It is yet again time for Staff Spotlight!
This time I got to have a chat with Alcaro about ASM, munchers, more munchers and a bit of ZSNES. Alcaro is a great asset to the staff team and has stuck on the team since 2009. He's also very often seen posting in the SMW hacking help forums, helping other users out with there problems. Congrats to him!
Anyway, enough of me. Here's the interview:
This time I got to have a chat with Alcaro about ASM, munchers, more munchers and a bit of ZSNES. Alcaro is a great asset to the staff team and has stuck on the team since 2009. He's also very often seen posting in the SMW hacking help forums, helping other users out with there problems. Congrats to him!
Anyway, enough of me. Here's the interview:
Tahixham Hi, Alcaro. How's it going?
Alcaro Define 'it'.
Tahixham Beep.
Tahixham Anyway, let's start off with the simple question of how did you get into SMW hacking, specifically ASM?
Alcaro Classmate introduced me to SMW and SMWC around nine years ago. Not sure how I found ASM, probably through smwc's block section.
Alcaro Though I wrote only machine code for the first couple of years... you can thank Raibys for getting rid of that weird habit. (Though it is sometimes useful to be able to read machine code.)
Tahixham That's a pretty long time ago, what's made you stick at it for so long?
Alcaro To be honest, I'm not really sure. Nowhere else to go, I guess. And most of you guys are nice.
Tahixham So, this C3 you came across potentially dangerous exploits in ZSNES. How did you even come across them?
Alcaro User levelengine found that one of the VLDC hacks crash when run in ZSNES. I've always been quite security minded, and know that crashes can be exploitable, so I threw it into a debugger and ripped it apart.
Alcaro I have long known that there are ROMs that crash ZSNES, and I have repeatedly asked for them whenever they're mentioned, but this is the first one I was able to get my hands on.
Alcaro The second vulnerability was found by p4plus2 doing a review of a nearby region. He found a suspicious part in the source code, which we then confirmed exploitable.
Alcaro A third one was found while trying to exploit the first one - I executed some 'weird' code and got an unexpected crash. I instantly jumped onto that and dug it apart.
Alcaro The fourth and (currently) final vulnerability was found via source analysis again; I got a report of a crash in the SPC700 module, and found a seemingly exploitable bug. (The crash turned out to be something different: mov x,#$F0; or (x),(y), not exploitable. The exploit is another bug.)
Tahixham How do you go about "digging it apart" then?
Alcaro There are plenty of tools for that; I've got plenty of debuggers (OllyDbg, gdb), disassemblers (objconv, udis86) and assemblers (Asar, nasm) in my arsenal, and some modified versions of ZSNES. But even with those tools, it's still far from easy.
Tahixham So, obviously you enjoy all this technical stuff?
Alcaro Yes. I've tried a bit of level design, but I very quickly get bored due to lack of ideas. The ideas/effort ratio is vastly different in programming/etc, so that fits me far better.
Alcaro The main part is that programming has far better defined endpoints than level design - 'is this subroutine faster' can be objectively answered, 'should this Koopa be moved down one tile' can not.
Tahixham Have you ever managed to make a hack then, or are you more focused on the coding side?
Alcaro Depends. Does the one where one level is autogenerated and the other was made by my brothers count?
Tahixham I guess, haha.
Tahixham So, you became staff back at some point in 2009, right?
Alcaro SNN sent me a PM about it 2009-04-20 23:57:18, yes. Took me quite a while to fall asleep that night...
Tahixham Hehe, you must enjoy it then if you have remained on the staff team for such a long time?
Alcaro The admins seem to want me here, and I don't see any reason to protest,
Tahixham Fair enough.
Tahixham Now, there's this slightly older project of yours I wanted to ask you about but I can't remember the name of it.
Tahixham The one where you can make larger levels in SMW - bigger than what LM allows.
Alcaro That'd be NGHE. Did I mention that I made it because it seemed like the easiest way to create some random boss from one of my cancelled hacks? I didn't want to care about screens and the extra complexity they add to tile calculations.
Alcaro Pretty sure it's the wrong choice, especially considering the boss never actually ended up interacting with layer 1... and the entire hack got canceled...
Tahixham No, but it seems to have so much potential.
Alcaro Yes, but exploiting its full potential requires rewriting a huge number of parts of SMW. Far bigger than what I actually did rewrite.
Tahixham You've worked with FuSoYa before, correct? With projects like LMSW?
Alcaro Sounds familiar. The first few versions of LMSW were based on byuu's Header Magic and didn't require modifying LM, but I tossed him a PM or two and we got it merged.
Tahixham Because of that then, have you not considered working with FuSoYa again to implement NGHE into Lunar Magic?
Alcaro Not really. I released NGHE about at the point I stopped caring about it, and told everyone else to contact FuSoYa instead. (They didn't.)
Tahixham I see.
Tahixham Anyway, final question: why do you like munchers so much?
Alcaro Because
Alcaro Mostly some kind of anarchist reaction to how they kept appearing in the hack removal log many years ago. One of my canceled hacks had a Muncher protagonist, whose goal was to learn to float and defeat the evil Hakh-Mod. Maybe I should resurrect that one...
Alcaro These days, Munchers are rare in the removal logs, but they are pretty nice to work with. Except all those idiots who keep throwing those gray switches around.
Tahixham I see. Anything else you want to talk about?
Alcaro
Tahixham Alright then, thanks very much, Alcaro!
See you on the 1st of August!Alcaro Define 'it'.
Tahixham Beep.
Tahixham Anyway, let's start off with the simple question of how did you get into SMW hacking, specifically ASM?
Alcaro Classmate introduced me to SMW and SMWC around nine years ago. Not sure how I found ASM, probably through smwc's block section.
Alcaro Though I wrote only machine code for the first couple of years... you can thank Raibys for getting rid of that weird habit. (Though it is sometimes useful to be able to read machine code.)
Tahixham That's a pretty long time ago, what's made you stick at it for so long?
Alcaro To be honest, I'm not really sure. Nowhere else to go, I guess. And most of you guys are nice.
Tahixham So, this C3 you came across potentially dangerous exploits in ZSNES. How did you even come across them?
Alcaro User levelengine found that one of the VLDC hacks crash when run in ZSNES. I've always been quite security minded, and know that crashes can be exploitable, so I threw it into a debugger and ripped it apart.
Alcaro I have long known that there are ROMs that crash ZSNES, and I have repeatedly asked for them whenever they're mentioned, but this is the first one I was able to get my hands on.
Alcaro The second vulnerability was found by p4plus2 doing a review of a nearby region. He found a suspicious part in the source code, which we then confirmed exploitable.
Alcaro A third one was found while trying to exploit the first one - I executed some 'weird' code and got an unexpected crash. I instantly jumped onto that and dug it apart.
Alcaro The fourth and (currently) final vulnerability was found via source analysis again; I got a report of a crash in the SPC700 module, and found a seemingly exploitable bug. (The crash turned out to be something different: mov x,#$F0; or (x),(y), not exploitable. The exploit is another bug.)
Tahixham How do you go about "digging it apart" then?
Alcaro There are plenty of tools for that; I've got plenty of debuggers (OllyDbg, gdb), disassemblers (objconv, udis86) and assemblers (Asar, nasm) in my arsenal, and some modified versions of ZSNES. But even with those tools, it's still far from easy.
Tahixham So, obviously you enjoy all this technical stuff?
Alcaro Yes. I've tried a bit of level design, but I very quickly get bored due to lack of ideas. The ideas/effort ratio is vastly different in programming/etc, so that fits me far better.
Alcaro The main part is that programming has far better defined endpoints than level design - 'is this subroutine faster' can be objectively answered, 'should this Koopa be moved down one tile' can not.
Tahixham Have you ever managed to make a hack then, or are you more focused on the coding side?
Alcaro Depends. Does the one where one level is autogenerated and the other was made by my brothers count?
Tahixham I guess, haha.
Tahixham So, you became staff back at some point in 2009, right?
Alcaro SNN sent me a PM about it 2009-04-20 23:57:18, yes. Took me quite a while to fall asleep that night...
Tahixham Hehe, you must enjoy it then if you have remained on the staff team for such a long time?
Alcaro The admins seem to want me here, and I don't see any reason to protest,
Tahixham Fair enough.
Tahixham Now, there's this slightly older project of yours I wanted to ask you about but I can't remember the name of it.
Tahixham The one where you can make larger levels in SMW - bigger than what LM allows.
Alcaro That'd be NGHE. Did I mention that I made it because it seemed like the easiest way to create some random boss from one of my cancelled hacks? I didn't want to care about screens and the extra complexity they add to tile calculations.
Alcaro Pretty sure it's the wrong choice, especially considering the boss never actually ended up interacting with layer 1... and the entire hack got canceled...
Tahixham No, but it seems to have so much potential.
Alcaro Yes, but exploiting its full potential requires rewriting a huge number of parts of SMW. Far bigger than what I actually did rewrite.
Tahixham You've worked with FuSoYa before, correct? With projects like LMSW?
Alcaro Sounds familiar. The first few versions of LMSW were based on byuu's Header Magic and didn't require modifying LM, but I tossed him a PM or two and we got it merged.
Tahixham Because of that then, have you not considered working with FuSoYa again to implement NGHE into Lunar Magic?
Alcaro Not really. I released NGHE about at the point I stopped caring about it, and told everyone else to contact FuSoYa instead. (They didn't.)
Tahixham I see.
Tahixham Anyway, final question: why do you like munchers so much?
Alcaro Because
Alcaro Mostly some kind of anarchist reaction to how they kept appearing in the hack removal log many years ago. One of my canceled hacks had a Muncher protagonist, whose goal was to learn to float and defeat the evil Hakh-Mod. Maybe I should resurrect that one...
Alcaro These days, Munchers are rare in the removal logs, but they are pretty nice to work with. Except all those idiots who keep throwing those gray switches around.
Tahixham I see. Anything else you want to talk about?
Alcaro
Tahixham Alright then, thanks very much, Alcaro!