Security researcher James Chambers discovered the previously unused and undocumented feature buried in the original game code and detailed his methodology and findings in a technically oriented Medium post this week.
The key to opening ‘s NES emulator is the game’s generic “NES console” item. Usually, this item simply tells players who try to use it that “I want to play my NES, but I don’t have any software” (separate in-game items are used to play the NES ROMs that are included on the disc).
While searching the code for access to hidden developer menus, though, Chambers discovered that activating this in-game NES actually causes the game to mount and search the player’s memory card for valid NES ROM files, using functions like “famicom_get_disksystem_titles” and “memcard_game_list.” After a good deal of debugging through an emulator, Chambers deciphered the specific file format needed to get to recognize NES ROM files stored on the memory card, which involves inserting specific checksum, file name, and ROM header values in specific locations before the game data itself.
After a bit of metadata and emulator tweaking, Chambers says he was able to load , and onto the GameCube through the in-game emulator, as well as a homebrew test ROM created years after was made.
Interestingly enough, ‘s memory card access hole also leads to a buffer overflow error that can let users execute arbitrary, user-defined code on the GameCube itself. One hacker has already demoed how this method can be used to generate infinite items in a stock copy of , but the same general method could load homebrew code onto the GameCube without the need for hardware mods or external cheat devices like the GameShark.
The best laid plans…
While being able to load NES games onto a GameCube is fun, the most interesting part of this discovery is probably what it suggests about an unexplored branch of potential Nintendo history. Remember that the code to load NES games from a memory card was put into by Nintendo decades ago, not by some modern-day modification of the original game code. That strongly suggests Nintendo was at some point planning an way to load additional NES files into through the memory card.
It’s hard to say how this distribution might have worked. Maybe special ROM-packed memory cards would have been included with new editions of the game (Nintendo actually did sell versions of the game packaged with memory cards that unlocked special presents for players). Maybe Nintendo would have given such memory cards away in contests. Or maybe, in an alternate timeline, a machine akin to Japan’s Japanese Famicom disk-writer kiosk could have let players load NES games onto their own memory cards.
Regardless, it seems that Nintendo may have been planning ahead for some form of retro-game distribution long before the Wii Virtual Console became a thing in 2006. And if you want to make use of Nintendo’s unused GameCube-to-NES emulation features today, Chambers has released GitHub source code that lets you generate your own -friendly NES ROM files. You can test out those files for yourself using a virtual memory card loaded into the Dolphin emulator or on an actual GameCube using special memory card hardware.
