Keep in mind: This is a short article from my old dev blog site. Outside links have been upgraded, but the message is otherwise reposted verbatim.
So, that tweet went a little bit viral. Its the timeless Video game Child Development boot-up screen, with the message changed to the oh-so-relatable Im Gay . I can have produced this as a computer animation, however rather Id spent a couple of days poring over documents and disassembly to in fact modify the sprites in the systems BIOS data. I thought it may be interesting to share the technological details concerning that.Join Us gba bios file android website
For every one of my screening I was making use of the VisualBoyAdvance emulator. Its got some very good debug sights to visualise the state of the VRAM, a memory visitor, and extremely helpfully the disassembly of the energetic program code, along with the capacity to tip directions one-by-one.
My initial assumption was that the graphics data would exist in an evident format in the biographies, which Id have the ability to find it simply by disposing out the BIOS as an image, mapping each byte to a pixel. Ive utilized this method on other reverse-engineering tasks and its usually extremely practical. In this case, nonetheless, I turned up only entropy – no evident patterned information whatsoever.
I attempted zeroing out various parts of the BIOS data, seeing if I can deduce the location of the sprite information. This didnt job very well – I handled to damage the audio chime and later on managed to crash the BIOS totally, so I scrapped that concept pretty rapidly.
I reached the verdict that the data must be pressed in some form, and began browsing for sources concerning GBA information compression techniques. I stumbled across a job called dsdecmp which contained code for compression and decompression with various algorithms utilized by the GBA and DS systems, and believed it could be valuable.
I tried running dsdecmps LZ77 decompressor on the biographies, beginning at each point in the biographies that might feasibly match the LZ77 data header, in the hopes that I could find the pressed sprite data by sheer brute force, yet this likewise shown up a stumbling block.
Eventually I understood I was mosting likely to have to obtain my hands unclean, and by tipping through the BIOS code one direction at a time utilizing VBAs disassembler, I had the ability to identify the complying with data flow:
- Duplicate $ 370 bytes from $ 0000332C to $ 03000564
- Decompress $ 370 bytes from $ 03000564 right into $ 3C0 bytes at $ 03001564
- Decompress $ 3C0 bytes from $ 03001564 into $ 800 bytes at $ 03000564
- Broaden $ 800 bytes of 2bit graphics data from $ 03000564 into $ 2000 bytes of 8bit graphics information at $ 06000040
A quick note regarding the GBA memory layout. The biography is mapped at address variety $ 00000000-$ 00003FFF, theres some general-purpose RAM starting at $ 03000000, and VRAM starts at $ 06000000. There are different other parts of addressable memory yet theyre not appropriate below. ( source: GBATEK)
So its copying some compressed data from the BIOS right into IRAM, unwinding it twice in IRAM, and after that increasing it while replicating right into VRAM. After a little while checking out the GBATEK documents and contrasting against the pressed information, I was able to establish from the header bytes that the initial compression pass is Huffman and the 2nd pass is LZ77. So I assume the biography is in fact executing the following actions utilizing the BIOS decompression features:
MemCopy($ 0000332C, $03000564, $370);// most likely using CpuSet or CpuFastSet HuffUnCompReadNormal($ 03000564, $03001564);. LZ77UnCompReadNormalWrite8bit($ 03001564, $03000564);. BitUnPack($ 03000564, $06000040, );.
I had the ability to bodge with each other some C# code to draw out the sprite information and discard it out to an image documents. I after that bodged together some more code to review the image file, cut it down to 2 bits per pixel, and compress the information in the manner the biography expects. I might after that just change the photo file, run the code, and Id obtain a changed biography data with the brand-new sprites.
This doesn’t function constantly though. If the sprites have excessive decline, the compression wont have the ability to maintain the information under $ 370 bytes, and I think the halfway-stage pressed information has a top dimension limitation as well. Thankfully I procured the data I desired under the dimension limit, yet I did have a number of failed efforts while experimenting.
While Im certain a lot of you desire my tooling for this, I wont be launching it. Its a hacky and buggy mess Im not specifically proud of, and I do not actually feel like tidying it up or fielding support demands. This ought to have offered you enough detail to build an equivalent tool on your own if youre actually figured out though;-RRB- Oh, and there was a incentive GDPR joke tweet that blew up a little bit also, made with the same methods.
