Difference between revisions of "Hacking Genesis"
(→Decryption) |
|||
Line 162: | Line 162: | ||
What we have left is a 40-bit string. | What we have left is a 40-bit string. | ||
− | The address is 24-bit and comprises of the following bytes, counted from high to low. 17-18-19-20-21-22-23-24-9-10-11-12-13-14-33-34-35-36-37-38-39-40 | + | The address is 24-bit and comprises of the following bytes, counted from high to low. 17-18-19-20-21-22-23-24-15-16-9-10-11-12-13-14-33-34-35-36-37-38-39-40 |
Which gives us - | Which gives us - | ||
<pre> | <pre> | ||
− | a = (((s >> | + | a = (s & 0xFF0000) | ((s >> 10) & 0xC000) | ((s >> 18) & 0x3F00) | (s & 0xFF) |
address = binary 000000001001110001110110, or 0x009C76 | address = binary 000000001001110001110110, or 0x009C76 | ||
Line 173: | Line 173: | ||
Which gives us - | Which gives us - | ||
<pre> | <pre> | ||
− | v = | + | v = ((s & 0x700) << 5) | ((s >> 3) & 0x1F00) | (s >> 32) |
value = binary 0101000001111000, or 0x5078 | value = binary 0101000001111000, or 0x5078 |
Revision as of 07:49, 20 January 2012
EnHacklopedia >> {{ #ifeq: Hacking Genesis | EnHacklopedia | Index | Hacking Genesis }} |
---|
Game Genie
The Genesis game genie was different from all of the other genies in a couple ways. It was similar in that it intercepted ROM from the cartridge and overwrote certain bytes to achieve the desired effects. But besides obvious differences, like the shape and look of the device, the encryption scheme was also different. Genies on other systems used letters or hex digits to mask other hex digits, and swapped them around for good measure. The genesis genie actually used many different letters and numbers to mask 5-bit sequences, which were jumbled around. This was because the codes were 8 digits long, but needed to hold information for 5 bytes instead of 4.
The Genesis Game Genie used the following digits:
ABCDEFGHJKLMNPRSTVWXYZ0123456789
Notice they skipped I, O, Q, and U, probably so those digits weren't confused with others.
For substitution, "A" starts at 0 and it counts up from there. Here's a chart for easy access.
Digit | Substitute |
---|---|
A | 00000 |
B | 00001 |
C | 00010 |
D | 00011 |
E | 00100 |
F | 00101 |
G | 00110 |
H | 00111 |
J | 01000 |
K | 01001 |
L | 01010 |
M | 01011 |
N | 01100 |
P | 01101 |
R | 01110 |
S | 01111 |
T | 10000 |
V | 10001 |
W | 10010 |
X | 10011 |
Y | 10100 |
Z | 10101 |
0 | 10110 |
1 | 10111 |
2 | 11000 |
3 | 11001 |
4 | 11010 |
5 | 11011 |
6 | 11100 |
7 | 11101 |
8 | 11110 |
9 | 11111 |
Decryption
To get the initial binary string to decrypt a code, first you substitute each digit with it's 5-bit counterpart. We'll use Sonic 1's "Each ring counts as 8" code as an example.
SCRA-BAX0 |-S-||-C-||-R-||-A-||-B-||-A-||-X-||-0-| 0111100010011100000000001000001001110110
What we have left is a 40-bit string.
The address is 24-bit and comprises of the following bytes, counted from high to low. 17-18-19-20-21-22-23-24-15-16-9-10-11-12-13-14-33-34-35-36-37-38-39-40 Which gives us -
a = (s & 0xFF0000) | ((s >> 10) & 0xC000) | ((s >> 18) & 0x3F00) | (s & 0xFF) address = binary 000000001001110001110110, or 0x009C76
The value is 16-bit (it is a genesis) and comprises of the following bytes, counted from high to low. 30-31-32-25-26-27-28-29-1-2-3-4-5-6-7-8 Which gives us -
v = ((s & 0x700) << 5) | ((s >> 3) & 0x1F00) | (s >> 32) value = binary 0101000001111000, or 0x5078
So there you have it, this code replaces the value at the address 0x009C76 with 0x5078.
To encrypt back to genie format, just follow the steps backwards.
EnHacklopedia |
---|
Basics |
Number and Data Encoding Formats - Generic Code Hacking |
Individual Systems In Depth |
Hacking Arcade - Hacking NES - Hacking SMS - Hacking SNES - Hacking Genesis - Hacking Saturn - Hacking PSX - Hacking N64 - Hacking DC - Hacking PS2 - Hacking GCN - Hacking Game Boy - Hacking Game Gear - Hacking Game Boy Advance - Hacking NDS - |
Documents and References |
Documents |
Tools |
Tools |
Legal |
---|
|