Reverse Engineering a Gameboy Advance game: Let’s Stretch the Bridge! — Part 1
This post is part of a series entitled Reverse Engineering a Gameboy Advance Game. Read the introduction here.
Do you want to chat more about game reverse engineering?
Join my Discord server: Game H4cking! 🏴☠️
Well, our objective is to create a level editor, right? But that’s very complex and there are a million things to do. So we’ll start off with something more obvious: let’s create some tiles on the map!
An important thing when you are reverse engineering is to “find and follow the patterns.” It’s easier to just repeat a pattern than to create or delete something. So instead of just “creating the tiles” from scratch, we’ll start with something simpler: we’ll “repeat the tiles” in order to “stretch something in the level”. It will make our work easier if we have a practical part of the level to stretch. That is, some part of the level where the tiles are regular (a sequence of the same tiles), with space around it, where it will be easy to see that something has changed.
It turns out the first level has a very good area with a floating bridge.
One of the tools in No$GBA, the VRAM Viewer (open it by pressing F5), is exactly what we need for our work. In it we can view the different background layers of the level. On the Gameboy Advance, these are called BG0, BG1, BG2, and BG3. You can see that BG0 contains the background images furthest from the camera, the blue sky, and the HUD, while BG1 contains the nearer background images, and BG3 contains nothing. What is really important to us is BG2, where we can see the “walkable” tiles.
By hovering the mouse over a tile, we can see information about it. While there are a lot of details, there are only two things we really care about, which are:
- Tile No: the ID number associated with the tile. For example: in this level, every tile with the number 9B represents a specific piece of the bridge, which is the top left corner. 9A is the ID of the repeating part of the bridge.
- Map address: the address where the tile is stored in memory. In this case, it’s at address 0600F1AD.
Hey, I mentioned a memory address! And this address is expected, since addresses between 06000000 and 06017FFF are a section of memory called VRAM (Video RAM). This section contains the background, sprites, and as we saw, the tilemap!
The Gameboy Advance memory is divided into multiple sections, each with a different purpose and functionality. If you want to know more about them, you can read here, but whenever I introduce a new section, I’ll describe it briefly.
So now we know that address 0600F1AD contains the tilemap we are looking at. Interesting… so let’s see what’s there:
Awesome! Can you see the bridge in these bytes? Note that 00 represents an empty tile, while anything else is a tile which will be displayed on the screen. And this sequence of bytes, “9B 9A 9A…” is our bridge! So, would filling in the bytes to the left of the 9B following the pattern be enough to stretch the bridge? Let’s try it!
We’ve stretched the bridge in VRAM, and since the GBA draws the screen based on this information, we can advance one frame in the emulator (using the / key) to see what happens…
And we can see that we actually managed to stretch the bridge! Cool!!
However, when we advance one more frame, we see that the bridge returned to its original form… Hmm… how did this happen? How do we fix it?
