Author Topic: OFFBY1  (Read 12847 times)

0 Members and 1 Guest are viewing this topic.

Offline ACagliano

  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 919
  • Rating: +32/-2
    • View Profile
    • ClrHome Productions
OFFBY1
« on: August 05, 2010, 06:58:45 am »
I'm sure all of you are familiar with the OFFBY1 virus, the prank program that makes the answer to any math problem you enter be one off. I am wondering if there is a way, in assembly, to install a hook that intercepts any math problem, and offsets the answer by 1.

_player1537

  • Guest
Re: OFFBY1
« Reply #1 on: August 05, 2010, 08:11:49 am »
Yes, I have some code lying around that did this, if you'd like to see it.  My code most certainly will not be the generally accepted method for this... but meh.

Edit: Huzzah!  I found it :D  Like I said, my code is kinda wierd... in that it creates a ram hook as opposed to creating an app, and using that for the hook.  Anyways, here it is.  (Feel free to steal my ram hook code :D)
Code: [Select]
#include "ti83plus.inc"
appBackUpScreen     equ 9872h
appbackupscreen     equ 9872h
seed1           equ 9640h
OP1         equ 8478h
OP3         equ 848Eh


.org $9D95
;.db $BB,$6D   ;this will be uncommented (the .db part, not this text) if you are not using asm8x






    LD HL, myhook
    LD DE,appBackUpScreen
    LD BC, myhookend-myhook
    ldir
    LD HL, appbackupscreen
    in A, (6)
    bcall 4FABh    ;Homescreen hook enable
    bcall _Random
    LD HL, seed1+2
    LD DE, LFSRSeed
    LD BC, 8
    ldir
   
    ret
   
myhook:
    .db 83h             ; Required for all hooks
    OR A
    JR NZ, End
    LD HL, OP1
    LD DE, OP3
    LD BC, 11
    ldir
    call RandLFSR-myhook+appbackupscreen
    CP 171
    JR C, GreaterThan
LessThan:

    call OP3toOP1r-myhook+appbackupscreen

    bcall _Plus1
    bcall _StoAns
    CP A
    ret
Middle:

    call OP3toOP1r-myhook+appbackupscreen
   
    CP A
    ret
GreaterThan:
    CP 86
    JR C, Middle
   
    call OP3toOP1r-myhook+appbackupscreen
   

    bcall _Minus1
    bcall _StoAns
    CP A
    ret
End:
    cp A
    ret
   
   
OP3toOP1r:
    LD HL, OP3
    LD DE, OP1
    LD BC, 11
    ldir
    ret
   
;------LFSR------
;James Montelongo
;optimized by Spencer Putt
;out:
; a = 8 bit random number
RandLFSR:
        ld hl,LFSRSeed+4
        ld e,(hl)
        inc hl
        ld d,(hl)
        inc hl
        ld c,(hl)
        inc hl
        ld a,(hl)
        ld b,a
        rl e \ rl d
        rl c \ rla
        rl e \ rl d
        rl c \ rla
        rl e \ rl d
        rl c \ rla
        ld h,a
        rl e \ rl d
        rl c \ rla
        xor b
        rl e \ rl d
        xor h
        xor c
        xor d
        ld hl,LFSRSeed+6
        ld de,LFSRSeed+7
        ld bc,7
        lddr
        ld (de),a
        ret
LFSRSeed:
    .DB 0,0,0,0,0,0,0,0   
myhookend:
« Last Edit: August 05, 2010, 08:20:36 am by _player1537 »

Offline thepenguin77

  • z80 Assembly Master
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1594
  • Rating: +823/-5
  • The game in my avatar is bit.ly/p0zPWu
    • View Profile
Re: OFFBY1
« Reply #2 on: August 05, 2010, 09:55:19 am »
I had one laying around too, optimized it a little though.

Code: [Select]
hook:
add a, e
or a
jr nz, quitZ

bcall(_Op2Set1) ;op 2 = 1

ld a, r
and %00000001
rrca
ld (op1), a ;neg or positive
bcall(_FPAdd)
quitZ:
cp a
ret
hookEnd:

And to make it epic, store it at smallEditRam, its a 108 byte area that no one ever uses. That way, it won't get destroyed.
zStart v1.3.013 9-20-2013 
All of my utilities
TI-Connect Help
You can build a statue out of either 1'x1' blocks or 12'x12' blocks. The 1'x1' blocks will take a lot longer, but the final product is worth it.
       -Runer112

Offline ACagliano

  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 919
  • Rating: +32/-2
    • View Profile
    • ClrHome Productions
Re: OFFBY1
« Reply #3 on: August 05, 2010, 12:06:49 pm »
I had one laying around too, optimized it a little though.

Code: [Select]
hook:
add a, e
or a
jr nz, quitZ

bcall(_Op2Set1) ;op 2 = 1

ld a, r
and %00000001
rrca
ld (op1), a ;neg or positive
bcall(_FPAdd)
quitZ:
cp a
ret
hookEnd:

And to make it epic, store it at smallEditRam, its a 108 byte area that no one ever uses. That way, it won't get destroyed.

Do you think that you could set it to store there and upload the .8xp for it? Or the hex. I use mac and I don't have any working assemblers.

Offline thepenguin77

  • z80 Assembly Master
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1594
  • Rating: +823/-5
  • The game in my avatar is bit.ly/p0zPWu
    • View Profile
Re: OFFBY1
« Reply #4 on: August 05, 2010, 01:50:50 pm »
I had to change ld (op1), a to ld (op2), a. I accidentally made the whole answer negative.
zStart v1.3.013 9-20-2013 
All of my utilities
TI-Connect Help
You can build a statue out of either 1'x1' blocks or 12'x12' blocks. The 1'x1' blocks will take a lot longer, but the final product is worth it.
       -Runer112

Offline ztrumpet

  • The Rarely Active One
  • CoT Emeritus
  • LV13 Extreme Addict (Next: 9001)
  • *
  • Posts: 5712
  • Rating: +364/-4
  • If you see this, send me a PM. Just for fun.
    • View Profile
Re: OFFBY1
« Reply #5 on: August 05, 2010, 01:53:37 pm »
That works wonderfully.  However, is there any way to turn it off? ;D

Offline nemo

  • LV9 Veteran (Next: 1337)
  • *********
  • Posts: 1203
  • Rating: +95/-11
    • View Profile
Re: OFFBY1
« Reply #6 on: August 05, 2010, 01:56:23 pm »
RAM clear, i assume


Offline calc84maniac

  • eZ80 Guru
  • Coder Of Tomorrow
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2912
  • Rating: +471/-17
    • View Profile
    • TI-Boy CE
Re: OFFBY1
« Reply #7 on: August 05, 2010, 02:03:47 pm »
You could also use calcsys (or axe) to set the byte at smallEditRam to 0.
"Most people ask, 'What does a thing do?' Hackers ask, 'What can I make it do?'" - Pablos Holman

Offline thepenguin77

  • z80 Assembly Master
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1594
  • Rating: +823/-5
  • The game in my avatar is bit.ly/p0zPWu
    • View Profile
Re: OFFBY1
« Reply #8 on: August 05, 2010, 02:09:36 pm »
My personal favorite is to bring up the press to test menu and cancel. Just brining it up kills all hooks.
zStart v1.3.013 9-20-2013 
All of my utilities
TI-Connect Help
You can build a statue out of either 1'x1' blocks or 12'x12' blocks. The 1'x1' blocks will take a lot longer, but the final product is worth it.
       -Runer112

Offline ztrumpet

  • The Rarely Active One
  • CoT Emeritus
  • LV13 Extreme Addict (Next: 9001)
  • *
  • Posts: 5712
  • Rating: +364/-4
  • If you see this, send me a PM. Just for fun.
    • View Profile
Re: OFFBY1
« Reply #9 on: August 05, 2010, 02:19:20 pm »
That's crazy.  Why does it do that if you just bring up the menu? ;D

Offline thepenguin77

  • z80 Assembly Master
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1594
  • Rating: +823/-5
  • The game in my avatar is bit.ly/p0zPWu
    • View Profile
Re: OFFBY1
« Reply #10 on: August 05, 2010, 03:22:03 pm »
I have no idea. But it's really helpful when people bring me their calcs at school that have "Viruses." Basically some font hook gone crazy, sometimes on purpose.

PTT does have one fatal flaw though, it kills all hooks, but not OFFSCRPT. Which means make an OFFSCRPT that disables it, all you have to do is off/on and you're good to go.
zStart v1.3.013 9-20-2013 
All of my utilities
TI-Connect Help
You can build a statue out of either 1'x1' blocks or 12'x12' blocks. The 1'x1' blocks will take a lot longer, but the final product is worth it.
       -Runer112

Offline ztrumpet

  • The Rarely Active One
  • CoT Emeritus
  • LV13 Extreme Addict (Next: 9001)
  • *
  • Posts: 5712
  • Rating: +364/-4
  • If you see this, send me a PM. Just for fun.
    • View Profile
Re: OFFBY1
« Reply #11 on: August 05, 2010, 03:39:31 pm »
I have no idea. But it's really helpful when people bring me their calcs at school that have "Viruses." Basically some font hook gone crazy, sometimes on purpose.

PTT does have one fatal flaw though, it kills all hooks, but not OFFSCRPT. Which means make an OFFSCRPT that disables it, all you have to do is off/on and you're good to go.
Ah, ok.  Sorry to be so offtopic, but how do you get to the PPT menu again?  Thanks. ;D

Offline thepenguin77

  • z80 Assembly Master
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1594
  • Rating: +823/-5
  • The game in my avatar is bit.ly/p0zPWu
    • View Profile
Re: OFFBY1
« Reply #12 on: August 05, 2010, 03:54:04 pm »
Left Right On.

Or 2 5 On, and 2 8 On
zStart v1.3.013 9-20-2013 
All of my utilities
TI-Connect Help
You can build a statue out of either 1'x1' blocks or 12'x12' blocks. The 1'x1' blocks will take a lot longer, but the final product is worth it.
       -Runer112

Offline ACagliano

  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 919
  • Rating: +32/-2
    • View Profile
    • ClrHome Productions
Re: OFFBY1
« Reply #13 on: August 05, 2010, 05:59:53 pm »
Thanks for that. Can't wait to test.

Offline ACagliano

  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 919
  • Rating: +32/-2
    • View Profile
    • ClrHome Productions
Re: OFFBY1
« Reply #14 on: August 08, 2010, 03:23:20 pm »
Hey. I have an idea that make make it more inconspicuous. How about have it sometimes output the right answer, sometimes the off-by-1 one, randomly.