Note: This is a write-up from my old dev blog site. Outside web links have been upgraded, but the text is otherwise reposted verbatim.
So, that tweet went a little bit viral. Its the timeless Video game Child Advance boot-up display, with the message changed to the oh-so-relatable Im Gay . I could have developed this as a computer animation, yet instead Id invested a couple of days reading documentation and disassembly to in fact modify the sprites in the systems BIOS data. I thought it could be fascinating to share the technical details about that.More Here gba bios files At our site
For every one of my testing I was making use of the VisualBoyAdvance emulator. Its obtained some extremely nice debug sights to think of the state of the VRAM, a memory audience, and extremely favorably the disassembly of the energetic program code, along with the capability to tip directions one-by-one.
My preliminary presumption was that the graphics data would certainly exist in an apparent format in the biographies, which Id be able to identify it simply by unloading out the BIOS as a photo, mapping each byte to a pixel. Ive utilized this method on other reverse-engineering tasks and its typically very helpful. In this case, nevertheless, I turned up only degeneration – no obvious patterned information whatsoever.
I tried zeroing out different parts of the BIOS data, seeing if I can deduce the area of the sprite data. This didnt work extremely well – I took care of to damage the audio chime and later on managed to collapse the biography totally, so I scrapped that idea rather quickly.
I got to the conclusion that the data should be pressed in some kind, and began checking out for resources regarding GBA information compression methods. I came across a task called dsdecmp which included code for compression and decompression with numerous algorithms made use of by the GBA and DS systems, and thought it may be useful.
I tried running dsdecmps LZ77 decompressor on the BIOS, beginning at each factor in the biographies that might feasibly match the LZ77 information header, in the hopes that I can find the pressed sprite data by large strength, however this likewise turned up a dead end.
At some point I knew I was going to have to get my hands dirty, and by stepping via the BIOS code one instruction at once making use of VBAs disassembler, I had the ability to identify the complying with data circulation:
- Replicate $ 370 bytes from $ 0000332C to $ 03000564
- Decompress $ 370 bytes from $ 03000564 into $ 3C0 bytes at $ 03001564
- Decompress $ 3C0 bytes from $ 03001564 right into $ 800 bytes at $ 03000564
- Expand $ 800 bytes of 2bit graphics data from $ 03000564 right into $ 2000 bytes of 8bit graphics information at $ 06000040
A fast note concerning the GBA memory design. The BIOS is mapped at address array $ 00000000-$ 00003FFF, theres some general-purpose RAM beginning at $ 03000000, and VRAM starts at $ 06000000. There are numerous other parts of addressable memory yet theyre not appropriate below. ( resource: GBATEK)
So its copying some pressed data from the biography into IRAM, decompressing it twice in IRAM, and afterwards increasing it while duplicating right into VRAM. After a little while checking out the GBATEK documentation and comparing versus the pressed information, I had the ability to identify from the header bytes that the initial compression pass is Huffman and the 2nd pass is LZ77. So I assume the biography is in fact performing the adhering to actions using the BIOS decompression functions:
MemCopy($ 0000332C, $03000564, $370);// likely utilizing CpuSet or CpuFastSet HuffUnCompReadNormal($ 03000564, $03001564);. LZ77UnCompReadNormalWrite8bit($ 03001564, $03000564);. BitUnPack($ 03000564, $06000040, sourceLength: $800,. sourceWidth: 2,. destWidth: 8,. dataOffset: 0. );.
I had the ability to bodge together some C# code to draw out the sprite information and discard it out to a photo data. I after that bodged together some even more code to read the image data, cut it down to 2 bits per pixel, and press the data in the fashion the BIOS anticipates. I can after that simply change the image documents, run the code, and Id obtain a customized biography documents with the brand-new sprites.
This does not work regularly though. If the sprites have excessive degeneration, the compression wont be able to keep the information under $ 370 bytes, and I think the halfway-stage pressed information has an upper size limit also. The good news is I procured the data I wanted under the dimension limit, but I did have a couple of fallen short attempts while trying out.
While Im certain lots of you desire my tooling for this, I wont be launching it. Its a hacky and buggy mess Im not particularly pleased with, and I do not truly seem like tidying it up or fielding assistance demands. This must have provided you sufficient detail to build an equivalent tool yourself if youre really identified though;-RRB- Oh, and there was a reward GDPR joke tweet that blew up a bit too, made with the same techniques.