ly63
Joined: 12 Feb 2012 Posts: 9 Location: China
|
Posted: Sun Feb 12, 2012 3:15 pm Post subject: Decoding goldfinger code for GameDoctor SF series |
|
|
The Game doctor series copier have built-in Cheating system,it use Gold Finger code to modify Game ROM stored in DRAM.
A gold finger code is like below:
AAAAA DDDDDD CC F (14 digits total)
A=Address (5 digits,20 Bits)
D=Data (6 digits 3 Bytes)
C=Checksum (2 digits,1 Byte)
F=Function (F=0 Means Modify Game ROM,F=1 Means Modify SRAM)
Some Game copiers also support gold finger code(such as dragon II, super pro fighter... etc.), but they treat address in code as 20bit,so they can only modify first 1Mbyte of game rom.
The gold finger code processing algorithm of game doctor is different from other game copiers, it can addressing full range* of game rom with a hidden parameter.
*note: My GD sf 7 has only 32Mbit of DRAM, I can not test it's behavior while load a rom size bigger than 32M, the "FULL" Address range in this article is 0-0x3fffff(32MBit).
And where is the HIDDEN parameter? See picture below:
Do you see a green arrow in the red circle? That's it, the slot pointer will affect actual address calculated from the gold finger code, you can modify slot pointer using X and Y button.
How to decode the address of a gold finger code to ROM file address(for GDSF 6,7 only, GDSF 3 may also applicable) :
Assuming you load a game starting from Slot A:
Code: |
If (GAME ROM = HiRom and game rom >16MB)
{
if (slot code = A)
{
//code Address is second half of every 64K ROM
//for example, GF code address is 00000,then ROM Address=0x008000;
//GF code address is 08000,then ROM address=0x018000
Rom Address=((CodeAddress & 0x3f8000) << 1) + 0x8000 + (CodeAddress & 0x7fff);
}
If (Slot code =B)
{
//algorithm is same as slot code =A, but ROM address +=0x200000
//for example, GF address = 00000, then ROM address = 0x208000;
//GF code address is 08000,then ROM address=0x218000
Rom Address=((CodeAddress & 0x3f8000) << 1) + 0x8000 + (CodeAddress & 0x7fff);
Rom Address+=0x200000;
}
If (slot code = C)
{
//Code address is first half of every 64k ROM
//for example, GF code address is 00000, then ROM Address=0x000000;
//GF code address is 08000, then ROM address=0x010000;
Rom Address=((CodeAddress & 0x3f8000) << 1) + (CodeAddress & 0x7fff);
}
If (slot code = D)
{
//algorithm is same as slot code =C, but ROM address +=0x200000
//for example, GF code address is 00000, then ROM Address=0x200000;
//GF code address is 08000, then ROM address=0x210000;
Rom Address=((CodeAddress & 0x3f8000) << 1) + (CodeAddress & 0x7fff);
Rom Address+=0x200000;
}
}
If (GAME ROM = HiRom and game rom <=16MB)
{
if (slot code = A)
{
//code Address is second half of every 64K ROM
//for example, GF code address is 00000,then ROM Address=0x008000;
//GF code address is 08000,then ROM address=0x018000
Rom Address=((CodeAddress & 0x3f8000) << 1) + 0x8000 + (CodeAddress & 0x7fff);
}
If (slot code = B)
{
//Code address is first half of every 64k ROM
//for example, GF code address is 00000, then ROM Address=0x000000;
//GF code address is 08000, then ROM address=0x010000;
Rom Address=((CodeAddress & 0x3f8000) << 1) + (CodeAddress & 0x7fff);
}
//Slot code c and d are not valid while rom size <=16MB
}
If (GAME ROM = LoRom)
{
//define slot code Constant:
A=0;B=1;C=2;D=3;
ROM address = code address +(slot code*0x10000)
} |
---------------------------------------------------------------------------------------------------------------------
I am a Chinese, and didn't learn English very well, it may contain some syntax errors in this article, sorry about that.
Description: |
|
Filesize: |
87.12 KB |
Viewed: |
1585 Time(s) |
|
|
|