Hacking the Nintendo Game and Watch
Вставка
- Опубліковано 27 вер 2024
- Why is this censored: Got copyright claims on it otherwise.
I got lucky and received my Game and Watch Super Mario Bros. one day early - and immediately started hacking it! In this video we will teardown the device, take a look inside, and find how we can put our own, customized ROM onto it!
Resources:
- Twitter: / ghidraninja
- Twitter thread: / 1326855097083686917
- Game and watch scripts:
github.com/ghi...
- STM32H7B0 Reference manual: www.st.com/res...
Also many thanks to SciresM ( / sciresm ) on Twitter from telling me that ... basically exclusively uses AES-CTR!
Nintendo thought they were being crafty making the usb port power only.
Only to make a language error in the firmware that can't be updated because of that.
Probably because how easy it was to load ROMs to the NES Mini and SNES Mini ;). So this time it is a real treatment.
@@NavidErde I mean yeah, that' a typical Nintendo move, but why should they care? You can play those games without much effort on almost every Device with customizable OS.
Instead they should be happy that their community is so cool and wants to make Homebrew and stuff. But big companies don't get that. Because of Piracy, it's understandable but in the end the sufferes are the good people who pay for the games while the pirates hack it anyway even if it is a Playstation with a badass(not a fan tho) encryption.
@@NavidErde In the SNES version there was a message from the original developers. So they knew about the hacks but didn't (care?) do anything about it. Wish they didn't make the usb port power only, I don't have the tools for this.
It's the chip
- The usb is only for charging.
+ Hold my ARM debug probe.
cpu suports usb dfu booting some time and someone will hack it to reflash via usb
@@vampirwrr it would still need hardware mods, since the usb data pins aren't physically connected to anything
Xbox: super powerful fridge
PlayStation: next gen internet router
Nintendo: 1985
If you're going with a theme wouldn't Sony be gynormous internet router?
@@ignignxkt ok
PS5 is designed using Chad Warden as a base
@@Kabodanki ok lol
Instead of ruining my comment I’m just gonnna say y tho
Can't wait to play Doom on it.
Or Super Mario 64
@@matiytpopin14 nes emulator cant run it
With only 128KB of storage that is very doubtful.
This is Nintendo, I think Wolf 3d was the most violent game they had.
Most STM32 MCUs are perfectly capable of running Doom. You can even replace Mario with Doom on this one, should not be much of a problem. But you will never be able to put Mario back again.
Me watching this whole video despite knowing none of these technical words:
“I like your funny words magic man!”
Same here
He sounds german too, it only makes it sound more dramatic.
Lol
I was going to say something similar lol
I came to say the very same shit
Awesome breakdown of this all! 🙂
Love watching youtubers support each other.
Hi Mario!
I cant belive people keeps hacking almost every game console that releases
I modded a 1970 handheld football game to play PSP games I am your God nerds kneel before me
Legend. Loading NES and G&W roms on this would be great!
This is very cool, can't wait to see more videos about this little thing.
Please post more often, I'm sure this will be great!! (2min ago and I'm straight here)
You guys work much faster than Rule 34 artists
You see comrad, when it not come out you still hack!
r1337: if it exist, it can (and will) be hacked
@@Valery0p5 time to hack my abacus
@@Valery0p5 🐐
What's rule 34 artist? 🐐 Hackers?
stacks: *explains everything carefully*
me not understanding a goddamn thing but thinking its awesome:
lmao same
Count me in
Indeed, that is God-level stuff for someone like me lol
OH MY GOOOOOD
WOOOW
Yeh same i have no clue if what he is saying
After studying EE and about 3 years of experience, it made me happy that I understood 99% of this video.
I got 0% idea of what's going on but still liked the video
@@mr.billybob4013 it's a good video nonetheless
Just wondering for amateurs how does one achieve this kind of understanding? I'm walking through a CS degree but the most relevant course seems to be comp arch. Connecting to debug ports, dumping falsh/ram, trying to figure out the encryption algorithm, all these sound very interesting to me. I can probably follow along with enough tools but how do I do all of these on my own?
@@Levelworm I'm dealing with STM32 MCUs at work, often also using external memory and implementing firmware update mechanisms. Doing this kind of work, I need to figure out how to make things more secure, so that nobody can actually get the code or extract an encryption key (e.g. when the bootloader itself is being updated) by sniffing any lines that connect MCU and the external flash. So I'm basically on the other side of what stacksmashing does. This made it easy to understand for me. It made me happy, because I remember times when I would watch videos like this and understood basically nothing.
You studied at E sports? Coool
I understood very very little in this video. However, it was very well made and informative, nonetheless! Great work, and excited for how this community is so smart! Can't wait to see other games on this cool little device!
why are you censor the screen?
Copyright.
I really want to see people port other LCD games like Hippo Teeth, Coconut Joe and Wolf & Eggs.
So you can install a "52 in 1" ROM.
Need to protect against the hot patching first
I’d love to see SMB3, Legend of Zelda, and maybe even Pokémon on this little guy, can’t wait to see more!
If I could get these for Pokémon, even if they only had a game a piece, I’d be trilled
@I'm Self Aware imagine beating Nightmare on a Mario Game & Watch
Sales of this devices is good. If you wait abit, Nintendo might officially release it.
I want Tetris on it
@Marcus Mysteriously If it can run a NES emulator it might be able to run a Gameboy one too
I didnt understand a word but this is super interesting and make me apreciatte the work of console hackers, thanks man!
@The Deadpool Who Chuckles. brrt?
@@AmberCresent brrrt
that was pretty quick from getting the game & watch to a video lmao nice
Cool, hopefully you can fix their language bug 😆
The dream would be if you could add a micro-sd reader and have the firmware rewritten to just parse the roms on the card and present them in a menu. Do you think that could be done theoretically?
Yes; mass-erase the STM32H7B0's 128KB of flash (in 8KB sectors), remove the 1MB NOR flash (SPI Bus), solder the microsd slot breakout to the now-vacant flash pads, burn a FAT driver into the internal 128KB that can parse the filesystem, locate the emulator code, map it into memory, and present a fileselector. Bonus points if the fileselector is actually 6502 code running under the emulator, commanding the emulator to traverse and list directories. But ARM menu code is also acceptable. 1.4MB of SRAM is extremely large in terms of MCUs; take a look on github for "/Jean-MarcHarvengt/MCUME", which can run with a teensy4's 1MB of ram and for some emulator cores, an optional SPI 8MB PSRAM from Espressif, usually found on ESP32s.
They probably are gonna put doom on there lol
I’ll be surprised if they haven’t done it already. I’ve beaten it on a microwave and on a potato. So this is the next step.
I'd honestly love to see id/Bethesda.. Microsoft? .. put out a dedicated OG Doom handheld like this with Doom, Doom II, Final Doom and maybe the master levels.
Not without modifying the hardware heavily. The files for Doom are far too large to fit into the amount of storage this device it has.
@@CosmicGaijin still hasnt/cant be ported the TI-84 Plus CE tho lmao
@@fatusopp4739 that just means they aren’t trying hard enough
Ah, this is the "I'll post a video of this soon" video - nice one :)
are you going to hack the Zelda version when it comes out...?
I hope that we can put our own ROMS in someday! I definitely wanna mod in SMB2USA and SMB3 as well as some of the popular ROM Hacks for 1 & 3 like Extra Mario Bros. or Super Mario Bros. 3Mix!
Ain’t gonna happen
@@andrewober Woah, someone woke up on the wrong side of the bed this morning! It can and inevitably will run other NES roms in the future with modding, although I can't say the same for games from other platforms.
@@vertihippo1274 But the modding won't be easy. The USB has no data line. It's only power. That means for the majority of people it won't be as easy as the NES mini by plugging it to a computer and running a program.
@@chamoo232 Still possible though :)
I'm curious what your background is - electrical engineering, computer science? How did you learn this stuff?
badassery, that is his backgroud
@@Macs nolifery
Wow, nice work! I'm personally really curious about the hidden Mario drawing song, since it's originally from the DSiWare app Flipnote Studio. I've spent a bit of time reverse-engineering Flipnote in the past, so I'm wondering if they made the effort to include a full Flipnote parser or if it's been converted into some other format. Any ideas?
It would be awesome if RetroArch gets ported to this, because that means you could play the Game & Watch Collection games released on the Game Boy and Game Boy Advance.
Great work! Hopefully a more user friendly and accessible method will come along.
This is mind-blowing to watch. Thanks for the hard work. Subscribed!
Can't wait for mine to arrive, I've already prototyped a pcb with a microcontroller and a much larger flash to implement a sort of "bank switching" to hold more games, I just need the thing in my hands to finish writing the software and test it
Can you put some links to these items so others can buy them too?
@@BigHushAffiliate it's just a 64mbit flash and a 120mhz ucontroller that I already had around. I designed and made the pcb. Will only work (if at all) for mmc1 games
You answered the first question I had when I saw the announcement for this device! Thanks so much for your efforts, I look forward to seeing what comes next.
Great work! Somebody needs to port *all* the single screen Game & Watches onto this.
I can't wait until they make it easy for us to dump roms into this thing...
Since the USB data ports aren't connected it will never be as easy as the NES mini. Maybe people with the tools and know how though will provide a service you can send your game and watch in and have it reflashed.
@@littlefreak3000 yeah I know they explained that part in the video... but now they know where the data is, I'm wondering if they can connect the data to the port OR take the exsiting port out and putting a whole new one on there with a modded chip that connects to the data... I don't know if it's possible but since they've isolated the data point it's not impossible right?
@@littlefreak3000 otg via usb-c port can be?
@@jeffcross9960 Impossible? No. Even remotely simple? Definitely not.
If these were being produced on a much more massive scale, and Nintendo was openly planning to make many more units in the coming years, it *might* be worthwhile for someone to make/sell a custom programming device/clamp that could do the process faster. For how small of a run this is, that's highly unlikely to happen.
As it is, I think the best we'll get is a few folks specializing in doing the process themselves manually as a paid service. If the service could be done for a reasonable price, I might be down for it.
Realistically though, I think that it might almost be better for someone to figure out how to store something like a pi zero inside of one of these shells, with all the buttons and everything functioning as they should. But... This looks to be a teeny tiny device. Not much room to work with in there. Who knows.
@@dantehchad2227 yeah I figured... but still if people REALLY want to do this they could and that's enough for me to be at least a little hopeful. I was also thinking of a pi zero but with all the single screened Game & Watch games in them as well hahah... again high hopes and low expectations... so I AM thinking realistically...
Try to see if you can swap the theme playing while time is displayed. Would be cool to see a Zelda or even a Mr. Game and Watch one instead! Either way great work man!
Awesome stuff!!! Please keep us updated on what else can be loaded into it. It would be awesome to load any rom in there... maybe even via USB!
How do you think we'll be able to use USB if the data line is not connected?
@@OMA2k Connecting it to the flash directly? 🙂 Just kidding... anyway just wanted to say great work!!
You're going up against a stacked deck if the Embedded system is using the Flash in a XIP mode. My guess is that they may be moving some parts of it to RAM for faster execution. Unfortunately they are probably not using the Flash as memory storage so those handy Flash read/write and sector management functions would probably not have been moved to RAM :(
I cannot believe they did not completely lock down the SoC though... wonder if there are any test functions in RAM that they were using for manufacturing QA, possibly even provisioning (though I doubt for serial flash programming; that was prob. pre-programmed before going on the PCB).
Pretty weak encryption on the flash too, they left the door wide open (inspecting the RAM and flash and doing a reverse encryption), was it actually XOR or some polynomial (n-bit shifter) ?
Good work on it so far, good luck on the rest!
Cheers,
I'm impressed by the fact that I know nothing about this type of stuff and you made me feel like i understood everything.
Would there be enough memory for a game boy rom? I'm thinking of Game & Watch Gallery.
thats smart
Watch E3 2021 to see that happen. Oh and BOTW2 is coming in 2022
Holy shit! Didn't understand a word but boy oh boy, was this entertaining to watch! Damn, u r smart, pal! Good luck with those future hacking plans.
Memory expansion and more nes roms would be freaking sweet!
How? Haha
@@superjerjer1 How? Replace the flash ROM with a bigger one.
@@blahdelablah but thats hardware modding, look at chinese handheld majority of them are software modding
@@superjerjer1 "Memory expansion" implied hardware modding, perhaps you just assumed it was software modding that was being discussed.
Really like how you described in details how you got each step.
From experience repairing gameboys and Sony Vaio laptop batteries, i can tell you that these screws can easily be removed with no damage with a small flat tip screwdriver.
Well done. I said, 'give it a week to a month'; you did it before launch. #LMAO
Just say lmao
Don't use hashtags. Just say "Lmao"
@@liquiditya How about you give me five bucks on Steam instead?
@@AmyraCarter nah I’m good. Thanks for the idea tho. I’ll make sure to use it on someone else. Not you :)
Would be real nice to have the original RAM dump you used to figure out whether the ROMs were loaded into RAM.
Can you rip those new Mario Illustrations from the bios?
I'd like to add the US version of SMB2, SMB3, and the original Mario Bros to it. With Dr. Mario as possible bonus. If there's enough space left, then throw Mario is Missing and Mario's Time Machine on there too.
Great work! Next step: desolder old 128 KB flash module and solder in new 1 GB flash module and then load in all the NES games that ever came for the NES. It's only 8 pins you have to desolder, not that difficult.
So exciting. It's a great device out of the box, so the potential to add roms will make this device such a great collector and PLAY item.
Adding roms will be difficult, because it has just enough storage to store the built in games
Honestly if you want to play ROMs just get a PS Vita
@@acex222 this is way more portable than a PS Vita.
@@souljastation5463 is it really killing you that you can't play NES roms on the bus on any existing device? Are you travelling somewhere you can take a game and watch but not a vita, where the time required to travel is necessary that you bring a toy with you? Come on dude, live in the real world
@@acex222 Seriously this.
I get the novelty of playing different games on this, but there are so many devices that can do just that very well nowadays that why even bother.
I play NES games on my gba with a flashcard and SNES games on my New 3ds.
You could pick up a cheap Chinese anbernic device that can play nearly everything up to ps1 fairly well and for fairly cheap. Or even cheaper use your phone with a bluetooth controller.
i never followed you before but only saw your Twitter Thread because MVG liked it ... and now i see your vid 3 days later in my recommended ... youtube algorhytm is scarry!
I was wondering about how hackable the Game & Watch is!
That's some insane progress for two days!
Gut gemacht. So ein schönes Stück Hardware. Es ist unglaublich, wie butterweich die Spiele auf der Hardware emuliert werden.
Having this device running all the old Game&Watch «single screen» games would be awesome!
why did he blur the screen ?
Copyright.
Wow fantastic breakdown. I didn't understand the technical aspects of this demonstration, but I can't wait to see what other cool stuff you can do. I hope to see more nes roms get added, that would be amazing as only 3 games added in this modern game & watch feels limited and kinda wish they added more.
*1 month later
"Play Original Doom on a Super Mario Game and Watch"
Not nearly enough RAM. Maybe a cut down version such as the 32x port. Wolf3D or Blake Stone will run just fine though.
It literally has 1mb of storage. You ain’t playing shit on this thing.
Andrew Oberhauser Some Doom ports were fit into 2 megabytes with multiple levels. And they probably didn’t even use compression. Back in the 90s I had a copy of Quake with some multiplayer mods (but only 1 level) on a single floppy disk.
And finally, since you need to open it anyway, SPI Flash chip should be trivial to replace.
@@noop9k this has 1mb. And your average modded isn’t going to replace the chip. There won’t be a scene for this thing.
Andrew Oberhauser The scene won’t ask your permission.
The amount of knowledge and skill you have is really impressive!
Legend. Loading NES and G&W roms on this would be great!
NES roms probably but, G&W? Is there any G&W rom that's dumped? I'd be very surprised. Not that it would be enough for emulation, some description of the graphics would be needed at the very least.
Man, that was so completely over my head. I've never understood less watching a YT video. That seems pretty impressive to me.
Can't wait to play Dragon Quest 3 on this.
You probably couldn't switch it off until you are done with the game until someone can implement saving.
@MHzBurglar Oh, didn't know that. Mine is still sealed.
Awesome video and nice job finding out it was XOR encryption
I'm going into my senior year of robotics engineering and I'm so hyped I understood this whole video as a kid I would have loved to know how to do stuff like this
Why blurred?
cuz nintendo
@@newbielol5119 ah
1:33, look there it’s written E3! And in the 2021 E3 there was a new Zelda Game and Watch! Coincidence? Think not!
you made it to the news
Oh really? Link?
@@stacksmashing you're mentioned in a lot of articles if you search for: new Nintendo console hacked before realise.
Absolutely incredible. Sucks that you had to blur the game, but I understand. Nintendo be like that... I had a hard time understanding the XOR encryption part - I think I understand the premise but not how it works.
it took me a moment to realize why the gameplay was censored then i realized why.
Sees recommended notification
Me: "Meh..."
Sees it's about hacking a Nintendo device
Me: "Better archive this before I watch this just in case."
What's the archive link?
@@IVChan I meant I'd download it to my hard drive (backing it up, or archiving it (synonyms)) just in case Nintendo ninjas take this down.
@@iangraustein971 Gotcha, I thought you had archived it on archive.org
Would be a fun to put in some bigger Spi flashs :D
But awesome work dude!
Very impressive, but then is it possible to run super Mario bros 3 on the game & Watch ?
i would love that
Probably not, since the RAM only has 128 KiB. SMB3 is 4MB.
@@SuperChunk84 sd card adapters incoming. I would buy one.
@@SuperChunk84 The chip has 1.4MiB of SRAM, so that is not going to be a barrier. SMB3 is 384KiB.
Ah, thank you. I'm not very technologically inclined.
Also, SD card adapters? Really?
"The Cortex M7 can't run Linux"
_sad penguin noises_
In all seriousness, I love the video, opening up things to see how they work and poking them to see what happens is, I think, one of the most fun things you can do (outside of the intended use, of course) with such comparatively "simple" devices.
"Can't run" is too strong statement. Even an 8-bit avr could (dmitry.gr/?r=05.Projects&proj=07.%20Linux%20on%208bit)... The real question is do you want it to.
i have no idea what is going on but im along for the ride
Just a heads-up, the screws are called tri-wing screws.
I feel like the big N is just gonna release a "delux" version that fixes the security issues and make this model obsolete
I don't think so because this is limited edition
@@infinitebeats6444 oh yeah that's true! But I've got a feeling they'll rerelease it at some point
i actually think that, for a cheaper price point (maybe like 15-20 dollars each) it would be a very interesting idea for Nintendo to release games like this on the smaller Game and Watch style consoles - like, imagine something like a Zelda G&W? I know that this is a special case because of the anniversary but it would be pretty cute :3
0:21 This is why I love so much some of the hacking scenes out here😆👌
One day in: C R A C K E D
Game & Watch Gallery 4 for the GBA should have been the built in game for this. Porting a GBA emulator with this ROM into this package would be perfect!
didn't understang anything technical, but enjoyed every step of the process!!!
I hope someone figures out a way to add all nes roms and make it a portable NES
Its called a gba and flash cart lol
Kind of surprised they patched the copyright in memory as opposed to just editing the program ROM itself. They had no problems fixing NES games back in the GameCube days, so I wonder what changed...I'm curious if they outsourced the development to a third party and this is IP license related, which would be silly...again...
Nice video
Will you release a tutorial how to load custom Roms on it?
You lost me at tri-wing screws..
Amazing work. Though I probably won’t do it myself I enjoy you discussing your approach to figuring how security worked
Well that was quick.
Great video, although I now realise there is no way I am going to be able to put ROMs on it if it takes this kind of effort
Imagine playing gameboy games on it, thatd be amazing.
The chip is too weak for gba games emulation I guess.
Nintendo: "Maybe we should start actually testing our devices before launch... Nah."
Nintendo seeng the video:you are going any where? What's more of jail?
I don’t understand any of this but it was cool
I'm wondering if using simple XOR in ROM encryption is like an Easter egg from Nintendo, reminding of 80s game protection schemes.
Welp after seeing this Nintendo is like we won’t ever work with this guy lol
Nintendo is one of the most anticonsumer companies
I honestly didn't realize Mario 1 and 2 were that small, small enough to fit into 128KB of RAM! Plus they have that digital mario draw song on there too somehow! How on earth did they fit that on there too??
Absolutely nobody*
Sony with his PS3: meet the unhackeable machine
The community: meet *HEN* baby!
Xd
Very In depth video, wow. I'm going to watch it a few more times so I can understand your all your insights, lol. I would like to ask if you figured out a way to control the volume on the device, I thought maybe there's a way to do that in the settings possibly?
Never mind, I figured it out, thank you. I just ordered it online today and I wasn't sure if the volume could be adjusted based on reviews.
I wish knew how to do this and wished I could understand what he's talking about lol
Clearly sorcery. I bet that summon a portal to the Mushroom Kingdom is very similar to this. Very nice sorcery nonetheless!I wonder if we can get another roms run on this.
Klasse Arbeit, wirklich sehr sehr spannend und anschaulich erklärt , ich lasse mal ein Abo hier deine bisherigen Videos haben mir auch sehr gefallen.
This is handy... I try to hack (and often fail) internet routers and they often have proprietary SOCs with no publicly available datasheet.... having a common microcontroller with a published datasheet is a real advantage for the hacker.
This was waaaay too interesting! Please do more GameAndWatch hacking!
It'll be a great day when someone is able to get the REAL Game & Watch Super Mario Bros on this instead of another port of Ball. Awesome work on getting us closer to that day!