
Breakout implemented in JavaScript in a PDF - luu
https://rawgit.com/osnr/horrifying-pdf-experiments/master/breakout.pdf
======
croo
"... custom Adobe JavaScript API has an absolutely gigantic surface area.
Scripts can supposedly do things like make arbitrary database connections,
detect attached monitors, import external resources, and manipulate 3D
objects."

This is horrifying. Why would you ever want to cover this functionality in a
read-only document format specification...

~~~
dtech
This is exactly the reason why in the standardized versions of PDF, PDF/A and
the like, Javascript is banned.

------
ConceitedCode
From the repository -

"Granted, most PDF readers (besides Adobe Reader) don't implement most of this
stuff. But Chrome does implement JavaScript! If you open a PDF file like this
one in Chrome, it will run the scripts."

[https://github.com/osnr/horrifying-pdf-
experiments](https://github.com/osnr/horrifying-pdf-experiments)

Doesn't work in Firefox for me. Try in Chrome if this is all you see on the
first page.

    
    
      Move your mouse down here!
      also, README below...

~~~
xattt
Given that the Firefox PDF reader is implemented in js already, does this not
create at least one order of recursion?

------
jancsika
Ooh, so can it do this:

Read in browser: "Party agrees to pay twenty dollars for blues lessons."

Printed version: "Party agrees to pay HIS ETERNAL SOUL to learn to play the
blues HAHAHA"

~~~
lisper
Yes. Absolutely. In fact, you can probably do that without Javascript since
PDF supports CSS.

~~~
colejohnson66
WHY though?

~~~
lisper
Why what?

~~~
thaumasiotes
Why would PDF support CSS? It's a printing format; your PDF is defined over
fixed-size pages. There isn't supposed to be any dynamic layout. You make it
the way you want it to look, and then that's what it looks like.

~~~
dragonwriter
> Why would PDF support CSS? It's a printing format

No, it's not. I mean, print fidelity is where it excels, but that's not all it
does. PDF Reflow, for instance, is a designed-in feature.

------
jameslk
The repository for this seems to indicate this only works in Chrome and a few
other PDF readers[0]. Perhaps the title should be updated to reflect this.

0\. [https://github.com/osnr/horrifying-pdf-
experiments](https://github.com/osnr/horrifying-pdf-experiments)

------
nfoz
Is there any decent alternative standard to PDF that can express the small
subset of PDF that normal people care about and expect, and isn’t capable of
all this insecure dynamic junk?

~~~
anthk
DJVU.

~~~
qwermike
I've just been in this place before

------
eggy
In PoC||GTFO [1], there are a lot of playful file tricks where a PDF is a ZIP
file, or an ecrypted volume is a PDF file, etc... I bought the Bible-looking
softcovers (Vol. 1 and 2) from No Starch press at B&N, but the PDFs are
available online if you want to check them out. Lots of fun! It reminds me of
the late 80s reading 2600 magazine in some ways.

    
    
      [1]  https://www.alchemistowl.org/pocorgtfo/

~~~
anthk
In PoC||GTFO you have about 10 of those >D

------
neilsimp1
I wish I could remember where I read this line, but it's lost on me. "We want
to hire someone who rewrote Quake to render it's graphics in ASCII, just for
the fun of it." (I'm sure I mangled the quote, too.)

I love this, it's hacking for hacking's sake.

~~~
anthk
aaquake, with aalib. It existed, but it squinted your eyes. Aatv on higher
terminal resolutions was almost usable, but once fbtv worked no one cared
about that. Ditto with mplayer with fbdev output.

------
jimjimjim
It works in chrome because they bought the source for the foxit pdf toolkit
which does support it.

but out of all of the weird stuff in the pdf spec (which is terrible)
javascript has got to be the worst.

~~~
vorpalhex
What, you don't want arbitrary javascript payloads executing on that important
legal contract with all your personal details on it? Look, I'm sure whatever
underpaid secretary found that contract on the internet definitely audited any
and all JS on it.

~~~
jimjimjim
hours of fun for sure.

even the attempts at restricting stuff to make a saner version (PDF/a)
eventually devolve into allowing all the crud back in.

------
osrec
Why is the PDF spec so massive?! It would not surprise me if 99.99% of PDF use
cases could be covered by 10% of that document or maybe even less...

~~~
ConceptJunkie
It's no different from Microsoft Word. 90% of Word's use could be fulfilled by
WordPad. I would expect that fewer than 10% of users use 90% of Word's
functionality.

------
Theodores
The history of Breakout is worth knowing, Steve Wozniak built the game. It was
not his concept but by doing the actual hard work of implementing the game in
a reduced chipset he 'made' the game and thrashed out some of the finer points
of gameplay.

Atari sought him out for this as Steve Wozniak had made a viable version of
Pong by reducing the chip count. Although he did a splendid job of getting the
chip count minimised for Breakout this design was not good for production so
Atari did their own board design but the game played the same, as per Steve
Wozniak's version:

[https://en.wikipedia.org/wiki/Breakout_(video_game)](https://en.wikipedia.org/wiki/Breakout_\(video_game\))

I wonder if the Steve Wozniak version has better gameplay than this JS in PDF
hack?

Either way it is in the same spirit, the point of Breakout is more about
optimising the game to available resources - 'hacking' \- than playing the
game.

~~~
ConceptJunkie
The story I've heard is that it was Steve Jobs that was working for Atari, and
he "subcontracted" the work of reducing the chip count to something affordable
to his pal Woz, and pocketed 90% of the bonus for accomplishing it.

------
tonetheman
This is witchcraft... I feel like it is security hole too.... :(

~~~
wwweston
Witchcraft would be if it played after you print the PDF. This is just
software. :)

(Though probably it probably _is_ a security hole)

~~~
goatlover
Maybe doable with the right kind of 3D printer?

~~~
k__
You need to print it on epaper, hurr~

------
femto
A page full of PDF programs here:

[http://www.math.uakron.edu/~dpstory/acrotex.html](http://www.math.uakron.edu/~dpstory/acrotex.html)

including Battleship:

[http://www.math.uakron.edu/~dpstory/tutorial/games/navbat.pd...](http://www.math.uakron.edu/~dpstory/tutorial/games/navbat.pdf)

and Tic-Tac-Toe:

[http://www.math.uakron.edu/~dpstory/tutorial/games/ttt.pdf](http://www.math.uakron.edu/~dpstory/tutorial/games/ttt.pdf)

------
vxNsr
Funny I just got tasked with updated a PDF form and using JavaScript to
validate it.

I have the acrobat/JavaScript API Ref open right now. [0]

[0][https://www.adobe.com/content/dam/acom/en/devnet/acrobat/pdf...](https://www.adobe.com/content/dam/acom/en/devnet/acrobat/pdfs/AcrobatDC_js_api_reference.pdf)
for those interested.

~~~
TheAceOfHearts
My condolences. Having read through part of the PDF spec, I genuinely pity
anyone that has to deal with that clusterfuck.

~~~
abraham_lincoln
It is really not bad, attitude is important, though.

~~~
jimjimjim
apart from all the bits where the spec isn't detailed enough and the only way
to work out what to do is to look at how acrobat handles it.

------
aasasd
Regarding the game itself: since the reflection angle is strictly determined,
instead of varying with the place of reflection, the ball path seems to be is
fully determined by the initial position and angle of the ball launch (aside
from a paddle miss, of course). Specifically, a situation is possible where
you bounce the ball in a cyclic path that doesn't strike the last block(s).

------
TheAceOfHearts
Since we're on the topic of PDFs, what tools or libraries do people use for
inspecting and modifying em? I have a large collection of PDFs from which I
want to extract all the data in order to put it up online and make their
information more accessible, but maneuvering the ecosystem has been just a
huge headache.

~~~
nsriv
I've used doc2txt to OCR some old book scans, works really well in my
experience.

[https://github.com/jlsutherland/doc2text](https://github.com/jlsutherland/doc2text)

------
pcwalton
Even more fun: As I recall (I could be wrong here), there are _two_ different
versions of SpiderMonkey in Adobe Reader: the one used here and a version for
XFA [1].

[1]: [https://en.wikipedia.org/wiki/XFA](https://en.wikipedia.org/wiki/XFA)

------
tschwimmer
I can consistently get the page to crash by quickly scrolling halfway down the
first page so that the playing area is just offscreen. Interesting and hard to
debug (no console errors). Anyone else able to reproduce? I'm on latest Chrome
on OSX 10.13

------
k_
Nice feat. It broke my browser's (vivaldi) pdf viewer though, I had to restart
it to view any other pdf again. Not sure how this happened...

------
abraham_lincoln
I have made some pretty decent JS PDF apps with Acrobat 7 and a SOAP backend.

~~~
lgats
Can you share an example? I have never found a way to get a PDF to call back
to a server (in a non-exploit PDF)

~~~
abraham_lincoln
This article is decent.

[http://khkonsulting.com/2016/06/getting-serial-number-
form-u...](http://khkonsulting.com/2016/06/getting-serial-number-form-using-
soap/)

Basically, the backend is a SOAP server and the PDF is the client.

So, xml and wsdl, no json.

------
ddingus
Insane!

Great write up though. Appreciated.

~~~
juanuys
Excellent write-up. And when I was done I had -67 lives :-)

~~~
dragonshed
Better than NaN or Undefined :)

------
jessaustin
It seems that 40 is the highest possible score...

------
jand
First let me point out that i am amazed by the PDF/JS thing.

What grinds my gears is that the game is broken. Lives go negative, boundary
check only checks for zero.. such stuff.

------
runnr_az
Horrifying! Nice job...

