I was recently hanging out with a group of close friends, getting destroyed at a game of Monopoly by my friend John’s ruthless capitalism, when we briefly talked about the Game Genie for the NES. If you’ve been playing video games since the War of 1812 like I have then you probably remember the Game Genie. It was a peripheral you attatched to the end of NES cartridges in order to enter cheat codes.
A friend made a comment in passing wondering how the Game Genie actually worked. So today I will explain how.
About NES Cartridges
If you look at the bottom of an NES cartridge, i.e. the end you plug into the console, you’ll see a series of pins. Seventy-two to be exact. (As an aside, the Famicom only had sixty.) Some of these extra pins were used for 10NES, which is a type of ‘Checking Integrated Circuit’ or CIC. 10NES works as a lock-and-key system. Hardware inside of the NES itself is the lock, and games are the key. When you boot up a game the NES will make sure the key inside the game matches what the console expects. If you wanted this key for your own game then you had to get it from Nintendo. An effective and draconian system for stopping third-party developers seeking to release games without Nintendo’s approval. Eventually a group of people reverse engineered the 10NES. But before that you could disable it by physically cutting a specific pin within the system.
With regard to the Game Genie, I am simply setting the stage for some of the obstacles it faced.
Hijacking the Address Bus
Whenever an NES game requests something from memory or the ROM inside a cartridge, it does so by putting the address of that memory on the address bus and telling the console, “Hey go get the value at that address of memory.” The Game Genie could try to overwrite values in said memory; just because something is Read-Only Memory (ROM) that does not always mean you can never write to it.
However, the Game Genie takes a different approach. In effect it hijacks the address bus. Before fetching memory from a given address the Game Genie checks to see if that address is one it’s been told to monitor (via the codes you enter). If it matches then the Game Genie returns the value you provide (via the same code). The NES is none the wiser because it thinks the value came from the original game itself.
Note: For tech nerds, Game Genie codes contain 15-bit addresses instead of the expected 16-bit ones. The first bit in any Game Genie address has the value one, meaning the peripheral can only affect things in the upper-half of a game’s memory.
Different Types of Codes
Game Genie codes can be either six characters in length or eight characters in length. The six-character codes are the most simple and behave as described above; they cause the Game Genie to watch for access to a given address and then return a value provided by the player when the NES fetches data from that address.
Some NES games, however, make use of memory mappers. In layman’s terms this is a technique to swap banks of memory around, giving designers more to work with and more places to store data. A six-character code is not nearly as useful for these games because when a memory mapper moves around data the address provided by that six-character code is likely to point to “garbage,” i.e. memory we do not want to hijack. Enter eight-character codes to save the day.
The extra data in eight-character codes contains a small piece of data for the purposes of comparison. When the NES tries to fetch memory from an address the Game Genie intercepts it as usual. If the address is one to hijack then the eight-character code will first cause a comparison to take place, using that extra data in the code. This operation lets the Game Genie determine if the requested address is the correct one and not part of a different chunk of data that’s been made available via NES memory mappers.
Game Genie codes are memory addresses and data values. When the NES requests the data at the memory located at that address the Game Genie steps in and returns the value given in the cheat code instead of letting the console fetch the actual data from memory. This is how, for example, infinite life codes work. Part of a code is the address in memory where lives are stored, and the other part of the code is a fixed number like 99, meaning when the game requests how many lives are left it always receives the number 99—and poof! Infinite lives.
I hope that makes some sense.