Damaged Cybernetics - GameBoy Authentication Routine

GameBoy Authentication Explained
Written by Donald Moore (MindRape/Damaged Cybernetics)

Nintendo designed the GameBoy with 2 security authentication routines. These routines are to make sure that the cart that is currently inserted is a legal and working GameBoy cartridge.

First Security Check

The first security routine checks the first character data area and compares it against the second character data area. The first character data area is located on the internal GameBoy ROM, the 2nd is located on the external cart. The character data area is 48 bytes long, which contains the Nintendo Trademark encoded.

The interesting thing about this is that you see this character data everytime you turn your GameBoy on. Upon powerup the 2nd character data is copied to VRAM and scrolled upwards. During this scrolling is when the authentication takes place. If it fails, it calls the inhibiting routine otherwise it moves onto the 2nd security check.

The encoded trademark is 48 x 8 pixels. It can be enlarged to twice its width and height, and can be displayed either way. It is prefered if it is twice its width and height.

One thing to note about the first character data area. Since it contains the Nintendo Trademark, it could be considered illegal for anyone to program a legal working GameBoy pak without obtaining a license from Nintendo directly! Which also means if you don't include it, your game won't work on a GameBoy.

Second Security Check

The second authentication routine verifies the complement of the ROM information area. According to the Nintendo, to calculate the complement is to take the sum of the ROM information area plus 25 and perform a ones complement. he result is a 8bit value which is stored at 0x14D.

Note:
This algorithm is very strange indeed, if anyone has any idea how or why Nintendo chose this method please email us.

Authorization Failed

If one of these authentication routines fail, the inhibiting routine is called. One of the following could happen:

Screen turns off
Screen stays on but blank
Screen flashes between white and black
A message stating why this game pak won't run.

Authorization Passed!

Once the game pak has been authenticated, the GameBoy switches from its Internal ROM to the External ROM and executes the game program. According to Nintendo, the Internal ROM is no longer accessible.

Damaged Cybernetics is not connected or affiliated with any mentioned company in any way. The opinions of Damaged Cybernetics do not reflect the views of the various companies mentioned here. Companies and all products pertaining to that company are trademarks of that company. Please contact that company for trademark and copyright information.