Hacking Genesis

From Wiki - GameHacking.org
Revision as of 22:49, 20 January 2012 by Rimsky82 (talk | contribs) (→‎Decryption)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
EnHacklopedia >> {{ #ifeq: Hacking Genesis | EnHacklopedia | Index | Hacking Genesis }}

Game Genie

Game Genie device for Sega Genesis

The Genesis game genie was different from all of the other genies in a couple ways. It was similar in that it intercepted ROM from the cartridge and overwrote certain bytes to achieve the desired effects. But besides obvious differences, like the shape and look of the device, the encryption scheme was also different. Genies on other systems used letters or hex digits to mask other hex digits, and swapped them around for good measure. The genesis genie actually used many different letters and numbers to mask 5-bit sequences, which were jumbled around. This was because the codes were 8 digits long, but needed to hold information for 5 bytes instead of 4.

The Genesis Game Genie used the following digits:


Notice they skipped I, O, Q, and U, probably so those digits weren't confused with others.

For substitution, "A" starts at 0 and it counts up from there. Here's a chart for easy access.

Digit Substitute
A 00000
B 00001
C 00010
D 00011
E 00100
F 00101
G 00110
H 00111
J 01000
K 01001
L 01010
M 01011
N 01100
P 01101
R 01110
S 01111
T 10000
V 10001
W 10010
X 10011
Y 10100
Z 10101
0 10110
1 10111
2 11000
3 11001
4 11010
5 11011
6 11100
7 11101
8 11110
9 11111


To get the initial binary string to decrypt a code, first you substitute each digit with it's 5-bit counterpart. We'll use Sonic 1's "Each ring counts as 8" code as an example.



What we have left is a 40-bit string.

The address is 24-bit and comprises of the following bytes, counted from high to low. 17-18-19-20-21-22-23-24-9-10-11-12-13-14-15-16-33-34-35-36-37-38-39-40 Which gives us -

a = (s & 0xFF0000) | ((s >> 16) & 0xFF00) | (s & 0xFF)

address = binary 000000001001110001110110, or 0x009C76

The value is 16-bit (it is a genesis) and comprises of the following bytes, counted from high to low. 30-31-32-25-26-27-28-29-1-2-3-4-5-6-7-8 Which gives us -

v = ((s & 0x700) << 5) | ((s >> 3) & 0x1F00) | (s >> 32)

value = binary 0101000001111000, or 0x5078

So there you have it, this code replaces the value at the address 0x009C76 with 0x5078.

To encrypt back to genie format, just follow the steps backwards.

Number and Data Encoding Formats - Generic Code Hacking
Individual Systems In Depth
Hacking Arcade - Hacking NES - Hacking SMS - Hacking SNES - Hacking Genesis - Hacking Saturn - Hacking PSX - Hacking N64 - Hacking DC - Hacking PS2 - Hacking GCN - Hacking Game Boy - Hacking Game Gear - Hacking Game Boy Advance - Hacking NDS -
Documents and References


All files (HTML, CSS, images) included in EnHacklopedia are licensed under the Creative Commons Attribution-ShareAlike 3.0 License. All authors contributing to EnHacklopedia should be made aware of the license before contributing. If the author does not agree to the licensing, his or her contributions will not be accepted into the project.