Omnimaga
Calculator Community => TI Calculators => ASM => Topic started by: ACagliano on August 05, 2010, 06:58:45 am
-
I'm sure all of you are familiar with the OFFBY1 virus, the prank program that makes the answer to any math problem you enter be one off. I am wondering if there is a way, in assembly, to install a hook that intercepts any math problem, and offsets the answer by 1.
-
Yes, I have some code lying around that did this, if you'd like to see it. My code most certainly will not be the generally accepted method for this... but meh.
Edit: Huzzah! I found it :D Like I said, my code is kinda wierd... in that it creates a ram hook as opposed to creating an app, and using that for the hook. Anyways, here it is. (Feel free to steal my ram hook code :D)
#include "ti83plus.inc"
appBackUpScreen equ 9872h
appbackupscreen equ 9872h
seed1 equ 9640h
OP1 equ 8478h
OP3 equ 848Eh
.org $9D95
;.db $BB,$6D ;this will be uncommented (the .db part, not this text) if you are not using asm8x
LD HL, myhook
LD DE,appBackUpScreen
LD BC, myhookend-myhook
ldir
LD HL, appbackupscreen
in A, (6)
bcall 4FABh ;Homescreen hook enable
bcall _Random
LD HL, seed1+2
LD DE, LFSRSeed
LD BC, 8
ldir
ret
myhook:
.db 83h ; Required for all hooks
OR A
JR NZ, End
LD HL, OP1
LD DE, OP3
LD BC, 11
ldir
call RandLFSR-myhook+appbackupscreen
CP 171
JR C, GreaterThan
LessThan:
call OP3toOP1r-myhook+appbackupscreen
bcall _Plus1
bcall _StoAns
CP A
ret
Middle:
call OP3toOP1r-myhook+appbackupscreen
CP A
ret
GreaterThan:
CP 86
JR C, Middle
call OP3toOP1r-myhook+appbackupscreen
bcall _Minus1
bcall _StoAns
CP A
ret
End:
cp A
ret
OP3toOP1r:
LD HL, OP3
LD DE, OP1
LD BC, 11
ldir
ret
;------LFSR------
;James Montelongo
;optimized by Spencer Putt
;out:
; a = 8 bit random number
RandLFSR:
ld hl,LFSRSeed+4
ld e,(hl)
inc hl
ld d,(hl)
inc hl
ld c,(hl)
inc hl
ld a,(hl)
ld b,a
rl e \ rl d
rl c \ rla
rl e \ rl d
rl c \ rla
rl e \ rl d
rl c \ rla
ld h,a
rl e \ rl d
rl c \ rla
xor b
rl e \ rl d
xor h
xor c
xor d
ld hl,LFSRSeed+6
ld de,LFSRSeed+7
ld bc,7
lddr
ld (de),a
ret
LFSRSeed:
.DB 0,0,0,0,0,0,0,0
myhookend:
-
I had one laying around too, optimized it a little though.
hook:
add a, e
or a
jr nz, quitZ
bcall(_Op2Set1) ;op 2 = 1
ld a, r
and %00000001
rrca
ld (op1), a ;neg or positive
bcall(_FPAdd)
quitZ:
cp a
ret
hookEnd:
And to make it epic, store it at smallEditRam, its a 108 byte area that no one ever uses. That way, it won't get destroyed.
-
I had one laying around too, optimized it a little though.
hook:
add a, e
or a
jr nz, quitZ
bcall(_Op2Set1) ;op 2 = 1
ld a, r
and %00000001
rrca
ld (op1), a ;neg or positive
bcall(_FPAdd)
quitZ:
cp a
ret
hookEnd:
And to make it epic, store it at smallEditRam, its a 108 byte area that no one ever uses. That way, it won't get destroyed.
Do you think that you could set it to store there and upload the .8xp for it? Or the hex. I use mac and I don't have any working assemblers.
-
I had to change ld (op1), a to ld (op2), a. I accidentally made the whole answer negative.
-
That works wonderfully. However, is there any way to turn it off? ;D
-
RAM clear, i assume
-
You could also use calcsys (or axe) to set the byte at smallEditRam to 0.
-
My personal favorite is to bring up the press to test menu and cancel. Just brining it up kills all hooks.
-
That's crazy. Why does it do that if you just bring up the menu? ;D
-
I have no idea. But it's really helpful when people bring me their calcs at school that have "Viruses." Basically some font hook gone crazy, sometimes on purpose.
PTT does have one fatal flaw though, it kills all hooks, but not OFFSCRPT. Which means make an OFFSCRPT that disables it, all you have to do is off/on and you're good to go.
-
I have no idea. But it's really helpful when people bring me their calcs at school that have "Viruses." Basically some font hook gone crazy, sometimes on purpose.
PTT does have one fatal flaw though, it kills all hooks, but not OFFSCRPT. Which means make an OFFSCRPT that disables it, all you have to do is off/on and you're good to go.
Ah, ok. Sorry to be so offtopic, but how do you get to the PPT menu again? Thanks. ;D
-
Left Right On.
Or 2 5 On, and 2 8 On
-
Thanks for that. Can't wait to test.
-
Hey. I have an idea that make make it more inconspicuous. How about have it sometimes output the right answer, sometimes the off-by-1 one, randomly.
-
Maybe it could be advanced badness, like if the answer is within -50 to 50, dont do anything because user would notice. If the answer has a decimal part larger than 5 digits, change the 100s place. If the number is larger than 10000, and not a power of 10, mess with the 1's place. Or multiply the answer by 2 or something :P
-
I have thought about doing that for a long time. The reason I never did it is because 1. I'm too lazy, and 2. that could actually really cause problems. I look at the off by one as a joke, but that would be so unnoticeable that people wouldn't turn it off and would end up losing points on tests.
Like for instance when I put my friends float on 0 (I know it's not called float but calling it float causes the least problems). He took a test and thought that all the problems conveniently came out even. I tried to tell him while he was taking it but he didn't understand. Luckily I told him afterwards that someone else did it and the teacher didn't take off. But the off by one would just make someone look incompetent.
-
My friend at school constantly ends up doing something similar to the float 0 thing. He's gotten quite a few (~25%) points taken off because of the float 0 thing. I think his solution was something crazy like a program that changes all the settings to the default. Idk. I've never run into that problem personally.
also, @the hook thing. I've thought of roughly the same idea before. If I knew more about floating points, I'd do something like that. But I agree that it would be quite evil :P