Game Boy Zelda Comes With Source, Sort Of

Jamie found a fun story about a 90s Zelda Game Boy ROM that shipped with the source code- not so much on purpose, but more because the linker padded out the last meg of ROM with random memory contents, which happened to include game source code.

Avoiding the malloc()

[kcbanner (929309)]

I guess the only way to really avoid the malloc() calls grabbing your source code would have been to compile, then reboot to link...so the extra data thats padded on the end of the ROM image would just be your emtpy RAM contents.

Re:

[by Anonymous Coward]

Or you could, you know, manage your memory properly.

Re:

[MBCook (132727)]

Am I missing some reason that you can't just pad with 0s or 1s? Why bother with random data?

Re:Avoiding the malloc()

[simcop2387 (703011)]

thats what calloc is for, it'll clear it for you, malloc just gets it.

Re:Avoiding the malloc()

[simcop2387 (703011)]

it was filled with things in ram, most likely because malloc was used to get the ram needed to link the image, and they didn't bother to clear it, calloc would have cleared it for them

Re:Avoiding the malloc()

[billcopc (196330)]

When you're a ROM developer, you don't think in such terms. It's all about mapping this and interleaving that.

Rather than writing the extra few lines to calculate the padding required, set up a 0-filled buffer and truncate the first (or last) buffer, rounding up the fwrite call to 2mb requires 0 extra lines.

Besides, they don't expect many people to actually look at the ROM code. This emulation craze is fairly recent.

Re:Avoiding the malloc()

[Carrot007 (37198)]

> This emulation craze is fairly recent.

What? I really mean it what?

I remeber running sonic (megadrive) on a low end pentium (133) back in the day, albeit with no sound.

I also remeber using various earlier emulators on my amiga before that (speccy and such).

Maybe you have a differnet definition of recent than me though.

Re:Avoiding the malloc()

[by Anonymous Coward]

"Maybe you have a differnet definition of recent than me though."

No, he just apparently has a different definition of "craze" to you. Being the only person in your state to emulate a megadrive on a low-end Pentium without sound doesn't mean that's when the emulation craze started. That was just you pushing the boundaries of what was available at the time. The average gamer wouldn't have understood you back then if you said the word "emulation" to them.

Only in recent years have so many people been emulating earlier consoles and arcade games on their home PCs, with pretty faithful representation of the original experience.

Re:Avoiding the malloc()

[PhoenixFlare (319467)]

Same here, I used to run all sorts of SNES games in ZSNES on a 200 MHz Pentium, at normal speed. Heck, I even managed to get a NES emulator running on a 20 MHz 386 with 2 megs of RAM....Only at about 30% speed, but still.

Re:

[Dogtanian (588974)]

A pentium 133 is recent compared to this. When I got my Gameboy my PC was a C64

That as may be, the game in question was released in *1998*. I bought my Pentium 233 PC that same year- and even then there were much faster processors available.

Re:Avoiding the malloc()

[kevmatic (1133523)]

First release of Zsnes was in 1997. It was designed to run on 486es, and was written in heavily optimized ASM.
NESticle was also released in 1997. These pretty much sparked a craze, and lead to the creation of the Emulation Community and its Golden Age was pretty much in full swing by the middle of 1998.

It has pretty much died, but Zsnes is still under very active development and the new pSX Emulator has revitalized Playstation emulation since ePSXe hasn't been updated in years and leaves MUCH to be desired.

http://www.romhacking.net/ [romhacking.net] for info on ROM hacking.
http://psxemulator.gazaxian.com/ [gazaxian.com] for pSX Emulator. Try it!

Re:

[iamhassi (659463)]

"That as may be, the game in question was released in *1998*."

actually the color-added version was released in 1998 but the original came out in 1993 [wikipedia.org], and since you can play the 1998 version on the old monochrome gameboy methinks it's not truly a title that was entirely redone for the gameboy color and it makes me question whether this left over code could also be found in the 1993 monochrome version of Link's Awakening.

Not a programmer are you?

[EmbeddedJanitor (597831)]

memset(ptr,0,size)

Re:

[antime (739998)]

Malloc isn't the only culprit - some old DOS-era linkers would directly allocate disk blocks but not clear them, so whatever old content that wasn't overwritten remained in the final binary.

Re:

[arashi no garou (699761)]

I'm pretty sure the laughing was due to the name of the engine and not the question of its efficiency or practicality. Personally I am a fan of rotary engine technology.

Deja Vu

[hlomas (1010351)]

News Post Comes With Article, Sort Of

Whoops...

[foldingstock (945985)]

Awesome. :) This must be why they always say not to code whilst drunk.

Re:Whoops...

[mouse_8b (854310)]

Awesome. :) This must be why they always say not to code whilst drunk.

Who says that? They should be shot.

Re:Whoops...

[JensenDied (1009293)]

Someone has never heard of the Ballmer Peak [xkcd.com].
Windows ME is why they say not to code the entire project smashed though.

Air Fortress (NES) had exact same issue!

[Dwedit (232252)]

Air Fortress [rustedmagick.com] (Famicom version) also included a portion of the source code due to not clearing memory before linking.

Re:Air Fortress (NES) had exact same issue!

[Indefinite, Ephemera (970817)]

There was also a chunk of code discovered in Secret of Evermore. [datacrystal.org]

Not true

[Megane (129182)]

Now the site is Wordpressed (like Slashdotting, only the other way around) and you can't get to it, but one of the last posts before it died pointed out that this was from a trainered version. That's where someone adds cheat code to a ROM. As it turns out, the original doesn't have any of the code in question. Dissassembling for the purpose of adding cheats is a completely sensible explanation of the code that was found.

The moral of the story? Start with a known clean dump (look for the "[!]" tag) before assuming that the introns were in the original game.

Re:Not true

[Kjella (173770)]

Now the site is Wordpressed (like Slashdotting, only the other way around) and you can't get to it,

Uhh, the wordpress site is down and slashdot is up - that's a classic slashdotting. A "wordpressing" would be if the wordpress blog linked to slashdot, and enough people came to slashdot to bring slashdot down (good luck on that).

Re:Not true

[Bert64 (520050)]

Yes, wordpress is rather inefficient...
How do php accelerators such as eaccelerator affect it, and what level of hardware would you need to handle a significant load of wordpress hits?

Re:Not true

[stoolpigeon (454276)]

well he did say it was from digg- no need to be redundant.

Partially Not Not true

[hxnwix (652290)]

Now the site is Wordpressed

When slashdot brings down a site running Apache, we call it slashdotting, not Apache-ing. When slashdot brings down a site running wordpress, we call it slashdotting, not wordpressing.

the original doesn't have any of the code in question

Are the other games mentioned also trainered?

"X-Men - Wolverine's Rage" (MD5: b1729716baaea01d4baa795db31800b0), which contains Windows 9x registry keys and INF files, "Mortal Kombat 4 (MD5: 7311f937a542baadf113e9115158cde3), in which you can find some small source fragments, "Gift" (MD5: e6a51088c8fea7980649064bd3a9f9ff), which will tell you that the developers had some Game Boy emulators installed on their system, or the "BIT-MANAGERS" games "Spirou" (MD5:5aa012cf540a5267d6adea6659764441, Turbo C, MAP file, source) and "TinTin in Tibet" (Game Boy Color version, MD5: 8150a3978211939d367f48ffcd49f979), which, amongst other things, contains references to Nintendo's Game Boy Advance (!) SDK ("C:\Cygnus\thumbelf-000512\H-i686-cygwin32\lib\gcc-lib\thumb-elf\2.9-arm-000512, "/tantor/build/nintendo/arm-000512/i686-cygwin32/src/newlib/libc/stdio/stdio.c").

Re:

[dattaway (3088)]

Wordpress has rightfully earned this term. Wordpress is so script intensive that nearly every web page on a server farm, that a few concurrent hits causes the load average to soar. Wordpress may be responsible for a significant portion of electricity usage in data centers. Want to kill every virtual account on a server? Install Wordpress.

Re:Partially Not Not true

[ConceptJunkie (24823)]

Now the site is Wordpressed

When slashdot brings down a site running Apache, we call it slashdotting, not Apache-ing. When slashdot brings down a site running wordpress, we call it slashdotting, not wordpressing.

Except Wordpress comes pre-Slashdotted for your convenience.

Re:

[eulernet (1132389)]

Agreed.
The 'disassembled' routines are simply a filling routine with register D and a copy routine.
As a Z80 developer, you really don't need to disassemble this kind of routines.

I guess the source code parts come from the intro, and its coder was not very good either. For example: CALL/RET instead of JP or disassembling a copy routine, and keeping it called L_B000_2914.

This is a non-story

[Dwedit (232252)]

This is a non-story. This only applies to a specific Pirate ROM Dump of Zelda DX. The clean dump does not contain any embedded source code.

It happens

[Diomidis Spinellis (661697)]

This used to happen more often than one would expect. In the 1980s I found portions of Ashton Tate's Framework II source code in "blank" sectors of floppy disks containing printer drivers. Those were the days where:

• each application came with its own display and printer drivers,
• people were using floppy disks to move around source code, and, worse,
• other people had enough free time to trawl "blank" sectors for interesting tidbits.

Re:It happens

[urcreepyneighbor (1171755)]

other people had enough free time to trawl "blank" sectors for interesting tidbits.

Eh? I still do that.... Then again, I am urcreepyneighbor....

Re:It happens

[PCM2 (4486)]

A company I worked for once participated in the beta test program for Adobe Illustrator ... I think it was version 7. We were primarily a Mac shop, so we were using the Mac versions of the CD-ROMs they sent us. One build they sent us had a funny property... when you put the CD-ROM in the drive, the Trash can would turn full. Oh but wait -- before you old Mac people start going "ho ho ho," there wasn't actually anything important in the Trash can. But that's when I noticed that a couple of extra folders would appear on the desktop, too. ;-) In one of those was about 340MB of source code for Adobe Illustrator, Dimensions, Streamline and some other stuff.

About four days after we received this particular build (and I had noticed its interesting attributes) I got a call from Adobe:

Adobe: There are problems with the latest build of Illustrator. We need to recall those CD-ROMs immediately.

Me: Gosh ... sounds bad. Problems?

Adobe: Yes. We will be sending you a prepaid FedEx return envelope. It's extremely important that you return those discs to us right away.

Me: I see. Oh, my. Look ... can you tell me what the problem is? It's not a virus, is it?

Adobe: I can't really say. It's a technical issue. But if you've installed Build 378468434 on any of your equipment, you should un-install it right away.

Me: Oh, dear. Oh, dear oh dear. I will do so, ma'am, immediately. It ... it wouldn't damage any of our systems, would it?

Adobe: Um... you should be OK. But, just to be on the safe side you should be sure to uninstall it from any of your machines and make sure you send those CDs back to us right away.

Me: Yes ma'am, will do.

Adobe: Thanks, have a nice day.

Me: (pushes eject button on CD-R burner, grabs a Sharpie)

Re:It happens

[Deadstick (535032)]

Ashton-Tate wasn't above having somebody ELSE's code in their products either. When they wrote the "laser burn" copy protection routine for dBase III, they needed to put a hook in the BIOS -- which wasn't so easy in those days of expensive memory, because the BIOS used to run directly from ROM instead of being shadowed out into RAM. So they wrote their own BIOS -- by which I mean, they copied some 700 bytes of the IBM Fixed Disk BIOS (which was published in the PC-XT user manual), added the hook, and then hid the dirty deed under an encryption routine that was absurdly simple (although very tedious on a floppy machine) to penetrate.

It was obvious they knew they were writing a pirate product, because they went through the code and swapped arithmetic and logical shift instructions wherever they were certain to produce identical results, presumably in order to get the fraction of identical bytes down.

rj

Not too uncommon

[0123456 (636235)]

One of the 'Elite' sequels was shipped with a swap file on the CD-ROM. Opening that swap file with a text editor showed it included much of the C code for the game, which presumably must have been swapped out while they were compiling at some point and then copied to the CD by mistake.

From what I remember the installer copied the swap file to the hard disk, but the first patch either deleted it or zeroed it :).

Re:

[rucs_hack (784150)]

I bought a bbc model B just to play elite when both where pretty new, and found a text record of a conversation in the BBCs CMOS (think it was there, that was what I was playing with when I found it).

It was two guys sending text back and forth talking about the legs on a woman who'd just entered the office. It was pretty well buried. I'm guessing they just forgot they'd been clowning around and it got left in when the BBC was put into production. I did write it down at the time, but this was in the eighties

Re:Not too uncommon

[vranash (594439)]

Having that game (Which was actually Bethesda's Sea Dogs 2 rebadged before release.) It had a *TON* of files with it, although I think they were lua-scripts or something, not actual c-code. Regardless they had a lot of options available in them for modifying core components of the game. You could change your characters starting stats, name, ship type, etc. Given the somewhat frustrating land-side swordplay, I ended up having more fun tweaking the game than playing it.

Having reminded me, I may have to dig it out sometime soon and see what else it's got going.

There's more

[Kayamon (926543)]

Golden Axe 2 (the arcade ROM) has a good chunk of it's source code contained in there too, including the source for it's security routine (oh the hilarity...)

And the PAL version of ICO (PS2) had an objdump of the entire ELF on the disc, which is basically a disassembly with full symbol information.

In 1978, on cassette tape

[localroger (258128)]

As a kid I had a surplussed computer called the "Interact Model R." All of the game tapes were 8K even, and at the end of many of them I found commented 8080A assembly code for other games and the BASIC interpreter that was supplied with the system (yes, it was on tape for this machine). Starting with 200 lines of source I would eventually reverse assemble the entirety of what I later learned was Tiny BASIC.

Does anyone else...

[achenaar (934663)]

find it amusing that this happened because of the Link-er.
I can't be the only one...
Can I?

I'll get me coat.

FoxPro

[by Anonymous Coward]

Posted anonymously to hide my shame of working with visual FoxPro.

FoxPro, I discovered after shipping our product for 2 years, didn't really compile anything when you made an .exe It just included a runtime and the source code in the .exe file. If you looked at it ina hex editor, there was the full source code, complete with comments. Apparently there was an option to scramble the source code. The guy responsible for building the installation didn't do that.

Beatmania Best Hits

[Myria (562655)]

As for the source code in the ROM, check out some of the comments on our site. The slashdotters above commented on it above. This post is from months ago, too - why on Slashdot now?

Anyway, A Japanese PlayStation game named "Beatmania Best Hits" came with the complete source code to "Beatmania 5th Mix", another PlayStation game in the same series. Supposedly, it was complete enough to actually compile and run.

PlayStation games of the era had to have a ~30 meg file of zeros on them at the outer edge due to a problem with the drive. These were known as "DUMMY" files. Some unknown sneaky programmer at Konami put an LZH archive containing 5th Mix's source code as the DUMMY file. (The contents of the file didn't technically matter, it just had to be at the outer edge.)

opensource

[Paul_Hindt (1129979)]

Dude, get this...I downloaded this game, I think it was called Quake 3...well, I started poking around on their website and found all the source code! Crazy huh?

Reminds me of Weitek

[Ungrounded Lightning (62228)]

This reminds me of one of the several oopsies that led to the demise of Weitek. (This one wasn't the last straw. But it was a pretty big bale.)

An administrator decided that, to save money, those darned resource-wasting engineers would be limited to one new floppy disk per week.

So floppies got reused a lot. And of course eventually somebody got sloppy.

The master for one of their graphics driver distributions was built on a recycled floppy disk. Of course the old files were deleted, rather than the disk being reformatted with a surface-analysis (and data wiping) pass. And of course this master was sector-cloned for production.

Turns out the entire source code for the drivers had previously lived on that disk - and many of the algorithms that made the product cutting-edge were either in the driver or had enough info in the driver source about what the chip was up to that it made reverse-engineering a snap.

So just apply any of several "undelete the lost files" tools to any copy of the distribution disks and you could recover pretty much the whole source code, comments and all.

Shortly after this, the best of Weitek's cutting-edge algorithms became industry standards.

That's one of the characteristics of Trade Secrets. Once it's no longer a secret (especially if the owner managed to leak it himself), it's public domain.

Re:Malloc clears?

[0123456 (636235)]

"What do they mean by clear the memory? Because when I malloc() (and not calloc()) I seem to get whatever was there before.."

But you don't get anything from another process. When malloc() runs out of memory and asks for a new chunk from the operating system, a modern system will usually zero the block that it returns, whereas some older operating systems (e.g. MS-DOS, I think?) would just give a pointer to a chunk of free memory which could still contain any data that the previous user had left in it; that could be any program which had previously run on the machine.

When you free something and call malloc() again afterwards, you may well get a block with old data from your program. But in most cases you won't get a block with old data from a different program.

The same applies to disk files; with some operating systems in the past you could open a file, write a byte a megabyte into the file and then read a megabyte of old data preceding it in free blocks which had been allocated to you and not cleared. That was obviously a big potential security hole, so most modern operating systems will zero all the data in the file instead (more precisely, they'll probably allocate a sparse file which will return zeros from areas which haven't been written to).

Re:Malloc clears?

[mikael_j (106439)]

I think you're giving MS-DOS too much credit when it comes to memory management. Basically, it was single-tasking so you could just use whatever memory you wanted to.

/Mikael

Re:Malloc clears?

[Tony Hoyle (11698)]

It's not even zeroed.. it doesn't exist.

When you first malloc memory you get a page of memory that's set copy on write and backed from a special page in memory with nothing but zeroes in it. It's only when you first use the memory that physical memory is actually allocated.

Re:Giving up.

[ceoyoyo (59147)]

"Stuff that matters" is sarcastic.

Actually, I've noticed that lately it says something about going outside. Also sarcastic.

Re:

[tepples (727027)]

So the GameBoy Advance SDK uses MinGW32 and Newlib? Neat!

Because so does the unofficial devkitARM [devkitpro.org] used by homebrew developers on GBA and DS.

Re:The Bible

[Tweekster (949766)]

I want those 2 minutes of my life back.