[HN Gopher] Show HN: RISC-V assembly tabletop board game (hack y...
___________________________________________________________________
Show HN: RISC-V assembly tabletop board game (hack your opponent)
I made this game to teach my daughter how buffer overflows work. I
want her to look at programs as things she can change, and make
them do whatever she wants. Building your exploit in memory and
jumping to it feels so cool. I hope this game teaches kids and
programmers (who seem to have forgotten what computers actually
are) that its quite fun to mess with programs. We used to have that
excitement few years ago, just break into softice and change a
branch into a nop and ignore the serial number check, or go to a
different game level because this one is too annoying. While
working on the game I kept thinking what we have lost from 6502 to
Apple Silicon, and the transition from 'personal computers' to 'you
are completely not responsible for most the code running on your
device', it made me a bit sad and happy in the same time, RISCV
seems like a breath of fresh air, and many hackers will build many
new things, new protocols, new networks, new programs. As PI4 cost
increases, the esp32 cost is decreasing, we have transparent
displays for 20$, good computers for 5$, cheap lora, and etc.
Everything is more accessible than ever. I played with a friend
who saw completely different exploits than me, and I learned a lot
just from few games, and because of the complexity of the game its
often you enter into a position that you get surprised by your own
actions :) So if you manage to find at least one friend who is not
completely stunned by the assembler, I think you will have some
good time. A huge inspiration comes from phrack 49's 'Smashing The
Stack For Fun And Profit' which has demystified the stack for me:
http://phrack.org/issues/49/14.html#article TLDR: computers are
fun, and you can make them do things. PS: In order to play with my
friends I also built esp32 helper[1] that keeps track of the game
state, and when I built it and wrote the code and everything I
realized I could've just media queried the web version of the
game.. but anyway, its way cooler to have a board game contraption.
[1]: https://punkx.org/overflow/esp32.html
Author : throwaway71271
Score : 344 points
Date : 2023-09-29 14:25 UTC (1 days ago)
(HTM) web link (punkx.org)
(TXT) w3m dump (punkx.org)
| skeptrune wrote:
| Dude, this is awesome! I want to play it at work
| Levitating wrote:
| Well I am going to introduce this at my work.
| drekipus wrote:
| "how we look when we play the game"
|
| Are you the pupper or is your daughter the pupper?
| ilaksh wrote:
| Very interesting.
|
| I have always felt that short mnemonics are a poor engineering
| choice for today's computer memory sizes.
|
| Like, the first thing you have to do here is to learn and recall
| what the instructions do. If you replace the names with more
| spelled out versions, it makes it much easier to pick them up and
| then remember them and read code.
|
| The fact that people often don't do that makes me suspicious.
|
| I also think that the fact that these types of exploits are
| possible points to overall system design failures.
|
| I'm not saying that it's not a fun game or a good way to learn.
| But I feel that there is too much general acceptance of
| structural problems in engineering. To the degree that most
| people don't even see those structural flaws.
| throwaway71271 wrote:
| > The fact that people often don't do that makes me suspicious.
|
| I thought of doing that, even the first versions of the game
| had much more readable pseudoassembly, but in the end I wanted
| my daughter to comfortably read the output of objdump and I
| dont think its a big deal to learn few mnemonics. I also think
| kids respond really well when they are not patronized (at least
| mine does).
|
| > To the degree that most people don't even see those
| structural flaws.
|
| Do you think people dont consider arbitrary ready and write as
| a structural flaw?
|
| There are thousands of people working on it, and making good
| progress, but in the same time, I still think its fun to peek
| and poke.
| ilaksh wrote:
| I think I agree with your reasons for doing it that and I
| wasn't really trying to criticize your game in particular.
|
| I was trying to make a more general statement about the types
| of problems that we seem to find ourselves solving over and
| over again and the fact that that occurs as such a typical
| case rather than replacing those structures.
|
| I don't know how to make solving structural problems into a
| game.
|
| I guess I did want to be a little critical though just to
| insert the comment that it's also important to make sure we
| teach kids that representation matters and that system design
| structure should not be taken for granted.
| sylware wrote:
| Once a 64bits risc-v code path is stable, does a good enough job,
| is rid of its "buffer overflows"... how they are going to do
| planned obsolesence without C/c++ always changing syntaxes?? Poor
| souls...
| [deleted]
| musicale wrote:
| PL/I did some things right: string/array bounds checking, stack
| that grows up rather than down.
|
| https://www.acsac.org/2002/papers/classic-multics.pdf
| anta40 wrote:
| Wait a second. .. .. A table top board game... which involves
| assembly coding?
|
| Why I never think about this before? :D
| IshKebab wrote:
| Very impressive. Maybe most impressive is that you got your 12
| year old daughter to play this!
|
| When can I expect the CHERI version? :-D
| throwaway71271 wrote:
| > When can I expect the CHERI version? :-D
|
| "CHERI has three central design goals aimed at dramatically
| improving the security of contemporary C-language TCBs, through
| processor support for fine-grained memory protection and
| scalable software compartmentalization, whose (at times)
| conflicting requirements have required careful negotiation in
| our design."
|
| :) I don't think so
| sweetjuly wrote:
| The game is just a lot more difficult, you have to exploit
| everything as a UAF
| Max-q wrote:
| Yeah, I were programming 6502 assembly at 12. Not that easy to
| do for a 12 year old now with today's computers
| djmips wrote:
| They can in the browser like skildrick but turning it into a
| game is a great motivator.
| djmips wrote:
| https://skilldrick.github.io/easy6502/
| timthorn wrote:
| It's not too hard on a Raspberry Pi or Microbit
| musicale wrote:
| There are seveal books on assembly language programming for
| various Raspberry Pi systems, such as:
|
| https://blog.adafruit.com/2021/09/21/an-interview-with-
| steph...
| pjmlp wrote:
| A typical age to get into computers back in the 8-bit days.
| IshKebab wrote:
| It's not an unusual age to get into computers now. It's an
| unusual subject though! Back in the 8 bit days you didn't
| have the option of writing 3D games and websites and apps and
| so on.
| pjmlp wrote:
| We had very crude 3D, Elite and Starglider style, and BBS
| instead.
| djmips wrote:
| Dylan Cuthbert once argued that machine code is easier for
| younger minds because each instruction is less abstract.
|
| https://www.gamesindustry.biz/machine-code-is-for-kids-
| artic...
| musicale wrote:
| I agree, though I don't think that core x86 (especially in
| real mode) is as bad as he seems to think - it started out
| as a 16-bit extension to the 8080 after all, and can be
| used that way.
|
| Low-level computing is even more amazing when you learn how
| to decode and execute simple instructions with a few logic
| gates.
|
| Beyond that is in many ways a matter of interfacing and
| scale (at which point abstraction layers can be very
| useful.)
| throwaway71271 wrote:
| From time to time I watch Jim Butterfield's Commodore 64
| tape: https://www.youtube.com/watch?v=J9WnHuGjZ38 and I think
| just things were much easier
|
| computers now are more like magic, nobody knows where your
| files are, or which programs you own or where they are even
| running.
| szundi wrote:
| Not more rules than a typical german table game of the year has
| [deleted]
| djmips wrote:
| I had a friend who loved games but claimed he didn't have the
| mind for coding and yet he was tricked into doing it via the game
| Human Resource Machine and some of his solutions were better than
| my own with years of experience!
| PradeetPatel wrote:
| Sometimes having a new and fresh perspective helps a lot more
| than you think.
|
| My 12 year old hates math, but he's surprisingly good at Human
| Resource Machine and SpaceChem. It makes me wonder whether high
| school maths is fundamentally different from programming maths.
| [deleted]
| teruakohatu wrote:
| This looks like a lot of fun. What ages do you think it's
| appropriate for?
| throwaway71271 wrote:
| I think the easy win condition (which is just to break out of
| the main loop by doing a quick buffer overflow in bug()) is
| doable for 10-15 years old
|
| My daughter is 12 and we have fun playing it, the hard win
| condition (which is forcing your opponent to jump to the
| game_over() function) I think is harder, but I guess within 5-6
| months we can get there.
|
| For adults, I am not sure, some people are super scared of
| assembly like its made by the devil himself, so might be harder
| to get them to play than kids.
| tomcam wrote:
| My favorite HN comment of all time was by cperciva 16 years ago:
| cperciva on July 18, 2007 "Did you win the
| Putnam?" Yes, I did.
|
| But my new favorite announcement is this post:
| I made this game to teach my daughter how buffer
| overflows work.
|
| It just doesn't get more HN than that. Mad props!
| [deleted]
| hamishwhc wrote:
| Very curious about the context of that first comment, do you
| have a link?
| nuxi wrote:
| https://news.ycombinator.com/item?id=35015#35079
| tankenmate wrote:
| I'm surprised no one has mentioned that this is very similar to
| Core War.[0]
|
| [0] https://en.wikipedia.org/wiki/Core_War
| demondemidi wrote:
| Because 90% of HN wasn't born until 16 years after the first
| release?
|
| Core War got boring because there were known good bots that
| always won.
|
| And, well, Iiiii'm surprised no one mentioned RobotWar which
| predated Core War, but wasn't as complex.
|
| https://en.wikipedia.org/wiki/RobotWar
|
| ;-)
| magicalhippo wrote:
| Reminds me of Tierra[1], the "virtual life" simulator.
|
| Haven't read the history of Tierra but wouldn't surprise me if
| he was inspired by Core War when creating it.
|
| [1]: https://tomray.me/pubs/doc/index.html
| anta40 wrote:
| CoreWar is definitely one of ideal programming games (since I
| like assembly coding). Not many games like it these days,
| unfortunately, perhaps the closest one is Zachtronics' TIS-100.
| tankenmate wrote:
| Good game by the way!
| throwaway71271 wrote:
| CoreWar is a great game!
|
| But I am not sure its very similar, I got a lot of
| inspiration from the WarGames (1983) movie
| https://www.imdb.com/title/tt0086567/
|
| The whole project started as an attempt just to teach
| assembler, and the game was actually zero choice game like
| Snakes And Ladders, you have 5 instructions per turn, but on
| certain places you have to roll a dice and follow the branch:
| https://punkx.org/overflow/build/snakes-and-ladders.pdf
|
| But then after watching WarGames I thought I can make
| something where you can just write on top of your opponent's
| memory.
|
| CoreWar has very different dynamics and I think anyone who
| has not tried it is missing out.
|
| At some point I thought to actually make the game real-time,
| as in you can move as your opponent moves, (SMP instead of
| time sharing like it is now, where you get context switched
| out in 10 moves), but it was too chaotic. Maybe with the
| esp32 helper it can be done and be fun.
| demondemidi wrote:
| What part of WarGames inspired you? The hacking basically
| involved war dialing and password research, no stack
| overflows! :)
|
| ... wait a second are you really punkx?
| throwaway71271 wrote:
| > What part of WarGames inspired you
|
| The part where they made it play tictactoe :)
|
| > wait a second are you really punkx
|
| Not sure what you mean, its just a name I picked to mean
| 'punk for X' where X is whatever you want.
| [deleted]
___________________________________________________________________
(page generated 2023-09-30 23:01 UTC)