Tweet
NES Game Genie Technical Notes
by The Mighty Mike Master
with thanks to [email protected] for
helping me figure out the NES Game Genie codes.
The NES Game Genie from Galoob is a device that allows a player to enter a
variety of codes into a Nintendo Entertainment System game in order to cause
the game to do things it would not normally do, e.g., grant the player extra
(or fewer) lives at startup, give the player extra items, change the gameplay,
or just cause crazy things to happen.
The NES Game Genie works by allowing the player to plug an NES game cartridge
into it and then plug the Game Genie into the NES console in place of the
cartridge. The Game Genie then allows the player to enter a code which consists
entirely of letters. The codes come in two flavors: 6- and 8- character. The
codes translate into addresses and data in a game's program space (upper
half of address space, 0x8000-0xFFFF) which the Game Genie fools the CPU into
using rather than the byte which is supposed to be there. Because of this
method, there is no limit to the number of Game Genie codes that can be discovered.
6-Character Codes
6-character NES Game Genie codes translate into a 15-bit (not 16-bit) address
and an 8-bit data byte. The address is 15-bit because address bit 15 is always
set to 1 in order to reference the top half of the CPU address space. When the
CPU attempts to read the memory address specified by the Game Genie code, the
Game Genie apparently intercepts the read and substitutes the byte from the
Game Genie code in place of the actual ROM byte.
To decode an NES Game Genie code, first translate each character into its
hexadecimal equivalent using the following table:
Then comes the tricky part. There is a lot of convoluted bit shifting that
occurs in order to get the address and data from a Game Genie. This is
probably to make the Game Genie codes seem more magical. After all, given
2 Game Genie codes, one that granted 5 lives on startup and another code that
granted 9 lives, and the only difference between the 2 codes was one
character, even a novice player could probably figure out that modifying that
one character to any of the acceptable letter characters would grant between
1 and 16 lives on startup.
In order to decode the 6-character NES Game Genie code, name the 6 characters/hex
values [n0 .. n5]. Follow the pseudocode (which assumes you
know the C-style operators for bitwise AND (&
, bitwise OR (|), and the << and
>> bit shift operators):
The algorithm simply combines the lower 3 bits from one 4-bit nibble and the
top bit from another nibble and puts the resulting nibble somewhere else. Here
is the data algorithm:
Example:
The code is GOSSIP (amazing coincidence that it happens to also be an English
word). This works in Capcom's Ghosts 'n Goblins to start your player with a
really funky weapon. Work through the code by hand to see if understand the
decoding algorithm.
Therefore, whenever the CPU reads from address 0xD1DD, the Game Genie will
intercept the read and return the byte 0x14.
8-Character Codes
8-character NES Game Genie codes are similar to the 6-character variety
except that there is also a compare byte value that needs to be decoded as
well. This is most likely due to the fact that many games use memory mappers
in order to increase the amount of code and data they can use. Since the game
might be swapping program (PRG) banks in and out of the CPU address space, the
Game Genie can't just return the code data value when the CPU reads from a
particular address. Instead, when the CPU reads from the cartridge, the Game
Genie checks if the address in the cartridge equals the compare value and
returns the code data value if it does; otherwise, it returns the real value
in the cartridge.
The algorithm for decoding the address of an 8-character code is the same as
decoding the address for a 6-character code. The algorithm for decoding the
data byte changes a little:
And the algorithm for decoding the compare value is as follows:
Example: The code is ZEXPYGLA. This works on Dr. Mario in order to clear
a row or column with only 3 colors in a line, rather than 4. Work through
the code by hand to see if understand the decoding algorithm.
Therefore, when the CPU reads from address 0x94A7 and the real byte at that
address is 0x03, then the Game Genie will return 0x02 instead of 0x03. If the
byte is something other than 0x03, then that byte will be returned.
- The Mighty Mike Master
by The Mighty Mike Master
with thanks to [email protected] for
helping me figure out the NES Game Genie codes.
The NES Game Genie from Galoob is a device that allows a player to enter a
variety of codes into a Nintendo Entertainment System game in order to cause
the game to do things it would not normally do, e.g., grant the player extra
(or fewer) lives at startup, give the player extra items, change the gameplay,
or just cause crazy things to happen.
The NES Game Genie works by allowing the player to plug an NES game cartridge
into it and then plug the Game Genie into the NES console in place of the
cartridge. The Game Genie then allows the player to enter a code which consists
entirely of letters. The codes come in two flavors: 6- and 8- character. The
codes translate into addresses and data in a game's program space (upper
half of address space, 0x8000-0xFFFF) which the Game Genie fools the CPU into
using rather than the byte which is supposed to be there. Because of this
method, there is no limit to the number of Game Genie codes that can be discovered.
6-Character Codes
6-character NES Game Genie codes translate into a 15-bit (not 16-bit) address
and an 8-bit data byte. The address is 15-bit because address bit 15 is always
set to 1 in order to reference the top half of the CPU address space. When the
CPU attempts to read the memory address specified by the Game Genie code, the
Game Genie apparently intercepts the read and substitutes the byte from the
Game Genie code in place of the actual ROM byte.
To decode an NES Game Genie code, first translate each character into its
hexadecimal equivalent using the following table:
Code:
A 0x0
P 0x1
Z 0x2
L 0x3
G 0x4
I 0x5
T 0x6
Y 0x7
E 0x8
O 0x9
X 0xA
U 0xB
K 0xC
S 0xD
V 0xE
N 0xF
occurs in order to get the address and data from a Game Genie. This is
probably to make the Game Genie codes seem more magical. After all, given
2 Game Genie codes, one that granted 5 lives on startup and another code that
granted 9 lives, and the only difference between the 2 codes was one
character, even a novice player could probably figure out that modifying that
one character to any of the acceptable letter characters would grant between
1 and 16 lives on startup.
In order to decode the 6-character NES Game Genie code, name the 6 characters/hex
values [n0 .. n5]. Follow the pseudocode (which assumes you
know the C-style operators for bitwise AND (&
, bitwise OR (|), and the << and>> bit shift operators):
Code:
address=0x8000 +
((n3 & 7) << 12)
| ((n5 & 7) << 8) | ((n4 & 8) << 8)
| ((n2 & 7) << 4) | ((n1 & 8) << 4)
| (n4 & 7) | (n3 & 8);
top bit from another nibble and puts the resulting nibble somewhere else. Here
is the data algorithm:
Code:
data =
((n1 & 7) << 4) | ((n0 & 8) << 4)
| (n0 & 7) | (n5 & 8);
The code is GOSSIP (amazing coincidence that it happens to also be an English
word). This works in Capcom's Ghosts 'n Goblins to start your player with a
really funky weapon. Work through the code by hand to see if understand the
decoding algorithm.
Code:
n0 n1 n2 n3 n4 n5
G O S S I P
0x4 0x9 0xD 0xD 0x5 0x1
0100 1001 1101 1101 0101 0001
address=0xD1DD, data=0x14
intercept the read and return the byte 0x14.
8-Character Codes
8-character NES Game Genie codes are similar to the 6-character variety
except that there is also a compare byte value that needs to be decoded as
well. This is most likely due to the fact that many games use memory mappers
in order to increase the amount of code and data they can use. Since the game
might be swapping program (PRG) banks in and out of the CPU address space, the
Game Genie can't just return the code data value when the CPU reads from a
particular address. Instead, when the CPU reads from the cartridge, the Game
Genie checks if the address in the cartridge equals the compare value and
returns the code data value if it does; otherwise, it returns the real value
in the cartridge.
The algorithm for decoding the address of an 8-character code is the same as
decoding the address for a 6-character code. The algorithm for decoding the
data byte changes a little:
Code:
data =
((n1 & 7) << 4) | ((n0 & 8) << 4)
| (n0 & 7) | (n7 & 8);
Code:
compare =
((n7 & 7) << 4) | ((n6 & 8) << 4)
| (n6 & 7) | (n5 & 8);
a row or column with only 3 colors in a line, rather than 4. Work through
the code by hand to see if understand the decoding algorithm.
Code:
n0 n1 n2 n3 n4 n5 n6 n7
Z E X P Y G L A
0x2 0x8 0xA 0x1 0x7 0x4 0x3 0x0
0010 1000 1010 0001 0111 0100 0011 0000
address=0x94A7, data=0x02, compare=0x03
address is 0x03, then the Game Genie will return 0x02 instead of 0x03. If the
byte is something other than 0x03, then that byte will be returned.
- The Mighty Mike Master