How to Hack NES ROMs
This was written by: Tony Hedstrom t.hed@excite.com
Make sure that you read the "Updates" at the end of
this document.
This document explains in detail how to hack a NES
ROM. When I say "hack", I mean that you will be
able to change a NES ROM (or game) to permanently
include the effects of any Game Genie code! Which
means that every time that you play the game that you
hacked, you would get the effects of the GG codes,
but you wouldn't have to enter any GG codes!
As far as I know, this method will work on either
6 or 8 digit codes. If you are using an 8 letter code,
make sure that you read the updates at the end of this
document.
The main reason that I'm writing this is mostly for
educational purposes. You can achieve almost the
same thing by just entering the actual Game Genie
codes, but you won't learn anything that way. If
you use the method that I describe here, you will
learn a great deal about how the real Game Genie
actually works.
It is actually very self satisfying, and pretty cool
to be able to open up a game ROM, which has thousands
and thousands of letters and numbers in it, and by
changing just a couple of those letters or numbers,
you can get the same effect as any Game Genie code!
For this example, I'm going to use the Super Mario
Bros ROM (which has no title in it). The first
version of SMB that I tried (which had a title in it)
didn't work right. I'm not exactly sure why the
first version that I tried didn't work, but it may
be because the person who made the ROM didn't do it
correctly. So if you are having trouble getting this
method to work on your ROM, try getting a different
copy or version of that ROM.
Here is a list of what you will need:
1) A NES emulator (I use NESticle).
2) The ROM (or game) you want to hack.
3) A Hex editor (I use Hex Workshop v 2.54). You can
get a free trial version of Hex Workshop at:
http://www.bpsoft.com/
4) A program which will convert GG codes into a .NES
Hex address (NOTE: The .NES Hex address is not the
same as the ROM address! See explanation below).
I recommend using the "Game Genie Decoder" program.
You can download the program at:
http://www.zyx.com/ccovell/data/GameGenie.zip
If that link is no good, try going here and click
on the "Videogames" link:
http://mypage.direct.ca/c/ccovell/
Or you can download it from my site, in the download
section. http://www.angelfire.com/games2/codehut/
If you are using a NES GG code to Hex conversion
program, you will have to modify the Hex address
that the program gives you. To modify it, just add
$10 to the ROM hex address. The reason for this is
simple, most .NES games have a 16 byte header at the
very beginning of the game.
If you are using the "Game Genie Decoder" program
that I mentioned above, it will modify the ROM
address for you.
Also, make sure that the Game Genie Decoder program
is in the same folder as your NES emulator and ROM.
It should be named "GameGenie.NES".
One other note before we start: Some of the newer or
larger NES games use something called a "Mapper".
On some of these games that use Mappers, the ROM
address can be in more than one location.
OK, here we go:
1) Start up your NES emulator (in this case, NESticle)
2) Load the Game Genie decoder ROM (program). It
should be named "GameGenie.NES". You should see
a screen similar to a real Game Genie code screen.
3) Enter the Game Genie code you want using the same
method that you use with a real Game Genie. Press
the "Start" button when you are finished and the
program will decode it for you.
For this example, I'm going to use my "Start with
900 seconds instead of 400 seconds" code for SMB.
The code is: VGYOKK. When I decode it, I get
several numbers. The only two that you need are
the .NES Address (which is 1C8C), and the Value
(which is CE). Write the two numbers down. If you
are using an 8 letter code, you should also write
down the "Compare Value" and then read the updates
below.
4) Exit the emulator.
5) Open the ROM you want to hack (in this case, SMB)
with your hex editor (in this case, Hex Workshop).
Make sure your hex editor is setup to view offset
addresses as hex (not decimal).
6) Find the .NES hex address that you wrote down.
(It is best if you know a little bit about how to
count in hex, but it's OK if you don't.) Just
scroll down the list watching the numbers on the
left side of the screen. When you see a number
that is close to the number you wrote down (which
in this case is 1C8C), stop scrolling. (The
numbers listed on the left side of the screen
always have the last number rounded off to zero,
so the number I'm looking for is the number that
I wrote down with the last number changed to zero,
which would be 1C80).
7) Once you find the right number, use your mouse to
click on any number in the same row (to the right).
(These numbers are letters or numbers in groups of
two, like 9D, 85, B1, etc...(these are just
examples, yours will be different)).
8) When you click on one of these two digit numbers,
look at the very bottom of the screen where it
says "Offset:". Use the left and right arrow keys
on your keyboard to move the cursor and watch the
"Offset" number until it matches the number you
wrote down before (in this case, 1C8C). So when
you have the right offset (in this example) you
should see "Offset:00001C8C" at the bottom of the
screen.
9) Now, find the number you wrote down before for the
"Value" (which in this case is CE), and using your
keyboard, type in that two digit "Value". (What
you have just done is to replace the value in the
game (ROM) with a different value. This is basically
the same thing that a real game genie does!)
10) Exit the hex editor (it will ask you if you want
to save the changes to the file, click "Yes".
It will also ask if you want to make a backup
copy of the file, click "Yes" (in case something
gets messed up, you will still have the original
file)).
11) Start up your NES emulator again.
12) Load the ROM (game) that you just hacked (in this
case, SMB) and see if the GG code works (which
means that the hack was a success!) When I try
the SMB ROM that I just hacked in this example,
the time always starts at 900 seconds, instead
of 400 but I don't have to enter any Game Genie
codes! Pretty cool.
If the above method didn't work, it could be because
the ROM you have may use a mapper, or it could be
because the ROM was not copied correctly, or it could
be because of some other reason that I'm not aware of.
Also, see the "Updates" below.
Also, if you are using a different hex editor than
"Hex Workshop", the above instructions may need to
be changed a little to suit your hex editor.
Anyways, I hope this document helps you understand
how the Game Genie works.
Thanks, Tony Hedstrom t.hed@excite.com
May 18, 2000
UPDATE: I just learned some more information about how
the Game Genie works, so I'll include that info here.
If the above method didn't work, then try adding $8000
to the original address and try it again. If that
doesn't work, then add $8000 again, and so on until
the hack works.
You will usually only have to do this on the larger
games.
UPDATE #2: This update has to do with 8 letter codes.
If you are using a 8 letter GG code, you can use the
"Compare" value (Check value) to help you find which
offset to change. Do not change an offset unless it
matches the compare value (check value). In other
words, check the offset from the GG code, and if the
value of that offset is not the same as the compare
value of the GG code, then add $8000 to the address
and see if it matches. If not, add $8000 again and
see if it matches, etc... Once the offset matches
the compare value, then that's the offset you want to
change.
Download a text version of this document