http://www.visual6502.org/images/pages/Motorola_68000.html
by Javantea Oct 2-Nov 8, 2017 Batman's Kitchen Meeting Nov 8, 2017 Paper: https://www.altsci.com/old_non-x86/ Slides || Talk video Software: old_non-x86-0.6.tar.xz [sig]
Qemu supports
aarch64 alpha arm cris i386 lm32 m68k microblaze microblazeel mips mips64 mips64el mipsel moxie nios2 or1k ppc ppc64 ppcemb s390x sh4 sh4eb sparc sparc64 tricore unicore32 x86_64 xtensa xtensaeb
MAME supports many old architectures!
CTF Challenges use your bias against you!*
Computers are an easy excuse to not socialize, don't use it!
Outline
If you want a real game or a console, I recommend Pink Gorilla in the U-district or in the Intl-district. They have knowledgeable staff and excellent selection and prices.
Please download these tools and my paper in case you're playing a CTF and need to hack a ROM.
Systems that feature 6502 architecture:
6502 | +------+--------+--+--+-------+-------+ | | | | | | 6510 deco16 6504 6509 n2a03 65c02 | | +-----+-----+ r65c02 | | | | 6510t 7501 8502 +---+---+ | | 65ce02 65sc02 | 4510https://wiki.nesdev.com/w/index.php/CPU_memory_map
CC65 is a C compiler and assembler targets multiple systems that use 6502 architecture. What is a C compiler? A simple C compiler needs to take any valid C program:
int main() { int i; char buf[10]; for(i = 0; i < 10; ++i) { buf[i] = i; } return 0; }
and turn it into a valid assembly program for a certain architecture.
libc!
int i;
So that's step 1: Write a program.*
* Use volatile and learn what it does. Trust me.
What would happen when you decide to turn off libc?
Mednafen has a debugger and is nice.
MAME has a featureful debugger with file output and a scripting language (Lua).
MAME's scripting language made significant improvements in a recent version in regards to automated debugging.
Both Mednafen and MAME give you step 2 and 3.
Radare2 supports a large set of non-x86 architectures. But Radare2 has bugs. It can help you reverse a lot, but only if it works. There are bugs in many old versions.
r2 -e asm.arch=6502 file.nes r2 -e asm=m68k file.md r2 -e asm.arch=8051 ihex://harvard1.ihx r2 -e asm=z80 file.bin aaa pdf # write disassembly to a file pd >harvard1.dis # Visual mode V p # Graph mode V # If it complains, define a function df # go to the top of anything g # go to the bottom of anything G # It's trying to be vim D=
Examples of 6502 in CTF:
Pwn Adventure Z from CSAW
Compromising a Linux desktop using... 6502 processor opcodes on the NES?!
Hacking Time from CSAW CTF 2015 [.kr]
Juniors CTF 2016 - Joy500 Oldschool NES Rom Write Up
Systems that feature M68k architecture:
Examples of M68k in CTF:
Systems that feature 8051 architecture:
Systems that feature Z80 architecture:
Examples of Z80 in CTF:
Let's Disassemble from SECCON CTF 2014
Writing a Pacman ROM in 10 hours:
Video RAM picks tiles. (1024 bytes)
Color RAM picks two palettes per tile. (1024 bytes)
Tile ROM is a weird packing of bits. (4096 bytes == 256 tiles)
Palette ROM is a list of colors. (32 bytes)
Program ROM is your code (4096 bytes * 4 == 16kB)
Sound ROM is where you put your music and sfx (?)
ASCII tiles is inefficient, but useful.
If arcade programming excites you, but you'd like to look at real hardware, check this out:
http://arcadehacker.blogspot.com.au/2014/11/capcom-kabuki-cpu-intro.html
Gameboy is a combination of Z80 and 8080, so it's a bit special. SDCC supports Gameboy, but I decided to skip this architecture for now.
Examples of Gameboy in CTF:
gameboy from Plaid CTF 2017
At Gunpoint from hack.lu 2014
Systems that feature 6809 architecture:
So you want to implement a new architecture in MAME?
Examples of Robotron in CTF:
Church of Robotron at Toorcamp! http://churchofrobotron.com/
Computers are able to do things you didn't expect. https://exploitee.rs/
Is 8086 an x86 architecture? Technically, yes. But it's antiquated and pre-32-bit x86!
Check out osdev.org wiki for a new insight into your computer's boot process.
Qemu Advent Calendar
Boot sector viruses,
SECT CTF 2017 PWN300 The gibson [b64]
ForbiddenBITS CTF 2013 – Old 50
dosfun4u
dosfun4u round 2
Honorable mentions:
dos attack ghost in the shellcode 2014
My paper with downloads and links
https://www.altsci.com/old_non-x86/
https://sono.us/mame
Radare2 is open source, free, and supported.
You might have missed Portland Retro Gaming Expo, but remember it for next year.
JRSFuzz is open source, free, and supported.
jvoss@altsci.com
We have the opportunity to do things that I originally thought were fantasy. This will repeat, let us be clear, more times than you will wish. Don't let that be your excuse to not write code. Find something that benefits you or someone else and take a look from the perspective of: this is possible by means of effort.
/