tandy put their sound chip on the 1A interrupt? THE TIME SERVICES?
=> More informations about this toot | More toots from foone@digipres.club
I started reverse engineering Where in the World is Carmen Sandiego (Enhanced DOS edition) and I'm trying to find how it generates its random seeds so I search on int 1a and the first thing I find is it's doing TANDY SOUNDS?
=> More informations about this toot | More toots from foone@digipres.club
Funny fact: I was trying to get an online assembler to spit out the machine code for "int 1a" but couldn't get it to, so I just went "fuck it, I can probably just do that in my head!"
Turns out I can. My brain is weird.
=> More informations about this toot | More toots from foone@digipres.club
Here's something I didn't know existed until just now: Where in the World is Carmen Sandiego checks your name against the list dossier list and rejects you if you use any of those names.
=> More informations about this toot | More toots from foone@digipres.club
PRONOUNS DETECTED: THIS GAME IS WOKE
sadly they don't have they/them on here. What about the non-binary criminals, huh?
=> More informations about this toot | More toots from foone@digipres.club
stretch goal: hack in at least on enby criminal with appropriate pronouns. maybe I'll just put myself in the game as one of the criminals you can apprehend
=> More informations about this toot | More toots from foone@digipres.club
I faked this screenshot but this is what I mean
=> More informations about this toot | More toots from foone@digipres.club
I think I might be able to do the hack I want by changing one byte.
I'm trying to change it so it has "daily challenges", and I think I can fix that by just switching a INT 1A from subfunction 00 to 04, making it seed the random function with the date instead of the ticks-since-midnight
=> More informations about this toot | More toots from foone@digipres.club
eh, I used 5 bytes. I don't need to impress anyone
=> More informations about this toot | More toots from foone@digipres.club
NORMAL CODE
random(*(byte )(undefined2 *)
(*(int *)(*(int *)0x39a6 * 0xe + local_c * 2 + 0x1d02) * 2 +
*(int *)(local_c * 2 + 0x24b)) - 1);
=> More informations about this toot | More toots from foone@digipres.club
I found another set of pronouns!
=> More informations about this toot | More toots from foone@digipres.club
I haven't figured out how this game stores gender, but I'm gonna go out on a limb and say it's like this:
male: 0
female: 4
=> More informations about this toot | More toots from foone@digipres.club
why? because they have strings like:
char* HE="He\0\0She\0"
char* HIS="His\0Hers\0";
char* HIM="Him\0Her\0";
so they can do like:
printf("Follow %s to %s lair, and capture %s alive!", badguy->name, HIS+badguy->gender, HIM+badguy->gender);
=> More informations about this toot | More toots from foone@digipres.club
I like how the game only asks your name, not your gender.
Player's don't have genders. Only thieves have genders.
=> More informations about this toot | More toots from foone@digipres.club
It's a prequel to Disco Elysium, and your gender is set to COP
=> More informations about this toot | More toots from foone@digipres.club
why does ghidra's "search by instruction pattern" default to BINARY?
what kind of a freak remembers the machine code for INT 21 on x86 in BINARY?
it's CD21h, not 1100110100100001!
what are you, some kind of nerd?
=> More informations about this toot | More toots from foone@digipres.club
I love reversing a string and it's:
void printString(char* str, int length);
and I go look what calls it, reverse that function, and it's:
void printStringSimple(char *str){
printString(str, strlen(str));
}
=> More informations about this toot | More toots from foone@digipres.club
it's like "aww, did someone have second thoughts about making PRINT always take a length, and got tired of having to manually calculate lengths so you just wrapped it?
and your compiler didn't inline SHIT?
=> More informations about this toot | More toots from foone@digipres.club
oh those poor people of Bamako! Someone stole their.
=> More informations about this toot | More toots from foone@digipres.club
okay so when you start a game (well, technically when you restart), the game rolls 3 dice:
0-31: where the shit was stolen from
0-2: which item it is from that location
0-8: whodunnit
=> More informations about this toot | More toots from foone@digipres.club
like if you roll 0 on the first, you get Athens.
For the second one, it's:
0: mask of Priam
1: Achilles's heel
2: sibyl's secret.
=> More informations about this toot | More toots from foone@digipres.club
The last die is used as a lookup table into the dossier's list.
It's got 1 added to it so you won't get Carmen Sandiego, as a rookie at least.
=> More informations about this toot | More toots from foone@digipres.club
so the game uses a pattern like this:
char * RANKS="Rookie\0Sleuth\0Private Eye\0Investigator\0Ace Detective\0"
and then latter they do:
char* your_rank = select_string(RANKS, player->rank);
and select_string is a confusing function to reverse engineer, but knowing the name I gave it gives it away: it advances through the list until it's on the nth string and returns it
=> More informations about this toot | More toots from foone@digipres.club
there is no check for going past the end.
=> More informations about this toot | More toots from foone@digipres.club
so probably it uses the same trick for pronouns. The string I'm seeing is probably like: "He\0Him\0She\0Her\0"
=> More informations about this toot | More toots from foone@digipres.club
Ghidra is officially sexist. It'll automatically detect the word "Female" and mark it as a string, but not the word "Male"!
Why? SEXISM!
or the fact the default minimum length for strings is 5 characters, so "female" is long enough but "male" isn't.
=> More informations about this toot | More toots from foone@digipres.club
correction: there IS a check for going over the end, it's just not used in every place select_string is called. so it's sometimes-safe
=> More informations about this toot | More toots from foone@digipres.club
they have invented a Pronoun Markup Language.
It's \x80 for He/She
It's \x81 for he/she
It's \x82 for his/her
so a string will be "\x80 mentioned \x81 liked seafood and offered me a ride in \x82 motorcycle"
and it'll fill it out based on the pronouns of the suspect
=> More informations about this toot | More toots from foone@digipres.club
BOOOOOOOOOOOOO
=> More informations about this toot | More toots from foone@digipres.club
in trying to hack myself into the game, it glitched and said I had "Hobby: Male"
no... I haven't done that in ages!
=> More informations about this toot | More toots from foone@digipres.club
I'm in the game now
=> More informations about this toot | More toots from foone@digipres.club
I modified the game's NUM_GENDERS and found where it stores the database of criminals, so now you can find me if you search SEX=NB.
=> More informations about this toot | More toots from foone@digipres.club
so in addition to the 5 listed attributes (and their name), the game tracks one hidden attribute:
food preference.
There are only two options:
00=Mexican
01=Seafood
what an odd binary
=> More informations about this toot | More toots from foone@digipres.club
I'm thinking I might do a "full"(ish) disassembly of this game. I've thought for a long while (basically ever since I knew Where In North Dakota is Carmen Sandiego? existed) that there should be an SDK for making your own version of this game, for whatever arbitrary geographical area you want.
=> More informations about this toot | More toots from foone@digipres.club
and of course there's no reason you would have to limit yourself to reality.
You could always do, like, "Where in Middle Earth is Carmen Sandiego?"
=> More informations about this toot | More toots from foone@digipres.club
you go to Rivendell and talk to an Elf who says the perp was talking about how he wanted to collect "his precious"
=> More informations about this toot | More toots from foone@digipres.club
I say "full" in quotes because I don't think I need to reverse the whole game to make it customizable, just enough to let you customize the locations, bad guys, hints, search types, etc.
=> More informations about this toot | More toots from foone@digipres.club
sadly they didn't design the game as a completely empty husk that just loads datafiles. That would have been the smart thing to do, since they could then trivially make new versions.
=> More informations about this toot | More toots from foone@digipres.club
maybe instead of fully decompiling it, I just hack it to grab data from external files, then make a tool for making those files
=> More informations about this toot | More toots from foone@digipres.club
ahh, the PC. No one else ever thought XORing your VRAM was a good idea
=> More informations about this toot | More toots from foone@digipres.club
turns out this version of the game has impressive support for older video cards. Here's Hercules support, which looks horrible without aspect ratio correction!
=> More informations about this toot | More toots from foone@digipres.club
wow, this is actually the first game I've seen actually use the VGA bios call to set the VGA palette. (int 10h, AX=1012h)
=> More informations about this toot | More toots from foone@digipres.club
everyone else just programs the VGA card directly.
=> More informations about this toot | More toots from foone@digipres.club
so when the game starts, it loads:
ACME.DAT
CARMEN.DAT
MIDISND.DAT
DIGISND.DAT
CITIES.DAT
Interestingly, it uses the same code to load the last three, suggesting they're some kind of basic container format
=> More informations about this toot | More toots from foone@digipres.club
starting writing code to generate a JSON file of all the various switchable info in the EXE. Things like hobbies, hair colors, locations, etc.
=> More informations about this toot | More toots from foone@digipres.club
@foone clearly it believes that only women exist
=> More informations about this toot | More toots from Siph@meemu.org
@foone
But aren't then "fellows" then a string and "gals" are not?
=> More informations about this toot | More toots from futurebird@sauropods.win
@futurebird @foone "good" and "evil" aren't strings either. This just got metaphysical.
=> More informations about this toot | More toots from adriano@lile.cl
@futurebird @foone heck, "text" is not a string.
=> More informations about this toot | More toots from adriano@lile.cl
@foone heruururhg the "male" isn't long enough heeuehehehehe ¬w¬
=> More informations about this toot | More toots from Nine@chitter.xyz
@foone would that mean English is sexist? Because in German, both "männlich" (male) and "weiblich" (female) would match, but neither "Mann" nor "Frau" (man/woman)
=> More informations about this toot | More toots from punissuer@universeodon.com
@punissuer exactly! it's all english's fault.
=> More informations about this toot | More toots from foone@digipres.club
@foone it's English all the way down
https://www.reddit.com/r/Jokes/comments/3ssua0/the_problem_with_speaking_english/
=> More informations about this toot | More toots from punissuer@universeodon.com
@foone The Best Kind of safe
=> More informations about this toot | More toots from adriano@lile.cl
@foone why am I now imagining a very overengineered W3C candidate recommendation for pronoun markup using XML or something because it’s always XML
=> More informations about this toot | More toots from captainhayashi@toot.cat
@captainhayashi @foone "Appendix 14: ISO 5218 compliance"
=> More informations about this toot | More toots from marnanel@queer.party
@foone@digipres.club you should make a mod where you change it to 0x03 and add they/them
=> More informations about this toot | More toots from tauon@possum.city
@tauon way ahead of you
=> More informations about this toot | More toots from foone@digipres.club
@foone I'm all into accidentally turning the death generator into some kind of limited picrew and I didn't think about the possibility until now!
=> More informations about this toot | More toots from peblo@owo.cafe
@foone whatcha gonna steal?
=> More informations about this toot | More toots from jordan@sometimes.social
@foone the simulation is lying to you... it's NOT monday (even if it feels that way) and it's currently checks clock 15:47 in Paris.
=> More informations about this toot | More toots from fabrice@infosec.exchange
@foone Now you just need to get Rockapella to record you a catchy intro
=> More informations about this toot | More toots from CowboyWho@libranigans.com
@foone foone turing, the world’s preeminent nonbinary criminal
=> More informations about this toot | More toots from simrob@social.wub.site
@foone still less weird than the gender binary
=> More informations about this toot | More toots from ClarusPlusPlus@peoplemaking.games
@ClarusPlusPlus "makes more sense than the gender binary" is a pretty low bar to clear
=> More informations about this toot | More toots from foone@digipres.club
@foone “Yea we serve both kinds of food here. You want Mexican or Seafood?”
=> More informations about this toot | More toots from scavello@m.epon.io
@foone the two genders of food™
=> More informations about this toot | More toots from seb@androiddev.social
@foone but they have two bits to store it?
=> More informations about this toot | More toots from aburka@hachyderm.io
@aburka @foone
Every good binary needs two bits: A, B, both, neither
=> More informations about this toot | More toots from SvenGeier@mathstodon.xyz
@aburka 16, in fact.
=> More informations about this toot | More toots from foone@digipres.club
@foone the game developer’s mind could not comprehend this
=> More informations about this toot | More toots from bonzoesc@m.bonzoesc.net
@bonzoesc @foone seafood topping mexican?? What heterocuisine nonsense is this??
=> More informations about this toot | More toots from ellie@ellieayla.net
@foone i like mexican but don't like seafood, so it checks out
=> More informations about this toot | More toots from irina@critter.cafe
@foone I want to make a Carmen Sandiego game.
Dammit foone, I don't have time for more projects, I have to make toys and produce television.
=> More informations about this toot | More toots from ajroach42@retro.social
@ajroach42 @foone Where in the Fediverse is Carmen Sandiego?
=> More informations about this toot | More toots from north@ꩰ.com
@north @ajroach42 @foone Over here: @carmensandiego
=> More informations about this toot | More toots from drwho@hackers.town
@foone isn’t that how they do outlines when dragging windows? So you can easily undo the outline without copying the pixels someplace safe - just do the XOR again and it’s gone.
=> More informations about this toot | More toots from thejpster@hachyderm.io
@foone Are you need a job ?
Apply here> https://smrturl.co/a/s944b4e1162/1706?s1=
=> More informations about this toot | More toots from onlinejobsite@mastodon.social
@foone IIRC QuickBasic's PALETTE call also went through BIOS.
=> More informations about this toot | More toots from jernej__s@infosec.exchange
@jernej__s That'd make sense. it was never terribly fast, and it needed to run on absolutely everything DOS did, so why not use the slow BIOS calls?
=> More informations about this toot | More toots from foone@digipres.club
@foone It was also not documented well – you had to figure out that the value was R+256G+65536B yourself (while the range for R/G/B was 0-63, and any other value just threw an error).
=> More informations about this toot | More toots from jernej__s@infosec.exchange
@foone Borland Pascal / C++ BGI driver stack methods also went through Bios. I was digging in that environment of late and found out that
a) original support for graphics in BP7 was ending at VESA 16 colour driver (so 1024x768 but 16 colours), and
b) some fanatic redid VESA drivers for newer cards, including fixing mouse cursor at higher res, and after a period of selling this package released it free for the people to use.
So technically I could write now a DOS program operating in high res modes with 24bit colour.
Makes me want to de-dust some skills, really.
=> More informations about this toot | More toots from artwaw@c.im
@foone Now I remember playing it on CGA...
=> More informations about this toot | More toots from whvholst@eupolicy.social
@whvholst Did it look like this?
=> View attached media | View attached media | View attached media | View attached media
=> More informations about this toot | More toots from foone@digipres.club
@foone It was around 1987, almost forty years ago, the telex looks familiar, the cartoon dialogs less so.
=> More informations about this toot | More toots from whvholst@eupolicy.social This content has been proxied by September (3851b).Proxy Information
text/gemini
