GSA Hacking Doc


Internal Registers:

0x0800009C (W)
FPGA controller
 0x0001 = swap to game rom
 0x0002 = offset correction
 0x0004 = use page 2 for remap (0x08020000)
 0x0020 = enable write
 0x0040 = enable read
 0x0100 = (???) enable more ROM patches?

0x08005554 (W)
SST Flash ROM control address #1

0x0800AAAA (W)
SST Flash ROM control address #2

0x08020020-0x080200A0 (R)
data is redirected to 0x08000020

0x08020200-0x08021000 (R)
data is redirected to 0x09FE0200


0x09FE0000 (W)
Flash ROM
store lower address(shifted right 1) for ROM write #1

0x09FE0020 (W)
store upper address(shifted right 1) for ROM write #1

0x09FE0040 (W)
store ROM write data (u16) #1

0x09FE0060 (W)
store ROM write data (u16) #3

0x09FE0080 (W)
store lower address(shifted right 1) for ROM write #2

0x09FE00A0 (W)
store upper address(shifted right 1) for ROM write #2

0x09FE00C0 (W)
store ROM write data (u16) #2

0x09FE00E0 (R\W)
R\W user data

0x09FE0100 (W)
store lower address(shifted right 1) for ROM write #3

0x09FE0120 (W)
store upper address(shifted right 1) for ROM write #3

0x09FE0140 (W)
Store 0xFFFF here to kill flash (possibly linked to 0x09FFE140)

0x09FE0160 (?)
???

0x09FE0180 (R\W)
R\W user data

0x09FE01A0 (R\W)
R\W user data

0x09FE01C0 (R)
Hardware (USB\switch\button) Read Register
& 0xF000 = switch is in "ON" position
& 0x0400 = AR Button is NOT pressed
& 0x0100 = USB WAIT

0x09FE01E0 (W)
USB Write Register

0x09FE0200 - 0x09FE2000 (R\W)
Flash ROM (!)

0x09FFE140 (W)
AR hardware controller (FPGA write must be enabled before using this register)
 0x0FF0 = enable AR hardware



The following are for AR V3 ONLY

0x09FE00E0 (W)
store ROM write data (u16) #4

0x09FE0200 (W)
store upper address(shifted right 1) for ROM write #4

0x09FE0220 (W)
store lower address(shifted right 1) for ROM write #4

0x09FE0240 (W)
store ROM write data (u16) #5

0x09FE0260 (W)
store ROM write data (u16) #6

0x09FE0280 (W)
store upper address(shifted right 1) for ROM write #5

0x09FE02A0 (W)
store lower address(shifted right 1) for ROM write #5

0x09FE02C0 (W)
store upper address(shifted right 1) for ROM write #6

0x09FE02E0 (W)
store lower address(shifted right 1) for ROM write #6

