Hacker News new | comments | show | ask | jobs | submit login

I pretty much discovered programming by messing around with my Action Replay as a chid. I was probably 12 years old and my family were poor so we didn't have a computer. My big brother had a Dreamcast and this could be hooked up to our phone line (56K) to get online. I was allowed to do this one hour per week, on a Saturday if I'd been behaved that week. It was terrible: it locked up my mum's phone line so it was a strict hour, and it used to take forever to connect, so I'd get maybe 30 mins to try and load codejunkies.com and post my weekly discoveries to the forum. This was tricky as I had to type using the dreamcast controller and I wrote all my codes out on pen and paper (I had a whole book of my notes).

I remember one weekend I got to use the main TV and plugged in the dreamcast. Found the codejunkies forum and there were a bunch of people doing things that I had been doing. Some random names, I remember Dr Ian, FoxDie, SubDrag, Krusha... there were a load of people with strange names doing exactly the same things I'd been doing in the back room during the week.

I posted some of the codes I had figured out, nothing major at first: Adding a timer to any Goldeneye level, modifying the character's head/body. I checked back a week later and some of these 'big names' had commented on my codes! I was ecstatic :)

I looked forward to my weekly hour online and I used all my time on Action Replay/Gameshark sites. I even wrote a tutorial on N64 hacking (using a Dreamcast controller, it sucked).

I got to the stage where I could look at the Memory Editor on a page of Goldeneye and know exactly what part of code/data it was. I knew after a while that 3F80 somehow related to a default value, and if I made it larger things in the game would usually grow. I would change a value like this and them run around for ages until I saw something bigger. Didn't always work, but once it did I would look at the memory address for the 3F80 and do a search for that address.

This (I thought at the time) would be the place that knows about the object, so I would read the hexdump and follow anything that looked like an address in the editor, modifying the value at that address and seeing what it would change.

Somehow this ended up working out well (I had never used a computer for anything but Word an Excel at this stage) and I found I could replace objects, change their sizes, colour, physics... I could replace them with objects that were no longer in the game (suitcases in Goldeneye etc).

It was fun!

Once I was comfortable with it I started looking for the big prizes. Things I would see on my weekly journey to the forums that people wanted. Connery Bond was a big one. There were rumours that you could play as the other bonds.

So I figured I would find him. I figured that since you pause the game in Goldeneye and see the arm + watch, Connery would have a white arm. So I took some time tracking the seconds hand on the watch and travelled up the memory addresses until I found a value that was near a 3F80. I switched it, paused the game and had a white suit!! Amazing!

I ended up quite with an intimate knowledge of the Goldeneye hex dumps. I found a weird level that I could load, providing I emptied it of objects and props. So I found a way to stop the game from loading anything other than level data and I could briefly see a strange silver ramp level with blue skies, but I would fall and die immediately. I later discovered that this was the Citadel level and some other clever guys managed to make it playable :)

The thing that ended for me though, was my biggest hack ever...

I read a cheat book (I collected N64 magazine) that said Banjo and Kazooie had many more cheats than released while lying on my bed. I figured that I knew a couple of the codes (you entered them in a floor of a sandcastle, but it was basically a keyboard), so if I entered a code and did a memory dump after each letter I could home in on the counter that was checking them.

So I hit take a mem dump, hit a letter, mem dump search for values greater than lat and repeat.

Found it.

Then I search for the memory address at that pointer and find something pointing at it. Repeating this I find a whole bunch of crappy values with 00 between them.

Deciding that these were the codes, but encrypted (:-|) I wrote them all down on paper, all 60ish and took them to the front room. From the codes that were released I could figure out the majority of the letters: A was 65, E was 69 etc so I went through filling those out. I gave my mum and dad a few pages each and (love them) they sat there and filled out the missing letters.

An hour later I had every code for that game in my lap :)

I waited a few days for internet access and used the entire hour typing them into an email that I sent to Official Nintendo Magazine, GamesMaster and N64 magazine (my favourite).

Next week I checked online and Nintendo Magazine got back to me asking where I found the codes. They later published a full cheat book with them (without credit) and credited me for a really crap cheat in the main magazine. I didn't care - they sent me WWF No Mercy for free (big deal for a poor kid) and my name was in a magazine!

I was walking home a few weeks later and saw N64 Magazine in the newsagents. Cover had Banjo and Kazooie on it - NEW CHEATS REVEALED: GET THE ICE KEY AND MORE...

Holy shit!

I couldn't afford it but I ran in and flicked through the pages to look for my name. This was epic!

Except it wasn't. Turned out some other hackers had found the codes at the same time and they had their name in my favourite magazine. I was gutted.

Two weeks later my parents couldn't afford the phone line and my brother sold his Dreamcast.

It was a fun time, and looking back at it now wit a computer science degree I can't help but smile.

I only wish I knew what ASCII was before me and my parents used frequency analysis to crack it haha!




> Some random names, I remember Dr Ian, FoxDie, SubDrag, Krusha

Hey wait, I know these names..

> Except it wasn't. Turned out some other hackers had found the codes at the same time and they had their name in my favourite magazine. I was gutted.

I am pretty sure that was SubDrag. You might be interested to know that he is still around, check out irc.efnet.org #n64dev -- you might have to idle for a while, but he's definitely around.


I'm sure you know now, but you don't mention it: 0x3f80 is 1.0 represented as a half-precision (16 bit) float.


16 bit is 1 sign + 5 exponent + 10 significand

exponent bias is 15

0011 1111 1000 0000

0.875

---

32 bit is 1 sign + 8 exponent + 23 significand

exponent bias is 127

0011 1111 1000 0000 0000 0000 0000 0000

1.0


My mistake, you're correct. I still suspect he was seeing 1.0 though, so I guess he was just looking at the top 2 bytes of a 4-byte float.


Very good story, very good read. My story is with the good old breadbox - the Commodore 64. Things are very foggy about that period in my life, I was 8, so if anyone can fill in the blanks, that could be fun.

I didn't do much programming on the c64, but things got fun when I somehow acquired a book full of SYS codes. Apparently you could cheat if you loaded the game, did a soft-reset, so the game was still in memory, and entered a SYS code.

Doing a soft-reset required a cartridge though, like the later popular Action Replays for the Amiga. I didn't have access to these fabled cartridges, so I did the next best thing; A bent paper clip, short circuiting some random holes in the cartridge slot. This caused the desired reset, sometimes, allowing me to pass in the SYS codes, and RUN the game again, various cheats applied.

Today I wish I had access to this "bible" of SYS codes, if only for the nostalgia. It provided me with many hours of fun, and breathed new life into old games. All I remember is that the front of it had a sort of robotic character on it, and some purple colours.


Your bible was the memory map, probably. This is a very basic one (this one is rather for POKE than SYS):

http://www.c64-wiki.com/index.php/Memory_Map

You'd have to look for kernal memory map with entry points or BASIC memory map.

Like, perhaps, this one here: http://unusedino.de/ec64/technical/aay/c64/krnromma.htm


I did the same paperclip trick ... Worked fine until one day I hit the wrong pin and connected the power line to one of the chips ... Bang. Big deal because I grew up in rural Ireland and a new C64 or a repair meant a road trip and big expense.


Ouch, could have as easily happened for me as well. As time passed I became more careless on hitting the proper holes, and I must've ended up trying quite a lot of different combinations. I'm very happy your experience didn't happen to me, I'd have been heartbroken.


It's always great to read stories like these, thank you.

I think these types of stories just goes to show how curious some people are at a small age (maybe due to lack of tech?) and what possibly could be achieved if something like CompSci was teached earlier or having earlier access to computing. However, there is bound to be people who do have everything but don't do anything.


ASCII via frequency analysis! Dude, you are awesome!


Sorry, I'm confused. How were you playing Goldeneye on the Dreamcast, and doing the memory dumps?


As I understand it, he played Goldeneye on an N64 and used a Dreamcast to access the internet and share his exploits.


He just used the Dreamcast for web access. He played Goldeneye on an N64 I assume.


I think that he was able to gain access to hex-level memory and instructions through a GameShark (http://en.wikipedia.org/wiki/GameShark) playing on the N64, though he doesn't mention this directly.


Action Replay. First line of the story.


Good catch.


this made me remember when I was a kid and cheated to my sibilings in MAME emulators, editing the high socores files with notepad. Many times I turn games unusable after that.. now I know why you shouldn't open binary fles as text, edit and save them.


And to think I was proud of getting the invincibility cheat as a kid... :'(


That was a great read, very impressive. Thanks for sharing.


Elite.


I had an Apple 2+ but did very similar things.

It got to the point where I could recognize Ultima 4 terrain in Copy2+'s sector editor.

I guess I got started glitching - overwriting lots of things to see what died and by narrowing my probe, discover what smaller bits did. Then editing constants and map data, etc.

I've still got scans of notebooks where I mapped dungeons, recorded stats, etc, and then documented the memory structures once I'd found them.

It's no real surprise that I'm now a maintenance coder / reverse-engineer / re-implementor.


Hello, I love reverse engineering and programming a lot. I'd love to work as a "maintenance coder / reverse-engineer / re-implementor", but I've still no idea in which domain it is really needed. I do it for my own pleasure on some games / softwares at the moment.

Could you tell me what is the best way to become a "a maintenance coder / reverse-engineer / re-implementor" ?

Thank you.


It sounds like you and tptacek might get along...


Thank you for your answer.

I've took a look at the Matasano project. It seems terribly interesting for me and it fits with my expectations.

Unfortunately, they recquire to work in their office, as an european (french) guy, I can't afford to move in America : I'd like to stay not too far from my family and friends if possible. I love programming / computer security very much, but I think I'd suffer from not seeing them anymore.

I'm looking for an french/european job, similar to the one proposed for Matasano Project. AFAIK, it doesn't exist... I consider moving to America if it isn't possible, but I'd like to avoid that if possible.


In Europe I'd guess you'd be most at home in the Linux world. At the moment all the activity there is in virtualisation related companies, so I'd try to approach some of them and see if they've got something for you. I think NetApp is hiring in your area, but I'm not sure what exactly they do there.

You can also become a Vulnerability Reward Program bounty-hunter as a hobby for a while. If you manage to find some high-profile bugs and blog about it, work will probably also start coming to you.


Thank you for all those precious advices, it means a lot to me.

I'll start blogging as soon as I've got something new and interesting.

I need to show what I can do, I'm currently studying and I feel like I haven't a lot of opportunities to really show off my skills because the level of recquirements is not high enough, that's frustrating sometimes.

I agree that a blog could be a good solution, I also enjoy writing articles even if my English is not the best.

I'll keep you informed if you enjoy receiving news from random internet people.

I'll certainly think about some softwares I'd like to analyze during the next few days and start working on finding bugs/vulnerabilities/things interesting.


You're already do the hobby stuff that got me here, so I assume you mean the actual job part of it.

I work as a maintenance coder on a framework for a network security appliance. In a sense, everything I mentioned is just this - I often don't have any documentation and have to make things work by, at a minimum, running strace and seeing what they're trying to do and work backward - to find a system that was supposed to be creating those files, etc...

I rarely have to use what you'd call "reverse engineering" skills, but the familiarity with ASM and recognizing certain source-level idioms in the generated code, comes in handy for regular debugging all the time.

I got the job partly by chance - a manager mentioned in passing at an event that his team was hiring and I followed up, and because of what we did. We've got a tremendously wide range of deep products with a wide mix of technologies because we've been around for a long time. Because of this, and our laid-back roles I've been able to work closely with our global ops team, the malware analysts, IT, etc.

I think it probably helps to find a company with complex enough tasks, where you have a slightly under-specified role (I maintain the framework ...), and there are a lot of different engineering/ops/support teams under one roof so there's always something fun going on. Then, be the person who handles what other people would call annoyances like requests from other teams.

Let me know if I missed the mark, or could elaborate.


Interesting, thank you very much for your detailed answer.

I think I'll aim a maintenance coder job in a company using low level languages (C would be good) and see what opportunities I can get from there.

I enjoy finding and fixing bugs, and as you said, even if it's not always necessary, reverse engineering is often a good ally for fighting bugs.


Ha ! reminded me of the time where i would do a search and upping the number of magic axes i can have for Ultima 4 as well. Good ol'days.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: