posted by taizou @ 2020-04-14 23:55:12
Dumps
Hey everyone I'm back??? With something pretty different!
It's Pokémon! Sapphire! For GBA! In English!
Now, you might be wondering: wasn't English Sapphire just a regular, boring, official release? Well, it was... but not like this.
This is an unofficial English translation, done between the game's Japanese and North American releases. The gap between those two releases was only four months, meaning the makers of this translation had to really rush it out the door to have any semblance of a viable market before the proper English version hit the shelves.
Not only that, they saw fit to copy protect it, using the same "YJencrypted" system used by Sintax for their bajillion GBA platformers, presumably to make sure no other enterprising bootleggers could horn in on their tiny window of opportunity.
The cartridge label does make it quite obvious that this was done before official US release materials were available - it's actually using pre-release cover art for the game, complete with the "RP" (rating pending) ESRB rating. This same artwork was also used for the "New Game Color Advance" release of Sintax's GBC strategy game "Pocket Monster Saphire".
The actual translation has a bit in common with the so-called "Chinese Emerald", and was probably done by the same people, but lots of the text is different (and weirder!).
Protection and dump assemblage
Now, as I mentioned, this cartridge is copy protected - but not in the same way GBC carts were commonly protected, where the game could often be fully dumped but just wouldn't run without the company's specific mapper being present. Oh no: "YJencrypted" carts have proper read protection and are gigantic bastards to extract data from.
As a quick summary: you can't read from the cart at all unless it's properly initialised by the GBA boot sequence (which I was never able to replicate manually, so had to fudge a way to reset without losing power), and then if you manage to bypass that, each cart has numerous "trap" addresses whereby reading from them will lock you out of reading any further data. And these differ for each cartridge, so the only way to determine which addresses these are is through trial and error.
If you do manage to dump the ROM from one of these cartridges, it will mostly work as a standard GBA ROM, with the exception that they use funky addressing/mirroring within the unused parts of the 32MB ROM address space, and again that differs per cartridge and I'm not sure of any pattern to it.
Another unusual thing it does is, after normal initialisation, replaces a few bytes of the Nintendo logo in the ROM header; this doesn't seem to serve any protection-related purposes as far as I know, but does prevent a GBA from somehow booting the game in this state. In this case, the substituted data is "90 AE 17 4E 59 4A" - the last two bytes are "YJ" in ASCII, so this may be some kind of "signature" for the protection...
Anyway, what all that means is I haven't been able to do my usual GBC thing of releasing a "raw dump" and then a "cracked" version where possible - instead what I'm presenting here is kind of a best effort at extracting a full, usable ROM from this thing.
This ROM was constructed as follows:
- Dumped the full 32MB ROM area (actual ROM size is 8MB, same as the Japanese versions)
- "Trap" addresses were skipped initially
- Skipped data was patched back in from the mirrored copies of that same data
- ROM left as the full 32MB, to allow it to be played without the weird mirroring being emulated (as I haven't fully figured out how it works)
- Overwritten part of Nintendo logo in header patched back over with the real Nintendo logo
I was unsure about that last point at first, as it means hacking away a bit of the originally dumped data; but we know it actually does present the proper Nintendo logo at boot, since the game does boot with that logo, so restoring the logo is essentially restoring the normal boot state of the cart. Which is reasonable, I think.
(I did consider also releasing the less-rejiggered ROM e.g. the one with the skipped data still skipped, and the Nintendo logo partially-overwritten, but I don't believe that is any more of a "true"/"full" dump than this one, and would only cause confusion if I put it out into the wild - but if anyone is interested in taking a look at it, let me know)
I've tagged this as a "YJ restored" dump, which signifies basically that it was dumped and patched back up using the technique described above. It's not really a true "raw dump", since it was patched together and there's known repeated/overdumped data. But nor is it really cracked/hacked, since all the data patched in should, in theory, be present on the original cartridge.
Saving issues
Another caveat to be aware of: while the original Pokemon games used flash memory to save game data, this cart instead uses SRAM with a battery (as pirate copies commonly do), and is hacked to save to SRAM instead of flash. Official cartridges using SRAM only used 32 kilobytes. However, the original Pokemon Sapphire used 128 kilobytes of flash memory, and I believe (but have not verified) that this cartridge uses 64 kilobytes of SRAM (and, again, I haven't verified it, but based on the original save data structure, this would mean it definitely would not have the second "backup" save, and may also omit one or more of Hall of Fame, Mystery Gift/e-Reader or recorded battle data).
Since the GBA ROM header does not contain any save type information, emulators and flash carts have to autodetect the save type per ROM, and since this cartridge apparently uses a non-standard save type, it is fairly likely that you will encounter problems when saving or loading data. For example, the Everdrive detects it as using flash (which causes it to fail when saving), and mGBA and no$gba both detect it as using SRAM but only provide the 32KB an official game would have (which causes it to fail when loading). VisualBoyAdvance both detects it as using SRAM and provides the full 64KB, so it works there. In fact, it seems to provide 64KB for all SRAM-using games, which is inaccurate for official games, but correct for this one... so it may be working by accident. Your mileage may (and probably will) vary.
The actual ROM
Pokemon - Sapphire Version (Unl) (Eng) [YJ restored].zip
Thanks to Lightning of Twitch Plays Pokémon/RainbowDevs for lending the cart!
Update: The box!
Here are some pics of the box, thanks again to Lightning:
Amazingly, they used screenshots of the official translation on the back, I guess pre-release ones. And the text on the back... seems to be some kind of Telefang story? In decent English? I wonder where they got that from.
posted by taizou @ 2018-12-25 16:42:44
Dumps
Hey I pulled something together at the last minute because it's CHRISTMAS
Four dumps that have been on the backburner for one reason or another but not anymore. merry everything!!
Shengui Diguo Zhi Emo Cheng (神鬼帝國の惡魔城)
This is the original 2003 release of Sintax's Castlevania game, probably best known through the cut-down demo of a somewhat-revised "DX" version which has been spread around the internet for a long time. Unlike the DX demo, the full game is here, and it's pretty much a Metroidvania-style Castlevania game on the Game Boy Color, which Konami themselves never attempted. In fact, from the small amount of it I've played, I'd say this is better than any of Konami's official Castlevania games for the Game Boy. The soundtrack is taken from Belmont's Revenge, which was a very good call.
Thanks to AprkMk10 for lending me this cart!
The cracked version will run in any emulator, GBX version will run in hhugboy, raw will run in hhugboy and probably in MAME if you configure it right.
GBX: Shengui Diguo Zhi Emo Cheng (Unl) (Chn) [C] [GBX].zip
Cracked: Shengui Diguo Zhi Emo Cheng (Unl) (Chn) [C] [Cracked].zip
Raw: Shengui Diguo Zhi Emo Cheng (Unl) (Chn) [C] [Raw].zip
Chaoji Yinsu Xiaozi II - Super Sonik II (超級音速的小子II)
This is one of Sintax's later low-quality generic platformers, unfortunately. Pick Knuckles, Sonic or Tails and jump around a few uninspired levels shooting at enemies. I don't know how to use the icons along the bottom or the MP gauge, if they're even functional at all. Still, at least the sprites are decent.
Thanks to max6464646464 for lending me this cart!
I have a picture of this one, please enjoy the full glory of "Sonik" the probably-not-legally-distinct-enough hedgehog:
GBX: Chaoji Yinsu Xiaozi II - Super Sonik II (Unl) (Chn) [C] [GBX].zip
Cracked: Chaoji Yinsu Xiaozi II - Super Sonik II (Unl) (Chn) [C] [Cracked].zip
Raw: Chaoji Yinsu Xiaozi II - Super Sonik II (Unl) (Chn) [C] [Raw].zip
Langrsr II / Fantastic Simulated Battle
Here's an interesting one! An English version, for starters, which is rare enough. But an English strategy RPG, too, apparently based on the rarely-officially-localised Langrisser series (which I have never played). But it's actually more readily obviously just a reskin of the unlicensed Fire Emblem GBC game previously published by SKOB, with the Chinese intro text, gameplay, music and map layouts all being identical. All the graphics have been changed and characters and in-game dialogue replaced, though, which I assume results in a confusing mashup of Langrisser and Fire Emblem which probably makes no sense to fans of either series. Fun times in Sintax land!
Thanks to BigFred for this dump! (Which was sent to me so long ago that I can no longer find any of the original messages, so hopefully I haven't missed anything here.. ahem)
The reason I never released this one before is it wasn't quite susceptible to my usual method of cracking Sintax games- unlike 99% of their GBC titles which initialise the protection at the start and then never touch it again, this one actually does it again when you open the menu in battle, meaning the data is encoded in two different ways in different parts of the ROM, which I could never be arsed to unpick. So, for now, I'm only releasing the GBX and raw versions, for use in hhugboy and probably MAME too.
GBX: Langrsr II (Fantastic Simulated Battle) (Unl) (Eng) [C] [GBX].zip
Raw: Langrsr II (Fantastic Simulated Battle) (Unl) (Eng) [C] [Raw].zip
Menghuan Moni Zhan II (夢幻模擬戰II)
The Chinese version of the above game. Basically the same, but in Chinese. Same protection issues too.
GBX: Menghuan Moni Zhan II (Unl) (Chn) [C] [GBX].zip
Raw: Menghuan Moni Zhan II (Unl) (Chn) [C] [Raw].zip
posted by taizou @ 2018-10-31 21:26:53
Dumps
Next up tonight I'm bringing you HORRIFYING dumps related to the SCARIEST BOOtleg of them all ... the infamous HACK of Keitai DenjBOO TeleFANG ...
~POKÉMON JADE VERSION!~ (SCREAMS)
alright I'm not doing that any more but you can read the rest of this post in a spooky voice if you like
First, here's the German version! Thanks to Sanqui for dumping this one!
Yep, for some reason, this game was translated to German. I never really considered Germany a hot market for bootleg products, but I could be wrong, considering none other than Sintax also translated some of their games to German...
It's based on the English version, the dialogue is all translated but most of the menus are not. Also the title screen reads "Vision Jade" which I assume was supposed to say "Version Jade" - interestingly the same mistake Sintax made on some of their German releases.
Unlike the original release of the English version, this one had no protection aside from an incorrectly set header. So the 'header fix' version of the ROM should work on anything. The GBX version will work in hhugboy, the raw will also work in hhugboy if you select MBC3 compatibility mode (available from version 1.2.7 onwards).
GBX: Pokemon Jade Version (Unl) (Ger) [C] [GBX].zip
Header fix: Pokemon Jade Version (Unl) (Ger) [C] [Header fix].zip
Raw: Pokemon Jade Version (Unl) (Ger) [C] [Raw].zip
And now... the English version!
Specifically, the original English version, which came with some simple copy protection. If you've come across a Pokémon Jade/Diamond ROM which didn't let you load a save, chances are it was due to incompletely-removed protection. But I've emulated this protection in hhugboy (since version 1.2.7, again), and now for the first time you should be able to run the protected versions and save/load with impunity. Exciting!
Both of these ROMs will only work in hhugboy, the GBX version will work as-is & the raw will work if you manually select Pokémon Jade/Diamond compatibility mode. I haven't made a deprotected hack for other emulators because I am TIRED and there's already a later copy of the game with that work done which I'm pretty sure has been dumped elsewhere.
GBX: Pokemon Jade Version (Unl) (Eng) [C] [GBX].zip
Raw: Pokemon Jade Version (Unl) (Eng) [C] [Raw].zip
Also if you're interested in these games, check out telefang.net which is a cool community about all things Telefang! Happy Halloween! 🎃
posted by taizou @ 2018-10-31 21:15:02
hhugboy
TERRIFYING new emulator version for all you ghouls 'n ghosts out there~
Adds a memory searcher function to make it easier to find memory locations for cheats and such, plus adds support for protected versions of Pokémon Diamond and Jade.
Download it here... IF YOU DARE!
posted by taizou @ 2018-09-12 18:44:31
Dumps
Rockman & Crystal is the English version of Vast Fame's genuinely-quite-decent Mega Man X clone and swansong for their Zook series, and it's been something of a holy grail for ROM dumpers for a LONG time. Just over two years ago, I dumped the Chinese-language Taiwanese release, Zook Man ZX4. So the game has been playable for a while, but what has always been missing is its fantastic English dialogue. Until now!
Many many thanks to a tiny fairy for lending me the cartridge!
here's the ROM: Rockman & Crystal (Battle Network Rockman Crystal) (Unl).zip
It works in mGBA 0.5.0 and later, might work in other emulators if they've implemented support for Vast Fame protection in the meantime. I dunno, I'm not the sheriff of emulators
