Attention : aujourd’hui, billet d’humeur. Amis du recul et des
réflexions nuancées, passez votre chemin.
Ma culture musicale est pleine de trous. Ce matin, j’ai décidé d’y
remédier, en commençant par Led Zeppelin. Et comme je suis un bon
garçon, j’ai voulu utiliser les sites de musique en ligne légaux :
Spotify, Deezer, etc.
Spotify : “The author of this album decided not to make it
available online. You can buy it though.” Trop bien.
Deezer : Que des remixs pourris. Les albums authentiques ? Pas
disponibles. Sans doute pour les mêmes raisons légales.
Jiwa : “Nous sommes désolés, mais pour des raisons légales nous
ne pouvons plus diffuser dans votre pays.” Non, ce n’est pas la
censure chinoise : juste les Etats-Unis, où je suis en ce moment.
Deezer m’a déjà fait le même coup.
The Pirate Bay : “À votre service, tout ce que vous voulez,
voilà voilà !” Et toc.
Et là j’ai envie de pousser une gueulante, un petit peu, quand même. Bon
sang, ayants-droits de mes deux, qu’est-ce que ça peut vous faire que
mes oreilles soient d’un côté ou de l’autre de l’Atlantique ? Je ne sais
pas qui bloque ça, Led Zeppelin ou Big Content, mais vous croyez une
seule seconde que vous allez vendre plus de disques parce que vous
bloquez la diffusion en ligne, en streaming même pas téléchargeable ?
Ces systèmes bourrés de liens “Achetez ce morceau sur iTunes” et de
boutons “Achetez cet album sur Amazon”, le pain bénit de l’achat
impulsif ?
Morale de l’histoire : si je veux découvrir Led Zeppelin, juste comme ça
(et éventuellement acheter par la suite quelques singles ou albums si
j’aime bien), Bittorrent est mon ami — et je rejoins la foule des odieux
pirates qui menacent toute notre société.
… l’anniversaire de Brassens. Le moment de réécouter quelques chansons
mythiques ou poétiques (et parfois même les deux) au lieu de gloser sur
un nouvel OS.
J’ai utilisé cette première image en fond d’écran pendant plusieurs
mois : ces teintes gris-bleu que le flou transforme en doux applats, je
pourrais les regarder des heures.
Et puis aujourd’hui j’ai trouvé ce tigre sur DeviantArt, et il redonne
des couleurs chaudes à mon bureau. C’est l’automne.
I remember
my first attempts at programming outside my pocket calculator, 8 years
ago… I read a lot of things of GameBoy homebrew development, and decided
to code a small clone of Pokemon, for the GameBoy. Even without any
knowledge of C, or assembly, or hardware programming, or toolchains, it
was fun : I actually managed to get a moving character, basic
collisions, and a dynamically-loaded Pokemon-style map using the
original tiles.
The GameBoy was fully reverse-engineered some times ago, leading to the
development of several emulators — but one thing no one ever managed to
get is the boot ROM of these devices. Oh, it’s no big deal : unlike
the GameBoy Advance BIOS (which contain a lot of hard-to-emulate
compression and decompression routines), the boot ROM of a GameBoy is
very small, and doesn’t do much. It initialize some hardware registers,
displays the GameBoy logo, plays the sound, and check the CRC of the
cartridge. Additionally, the GameBoy Color sets up a color palette,
based on the combination of buttons pressed on startup, with a
hardcoded-list of specific palettes for a few games (like Super Mario,
Zelda, Metroid, etc.) Not very usefull, but still nice to have, for the
sake of computer history :)
Now why is getting this ROM so hard ? We could hack a small bit of
code that reads the ROM, load it into our favorite homebrew-loader
cartridge, and voilà. Well, the issue is that after it initialized the
hardware, the boot ROM locks itself, just before giving the control
to the cartridge code. That means you can’t read the boot ROM memory
location anymore. The only thing someone managed to do was to dump the
original black & white GameBoy ROM, using a powerfull microscope to read
the bits one-by-one on the chip — that’s how easy this locking
protection is to bypass.
And
now this guy finally managed to dump the GameBoy Color
ROM — one week after getting the GameBoy
Color one. You can read all the
details on his page, and it is really
interesting — but if you only want a less-technical summary, here are
some explanations.
Basically, he breaked out the GameBoy Color case, and took control of
the cartridge connector, the CPU clock cristal and the CPU voltage. That
means he could inject any code he wants, and control the CPU speed and
power — even stop the CPU completely. Now the idea was to avoid the
execution of the locking-bit, the instruction at the end of the boot ROM
code that locks access to this part of the memory. And the best way is
to confuse the CPU, so it would somehow skip this locking
instruction.
So he overclocked heavily the CPU, hoping that it would disfunction, and
skip the locking instruction. But unlike the original GameBoy, the
GameBoy Color CPU is very well-engineered, and the CPU wouldn’t
misbehave.
Then he tried to completely halt the CPU for a few seconds, plus cut the
power for good measure. And then, when waking up the CPU, a lot of
strange glitches would happen, as some of the internal state had been
lost. At some point, the boot ROM could even jump to a completely random
location in the memory : maybe in the video buffer, maybe in the RAM… or
maybe in the cartridge code.
So he filled his cartridge code with a lot of “NOP” (do-nothing
instructions), followed by a “JMP dump”, that would go straight to his
dumping routine. Then he started the boot ROM, and began to confuse the
CPU. At some point, the boot ROM code jumped to a random location on the
cartridge code, and arrived in the middle of NOP codes — it went down
all the NOPs, reached the JMP, and started executing the dumping
routine. Without having completed the boot ROM code, that is without
the locking-bit enabled. And here we go : we can read the boot ROM
memory location, and dump the 256 bits code.
If you’re interested, you can get a commentated
dissassembly
of the dumped ROM — beware, work in progress. And don’t forget to read
about the FPGABoy project — you wouldn’t miss a
complete GameBoy implementation in VHDL, would you ?
I remember
my first attempts at programming outside my pocket calculator, 8 years
ago… I read a lot of things of GameBoy homebrew development, and decided
to code a small clone of Pokemon, for the GameBoy. Even without any
knowledge of C, or assembly, or hardware programming, or toolchains, it
was fun : I actually managed to get a moving character, basic
collisions, and a dynamically-loaded Pokemon-style map using the
original tiles.
And
now this guy