Last thread: >>47636588
Use this thread to discuss the intricacies and fun in exploring hardware and software that simply doesn't want you to do so, whether by purpose or just through sheer bad design.
The focus is usually videogame hardware and software, but anything else that fits the criteria is more than welcome.
With that said, these threads have a special focus on the low level, especially assembler language.
If I wasn't so tired I'd post something of actual worth. It's a shame this thread is empty since the topic is interesting as fuck.
Modern Binary Exploitation
>Cybersecurity is one of the fastest growing fields in computer science, though its study is rarely covered in academia due to its rapid pace of development and its technical specificity. Modern Binary Exploitation will focus on teaching practical offensive security skills in binary exploitation and reverse engineering. Through a combination of interactive lectures, hands on labs, and guest speakers from industry, the course will offer students a rare opportunity to explore some of the most technically involved and fascinating subjects in the rapidly evolving field of security.
>The course will start off by covering basic x86 reverse engineering, vulnerability analysis, and classical forms of Linuxbased userland binary exploitation. It will then transition into protections found on modern systems (Canaries, DEP, ASLR, RELRO, Fortify Source, etc) and the techniques used to defeat them. Time permitting, the course will also cover other subjects in exploitation including kernelland and Windows based exploitation.
Student Learning Outcomes
Upon successful completion of this course, students will:
>1. Possess the skills necessary to carry out independent vulnerability research against binary applications.
>2. Have an intimate understanding of executable formats, program control flow at the assembly level, and other low level concepts.
>3. Understand classic and contemporary vulnerabilities and exploitation techniques.
>4. Apply both source code auditing and binary reverse engineering to the vulnerability discovery process.
>5. Be capable of exploiting vulnerabilities found in real world software as defined by MITRE’s Critical Vulnerabilities and Exposures (CVE) system.
PS.: WARZONES WILL BE AVAILABLE AFTER THE END OF THE COURSE.
THERE ARE NO VIDEOS, ONLY LECTURES, CHALLENGES, LABS AND LATER, WARZONES.
Let's do this.
The OP is way too long. Put some links in a pastebin instead.
From last thread
The card encryption is broken so these cards can be used like real cards IIRC. As for GBA, it's not running in GBA mode so it can't load those directly.
>Reprogramming SD card controllers
>GBA / DS / DSi information. Very long and detailed. Written by No$GBA (DS/GBA/DSi emulator in x86 ASM) developer. (Donate to him btw)
>Latest pokemon games data mining notes.
You seem to have made a bit of a mistake in your post. Luckily, the users of 4chan are always willing to help you clear this problem right up! You appear to have posted videogame thread on technology board! Whoops! You should always remember there is dedicated board for video games called /v/
Now, there's no need to thank me - I'm just doing my bit to help you get used to the various boards here!
Here you can discuss all your videogames!
Im surprised by the decreasing number of anons telling Op to relocate this thread to /vr/ or /v/.
When this was first up at least half of the thread was about moving this thread.Im glad that those people are learning how to use the hide button.
Some other things
>Nintendo OSS usage
U guys wanna tell me everything you know about emulation? i just got into it yesterday. Bringing back some rad memories
>move the thread to some other slower board
no please dont do that
This is one of the few threads that are actually dedicated to technology and the spirit of curiosity and tinkering. Keep it up
What do you wanna know?
This reminds me, I have some links about writing emulators if anybody finds it interesting:
A certain capcom game.
From what I remember, over the period of several days...
>hook up game to a debugger
>put breakpoint on system file read function
>slowly begin to identify what each function does and give it some descriptive name
>after a while, discover a call to a function which appears to decrypt the read data (i.e. the data was gibberish then it turned into something intelligible after returning from said function)
>step into function
>eventually find a rather curious looking loop which does a load of shift, xors, and fiddles around with the bits
>look around for algorithms which do similar things
>eventually determine it looks suspiciously similar to an ECB blowfish encryption loop
>look around the area of said function in disassembly
>put some more breakpoints in at startup, naming functions as I go along
>eventually discover the "init" function
>determine the actual key via more sleuthing (turns out it wasn't plaintext)
>write some code to decrypt file with blowfish using said key
>holy shit, archive decrypted!
So basically, a few weeks worth of deduction. It would have probably been longer if I hadn't also disassembled the whole thing for reference using hopper (it can generate pseudo code and such, as well as name functions). The actual ripping out of the generated key was done in the debugger.
1999 was the best year of my life
I'm kinda sad I missed out on the moment cause my parents were reluctant on buying a gameboy.
Even though pretty much everyone was playing pokémon back then.
Oh well, it's no big deal.
Will you fuck off nigger I've seen this post five times. We're breaking down ancient code from the ROM level up in these threads, this isn't /v/ fag Skyrim modding kiddie shit.
yes I mad
I remember in 2000 when gold and silver version came out if you didn't buy either or for your kid, child support would be knocking soon.
Christmas hit and when I plugged that game cartridge in I almost had a stroke. The South Park episode was spot on, kids were ready to bomb pearl harbor a second time if they didn't get their god damn pokemans.
Most of the first gen; Red, Blue and Yellow. Iirc the japanese Green was the worst tho, people can beat it in 3 minutes: https://youtu.be/C_GQrzgQq7o
Also read this: http://tasvideos.org/forum/viewtopic.php?t=13489
You can beat all the first gen games by saving and turning off the power at the right time which corrupts the item counter to give you 255 items.
As the actual memory area where items are stored is only 40 bytes long (you can have 20 item, there's 1 byte for the quantity and 1 for the identifier), you can edit other parts of your memory via the item menu.
If you use this method to change your pokemon count, you can edit even more memory in the same way. People have made it so that that the staircase in your room warps you directly to the last room of the pokemon league, meaning you can beat the game in under a minute.
Probably a stupid question but, when emulators ask for BIOS, why is the BIOS needed and how to dump it? Furthermore why only some emulators need it?
I guess they don't include it in the emulators for legal reasons.
This guy left a porn site HTML in a compiled ROM.
1990's porn anyone?
Dumping is different for each system.
As for why it's needed, part of the code in the BIOS needs to emulated so the game can communicate with it properly.
I've heard of bgb before but I've never heard of mgba. I've been using no$gba. Both bgb and no$gba are nice because they allow you to poke around in memory and set up break points if memory is read or written to. You can also setup ASM breakpoints. Pretty cool because these two emulators cover GB, GBC, GBA and DS games. I'll have to check out mgba though since I am curious.
In the meantime, I found this interesting article about the NES GBA ports. A lot of effort to prevent GBA emulation when you could just emulate the NES straight.
I love TCRF.
We'll never know unless the dev who did it comes forward which I doubt. In my mind, that isn't something that you leave in a game by mistake. Perhaps the devs were joking around; who knows. The game never saw a retail release for whatever reason. Chances are that if the game made it to store shelves then that content probably would have been deleted. Although some devs are messy as fuck when cleaning up their games so maybe not.
It's literally said right there that it's caused by uninitialized memory in the compiler's memory.
Guy had this in his system's memory then the compiler threw it in during compilation.
I'd like to learn how to do something like this eventually:
Aren't programs memory isolated from each other, how did his web browser memory end up there?
And isn't it dangerous for a program memory to get mixed with another program, can't it end up messing stuff or crashing the program.
How do people make mods for games? I'm not talking about games with built in mod creation tools like minecraft, how is it possible for people to completely change levels or change textures, take a look at san andreas online servers, the maps are completely altered, how is that possible?
Hey guys, how exactly would comments like this end up in an EXE file? Like would this come from comments in source code? Would it be thrown in after the source code is compiled?printf("print something"); // fucking print something
Depends on the compiler used. I know when I was working for one of the big 3 tech companies they had a pre commit/release check that enforced strict non swearing commenting/coding
It's not memory space that's actually in use of another program, rather memory that was released from another program and the OS assigned to a new program
Apparently the OS doesn't initialize reassigned memory to 0, it's just leaving everything in it
As this Anon said >>47694307 not all OSs do memory allocation safety. I know when I was working on a simple string processing homework for a class in C it worked fine on my computer, but the test computer was freaking out. Apparently linux knowing how bad most users were allocating memory 0'd the whole block for me and the server had been set to not do this. As such the string didn't "end" until it randomly found a zero byte or null hence the phrase null terminated.