 |
|
Main
| FAQ
| Uploader
| IRC chat
| Radio
| Memberlist
| Active users
| Latest posts
| Calendar
| Stats
| Online users
| Search
| |||
| Views: 88,552,195 |
Main
| FAQ
| Uploader
| IRC chat
| Radio
| Memberlist
| Active users
| Latest posts
| Calendar
| Stats
| Online users
| Search
|
05-06-24 04:23 PM |
|
| Guest: Register | Login | |||
| Main - Posts by Cellar Dweller |
| Cellar Dweller |
| ||
 Snifit Level: 39 Posts: 21/287 EXP: 385500 Next: 19271 Since: 02-19-07 From: Arkansas Last post: 4062 days Last view: 3229 days |
The files I tested were all uploaded using the board's attachment feature. |
| Cellar Dweller |
| ||
|
Snifit Level: 39 Posts: 22/287 EXP: 385500 Next: 19271 Since: 02-19-07 From: Arkansas Last post: 4062 days Last view: 3229 days |
The problem is that download.php is not setting the correct MIME type in the HTTP headers. Your browser thinks it is a plain text file because that is what the server is (wrongly) telling it.
You can still save the file by right clicking on it. It is a normal intact ZIP file. |
| Cellar Dweller |
| ||
|
Snifit Level: 39 Posts: 23/287 EXP: 385500 Next: 19271 Since: 02-19-07 From: Arkansas Last post: 4062 days Last view: 3229 days |
What about:
if (preg_match("/^Re \\[(\\d*)\\]: (.*)\$/", $title, $matches)) {
This code should be good for about 231 "Re"s without wrapping, and it's loop free. |
| Cellar Dweller |
| ||
|
Snifit Level: 39 Posts: 24/287 EXP: 385500 Next: 19271 Since: 02-19-07 From: Arkansas Last post: 4062 days Last view: 3229 days |
I just thought y'all'd like to know that there is a demo hack posted on VL-Tone's blog. |
| Cellar Dweller |
| ||
|
Snifit Level: 39 Posts: 26/287 EXP: 385500 Next: 19271 Since: 02-19-07 From: Arkansas Last post: 4062 days Last view: 3229 days |
Mine is custom built.
Mothernoard: ABIT AN8 socket 939 RAM: 2 GiB CPU: AMD Athlon64 X2 4200+ Video: nVidia 6800 128MiB PCIe 16X HDD: 200 GB Maxtor hard disk OS: Debian sarge AMD64 I used the cheap power supply that came with the cheap case, but it is still very reliable. The last reboot was 129 days ago. |
| Cellar Dweller |
| ||
|
Snifit Level: 39 Posts: 27/287 EXP: 385500 Next: 19271 Since: 02-19-07 From: Arkansas Last post: 4062 days Last view: 3229 days |
Here is a byte swapper I wrote. To use it, put the EXE file in the same directory your ROM (or somewhere in your $PATH). Start a command prompt and cd to the ROM directory. Then type the following: n64swapper2 <infile >outfile where infile is the ROM in the wrong byte order and outfile is the name to give to the fixed ROM. The following two URLs might not last long: http://desktop64.homeip.net:8086/n64swapper2.exe (binary) http://desktop64.homeip.net:8086/n64swapper2.c (source) |
| Cellar Dweller |
| ||
|
Snifit Level: 39 Posts: 28/287 EXP: 385500 Next: 19271 Since: 02-19-07 From: Arkansas Last post: 4062 days Last view: 3229 days |
The program was coded quickly for a task that was at hand some time ago. If it was being polished up for a more formal release, I might have used a buffer and also added support for supplying filenames in the argument list.
Reading one character at a time isn't really that bad. One reason is that the program is expected to be used only once in a while. Also, the C standard libary supplies some buffering of its own. |
| Cellar Dweller |
| ||
|
Snifit Level: 39 Posts: 29/287 EXP: 385500 Next: 19271 Since: 02-19-07 From: Arkansas Last post: 4062 days Last view: 3229 days |
I discovered/verified a few things about the behavior scripts. First, the commands between the 0x08 and 0x09 commands get execuited repeatedly during gameplay. The 0x08 command puts the current script position on a stack and the 0x09 command jumps back to the command after the 0x08 command without popping the stack. (Actually, the 0x09 command pops the address off the stack, but then pushes it right back on.) The 0x09 command also halts the interpeter until later, probably the next frame.
The 0x0c command just calls a function. Address in the ranges of 0x802461dc - 0x80328960 and 0x8037893c - 0x80384678 are functions. There are almost certainly some more functions outside these ranges as these are the bounds of the two main blocks of them recorded in my notes. I canged the function pointer in the last 0x0c command in the "Collectable coin" behavior script to a stub function. The result was some coins not spinning and not being collectable. The stub function I used was 0x8028b704 which is actually the address of the return instruction of the preceding function in memory. |
| Cellar Dweller |
| ||
|
Snifit Level: 39 Posts: 30/287 EXP: 385500 Next: 19271 Since: 02-19-07 From: Arkansas Last post: 4062 days Last view: 3229 days |
Desktop: single boot Debian sarge 64 bit with Win2000 in a VM for Flash web sites (there is no 64 bit version of Flash player) and Windows only stuff.
Laptop: single boot Windows Vista home premium 32 bit that was pre installed. |
| Cellar Dweller |
| ||
|
Snifit Level: 39 Posts: 31/287 EXP: 385500 Next: 19271 Since: 02-19-07 From: Arkansas Last post: 4062 days Last view: 3229 days |
Posted by Skreeny The Rio comes to mind, and it seems that the MPMan was the first. |
| Cellar Dweller |
| ||
|
Snifit Level: 39 Posts: 32/287 EXP: 385500 Next: 19271 Since: 02-19-07 From: Arkansas Last post: 4062 days Last view: 3229 days |
Posted by DarkSlayaA couple of ideas come to mind to deal with stolen cookies. The first one is to use opaque session keys. When a user logs on, a large random session key is generated and stored in a table with the id of the user and optional IP and/or User-Agent restrictions. The session key is issued in a cookie. If the cookie is stolen, the IP/User-Agent restrictions might not be met and the logon would not be recognized. If the user forgot to log out after using a public computer, they can log out that session from another computer. Another way to do it is to issue cookies that are encrypted with a site specific key. A delimited string containing the user id and optional IP and/or User-Agent restrictions. This string is checksummed. The checksum and original string are encrypted and issued in a cookie. If the cookie is tampered with, the decrypted contents will be mangled and the checksum will be invalid. If the user's password hash is included in the encrypted cookie, all issued cookies can be rendered invalid by the user changing their password. A salt might be useful to add to the mix, but I'm not sure it is. In both cases, the current password can be required to change the password. This will prevent a complete takeover if an attacker is able to use a stolen cookie. The IP/User-Agent restriction could be set a login time. For example, if the user is logging on from their home desktop he can set a strict IP restriction because IP changes should be rare. For a laptop, a looser IP restriction may make more sense. |
| Cellar Dweller |
| ||
|
Snifit Level: 39 Posts: 33/287 EXP: 385500 Next: 19271 Since: 02-19-07 From: Arkansas Last post: 4062 days Last view: 3229 days |
I found the segment table in SM64 by disassembling functions. I started with the location of the MIO0 uncompress function. I found the functions that called it, those functions called the function that sets segment table entries. At the time, I wasn't looking for the segment table in particular. This may not the best approach if the immediate goal is to find the segment table and a decent RAM search is available.
The format of the GBI command for setting the segment bases of the RSP is: BC [xx xx] [06] [yy yy yy yy] [xx xx] the segment number times 4 [yy yy yy yy] the physical address of the segment SM64 has a function that creates 16 of these commands at the start of each frame's root display list. I think MK64 might as well. You might want to start searching for the first half of the command. Then look around and see if it looks like a bunch of those commands in a row. Then search for the values in the second half of the commands to locate the game program's copy of the table. Note that the addresses could be KSEG0 or physical RAM addresses. |
| Cellar Dweller |
| ||
|
Snifit Level: 39 Posts: 34/287 EXP: 385500 Next: 19271 Since: 02-19-07 From: Arkansas Last post: 4062 days Last view: 3229 days |
The BC command (G_MOVEWORD) is a generic GBI command for setting various variables in the RSP's RAM (DMEM). The microcode has a table of pointers that point to those various variables. 6 happens to be the index of the pointer to the RSP's internal segment table. The 16 bits between the command and the index are an offset that is added to the table entry.
Details are in gbi.h . |
| Cellar Dweller |
| ||
|
Snifit Level: 39 Posts: 35/287 EXP: 385500 Next: 19271 Since: 02-19-07 From: Arkansas Last post: 4062 days Last view: 3229 days |
I posted my proposal for how the conatacts could work in the thread "A suggestion for profiles".
thread.php?pid=18955#18955 |
| Cellar Dweller |
| ||
|
Snifit Level: 39 Posts: 36/287 EXP: 385500 Next: 19271 Since: 02-19-07 From: Arkansas Last post: 4062 days Last view: 3229 days |
Posted by NightKev The only problem that I know of with AcmlmBoard and MySQL 5 is that a couple of queries in thread.php break. The fix for that problem is trivial. The fixing that is needed for all of the SQL injection, XSS, and, in the case of the 1.Ax versions, file inclution vulnerabilities is not so trivial. |
| Cellar Dweller |
| ||
|
Snifit Level: 39 Posts: 38/287 EXP: 385500 Next: 19271 Since: 02-19-07 From: Arkansas Last post: 4062 days Last view: 3229 days |
Posted by joe That doesn't matter much: Apparently sent by XkeeperSent by Boom.dk |
| Cellar Dweller |
| ||
|
Snifit Level: 39 Posts: 39/287 EXP: 385500 Next: 19271 Since: 02-19-07 From: Arkansas Last post: 4062 days Last view: 3229 days |
I doubt that there are really two other people actively working on the board, and, by your own admission, you are often too lazy to work on it yourself. Therefore, there should be little difficulty working with other programmers.
Also, there are some features from the old AcmlmBoard (eg. the calendar) that can be reimplemented without changing shared files. |
| Cellar Dweller |
| ||
|
Snifit Level: 39 Posts: 40/287 EXP: 385500 Next: 19271 Since: 02-19-07 From: Arkansas Last post: 4062 days Last view: 3229 days |
I can't show my first post. It disappeared along with my first account into the black hole that is the last months of the first incarnation.
When I registered, people where asking about where to host their hacks and screenshots. I seem to remember starting a thread about the 1and1 3 years of free hosting with my first post. |
| Cellar Dweller |
| ||
|
Snifit Level: 39 Posts: 41/287 EXP: 385500 Next: 19271 Since: 02-19-07 From: Arkansas Last post: 4062 days Last view: 3229 days |
CrashDance22: Can you post the hex code of the 0x24 command that is not working as expected along with a description of the settings in TT64?
One of the first things that the handler for 0x24 command does is check the act byte. if the act bit is not set, the object is not processed further. As a special exception, an act byte of 0x1f causes the object to always show regardless of what star is selected. I guess that at one point there were only five star missions and it was easier to change the level script interpreter than the level scripts. Another possibility is that the programmers chose an act byte of 0x1f for levels that don't have star missions to make sure that the objects show up when the act variable may have random junk in it. |
| Cellar Dweller |
| ||
|
Snifit Level: 39 Posts: 42/287 EXP: 385500 Next: 19271 Since: 02-19-07 From: Arkansas Last post: 4062 days Last view: 3229 days |
This might be useful to host small downloadable files until a proper upload feature is added. Too bad it doesn't work for IE or Opera when more than 4KiB.
Posted by Xeon To be technically correct, what IE doesn't support is the "data:" URL scheme. |
| Main - Posts by Cellar Dweller |
© 2005-2023 Acmlm, blackhole89, Xkeeper et al. |
|
MySQL - queries: 139, rows: 171/171, time: 1.141 seconds. |
but if you're not planning on using one then you're fine 
.