RSS Feed
  0 users browsing Hacking. | 1 guest  
Main » Hacking » Embedding roms in images
Pages: 1
Posted on 11-03-18, 02:07 pm
Post: #1 of 2
Since: 11-03-18

Last post: 10 days
Last view: 3 days
Recently I had the idea of embedding roms in images. Extra data can be embedded in an image in variety of ways, but I wanted to create a file that could be loaded by an image viewer/web browser or in an emulator without any modifications. After a bit of playing around, I found that the PNG format and SNES roms are a good match for this purpose.

Here's a proof of concept that can be opened in bsnes/snes9x/zsnes:



(Rom source: https://github.com/gyuque/snes-m7)

The saving grace for SNES roms is copier headers. To detect and remove them, emulators will generally check if the the file size modulo 0x8000 equals 0x200. Therefore, the trick is to insert padding in the image file so that the embedded rom starts at offset 0x200. This can then be followed by some more padding (to get the file size just right) and finally the pixel data payload.

Most image formats break data into chunks, which is convenient for manipulation, but chunk size limits can be a problem. They constrain the amount of data that can be embedded verbatim, and we want to embed an entire unmodified rom. GIF, being a format originally designed in 1987, limits chunk sizes to 8 bits, which is far too restrictive. JFIF (the JPEG container format) has 16 bit chunks, which is better but still very restrictive. PNG uses 32 bits, which is way more than enough.

The file layout ends up looking like this:
- PNG file signature
- padding chunk
- rom chunk
- padding chunk
- original image payload (IHDR, IDAT, IEND chunks)
Posted on 11-03-18, 08:35 pm
Full mod

Post: #17 of 38
Since: 10-30-18

Last post: 16 hours
Last view: 9 hours
That's pretty cool! Although I imagine it's still a bit restrictive, since SNES emulators tend to change their behaviour based on the total file-size.

Of course, if SNES ROMs were themselves a container format, including board metadata, emulators wouldn't need to autodetect the size and you could embed them in whatever you like... but if SNES ROMs were a container format, adding extra blobs like that wouldn't be a challenge.

A slightly more useful hack might be embedding a SNES ROM in a PDF: now you can't lose the manual for your game!

The ending of the words is ALMSIVI.
Posted on 11-03-18, 08:49 pm
Secretly, I'm Thor Balle Mühlensteth

Post: #31 of 75
Since: 10-29-18

Last post: 13 hours
Last view: 4 min.
User is online
Me, I'm reminded of the complete works of Shakespeare hidden in a JPG file, and that one SNES demo that's also a valid MS-DOS executable.
Posted on 11-03-18, 08:49 pm

Post: #14 of 30
Since: 10-30-18

Last post: 21 hours
Last view: 1 hour
Wasn't there a SNES ROM that was also a valid DOS executable?

Licensed Pirate® since 2006, 100% Buttcoin™-free
Posted on 11-03-18, 08:53 pm

Post: #4 of 14
Since: 10-29-18

Last post: 21 hours
Last view: 22 min.
User is online
You can probably do a whole lot more with manifests.

My setup: Super Famicom ("2/1/3" SNS-CPU-GPM-02) → Multi Out to SCART cable → EuroSCART to Mini cable → Framemeister (with Firebrandx' profiles) → AVerMedia Live Gamer Extreme capture unit → RECentral 4 viewing/recording software
Posted on 11-03-18, 08:56 pm
Large and In Charge

Post: #32 of 75
Since: 10-29-18

Last post: 13 hours
Last view: 4 min.
User is online
Found it: ../DUAL.zip
Posted on 11-03-18, 11:03 pm
Post: #2 of 6
Since: 10-29-18

Last post: 3 days
Last view: 46 min.
User is online
Concatenating eBooks to the end of image files of their covers was a common way to share books on certain imageboards for a while before file locker sites took over.

This would have been a great way to share ROMs, too :)
Posted on 11-03-18, 11:23 pm
Post: #7 of 13
Since: 10-29-18

Last post: 2 days
Last view: 2 days
Just tested it. Works fine with the latest libretro SNES cores. Pretty cool mode 7 demo.
Posted on 11-03-18, 11:29 pm
Post: #2 of 2
Since: 11-03-18

Last post: 10 days
Last view: 3 days
Posted by Screwtape
That's pretty cool! Although I imagine it's still a bit restrictive, since SNES emulators tend to change their behaviour based on the total file-size.

Yeah, you can sneak past the modulo N heuristics with padding, but other heuristics are messed up if the total file size is pushed beyond a certain threshold by the additional data.
Posted by Kawa
Me, I'm reminded of the complete works of Shakespeare hidden in a JPG file, and that one SNES demo that's also a valid MS-DOS executable.

Posted by tomman
Wasn't there a SNES ROM that was also a valid DOS executable?

That Shakespeare JPEG is neat! Windows explorer didn't like it, but 7-zip opened it just fine. It looks like the JFIF chunk size limit was worked around by breaking the data into smaller individual files within the zip. Also, apparently ZIP files don't have to immediately start with a file signature, which is pretty unusual and the only reason this trick was possible in the first place.

The dual DOS/SNES program is also a cool idea, but unfortunately it just hangs DOSBox for me. It did however inspire me to make a Win32 executable based on the same principle. It just prints "hello, world" under Windows though - nothing as fancy as having the same behavior as the embedded rom. I wasn't feeling that inspired.
Posted on 11-03-18, 11:40 pm
None of this makes any sense.

Post: #33 of 75
Since: 10-29-18

Last post: 13 hours
Last view: 4 min.
User is online
Posted by invertigo
Also, apparently ZIP files don't have to immediately start with a file signature, which is pretty unusual and the only reason this trick was possible in the first place.

Self-extracting zips anyone? Program in the front, party archive in the back, and you can open them like the program isn't there.
Posted on 11-04-18, 01:01 am (revision 1)
Full mod

Post: #18 of 38
Since: 10-30-18

Last post: 16 hours
Last view: 9 hours
Yeah, ZIP and PDF files are the most common file-formats that you read from the end instead of the beginning, and for the same reason: to allow modifications to be efficiently appended to a document without having to rewrite the whole structure. Persistent data structures, but on disk instead of in memory.

EDIT: You may also enjoy reading the journal PoC||GTFO; for example, issue 0x02 is a PDF, ZIP file and bootable disk image for QEMU. The most recent edition is a PDF, ZIP and HTML file, but it exists in two variants with different MD5 hashes, but the same SHA1 hash.

The ending of the words is ALMSIVI.
Pages: 1
Main » Hacking » Embedding roms in images