Search This Blog

To adblock users

Hello! If you see this, you are most likely using an ad blocker. (Or maybe you have JavaScript disabled. Or maybe my web server is down.) I have no problem with ad blockers; in fact I use one myself. If a site tries to deny me access unless I disable it, I just find a way to circumvent that. But if a site politely asks me to do so, but still allows access to the site, I disable it for the site. I am asking you to please do the same for this site. I can't make you, but I would appreciate it. Thank you! :-)

Thursday, December 11, 2014

Make batch files open in the right directory in Windows

One thing I've always found annoying when working with batch files is that when I double-click one, it starts in my home directory instead of the directory that contains the batch file. I decided to look for a way to fix this, so I started experimenting in the registry a bit, and came across a solution. All you need to do is change the "command" entry for .bat and .cmd files from ""%1" %*" to "cmd /c cd "%1\.." & "%1" %*". Sound complicated? Just download the file below and open it, making sure to say Yes to any warnings.

Here's the file you need to fix the issue I described.

Use this one to go back to the old behavior if you change your mind.

Sunday, September 28, 2014

Hacking the Bose Soundtouch, and its Linux-based OS

Did you know that the Bose SoundTouch line of home stereo systems runs on an embedded Linux system, complete with a shell? It does, and I figured out how to access said shell. Keep in mind that I take absolutely no responsibility for any damage you may do, and while if you know what you're doing I don't see how anything could go wrong, I still don't take any responsibility if you do manage to mess something up.

First of all, you're going to need a telnet client. I use PuTTY myself, but if you're on a Mac or Linux, you can just open a terminal and use the telnet command. Now figure out your device's IP address. It will tell you this when you set up your device in the Soundtouch app.

The first step is to telnet to the device on port 17000. You should see a "->" prompt. At this prompt, type "remote_services on" without quotes (you shouldn't include quotes for anything in this tutorial.) The device will respond with "remote services on". At this point you can simply close the connection, but there's also some other interesting stuff you can do here. You can type "help" to get a list of all the commands this prompt supports, or click here to see it on Pastebin.

Anyway, that command you just typed enabled remote shell access to the device. According to the aforementioned help screen, that command is "volatile", which I assume means if you restart the device you'll have to re-enter the command on port 17000 to re-enable shell access.

But from here accessing the shell is simple. Just telnet to the device again, this time on port 23, the default telnet port. You'll see the following screen:

 _______ __           __ __
|     __|  |--.-----.|  |  |--.--.--.
|__     |     |  -__||  |  _  |  |  |
|_______|__|__|_____||__|_____|___  |


Simply type "root" and press Enter. Some information will be printed, and then you'll be greeted with "root@lisa:root#". (I wonder who Lisa is?)

Enjoy your newfound freedom to hack your device!

EDIT: Upon first suspecting the existence of a shell after looking at a firmware update file in a hex editor, I contacted support to ask how to access the shell. Shortly after I figured out this method on my own. But then they emailed me back and said they weren't allowed to tell me because the information was "proprietary in nature." Good thing I'm not bound by the same contractual restrictions as their support personnel!

Tuesday, September 16, 2014

I haven't died!

I just noticed I haven't posted to this blog in over a year! (Until now, that is.) That's never happened before. I think that's mainly because I've been posting things in other places, like on Twitter, and on my website (which, unlike this blog, is on my server! .....nobody remembers what I'm referring to, do they.....)

Wednesday, September 11, 2013

Perspective level editor download

As I have stated in my last post, I was recently given permission to release the Perspective level editor. In addition to the editor, this contains the entire game with its files extracted in a way where it's easier to mod.

Download the editor here:

Tuesday, July 02, 2013

Perspective level editor (now released!)

Screenshot of Perspective editor
UPDATE: I have finally been given permission to share the editor! This is the same version I've been using, with all of its bugs, as unfortunately it is no longer in development. See my next post for the download link.

I recently found this game called Perspective, made by some students at DigiPen. Anyway, after completing the game, I went looking through its files to see what could be modded. I was excited to see that all the game's files (with the exception of sounds) were in standard, well-known formats (PNG for textures, OBJ for models, etc.) and all the menus were defined as HTML code. All the files were located inside a file called Default.bin, which is actually a ZIP file with a different extension. To my disappointment, however, when I went to extract the files, I saw that for some reason they had decided to put a password on the archive.

I was curious, so I sent them an email. A little under a week or so later, I got an email from Pohung Chen, the lead programmer for the game. He explained that he encrypted the files because he believed modifying the game as it is would be, in his words, "quite sloppy". He later sent me a copy of the game without the files encrypted (or even zipped), as well as an early version of the level editor. I thanked him, and asked him if it was okay to post it anywhere, and unfortunately he said no (outdated). He did, however, say that they plan on releasing it at some point in the near future. Sean Reilly, another programmer, also contacted me, and has been helping me out with the editor, which according to the About box, is still "pre-alpha".

"Pre-alpha" is a good way of describing the editor. It crashes quite often, and it's obvious it's not quite ready for release. It's still usable, however, with frequent saving. Anyway, I'll go over how the editor works, so you know what to expect once it's officially released. The screenshot above shows "The Machine", the final level in the game, opened in the editor. The left side shows a list of every level in the game, including many which were cut and are impossible to play without enabling the level select menu. (There are actually some pretty interesting levels in there. One of my favorites is called "Stairs", which took me a while to figure out.) Any level can be opened and edited by double-clicking it in the list, and once it's loaded, it expands to show every object in that level.

The panel on the right is referred to as the "editor window". The Properties tab (pictured) shows the properties of the currently-selected object. For most objects the properties do not need to be messed with, but they can be used to change the texture, for instance, and to make the object rotate. The Objects tab shows a list of every object that can be placed in a level. It is a simple tree view, similar to the one on the left, and shows all the objects in different categories. An object can be selected in the list, and then placed in the level by clicking. The Groups tab lets you save groups of objects in the level to be easily selected all at once later, and can even be used to save several objects into a single object which can be directly placed, similar to a prefab. The Rails tab lets you edit lists of fixed camera positions to be automatically moved to. This is really only used once in the game—in the third level of "Orthographic" when the camera moves to create a path to the exit. Last but not least, the Cameras tab lets you change what determines the point of view shown in the editor. The vast majority of the time you'll want this set to "Editor camera", which lets you move the camera independently of anything else. You would want to change it, however, if you're positioning something like the 3D player starting position.

Each level is built out of premade models. It's very much like building dungeons in Skyrim's Creation Kit. Of course, it's quite easy to import your own models, as it's only a matter of exporting the model to Wavefront format and creating an entry in the object list for it. Objects or groups of objects can be moved, rotated, and even scaled like in a 3D modeling program. They can also be duplicated when moving them by holding Shift. One of my favorite parts of the editor is the fact that you don't need to start the game and load the level manually to test it. There's a "play" button right there, which instantly opens that level in the game. It's even possible to test a level without saving it first (though again, it's a good idea to save frequently considering how often it crashes.) Moving objects (not just rotating) can be created by using keyframe animation in a timeline window at the bottom. Any numeric property can be animated this way; even the colors of lights.

Anyway, I'd very much like to release this editor right now, but unfortunately the developers have asked me not to. And while a buggy, crash-prone editor is better than none at all, it's not quite ready for release yet. Again, it crashes very often. I just posted this in case anyone was curious about how the editor will work once it's released. I certainly was before I found out. By the time it's released, hopefully all the bugs will be fixed!

Monday, March 18, 2013

Github repository

You might be interested to know that I've created a repository on Github for posting some of the miscellaneous C programs (well, it's all C so far) I write.

Access the repository here:

Please note that this means I'm probably also not going to post them all here anymore. Just keep checking the repository.

Friday, February 01, 2013

Disabling Mathematica's "Locked" attribute

In Wolfram's Mathematica, there's an attribute called Locked which, when set, makes it impossible for the end-user to change that symbol's attributes, including by removing that attribute. (Note that I use the word "impossible" loosely.) Now this is a problem, because there are other attributes that do things like prevent Mathematica from showing you the source code to functions. To make matters worse, it contains a function that encodes Mathematica package files in a way that Mathematica is able to execute, but won't show the user, which makes it difficult to remove the offending lines of code.

Mathematica 9 was recently released, and unfortunately this does not work anymore in Mathematica 9. (See below for an experimental method for version 9.) If you have a copy of Mathematica 8 or earlier, however, you can prevent this attribute from being set on imported symbols. You simply need to take advantage of a loophole in the way Mathematica imports package files, encoded ones included.

Normally, when you load a package file, you do something like Get["package.m"]. When you do this, it keeps user definitions of symbols, and respects them when reading in the source code. So all we need to do is redefine Locked to an empty Sequence, so it will be automatically omitted from any lists it appears in. The Locked attribute is protected, but isn't itself Locked until Mathematica 9.

Here's the code you need to run before loading the package (put it in your init.m):

Locked = Sequence[]

Now the package will be imported with everything unlocked.

One potential problem with this is that a clever programmer might see this coming and remove your definition of Locked at the beginning of the package. We could Protect it, but the package could still Unprotect it. Say, isn't there an attribute that prevents this?

In case it wasn't obvious, the solution is to Lock your new definition of Locked. I love the irony here, by the way. But remember, we redefined Locked to be harmless, didn't we? So the solution to this is kind of tricky.

Mathematica includes a function called Block. What this function does is let you execute code using temporary values for variables which are then reset to what they were before. If no value is given for a variable, it temporarily clears that variable's definition. Normally this function resets the symbol's attributes as well, but it doesn't if the Locked attribute becomes set during execution, so this still works.

So the new code would be:

Locked = Sequence[]
Block[{Locked}, Attributes[Locked] = {Protected, Locked}]

Now when the package loads, you'll probably see something like this, but the package will still be imported just fine.

Protected::locked : Symbol Locked is locked.
ClearAll::locked : Symbol Locked is locked.

All that's left to do now is un-ReadProtect the functions you want to see. Now that they aren't Locked, this won't be a problem. Have fun! :-)

Edit: In hindsight, it may be possible for a package to do the same thing with Block. I imagine I would have tested that, but I don't remember for sure, and unfortunately I don't have Mathematica 8 installed anymore, so I can't test now to be sure. Luckily, however, the method described below should work as well.

Update: It is also possible to actually rename the Locked attribute internally, which does work on Mathematica 9, as well as 10. This does have some side effects however; for instance, if a package tries to add that attribute using SetAttributes, none of the given attributes will be added. But at least you'll still be able to un-ReadProtect whatever you want. All you have to do is open mathdll.dll (located in [your Mathematica install directory]/SystemFiles/Kernel/Binaries/[your platform folder]) in a hex editor. Then search for the string "Locked" in the file. Make sure it's not part of something longer, like "LockedStack". Find one where it just says "Locked". Then just change it to some other six bytes that won't get in the way.

Yet another workaround: If you just want to see the definitions of functions, encasing the package's Get in Trace[] will also show some definitions, based on my testing. The ideal solution, of course, would be a method of decoding packages encoded using Encode, but I haven't been able to figure it out.