insidegadgets
commented
4 years ago Hi, I would say that this would be out of the GBxCart project scope however this project is open source so you could potentially modify the firmware or software to perform what the cart requires.
Another option could be to look at the GB-BENCH-G1 project at https://github.com/Gekkio/gb-hardware which could maybe allow for reading/writing to the cartridge while the DMG is stepped through each instruction.
There exist various bootleg carts with protection (signified by the game title in the header being "YJencrypted") which stops the carts from being read via conventional means. As it stands, the GBxCart software cannot even read the header. I believe that a chip inside the cart checks the reads and if they do not match exactly with how an actual GBA would read, it locks all future reads.
Additionally, once the game boots, there appears to be some more initialisation reads done by the first few instructions of the game itself, which are required to read past 0x200. I'm not sure how exactly this works yet, or what reads are required exactly to unlock the rest of the cart.
Finally, the majority of these carts also contain additional protection where certain addresses (different per cart) will lock any future reads if they themselves are read from. There is also a large block somewhere around 0x200000, usually of a size of a multiple of 0x10000 bytes long, that will lock reads if anywhere in that block is read from.
The ROM also appears to have mirror areas later, though the exact details of this are not yet known. The data that cannot be read from these trap addresses can be replaced with versions from mirrored areas later in the ROM.
The most common carts that contain this protection appear to be bootlegs from Sintax, though the same protection has also been found on some Pokémon bootlegs with unofficial translations.