I remember one weekend I got to use the main TV and plugged in the dreamcast. Found the codejunkies forum and there were a bunch of people doing things that I had been doing. Some random names, I remember Dr Ian, FoxDie, SubDrag, Krusha... there were a load of people with strange names doing exactly the same things I'd been doing in the back room during the week.
I posted some of the codes I had figured out, nothing major at first: Adding a timer to any Goldeneye level, modifying the character's head/body. I checked back a week later and some of these 'big names' had commented on my codes! I was ecstatic :)
I looked forward to my weekly hour online and I used all my time on Action Replay/Gameshark sites. I even wrote a tutorial on N64 hacking (using a Dreamcast controller, it sucked).
I got to the stage where I could look at the Memory Editor on a page of Goldeneye and know exactly what part of code/data it was. I knew after a while that 3F80 somehow related to a default value, and if I made it larger things in the game would usually grow. I would change a value like this and them run around for ages until I saw something bigger. Didn't always work, but once it did I would look at the memory address for the 3F80 and do a search for that address.
This (I thought at the time) would be the place that knows about the object, so I would read the hexdump and follow anything that looked like an address in the editor, modifying the value at that address and seeing what it would change.
Somehow this ended up working out well (I had never used a computer for anything but Word an Excel at this stage) and I found I could replace objects, change their sizes, colour, physics... I could replace them with objects that were no longer in the game (suitcases in Goldeneye etc).
It was fun!
Once I was comfortable with it I started looking for the big prizes. Things I would see on my weekly journey to the forums that people wanted. Connery Bond was a big one. There were rumours that you could play as the other bonds.
So I figured I would find him. I figured that since you pause the game in Goldeneye and see the arm + watch, Connery would have a white arm. So I took some time tracking the seconds hand on the watch and travelled up the memory addresses until I found a value that was near a 3F80. I switched it, paused the game and had a white suit!! Amazing!
I ended up quite with an intimate knowledge of the Goldeneye hex dumps. I found a weird level that I could load, providing I emptied it of objects and props. So I found a way to stop the game from loading anything other than level data and I could briefly see a strange silver ramp level with blue skies, but I would fall and die immediately. I later discovered that this was the Citadel level and some other clever guys managed to make it playable :)
The thing that ended for me though, was my biggest hack ever...
I read a cheat book (I collected N64 magazine) that said Banjo and Kazooie had many more cheats than released while lying on my bed. I figured that I knew a couple of the codes (you entered them in a floor of a sandcastle, but it was basically a keyboard), so if I entered a code and did a memory dump after each letter I could home in on the counter that was checking them.
So I hit take a mem dump, hit a letter, mem dump search for values greater than lat and repeat.
Then I search for the memory address at that pointer and find something pointing at it. Repeating this I find a whole bunch of crappy values with 00 between them.
Deciding that these were the codes, but encrypted (:-|) I wrote them all down on paper, all 60ish and took them to the front room. From the codes that were released I could figure out the majority of the letters: A was 65, E was 69 etc so I went through filling those out. I gave my mum and dad a few pages each and (love them) they sat there and filled out the missing letters.
An hour later I had every code for that game in my lap :)
I waited a few days for internet access and used the entire hour typing them into an email that I sent to Official Nintendo Magazine, GamesMaster and N64 magazine (my favourite).
Next week I checked online and Nintendo Magazine got back to me asking where I found the codes. They later published a full cheat book with them (without credit) and credited me for a really crap cheat in the main magazine. I didn't care - they sent me WWF No Mercy for free (big deal for a poor kid) and my name was in a magazine!
I was walking home a few weeks later and saw N64 Magazine in the newsagents. Cover had Banjo and Kazooie on it - NEW CHEATS REVEALED: GET THE ICE KEY AND MORE...
I couldn't afford it but I ran in and flicked through the pages to look for my name. This was epic!
Except it wasn't. Turned out some other hackers had found the codes at the same time and they had their name in my favourite magazine. I was gutted.
Two weeks later my parents couldn't afford the phone line and my brother sold his Dreamcast.
It was a fun time, and looking back at it now wit a computer science degree I can't help but smile.
I only wish I knew what ASCII was before me and my parents used frequency analysis to crack it haha!
Hey wait, I know these names..
> Except it wasn't. Turned out some other hackers had found the codes at the same time and they had their name in my favourite magazine. I was gutted.
I am pretty sure that was SubDrag. You might be interested to know that he is still around, check out irc.efnet.org #n64dev -- you might have to idle for a while, but he's definitely around.
exponent bias is 15
0011 1111 1000 0000
32 bit is 1 sign + 8 exponent + 23 significand
exponent bias is 127
0011 1111 1000 0000 0000 0000 0000 0000
I think these types of stories just goes to show how curious some people are at a small age (maybe due to lack of tech?) and what possibly could be achieved if something like CompSci was teached earlier or having earlier access to computing. However, there is bound to be people who do have everything but don't do anything.
I didn't do much programming on the c64, but things got fun when I somehow acquired a book full of SYS codes. Apparently you could cheat if you loaded the game, did a soft-reset, so the game was still in memory, and entered a SYS code.
Doing a soft-reset required a cartridge though, like the later popular Action Replays for the Amiga. I didn't have access to these fabled cartridges, so I did the next best thing; A bent paper clip, short circuiting some random holes in the cartridge slot. This caused the desired reset, sometimes, allowing me to pass in the SYS codes, and RUN the game again, various cheats applied.
Today I wish I had access to this "bible" of SYS codes, if only for the nostalgia. It provided me with many hours of fun, and breathed new life into old games. All I remember is that the front of it had a sort of robotic character on it, and some purple colours.
You'd have to look for kernal memory map with entry points or BASIC memory map.
Like, perhaps, this one here: http://unusedino.de/ec64/technical/aay/c64/krnromma.htm
It got to the point where I could recognize Ultima 4 terrain in Copy2+'s sector editor.
I guess I got started glitching - overwriting lots of things to see what died and by narrowing my probe, discover what smaller bits did. Then editing constants and map data, etc.
I've still got scans of notebooks where I mapped dungeons, recorded stats, etc, and then documented the memory structures once I'd found them.
It's no real surprise that I'm now a maintenance coder / reverse-engineer / re-implementor.
Could you tell me what is the best way to become a "a maintenance coder / reverse-engineer / re-implementor" ?
I've took a look at the Matasano project.
It seems terribly interesting for me and it fits with my expectations.
Unfortunately, they recquire to work in their office, as an european (french) guy, I can't afford to move in America : I'd like to stay not too far from my family and friends if possible. I love programming / computer security very much, but I think I'd suffer from not seeing them anymore.
I'm looking for an french/european job, similar to the one proposed for Matasano Project. AFAIK, it doesn't exist...
I consider moving to America if it isn't possible, but I'd like to avoid that if possible.
You can also become a Vulnerability Reward Program bounty-hunter as a hobby for a while. If you manage to find some high-profile bugs and blog about it, work will probably also start coming to you.
I'll start blogging as soon as I've got something new and interesting.
I need to show what I can do, I'm currently studying and I feel like I haven't a lot of opportunities to really show off my skills because the level of recquirements is not high enough, that's frustrating sometimes.
I agree that a blog could be a good solution, I also enjoy writing articles even if my English is not the best.
I'll keep you informed if you enjoy receiving news from random internet people.
I'll certainly think about some softwares I'd like to analyze during the next few days and start working on finding bugs/vulnerabilities/things interesting.
I work as a maintenance coder on a framework for a network security appliance. In a sense, everything I mentioned is just this - I often don't have any documentation and have to make things work by, at a minimum, running strace and seeing what they're trying to do and work backward - to find a system that was supposed to be creating those files, etc...
I rarely have to use what you'd call "reverse engineering" skills, but the familiarity with ASM and recognizing certain source-level idioms in the generated code, comes in handy for regular debugging all the time.
I got the job partly by chance - a manager mentioned in passing at an event that his team was hiring and I followed up, and because of what we did. We've got a tremendously wide range of deep products with a wide mix of technologies because we've been around for a long time. Because of this, and our laid-back roles I've been able to work closely with our global ops team, the malware analysts, IT, etc.
I think it probably helps to find a company with complex enough tasks, where you have a slightly under-specified role (I maintain the framework ...), and there are a lot of different engineering/ops/support teams under one roof so there's always something fun going on. Then, be the person who handles what other people would call annoyances like requests from other teams.
Let me know if I missed the mark, or could elaborate.
I think I'll aim a maintenance coder job in a company using low level languages (C would be good) and see what opportunities I can get from there.
I enjoy finding and fixing bugs, and as you said, even if it's not always necessary, reverse engineering is often a good ally for fighting bugs.