Video Game Emulation and ROM Hacking Introduction

Chang Li

Writing 340 – Harlynn Ramsey

About the author – Chang is a junior previously majoring in computer science, now having turned to the dark side, also known as electrical engineering. In her spare time, she enjoys reading user-written documentation on reverse engineering and hacking. Spending time in gray area communities has led to many one-on-one encounters with a number of influential developers in the CS and EE world who also enjoy activities of questionable copyright legality.

Keywords – electrical engineering, computer science, entertainment

Suggested multimedia - http://www.youtube.com/watch?v=_lnogpRPvY4 – Speedrun of NES Rockman http://www.youtube.com/watch?v=3UnB1fomvAw – hacking Pokemon Yellow for arbitrary code execution http://www.youtube.com/watch?v=7_HMLvLB7b0 – CS student proposes by hacking SNES Chrono Trigger

Abstract – Retro video games and game consoles are harder to find and use today, both because they are out of production and the units that still work slowly stop working with age. However, the experiences of the past live on through today's emulation capabilities on the computer. With new technologies come new possibilities, and video game emulation is no different. Against the danger of copyright violation, emulation has thrived, because of both its access to old gaming experiences and new gaming possibilities.

F1 to Load State: Video Game Emulation and ROM Hacking

Introduction

Today, many games for consoles and handhelds such as the PlayStation or Gameboy can be played on the computer. This is accomplished through emulators, which read data from copies of original games and process it for play on the current operating system, usually the computer. Most discussion on emulation focus on issues of piracy, but rarely touches a separate area of gaming opened up by getting access to game data: ROM hacks. Anyone with a hex editor and a binary copy of the game can alter the code and therefore the game. Despite the controversial copyright status of emulation and ROM hacking, both activities have positively influenced the state of video games. Inside a ROM Dump

Video game ROM media greatly changed over the years, from cartridges (Nintendo products) to

CDs (Sony hardware). Non-CD ROM files can be easily dumped as a binary file onto a computer once they are connected to a computer with an interface that can read the stream of ROM data; a Gameboy

ROM can dumped with just an Arduino connection [1]. Most users skip the cartridge disassembly and dumping (the top two procedures in Figure 1) and directly download predumped ROMs from online

Figure 1: Pokemon Fire Red ROM. From cartridge to binary file. In the hex editor, each group of numbers correspond to a processor instruction.

Sources: http://rakanalysis.files.wordpress.com/2012/08/pkmnfr2.jpg, http://www.insidegadgets.com/wp- content/uploads/2011/03/IMG_1996.jpg repositories. CD-ROMs are easier to read and copy, because almost all modern computers can directly use CDs. Once on a computer, the ROM dump can be freely edited with a hex editor, as shown by the bottom graphic in Figure 1. With an emulator, the games can be tested and debugged. For native computer files, hex editing is the only necessary step, as ROM dumping is unnecessary.

How Emulation Works

All digital electronics decompose into simple bits of ones and zeroes. In addition, all computers have a processor for calculating computer instructions, which are usually composed into three sections: two operands, which contain values to manipulate, and an “op code,” or the operation code, that specifies how to manipulate the operand values. Processors with different architectures (e.g. different processor technologies, such as Intel and ARM) have different instruction organization; this means processor instructions are not interchangeable unless specifically designed with compatibility.

For older and less complex hardware with thorough documentation, such as the Gameboy and

SNES [2, 3], one way of implementing emulation on a different architecture (such as on a computer operating system) is by reconstructing the emulated hardware system's structure. This way, the ROM file's instructions, such as the ones in hexadecimal at the bottom of Figure 1, can be processed the way original hardware would, which in turn can be processed for use on the running operating system [4].

The source code for two popular emulators, VisualBoyAdvance and Project 64, are shown in Figure 2.

Figure 2: OpCodes for the Gameboy Advance (left) and N64 (right). Based on VisualBoyAdvance 1.7.2 and Project 64 2.0 Both emulators have structures for mapping instructions in the ROM with the corresponding opcodes, which allow for higher level processing. Better computing hardware brought about new successful emulator designs, but this form of low level emulation is still popular for emulating older consoles.

Many past handheld and console emulators have retired and are no longer in production. This means emulators and the tools that manipulate ROM files can only improve on the existing hardware and allow more convenient ROM hacking. The ability to read and edit game data, down to the last byte, jumpstarted many new ways to play with games and data that the original hardware can never provide. Fan Translations

Many major game hardware developer companies have resided in Japan (Sony, Nintendo,

Sega), which means most games will be first developed in Japan before released in the western world with a translation. Unfortunately, for a variety of reasons, such as profitability or perceived lack of demographic interest, not all games can be translated and released in the west. Some official western releases also suffer from poor quality translations, as shown in Figure 3. Fortunately, this does not stop

Figure 3: Official translations gone wrong. The left is from the game Zero Wing, and the right from Terranigma.

Source: http://www.hardcoregaming101.net/Fantranslation/terranigma.png, http://www.allyourbasearebelongtous.com/allyourbase.jpg people with enough tech savvy to take matters into their own hands. Some of the most well-known

Japanese titles, such as Square Enix's older NES and SNES titles, never officially released for the western world [5]. Existence of these translations allowed much of the western world to enjoy games that otherwise would never see the light of day or better localization (an official international release in a foreign language).

While ROM hacks and translations remain a gray area in terms of copyright infringement, some developers have acknowledged their value in allowing a previously excluded player base to enjoy the same game. One of the biggest Nintendo “cult classics,” the Earthbound series, only had an official localization for one of the three games. Despite positive rave from actual players, sales were poor, which led to the company's never releasing any of the other titles [6]. Fans eventually released their own translations for the other two games, expanding the player base who wanted an official way to support the series. Fans have gone as far as sending physical petitions to Nintendo of America in hopes of a localized Mother 3, gathering some thirty thousand signatures [7]. Only recently has Earthbound been released over the Wii U's Virtual Console for western audiences, after years of fan attempts to get more official localization. Without the popularity generated by availability of the fan translations, not even the modern console's Virtual Console emulation center would have seen a release for this series.

Other companies, like XSeed, western publisher for the Ys series, realized the potential in using already existing fan translations to simplify localization efforts, and work alongside translation groups to make high fidelity international releases [8]. The Ys collaboration effort show that companies can benefit by embracing fan translation work, even if fan translations skirt the edge between legal and illegal, instead of treating unlicensed work as a business threat.

Fan translations usually focus on popular commercial titles that lack localization, but one rarely hears of a free game turning into a commercial success. Cave Story, a one-man project by “Pixel”

Daisuke Amaya, was released in 2004, and translated into English by the ROM hacking group Aeon

Genesis in 2005 [9]. The game skyrocketed in popularity once western gamers played it. It was so successful that Tyrone Rodriguez of Nicalis contacted Pixel about a Wiiware release [10]. Today, multiple ports of the original freeware game and commercial releases on the major computer operating systems and Nintendo handhelds are available. The game itself was a success, but held greater impact on the game industry itself. Cave Story's success in the mid 2000s is the paragon of the indie developer's humble beginnings into great achievement, spearheading the movement of the indie game industry into what it is today. Without Aeon Genesis's fan translation, Cave Story might have stayed unknown to the west, unnoticed for years or even forever. Fan Creations

ROM hacks are not limited to just localization of games. With enough time, entirely new games can be made. The most prominent ROM hacking community is for Pokemon, one of the world's most successful franchises. With a rich battle system, large number of monsters, and a large explorable world, almost everything in Pokemon is customizable, limited only by the hacker's imagination. Many specialized tools save the user from having to deal with directly editing low level assembly code, and instead provide convenient interfaces for manipulating monster sprites, map tiles, and finding free space for storing added data. Figure 4 shows Touhoumon, a series of hacks that cross the Touhou

games, another popular Japanese game series, with

Pokemon [11]. The map tiles (the wooden house

and shrine gate) are edited to fit Touhou's eastern

setting, and the new character sprites resemble

Touhou characters. The Pokemon data organization

makes adding and editing text and graphics a

Figure 4: Touhoumon overworld. Based on simple matter, making the games a popular starting Pokemon Fire Red. point for beginner ROM hackers. Source: http://i289.photobucket.com/albums/ll207/pokemon1412/For %20Site/gensokyo0003.jpg

Beyond simple hacks made for fun, dedicated fans even take up the task of using the existing game to create fangames, directly continuing a title's story. Perhaps the most famous of fan-made continuations is Chrono Trigger: Crimson Echoes, a hack of the SNES Chrono Trigger game, set between Chrono Trigger and Chrono Cross, the official sequel [12]. After five years in the making with

98% of the game done, Square Enix sent the team a cease-and-desist letter [13], citing “willful copyright infringement” and “instruct[ing] others how to circumvent our copy protection.” This debacle is a stark reminder to ROM hacking and sharing ROM related files is still largely illegal, and hackers, even if they are working on hacks for fun, may be hit by a cease-and-desist order at any time.

Whether or not hacks are largely allowed greatly depend on the company in question. Square Enix is known for protectiveness over its copyrights, while Nintendo's developers (Pokemon, Earthbound) are less stringent about fan hacks.

Speedrunning

While ROM hacking allows creation of new games from existing assets, speedrunning a pastime perfected by emulators, allowing players to play the same game a different way. In a speedrun, players compete to complete a game or level in the fastest time possible. With emulation, game times can be run and recorded down to frame by frame accuracy, turning speedrunning into a test of executing glitch exploitation and mechanics abuse. Gaming hardware was made on a scale fit for human speeds, not machine speed, and various actions almost impossible on the human level, such as pressing two buttons at the same time or sending input faster than mechanically possible, can trigger glitches. Developers fail to account for these rare edge cases to save processing power [14]. Other ways to glitch the system include corrupting the RAM when loading level assets, such as what happened in

Rockman in Figure 5 [15]. Opening the menu at a specific frame during the game corrupted the graphics data, causing the hardware to load randomly load garbage data. Thus the game continues, loading both a mix of proper and garbage graphics. Figure 5: Corrupted Iceman level in To the speedrunner, the fun comes out of trial and Rockman. The corrupted tiles failed to load the proper sprites and show up as green. error testing for exploits that “break” the game, much like an inquisitive child's delight in dismantling a new toy. Finding exploits and bugs is a feat much harder to accomplish without emulators and the various debugging tools available on computers. To the viewer, there should be no expectation for watching a normal playthrough during a speedrun; instead, the spectacle lies in the bizarre mashups of glitch abuse. More advanced speedrunning tools are now

available, and with high level glitches mostly found and used, speedrunners' best chances of finding

new bugs lie in scrutinizing code, down to the assembly level [16].

Conclusion

ROM hacking is still largely a niche hobby, enjoyed by amateur programmers and veteran

hackers alike. The scene is an entirely user-driven community, as most available documentation come

from enthusiasts who reverse engineered the hardware and dumped physical games; hardware

developers rarely publicly release hardware and programming specifications. Learning about ROM

hacking and the emulation design provides knowledge in both computer science and electrical

engineering, such as basic assembly programming and the interaction between hardware and code.

User-created tutorials on game-specific hacking and basic assembly ease the newcomer into his/her

first steps (an example of code is available in Figure 6). Despite current initiatives to teach everyone

Figure 6: The author, too, has done ROM hacking during high school. Based on Pokemon Fire Red. how to program computers, electrical engineering is rarely covered as a topic in programming courses.

Knowledge of the low level processes that make computers possible is essential for serious

programmers and computer scientists. As emulation and ROM hacking become more popular, one must

learn to embrace them as valuable learning tools, instead of automatically rejecting them on the basis of

legality, or lack thereof. Works Cited

[1] A. Iannuzzi, GBCartRead: Arduino based Gameboy Cart Reader – Part 1: Read the ROM, Inside

Gadgets, Mar. 2011. [Online]. Available: http://www.insidegadgets.com/2011/03/19/gbcartread- arduino-based-gameboy-cart-reader-%E2%80%93-part-1-read-the-rom/ [Accessed: 16 Nov. 2013].

[2] Aaendi et al., SNES Development, Super Nintendo Development Wiki, Mar. 2010. [Online].

Available: http://wiki.superfamicom.org/snes/show/HomePage [Accessed: 16 Nov. 2013].

[3] J. Verhoeven, Gameboy, GameBoy: Using the GameBoy skeleton for serious business, Dec. 2005.

[Online]. Available: http://verhoeven272.nl/fruttenboel/Gameboy/index.html [Accessed: 16 Nov. 2013].

[4] M. Fayzullin, How To Write a Computer Emulator, Home Page of Marat Fayzullin. [Online].

Available: http://fms.komkon.org/EMUL8/HOWTO.html [Accessed: 17 Nov. 2013].

[5] L. Holst, List of fan translations, Grauw's web spot. [Online]. Available: http://www.grauw.nl/articles/fan-translations/ [Accessed: 17 Nov. 2013].

[6] The Newcomer's Guide to the EarthBound/Mother series, EarthBound Central. [Online]. Available: http://earthboundcentral.com/newcomers-guide/ [Accessed: 17 Nov. 2013].

[7] Mother 3 Petition Aftermathematics, Starmen.net, Nov. 2006. [Online] Available: http://classic.fobby.net/petition/mother3/ [Accessed: 17 Nov. 2013].

[8] J. Szczepaniak, Ys History Interviews, Hardcore Gaming 101. [Online]. Available: http://www.hardcoregaming101.net/ysinterviews/ysinterviews.htm [Accessed: 4 Dec. 2013].

[9] G. Zhi, Cave Story, Aeon Genesis, Jan. 2005. [Online]. Available: http://agtp.romhack.net/project.php?id=cavestory [Accessed: 17 Nov. 2013].

[10] [NC US] Cave Story – Developer's Voice, [NC US] Cave Story – Developer's Voice, Mar. 2010.

[Online]. Available: http://www.youtube.com/watch?v=w8XINfralSE [Accessed: 17 Nov. 2013].

[11] Touhoumon Page, Aichiya Sanae's Net Word, 2011. [Online]. Available:

h ttp://animackid.wordpress.com/touhoumon/ [Accessed: 17 Nov. 2013].

[12] E. Cavalli, Square Enix Kills Near Complete Chrono Trigger Fan Project, Wired, May 2009. [Online]. Available: http://www.wired.com/gamelife/2009/05/square-enix-kills-near-complete-chrono- trigger-fan-project/ [Accessed: 17 Nov. 2013].

[13] Square Enix Legal Department, Re: Cease and Desist: Chrono Compendium, Crimson Echoes,

May 2009. [Online] Available: http://www.chronocompendium.com/CEOrder.PDF [Accessed: 18 Nov.

2013].

[14] feos et al., Game Resources/Common Tricks, TASVideos, Jun. 2004. [Online]. Available: http://tasvideos.org/GameResources/CommonTricks.html [Accessed: 18 Nov. 2013].

[15] T. Taipaleenmäki, Submission #2921: Shinryuu & FinalFighter's NES Rockman in 12:23.34,

TASVideos, Nov. 2010. [Online]. Available: http://tasvideos.org/2921S.html [Accessed: 18 Nov. 2013].

[16] feos et al., Reverse Engineering, TASVideos, Jul. 2013. [Online]. Available: http://tasvideos.org/ReverseEngineering.html [Accessed: 18 Nov. 2013].