The term “peak hackernews” gets bandied about quite a bit lately. I’m here to bandy it a bit more. This is peak hackernews. Somebody writes up how they managed to play doom on a fucking polycom, and the reaction is to dismiss it because it isn’t immediately readable on an iphone. This kid wrote a graphics driver for a twenty year old phone, but hackernews can’t be bothered to view the site in reader mode or grab their laptop.
At least I’m assuming they wrote a graphics driver. I don’t know for sure because the article won’t load for me.
Looking at the page source doesn't reveal the content either, so count me as another possible viewer the author has managed to attract, but then promptly lost.
Funny how two people can hack two separate home phones to run DOOM without realizing it until after the fact. For perspective, I posted a blog article about modifying a CaptionCall phone to run DOOM at the same time [1] as this was posted! What a unique coincidence!
Amusingly I see this happen all the time in the information security domain. Two researchers coming out with the same results at basically the same time and they were isolated and doing the work independently. It happens in science and other areas so often. It’s an interesting phenomenon for sure. Maybe someone has named it and thought more about it. I just imagine we are all primed with roughly the same information and resources and these lovely little coincidences pop up from time to time, relatively often.
I found it amusing that this time, both the article submitter and the second person to do a similar hack are named Josh. Perhaps that's slightly less common.
Serendipity perhaps? As an aside, it's one of my favorite words. In my opinion it's a beautiful configuration of letters that's sounds lovely when saying it, and the meaning of it is equally wonderful. As a word, it makes me happy.
I mean, Newton and Leibniz figured out calculus at the same time in slightly different ways. It is common enough, but still a nice coincidence when it happens.
I enjoyed this writeup. I always love seeing the lengths dedicated hackers will go to in order to accomplish something most other people wouldn't even consider doing.
The little tricks it takes to get something working in ways nobody really considered or accounted for.
I dunno, this kind of stuff seems like wizardry to me, yet when I read things like this, it makes it seem so easy and inspires me to try tinkering with things.
Yes, I appreciate the level of detail and the explanation of the thought process as he tried to break into the system. It really gives me a feel for what it's like and makes me think, "Hey I could learn how to do that."
I'd love recommendations for similar stories, if anyone has anything to share. I can't find it now, but I read a few blog posts by a guy who was starting to get into electronics (and helped out with the Burning Man Rainbow Bridge) and those posts have me the same sense of "oh, so that's how it works."
Reading this was a ton of fun. It captured the joy and sense of discovery that comes with figuring out how to do something you really weren't meant to do.
> John Lennon wearing a Space Invaders t-shirt on Thanksgiving 1979 in Long Island. A massive hit for Taito in Japan, Midway only started distributing the game in the U.S. a year before in October 1978.
I've been looking at nostalgic videos of Amstrad CPC and Amiga 500 stuff from when I was a kid. Indeed. "Wasn't even born"... generally stuff after 1985 is what I remember. TMI for my old(ish) soul :)
The Commodore/Amiga meetings at my local mall every Sunday afternoon in the 80s are the most entertaining and instructive time I can remember from my youth. Quite literally changed my life looking back on them!
If you want to know what the state of computing was when you were born, visit the computer history museum timeline. For 1968, it was the year of the Apollo guidance computer, Kubrick’s 2001, Dijkstra’s “goto considered harmful” and “the mother of all demo’s”. Not bad.
Around 10 years ago i worked in a company that had lots of software and physical VOIP phones. One of the models of phone had a pretty nice colour screen on it. I forget the brand .. it might have been polycom.
At that time I was very much into nmap'ing everything and noticed that these devices had all sorts of interesting ports open including telnet and ftp. FTP was read only for anonymous but it was trivial to download and crack the passwd file and discover that the admin password was something like 1234. My colleagues and I only got as far as showing images on the screen to surprise people but my imagination was running wild with the surveillance possibilities (let alone doom!).
This was one of my first glimpses as how bad security on commercial embedded devices can be.
Interesting. Do you think these phones were made that way by design? I am having a real hard time believing people with capability to produce these products are unable to secure them in any meaningful way.
IME, it is sort of by design.
I have worked for a number of companies developing forms of embedded products. It often felt like nobody really felt like the product was 'complete' until we were 8 or so major releases into things. So you wind up with things like SSH, FTP, etc. either directly enabled, or easily enabled via a not-very-well-hidden method to allow the dev or support teams to get into devices that were not behaving properly in the field so that they could diagnose/fix issues.
It's only been about the last 4 years or so that companies have started to realize the risks in operating this way, and I feel that a lot of that has been brought on by the end-user/buyer organization starting to require cyber security audits and asking more questions about cyber security during the buying cycle.
Indeed. The biggest immediate risk to a newly developed product is that it won't even have any users, much less a sufficiently interested attacker. So why add initial obstacles for yourself, right? So yeah, if effort to increase security is not valued by the buyer it ain't gonna happen.
The author seems like the kind of genuinely curious hacky people we need more of. Abstractly, this is not a ground breaking accomplishment, sure, but it was a pretty nice writeup with some good notes on the methods he used to find and exploit vulnerabilities and make this work.
Reading the comment about lack of audio at the end, I'd be quite amused to see a phreaking exploit where you could dial into an office phone and have it boot up Doom, playing the audio through the headset.
They're all networked too, so you could potentially support multiplayer.
This is true hacking. Reminds me of 2600 or other 'zine writeups from back in the day: good-natured, logical, adventurous, investigative, and ultimately so very fun! ;p ;) xX
> The first and second half of the framebuffer are identical, so we can cut it in half to get our screen contents. I don't know why this happens, but we can easily make our display driver duplicate pixels to both halves of the framebuffer.
62 comments
[ 2.7 ms ] story [ 115 ms ] threadAt least I’m assuming they wrote a graphics driver. I don’t know for sure because the article won’t load for me.
And yes the irony is strong in OPs comment. May be we will see "how I browsed some random website that loads every where else but ios" in 4 years.
https://news.ycombinator.com/newsguidelines.html
Pretty print helps a bit.
If you want to read the source code you can grab it here:
https://github.com/NeilBostian/neilbostian.github.io/blob/ma...
1: https://joshumax.github.io/general/2021/08/11/running-doom-o...
"Multiple Discovery" is kind of on the nose, but it works.
Or maybe it more the cause of multiple discovery, reading the Wikipedia page: https://en.wikipedia.org/wiki/Zeitgeist
I guess as a follow-up challenge, you could try to run Android on it.
https://i.reddit.com/r/itrunsdoom
The little tricks it takes to get something working in ways nobody really considered or accounted for.
I dunno, this kind of stuff seems like wizardry to me, yet when I read things like this, it makes it seem so easy and inspires me to try tinkering with things.
I'd love recommendations for similar stories, if anyone has anything to share. I can't find it now, but I read a few blog posts by a guy who was starting to get into electronics (and helped out with the Burning Man Rainbow Bridge) and those posts have me the same sense of "oh, so that's how it works."
“please forgive me, this game came out before I was born”.
Wow, the only games I can think of that apply to me and maybe some of you are what, Pong and Space Invaders?
Thanks for making us feel old !
https://pbs.twimg.com/media/E5OnttaUUAAacMB?format=jpg
https://www.computerhistory.org/timeline/1968/
At that time I was very much into nmap'ing everything and noticed that these devices had all sorts of interesting ports open including telnet and ftp. FTP was read only for anonymous but it was trivial to download and crack the passwd file and discover that the admin password was something like 1234. My colleagues and I only got as far as showing images on the screen to surprise people but my imagination was running wild with the surveillance possibilities (let alone doom!).
This was one of my first glimpses as how bad security on commercial embedded devices can be.
Maybe I'm just too cinycal
It's only been about the last 4 years or so that companies have started to realize the risks in operating this way, and I feel that a lot of that has been brought on by the end-user/buyer organization starting to require cyber security audits and asking more questions about cyber security during the buying cycle.
exec('bash path/to/supposedly/unexecutable/script.sh')
The author seems like the kind of genuinely curious hacky people we need more of. Abstractly, this is not a ground breaking accomplishment, sure, but it was a pretty nice writeup with some good notes on the methods he used to find and exploit vulnerabilities and make this work.
They're all networked too, so you could potentially support multiplayer.
Double buffering?
I think there should be a github repo or a wikipedia page, to add those as they come :)