Welcome to our guide to reverse engineering NES games! If you’re a fan of classic video games, you may have wondered how those old 8-bit games were created and what secrets they hold. Reverse engineering is a process that can help uncover the inner workings of these games and reveal how they were programmed, designed, and even hacked by enthusiasts over the years.
In this guide, we’ll explore the basics of reverse engineering and how it can be applied to NES games. We’ll cover the tools and techniques used to disassemble and analyze game code, as well as some of the challenges and rewards of this process. Whether you’re a curious hobbyist or a seasoned game developer, we hope this guide will inspire you to explore the world of NES game reverse engineering and discover some of the hidden gems of classic gaming.
Despite the release of the Super Nintendo Entertainment System (SNES) in the early 1990s, the original Nintendo Entertainment System (NES) continued to maintain a substantial presence in the gaming industry.
In 1993, a surprising 55 new NES titles were released1, showcasing the enduring popularity of the 8-bit console. This phenomenon can be attributed to several factors, including the affordability of the NES, its vast existing user base, and the dedication of developers and publishers who continued to support the platform. These new NES titles provided a diverse array of gaming experiences, catering to a wide range of players and ensuring that the beloved NES had a lasting impact long after the arrival of its successor, the SNES.
If you are interested to see officially released or leaked source code check for the Nintendo Entertainment System check out our other post:
![]()
Retail Console Game Source code (C/C++)
For the official source code check out this post.
The full source code for the NES game Home Alone was released online thats to the Game History Org and we have a specific post covering the details of the files included:
![]()
Home Alone 2 NES Source Code
For the official source code to Home Alone for the NES check out this post.
If you are interested to see existing reversing projects for the NES check out our other post specifically on this topic:
![]()
Decompiled Retail Console Games
For the list of decompiled games check out this post.
The original Super Mario Bros was the game that revolutionised platformers, with its smooth scrolling and excellent game design there was bound to be many reversing projects related to it. This section covers projects specifically targeted towards the classic platformer.
If you are interested in how Super Mario Bros works (or to really get an insight into how any NROM Mapper 0 game works) you need to check out A Comprehensive Super Mario Bros. Disassembly by doppelganger.
The website neilb.net has created what it calls a Mario Compiler which takes in the original Super Mario Bros ROM and disassembles it. The disassembled code is then shown to the user and can then be modified and re-assembled back into a working NES ROM. All from within the web application!
You can also view the source code for the project here: nbarkhina/MarioCompiler: A Super Mario Compiler written in JavaScript
Mitchell Sternke has created an impressive port of the original NES Super Mario Bros, he has written a tool that converts most of the 6502 assembly code into its equivalent C code. He has then written a PPU, Controller and APU emulation layer in C to make it all work into a portable C application running natively on the target hardware (No 6502 CPU emulation required!).
You can find it on Github here: SuperMarioBros-C/README.md at master · MitchellSternke/SuperMarioBros-C
Matthew Earl has an excellent post on how he managed to extract the level data for Super Mario Bros using the disassembly project and python scripts: Extracting Super Mario Bros levels with Python - Matt’s Ramblings
The developers of Retro City Rampage (V-blank Entertainment) created a limited NES port of their game for the NES and documented some of the major changes that they needed in order to get it to run on the real console:
This is a good introduction to some of the limitations you need to think about when developing a NES game.
According to RomHacking.net2 they were not allowed to release the NES ROM created for Grand Theftendo or even some of the documentation that they wrote while creating it. However the ROM is in the final game, so if you own the game it is possible to extract the NES ROM and play it in an emulator!
You need to use a tool called BFP Extractor to extract content from: the file gamedata.bfp at addresses 0x747E67D6 and 0xC87FC3A3 then create a iNES ROM Header for it with the following Hex values:
4E 45 53 1A 20 20 50 00 00 00 00 00 00 00 00 00
Then simply join the header with the content from address 0x747E67D6 and 0xC87FC3A3 together and name it as a .nes file.
In this section, we’ll explore the hardware that powers the NES and how it can be reverse engineered. Understanding the hardware that drives the NES is key to unlocking its potential and gaining a deeper appreciation for the games that were developed for it.
We’ll take a closer look at the different components of the NES hardware, including the CPU, PPU, and APU, and discuss how they work together to create the unique gaming experience of the NES.
Since Nintendo were very new to the home video game market, they saw themselves as creating most of the software that will run on the NES. So they did not make a public NES development kit, so most third parties has to roll their own development kits.
We have a specific post covering all the NES development kits that we know about here:
![]()
NES (Famicom) Development Kit Hardware
For information about Nintendo's Famicom development hardware check out this post.
If you’re interested in learning more about the hardware architecture of the NES, we highly recommend checking out the post on Copetti.org. This website is dedicated to exploring the technical details of the NES hardware, including the CPU, PPU, and APU, as well as other components that make up the console. You’ll find in-depth explanations of how each component works, as well as detailed schematics and diagrams that help illustrate the inner workings of the NES.
![]()
Nintendo Entertainment System (NES) Architecture - A Practical Analysis
Copetti.org has an excellent tear down of the NES Hardware and how it works
Although all NES cartridges look similar from the outside apoart from a different sticker and maybe a different color cartridge casing, the internals can be vastly different from game to game.
This is especially the case in Japan where Nintendo allowed third party developers to manufacture their own cartridges, which means they could add additional microchips inside, such as custom memory mappers.
However the same wasn’t the case in the west as described in this quote from MobyGames:
Nintendo didn’t normally allow developers to use custom mapper chips in western releases, instead requiring them to reprogram their games for Nintendo’s own MMC mappers. This is because Nintendo manufactured all cartridges in the west. Mr. Gimmick and Batman:Return of the Joker (which uses the same FME-7 mapper chip) are the only two official western NES releases to use custom mapper chips.
For emulators to support all the different cartirdge hardware, emulator authors came up with the concept of Mappers which are part of the iNES Header and are used by emulators to vary the emulation based on what Mapper the game ROM is defined as using.
Have you ever wondered about how a NES controller actually works, such as the circuits and electronic components used to physically create it?
Well you are in luck, the YouTuber Displaced Gamers explains exactly how the electronics of the NES controller works and a few interesting facts along the way!
He opens up the NES controller revealing the physical wires, traces (green lines on the circuit), rubber membranes and the 8-bit shift register (HD14021BP).
The Controller as with all electronics has both a Power (High) and Ground (Low) lines, with 5V used for Power. Ground is connected to all of the buttons including the 4 D-pad buttons, whereas the Power lines go straight to the Carbon Printed Pull-Up resistors which then in-turn goes to each of the buttons.
When a button is pressed it completes the circuit at that point meaning it is pulled Low (Grounded) which allows the shift register to know that button is pressed. The resistors are used to make sure the power lines are always High, so we can ensure that when a pin is pulled low it has definitely been pressed.
There was an official software development kit provided by Nintendo/Intelligent Systems for the NES/Famicom but Nintendo didn’t distribute it to third party developers. Instead developers were required to either get an off-the-shelf 6502 assembler or write their own. Paired with a booklet covering how the NES handled graphics, input and sound, this was all that game developers got in terms of software for game development on the NES.
Nowadays there are many open source assemblers, IDE’s and even high level language compilers that can be used to create NES homebrew games.
On average, NES game development could take anywhere from several months to a couple of years. Some simpler or shorter games might be developed more quickly, while larger, more complex titles could take longer.
Most game development teams only hand a handful of people working full time on the game, mostly programmers. Artists and Sound Engineers were often working on multiple projects at the same time. Music was usually created and added to the game near the end of the development process when the game was getting ready to be shipped.
Some examples of the length of time it took to develop Nintendo Entertainment System games are:
The British company Rare made gaming history by becoming the first non-Japanese licensed game developer for the NES, securing the license from Nintendo through an ingenious demonstration of their skills by reverse engineering the console and showcasing the game “Slalom” as a convincing demo to Nintendo in 1986 5.
They created their own development kits based on the PDS and you can find out more about it in our post on the NES Development Hardware:
![]()
NES (Famicom) Development Kit Hardware
For information about Nintendo's Famicom development hardware check out this post.
The Official Famicom SDK was created by Nintendo and Intelligent Systems in 1986, as revealed by a file leaked in the Nintendo Gigaleaks. The file, called HDT.EXE, was included with the source code to the Game Boy Zelda game.
It contains the NES/Famicom Debugger, a tool developed by Intelligent Systems between 1986-1989, which appears to read in three file formats: CHR (Character/Tile Data), SCR (Screen data or Source Data), and CGD (possibly standing for Character Graphic Designer, though this is uncertain).
We have a specific post covering exactly how emulators work including tips for writing your own emulators:
![]()
How do Emulators work? A Deep-dive into emulator design
For more information on how emulators work check out this post.
When reversing or developing NES games it is vital to use a good emulator which has debugging support such as:
Here is a list of a few Open Source emulators that have some of these features:
The best 6502 Assembly tutorial for the NES has to be Brian Parker’s Nerdy Nights tutorial series which goes from the basics all the way up to writing a version of pong! The original posts have been taken down but you can find a mirror here: Nerdy Nights Mirror
The game developer Morphcat Games has released a video on how they created an impressive game called Micro Mages in just 40KB without using a mapper (NROM board):
It mentioned Metatiles and tehcniques for oiptimizing tile usage (removing duplicates and using mirroring).
Modding NES games can be a fun and rewarding way to explore the world of classic gaming and unleash your creativity. By modifying the code, graphics, or sound of an NES game, you can create new levels, characters, or even entirely new games that build upon the classic gameplay and aesthetics of the original. This can provide a unique and personalized gaming experience that is tailored to your own interests and preferences. Additionally, modding NES games can be a great way to learn more about the technical aspects of game development and programming, as well as to connect with other enthusiasts in the retro gaming community.
The main cheat cartridge available for the NES was the Game Genie created by Codemasters (Distributed by Galoob & Hornby Hobbies). This was a physical connector that would sit between the NES and the Game Cartridge you wanted to cheat on. It would alter the signals based on which memory addresses were being read/written to in real-time based on the Cheat code that was loaded into the system.
The Game Genie used a special encoding format for its codes which can be encoded and decoded using this handy online tool: Game Genie Encoder/Decoder
If you want to permanently modify one of your NES ROM files with a certain cheat code there is a Windows Only tool to do this created by rdurbin: Romhacking.net - Utilities - Permanent Game Genie
Corrupting the memory of a ROM has become very popular over on Youtube with creators such as Vinesauce regularly using ROM corruptors on popular games to produce some interesting results.
If you want to try it yourself we recommend the Real-Time Corruptor Vanguard (RTCV) available on Github: redscientistlabs/RTCV: Real-Time Corruptor, Vanguard, CorruptCore, NetCore2 https://redscientist.com/rtc. It is written using DotNet so it should work on Windows and MacOSX/Linux via Mono.
For more information we have a specific post on the topic of Game memory corruption:
![]()
Emulator Game Memory corruption
For information about Game Memory Corruption check out this post.
The Youtuber Javidx9 has created a system that randomly corrupts the memory of a NES game (every 5 seconds) as it runs just for the fun of seeing the chaos that follows. The interesting part of this is that his system is somewhat smart in that it tracks the most common memory addresses used per frame (excluding screen memory) and changes those at a higher rate compared to just random memory locations.
Apparently the source code was once linked on the twitch page, but it is sadly so old now that the link has disappeared, it would have been really interesting to see it!
You can easily replace the 2D Sprites and Tiles from a NES game with HD/4K alternatives using specific emulators such as Mesen and HDNes. The gameplay is unchanged as it overlays the HD Graphics on top of the game and doesn’t have any of the colour limitations of the NES hardware. These modifications as emulator specific and will not modify the original ROM.
Mesen even comes with a HD Pack Builder Tool to create your own texture packs, for more information: HD Packs :: Mesen Documentation
For an introduction to how the NES renders graphics to the screen checkout Austin Morlan’s excellent article on his website: An Overview of NES Rendering - Austin Morlan.
It covers the following topics related to NES Graphics:
If you’re interested in exploring the inner workings of classic video games, reverse engineering is a process that can help you uncover the secrets of how these games were designed and programmed. In this tutorial, we’ll provide an overview of the techniques used to reverse engineer NES games, including disassembly, debugging, and memory analysis
When reversing NES games you will come across a variety of file formats, this section will try to cover all of the most common formats you will encounter.
The formats for NES ROMS (virtual cartridges) are:
The website Grid Bugs has written an excellent article on reverse engineering the NES version of Tetris to add functionality to the game called a Hard Drop. Check it out here: Reverse-Engineering NES Tetris to add Hard Drop
Ghidra uses pcode as an intermediate representation of machine code, enabling more abstract analysis and manipulation of binary instructions across different processor architectures during the reverse engineering process.
Ghidra provides a built-in emulator that can execute pcode, which has been put to good use in the ghidra-plays-mario Github project. Where they have taken the cpu emulation out of smolnes emulator and replaced it with the Ghidra pcode emulation and it plays the first level of Mario!
This isn’t a realistic way to play the game, it uses pre-recorded inputs, but it is an excellent want to test Ghidra’s pcode emulation! Allowing bugs to be found which when fixed will benefit all NES reversing projects.
We have moved this section to its own post which you can view here:
Reversing Engineering a NES Game With Ghidra
For a guide on how to reverse NES games with Ghidra check out this post.
Read all about The 6502 Microprocessor - Gaming's Unsung Hero in this s...
Read all about NES (Famicom) Development Kit Hardware in this s...
Read all about Reversing Engineering a NES Game With Ghidra in this s...
Read all about Programming the Nintendo Entertainment System in this s...
Read all about Introduction to Audio Programming of Retro Games in this s...
Read all about Let's reverse - Super Mario Bros (NES) in this s...
Game Developer Magazine April 1994 Page 24 ↩
Retro Gamer Issue 96 page 55 ↩
Chunsoft 30th Anniversary – 2014 Developer Interview - shmuplations.com ↩
Retro Gamer Issue 84 from December 2010 pages 34–35. ↩
