0 users browsing Hacking. | 1 bot  
    Main » Hacking » Embedding roms in images
    Pages: 1
    Posted on 18-11-03, 14:07
    Post: #1 of 2
    Since: 11-03-18

    Last post: 1971 days
    Last view: 1964 days
    Recently I had the idea of embedding roms in images. Extra data can be embedded in an image in variety of ways, but I wanted to create a file that could be loaded by an image viewer/web browser or in an emulator without any modifications. After a bit of playing around, I found that the PNG format and SNES roms are a good match for this purpose.

    Here's a proof of concept that can be opened in bsnes/snes9x/zsnes:



    (Rom source: https://github.com/gyuque/snes-m7)

    The saving grace for SNES roms is copier headers. To detect and remove them, emulators will generally check if the the file size modulo 0x8000 equals 0x200. Therefore, the trick is to insert padding in the image file so that the embedded rom starts at offset 0x200. This can then be followed by some more padding (to get the file size just right) and finally the pixel data payload.

    Most image formats break data into chunks, which is convenient for manipulation, but chunk size limits can be a problem. They constrain the amount of data that can be embedded verbatim, and we want to embed an entire unmodified rom. GIF, being a format originally designed in 1987, limits chunk sizes to 8 bits, which is far too restrictive. JFIF (the JPEG container format) has 16 bit chunks, which is better but still very restrictive. PNG uses 32 bits, which is way more than enough.

    The file layout ends up looking like this:
    - PNG file signature
    - padding chunk
    - rom chunk
    - padding chunk
    - original image payload (IHDR, IDAT, IEND chunks)
    Posted on 18-11-03, 20:35
    Full mod

    Post: #17 of 443
    Since: 10-30-18

    Last post: 863 days
    Last view: 60 days
    That's pretty cool! Although I imagine it's still a bit restrictive, since SNES emulators tend to change their behaviour based on the total file-size.

    Of course, if SNES ROMs were themselves a container format, including board metadata, emulators wouldn't need to autodetect the size and you could embed them in whatever you like... but if SNES ROMs were a container format, adding extra blobs like that wouldn't be a challenge.

    A slightly more useful hack might be embedding a SNES ROM in a PDF: now you can't lose the manual for your game!

    The ending of the words is ALMSIVI.
    Posted on 18-11-03, 20:49
    Wonderbolt

    Post: #31 of 598
    Since: 10-29-18

    Last post: 86 days
    Last view: 9 hours
    Me, I'm reminded of the complete works of Shakespeare hidden in a JPG file, and that one SNES demo that's also a valid MS-DOS executable.
    Posted on 18-11-03, 20:49
    Dinosaur

    Post: #14 of 1282
    Since: 10-30-18

    Last post: 4 days
    Last view: 22 hours
    Wasn't there a SNES ROM that was also a valid DOS executable?

    Licensed Pirate® since 2006, 100% Buttcoin™-free, enemy of All Things JavaScript™
    Posted on 18-11-03, 20:53

    Post: #4 of 449
    Since: 10-29-18

    Last post: 9 days
    Last view: 13 hours
    You can probably do a whole lot more with manifests.

    My current setup: Super Famicom ("2/1/3" SNS-CPU-1CHIP-02) → SCART → OSSC → StarTech USB3HDCAP → AmaRecTV 3.10
    Posted on 18-11-03, 20:56
    Better than Blackhole

    Post: #32 of 598
    Since: 10-29-18

    Last post: 86 days
    Last view: 9 hours
    Found it: ../DUAL.zip
    Posted on 18-11-03, 23:03
    Post: #2 of 60
    Since: 10-29-18

    Last post: 1404 days
    Last view: 1325 days
    Concatenating eBooks to the end of image files of their covers was a common way to share books on certain imageboards for a while before file locker sites took over.

    This would have been a great way to share ROMs, too :)
    Posted on 18-11-03, 23:23

    Post: #7 of 166
    Since: 10-29-18

    Last post: 1323 days
    Last view: 1000 days
    Just tested it. Works fine with the latest libretro SNES cores. Pretty cool mode 7 demo.
    Posted on 18-11-03, 23:29
    Post: #2 of 2
    Since: 11-03-18

    Last post: 1971 days
    Last view: 1964 days
    Posted by Screwtape
    That's pretty cool! Although I imagine it's still a bit restrictive, since SNES emulators tend to change their behaviour based on the total file-size.
    Yeah, you can sneak past the modulo N heuristics with padding, but other heuristics are messed up if the total file size is pushed beyond a certain threshold by the additional data.
    Posted by Kawa
    Me, I'm reminded of the complete works of Shakespeare hidden in a JPG file, and that one SNES demo that's also a valid MS-DOS executable.
    Posted by tomman
    Wasn't there a SNES ROM that was also a valid DOS executable?
    That Shakespeare JPEG is neat! Windows explorer didn't like it, but 7-zip opened it just fine. It looks like the JFIF chunk size limit was worked around by breaking the data into smaller individual files within the zip. Also, apparently ZIP files don't have to immediately start with a file signature, which is pretty unusual and the only reason this trick was possible in the first place.

    The dual DOS/SNES program is also a cool idea, but unfortunately it just hangs DOSBox for me. It did however inspire me to make a Win32 executable based on the same principle. It just prints "hello, world" under Windows though - nothing as fancy as having the same behavior as the embedded rom. I wasn't feeling that inspired.
    Posted on 18-11-03, 23:40
    Secretly, I'm Charles Darwin

    Post: #33 of 598
    Since: 10-29-18

    Last post: 86 days
    Last view: 9 hours
    Posted by invertigo
    Also, apparently ZIP files don't have to immediately start with a file signature, which is pretty unusual and the only reason this trick was possible in the first place.
    Self-extracting zips anyone? Program in the front, party archive in the back, and you can open them like the program isn't there.
    Posted on 18-11-04, 01:01 (revision 1)
    Full mod

    Post: #18 of 443
    Since: 10-30-18

    Last post: 863 days
    Last view: 60 days
    Yeah, ZIP and PDF files are the most common file-formats that you read from the end instead of the beginning, and for the same reason: to allow modifications to be efficiently appended to a document without having to rewrite the whole structure. Persistent data structures, but on disk instead of in memory.

    EDIT: You may also enjoy reading the journal PoC||GTFO; for example, issue 0x02 is a PDF, ZIP file and bootable disk image for QEMU. The most recent edition is a PDF, ZIP and HTML file, but it exists in two variants with different MD5 hashes, but the same SHA1 hash.

    The ending of the words is ALMSIVI.
    Posted on 18-12-13, 17:08
    Banned
    Post: #14 of 28
    Since: 12-10-18

    Last post: 1171 days
    Last view: 1171 days
    That's pretty neat! ;)

    and yes, something having the manual and ROM in the same file (the PDF idea) is like having the original box :P

    I wish I wasn't such a dumbass compared to everyone here lol
    Pages: 1
      Main » Hacking » Embedding roms in images
      This does not actually go there and I regret nothing.