tt-homebrew is a tool that makes it easy to write games for the TipToi in C, providing full access to all the features of the TipToi.
tt-homebrew is not in anyway affiliated with Ravensburger. It's possible to brick your pen, so use this tool at your own risk. It never happened to me in all my testing, but you could call functions that overwrite the flash, making it unable to boot again.
Install nodejs and gcc-arm-none-eabi or just use nix-shell.
Then run npm i to install the dependencies.
Get the syntax with node build.js -h.
With node build.js -i gme/Wimmelbuch.gme -o "/run/media/$(whoami)/tiptoi/Wimmelbuch.gme" -n dump_ram -p -b 0 you can compile your first example, which dumps ram from the tiptoi to its storage, as soon you try to start the first game. You can find it by connecting your pen to your pc and looking in the "dump" folder.
If you want to contribute or just stay up to date, join the tt-homebrew discord
- Support for 2N and 3L
- Create a main template, that makes scripts work
- Create files without tttool (coming soon, checkout gmelib)
- list files and directorys
- Microphone support for Pens (in work)
- Uart
- Wifi support (i dont have a pen with wifi)
- add firmware offsets with functions that arent accessible via the sys_api
- On 2N and 3L the system_api seems to be compatible, but different
fpAkOidPara - The main binary handels the execution of the scripts inside the gme. If the offset to the main binary table is 0, the pen uses a main binary thats inside the firmware.
- Reading from unmaped memory on 4E (0x80 9000 < crash < 0x82 9000)
| Processor | 1 | 2N | 3L and later (tested on 4E, other firmwares are different) |
|---|---|---|---|
| Bootrom | tbd | 0x0000 0000 | 0x0000 0000? |
| Bios.bin | tbd | 0x0800 0000 | 0x0080 0000 |
| Prog.bin | tbd | 0x0800 9000 | 0x0082 9000 |
| Prog.bin entry | tbd | 0x0800 9100 | 0x0085 ed01 the 1 at the end means thumb mode / only for 4E / differs on 5E and 6E |
| GME bins | tbd | 0x0813 2000 | 0x0093 0000? |
| GME Gamestate | tbd | 0x0814 1000 | 0x0094 0000 |
| Return Game | tbd | 0x0082 c3c5? looks wrong | |
| Return Main | tbd |
i dont have a pen with first gen processor, feel free to test it on your pen
Want to decompile binaries from gme files? This is my routine:
- Use
tttool binariesto get the binaries. - Use
tttool exportto see which game is started when you press the game button. - For 2N use
2_Gameand for 3L (3L, 4E, 5E, 6E) use6_Gameplus the number from the yaml. - Drag and drop this file into ghidra and select
v5t little endianas the language. - Click on
Optionsand enter theGME binsaddress from the table as the base address. - Open the file and go to the start and press
d. This will decompile the first instruction. This will be a jump to the main function. - Declare the main function with
fund rename it tomain - Go to file -> parse c source and import the
lib/api.h - Now declare the first argument from your main function as this struct
- Click on the ram symbol and add a memory region for the game state. Make this region rw and the binary rx.
- then run the auto-analysis
- If you have done everything right, you should now have a project with api names, correct offsets and no red addresses