Where to begin?
Prerequisites:
This guide is for the user who has experience or an understanding in assembly language programming. The microprocessor you may have worked with in the past is not overly important as grasping the structure of pointers, registers, accumulators on one processor is fairly universal across many. If you know the difference between Ldi A, 3C00 and Ldi A,(3C00) you should be OK. Knowledge of asm math instructions using carry will be very handy too.
What you need?
You will need an easy to use debugger, the ROM/executable which you are going to reverse engineer, lots of scrap paper to write your findings, and your objective.
1. Get yourself a copy of BGB. BGB is a GameBoy Emulator/Debugger which runs on Windows. It is a free download however I recommend making a donation as I'm sure the time taken to program and develop is well worth your pocket change considering what you'll get out of it.
No$Gmb IMO is not as good, as it can't trap read/writes to specific Rom/Ram areas.
2. Source the ROM for what you are attempting to RE. This is sometimes the hardest part in Reverse Engineering as many commercial MCU's are read protected preventing you to get the ROM out. There are ways around this from power glitching while performing a read/erase to decapsulating and viewing the ROM under an electron microscope. Lucky for us, data on a GB cart is easily accessible, un-encrypted and in most cases, can be found on the internet. So go download your copy of the Shark MX ROM dump.
3. Call me old fashioned but I prefer to go retro and use the ol' notepad and pencil. I like to draw arrows inside the routines I'm breaking apart. I'm visual like that and I find it helps. If you want to use your favorite text editor or paint program, go nuts. - Update! The use of .Sym files has been recomended to me. I'm unfamiliar with these though from what I have heard, they would make disassembling ASM so much easier.
4. Decide on what you want from this exercise. I wanted to reverse engineer the algorithm and create a key generator. It is far easier to just modify a jump routine to skip the authentication code all together. This may work great for that app you use often on the one platform, and don't update but when it comes to a broad range of platforms, or constant updates; having a valid key is more convenient than having to decompile, modify then save every time your platform updates its software.
Got the Software... Now what?
Make yourself a folder and put BGB and your ROM in there. Click here to start Reverse Engineering!
|