Thursday, July 8 2010
By Pixel on Thursday, July 8 2010, 11:14 - Design Rant
This isn't the first time people ask me why I think Android is badly designed, and I guess it's time for me to explain it now.
Well, don't get me wrong: I own an Android-based phone, and I'd rather kiss Bill Gate's ass than buying an iPhone. I guess I don't have to explain much why. I think that when you own hardware, you should have the right to do whatever you want with it, including running any kind of application you'd like. Apple's policies are just not something I can support. Nonetheless, iPhones are way better than Android-based phones. Here's why I think this.
Continue reading...
no trackback
Wednesday, April 28 2010
By Pixel on Wednesday, April 28 2010, 21:39 - Design Rant
I'd like to quickly talk about something that's really, really awful.
I just bought a Cybershot WX1 camera from Sony. The camera itself is very nice, very small, very fast, quite powerful, loaded with features, etc. Now have a look at the camera itself. Look at the way the flash and the lens are placed.
Now look at this picture. This is a picture I took in my room, of my wall, with the zoom at 1x, in complete dark, using the flash. Notice the black portion at the bottom left. This isn't the shadow of my finger or what. This is the shadow of the lens itself.
The Sony engineers who slapped together this piece of crap didn't even see that, when taking a picture with the flash on, the lens itself would interfere with the ray of light from the flash itself. To me it just means they haven't even tested the product. I mean, seriously ? How could you ship such a product without testing something as basic ? Or maybe they didn't care ? I don't know. I'm tempted to ask for a return for a "defective product", as this is obviously defective to me.
Friday, April 16 2010
By Yaz0r on Friday, April 16 2010, 18:17
I've been away for quite some time. Work have kept me very busy those last month, getting things out of the door, and I took some time off after everything was finished.
Anyway, I think it's time to get back on track with this blog thing.
Monday, December 14 2009
By Pixel on Monday, December 14 2009, 15:02 - Code Rant
The title of this article is actually something I wrote on the corner of the whiteboard at work. We've recently had a few issues which all dealt with stack abuses. We added some instrumentation to help us, and I thought about sharing that a bit.
Continue reading...
Thursday, December 3 2009
By Pixel on Thursday, December 3 2009, 23:52 - General
I am actually quite surprised and happy about it, but I finally managed to create a working MacOS X cross compiler under linux. This was eased a lot by this document here: http://devs.openttd.org/~truebrain/compile-farm/apple-darwin9.txt, but I still had to tweak things in order to make it working properly.
Continue reading...
Friday, October 16 2009
By Yaz0r on Friday, October 16 2009, 11:24 - Code Rant
Here is a little trick that saved my life a few month back when I was dealing with a virtual pure function been called.
In a program I wrote, I had a very very rare bug where the code would crash in a completely improbable way. I finally figured out that it was due to abort() beeing called, and that was crashing the all other threads in random place. Now, where did that call come from was the big question. With one lucky crash dump, I was able to find that it was due to a virtual pure call, obviously due to a boggus cast.
By default, it seems that the virtual pure handler in gcc just call abort, making it hard to debug. The trick I used to find the actual bug was to override the default virtual pure handler:
extern "C" {
static int __cxa_pure_virtual() __attribute__((noinline, used));
static int __cxa_pure_virtual()
{
assert(0);
return 0;
}
}
That way, every time a virtual pure function will be called, it will assert instead of simply aborting, giving way more useful information about what's happening.
Monday, October 12 2009
By Pixel on Monday, October 12 2009, 10:15 - Code Rant
Okay, that's an easy one. But still. See how the compiler can actually turn good-looking code into code that contains security flaws:
http://threatpost.com/blogs/researcher-uses-new-linux-kernel-flaw-bypass-selinux-other-protections
Saturday, October 10 2009
By Pixel on Saturday, October 10 2009, 10:35 - General
For the people who know me, this is just a repost of a very old article I wrote. I just think this is the perfect spot for it. I'm just changing the wording a bit, but this is essentially the same thing.
As I said during the opening post, Yazoo and I are quite into Reverse Engineering, which is usually called "Hacking". While this word is always causing some controversy, we claim to be on the right side of the line.
That being said, we still receive a lot of mail and queries so we can teach people how to hack, or shorter, so we can write some so-called tutorials. We always denied such requests. This article is attempting to explain why. The main, short-hand reason is "because any hacking tutorial can only be crap", but I hope that I can point to the full reasons why this methodology doesn't work at all. Don't read this as a real attempt to teach you how to hack, but as an attempt to explain why usual tutorials just can't work.
Continue reading...
Wednesday, September 30 2009
By Pixel on Wednesday, September 30 2009, 09:18 - Code Rant
I don't know if this fits exactly in the "Rant" category, or if I should create a "Praise" one, because I'm not sure if I'm utterly amazed or disgusted, but this definitely gets my attention.
There's one addon for World of Warcraft called Carbonite, which made a controversy some time ago, because it wasn't free. It was even subscription-based, costing a couple of dollars a month to be able to use it. I've been wondering a long time how they were able to do a proper license check, but the addon itself was heavily obfuscated using several layers.
Obfuscating something in a language that's actually plain text is somehow very difficult. I've seen HTML pages encapsulated in a javascript file that would self-unencrypt using RC4 where you have to provide the password, for example. But in the case of Carbonite, the authors wanted to match a certain number of criterias:
- The process had to be transparent for their subscribers, as they only had to log in with their registered character to unlock the addon;
- The process had to be limited in time;
- The process had to be strong and very difficult to circumvent.
Now, when Blizzard decided to release a new policy about addons, forbidding to sell or obfuscate addons, the people at Carbonite released their version 3.001 which was free and somehow unobfuscated. You may want to have a look at this old beast as it's still available for download at wowinterface, but allow me to show you what's interesting in it. Note that future versions of the addon got rid of what I'm going to show there.
Continue reading...
Saturday, September 26 2009
By Yaz0r on Saturday, September 26 2009, 11:23 - Code Rant
Picture the situation. You've just spent 2 days trying to figure out a bug that randomly crash your application. You've nailed it down to a memory corruption somewhere, and you finally find that it's due to an out of bound access to an array. A single little assert you have saved you hours of heavy debugging...
Continue reading...
Tuesday, September 22 2009
By Pixel on Tuesday, September 22 2009, 15:43 - Design Rant
I don't pretend I'm a very good gamer. Well, I ain't bad either, but I'm not a hardcode gamer. Doing the review of a game on a gameplay point of view is probably risky, and there's people out there who probably know way better than me.
But sometime game design failures are so flagrant that even a newbie like me in game design can spot them and would probably not have committed these mistakes. Or at least, I hope I wouldn't have. One recent case to me is Prototype, a nice game which is still plagued with some horrible game design decisions, especially control-wise. Another recent game, and that's the one I'm going to talk about today, is Sonic Unleashed.
Continue reading...
Saturday, September 19 2009
By Pixel on Saturday, September 19 2009, 09:32 - Code Rant
In my previous entry, I've been ranting about compiler bugs. I finally discovered that it's absolutely RedHat's fault. Their compiler is a bug pit of hell. I ran the latest gcc testsuite on it, and on Debian's compiler in order to compare. I've stopped after finding 15 bugs in the first batch of basic test, which is like one tenth of the whole list of tests. This is just not acceptable. RedHat's compiler is deliberately buggy, maybe for the sake of "Backward Compatibility", but that's bullshit, especially since we're always writing crossplatform code. We're expecting that a piece of code that compiles and runs fine on one platform would also compile and run fine on a similar one. Which isn't guaranteed by RedHat. I'm now officially boycotting RedHat. Don't use their compiler, and don't use their distribution, because it's compiled with this compiler as well, so you can't possibly trust it at all. Don't bother with RedHat, it's a waste of time and money.
For your interest, here's a list of all the basic gcc bugs I've found active in RedHat's compiler. Again, this is not an exhaustive list, as I got fed up seeing all of these.
19606 28778 32244 33779 34971 35456 35472 36013 36077 36093 36137 36691 38151 38819 40404
UPDATE:
Well, it seems a retail 4.1.2 has them too. Well, not all of them. So I'd need to cross-check them. Well, whatever... RedHat's gcc still has more.
Friday, September 18 2009
By Pixel on Friday, September 18 2009, 14:17 - Code Rant
In his previous article, yazoo gives an example about why you shouldn't trust the compiler. But all in all, this is because of the user (you, me...), and not because of the compiler. Instead of saying "don't trust the compiler", we should rather say "don't trust your knowledge of the compiler", as a hint about the fact WE need to make the right code in input, and then we trust the compiler to do the right thing at the end, right ?
All in all, if some programmers won't trust the compiler about the optimization of the code, most programmers will trust it about the correctness of the code. Having a code that runs properly is usually way more important than a code that runs fast. So we trust the compiler religiously about its correctness, but we're wrong. Here's why.
Continue reading...
Monday, September 14 2009
By Yaz0r on Monday, September 14 2009, 11:50 - Code Rant
We will be starting a serie about the compiler myths. What people assume the compiler is doing, while the reality is way different. The first part is about static class initialisation.
Continue reading...
Thursday, September 10 2009
By Pixel on Thursday, September 10 2009, 22:58 - Geek Rant
UPDATE: Google finally released their navigation software
I was the proud owner of a non-smartphone for a long while, as I managed to resist buying one of these evil iPhones. When the latest "google phone" got released though, I couldn't resist to the temptation of getting one.
So now that I had this new toy, embedded with Google's Android, I told myself I should try getting a GPS navigation software, as the only GPS software shipped with it, Google Maps, doesn't do real time navigation. I didn't know then I was going on a quite hopeless, and expensive quest...
Continue reading...
Sunday, August 30 2009
By Yaz0r on Sunday, August 30 2009, 16:51 - Code Rant
Another notable game developer also tried to conceil its game data on the disc. The game's Kingdom Hearts 2. Their idea was to identify each file by the hash of its name. Smart don't you think? Well, not quite...
Continue reading...
Friday, August 28 2009
By Pixel on Friday, August 28 2009, 20:17 - Code Rant
What defines a good encryption ? Well, it depends on a lot of factors, including the fact if you're shipping or not the encryption algorithm with the encrypted data.
In the case of a PlayStation game, where the hardware doesn't have any built-in encryption system that'll keep the secret algorithm and keys in a safe piece of silicon, you have to be very good at embedding the algorithm, in order to try keeping people out of it as much as possible.
Of course, this is only valid if... the algorithm is actually sensible. Let's see what we have here in the case of Valkyrie Profile, a game that I hacked apart in order to create a french translation of it. Its authors tried to be smart and sneaky, but they failed miserably, probably because they actually tried too much, without proper background knowledge of encryption.
Continue reading...
By Pixel on Friday, August 28 2009, 17:17 - General
This has been a long, long time since I had the idea of this blog. We're finally opening it.
The two people behind it, Yazoo and myself, know each other since many years now. We met by discussing programming while being students, and we still discuss programming nowadays while being employed as seasoned programmers. Also, we're both passionate about reverse engineering.
The blog's name is very obviously inspired from Ron Gilbert's blog, http://grumpygamer.com/. The idea is to rant talk about programming in general, what we discover, what surprises us, and most importantly, what disgusts us.
Stay tuned, and enjoy the stay.