|
netcat posted:it does have some very funny bugs though, like the move that is supposed to increase your critical hit rate actually decreases it. Final Fantasy 1 had a bunch of those bugs because there were a lot of spells I imagine that the testers never bothered with because they seemed useless. LOCK is supposed to lower the enemy's evasion but never hits and LOK2 actually increases the enemy's evade stat. SABR and TMPR are supposed to make the caster attack better and they don't do jack. But on the other hand why are you burning a 7th level spell slot so your black wizard can play lovely fighter? Also the names are wonky because that's all the space allocated to the spell names in the game cartridge. Pokemon apparently had the problem that they literally couldn't fit the translated English text in and had to redo a huge amount of stuff because bad things happened when they tried moving any of the code around. edit: The space issue is also why the old Final Fantasies had such weird translations. Every line of text in the game had to be at most as long as the Japanese text in order to keep everything in the same place and that put some severe constraints on the translator. 1337JiveTurkey fucked around with this message at 23:43 on Jul 5, 2018 |
# ? Jul 5, 2018 23:39 |
|
|
# ? May 17, 2024 16:42 |
|
1337JiveTurkey posted:Also the names are wonky because that's all the space allocated to the spell names in the game cartridge. Pokemon apparently had the problem that they literally couldn't fit the translated English text in and had to redo a huge amount of stuff because bad things happened when they tried moving any of the code around. To me it sounds more like they didn't try hard enough. Presumably the Japanese font had more symbols than there are letters in the Latin alphabet so why not store two, or maybe even three Latin characters in each slot?
|
# ? Jul 5, 2018 23:47 |
|
hi, hello, i do reverse engineering as a hobby. of course i know that these games are broken, but it's always weird to me that some people use the existence of some small bugs as evidence that the whole game was programmed by idiots who don't know what they're doing. no, they knew what they were doing, dealing with these sorts of constraints is hard, and quite often these bugs would come in and be marked known-shippable. since these older games were so simple and self-contained, it does mean the hobbyists that are trying to crack games find them a lot more in other games, and often times executing them can be simpler, but arbitrary code execution exists in quite a few modern games as well.
|
# ? Jul 6, 2018 00:10 |
|
Suspicious Dish posted:your avatar is about 8x as big as all the ram the game has to work with. Even if it was supposed to be security-sensitive, trying to make your code robust in the face of someone poking random data into your memory is a battle that you aren't going to win.
|
# ? Jul 6, 2018 00:14 |
|
Suspicious Dish posted:hi, hello, i do reverse engineering as a hobby. of course i know that these games are broken, but it's always weird to me that some people use the existence of some small bugs as evidence that the whole game was programmed by idiots who don't know what they're doing. One also suspects that people have worked a lot harder figuring out exploits for pokemon red/blue than for almost any other game of the era.
|
# ? Jul 6, 2018 01:00 |
|
I bet that you could devise an arbitrary code execution attack at least on any game where all the memory is statically allocated.
|
# ? Jul 6, 2018 01:08 |
|
Yeah, all things considered Pokemon uses some really cool tricks and has some incredibly small flaws that lead to surprisingly big failures. Like, if it wasn't for a single row of, what, 8 tiles in the whole game next to a town being mislabelled the entire Missingno glitch as it's known wouldn't exist and the insane gymnastics the game does when you talk to the guy who shows you how to catch Pokemon would be a neat curiosity for people who take apart games. When you put it into perspective, a lot of these "broken" old beloved games (as opposed to actually broken games of the era) push right up against the limits of what they have to work with, and 99% of the time work super well. There's just one small part that escaped QA that jumps into the middle of arbitrary memory. Even of those, a lot of them are going to be useless except the ones that happen to jump to your name or some other value the player can influence. It's telling that a lot of these glitches went undiscovered for years. I recommend Gamehut, a channel by the founder of Traveller's Tales, which explains a lot of the gymnastics they had to do just to get basic things like "hallways" rendering on early systems. It's just modern games don't have to run on a computer as powerful as a toaster and need to do nonsense like temporarily swap user HP with texture data just to have a game with more than 255 characters of text, which allows at the very least for more granular faults to happen where sure, textures may break, but it's not going to set the program counter to the audio buffer. (... usually)
|
# ? Jul 6, 2018 01:10 |
|
brap posted:I bet that you could devise an arbitrary code execution attack at least on any game where all the memory is statically allocated. Any game is a pretty strong claim. I would be surprised if, say, Pong on the Atari 2600 had an arbitrary code execution attack. It's far from conceptually impossible to prevent this kind of attack, and plenty of games that have arbitrary code execution TASes require ridiculous setups to pull off, using extremely specific setups and circumstances.
|
# ? Jul 6, 2018 01:27 |
|
Plorkyeran posted:Even if it was supposed to be security-sensitive, trying to make your code robust in the face of someone poking random data into your memory is a battle that you aren't going to win. libc is turning complete for ROP gadgets so I'd say so.
|
# ? Jul 6, 2018 01:37 |
|
hackbunny posted:To me it sounds more like they didn't try hard enough. Presumably the Japanese font had more symbols than there are letters in the Latin alphabet so why not store two, or maybe even three Latin characters in each slot? If they limit themselves to hiragana, there's less of those than the 52 characters they'd need to encode for all upper and lower case latin letters. If they also toss in katakana, they'd still need less than a hundred characters. I can't imagine they'd use kanji because it's just way too much to mash into 8x8 pixels and they're marketing the game to children who don't know very many kanji in the first place. Anyone who's made it past page one of Japanese for Anime Lovers can probably prove me wrong here, since that's where I threw in the towel. In any case, even if they used kanji, there's no reason to allow for any arbitrary kanji string in existence. If you look at the glitches in Pokemon it's pretty clear that the names aren't strings or some other highfalutin' abstraction but are actually pointers to the graphics for the character. Even with fewer latin characters there's still the limitation of how big the pointers are.
|
# ? Jul 6, 2018 01:43 |
|
Plorkyeran posted:Even if it was supposed to be security-sensitive, trying to make your code robust in the face of someone poking random data into your memory is a battle that you aren't going to win. These arbitrary code execution TASes don't use gamesharks or anything though? It's not "someone poking random data into your memory", it's "someone finding an in-game action that permits arbitrary memory writes" and then taking that and running with it.
|
# ? Jul 6, 2018 01:53 |
|
ToxicFrog posted:These arbitrary code execution TASes don't use gamesharks or anything though? It's not "someone poking random data into your memory", it's "someone finding an in-game action that permits arbitrary memory writes" and then taking that and running with it. My favorite in-game action is mashing A in the 8khz range, a normal action for normal humans like me.
|
# ? Jul 6, 2018 02:33 |
|
JawnV6 posted:My favorite in-game action is mashing A in the 8khz range, a normal action for normal humans like me. I'm pretty sure there's never been a videogame that ran at 16000 frames per second. TASes semi-routinely mash at a perfect 30Hz, which is pretty damned hard to sustain by humans, though at least some of us can achieve it for brief periods. And of course TASes can perform arbitrarily-long strings of frame-perfect inputs without any cues. As a general rule, TASes require you to only provide inputs through "official" channels, which for most games means one or more controllers and the power/reset inputs on the console. They don't otherwise care how realistic those inputs are, though.
|
# ? Jul 6, 2018 03:24 |
|
Some tases (and even some live speedrun categories) allow inputs that work electrically, but are physically impossible on a non-modded controller. Like pressing two opposite directions at the same time.
|
# ? Jul 6, 2018 03:39 |
|
Jabor posted:Some tases (and even some live speedrun categories) allow inputs that work electrically, but are physically impossible on a non-modded controller. Like pressing two opposite directions at the same time. Totally doable on an unmodded controller if you rock the D-pad back and forth with the right timing. I don't know exactly how it works, but there's a video out there of a guy using an L+R glitch to go through a wall in Super Mario World with an unmodified controller. Practically or reliably doable is a completely different matter, but those are two adjectives that don't apply to TASes.
|
# ? Jul 6, 2018 03:59 |
|
My fav old timey exploit is the galaga one. I'll dig it up when I'm not phone posting.
|
# ? Jul 6, 2018 04:14 |
|
ToxicFrog posted:These arbitrary code execution TASes don't use gamesharks or anything though? It's not "someone poking random data into your memory", it's "someone finding an in-game action that permits arbitrary memory writes" and then taking that and running with it. The linked pokemon blue LP is "wow if you use a gameshark to turn off collision detection things break", which is not even a problem with the game, much less evidence that the game is a mess that barely works. The Yellow video is actually a bug in the game, but not one that can be triggered on the hardware the game was written to run on.
|
# ? Jul 6, 2018 04:14 |
This is a very cool video.
|
|
# ? Jul 6, 2018 04:23 |
|
TooMuchAbstraction posted:I'm pretty sure there's never been a videogame that ran at 16000 frames per second. TASes semi-routinely mash at a perfect 30Hz, which is pretty damned hard to sustain by humans, though at least some of us can achieve it for brief periods. And of course TASes can perform arbitrarily-long strings of frame-perfect inputs without any cues. https://arstechnica.com/gaming/2016/07/how-to-beat-super-mario-bros-3-in-less-than-a-second/ quote:As it turns out, the NES hardware itself has a small bug, such that reading sound data from this channel results in the CPU sometimes making an extra "read" request from one of the controller inputs. Uncorrected, this hardware vagary would lead to a lot of "phantom inputs," where a button press would register when none had occurred. JawnV6 fucked around with this message at 05:28 on Jul 6, 2018 |
# ? Jul 6, 2018 04:43 |
|
Right now we're talking about small bugs that are exploitable to rewrite the entire RAM of a pokemon game. Yes, those exist but you have to look for them. However, first gen Pokemon has a LOT of way more practical bugs. Like certain attacks not doing what they're supposed to do. Some type advantages being mixed up. And so on. Here's a list of both bugs and things-that-probably-weren't-bugs.
|
# ? Jul 6, 2018 07:15 |
|
JawnV6 posted:My favorite in-game action is mashing A in the 8khz range, a normal action for normal humans like me. Oh hi Mark.
|
# ? Jul 6, 2018 08:39 |
|
JawnV6 posted:My favorite in-game action is mashing A in the 8khz range, a normal action for normal humans like me. Many of the cool pokemon memory-writing tricks are doable by humans, without a gameshark; that's what really makes them noteworthy
|
# ? Jul 6, 2018 10:28 |
|
QuarkJets posted:Many of the cool pokemon memory-writing tricks are doable by humans, without a gameshark; that's what really makes them noteworthy In other games too, most of the arbitrary code execution glitches I'm aware of can be done by humans. You just won't be injecting a very large payload by hand. And while glitching the debouncer to instantly go to credits is a fun outlier, 99% of TASes have a list of buttons for each frame.
|
# ? Jul 6, 2018 15:07 |
|
Dylan16807 posted:You just won't be injecting a very large payload by hand. Don't be so sure! https://www.youtube.com/watch?v=hB6eY73sLV0
|
# ? Jul 6, 2018 16:59 |
|
duz posted:My fav old timey exploit is the galaga one. I'll dig it up when I'm not phone posting. http://computerarcheology.com/Arcade/Galaga/ tl;dr There's a buffer that holds the active shots that clears as they leave the screen. Unless they initiated on the very edge of the screen (x=0), then they never clear. There's only four enemies that will occasionally fire there and only if they're the only remaining ones. It can take 10-15 minutes of dodging until those enemies have fired enough shots on the edge to fill the buffer. Once the buffer is full, no more enemies can fire until you die. The game came out in 1981, the first published reference to the bug appears to be in 1983.
|
# ? Jul 6, 2018 18:24 |
|
Today I “fixed” a hanging CircleCI build by piping the offending command into cat. I do not know why it worked. All hail pipecat.
|
# ? Jul 6, 2018 18:26 |
|
Pollyanna posted:Today I “fixed” a hanging CircleCI build by piping the offending command into cat. I do not know why it worked. All hail pipecat. on the command line there's a notion of std err and std out. errors are supposed to be written to std err, output is supposed to be written to std out. i've seen programs that incorrectly use std error instead of std out, and if you pipe those, nothing happens. i find it useful to have my shell color std err red just so it's easy to tell when this is happening.
|
# ? Jul 6, 2018 21:47 |
|
TooMuchAbstraction posted:I'm pretty sure there's never been a videogame that ran at 16000 frames per second. TASes semi-routinely mash at a perfect 30Hz, which is pretty damned hard to sustain by humans, though at least some of us can achieve it for brief periods. And of course TASes can perform arbitrarily-long strings of frame-perfect inputs without any cues. strong avatar post combo here.
|
# ? Jul 6, 2018 21:52 |
Bruegels Fuckbooks posted:on the command line there's a notion of std err and std out. errors are supposed to be written to std err, output is supposed to be written to std out. i've seen programs that incorrectly use std error instead of std out, and if you pipe those, nothing happens. i find it useful to have my shell color std err red just so it's easy to tell when this is happening. In my experience a lot of these programs output both data and progress updates, using stdout for the former and stderr for the latter even if the latter isn't strictly an error. The idea is it lets you easily separate out the data for piping to grep or whatever, without necessarily throwing away the progress updates. Which I think is a pretty reasonable choice.
|
|
# ? Jul 6, 2018 23:19 |
|
Curl is a prime example of that. If you pipe the output you still see progress updates on stderr.
|
# ? Jul 6, 2018 23:29 |
|
Pentecoastal Elites posted:Don't be so sure! Not to take away from that incredibly nerdy yet cool achievement, but if I'm hearing the video correctly it took him 53 minutes to write about 350 bytes for setup + bootloader + flappy bird code, or about 0.1 bytes/second. The Pokemon Yellow TAS is first inputting a bespoke video decoder for gameboy, then streaming data to that viewer in real time by reading up to 100 000 bytes/second from the gamepad. That's about as many orders of magnitude as are between a current laptop and the Eniac so "won't be injecting a very large payload by hand" sounds pretty reasonable.
|
# ? Jul 7, 2018 02:06 |
|
Pollyanna posted:Today I “fixed” a hanging CircleCI build by piping the offending command into cat. I do not know why it worked. All hail pipecat. Whatever used to be connected to those pipes wasn't reading them. Pipes are implemented with the OS maintaining a fixed size buffer that one process writes into and the other one reads from, along with some synchronization to keep track of what data has been written but not read yet. If the reading process stops reading, the buffer fills up and the writing one blocks waiting for buffer space to become available.
|
# ? Jul 7, 2018 03:28 |
|
https://docs.google.com/document/d/1LOXrLcAA_nIDjwqRYQmZbCElHbRoixe-tVqnqSShVco/edit?usp=sharing A proposal for an Encoding for 'dirty' Emoji
|
# ? Jul 7, 2018 08:30 |
|
Carbon dioxide posted:https://docs.google.com/document/d/1LOXrLcAA_nIDjwqRYQmZbCElHbRoixe-tVqnqSShVco/edit?usp=sharing i skipped a row. tbf thats a big rear end table
|
# ? Jul 7, 2018 10:13 |
|
Carbon dioxide posted:https://docs.google.com/document/d/1LOXrLcAA_nIDjwqRYQmZbCElHbRoixe-tVqnqSShVco/edit?usp=sharing Man/woman receiving penis/dildo/both in various holes should be a 3D matrix.
|
# ? Jul 7, 2018 11:50 |
|
Carbon dioxide posted:https://docs.google.com/document/d/1LOXrLcAA_nIDjwqRYQmZbCElHbRoixe-tVqnqSShVco/edit?usp=sharing
|
# ? Jul 7, 2018 11:54 |
|
This is so absurd, I can't but love it I'm a 🤸🥒🍌💦🐴🕊♂
|
# ? Jul 7, 2018 12:20 |
|
quote:Some “role emoji”- that is, emoji which display a single humanoid without displaying them performing some activity- include socks as part of their representation; this indicates that the subject is meant to appear sexually appealing, but not to appear in a state of undress considered unsuitable for public. Without socks, the subject should appear sexually appealing without regard for whether this would be decent in public; these concepts are distinguished the adjectives “sexy” for the former and “slutty” for the latter. quote:🙏👨👩 missionary: male on female hackbunny fucked around with this message at 01:36 on Jul 9, 2018 |
# ? Jul 9, 2018 01:32 |
|
Carbon dioxide posted:https://docs.google.com/document/d/1LOXrLcAA_nIDjwqRYQmZbCElHbRoixe-tVqnqSShVco/edit?usp=sharing JFC which I guess would be 🧔🍆♂ also they forgot to use the male with stroke sign for anything
|
# ? Jul 9, 2018 14:19 |
|
|
# ? May 17, 2024 16:42 |
|
Anyone working at amazon business? I received a URL sent in what looks like a 100% legitimate email for a page on amazonbusiness.com that reliably produces the following HTML:code:
|
# ? Jul 10, 2018 03:20 |