Author Topic: Hacking into the .g3p/b format [HALTED]  (Read 20123 times)

0 Members and 1 Guest are viewing this topic.

Offline helder7

  • LV4 Regular (Next: 200)
  • ****
  • Posts: 185
  • Rating: +33/-1
    • View Profile
Re: Hacking into the .g3p/b format
« Reply #15 on: March 07, 2012, 06:54:25 pm »
I made some interesting discoveries

the .g3p/g3b file save the vwindow, xmin, xmax...





Offline SimonLothar

  • LV4 Regular (Next: 200)
  • ****
  • Posts: 129
  • Rating: +35/-1
    • View Profile
Re: Hacking into the .g3p/b format
« Reply #16 on: March 11, 2012, 12:30:36 pm »
Anyone skilled in disassembling PC programs like the Casio image converter? Because I'm not... :P
And Simon doesn't seem to be interested in reverse-engineering the CAPTURE routine.

In the worst case, this could take us another year.
The Prizm OS detects the CG10 via syscall 0x1196, which checks for the byte at 0xA0000305 to be 0x5A.
When opening a g3p-file the "Invalid Type"-message (msgno 0x3E) appears, if syscall 0x1196 detects a CG10.

Hence a byte inside of syscall 0x1196 would have to be modified.
At the moment I do not see another way to bypass the CG10-restriction.

BTW: I'd rather not think about changing the byte at 0xA0000305.
I'll be back.

Offline fxdev

  • LV4 Regular (Next: 200)
  • ****
  • Posts: 177
  • Rating: +34/-6
    • View Profile
Re: Hacking into the .g3p/b format
« Reply #17 on: March 11, 2012, 01:15:14 pm »
Quote
At the moment I do not see another way to bypass the CG10-restriction.
OS modding is a last resort only.

I have another idea:
Instead of cracking the image checksum and changing the type ID (which is hopefully not required for decompression, because this would mean complete repackaging using zlib), couldn't we just modify the image converter to write the ID 0x3C1B instead of 0x789C before the checksum calculation takes place? Worth a try...

Holy crap, the image converter does not seem to be protected. ;D
« Last Edit: March 11, 2012, 01:38:50 pm by cfxm »

Offline JosJuice

  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1344
  • Rating: +66/-14
    • View Profile
Re: Hacking into the .g3p/b format
« Reply #18 on: March 11, 2012, 02:55:55 pm »
I have another idea:
Instead of cracking the image checksum and changing the type ID (which is hopefully not required for decompression, because this would mean complete repackaging using zlib), couldn't we just modify the image converter to write the ID 0x3C1B instead of 0x789C before the checksum calculation takes place? Worth a try...

Holy crap, the image converter does not seem to be protected. ;D
That might work, but this method is likely to be troublesome because of legal issues. Casio's converter is tricky to get, and I'm not sure if patching it is allowed.

Offline SimonLothar

  • LV4 Regular (Next: 200)
  • ****
  • Posts: 129
  • Rating: +35/-1
    • View Profile
Re: Hacking into the .g3p/b format
« Reply #19 on: March 12, 2012, 01:56:21 pm »
But I don't know if the Prizm adds extra security against modifications.
Obviously...it doesn't.  ;D
« Last Edit: March 12, 2012, 01:57:41 pm by SimonLothar »
I'll be back.

Offline fxdev

  • LV4 Regular (Next: 200)
  • ****
  • Posts: 177
  • Rating: +34/-6
    • View Profile
Re: Hacking into the .g3p/b format
« Reply #20 on: March 12, 2012, 04:33:55 pm »
So you wrote the first OS modifying add-in? Casio learnt nothing... :P
« Last Edit: March 12, 2012, 05:50:08 pm by cfxm »

Offline SimonLothar

  • LV4 Regular (Next: 200)
  • ****
  • Posts: 129
  • Rating: +35/-1
    • View Profile
Re: Hacking into the .g3p/b format
« Reply #21 on: March 14, 2012, 03:03:40 pm »
So you wrote the first OS modifying add-in?
Yes.

Casio learnt nothing...
I wouldn't state it this way. I did my first OS mod on a fx-9860G four years ago. Did not raise much general interest. I think it is reasonable that Casio did not bother.
I'll be back.

Offline DJ Omnimaga

  • Former TI programmer
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55876
  • Rating: +3151/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • DJ Omnimaga Music
Re: Hacking into the .g3p/b format
« Reply #22 on: April 02, 2012, 01:21:45 am »
Hopefully it is possible to convert images between both models in the future. The French Casio community is growing larger, but most people use BASIC for their games. As a result, about 50% of the existing PRIZM games only work on european models. :'(
« Last Edit: April 02, 2012, 01:23:58 am by DJ_O »

Offline flyingfisch

  • I'm 1337 now!
  • Members
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1620
  • Rating: +94/-17
  • Testing, testing, 1...2...3...4...5...6...7...8..9
    • View Profile
    • Top Page Website Design
Re: Hacking into the .g3p/b format
« Reply #23 on: April 02, 2012, 11:25:03 am »
I understand why you would want to hack the g3p/b format, but I just thought i would throw this question out: would it be very hard to make a viewer for common image formats? (*.bmp, png, jpg, tiff... maybe even svg O.o)



Quote from: my dad
"welcome to the world of computers, where everything seems to be based on random number generators"



The Game V. 2.0

Offline DJ Omnimaga

  • Former TI programmer
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55876
  • Rating: +3151/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • DJ Omnimaga Music
Re: Hacking into the .g3p/b format
« Reply #24 on: April 03, 2012, 02:28:08 pm »
I would actually like a tool to view calc images on the PC, like TI-Connect has. It's annoying to have to open a copy of the emulator then import the files to view them. X.x

Offline SimonLothar

  • LV4 Regular (Next: 200)
  • ****
  • Posts: 129
  • Rating: +35/-1
    • View Profile
Re: Hacking into the .g3p/b format
« Reply #25 on: April 04, 2012, 12:52:02 pm »
Obviously
"inflate 1.2.3 (Copyright 1995-2005 Mark Adler)"
is used to compress/decompress G3P files.
« Last Edit: April 04, 2012, 12:52:23 pm by SimonLothar »
I'll be back.

Offline DJ Omnimaga

  • Former TI programmer
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55876
  • Rating: +3151/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • DJ Omnimaga Music
Re: Hacking into the .g3p/b format
« Reply #26 on: April 04, 2012, 01:35:42 pm »
I meant one that is actually available for download for everyone (although Casio might not like that if the said tool can edit/save/compress images)

Offline SimonLothar

  • LV4 Regular (Next: 200)
  • ****
  • Posts: 129
  • Rating: +35/-1
    • View Profile
Re: Hacking into the .g3p/b format
« Reply #27 on: April 06, 2012, 03:26:23 am »
I meant one that is actually available for download for everyone
I agree, of course. But the prerequisite for such a tool is the knowledge of the algorithm. I am sure there are people around, who are more experienced in deflate/inflate-algorithms and faster in developing such a tool than me. BTW, I wonder if the deflate/inflate syscalls (f. i. 0x0821 and 0x0822 are involved) can be generally used on-calc to compress/decompress data.

(although Casio might not like that if the said tool can edit/save/compress images)
The inflate 1.2.3-algorithm (Copyright 1995-2005 Mark Adler) is no secret.
You can use it freely (For conditions of distribution and use, see copyright notice in zlib.h;http://www.raspberryginger.com/jbailey/minix/html/zlib_8h-source.html).
Though, perhaps they'll mind the bit-swapping like AAABBBBB <-> ~BBBBBAAA of the packed data block starting at offset 0xD0 to be unveiled. I am a newbie with deflate/inflate-algorithms (I hope I can change this in the time coming), but I do not think this bit-swapping is part of the inflate 1.2.3-algorithm. On the other hand bit-swapping is a general technique to camouflage information.
« Last Edit: April 06, 2012, 03:43:44 am by SimonLothar »
I'll be back.

Offline DJ Omnimaga

  • Former TI programmer
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55876
  • Rating: +3151/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • DJ Omnimaga Music
Re: Hacking into the .g3p/b format
« Reply #28 on: April 06, 2012, 11:38:25 pm »
Apparently the hacking of the g3p/b format topic seems to have made a group of Casio PRIZM coders in the calculator community worried, because of the consequences the release of such tool could cause to the Casio PRIZM community. Although I have good faith that anybody posting in this thread want this tool to be used only for program development or to allow Plan├Ęte-Casio BASIC games to be played on american PRIZM models, if this tool gets released publicly or even in the spam forum (which requires 500 posts), it will inevitabely fall under the wrong hands, eventually.

Personally, the only way around this that I thought is that once released, a trusted TI community member volunteers to convert images destined for programming use themselves, upon programmer/gamer requests, and that this person never release the tool anywhere. Otherwise, if released, I guarantee you that eventually someone will use it to cheat in tests or to stock porn in his calc. And even if that was to never happen, Casio will most likely worry that it will, and their reaction might be to lock down their calcs even more, potentially at the detriment of you good guys making games and useful tools for all of us. And sadly, Omnimaga and Cemetech did encounter their share of students asking help to cheat on tests before ( http://ourl.ca/15055 being an example, and see Calc84maniac's sarcastic response), and it was most likely even worse on other calc sites that aren't as programming-oriented as us, so even if that tool was only released privately to any member above 1000 posts, I am sure eventually it could lead to bad consequences. And this would be the last thing the community wants, especially when there are people trying to strenghten relations between Casio and the community.

The problem, though, is would anybody ever be willing to volunteer for converting people's pics himself (and filtering innapropriate ones)? My idea is that the pic request requires a link to the user's project in the works or a link to a FX-cg20-only game that he needs converted, so the person doesn't receive too many requests, but even then I worry this could be tedious for the person.
« Last Edit: April 06, 2012, 11:48:04 pm by DJ_O »

Offline ruler501

  • Meep
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2475
  • Rating: +66/-9
  • Crazy Programmer
    • View Profile
Re: Hacking into the .g3p/b format
« Reply #29 on: April 06, 2012, 11:51:06 pm »
DJ_O while that idea may work for proving to the calc companies we are not trying to cheat and just want to have fun and or make a good program. I think that it would discourage some people from making programs because they'd have to msg/email/ask someone to convert there images for them. I personally would rather have it released to the whole community even if it might make casio try to block it. I personally believe that even if we got past it and gave the conversion method to only a few people casio would still try to prevent it just because the proof that it can be done is out there and might make some test officials scared.
I currently don't do much, but I am a developer for a game you should totally try out called AssaultCube Reloaded download here https://assaultcuber.codeplex.com/
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCM/CS/M/S d- s++: a---- C++ UL++ P+ L++ E---- W++ N o? K- w-- o? !M V?
PS+ PE+ Y+ PGP++ t 5? X R tv-- b+++ DI+ D+ G++ e- h! !r y