Welcome to our guide to reverse engineering NES games! If you’re a fan of classic video games, you may have wondered how those old 8-bit games were created and what secrets they hold. Reverse engineering is a process that can help uncover the inner workings of these games and reveal how they were programmed, designed, and even hacked by enthusiasts over the years.
In this guide, we’ll explore the basics of reverse engineering and how it can be applied to NES games. We’ll cover the tools and techniques used to disassemble and analyze game code, as well as some of the challenges and rewards of this process. Whether you’re a curious hobbyist or a seasoned game developer, we hope this guide will inspire you to explore the world of NES game reverse engineering and discover some of the hidden gems of classic gaming.
If you are interested to see officially released or leaked source code check for the Nintendo Entertainment System check out our other post:
![]()
Retail Console Game Source code (C/C++)
For the official source code check out this post.
The full source code for the NES game Home Alone was released online thats to the Game History Org and we have a specific post covering the details of the files included:
![]()
Home Alone 2 NES Source Code
For the official source code to Home Alone for the NES check out this post.
If you are interested to see existing reversing projects for the NES check out our other post specifically on this topic:
![]()
Decompiled Retail Console Games
For the list of decompiled games check out this post.
The original Super Mario Bros was the game that revolutionised platformers, with its smooth scrolling and excellent game design there was bound to be many reversing projects related to it. This section covers projects specifically targeted towards the classic platformer.
The website neilb.net has created what it calls a Mario Compiler which takes in the original Super Mario Bros ROM and disassembles it. The disassembled code is then shown to the user and can then be modified and re-assembled back into a working NES ROM. All from within the web application!
You can also view the source code for the project here: nbarkhina/MarioCompiler: A Super Mario Compiler written in JavaScript
Mitchell Sternke has created an impressive port of the original NES Super Mario Bros, he has written a tool that converts most of the 6502 assembly code into its equivalent C code. He has then written a PPU, Controller and APU emulation layer in C to make it all work into a portable C application running natively on the target hardware (No 6502 CPU emulation required!).
You can find it on Github here: SuperMarioBros-C/README.md at master · MitchellSternke/SuperMarioBros-C
In this section, we’ll explore the hardware that powers the NES and how it can be reverse engineered. Understanding the hardware that drives the NES is key to unlocking its potential and gaining a deeper appreciation for the games that were developed for it.
We’ll take a closer look at the different components of the NES hardware, including the CPU, PPU, and APU, and discuss how they work together to create the unique gaming experience of the NES.
Since Nintendo were very new to the home video game market, they saw themselves as creating most of the software that will run on the NES. So they did not make a public NES development kit, so most third parties has to roll their own development kits.
We have a specific post covering all the NES development kits that we know about here:
![]()
NES (Famicom) Development Kit Hardware
For information about Nintendo's Famicom development hardware check out this post.
If you’re interested in learning more about the hardware architecture of the NES, we highly recommend checking out the post on Copetti.org. This website is dedicated to exploring the technical details of the NES hardware, including the CPU, PPU, and APU, as well as other components that make up the console. You’ll find in-depth explanations of how each component works, as well as detailed schematics and diagrams that help illustrate the inner workings of the NES.
![]()
Nintendo Entertainment System (NES) Architecture - A Practical Analysis
Copetti.org has an excellent tear down of the NES Hardware and how it works
Have you ever wondered about how a NES controller actually works, such as the circuits and electronic components used to physically create it?
Well you are in luck, the YouTuber Displaced Gamers explains exactly how the electronics of the NES controller works and a few interesting facts along the way!
He opens up the NES controller revealing the physical wires, traces (green lines on the circuit), rubber membranes and the 8-bit shift register (HD14021BP).
The Controller as with all electronics has both a Power (High) and Ground (Low) lines, with 5V used for Power. Ground is connected to all of the buttons including the 4 D-pad buttons, whereas the Power lines go straight to the Carbon Printed Pull-Up resistors which then in-turn goes to each of the buttons.
When a button is pressed it completes the circuit at that point meaning it is pulled Low (Grounded) which allows the shift register to know that button is pressed. The resistors are used to make sure the power lines are always High, so we can ensure that when a pin is pulled low it has definitely been pressed.
There was an official software development kit provided by Nintendo/Intelligent Systems for the NES/Famicom but Nintendo didn’t distribute it to third party developers. Instead developers were required to either get an off-the-shelf 6502 assembler or write their own. Paired with a booklet covering how the NES handled graphics, input and sound, this was all that game developers got in terms of software for game development on the NES.
Nowadays there are many open source assemblers, IDE’s and even high level language compilers that can be used to create NES homebrew games.
The Official Famicom SDK was created by Nintendo and Intelligent Systems in 1986, as revealed by a file leaked in the Nintendo Gigaleaks. The file, called HDT.EXE, was included with the source code to the Game Boy Zelda game.
It contains the NES/Famicom Debugger, a tool developed by Intelligent Systems between 1986-1989, which appears to read in three file formats: CHR (Character/Tile Data), SCR (Screen data or Source Data), and CGD (possibly standing for Character Graphic Designer, though this is uncertain).
We have a specific post covering exactly how emulators work including tips for writing your own emulators:
![]()
How do Emulators work? A Deep-dive into emulator design
For more information on how emulators work check out this post.
When reversing or developing NES games it is vital to use a good emulator which has debugging support such as:
Here is a list of a few Open Source emulators that have some of these features:
The developers of Retro City Rampage (V-blank Entertainment) created a limited NES port of their game for the NES and documented some of the major changes that they needed in order to get it to run on the real console:
This is a good introduction to some of the limitations you need to think about when developing a NES game. According to RomHacking.net1 they were not allowed to release the NES ROM created for Grand Theftendo or even some of the documentation that they wrote while creating it. However the ROM is in the final game, so if you own the game it is possible to extract the NES ROM and play it in an emulator!
You need to use a tool called BFP Extractor to extract content from: the file gamedata.bfp at addresses 0x747E67D6 and 0xC87FC3A3 then create a iNES ROM Header for it with the following Hex values:
4E 45 53 1A 20 20 50 00 00 00 00 00 00 00 00 00
Then simply join the header with the content from address 0x747E67D6 and 0xC87FC3A3 together and name it as a .nes file.
Modding NES games can be a fun and rewarding way to explore the world of classic gaming and unleash your creativity. By modifying the code, graphics, or sound of an NES game, you can create new levels, characters, or even entirely new games that build upon the classic gameplay and aesthetics of the original. This can provide a unique and personalized gaming experience that is tailored to your own interests and preferences. Additionally, modding NES games can be a great way to learn more about the technical aspects of game development and programming, as well as to connect with other enthusiasts in the retro gaming community.
The main cheat cartridge available for the NES was the Game Genie created by Codemasters (Distributed by Galoob & Hornby Hobbies). This was a physical connector that would sit between the NES and the Game Cartridge you wanted to cheat on. It would alter the signals based on which memory addresses were being read/written to in real-time based on the Cheat code that was loaded into the system.
The Game Genie used a special encoding format for its codes which can be encoded and decoded using this handy online tool: Game Genie Encoder/Decoder
If you want to permanently modify one of your NES ROM files with a certain cheat code there is a Windows Only tool to do this created by rdurbin: Romhacking.net - Utilities - Permanent Game Genie
Corrupting the memory of a ROM has become very popular over on Youtube with creators such as Vinesauce regularly using ROM corruptors on popular games to produce some interesting results.
If you want to try it yourself we recommend the Real-Time Corruptor Vanguard (RTCV) available on Github: redscientistlabs/RTCV: Real-Time Corruptor, Vanguard, CorruptCore, NetCore2 https://redscientist.com/rtc. It is written using DotNet so it should work on Windows and MacOSX/Linux via Mono.
For more information we have a specific post on the topic of Game memory corruption:
![]()
Emulator Game Memory corruption
For information about Game Memory Corruption check out this post.
The Youtuber Javidx9 has created a system that randomly corrupts the memory of a NES game (every 5 seconds) as it runs just for the fun of seeing the chaos that follows. The interesting part of this is that his system is somewhat smart in that it tracks the most common memory addresses used per frame (excluding screen memory) and changes those at a higher rate compared to just random memory locations.
Apparently the source code was once linked on the twitch page, but it is sadly so old now that the link has disappeared, it would have been really interesting to see it!
You can easily replace the 2D Sprites and Tiles from a NES game with HD/4K alternatives using specific emulators such as Mesen and HDNes. The gameplay is unchanged as it overlays the HD Graphics on top of the game and doesn’t have any of the colour limitations of the NES hardware. These modifications as emulator specific and will not modify the original ROM.
Mesen even comes with a HD Pack Builder Tool to create your own texture packs, for more information: HD Packs :: Mesen Documentation
For an introduction to how the NES renders graphics to the screen checkout Austin Morlan’s excellent article on his website: An Overview of NES Rendering - Austin Morlan.
It covers the following topics related to NES Graphics:
If you’re interested in exploring the inner workings of classic video games, reverse engineering is a process that can help you uncover the secrets of how these games were designed and programmed. In this tutorial, we’ll provide an overview of the techniques used to reverse engineer NES games, including disassembly, debugging, and memory analysis
When reversing NES games you will come across a variety of file formats, this section will try to cover all of the most common formats you will encounter.
The formats for NES ROMS (virtual cartridges) are:
The website Grid Bugs has written an excellent article on reverse engineering the NES version of Tetris to add functionality to the game called a Hard Drop. Check it out here: Reverse-Engineering NES Tetris to add Hard Drop
Ghidra doesn’t have support out of the box for NES ROM reverse engineering so we need to use a plugin created by ilyakharlamov available here: ilyakharlamov/Ghidra-Nes-Rom-Decompiler-Plugin: Ghidra NES / Famicom ROM Decompiler Plugin
After downloading open up ghidra and go to File -> Install Extensions..
It will then open up the following window, click the green plus icon in the top right:
Then make sure to select the zip file that you downloaded previously:
If you get the following screen then you will either need to build the plugin from source or use an older version of Ghidra:
When attempting to compile the plugin from source and linking the ghidra directory I normally get the error:
JavaModelException: Build path contains duplicate entry: ‘/ghidra_10.2.3_PUBLIC/Ghidra/Processors/68000/lib/68000.jar’for project ‘Ghidra-Nes-Rom-Decompiler-Plugin’
To fix this you need to right Click on the Project and select “Properties”, go to the “Java Build Path” tab and then the Libraries tab and delete all the jars.
When that is done you will be able to run the application in Eclipse by clicking the green play icon and the following window will pop up:
Select “Ghidra” from this window.
If you get an error such as:
Exception in thread “main” ghidra.util.exception.AssertException: Multiple modules collided with same name: Ghidra-Nes-Rom-Decompiler-Plugin
THen you need to delete the Ghidra-Nes-Rom-Decompiler-Plugin folder from the global ghidra config file location e.g ~/.ghidra/Extensions
Now when you go to Import File and select a .nes ROM file you should get the following dialog:
Now after import you should be able to decompile any function you want as long as the Mapper is supported in the NES Plugin (currently only Mapper 0):
Read all about NES (Famicom) Development Kit Hardware in this s...
Read all about Programming the Nintendo Entertainment System in this s...
Read all about Introduction to Audio Programming of Retro Games in this s...
