Jotter: 2020

Tuesday, September 22, 2020

Three Gaming Interfaces To Pay Attention To

In this post, I want to discuss some gaming interfaces and user experience features in games. I will use my three favorite games for this present post, but the subject is broader and allows a bigger discussion that I intend to return to, next month.

DEAD SPACE (PS3)

In the horror-fiction game Dead Space, the interface is something to pay special attention to. The character's (Isaac Clarke) main statuses are disposed in a very strategic way: the life meter is located on his back in the shape of a spinal light, the weapon ammunition is showed as a small number when you aim the gun and, finally, the game has an interesting resource that is a luminous laser to help you easily locate the way the character must go (and it saves time in the complex scenario maze).

HERO (Atari)

This one is a relic from the beginning of the video-gaming era. HERO is an interesting case of user experience (UX) and interface with very limited constrols. Atari's joystick has only one button and one directional stick; with only two resources, HERO's designers implemented a wide range of possibilities: when you press the red button in the joystick the character uses its laser vision to kill enemies; by pressing down the control stick the character launches a dynamite do open walls and, finally, when you hold the control stick up the character flies using a jetpack. A very rich interface and UX created using minimal resources.

Entwined (PS4)

One of my favorite indie games Entwined is a great case of interface and usability. All the gameplay is based on how you can manage the two control sticks from PlayStation's joystick. During the whole experience, you must control the two mystic entities by only using circular movements; the user experience is focused on coordinating two different positions simultaneously (a challenge to your dexterity). Entwined is an incredibly created game, using only circular movements in two control sticks, a master class of game design.

On the three cases related in the post, we can clearly see the ideas of how games must strategically use concepts from the user experience field. To finish this conversation I want to share some content from the site nForm about this subject:

"The user experience is not one simple action – it is an interconnected cycle of attempting to satisfy hopes, dreams, needs and desires. This takes the shape of individuals comparing their expectations to the outcomes generated by their interaction with a system. Managing expectations then becomes key to successfully providing a satisfying "return on experience" that delights users and generates shared, sustainable value".

#GoGamers

Monday, September 21, 2020

Without Map Or Compass

In the original Legend of Zelda the Map and Compass are indispensable for surviving dungeons and reaching the boss. The map shows you the layout of the dungeon and the compass positions you in it.

In the pilgrimage of the Christian life, I think the map would be the teachings of Our Blessed Lord and saviour, preserved in the Sacred Scripture and Sacred Tradition of the Catholic Church that He founded- this constitutes the way to Eternal Life.

The compass I think would be the interior life, the daily life of prayer composed of mental prayer, examination of conscience and perhaps above all, the sacrament of confession. Through these powerful means we can discern where we are headed, how we stand with regards to that map, whether we are near the end of the dungeon, close to completing it, or perhaps down a dead end.

How tragic for the worldlings and for the followers of false religions, they have neither map nor compass- where will they end up? They can send Link a thousand times round the dungeon but without map or compass they have little chance of coming out alive.

Praise be Our God and Saviour Jesus Christ for providing us with the Map and Compass in His One True Church.

Saturday, September 12, 2020

Ep 26: Big Fun With Little Figures Is Live!

Ep 26: Big Fun with Little Figures
I talk with Howard Whitehouse about Mad Dogs With Guns, his gangster game from Osprey Games. In a separate segment, I talk with Peter Berry of Baccus 6mm to talk about the seeming monopoly of 28mm figures and games in the glossy gaming magazines.

https://soundcloud.com/user-989538417/episode-26-big-fun-with-little-figures

The Veteran Wargamer is brought to you by Kings Hobbies and Games
http://www.Kingshobbiesandgames.com
https://www.facebook.com/Special-Artizan-Service-Miniatures-1791793644366746/

Join the conversation at https://theveteranwargamer.blogspot.com, email theveteranwargamer@gmail.com, Twitter @veteranwargamer

Segment 1
Follow Howard on Facebook
https://www.facebook.com/Howard.Whitehouse.Writer/?ref=br_rs
https://www.facebook.com/Pulp-Action-Library-283960595046814/

Buy Mad Dogs With Guns:
Mad Dogs With Guns - Howard Whitehouse https://ospreypublishing.com/mad-dogs-with-guns
Pulp Action Library - http://www.pulpactionlibrary.com/

Other companies we mentioned:
Copplestone Castings http://www.copplestonecastings.co.uk/list.php?cat=7
Pulp Figures https://pulpfigures.com/products/category/11
Brigade Games http://brigadegames.3dcartstores.com/

Paddy Whacked - T.J. English https://www.amazon.com/Paddy-Whacked-Untold-American-Gangster/dp/0060590033
The Outfit - Gus Russo https://www.amazon.com/Outfit-Gus-Russo/dp/1582342792/
True Detective - Nathan Heller Series - Max Allen Collins https://www.amazon.com/True-Detective-Nathan-Heller-Novels/

Segment 2
Follow Baccus6mm on Facebook - https://www.facebook.com/Baccus6mm/
Joy of Six - https://www.facebook.com/TheJoyofSix/

Peter's Opinion piece - https://www.baccus6mm.com/news/20-09-2017/Historicalgaming-'Thetimestheyareachanging'/

Other companies we mentioned:
Warlord - https://us-store.warlordgames.com/
Perry Miniatures - https://www.perry-miniatures.com/
Games Workshop - https://www.games-workshop.com/en-US/Home
Wargames, Soldiers and Strategy - https://www.karwansaraypublishers.com/wss-mag

Music courtesy bensound.com. Recorded with zencastr.com. Edited with Audacity. Make your town beautiful; get a haircut.

Verb-noun Vs Noun-Verb

I went to the Roguelike Celebration over the weekend and enjoyed Thomas Biskup's talk about Ultimate ADOM. Among the many interface improvements they're making based on user testing is they're simplifying the controls from the traditional roguelike controls to W A S D + E F. I don't know how roguelike game players will respond to that but I'm a fan! This reminded me of two things from my past, so I thought I'd say a little about those.

Sometime in my teens I got to meet Lord British (Richard Garriott) and Iolo the Bard (David Watson). My mom was shopping, and I went to the computer aisle to browse the games I couldn't afford. Richard and Iolo were talking about Ultima 6. Nobody else was there, so I got to talk to them for half an hour! I learned about OOP, UI, testing, systems thinking, and more. Really cool!

They told me about how they coded puzzles to look for the state of the world (nouns) instead of the player actions (verbs). For example, there was a puzzle where they expected players to cast Telekinesis (ᚩᚣᛕ ORT POR YLEM) on a lever on the other side of a chasm. Instead, during playtesting, they saw that one player killed a party member, tossed the body over the chasm, cast Resurrect (ᛁᛗᚳ IN MANI CORP), then have the party member pull the lever.

Wow! That wasn't something I had ever thought of in the simple games I had written at that age.

Another thing they told me about was the simpler control scheme. Previous Ultimas had a control scheme similar to what roguelike games have. W to wear armor, I to ignite a torch, K to klimb a ladder, D to descend a ladder, B to board a ship, etc. You specify the verb such as J to jimmy a lock and then after that you can choose a noun such as the lock to jimmy.

In Ultima 6 they reversed the order so that the noun came first and then the verb. This meant the game could tell whether you were trying to J jimmy a lock or B board a ship or K klimb a ladder because the game knew that it was a lock or a ship or a ladder. And that meant they didn't need separate keys for these verbs, but instead one key, U use object. There are times when they had multiple verbs for a noun but for the most part they could get away with just one.

I haven't closely followed Ultimate ADOM but I'm guessing they're doing something similar.

The noun-verb thing comes up in another context. After I stopped making games for a living I went into programming language research. My main topic was studying how functional programming languages and object-oriented programming languages can be combined. Something I noticed at the time was that the syntax for functional languages tends to be verb then noun: f(x), whereas the syntax for object oriented languages tends to be noun then verb: x.f(). At some level these can be considered equivalent. You can express with one what you can express with the other. There's a big difference in usability though: auto-complete.

What happens when we auto-complete f(x)? First we need to know all possible f that are valid in this context. Since the programmer has just started typing in the expression, any function is valid, and that means there's a very long list to choose from. It takes many keystrokes to pick one. Second we need to know all possible x that are valid in this context. These are usually local names, so there aren't that many. Knowing the type of f narrows down the list but the list was already small, so there's not much to gain.

What happens when we auto-complete x.f()? First we need to know all possible x. The programmer has just started typing, so any local name is valid, but there aren't many. Typing just one character can narrow down the list to one or two elements. Second we need to know all possible f that are valid in this context. These are methods defined on the type of x, so there aren't that many compared to all possible functions. Knowing the type of x narrows down the list substantially, so there's a lot gained.

The two syntaxes seem equivalent in theory but they aren't in practice. I wonder if people who use regular text editors end up believing the two syntaxes are equivalent, whereas people who use IDEs prefer the object-oriented syntax, even if they're not taking advantage of object-oriented programming (inheritance, subtyping, etc.).

This asymmetry is orthogonal to whether you're using functional or object-oriented programming. It is better for programmers if they can choose from two medium length lists than to have to choose from a very long list (where a lot has to be typed before it's useful) and then a very short list (where not much is gained). You see this in other contexts too. Command line interfaces like DOS, VMS, and Unix shell typically specify a verb first and then the noun(s). GUIs such as Mac and Windows typically specify a noun first by clicking an icon, and then the verb by choosing from the right click menu. In text editors, vim's commands like d0 are verb then text selection (noun), whereas in more conventional text editors (including Emacs) you'd first select some text (the noun) and then invoke a verb like delete. Kakoune is a modal editor that uses noun-verb instead of verb-noun.

In games it seems like it'd be better for players to first choose an object from the environment and then choose from a small set of actions, than to first choose from a large set of actions and then choose from a set of objects. However I haven't surveyed enough games to see what's more common. The next time you're playing a game, look at the structure of commands to see if it's verb-noun or noun-verb.

Friday, September 4, 2020

Shining Spears And Other Euphemisms

The Falcon turrets are nearly ready for paint, in the meantime I've been working on the Shining Spears. The white and blue is finished on these guys, just the metal, gems and decals left to go.

Monday, August 31, 2020

TOP ANDROID HACKING TOOLS OF 2018

An Android remote administration tool (RAT) is a programmed tool that allows a remote device to control a smartphone as if they have physical access to that system. While screen sharing and remote administration have many legal uses, "RAT" software is usually associated with the unauthorized or malicious activity. I have streamlined here top android hacking tools of 2018.

TOP ANDROID HACKING TOOLS OF 2018

Here are the most advanced in functionality top android hacking tools of 2018.

1. DROIDJACK

DroidJack gives you the power to establish control over your beloveds' Android devices with an easy to use GUI and all the features you need to monitor them. It has many advanced features that you can perform over the remote smartphone. DroidJack is one of the top lists as it also has the functionality to read/write WhatsApp messages.

You can also follow a step by step tutorial on how to hack smartphone remotely using droidjack.

2. OMNIRAT

OmniRAT is the super powerful multi-OS remote administration tool that can a smartphone either using a smartphone or using a Windows or Mac PC. It has a huge list of features that make it very powerful. It can make calls through that smartphone remotely. It's completely fully undetectable.

3. ANDRORAT

AndroRat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server. The name AndroRat is a mix of Android and RAT (Remote Access Tool). It was developed as a project by the university students, which works great for hacking into Android devices.

You can also follow a step by step tutorial on how to hacking a smartphone remotely using androrat.

4. SPYNOTE

SpyNote is a lightweight Android remote administration tool (RAT) to hack into a smartphone device remotely. It gives you the power to establish control over Android devices with an easy to use GUI and all the features you need to monitor them. Build a custom APK or bind the payload to an already existing APK such as a game or social media app.

You can also follow a step by step tutorial on how to hack any android phone remotely with spynote.

5. AHMYTH

AhMyth is a powerful android remote administrator tool that gives you the power to establish control over your beloveds' android devices with an easy to use GUI and all the features you need to monitor them.

These are all the top android hacking tools of 2018. There are also many other rats but these are the most advanced in tech and features. There may appear few more that can compete these and make a place to be in the top android list.

Related articles

Sunday, August 30, 2020

Linux Stack Protection By Default

Modern gcc compiler (v9.2.0) protects the stack by default and you will notice it because instead of SIGSEGV on stack overflow you will get a SIGABRT, but it also generates coredumps.

In this case the compiler adds the variable local_10. This variable helds a canary value that is checked at the end of the function.
The memset overflows the four bytes stack variable and modifies the canary value.

The 64bits canary 0x5429851ebaf95800 can't be predicted, but in specific situations is not re-generated and can be bruteforced or in other situations can be leaked from memory for example using a format string vulnerability or an arbitrary read wihout overflowing the stack.

If the canary doesn't match, the libc function __stack_chck_fail is called and terminates the prorgam with a SIGABORT which generates a coredump, in the case of archlinux managed by systemd and are stored on "/var/lib/systemd/coredump/"

❯❯❯ ./test
*** stack smashing detected ***: terminated
fish: './test' terminated by signal SIGABRT (Abort)

❯❯❯ sudo lz4 -d core.test.1000.c611b7caa58a4fa3bcf403e6eac95bb0.1121.1574354610000000.lz4
[sudo] password for xxxx:
Decoding file core.test.1000.c611b7caa58a4fa3bcf403e6eac95bb0.1121.1574354610000000
core.test.1000.c611b : decoded 249856 bytes

❯❯❯ sudo gdb /home/xxxx/test core.test.1000.c611b7caa58a4fa3bcf403e6eac95bb0.1121.1574354610000000 -q

We specify the binary and the core file as a gdb parameters. We can see only one LWP (light weight process) or linux thread, so in this case is quicker to check. First of all lets see the back trace, because in this case the execution don't terminate in the segfaulted return.

We can see on frame 5 the address were it would had returned to main if it wouldn't aborted.

Happy Idea: we can use this stack canary aborts to detect stack overflows. In Debian with prevous versions it will be exploitable depending on the compilation flags used.
And note that the canary is located as the last variable in the stack so the previous variables can be overwritten without problems.

More info

Hacktivity 2018 Badge - Quick Start Guide For Beginners

You either landed on this blog post because

you are a huge fan of Hacktivity
you bought this badge around a year ago
you are just interested in hacker conference badge hacking.

or maybe all of the above. Whatever the reasons, this guide should be helpful for those who never had any real-life experience with these little gadgets.

But first things first, here is a list what you need for hacking the badge:

a computer with USB port and macOS, Linux or Windows. You can use other OS as well, but this guide covers these
USB mini cable to connect the badge to the computer
the Hacktivity badge from 2018

By default, this is how your badge looks like.

Let's get started

Luckily, you don't need any soldering skills for the first steps. Just connect the USB mini port to the bottom left connector on the badge, connect the other part of the USB cable to your computer, and within some seconds you will be able to see that the lights on your badge are blinking. So far so good.

Now, depending on which OS you use, you should choose your destiny here.

Linux

The best source of information about a new device being connected is

# dmesg

The tail of the output should look like

[267300.206966] usb 2-2.2: new full-speed USB device number 14 using uhci_hcd
[267300.326484] usb 2-2.2: New USB device found, idVendor=0403, idProduct=6001
[267300.326486] usb 2-2.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[267300.326487] usb 2-2.2: Product: FT232R USB UART
[267300.326488] usb 2-2.2: Manufacturer: FTDI
[267300.326489] usb 2-2.2: SerialNumber: AC01U4XN
[267300.558684] usbcore: registered new interface driver usbserial_generic
[267300.558692] usbserial: USB Serial support registered for generic
[267300.639673] usbcore: registered new interface driver ftdi_sio
[267300.639684] usbserial: USB Serial support registered for FTDI USB Serial Device
[267300.639713] ftdi_sio 2-2.2:1.0: FTDI USB Serial Device converter detected
[267300.639741] usb 2-2.2: Detected FT232RL
[267300.643235] usb 2-2.2: FTDI USB Serial Device converter now attached to ttyUSB0

Dmesg is pretty kind to us, as it even notifies us that the device is now attached to ttyUSB0.

From now on, connecting to the device is exactly the same as it is in the macOS section, so please find the "Linux users, read it from here" section below.

macOS

There are multiple commands you can type into Terminal to get an idea about what you are looking at. One command is:

# ioreg -p IOUSB -w0 -l

With this command, you should get output similar to this:

+-o FT232R USB UART@14100000  <class AppleUSBDevice, id 0x100005465, registered, matched, active, busy 0 (712 ms), retain 20>
    |   {
    |     "sessionID" = 71217335583342
    |     "iManufacturer" = 1
    |     "bNumConfigurations" = 1
    |     "idProduct" = 24577
    |     "bcdDevice" = 1536
    |     "Bus Power Available" = 250
    |     "USB Address" = 2
    |     "bMaxPacketSize0" = 8
    |     "iProduct" = 2
    |     "iSerialNumber" = 3
    |     "bDeviceClass" = 0
    |     "Built-In" = No
    |     "locationID" = 336592896
    |     "bDeviceSubClass" = 0
    |     "bcdUSB" = 512
    |     "USB Product Name" = "FT232R USB UART"
    |     "PortNum" = 1
    |     "non-removable" = "no"
    |     "IOCFPlugInTypes" = {"9dc7b780-9ec0-11d4-a54f-000a27052861"="IOUSBFamily.kext/Contents/PlugIns/IOUSBLib.bundle"}
    |     "bDeviceProtocol" = 0
    |     "IOUserClientClass" = "IOUSBDeviceUserClientV2"
    |     "IOPowerManagement" = {"DevicePowerState"=0,"CurrentPowerState"=3,"CapabilityFlags"=65536,"MaxPowerState"=4,"DriverPowerState"=3}
    |     "kUSBCurrentConfiguration" = 1
    |     "Device Speed" = 1
    |     "USB Vendor Name" = "FTDI"
    |     "idVendor" = 1027
    |     "IOGeneralInterest" = "IOCommand is not serializable"
    |     "USB Serial Number" = "AC01U4XN"
    |     "IOClassNameOverride" = "IOUSBDevice"
    |   }

The most important information you get is the USB serial number - AC01U4XN in my case.
Another way to get this information is

# system_profiler SPUSBDataType

which will give back something similar to:

FT232R USB UART:

          Product ID: 0x6001
          Vendor ID: 0x0403  (Future Technology Devices International Limited)
          Version: 6.00
          Serial Number: AC01U4XN
          Speed: Up to 12 Mb/sec
          Manufacturer: FTDI
          Location ID: 0x14100000 / 2
          Current Available (mA): 500
          Current Required (mA): 90
          Extra Operating Current (mA): 0

The serial number you got is the same.

What you are trying to achieve here is to connect to the device, but in order to connect to it, you have to know where the device in the /dev folder is mapped to. A quick and dirty solution is to list all devices under /dev when the device is disconnected, once when it is connected, and diff the outputs. For example, the following should do the job:

ls -lha /dev/tty* > plugged.txt
ls -lha /dev/tty* > np.txt
vimdiff plugged.txt np.txt

The result should be obvious, /dev/tty.usbserial-AC01U4XN is the new device in case macOS. In the case of Linux, it was /dev/ttyUSB0.

Linux users, read it from here. macOS users, please continue reading

Now you can use either the built-in screen command or minicom to get data out from the badge. Usually, you need three information in order to communicate with a badge. Path on /dev (you already got that), speed in baud, and the async config parameters. Either you can guess the speed or you can Google that for the specific device. Standard baud rates include 110, 300, 600, 1200, 2400, 4800, 9600, 14400, 19200, 38400, 57600, 115200, 128000 and 256000 bits per second. I usually found 1200, 9600 and 115200 a common choice, but that is just me.
Regarding the async config parameters, the default is that 8 bits are used, there is no parity bit, and 1 stop bit is used. The short abbreviation for this is 8n1. In the next example, you will use the screen command. By default, it uses 8n1, but it is called cs8 to confuse the beginners.

If you type:
# screen /dev/tty.usbserial-AC01U4XN 9600
or
# screen /dev/ttyUSB0 9600
and wait for minutes and nothing happens, it is because the badge already tried to communicate via the USB port, but no-one was listening there. Disconnect the badge from the computer, connect again, and type the screen command above to connect. If you are quick enough you can see that the amber LED will stop blinking and your screen command is greeted with some interesting information. By quick enough I mean ˜90 seconds, as it takes the device 1.5 minutes to boot the OS and the CTF app.

Windows

When you connect the device to Windows, you will be greeted with a pop-up.

Just click on the popup and you will see the COM port number the device is connected to:

In this case, it is connected to COM3. So let's fire up our favorite putty.exe, select Serial, choose COM3, add speed 9600, and you are ready to go!

You might check the end of the macOS section in case you can't see anything. Timing is everything.

The CTF

Welcome to the Hacktivity 2018 badge challenge!

This challenge consists of several tasks with one or more levels of
difficulty. They are all connected in some way or another to HW RE
and there's no competition, the whole purpose is to learn things.

Note: we recommend turning on local echo in your terminal!
Also, feel free to ask for hints at the Hackcenter!

Choose your destiny below:

  1. Visual HW debugging
  2. Reverse engineering
  3. RF hacking
  4. Crypto protection

Enter the number of the challenge you're interested in and press [

Excellent, now you are ready to hack this! In case you are lost in controlling the screen command, go to https://linuxize.com/post/how-to-use-linux-screen/.

I will not spoil any fun in giving out the challenge solutions here. It is still your task to find solutions for these.

But here is a catch. You can get a root shell on the device. And it is pretty straightforward. Just carefully remove the Omega shield from the badge. Now you see two jumpers; by default, these are connected together as UART1. As seen below.

But what happens if you move these jumpers to UART0? Guess what, you can get a root shell! This is what I call privilege escalation on the HW level :) But first, let's connect the Omega shield back. Also, for added fun, this new interface speaks on 115200 baud, so you should change your screen parameters to 115200. Also, the new interface has a different ID under /dev, but I am sure you can figure this out from now on.

If you connect to the device during boot time, you can see a lot of exciting debug information about the device. And after it boots, you just get a root prompt. Woohoo!

But what can you do with this root access? Well, for starters, how about running

# strings hello | less

From now on, you are on your own to hack this badge. Happy hacking.

Big thanks to Attila Marosi-Bauer and Hackerspace Budapest for developing this badge and the contests.

PS: In case you want to use the radio functionality of the badge, see below how you should solder the parts to it. By default, you can process slow speed radio frequency signals on GPIO19. But for higher transfer speeds, you should wire the RF module DATA OUT pin with the RX1 free together.

Jotter

Tuesday, September 22, 2020

Three Gaming Interfaces To Pay Attention To

Monday, September 21, 2020

Without Map Or Compass

Saturday, September 12, 2020

Ep 26: Big Fun With Little Figures Is Live!

Verb-noun Vs Noun-Verb

Friday, September 4, 2020

Shining Spears And Other Euphemisms

Monday, August 31, 2020

TOP ANDROID HACKING TOOLS OF 2018

TOP ANDROID HACKING TOOLS OF 2018

1. DROIDJACK

2. OMNIRAT

3. ANDRORAT

4. SPYNOTE

5. AHMYTH

Sunday, August 30, 2020

Linux Stack Protection By Default

More info

Hacktivity 2018 Badge - Quick Start Guide For Beginners

Let's get started

Linux

macOS

Linux users, read it from here. macOS users, please continue reading

Windows

The CTF

Continue reading

Blog Archive

About Me