你见过或做过的最酷的黑客是什么?

时间:2022-09-20 19:36:33

As programmers, we've all put together a really cool program or pieced together some hardware in an interesting way to solve a problem. Today I was thinking about those hacks and how some of them are deprecated by modern technology (for example, you no longer need to hack your Tivo to add a network port). In the software world, we take things like drag-and-drop on a web page for granted now, but not too long ago that was a pretty exciting hack as well.

作为程序员,我们都将一个非常酷的程序组合在一起,或者以一种有趣的方式将一些硬件拼凑在一起来解决问题。今天我在考虑那些黑客以及它们中的一些是如何被现代技术弃用的(例如,你不再需要破解你的Tivo添加网络端口)。在软件世界中,我们现在将在网页上拖放的内容视为理所当然,但不久之前,这也是一个非常令人兴奋的黑客攻击。

One of the neatest hardware hacks I've seen was done by a former coworker at a telecom company years ago. He had a small portable television in his office and he would watch it all day long while working. To get away with it, he wired a switch to the on/off that was activated via his foot under his desk.

我见过的最好的硬件黑客之一是几年前一家电信公司的前同事完成的。他的办公室里有一台小型便携式电视机,他在工作的整天都会看着它。为了逃脱它,他将一个开关连接到通过他的桌子下面的脚激活的开/关。

What's the coolest hardware or software hack you've personally seen or done? What hack are you working on right now?

您个人见过或做过的最酷的硬件或软件是什么?你现在正在做什么黑客攻击?

43 个解决方案

#1


49  

I recall this hack as being written by Bob Smith, who did the old DOS-era memory manager called 386MAX (or "386 to the Max"). It wasn't part of the product, it was a little utility program he whipped up and posted somewhere. However, on the web the only reference to this technique I can find is a DDJ Undocumented Corner column from November 1996 by Robert Collins.

我记得这个黑客是由Bob Smith编写的,他曾经做过DOS旧时代的内存管理器,名为386MAX(或“386 to the Max”)。它不是产品的一部分,它是一个小小的实用程序,他掀起并张贴在某个地方。然而,在网上我唯一可以找到的这种技术是1996年11月Robert Collins的DDJ Undocumented Corner专栏。

The Problem

Prior to Intel introducing the CPUID instruction, it was difficult to check the exact type and revision levels of the CPU on your system. It turns out that in most versions of the 386 and later, there actually was a CPU ID, but it was only visible at one specific time: right after the processor was reset in the EDX register. (It was assumed that the computer's BIOS would be the only software legitimately interested in this).

在英特尔引入CPUID指令之前,很难检查系统上CPU的确切类型和修订级别。事实证明,在386及更高版本的大多数版本中,实际上有一个CPU ID,但它只在一个特定时间可见:在EDX寄存器中重置处理器之后。 (假设计算机的BIOS是唯一对此合法感兴趣的软件)。

Problem: how can a normal program retrieve this register value if we are not the BIOS?

问题:如果我们不是BIOS,普通程序如何检索此寄存器值?

Background Material

This hack relied on six distinct peculiarities of IBM PC compatible computers. They were as follows:

这个hack依赖于IBM PC兼容计算机的六种不同特性。他们如下:

  1. Starting with the IBM AT and later, there is a way to independently disable the A20 address line on the bus.
  2. 从IBM AT及更高版本开始,有一种方法可以独立禁用总线上的A20地址线。

  3. Most computers do not have RAM installed in very high memory addresses just below the BIOS ROM.
  4. 大多数计算机没有安装在BIOS ROM下方的高内存地址中的RAM。

  5. Most IBM PC bus computers return 0xFF when you read a memory location that has no memory installed there.
  6. 当您读取没有安装内存的内存位置时,大多数IBM PC总线计算机返回0xFF。

  7. 0xFF 0xFF 0xFF etc is an illegal opcode on Intel CPUs.
  8. 0xFF 0xFF 0xFF等是Intel CPU上的非法操作码。

  9. If you install an exception handler in memory, it will survive a soft reboot on most CPUs of this era (386 through 486).
  10. 如果在内存中安装异常处理程序,它将在这个时代(386到486)的大多数CPU上进行软重启。

  11. Upon soft or hard reset, Intel processors jump to an address which is at the top of addressable memory, minus 16 bytes, which is why the BIOS ROM is placed there.
  12. 在软复位或硬复位时,英特尔处理器跳转到可寻址存储器顶部的地址,减去16个字节,这就是BIOS ROM放置在那里的原因。

The program combined knowledge of all these pieces of trivia to achieve the goal.

该计划结合了所有这些琐事的知识,以实现目标。

The Hack

The result was a DOS command line program, that did the following:

结果是DOS命令行程序,它执行以下操作:

  • Installed an illegal opcode exception handler
  • 安装了非法的操作码异常处理程序

  • Turned off the A20 address line on the bus
  • 关闭总线上的A20地址线

  • Soft-rebooted the CPU (I think this was through a BIOS call)
  • 软重启CPU(我认为这是通过BIOS调用)

When the soft reboot occurred, the processor would try to jump to the top of memory minus 16 bytes, which is where the ROM startup code is located. However, since A20 was off, it would actually jump to top of memory minus 16 bytes minus one megabyte. On most PCs there is no RAM there. So it would fetch a series of 0xFF bytes from this non-existent RAM, and try to execute it. This would create an illegal opcode exception.

当软重启发生时,处理器将尝试跳转到内存顶部减去16个字节,这是ROM启动代码所在的位置。但是,由于A20关闭,它实际上会跳到内存的顶部减去16个字节减去1兆字节。在大多数PC上,那里没有RAM。因此它会从这个不存在的RAM中获取一系列0xFF字节,并尝试执行它。这会产生非法的操作码异常。

His exception handler would then pluck out the value of EDX (the CPUID) and stash it somewhere he could find it. It would then clean up the mess (turn A20 back on, flip back from protected mode to real mode for DOS) and return control to the original code.

然后,他的异常处理程序将获取EDX(CPUID)的值并将其藏匿在他可以找到的地方。然后它会清理混乱(重新打开A20,从保护模式转回到DOS的实模式)并将控制权返回到原始代码。

When it worked, it was genius to behold. Voila, here was a simple command-line DOS program that would give you the CPUID value.

当它奏效时,它是天才。 Voila,这是一个简单的命令行DOS程序,可以为您提供CPUID值。

Of course, there were inevitably PCs out there which were "not quite compatible" which would crash horribly when you ran this. Ah well.

当然,那里不可避免地存在那些“不太兼容”的PC,当你运行它时会崩溃。呃,好吧。

#2


54  

The quake3 inverse square root and the MIT Magic/More Magic switch usually make these lists.

quake3反平方根和MIT Magic / More Magic开关通常会生成这些列表。

#3


40  

Well, it's not the coolest, but it's definitely funny (to programmers).

嗯,这不是最酷的,但它对程序员来说绝对有趣。

We built an ad-hoc query builder for a resume database project. There were some ajaxy parts to it and the basic idea was that if you changed anything on the page, the search automatically re-ran itself. (It was triggered by the onBlur event of all the UI widgets)

我们为简历数据库项目构建了一个临时查询构建器。它有一些ajaxy部分,基本的想法是,如果你在页面上改变了任何东西,搜索会自动重新运行。 (它是由所有UI小部件的onBlur事件触发的)

So we had no real use for a "Search" or "Run Query" button. This confused the users to no end. So we added a search button which did nothing. It just sat there.

所以我们没有真正使用“搜索”或“运行查询”按钮。这使用户感到困惑无止境。所以我们添加了一个什么都没做的搜索按钮。它只是坐在那里。

It worked because every time you clicked the search button, the onBlur event from the field you were just on would fire.

它之所以有效,是因为每次单击搜索按钮时,您刚刚开启的字段中的onBlur事件都会触发。

This made our user base very happy. Simple things.

这使我们的用户群非常满意。简单的事情。

#4


32  

This wasn't a hack I did, but rather someone I worked for a long time ago told me about it (he actually did the hack).

这不是我做过的黑客攻击,而是我很久以前工作过的人告诉我的事情(他实际上做了黑客攻击)。

It seems he worked for someone who was blind and who needed a way to read text files. So he figured out how to translate text files to braille and print them out using various characters such as . and :

他似乎为盲人和需要阅读文本文件的人工作。所以他想出了如何将文本文件翻译成盲文并使用各种字符打印出来。并且:

The printers at the time were impact printers, so when a character was printed, the printing mechanism struck the paper hard enough to leave an impression that could be felt. Since the impression formed on the back of the paper, he had to print an inverted-backwards braille so that when the paper was turned around it was correct.

当时的打印机是冲击打印机,因此当打印字符时,打印机构足以打印纸张,留下可以感觉到的印象。由于在纸张背面形成印模,他不得不打印倒置后向盲文,以便当纸张转动时它是正确的。

Of course, the act of reading eliminated the depressions so it was a read-once mechanism, but I always thought that was a pretty cool hack.

当然,阅读行为消除了萧条,因此它是一次性读取机制,但我一直认为这是一个非常酷的黑客。

#5


24  

While working on the reverse-engineering effort of the iPhone, I found a vulnerability in the baseband (chip that handles the telephony and the carrier lock) that would allow you to write zeros arbitrarily. Although this seemed useless at first, it quickly became apparent that this could do far more than I had initially thought. With the way ARM works, certain jumps could be made nullified by writing a single zero in the target, causing the execution path to always continue forward. This enabled a software unlock, but was quickly replaced by a more robust hack that allowed you to reflash the baseband entirely.

在研究iPhone的逆向工程工作时,我发现基带中的一个漏洞(处理电话和载波锁的芯片)可以让你随意写零。虽然这起初看起来毫无用处,但很快就会发现这可能比我原先想象的要多得多。通过ARM的工作方式,可以通过在目标中写入单个零来使某些跳转无效,从而使执行路径始终继续向前。这使软件解锁,但很快就被更强大的黑客所取代,这使得你可以完全重新刷新基带。

Still damn proud of that hack, regardless of its uselessness now.

不管它现在多么无用,仍然为这个黑客感到自豪。

#6


16  

I made a divide-by-eight counter out of pneumatic valves in college in order to get exempted from the remainder of the pneumatics course.

我在大学里用气动阀门做了一个8分频计数器,以便免除其余的气动课程。

#7


15  

Its such a trivial thing, but when I first saw this code (by a fellow developer of mine) I was shocked because it is something I would have never thought of (comments added by me):

它是如此微不足道的事情,但是当我第一次看到这个代码时(由我的同事开发)我感到震惊,因为这是我从未想过的(我添加的评论):

cglobal x264_sub8x8_dct_sse2, 3,3  ;3,3 means 3 arguments and 3 registers used
.skip_prologue:
    call .8x4
    add  r0, 64                    ;increment pointers
    add  r1, 4*FENC_STRIDE
    add  r2, 4*FDEC_STRIDE
.8x4:
    SUB_DCT4 2x4x4W                ;this macro does the actual transform
    movhps [r0+32], m0             ;store second half of output data
    movhps [r0+40], m1             ;the rest is done in the macro
    movhps [r0+48], m2
    movhps [r0+56], m3
    ret

It does an 8x8 block of 4 transforms by doing sets of 8x4 at a time. But it doesn't paste the code twice (that would waste code size), nor does it have an 8x4 function and call it twice. Nor does it have a loop either. Instead, it calls the "function" and then increments the pointers, and then "falls" right into it and does it again.

它通过一次做8x4组来完成4个8x8块变换。但它不会粘贴代码两次(这会浪费代码大小),也不会有8x4函数并调用它两次。它也没有循环。相反,它调用“函数”然后递增指针,然后“向下”直接进入它并再次执行。

It gets the best of both worlds: no function calling overhead beyond the original (since the pointers r0, r1, and r2 aren't incremented in SUB_DCT4) and no code duplication, and no loop overhead.

它得到了两全其美:没有函数调用超出原始的开销(因为指针r0,r1和r2在SUB_DCT4中没有增加)并且没有代码重复,也没有循环开销。

#8


14  

This summer I wrote a game that I call SatelliteRush. It's a Breakout game for mobile phones with Java and GPS. It can be played in two modes: "boring mode" and "satellite mode". In boring mode, you use buttons to move the paddle, just as usual, but in satellite mode it uses the phone's GPS receiver. You run back and forth, and the paddle moves with you.

今年夏天,我写了一款名为SatelliteRush的游戏。这是一款适用于带有Java和GPS的手机的突围游戏。它可以以两种模式播放:“无聊模式”和“卫星模式”。在无聊模式下,您可以像往常一样使用按钮移动球拍,但在卫星模式下,它使用手机的GPS接收器。你来回跑,桨随你一起移动。

I've only tested it on a Sony-Ericsson W760i, and it works reasonably well, given that GPS position updates are rather slow and inexact.

我只在索尼爱立信W760i上进行了测试,并且考虑到GPS位置更新速度相当慢而且不精确,因此效果相当不错。

So far I have made a "technical test version" of this game, so it's is not very good-looking or easy to use. But if you have a GPS phone with Java you can download it here: http://www.lysator.liu.se/~padrone/temporary/SatelliteRushTest/

到目前为止,我已经制作了这个游戏的“技术测试版”,所以它不是很好看或易于使用。但如果您有带Java的GPS手机,可以在这里下载:http://www.lysator.liu.se/~padrone/temporary/SatelliteRushTest/

EDIT:

Now available for Android as a free app on Android Market: https://market.android.com/details?id=se.nekotronic.satelliterush

Android版现已推出Android版免费应用:https://market.android.com/details?id = se.nekotronic.satelliterush

#9


11  

Duff's Device. Does that count? :)

达夫的装置。这算得上吗? :)

#10


10  

Duffs Device, for the above question.

Duffs Device,针对上述问题。

The Story of Mel. Hardcore hack.

梅尔的故事。铁杆黑客。

#11


10  

I got an early Commodore 64 Computer, and needed to write assembly code for it.

我有一台早期的Commodore 64计算机,需要为它编写汇编代码。

Problem was, there was no Assembler Program for the C64 (either that, or I couldn't afford one).

问题是,C64没有汇编程序(要么就是这个,要么我买不起)。

So I wrote an assembler by looking up the 6502 opcodes in a book, and creating the program out of the raw bytes.

所以我通过查阅书中的6502操作码并用原始字节创建程序来编写汇编程序。

At some point it was able to take assembly code as its input, and assemble into a program.

在某些时候,它能够将汇编代码作为输入,并组装成一个程序。

A friend of mine had written a disassembler for his PET in BASIC. I used this program to disassemble my assembler, and was then able to use my assembler to assemble newer versions of itself.

我的一个朋友为他在BASIC的PET写了一个反汇编程序。我使用这个程序来反汇编我的汇编程序,然后能够使用我的汇编程序来组装它自己的更新版本。

Oh, the hoops we had to jump through in the old days :)

哦,在过去我们不得不跳过的箍:)

#12


9  

The coolest hack (and it's not really a hack in the true sense of the word, but it passes as well as some of the above answers) I've ever created was on my Apple //e.

最酷的黑客(它真的不是一个真正意义上的黑客,但它通过以及上面的一些答案)我曾经创建过我的Apple // e。

There was one line in the reference manual that said $C010 was the 'any key down' flag.

参考手册中有一行说$ C010是'任意关键'标志。

Which it turned out was true. The high bit of the $C010 soft switch would tell you if a key was down or not despite the built-in key repeat hardware.

事实证明这是真的。尽管有内置的密钥重复硬件,但$ C010软开关的高位会告诉您密钥是否已关闭。

What they didn't tell you and everybody found out the hard way was that there was no reliably way to find out WHAT key was being pressed.

他们没有告诉你什么,每个人都发现困难的方法是没有可靠的方法来找出按键是什么键。

If you wrote a little assembly program... (pardon my mistakes, my 6502 assembly is a lot rusty)

如果你写了一个小装配程序......(原谅我的错误,我的6502装配很生锈)

  :1
  lda $C010
  cmp #$80
  bcc :1  ; branch if less than? I forget how to do that.
  lda $C000
  jsr $FDF0   ;output the accumulator value to the screen

So it would loop until you pressed a key and would output the key by loading from the $C000 keyboard read switch.

所以它会循环,直到你按下一个键,并通过加载$ C000键盘读取开关输出密钥。

But if you ran that program, it wouldn't quite work right.

但是,如果你运行该程序,它将无法正常工作。

It would certainly print out something while you were holding a key down and nothing when you weren't but there was a little lag on the bus somewhere (I think, I'm not a hardware guy) so if you pressed 'f' you'd get lots of f's. But if you stopped, then pressed 'g', you'd get a bunch of 'f's before it switched to 'g'.

当你拿着一把钥匙的时候肯定会打印出来的东西,当你没有按下时什么也没有,但是公共汽车上有一点滞后(我想,我不是硬件人)所以如果你按'f'你得到很多f。但如果你停下来,然后按'g',你会在切换到'g'之前得到一堆'f'。

You could see evidence of this problem in the apple ][ version of Gauntlet, you'd move in one direction, and if you tried to move in a second direction, you'd move a little bit in your original direction until the you passed the lag.

你可以在苹果中看到这个问题的证据] [Gauntlet的版本,你会向一个方向移动,如果你试图向第二个方向移动,你会朝你原来的方向移动一点,直到你通过滞后。

It made no sense really, because reading $C000 was always 100% accurate, unless you pinged $C010 first.

它没有任何意义,因为读取$ C000始终是100%准确,除非你首先扣除$ C010。

I found this problem fascinating and after weeks of playing I finally came up with what I still think is the coolest program I've ever written.

我发现这个问题引人入胜,经过数周的演奏,我终于想出了我仍然认为是我写过的最酷的节目。

The program itself made no sense, it did a few useless ORA's but for some reason it worked, and it yielded correct values from $C000 after querying $C010.

程序本身没有任何意义,它做了一些无用的ORA,但由于某种原因它起作用,并且在查询$ C010后它从$ C000产生了正确的值。

So cool was this, I wrote an article for nibble magazine, which they accepted but never published (either because they went out of business or because the article read like it was written by 15 year old, which it was) where I wrote a replacement keyboard input program and hooked it into the zero page location that everybody calls to get keyboard input and I was able to programmatically change the keyboard repeat delay and repeat rate, something that was otherwise impossible as it was wired into the hardware. Of course the Apple //e was on its way out at that point, but still to this day, my coolest hack.

这很酷,我写了一篇关于nibble杂志的文章,他们接受了这篇文章但从未发表过(因为他们已经破产或因为这篇文章读起来就像15岁那样,这是我写的)键盘输入程序,并将其连接到每个人调用以获得键盘输入的零页面位置,我能够以编程方式更改键盘重复延迟和重复率,这是因为它连接到硬件,否则是不可能的。当然,Apple // e当时正在走出困境,但至今仍是我最酷的黑客。

Update 3/2/2010: Going through some old papers, I found a printout of my little assembly routine. I'm posting it here to see if anybody can figure out why it works, and so it will be forever enshrined in digital form somewhere...

2010年3月2日更新:通过一些旧文章,我找到了我的小装配程序的打印输出。我在这里张贴它,看看是否有人能弄清楚它为什么会起作用,所以它将永远地以数字形式存在于某个地方......

$0300  AD 10 C0  LDA $C010  ; load accumulator with any-key-down flag
$0303  29 80     AND #$80   ; keep only high bit flag
$0305  0D 00 C0  ORA $C000  ; OR accumulate with keyboard soft switch
$0308  10 F9     BPL $0303  ; erm, I forget exactly which branch this is
$030A  09 80     ORA #$80   ; turn the high bit on 
$030C  20 ED FD  JSR $FDED  ; print char in accumulator
$030F  4C 00 30  JMP $0300  ; start again.

Makes no sense why this should work, but it does. Or did. 25 years ago.

没有任何意义,为什么这应该工作,但确实如此。或者做到了。 25年前。

#13


8  

The Fast Inverse Square Root-- a bizarre little routine that somehow manages to compute the inverse square root of something, but you'd never guess that from looking at it.

快速反向平方根 - 一个奇怪的小程序,以某种方式设法计算某事物的平方根,但你从来没有想过从它看。

http://betterexplained.com/articles/understanding-quakes-fast-inverse-square-root/

#14


8  

A friend of mine was replacing the motherboard in his Dell with newer, faster, OEM motherboard. However, he couldn't get the power button, and other front-panel stuff, to work -- the connectors were different sizes, with different pin layouts. I took a bunch of spare jumpers and spare wires, and connected the proper pins one by one. No soldering needed :)

我的一个朋友用更新,更快的OEM主板取代戴尔的主板。然而,他无法使用电源按钮和其他前面板工作 - 连接器尺寸不同,引脚布局不同。我拿了一堆备用跳线和备用电线,然后逐个连接正确的引脚。无需焊接:)

Code-wise, I'm constantly being impressed. I always thought there was no elegant way of determining whether a forked child successfully execed, but there actually is.

代码方面,我一直留下深刻的印象。我一直认为没有优雅的方法来确定分叉的孩子是否成功地执行了,但确实存在。

child:

execvp(argv[0], argv);
errval = errno;
write(data->fd, &errval, sizeof(errval));

parent:

socketpair(AF_UNIX, SOCK_STREAM, 0, fds);
flag = fcntl(fds[1], F_GETFD) | FD_CLOEXEC;
fcntl(fds[1], F_SETFD, flag);
pid = clone(child, NULL, SIGCHLD, NULL);
if(pid < 0){
        ...
}
close(fds[1]);
/* Read the errno value from the child, if the exec failed, or get 0 if
 * the exec succeeded because the pipe fd was set as close-on-exec.
 */
n = read(fds[0], &ret, sizeof(ret));
if (n < 0) {
        ...
} else if(n != 0){
        /* exec failed */
} else {
        /* exec succeeded */
}

#15


8  

Steve Wozniak's disk controller.

Steve Wozniak的磁盘控制器。

#16


8  

We were compromised at the small company I worked at by some supposedly Russian hackers. Myself and a few other developers wanted to see how, and so I pulled down the most elegant PHP script I have ever seen down from our server, and promptly deleted it from our live machine.

我们在一些据称是俄罗斯黑客的小公司受到了损害。我自己和其他一些开发人员想看看如何,所以我从我们的服务器上删除了我见过的最优雅的PHP脚本,并立即从我们的实时机器中删除它。

It was a * horse called c99shell which did so much with so little that it was both horrible and beautiful at the same time. The thing had an embedded GUI with images using base64 to output them from the PHP so everything was self contained. The feature list was sick! This thing could start shells, scan for connection strings, lock itself down and a number of other useful things for an attacker.

这是一种名为c99shell的特洛伊木马,它做得如此之少,以至于同时它既可怕又美丽。这个东西有一个嵌入式GUI,图像使用base64从PHP输出,所以一切都是自包含的。功能列表生病了!这个东西可以启动shell,扫描连接字符串,锁定自己以及攻击者的许多其他有用的东西。

It was beautiful.

它过去挺美。

Everyone in the office thought I was nuts, but really, truly this code had quite a bit of thought put into it. They kept the file size small so as to sneak past those pesky upload limits and even had a base64 encoded email notification which collected all the information for the attacker.

办公室里的每个人都认为我很疯狂,但实际上,这段代码确实有很多想法。他们保持文件大小较小,以便隐藏那些讨厌的上传限制,甚至还有一个base64编码的电子邮件通知,收集了攻击者的所有信息。

#17


8  

Tesla's device set the record for man-made lightning (42 meters or 130 feet) and all the lights in Colorado Springs had gone out.

特斯拉的设备创造了人造闪电(42米或130英尺)的记录,而科罗拉多斯普林斯的所有灯都已经灭了。

#18


8  

The Black Sunday Hack.

黑色星期天黑客。

#19


7  

I would tell you, but they may want my high school diploma back if I admitted to it ;)

我会告诉你,但如果我承认,他们可能会要求我的高中文凭;)

#20


6  

Back in the days of DOS, I wrote a scripting program to demonstrate my company's software. This scripting program would start the application and then pop up windows on top of the application, describe some of its features using animated type, then close the window, feed keystrokes to the application, wait for the application to display the proper screen, and then pop up more windows. It had its own scripting language and even a script editor so I could interrupt the script, edit it, and then resume running it. The best part is that it ran on top of an unmodified version of our application.

回到DOS的时代,我写了一个脚本程序来演示我公司的软件。此脚本程序将启动应用程序,然后在应用程序顶部弹出窗口,使用动画类型描述其某些功能,然后关闭窗口,向应用程序提供按键,等待应用程序显示正确的屏幕,然后弹出更多的窗户。它有自己的脚本语言甚至是脚本编辑器,因此我可以中断脚本,编辑它,然后继续运行它。最好的部分是它运行在我们的应用程序的未修改版本之上。

The whole demo application was written in C and assembly language. It hooked timer and keyboard interrupts in order to interact with the application. I wrote everything, including the windowing library.

整个演示应用程序是用C语言和汇编语言编写的。它挂钩了计时器和键盘中断,以便与应用程序进行交互。我写了一切,包括窗口库。

#21


5  

I once hacked together a simple dos-style commandline for the psion 3a during a university lecture. It could only do basic directory listing, browsing, copy & move, but it looked the part - full screen a small font.

我曾经在大学演讲期间为psion 3a编写了一个简单的dos式命令行。它只能做基本的目录列表,浏览,复制和移动,但它看起来部分 - 全屏小字体。

Oh, and I programmed pong for the 68008 with pots for input and an oscilloscope for output. Not that hard using a dev board, but there was something cool about playing it on an osc.

哦,我为68008编程pong,输入电位器和输出示波器。使用开发板并不难,但在osc上播放它有一些很酷的东西。

#22


5  

Not done by me, of course, but I came across it recently and it looked cool:

当然不是我做的,但最近我遇到过它看起来很酷:

Self-printing Game of Life in C#

C#中的自我印刷生活游戏

"Conway’s Game of Life has fascinated computer scientists for decades. Even though its rules are ridiculously simple, Conway’s universe gives rise to a variety of gliders, spaceships, oscillators, glider guns, and other forms of “life”. Self-printing programs are similarly curious, and - rather surprisingly - have an important place in the theory of computation.

“康威的生命游戏数十年来一直让计算机科学家着迷。尽管它的规则非常简单,但康威的宇宙产生了各种各样的滑翔机,宇宙飞船,振荡器,滑翔机和其他形式的”生命“。自我打印程序是同样好奇,而且 - 相当令人惊讶 - 在计算理论中占有重要地位。

What happens when you combine the two? You are about to find out, but one thing is for sure: the geekiness factor should be pretty high.

结合两者会发生什么?你即将发现,但有一件事是肯定的:极客因素应该很高。

I wrote a little C# program that contains a Game-of-Life grid. The program advances the game grid to the next generation and prints out a copy of itself, with the grid updated. You can take the output, compile it with a C# compiler, run it, and you’ll get the next generation of the game. You can iterate the process, or change the initial grid state manually. "

我写了一个包含生命游戏网格的C#程序。该程序将游戏网格推进到下一代并打印出自己的副本,并更新网格。您可以获取输出,使用C#编译器进行编译,运行它,然后您将获得下一代游戏。您可以迭代该过程,或手动更改初始网格状态。 “

Follow the link above for source code.

请点击上面的链接获取源代码。

#23


5  

I wrote a simple Windows batch file to let me quickly play tracks matching some pattern from my music library (on f: drive) on a painfully slow machine (opening iTunes takes about 3 minutes on this machine!). It supports regular expressions via the findstr command and uses mplayer to play the tracks. All I have to do is press Windows+R and type:

我写了一个简单的Windows批处理文件,让我在一台速度很慢的机器上快速播放与我的音乐库(在f:驱动器上)匹配某些模式的曲目(在这台机器上打开iTunes大约需要3分钟!)。它通过findstr命令支持正则表达式,并使用mplayer播放曲目。我所要做的就是按Windows + R键入:

play u2

or:

play "neighbo.+rhood"

or:

play "blink[0-9][0-9][0-9]"

The batch file is like this, in play.bat.

批处理文件在play.bat中是这样的。

cd /d f:
findstr /I /R %1 dirlist.txt > playlist.txt
mplayer -playlist playlist.txt

Both mplayer and play.bat should be added to your path.

mplayer和play.bat都应添加到您的路径中。

#24


4  

I wrote an assembler for a small Virtual Machine (UDVM) with Excel and Visual Basic. You write your assembly code in the Excel cells and your memory layout in the other worksheet, and then at the bottom the machine code binary strings will be calculated. Imagine the dread of hand assemblying every time you change your assembly code.

我用Excel和Visual Basic为一个小型虚拟机(UDVM)编写了一个汇编程序。您可以在Excel单元格中编写汇编代码,在另一个工作表中编写内存布局,然后在底部计算机器代码二进制字符串。想象一下每次更改汇编代码时都会对手装配的恐惧。

#25


4  

After several days of debugging a dial-up server that was experiencing an unacceptable number of dropped calls, I traced the problem to a home-grown authentication mechanism that depended on the text representation of the running getty's PID. The getty would generate an error and abort if its PID contained an even number followed by a 9, causing the call to drop and the getty to respawn with a new PID.

经过几天的调试拨号服务器经历了无法接受的掉线次数后,我将问题追溯到一个本地认证机制,该机制依赖于正在运行的getty的PID的文本表示。 getty会产生一个错误,如果它的PID包含一个偶数后跟一个9,则会中止,导致调用掉落,getty重新生成一个新的PID。

After the problem was identified, I was taken off the project and later discovered that the "fix" was to change the numeric-to-text conversion from

确定问题后,我被取消了项目,后来发现“修复”是改变数字到文本的转换

sprintf(strval, "%d", pid);

to

sprintf(strval, "%o", pid);

Rather than troubleshooting the authentication routine, someone chose to convert the PID to octal, making it impossible to contain a 9!

有人选择将PID转换为八进制,而不是对身份验证例程进行故障排除,从而无法包含9!

#26


4  

And a self-printing program ('quine') in C#, 149 characters long:

C#中的自打印程序('quine'),长度为149个字符:

C# Quine

class P{static void Main(){var S=“class P{{static void Main(){{var S={1}{0}{1};System.Console.Write(S,S,’{1}’);}}}}”;System.Console.Write(S,S,‘”‘);}}

#27


4  

A couple years ago I was developing a web interface and using some brand-new JS libs for AJAX functionality. The lib only eval'd JS that was in the html doc header, but there was too much data being returned to fit in the header. What to do?

几年前,我正在开发一个Web界面,并使用一些全新的JS库来实现AJAX功能。 lib只能在html doc头文件中评估JS,但是返回的数据太多以适应头文件。该怎么办?

Some poking around revealed that the JS in the header had access to the body of the html doc, so I wrote a generic 'eval the body' function that was returned in the header. Very useful at the time, especially b/c a different JS lib we were evaluating only eval'd JS from the body, so this was compatible for both JS libs and avoided any size constraints from the header!

一些讨论显示标题中的JS可以访问html doc的主体,所以我写了一个通用的'eval the body'函数,它在头文件中返回。在当时非常有用,特别是b / c一个不同的JS库,我们只评估来自正文的eval'd JS,所以这兼容了两个JS库并避免了标题中的任何大小限制!

Yes, simple, but I felt quite awesome for a whole month after figuring this out :)

是的,很简单,但在弄清楚这一点之后整整一个月我感觉非常棒:)

#28


3  

Seeing my former workmate rewriting a playstation one 3d engine within three weeks from scratch in assembler. The old one was to slow and we didn't had the time to change the graphic assets anymore. He started that rewrite two month before deadline.

看到我的前同事在三周内从汇编程序中重写了一个游戏机一个3d引擎。旧的速度慢了,我们没有时间改变图形资产了。他在截止日期前两个月开始重写。

It was the same guy (and some other dudes as well - it was an act of teamwork) who did an amazing job stuffing 10 minutes of graphics and sound into a 64kb executable.

这是一个同样的人(以及其他一些家伙 - 这是一种团队合作的行为),他做了一个惊人的工作,将10分钟的图形和声音填充到一个64kb的可执行文件中。

http://pouet.net/prod.php?which=1221

#29


3  

When looking at how to use TCP in 4D, I came across this variation of the Duff Device in the documentation:

在查看如何在4D中使用TCP时,我在文档中遇到了Duff Device的这种变体:

$SentOK:=False  //A flag to indicate if we made it through all of the calls
Case of 
   : (SMTP_New ($smtp_id)!=0)
   : (SMTP_Host ($smtp_id;<>pref_Server)!=0)
   : (SMTP_From ($smtp_id;vFrom)!=0)
   : (SMTP_To ($smtp_id;vTo)!=0)
   : (SMTP_Subject ($smtp_id;vSubject)!=0)
   : (SMTP_Body ($smtp_id;vMessage)!=0)
   : (SMTP_Send ($smtp_id)!=0)
Else 
   $SentOK:=True  //message was composed and mailed successfully
End case 
If ($smtp_id!=0)  //If a Message Envelope was created we should clear it now
   $OK:=SMTP_Clear ($smtp_id)
End if 

I looked at it and thought it was really clever (I still do). Unfortunately, it wasn't what I needed and I never got the chance to use it.

我看着它,并认为它非常聪明(我仍然这样做)。不幸的是,这不是我需要的,我从来没有机会使用它。

#30


3  

Not by me:

不是我:

#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[]){
  int i;

  printf("((((");
  for(i=1;i!=argc;i++){
    if(     strcmp(argv[i], "^")==0) printf(")^(");
    else if(strcmp(argv[i], "*")==0) printf("))*((");
    else if(strcmp(argv[i], "/")==0) printf("))/((");
    else if(strcmp(argv[i], "+")==0) printf(")))+(((");
    else if(strcmp(argv[i], "-")==0) printf(")))-(((");
    else                             printf("%s", argv[i]);
  }
  printf("))))\n");
  return 0;
}

#1


49  

I recall this hack as being written by Bob Smith, who did the old DOS-era memory manager called 386MAX (or "386 to the Max"). It wasn't part of the product, it was a little utility program he whipped up and posted somewhere. However, on the web the only reference to this technique I can find is a DDJ Undocumented Corner column from November 1996 by Robert Collins.

我记得这个黑客是由Bob Smith编写的,他曾经做过DOS旧时代的内存管理器,名为386MAX(或“386 to the Max”)。它不是产品的一部分,它是一个小小的实用程序,他掀起并张贴在某个地方。然而,在网上我唯一可以找到的这种技术是1996年11月Robert Collins的DDJ Undocumented Corner专栏。

The Problem

Prior to Intel introducing the CPUID instruction, it was difficult to check the exact type and revision levels of the CPU on your system. It turns out that in most versions of the 386 and later, there actually was a CPU ID, but it was only visible at one specific time: right after the processor was reset in the EDX register. (It was assumed that the computer's BIOS would be the only software legitimately interested in this).

在英特尔引入CPUID指令之前,很难检查系统上CPU的确切类型和修订级别。事实证明,在386及更高版本的大多数版本中,实际上有一个CPU ID,但它只在一个特定时间可见:在EDX寄存器中重置处理器之后。 (假设计算机的BIOS是唯一对此合法感兴趣的软件)。

Problem: how can a normal program retrieve this register value if we are not the BIOS?

问题:如果我们不是BIOS,普通程序如何检索此寄存器值?

Background Material

This hack relied on six distinct peculiarities of IBM PC compatible computers. They were as follows:

这个hack依赖于IBM PC兼容计算机的六种不同特性。他们如下:

  1. Starting with the IBM AT and later, there is a way to independently disable the A20 address line on the bus.
  2. 从IBM AT及更高版本开始,有一种方法可以独立禁用总线上的A20地址线。

  3. Most computers do not have RAM installed in very high memory addresses just below the BIOS ROM.
  4. 大多数计算机没有安装在BIOS ROM下方的高内存地址中的RAM。

  5. Most IBM PC bus computers return 0xFF when you read a memory location that has no memory installed there.
  6. 当您读取没有安装内存的内存位置时,大多数IBM PC总线计算机返回0xFF。

  7. 0xFF 0xFF 0xFF etc is an illegal opcode on Intel CPUs.
  8. 0xFF 0xFF 0xFF等是Intel CPU上的非法操作码。

  9. If you install an exception handler in memory, it will survive a soft reboot on most CPUs of this era (386 through 486).
  10. 如果在内存中安装异常处理程序,它将在这个时代(386到486)的大多数CPU上进行软重启。

  11. Upon soft or hard reset, Intel processors jump to an address which is at the top of addressable memory, minus 16 bytes, which is why the BIOS ROM is placed there.
  12. 在软复位或硬复位时,英特尔处理器跳转到可寻址存储器顶部的地址,减去16个字节,这就是BIOS ROM放置在那里的原因。

The program combined knowledge of all these pieces of trivia to achieve the goal.

该计划结合了所有这些琐事的知识,以实现目标。

The Hack

The result was a DOS command line program, that did the following:

结果是DOS命令行程序,它执行以下操作:

  • Installed an illegal opcode exception handler
  • 安装了非法的操作码异常处理程序

  • Turned off the A20 address line on the bus
  • 关闭总线上的A20地址线

  • Soft-rebooted the CPU (I think this was through a BIOS call)
  • 软重启CPU(我认为这是通过BIOS调用)

When the soft reboot occurred, the processor would try to jump to the top of memory minus 16 bytes, which is where the ROM startup code is located. However, since A20 was off, it would actually jump to top of memory minus 16 bytes minus one megabyte. On most PCs there is no RAM there. So it would fetch a series of 0xFF bytes from this non-existent RAM, and try to execute it. This would create an illegal opcode exception.

当软重启发生时,处理器将尝试跳转到内存顶部减去16个字节,这是ROM启动代码所在的位置。但是,由于A20关闭,它实际上会跳到内存的顶部减去16个字节减去1兆字节。在大多数PC上,那里没有RAM。因此它会从这个不存在的RAM中获取一系列0xFF字节,并尝试执行它。这会产生非法的操作码异常。

His exception handler would then pluck out the value of EDX (the CPUID) and stash it somewhere he could find it. It would then clean up the mess (turn A20 back on, flip back from protected mode to real mode for DOS) and return control to the original code.

然后,他的异常处理程序将获取EDX(CPUID)的值并将其藏匿在他可以找到的地方。然后它会清理混乱(重新打开A20,从保护模式转回到DOS的实模式)并将控制权返回到原始代码。

When it worked, it was genius to behold. Voila, here was a simple command-line DOS program that would give you the CPUID value.

当它奏效时,它是天才。 Voila,这是一个简单的命令行DOS程序,可以为您提供CPUID值。

Of course, there were inevitably PCs out there which were "not quite compatible" which would crash horribly when you ran this. Ah well.

当然,那里不可避免地存在那些“不太兼容”的PC,当你运行它时会崩溃。呃,好吧。

#2


54  

The quake3 inverse square root and the MIT Magic/More Magic switch usually make these lists.

quake3反平方根和MIT Magic / More Magic开关通常会生成这些列表。

#3


40  

Well, it's not the coolest, but it's definitely funny (to programmers).

嗯,这不是最酷的,但它对程序员来说绝对有趣。

We built an ad-hoc query builder for a resume database project. There were some ajaxy parts to it and the basic idea was that if you changed anything on the page, the search automatically re-ran itself. (It was triggered by the onBlur event of all the UI widgets)

我们为简历数据库项目构建了一个临时查询构建器。它有一些ajaxy部分,基本的想法是,如果你在页面上改变了任何东西,搜索会自动重新运行。 (它是由所有UI小部件的onBlur事件触发的)

So we had no real use for a "Search" or "Run Query" button. This confused the users to no end. So we added a search button which did nothing. It just sat there.

所以我们没有真正使用“搜索”或“运行查询”按钮。这使用户感到困惑无止境。所以我们添加了一个什么都没做的搜索按钮。它只是坐在那里。

It worked because every time you clicked the search button, the onBlur event from the field you were just on would fire.

它之所以有效,是因为每次单击搜索按钮时,您刚刚开启的字段中的onBlur事件都会触发。

This made our user base very happy. Simple things.

这使我们的用户群非常满意。简单的事情。

#4


32  

This wasn't a hack I did, but rather someone I worked for a long time ago told me about it (he actually did the hack).

这不是我做过的黑客攻击,而是我很久以前工作过的人告诉我的事情(他实际上做了黑客攻击)。

It seems he worked for someone who was blind and who needed a way to read text files. So he figured out how to translate text files to braille and print them out using various characters such as . and :

他似乎为盲人和需要阅读文本文件的人工作。所以他想出了如何将文本文件翻译成盲文并使用各种字符打印出来。并且:

The printers at the time were impact printers, so when a character was printed, the printing mechanism struck the paper hard enough to leave an impression that could be felt. Since the impression formed on the back of the paper, he had to print an inverted-backwards braille so that when the paper was turned around it was correct.

当时的打印机是冲击打印机,因此当打印字符时,打印机构足以打印纸张,留下可以感觉到的印象。由于在纸张背面形成印模,他不得不打印倒置后向盲文,以便当纸张转动时它是正确的。

Of course, the act of reading eliminated the depressions so it was a read-once mechanism, but I always thought that was a pretty cool hack.

当然,阅读行为消除了萧条,因此它是一次性读取机制,但我一直认为这是一个非常酷的黑客。

#5


24  

While working on the reverse-engineering effort of the iPhone, I found a vulnerability in the baseband (chip that handles the telephony and the carrier lock) that would allow you to write zeros arbitrarily. Although this seemed useless at first, it quickly became apparent that this could do far more than I had initially thought. With the way ARM works, certain jumps could be made nullified by writing a single zero in the target, causing the execution path to always continue forward. This enabled a software unlock, but was quickly replaced by a more robust hack that allowed you to reflash the baseband entirely.

在研究iPhone的逆向工程工作时,我发现基带中的一个漏洞(处理电话和载波锁的芯片)可以让你随意写零。虽然这起初看起来毫无用处,但很快就会发现这可能比我原先想象的要多得多。通过ARM的工作方式,可以通过在目标中写入单个零来使某些跳转无效,从而使执行路径始终继续向前。这使软件解锁,但很快就被更强大的黑客所取代,这使得你可以完全重新刷新基带。

Still damn proud of that hack, regardless of its uselessness now.

不管它现在多么无用,仍然为这个黑客感到自豪。

#6


16  

I made a divide-by-eight counter out of pneumatic valves in college in order to get exempted from the remainder of the pneumatics course.

我在大学里用气动阀门做了一个8分频计数器,以便免除其余的气动课程。

#7


15  

Its such a trivial thing, but when I first saw this code (by a fellow developer of mine) I was shocked because it is something I would have never thought of (comments added by me):

它是如此微不足道的事情,但是当我第一次看到这个代码时(由我的同事开发)我感到震惊,因为这是我从未想过的(我添加的评论):

cglobal x264_sub8x8_dct_sse2, 3,3  ;3,3 means 3 arguments and 3 registers used
.skip_prologue:
    call .8x4
    add  r0, 64                    ;increment pointers
    add  r1, 4*FENC_STRIDE
    add  r2, 4*FDEC_STRIDE
.8x4:
    SUB_DCT4 2x4x4W                ;this macro does the actual transform
    movhps [r0+32], m0             ;store second half of output data
    movhps [r0+40], m1             ;the rest is done in the macro
    movhps [r0+48], m2
    movhps [r0+56], m3
    ret

It does an 8x8 block of 4 transforms by doing sets of 8x4 at a time. But it doesn't paste the code twice (that would waste code size), nor does it have an 8x4 function and call it twice. Nor does it have a loop either. Instead, it calls the "function" and then increments the pointers, and then "falls" right into it and does it again.

它通过一次做8x4组来完成4个8x8块变换。但它不会粘贴代码两次(这会浪费代码大小),也不会有8x4函数并调用它两次。它也没有循环。相反,它调用“函数”然后递增指针,然后“向下”直接进入它并再次执行。

It gets the best of both worlds: no function calling overhead beyond the original (since the pointers r0, r1, and r2 aren't incremented in SUB_DCT4) and no code duplication, and no loop overhead.

它得到了两全其美:没有函数调用超出原始的开销(因为指针r0,r1和r2在SUB_DCT4中没有增加)并且没有代码重复,也没有循环开销。

#8


14  

This summer I wrote a game that I call SatelliteRush. It's a Breakout game for mobile phones with Java and GPS. It can be played in two modes: "boring mode" and "satellite mode". In boring mode, you use buttons to move the paddle, just as usual, but in satellite mode it uses the phone's GPS receiver. You run back and forth, and the paddle moves with you.

今年夏天,我写了一款名为SatelliteRush的游戏。这是一款适用于带有Java和GPS的手机的突围游戏。它可以以两种模式播放:“无聊模式”和“卫星模式”。在无聊模式下,您可以像往常一样使用按钮移动球拍,但在卫星模式下,它使用手机的GPS接收器。你来回跑,桨随你一起移动。

I've only tested it on a Sony-Ericsson W760i, and it works reasonably well, given that GPS position updates are rather slow and inexact.

我只在索尼爱立信W760i上进行了测试,并且考虑到GPS位置更新速度相当慢而且不精确,因此效果相当不错。

So far I have made a "technical test version" of this game, so it's is not very good-looking or easy to use. But if you have a GPS phone with Java you can download it here: http://www.lysator.liu.se/~padrone/temporary/SatelliteRushTest/

到目前为止,我已经制作了这个游戏的“技术测试版”,所以它不是很好看或易于使用。但如果您有带Java的GPS手机,可以在这里下载:http://www.lysator.liu.se/~padrone/temporary/SatelliteRushTest/

EDIT:

Now available for Android as a free app on Android Market: https://market.android.com/details?id=se.nekotronic.satelliterush

Android版现已推出Android版免费应用:https://market.android.com/details?id = se.nekotronic.satelliterush

#9


11  

Duff's Device. Does that count? :)

达夫的装置。这算得上吗? :)

#10


10  

Duffs Device, for the above question.

Duffs Device,针对上述问题。

The Story of Mel. Hardcore hack.

梅尔的故事。铁杆黑客。

#11


10  

I got an early Commodore 64 Computer, and needed to write assembly code for it.

我有一台早期的Commodore 64计算机,需要为它编写汇编代码。

Problem was, there was no Assembler Program for the C64 (either that, or I couldn't afford one).

问题是,C64没有汇编程序(要么就是这个,要么我买不起)。

So I wrote an assembler by looking up the 6502 opcodes in a book, and creating the program out of the raw bytes.

所以我通过查阅书中的6502操作码并用原始字节创建程序来编写汇编程序。

At some point it was able to take assembly code as its input, and assemble into a program.

在某些时候,它能够将汇编代码作为输入,并组装成一个程序。

A friend of mine had written a disassembler for his PET in BASIC. I used this program to disassemble my assembler, and was then able to use my assembler to assemble newer versions of itself.

我的一个朋友为他在BASIC的PET写了一个反汇编程序。我使用这个程序来反汇编我的汇编程序,然后能够使用我的汇编程序来组装它自己的更新版本。

Oh, the hoops we had to jump through in the old days :)

哦,在过去我们不得不跳过的箍:)

#12


9  

The coolest hack (and it's not really a hack in the true sense of the word, but it passes as well as some of the above answers) I've ever created was on my Apple //e.

最酷的黑客(它真的不是一个真正意义上的黑客,但它通过以及上面的一些答案)我曾经创建过我的Apple // e。

There was one line in the reference manual that said $C010 was the 'any key down' flag.

参考手册中有一行说$ C010是'任意关键'标志。

Which it turned out was true. The high bit of the $C010 soft switch would tell you if a key was down or not despite the built-in key repeat hardware.

事实证明这是真的。尽管有内置的密钥重复硬件,但$ C010软开关的高位会告诉您密钥是否已关闭。

What they didn't tell you and everybody found out the hard way was that there was no reliably way to find out WHAT key was being pressed.

他们没有告诉你什么,每个人都发现困难的方法是没有可靠的方法来找出按键是什么键。

If you wrote a little assembly program... (pardon my mistakes, my 6502 assembly is a lot rusty)

如果你写了一个小装配程序......(原谅我的错误,我的6502装配很生锈)

  :1
  lda $C010
  cmp #$80
  bcc :1  ; branch if less than? I forget how to do that.
  lda $C000
  jsr $FDF0   ;output the accumulator value to the screen

So it would loop until you pressed a key and would output the key by loading from the $C000 keyboard read switch.

所以它会循环,直到你按下一个键,并通过加载$ C000键盘读取开关输出密钥。

But if you ran that program, it wouldn't quite work right.

但是,如果你运行该程序,它将无法正常工作。

It would certainly print out something while you were holding a key down and nothing when you weren't but there was a little lag on the bus somewhere (I think, I'm not a hardware guy) so if you pressed 'f' you'd get lots of f's. But if you stopped, then pressed 'g', you'd get a bunch of 'f's before it switched to 'g'.

当你拿着一把钥匙的时候肯定会打印出来的东西,当你没有按下时什么也没有,但是公共汽车上有一点滞后(我想,我不是硬件人)所以如果你按'f'你得到很多f。但如果你停下来,然后按'g',你会在切换到'g'之前得到一堆'f'。

You could see evidence of this problem in the apple ][ version of Gauntlet, you'd move in one direction, and if you tried to move in a second direction, you'd move a little bit in your original direction until the you passed the lag.

你可以在苹果中看到这个问题的证据] [Gauntlet的版本,你会向一个方向移动,如果你试图向第二个方向移动,你会朝你原来的方向移动一点,直到你通过滞后。

It made no sense really, because reading $C000 was always 100% accurate, unless you pinged $C010 first.

它没有任何意义,因为读取$ C000始终是100%准确,除非你首先扣除$ C010。

I found this problem fascinating and after weeks of playing I finally came up with what I still think is the coolest program I've ever written.

我发现这个问题引人入胜,经过数周的演奏,我终于想出了我仍然认为是我写过的最酷的节目。

The program itself made no sense, it did a few useless ORA's but for some reason it worked, and it yielded correct values from $C000 after querying $C010.

程序本身没有任何意义,它做了一些无用的ORA,但由于某种原因它起作用,并且在查询$ C010后它从$ C000产生了正确的值。

So cool was this, I wrote an article for nibble magazine, which they accepted but never published (either because they went out of business or because the article read like it was written by 15 year old, which it was) where I wrote a replacement keyboard input program and hooked it into the zero page location that everybody calls to get keyboard input and I was able to programmatically change the keyboard repeat delay and repeat rate, something that was otherwise impossible as it was wired into the hardware. Of course the Apple //e was on its way out at that point, but still to this day, my coolest hack.

这很酷,我写了一篇关于nibble杂志的文章,他们接受了这篇文章但从未发表过(因为他们已经破产或因为这篇文章读起来就像15岁那样,这是我写的)键盘输入程序,并将其连接到每个人调用以获得键盘输入的零页面位置,我能够以编程方式更改键盘重复延迟和重复率,这是因为它连接到硬件,否则是不可能的。当然,Apple // e当时正在走出困境,但至今仍是我最酷的黑客。

Update 3/2/2010: Going through some old papers, I found a printout of my little assembly routine. I'm posting it here to see if anybody can figure out why it works, and so it will be forever enshrined in digital form somewhere...

2010年3月2日更新:通过一些旧文章,我找到了我的小装配程序的打印输出。我在这里张贴它,看看是否有人能弄清楚它为什么会起作用,所以它将永远地以数字形式存在于某个地方......

$0300  AD 10 C0  LDA $C010  ; load accumulator with any-key-down flag
$0303  29 80     AND #$80   ; keep only high bit flag
$0305  0D 00 C0  ORA $C000  ; OR accumulate with keyboard soft switch
$0308  10 F9     BPL $0303  ; erm, I forget exactly which branch this is
$030A  09 80     ORA #$80   ; turn the high bit on 
$030C  20 ED FD  JSR $FDED  ; print char in accumulator
$030F  4C 00 30  JMP $0300  ; start again.

Makes no sense why this should work, but it does. Or did. 25 years ago.

没有任何意义,为什么这应该工作,但确实如此。或者做到了。 25年前。

#13


8  

The Fast Inverse Square Root-- a bizarre little routine that somehow manages to compute the inverse square root of something, but you'd never guess that from looking at it.

快速反向平方根 - 一个奇怪的小程序,以某种方式设法计算某事物的平方根,但你从来没有想过从它看。

http://betterexplained.com/articles/understanding-quakes-fast-inverse-square-root/

#14


8  

A friend of mine was replacing the motherboard in his Dell with newer, faster, OEM motherboard. However, he couldn't get the power button, and other front-panel stuff, to work -- the connectors were different sizes, with different pin layouts. I took a bunch of spare jumpers and spare wires, and connected the proper pins one by one. No soldering needed :)

我的一个朋友用更新,更快的OEM主板取代戴尔的主板。然而,他无法使用电源按钮和其他前面板工作 - 连接器尺寸不同,引脚布局不同。我拿了一堆备用跳线和备用电线,然后逐个连接正确的引脚。无需焊接:)

Code-wise, I'm constantly being impressed. I always thought there was no elegant way of determining whether a forked child successfully execed, but there actually is.

代码方面,我一直留下深刻的印象。我一直认为没有优雅的方法来确定分叉的孩子是否成功地执行了,但确实存在。

child:

execvp(argv[0], argv);
errval = errno;
write(data->fd, &errval, sizeof(errval));

parent:

socketpair(AF_UNIX, SOCK_STREAM, 0, fds);
flag = fcntl(fds[1], F_GETFD) | FD_CLOEXEC;
fcntl(fds[1], F_SETFD, flag);
pid = clone(child, NULL, SIGCHLD, NULL);
if(pid < 0){
        ...
}
close(fds[1]);
/* Read the errno value from the child, if the exec failed, or get 0 if
 * the exec succeeded because the pipe fd was set as close-on-exec.
 */
n = read(fds[0], &ret, sizeof(ret));
if (n < 0) {
        ...
} else if(n != 0){
        /* exec failed */
} else {
        /* exec succeeded */
}

#15


8  

Steve Wozniak's disk controller.

Steve Wozniak的磁盘控制器。

#16


8  

We were compromised at the small company I worked at by some supposedly Russian hackers. Myself and a few other developers wanted to see how, and so I pulled down the most elegant PHP script I have ever seen down from our server, and promptly deleted it from our live machine.

我们在一些据称是俄罗斯黑客的小公司受到了损害。我自己和其他一些开发人员想看看如何,所以我从我们的服务器上删除了我见过的最优雅的PHP脚本,并立即从我们的实时机器中删除它。

It was a * horse called c99shell which did so much with so little that it was both horrible and beautiful at the same time. The thing had an embedded GUI with images using base64 to output them from the PHP so everything was self contained. The feature list was sick! This thing could start shells, scan for connection strings, lock itself down and a number of other useful things for an attacker.

这是一种名为c99shell的特洛伊木马,它做得如此之少,以至于同时它既可怕又美丽。这个东西有一个嵌入式GUI,图像使用base64从PHP输出,所以一切都是自包含的。功能列表生病了!这个东西可以启动shell,扫描连接字符串,锁定自己以及攻击者的许多其他有用的东西。

It was beautiful.

它过去挺美。

Everyone in the office thought I was nuts, but really, truly this code had quite a bit of thought put into it. They kept the file size small so as to sneak past those pesky upload limits and even had a base64 encoded email notification which collected all the information for the attacker.

办公室里的每个人都认为我很疯狂,但实际上,这段代码确实有很多想法。他们保持文件大小较小,以便隐藏那些讨厌的上传限制,甚至还有一个base64编码的电子邮件通知,收集了攻击者的所有信息。

#17


8  

Tesla's device set the record for man-made lightning (42 meters or 130 feet) and all the lights in Colorado Springs had gone out.

特斯拉的设备创造了人造闪电(42米或130英尺)的记录,而科罗拉多斯普林斯的所有灯都已经灭了。

#18


8  

The Black Sunday Hack.

黑色星期天黑客。

#19


7  

I would tell you, but they may want my high school diploma back if I admitted to it ;)

我会告诉你,但如果我承认,他们可能会要求我的高中文凭;)

#20


6  

Back in the days of DOS, I wrote a scripting program to demonstrate my company's software. This scripting program would start the application and then pop up windows on top of the application, describe some of its features using animated type, then close the window, feed keystrokes to the application, wait for the application to display the proper screen, and then pop up more windows. It had its own scripting language and even a script editor so I could interrupt the script, edit it, and then resume running it. The best part is that it ran on top of an unmodified version of our application.

回到DOS的时代,我写了一个脚本程序来演示我公司的软件。此脚本程序将启动应用程序,然后在应用程序顶部弹出窗口,使用动画类型描述其某些功能,然后关闭窗口,向应用程序提供按键,等待应用程序显示正确的屏幕,然后弹出更多的窗户。它有自己的脚本语言甚至是脚本编辑器,因此我可以中断脚本,编辑它,然后继续运行它。最好的部分是它运行在我们的应用程序的未修改版本之上。

The whole demo application was written in C and assembly language. It hooked timer and keyboard interrupts in order to interact with the application. I wrote everything, including the windowing library.

整个演示应用程序是用C语言和汇编语言编写的。它挂钩了计时器和键盘中断,以便与应用程序进行交互。我写了一切,包括窗口库。

#21


5  

I once hacked together a simple dos-style commandline for the psion 3a during a university lecture. It could only do basic directory listing, browsing, copy & move, but it looked the part - full screen a small font.

我曾经在大学演讲期间为psion 3a编写了一个简单的dos式命令行。它只能做基本的目录列表,浏览,复制和移动,但它看起来部分 - 全屏小字体。

Oh, and I programmed pong for the 68008 with pots for input and an oscilloscope for output. Not that hard using a dev board, but there was something cool about playing it on an osc.

哦,我为68008编程pong,输入电位器和输出示波器。使用开发板并不难,但在osc上播放它有一些很酷的东西。

#22


5  

Not done by me, of course, but I came across it recently and it looked cool:

当然不是我做的,但最近我遇到过它看起来很酷:

Self-printing Game of Life in C#

C#中的自我印刷生活游戏

"Conway’s Game of Life has fascinated computer scientists for decades. Even though its rules are ridiculously simple, Conway’s universe gives rise to a variety of gliders, spaceships, oscillators, glider guns, and other forms of “life”. Self-printing programs are similarly curious, and - rather surprisingly - have an important place in the theory of computation.

“康威的生命游戏数十年来一直让计算机科学家着迷。尽管它的规则非常简单,但康威的宇宙产生了各种各样的滑翔机,宇宙飞船,振荡器,滑翔机和其他形式的”生命“。自我打印程序是同样好奇,而且 - 相当令人惊讶 - 在计算理论中占有重要地位。

What happens when you combine the two? You are about to find out, but one thing is for sure: the geekiness factor should be pretty high.

结合两者会发生什么?你即将发现,但有一件事是肯定的:极客因素应该很高。

I wrote a little C# program that contains a Game-of-Life grid. The program advances the game grid to the next generation and prints out a copy of itself, with the grid updated. You can take the output, compile it with a C# compiler, run it, and you’ll get the next generation of the game. You can iterate the process, or change the initial grid state manually. "

我写了一个包含生命游戏网格的C#程序。该程序将游戏网格推进到下一代并打印出自己的副本,并更新网格。您可以获取输出,使用C#编译器进行编译,运行它,然后您将获得下一代游戏。您可以迭代该过程,或手动更改初始网格状态。 “

Follow the link above for source code.

请点击上面的链接获取源代码。

#23


5  

I wrote a simple Windows batch file to let me quickly play tracks matching some pattern from my music library (on f: drive) on a painfully slow machine (opening iTunes takes about 3 minutes on this machine!). It supports regular expressions via the findstr command and uses mplayer to play the tracks. All I have to do is press Windows+R and type:

我写了一个简单的Windows批处理文件,让我在一台速度很慢的机器上快速播放与我的音乐库(在f:驱动器上)匹配某些模式的曲目(在这台机器上打开iTunes大约需要3分钟!)。它通过findstr命令支持正则表达式,并使用mplayer播放曲目。我所要做的就是按Windows + R键入:

play u2

or:

play "neighbo.+rhood"

or:

play "blink[0-9][0-9][0-9]"

The batch file is like this, in play.bat.

批处理文件在play.bat中是这样的。

cd /d f:
findstr /I /R %1 dirlist.txt > playlist.txt
mplayer -playlist playlist.txt

Both mplayer and play.bat should be added to your path.

mplayer和play.bat都应添加到您的路径中。

#24


4  

I wrote an assembler for a small Virtual Machine (UDVM) with Excel and Visual Basic. You write your assembly code in the Excel cells and your memory layout in the other worksheet, and then at the bottom the machine code binary strings will be calculated. Imagine the dread of hand assemblying every time you change your assembly code.

我用Excel和Visual Basic为一个小型虚拟机(UDVM)编写了一个汇编程序。您可以在Excel单元格中编写汇编代码,在另一个工作表中编写内存布局,然后在底部计算机器代码二进制字符串。想象一下每次更改汇编代码时都会对手装配的恐惧。

#25


4  

After several days of debugging a dial-up server that was experiencing an unacceptable number of dropped calls, I traced the problem to a home-grown authentication mechanism that depended on the text representation of the running getty's PID. The getty would generate an error and abort if its PID contained an even number followed by a 9, causing the call to drop and the getty to respawn with a new PID.

经过几天的调试拨号服务器经历了无法接受的掉线次数后,我将问题追溯到一个本地认证机制,该机制依赖于正在运行的getty的PID的文本表示。 getty会产生一个错误,如果它的PID包含一个偶数后跟一个9,则会中止,导致调用掉落,getty重新生成一个新的PID。

After the problem was identified, I was taken off the project and later discovered that the "fix" was to change the numeric-to-text conversion from

确定问题后,我被取消了项目,后来发现“修复”是改变数字到文本的转换

sprintf(strval, "%d", pid);

to

sprintf(strval, "%o", pid);

Rather than troubleshooting the authentication routine, someone chose to convert the PID to octal, making it impossible to contain a 9!

有人选择将PID转换为八进制,而不是对身份验证例程进行故障排除,从而无法包含9!

#26


4  

And a self-printing program ('quine') in C#, 149 characters long:

C#中的自打印程序('quine'),长度为149个字符:

C# Quine

class P{static void Main(){var S=“class P{{static void Main(){{var S={1}{0}{1};System.Console.Write(S,S,’{1}’);}}}}”;System.Console.Write(S,S,‘”‘);}}

#27


4  

A couple years ago I was developing a web interface and using some brand-new JS libs for AJAX functionality. The lib only eval'd JS that was in the html doc header, but there was too much data being returned to fit in the header. What to do?

几年前,我正在开发一个Web界面,并使用一些全新的JS库来实现AJAX功能。 lib只能在html doc头文件中评估JS,但是返回的数据太多以适应头文件。该怎么办?

Some poking around revealed that the JS in the header had access to the body of the html doc, so I wrote a generic 'eval the body' function that was returned in the header. Very useful at the time, especially b/c a different JS lib we were evaluating only eval'd JS from the body, so this was compatible for both JS libs and avoided any size constraints from the header!

一些讨论显示标题中的JS可以访问html doc的主体,所以我写了一个通用的'eval the body'函数,它在头文件中返回。在当时非常有用,特别是b / c一个不同的JS库,我们只评估来自正文的eval'd JS,所以这兼容了两个JS库并避免了标题中的任何大小限制!

Yes, simple, but I felt quite awesome for a whole month after figuring this out :)

是的,很简单,但在弄清楚这一点之后整整一个月我感觉非常棒:)

#28


3  

Seeing my former workmate rewriting a playstation one 3d engine within three weeks from scratch in assembler. The old one was to slow and we didn't had the time to change the graphic assets anymore. He started that rewrite two month before deadline.

看到我的前同事在三周内从汇编程序中重写了一个游戏机一个3d引擎。旧的速度慢了,我们没有时间改变图形资产了。他在截止日期前两个月开始重写。

It was the same guy (and some other dudes as well - it was an act of teamwork) who did an amazing job stuffing 10 minutes of graphics and sound into a 64kb executable.

这是一个同样的人(以及其他一些家伙 - 这是一种团队合作的行为),他做了一个惊人的工作,将10分钟的图形和声音填充到一个64kb的可执行文件中。

http://pouet.net/prod.php?which=1221

#29


3  

When looking at how to use TCP in 4D, I came across this variation of the Duff Device in the documentation:

在查看如何在4D中使用TCP时,我在文档中遇到了Duff Device的这种变体:

$SentOK:=False  //A flag to indicate if we made it through all of the calls
Case of 
   : (SMTP_New ($smtp_id)!=0)
   : (SMTP_Host ($smtp_id;<>pref_Server)!=0)
   : (SMTP_From ($smtp_id;vFrom)!=0)
   : (SMTP_To ($smtp_id;vTo)!=0)
   : (SMTP_Subject ($smtp_id;vSubject)!=0)
   : (SMTP_Body ($smtp_id;vMessage)!=0)
   : (SMTP_Send ($smtp_id)!=0)
Else 
   $SentOK:=True  //message was composed and mailed successfully
End case 
If ($smtp_id!=0)  //If a Message Envelope was created we should clear it now
   $OK:=SMTP_Clear ($smtp_id)
End if 

I looked at it and thought it was really clever (I still do). Unfortunately, it wasn't what I needed and I never got the chance to use it.

我看着它,并认为它非常聪明(我仍然这样做)。不幸的是,这不是我需要的,我从来没有机会使用它。

#30


3  

Not by me:

不是我:

#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[]){
  int i;

  printf("((((");
  for(i=1;i!=argc;i++){
    if(     strcmp(argv[i], "^")==0) printf(")^(");
    else if(strcmp(argv[i], "*")==0) printf("))*((");
    else if(strcmp(argv[i], "/")==0) printf("))/((");
    else if(strcmp(argv[i], "+")==0) printf(")))+(((");
    else if(strcmp(argv[i], "-")==0) printf(")))-(((");
    else                             printf("%s", argv[i]);
  }
  printf("))))\n");
  return 0;
}