62 comments

[ 2.7 ms ] story [ 115 ms ] thread
The web site is unusable on iOS.
Content blocking made it work for me
Safari Reader View fixed it for me.
Yes, but my first reaction in such cases is usually to leave the page, rather than searching for options.
The term “peak hackernews” gets bandied about quite a bit lately. I’m here to bandy it a bit more. This is peak hackernews. Somebody writes up how they managed to play doom on a fucking polycom, and the reaction is to dismiss it because it isn’t immediately readable on an iphone. This kid wrote a graphics driver for a twenty year old phone, but hackernews can’t be bothered to view the site in reader mode or grab their laptop.

At least I’m assuming they wrote a graphics driver. I don’t know for sure because the article won’t load for me.

Yes they wrote a keyboard and graphics driver.

And yes the irony is strong in OPs comment. May be we will see "how I browsed some random website that loads every where else but ios" in 4 years.

Yeah I ain't enabling JavaScript to run that app
Looking at the page source doesn't reveal the content either, so count me as another possible viewer the author has managed to attract, but then promptly lost.
Why is everything JavaScript these days aaaaaa
(comment deleted)
Funny how two people can hack two separate home phones to run DOOM without realizing it until after the fact. For perspective, I posted a blog article about modifying a CaptionCall phone to run DOOM at the same time [1] as this was posted! What a unique coincidence!

1: https://joshumax.github.io/general/2021/08/11/running-doom-o...

Amusingly I see this happen all the time in the information security domain. Two researchers coming out with the same results at basically the same time and they were isolated and doing the work independently. It happens in science and other areas so often. It’s an interesting phenomenon for sure. Maybe someone has named it and thought more about it. I just imagine we are all primed with roughly the same information and resources and these lovely little coincidences pop up from time to time, relatively often.
I found it amusing that this time, both the article submitter and the second person to do a similar hack are named Josh. Perhaps that's slightly less common.
Synchronicity?
Serendipity perhaps? As an aside, it's one of my favorite words. In my opinion it's a beautiful configuration of letters that's sounds lovely when saying it, and the meaning of it is equally wonderful. As a word, it makes me happy.
What happened to "Cellar door"? :-)
It’s also quite capable, sporting an ARMv7 i.MX6 Quad SoC, 4GB of NAND, and a whopping 1GB! of DDR3

I guess as a follow-up challenge, you could try to run Android on it.

I mean, Newton and Leibniz figured out calculus at the same time in slightly different ways. It is common enough, but still a nice coincidence when it happens.
It’s almost as if Doom were a go-to example to demonstrate running arbitrary code on obscure devices.

https://i.reddit.com/r/itrunsdoom

Yes, there’s a long history of it ever since the source code was either open-sourced or just made public.
Bolyai and Lobacevskij, again and again!
I enjoyed this writeup. I always love seeing the lengths dedicated hackers will go to in order to accomplish something most other people wouldn't even consider doing.

The little tricks it takes to get something working in ways nobody really considered or accounted for.

I dunno, this kind of stuff seems like wizardry to me, yet when I read things like this, it makes it seem so easy and inspires me to try tinkering with things.

Yes, I appreciate the level of detail and the explanation of the thought process as he tried to break into the system. It really gives me a feel for what it's like and makes me think, "Hey I could learn how to do that."

I'd love recommendations for similar stories, if anyone has anything to share. I can't find it now, but I read a few blog posts by a guy who was starting to get into electronics (and helped out with the Burning Man Rainbow Bridge) and those posts have me the same sense of "oh, so that's how it works."

Reading this was a ton of fun. It captured the joy and sense of discovery that comes with figuring out how to do something you really weren't meant to do.
I like the tweet,

“please forgive me, this game came out before I was born”.

Wow, the only games I can think of that apply to me and maybe some of you are what, Pong and Space Invaders?

Thanks for making us feel old !

I've been looking at nostalgic videos of Amstrad CPC and Amiga 500 stuff from when I was a kid. Indeed. "Wasn't even born"... generally stuff after 1985 is what I remember. TMI for my old(ish) soul :)
The Commodore/Amiga meetings at my local mall every Sunday afternoon in the 80s are the most entertaining and instructive time I can remember from my youth. Quite literally changed my life looking back on them!
Lemmings comes to mind, one of my favorite oldies
If you want to know what the state of computing was when you were born, visit the computer history museum timeline. For 1968, it was the year of the Apollo guidance computer, Kubrick’s 2001, Dijkstra’s “goto considered harmful” and “the mother of all demo’s”. Not bad.

https://www.computerhistory.org/timeline/1968/

Around 10 years ago i worked in a company that had lots of software and physical VOIP phones. One of the models of phone had a pretty nice colour screen on it. I forget the brand .. it might have been polycom.

At that time I was very much into nmap'ing everything and noticed that these devices had all sorts of interesting ports open including telnet and ftp. FTP was read only for anonymous but it was trivial to download and crack the passwd file and discover that the admin password was something like 1234. My colleagues and I only got as far as showing images on the screen to surprise people but my imagination was running wild with the surveillance possibilities (let alone doom!).

This was one of my first glimpses as how bad security on commercial embedded devices can be.

Interesting. Do you think these phones were made that way by design? I am having a real hard time believing people with capability to produce these products are unable to secure them in any meaningful way.

Maybe I'm just too cinycal

IME, it is sort of by design. I have worked for a number of companies developing forms of embedded products. It often felt like nobody really felt like the product was 'complete' until we were 8 or so major releases into things. So you wind up with things like SSH, FTP, etc. either directly enabled, or easily enabled via a not-very-well-hidden method to allow the dev or support teams to get into devices that were not behaving properly in the field so that they could diagnose/fix issues.

It's only been about the last 4 years or so that companies have started to realize the risks in operating this way, and I feel that a lot of that has been brought on by the end-user/buyer organization starting to require cyber security audits and asking more questions about cyber security during the buying cycle.

Indeed. The biggest immediate risk to a newly developed product is that it won't even have any users, much less a sufficiently interested attacker. So why add initial obstacles for yourself, right? So yeah, if effort to increase security is not valued by the buyer it ain't gonna happen.
Yawn.
I, for one, did positively learn notions and tricks from the article.
Yep. I had no idea sourced scripts don’t need execute. Once they were pushing files up there I snarked to myself “psshhhh good luck running them!”
If he could get to a bash prompt or get exec() access he could run scripts without +x too...

exec('bash path/to/supposedly/unexecutable/script.sh')

Yeah - is this a security issue?
Considering that’s what they used for bringing up dropbear. I would think yes!
That's harsh.

The author seems like the kind of genuinely curious hacky people we need more of. Abstractly, this is not a ground breaking accomplishment, sure, but it was a pretty nice writeup with some good notes on the methods he used to find and exploit vulnerabilities and make this work.

Reading the comment about lack of audio at the end, I'd be quite amused to see a phreaking exploit where you could dial into an office phone and have it boot up Doom, playing the audio through the headset.

They're all networked too, so you could potentially support multiplayer.

This is true hacking. Reminds me of 2600 or other 'zine writeups from back in the day: good-natured, logical, adventurous, investigative, and ultimately so very fun! ;p ;) xX
> The first and second half of the framebuffer are identical, so we can cut it in half to get our screen contents. I don't know why this happens, but we can easily make our display driver duplicate pixels to both halves of the framebuffer.

Double buffering?