BF2 to find this instead:

FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

3 hours ago, theSLAYER said:

As in the save file from a none bootleg cart?

Yea, my expectation is that the ``save file`` is simply stored in it`s unmutated, contiguous entirety somewhere else in the ROM.  My initial idea was that the save file embedded in the ROM would look nearly identical to the contents stored in SRAM of my legit cart.  I`m beginning to lose faith that that is true.

Edited by humble
Make it easier to read
Link to comment
Share on other sites

So, after realigning based around the rival`s name, I came up with bytes 114000-11BFFF as containing the save file.  I extracted this section, saved as a .sav file and loaded it against my legit ROM with VisualBoyAdvance-1.7.2 and it worked!  The save file`s blank spaces look nothing alike, but it still operates.  I imagine that data isn`t read by normal game play until it`s been overwritten later.  I will let y`all know if I run into problems later.  Thank you so much theSLAYER for your tip on how I can align the two save files!

  • Like 1
Link to comment
Share on other sites

2MB, or 200000 in base 16.  Everything after 11FA53 is just FF.  Mind you, this is just a fresh start game save though. 

I think it would be cool for someone to write a program for gen1 cartridges like someone did for the gen3 cartridges I`ve seen online in passing.

 

Do you want me to somehow send you the upper 1MB of data from the ROM?  My legit cartridges (that I bought new in 1998) only have a 1MB ROM, and the game code on these new bootleg carts match up (alignment wise) exactly with the legit ones.  Of course, there are quite a few values changed to handle the whole ``flash my own ROM when saving`` stuff.  I could also try to produce a patch file for a legit ROM if you`re interested and post it on here. 

Link to comment
Share on other sites

6 hours ago, humble said:

2MB, or 200000 in base 16.  Everything after 11FA53 is just FF.  Mind you, this is just a fresh start game save though. 

I think it would be cool for someone to write a program for gen1 cartridges like someone did for the gen3 cartridges I`ve seen online in passing.

 

Do you want me to somehow send you the upper 1MB of data from the ROM?  My legit cartridges (that I bought new in 1998) only have a 1MB ROM, and the game code on these new bootleg carts match up (alignment wise) exactly with the legit ones.  Of course, there are quite a few values changed to handle the whole ``flash my own ROM when saving`` stuff.  I could also try to produce a patch file for a legit ROM if you`re interested and post it on here. 

It’s probably fine for now. If the offsets you gave are accurate and static, then it should work. I’ll get to it once my PC troubles are over.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...