Taking a cue from Rare's rumored "stop-n-swop" cartridge system for N64, where you swap game cartridges while the system is powered, I peformed the CIC disabling modification on my NES. I had the idea to copy my RS-232-based loader into low-memory from my devcart, eject the cart with the power still on, then insert a normal game cartridge, for the purpose of getting access to its mapper, etc.
The idea works (though it takes several tries until I get the game in without my code crashing as I insert it, much to the dismay of my NES cartridge connector). I've been able to dump several MMC1 and UNROM games and get a checksum match with dumps on the net, save and restore battery RAM to my PC, and do some reverse-engineering of the MMC5 in Castlevania 3. I plan on doing more reverse-engineering of the MMC1, MMC3, and MMC5. It would be neat to figure out how to enable MMC5 sound (I see several empty pads on my CV3 board for various resistors, perhaps necessary for digital-to-analog conversion).
I was also able to dump my US Game Genie ROM (it matches what's on the main nesdev page). I should also be able to access its custom hardware for reverse-engineering, in case anyone's interested.
The final thing I want to try is restoring a complete snapshot from my emulator into the actual game. This will be tricky since the code will ultimately have to erase itself. I'm hoping I can find half a page of bytes in a given snapshot that all have the same value. Combined with the movie replayer I made a few days ago, this could allow recording of movies on an emulator and playback on a real NES from any point, not just the beginning. Since my SNES devcart is almost the same, I was thinking of trying something similar on the SNES.
This might help me bootstrap to a better devcart. I was thinking of making one with flash RAM where the NES does the writing itself, using the serial interface with the PC. With this I could program the initial devcart, and easily program more for other people.
All this started with Zelda board with a single trace rerouted so that the battery RAM is selected in place of the ROM... :)
The idea works (though it takes several tries until I get the game in without my code crashing as I insert it, much to the dismay of my NES cartridge connector). I've been able to dump several MMC1 and UNROM games and get a checksum match with dumps on the net, save and restore battery RAM to my PC, and do some reverse-engineering of the MMC5 in Castlevania 3. I plan on doing more reverse-engineering of the MMC1, MMC3, and MMC5. It would be neat to figure out how to enable MMC5 sound (I see several empty pads on my CV3 board for various resistors, perhaps necessary for digital-to-analog conversion).
I was also able to dump my US Game Genie ROM (it matches what's on the main nesdev page). I should also be able to access its custom hardware for reverse-engineering, in case anyone's interested.
The final thing I want to try is restoring a complete snapshot from my emulator into the actual game. This will be tricky since the code will ultimately have to erase itself. I'm hoping I can find half a page of bytes in a given snapshot that all have the same value. Combined with the movie replayer I made a few days ago, this could allow recording of movies on an emulator and playback on a real NES from any point, not just the beginning. Since my SNES devcart is almost the same, I was thinking of trying something similar on the SNES.
This might help me bootstrap to a better devcart. I was thinking of making one with flash RAM where the NES does the writing itself, using the serial interface with the PC. With this I could program the initial devcart, and easily program more for other people.
All this started with Zelda board with a single trace rerouted so that the battery RAM is selected in place of the ROM... :)