[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Extra juicy! | Home]

Obfuscated hardware/software hacking/glitching thread

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.

Thread replies: 96
Thread images: 11

File: 1429713004345.png (1KB, 160x144px) Image search: [iqdb] [SauceNao] [Google]
1429713004345.png
1KB, 160x144px
Last thread: >>47636588

Use this thread to discuss the intricacies and fun in exploring hardware and software that simply doesn't want you to do so, whether by purpose or just through sheer bad design.
The focus is usually videogame hardware and software, but anything else that fits the criteria is more than welcome.

With that said, these threads have a special focus on the low level, especially assembler language.

Links:

https://savannah.nongnu.org/projects/pgubook/
http://cratel.wichita.edu/cratel/ECE238Spr08

http://www.metroid-database.com/m1/fds-interview-p1.php
http://www.nintendo.co.jp/n02/dmg/mea/top.html
http://www.chrismcovell.com/secret/weekly/Stars_of_the_Family_Computer.html

https://github.com/iimarckus/pokered
https://github.com/kanzure/pokecrystal/

http://marc.rawer.de/Gameboy/
http://marc.rawer.de/Gameboy/Docs/GBCPUman.pdf
http://peterwynroberts.com/2014/05/11/gameboy-programming-tutorial-hello-world/
http://anthony.bentley.name/rgbds/
http://devrs.com/gb/
http://gbdev.gg8.se/wiki/articles/Main_Page
http://www.devrs.com/gb/files/gbbasic.html
http://gbdk.sourceforge.net/

http://www.reinerziegler.de/readplus.htm
http://catfish.it.cx/trsrockin/trsrockin.com/index.html
http://www.kernelthread.com/publications/gbaunix/
http://www.vooks.net/why-the-game-boy-advance-isnt-on-the-3ds-virtual-console/
https://fail0verflow.com/media/30c3-slides/
http://lparchive.org/Pokemon-Blue/
https://www.ocf.berkeley.edu/~jdonald/pokemon/

http://bunniefoo.com/nostarch/HackingTheXbox_Free.pdf
http://wololo.net/2009/03/11/finding-gamesaves-exploits-on-the-psp/
http://wololo.net/2010/02/27/writing-a-binary-loader/
http://wololo.net/2013/04/05/tutorial-finding-vhbl-exploits-without-a-psp/
https://tuts4you.com/download.php?view.2876
>>
File: 1394507890619.gif (164KB, 256x256px) Image search: [iqdb] [SauceNao] [Google]
1394507890619.gif
164KB, 256x256px
>>47682642
If I wasn't so tired I'd post something of actual worth. It's a shame this thread is empty since the topic is interesting as fuck.
>>
File: ican.jpg (24KB, 480x360px) Image search: [iqdb] [SauceNao] [Google]
ican.jpg
24KB, 480x360px
Modern Binary Exploitation

Course Description
>Cybersecurity is one of the fastest growing fields in computer science, though its study is rarely covered in academia due to its rapid pace of development and its technical specificity. Modern Binary Exploitation will focus on teaching practical offensive security skills in binary exploitation and reverse engineering. Through a combination of interactive lectures, hands on labs, and guest speakers from industry, the course will offer students a rare opportunity to explore some of the most technically involved and fascinating subjects in the rapidly evolving field of security.

>The course will start off by covering basic x86 reverse engineering, vulnerability analysis, and classical forms of Linuxbased userland binary exploitation. It will then transition into protections found on modern systems (Canaries, DEP, ASLR, RELRO, Fortify Source, etc) and the techniques used to defeat them. Time permitting, the course will also cover other subjects in exploitation including kernelland and Windows based exploitation.

Student Learning Outcomes

Upon successful completion of this course, students will:
>1. Possess the skills necessary to carry out independent vulnerability research against binary applications.
>2. Have an intimate understanding of executable formats, program control flow at the assembly level, and other low level concepts.
>3. Understand classic and contemporary vulnerabilities and exploitation techniques.
>4. Apply both source code auditing and binary reverse engineering to the vulnerability discovery process.
>5. Be capable of exploiting vulnerabilities found in real world software as defined by MITRE’s Critical Vulnerabilities and Exposures (CVE) system.

PS.: WARZONES WILL BE AVAILABLE AFTER THE END OF THE COURSE.

THERE ARE NO VIDEOS, ONLY LECTURES, CHALLENGES, LABS AND LATER, WARZONES.

Let's do this.

http://security.cs.rpi.edu/courses/binexp-spring2015/
>>
>>47682642
nice choice of pic for OP
>>
>>47682642
The OP is way too long. Put some links in a pastebin instead.

From last thread
>>47680398
The card encryption is broken so these cards can be used like real cards IIRC. As for GBA, it's not running in GBA mode so it can't load those directly.


Some information
http://www.bunniestudios.com/blog/?p=3554
>Reprogramming SD card controllers

problemkaputt.de/gbatek.htm
>GBA / DS / DSi information. Very long and detailed. Written by No$GBA (DS/GBA/DSi emulator in x86 ASM) developer. (Donate to him btw)

http://pastebin.com/u/Kaphotics
>Latest pokemon games data mining notes.
>>
>>47684603
>for you fine gentlemen
>you fine gentlemen
>fine gentlemen
Fuck off reddit.
Also that thread, lel.
>>
>>47684670
What did he say?
And hating on reddit, really? Grow up.
>>
>>47685384
>Grow up
>in 4chan
reddit pls go
>>
>>47685430
Not everyone here is 12, you know, but I don't wanna derail the thread with some pointless discussion.
>>
>>47685445
wow #respect
>>
Bump. Maybe we should talk retro consoles this time.

Bonus if it's some obscure thing.
>>
>>47686001
Sure, just choose some console you find interest.
>>
>>47686080
you find interesting*
>>
>>47686096
Maybe the Virtual Boy?
There is actually a scene for it even now.
>>
>>47682642
Hi there!
You seem to have made a bit of a mistake in your post. Luckily, the users of 4chan are always willing to help you clear this problem right up! You appear to have posted videogame thread on technology board! Whoops! You should always remember there is dedicated board for video games called /v/
Now, there's no need to thank me - I'm just doing my bit to help you get used to the various boards here!
Here you can discuss all your videogames!
>>>/v/
>>
File: 1425177278715.gif (484KB, 200x149px) Image search: [iqdb] [SauceNao] [Google]
1425177278715.gif
484KB, 200x149px
>>47686180
>embedded hardware
>not technology
>>
Im surprised by the decreasing number of anons telling Op to relocate this thread to /vr/ or /v/.
When this was first up at least half of the thread was about moving this thread.Im glad that those people are learning how to use the hide button.
>>
>>47686345
Actually go back to >>>/v/
>>
>>47686132
http://www.planetvb.com/modules/tech/?sec=docs

Some other things
http://www.nintendo.co.jp/support/oss/
>Nintendo OSS usage

http://www.scei.co.jp/ps4-license/
http://www.scei.co.jp/psvita-license/
http://www.scei.co.jp/ps3-license/
>Sony OSS
>>
>>47686445
ok here we go,they are still here.
I dont get the parroting type of people,repeating the same shit over and over and they somehow dont get bored.Have fun guise i have work to do.
>>
>>47686345
Just don't reply when someone tells to move the thread to /v/.
I wish this thread wasn't as dead, we had really interesting discussions on the previous ones.
>>
Bump

http://3dbrew.org/wiki/3DS_Development_Unit_Software
>>
>>47684085
>tfw know everything
>tfw finding even a simple bug takes so long its not even worth starting
Modern software is more secure than some people think
>>
>>47686968
I don't think there's much of a point in bumping.
If the thread dies we can make one when we actually want to discuss something, or move the thread to some other slower board.
>>
File: Untitled.png (497KB, 1920x1080px) Image search: [iqdb] [SauceNao] [Google]
Untitled.png
497KB, 1920x1080px
U guys wanna tell me everything you know about emulation? i just got into it yesterday. Bringing back some rad memories
>>
>>47687403
>move the thread to some other slower board
no please dont do that
This is one of the few threads that are actually dedicated to technology and the spirit of curiosity and tinkering. Keep it up
>>
>>47687404
What do you wanna know?

This reminds me, I have some links about writing emulators if anybody finds it interesting:
http://stackoverflow.com/questions/448673/how-do-emulators-work-and-how-are-they-written

http://www.multigesture.net/articles/how-to-write-an-emulator-chip-8-interpreter/
>>
Oh, and there are some open source emulators, PPSSPP comes to mind but there are others.
>>
>>47687546
trying to emulate life before the civil war so maybe like a slavery simulator?
>>
File: 1364462871771.gif (2MB, 350x258px) Image search: [iqdb] [SauceNao] [Google]
1364462871771.gif
2MB, 350x258px
>>47671608
A certain capcom game.

>>47671613
From what I remember, over the period of several days...

>hook up game to a debugger
>put breakpoint on system file read function
>examine stack
>slowly begin to identify what each function does and give it some descriptive name
>after a while, discover a call to a function which appears to decrypt the read data (i.e. the data was gibberish then it turned into something intelligible after returning from said function)
>step into function
>eventually find a rather curious looking loop which does a load of shift, xors, and fiddles around with the bits
>look around for algorithms which do similar things
>eventually determine it looks suspiciously similar to an ECB blowfish encryption loop
>look around the area of said function in disassembly
>put some more breakpoints in at startup, naming functions as I go along
>eventually discover the "init" function
>determine the actual key via more sleuthing (turns out it wasn't plaintext)
>write some code to decrypt file with blowfish using said key
>holy shit, archive decrypted!

So basically, a few weeks worth of deduction. It would have probably been longer if I hadn't also disassembled the whole thing for reference using hopper (it can generate pseudo code and such, as well as name functions). The actual ripping out of the generated key was done in the debugger.
>>
>>47687404
https://www.youtube.com/watch?v=XZLGBbUkluw

1999 was the best year of my life
>>
>>47687638
I don't get it?
>>
tfw no one will care for these threads since /g/ is essentially /v/'s lounge, and no one knows more about technology than what a GPU is

I feel for you op
>>
>>47687761
Complaining about it doesn't contribute to the thread.
>>
>>47687734
I'm kinda sad I missed out on the moment cause my parents were reluctant on buying a gameboy.
Even though pretty much everyone was playing pokémon back then.

Oh well, it's no big deal.
>>
>>47687761
Will you fuck off nigger I've seen this post five times. We're breaking down ancient code from the ROM level up in these threads, this isn't /v/ fag Skyrim modding kiddie shit.

yes I mad
>>
>>47687804
Chill, this isn't /b/.
There's no point getting mad over it.
>>
>>47687804
chill your nipples hombre, I'm saying most of /g/ is too dumb to understand what you're doing here, not that this thread belongs on /v/
>>
>>47687404
Use bgb for gameboy and mgba for GBA. Also that version of vba you are using is old as balls.
>>
>>47687795
I remember in 2000 when gold and silver version came out if you didn't buy either or for your kid, child support would be knocking soon.

Christmas hit and when I plugged that game cartridge in I almost had a stroke. The South Park episode was spot on, kids were ready to bomb pearl harbor a second time if they didn't get their god damn pokemans.
>>
>>47687834
What's a pokemon game with lots of glitches?
I've only played one of the pokemon games some years ago, on a ds emulator, guess I'm probably the youngest person ITT.
>>
>>47687968
My first Pokemon is B/W. You're not.
>>
https://tcrf.net/Pikmin/Windows_Executable

Master race wins again.
>>
>>47687980
I'm so sorry
>>
>>47687968
Most of the first gen; Red, Blue and Yellow. Iirc the japanese Green was the worst tho, people can beat it in 3 minutes: https://youtu.be/C_GQrzgQq7o

Also read this: http://tasvideos.org/forum/viewtopic.php?t=13489
>>
>>47688100
>3 minutes
You can beat all the first gen games by saving and turning off the power at the right time which corrupts the item counter to give you 255 items.
As the actual memory area where items are stored is only 40 bytes long (you can have 20 item, there's 1 byte for the quantity and 1 for the identifier), you can edit other parts of your memory via the item menu.
If you use this method to change your pokemon count, you can edit even more memory in the same way. People have made it so that that the staircase in your room warps you directly to the last room of the pokemon league, meaning you can beat the game in under a minute.
>>
>>47688152
Is the last part what http://tasvideos.org/forum/viewtopic.php?t=13489 is doing or are you still referring to reset corruption?
>>
Holy fuck this guy is mad

https://tcrf.net/The_New_Tetris
>>
File: 1425582281999.jpg (10KB, 228x218px) Image search: [iqdb] [SauceNao] [Google]
1425582281999.jpg
10KB, 228x218px
>>47688254
>>
Super Mario 64 was a little broken.
https://youtu.be/lk1w3hcQT7g
>>
>>47687209
Or maybe you are delusional about your skills.
>>
>>47688602
https://www.youtube.com/user/pannenkoek2012/videos
https://www.youtube.com/watch?v=9xE2otZ-9os
>>
>>47688669
Thanks that's pretty cool.
>>
>>47688044
Wtf pikmin came with software to run on windows
>>
Probably a stupid question but, when emulators ask for BIOS, why is the BIOS needed and how to dump it? Furthermore why only some emulators need it?
I guess they don't include it in the emulators for legal reasons.
>>
This guy left a porn site HTML in a compiled ROM.

1990's porn anyone?

https://tcrf.net/DynaMike

>>47688852
Dumping is different for each system.
As for why it's needed, part of the code in the BIOS needs to emulated so the game can communicate with it properly.
>>
>>47687833
I've heard of bgb before but I've never heard of mgba. I've been using no$gba. Both bgb and no$gba are nice because they allow you to poke around in memory and set up break points if memory is read or written to. You can also setup ASM breakpoints. Pretty cool because these two emulators cover GB, GBC, GBA and DS games. I'll have to check out mgba though since I am curious.

In the meantime, I found this interesting article about the NES GBA ports. A lot of effort to prevent GBA emulation when you could just emulate the NES straight.

https://endrift.com/mgba/2014/12/28/classic-nes/

>>47688044
>>47688254
>>47688913
I love TCRF.
>>
Not sure if this is a good thread for this, but I'd love to try hacking my ps2 exclusively from linux or through wine if I have to.
Is this doable?
>>
>>47689336

It's become more addictive than TVTropes, and that's saying something for me.
>>
>>47689388
No. You'll need some hardware.

>>47689399
I just mash the Random page button.
>>
>>47688913
Did he left it there intentionally?
>>
>>47689963
No.
>>
>>47690089
How did it happen then?
>>
Does anyone have any info on the N64 RI registers? n64info is nice and all, but its descriptions are lacking.
>>
>>47690154
We'll never know unless the dev who did it comes forward which I doubt. In my mind, that isn't something that you leave in a game by mistake. Perhaps the devs were joking around; who knows. The game never saw a retail release for whatever reason. Chances are that if the game made it to store shelves then that content probably would have been deleted. Although some devs are messy as fuck when cleaning up their games so maybe not.
>>
>>47690154
It's literally said right there that it's caused by uninitialized memory in the compiler's memory.

Guy had this in his system's memory then the compiler threw it in during compilation.
>>
>>47690675
But it wasn't supposed to happen right?
>>
File: mariohax.0.png (74KB, 400x225px) Image search: [iqdb] [SauceNao] [Google]
mariohax.0.png
74KB, 400x225px
I'd like to learn how to do something like this eventually:
https://www.youtube.com/watch?v=OPcV9uIY5i4
>>
>>47690802
Can you program?
>>
>>47690862
Yes, but I have not yet dived into low-level programming such as assembly.
>>
>>47690802
I love this video. There is also a similar one to it where the player "beats" the game.

I don't even know how you would begin to figure out what is done in the video.
>>
>>47691003
Read this: http://tasvideos.org/3957S.html
And this: http://tasvideos.org/4156S.html

The creator explains it fairly well.
>>
>>47690675
Aren't programs memory isolated from each other, how did his web browser memory end up there?
And isn't it dangerous for a program memory to get mixed with another program, can't it end up messing stuff or crashing the program.
>>
>>47682642
>page 5
Neeeewp.
>>
>>47687654
What kind of data was contained in the archives?
>>
>>47687734
<Look for the pokemon yellow butthole pack
>>
How do people make mods for games? I'm not talking about games with built in mod creation tools like minecraft, how is it possible for people to completely change levels or change textures, take a look at san andreas online servers, the maps are completely altered, how is that possible?
>>
'sup n3wbs IDA master reporting in
>>
>>47688913
>https://tcrf.net/DynaMike
hooly shit my sides
>>
>>47692608
What does IDA have to do with anything?
>>
>https://tcrf.net/Spider-Man_%28Windows%29
Hey guys, how exactly would comments like this end up in an EXE file? Like would this come from comments in source code? Would it be thrown in after the source code is compiled?

printf("print something"); // fucking print something
>>
>>47692913
That's fucking hilarious haha.
>>
>>47682642
this is illegal
>>
>>47693920
Your mom's illegal.
>>
>>47692913
Depends on the compiler used. I know when I was working for one of the big 3 tech companies they had a pre commit/release check that enforced strict non swearing commenting/coding
>>
>>47694141
Did you happen to know how >>47691445
>>47690791
>>47688913
That happened?
>>
>>47691445
>>47694228
It's not memory space that's actually in use of another program, rather memory that was released from another program and the OS assigned to a new program
Apparently the OS doesn't initialize reassigned memory to 0, it's just leaving everything in it
>>
>>47694307
Thanks, but shouldn't the os clear memory before letting other programs use it? This was a pretty funny thing tho, is it common for this to happen
>>
>>47694361
yeah, would sound like a sane thing to do, wouldn't it?
>>
I've heard that some Nintendo games have strange things in them because memory wasn't cleared and whatnot.
>>
>>47694968
Link?
>>
>>47694983
Don't have one. I forgot where I read it.
>>
>>47694995
Too bad, seemed interesting.
Do you recall which game was it?
>>
>>47695018
No. I think it was some of their early games on the NES where they were using C and the implementation of malloc or whatever they were using fucked something up.
>>
>>47687404
this is what cancer looks like
>>
>>47694228
As this Anon said >>47694307 not all OSs do memory allocation safety. I know when I was working on a simple string processing homework for a class in C it worked fine on my computer, but the test computer was freaking out. Apparently linux knowing how bad most users were allocating memory 0'd the whole block for me and the server had been set to not do this. As such the string didn't "end" until it randomly found a zero byte or null hence the phrase null terminated.
Thread posts: 96
Thread images: 11


[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]
Please support this website by donating Bitcoins to 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
If a post contains copyrighted or illegal content, please click on that post's [Report] button and fill out a post removal request
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site. This means that 4Archive shows an archive of their content. If you need information for a Poster - contact them.