I've dumped the Metroid demo and Mario 64 DS.
This could be done by capturing commands to the cartridge and then play them back and alter the first byte to turn a normal read into an ID command. The difference in data resulted in the original data.
This gave me the idea of running two cartridges at the same time. One using normal commands and other ID commands. But since I didn't got a 2nd GBC connector and am too lazy to make one myself, I haven't tried this method yet. And it's not required anymore.
Unfortunately, the first part of the ARM9 executable uses some other encryption method. This part has been dumped from the RAM but is not the original data. The rest of the cartridge was dumped by issueing the ID command instead of the read command and save the data difference.
This could be done by capturing commands to the cartridge and then play them back and alter the first byte to turn a normal read into an ID command. The difference in data resulted in the original data.
This gave me the idea of running two cartridges at the same time. One using normal commands and other ID commands. But since I didn't got a 2nd GBC connector and am too lazy to make one myself, I haven't tried this method yet. And it's not required anymore.
Unfortunately, the first part of the ARM9 executable uses some other encryption method. This part has been dumped from the RAM but is not the original data. The rest of the cartridge was dumped by issueing the ID command instead of the read command and save the data difference.
No comments:
Post a Comment