Reverse-engineering

modder-re-creates-game-boy-advance-games-using-the-audio-from-crash-sounds

Modder re-creates Game Boy Advance games using the audio from crash sounds

Game boy Advance, gaming, gba, hardware hacking, Nintendo, Pokémon, pokemon emerald, Reverse-engineering, ROMs, sound files / /

To truly catch them all —

Create a bootable, working Pokémon game by recording it crash multiple times.

Game Boy Advance, modded, on display

Enlarge / Andrew Cunningham’s modded and restored Game Boy Advance could, with enough time, sing out all the data loaded into a cartridge.

Andrew Cunningham

Sometimes, a great song can come from great pain. The Game Boy Advance (GBA), its software having crashed nearly two hours ago, will, for example, play a tune based on the game inside it. And if you listen closely enough—using specialty hardware and code—you can tell exactly what game it was singing about. And then theoretically play that same game.

This was discovered recently by TheZZAZZGlitch, whose job is to “sadistically glitch and hack the crap out of Pokémon games.” It’s “hardly a ready-to-use solution,” the modder notes, as it requires a lot of tuning specific to different source formats. So while there are certainly easier ways to get GBA data from a cartridge, none make you feel quite so much like an audio datamancer.

TheZZAZZGlitch’s demonstration of re-creating Game Boy Advance ROM data using the sounds from a crashing system.

After crashing a GBA and recording it over four hours, the modder saw some telltale waveforms in a sound file at about the 1-hour, 50-minute mark. Later in the sound-out, you can hear the actual instrument sounds and audio samples the game contains, played in sequence. Otherwise, it’s 8-bit data at 13,100 Hz, and at times, it sounds absolutely deranged.

“2 days of bugfixing later,” the modder had a Python script ready that could read the audio from a clean recording of the GBA’s crash dump. Did it work? Not without more troubleshooting. One issue with audio-casting ROM data is that there are large sections of 0-byte data in the ROM, which are hard to parse as mute sounds. After running another script that realigned sections based on their location in the original ROM, the modder’s ROM was 99.76 percent accurate but “still didn’t boot tho.” TheZZAZZGlitch later disclaimed that, yes, this is technically using known ROM data to surface unknown data, or “cheating,” but there are assumptions and guesses one could make if you were truly doing this blind.

The next fix was to refine the sound recording. By recording three times and merging them with a “majority vote” algorithm, their accuracy notched up to 99.979 percent. That output ROM booted—but with glitched text and a title screen crash. After seven different recordings are meshed and filtered for blank spaces, they achieve 100 percent parity. That’s about the halfway point of the video; you should watch the rest to learn how it works on physical hardware, how it works with a different game (an ARM code mystery in a replica cartridge), and how to get the best recordings, including the use of a “cursed adapter” that mixes down to one channel the ugly way.

Modder re-creates Game Boy Advance games using the audio from crash sounds Read More »

apple-appears-to-have-blocked-beeper-mini’s-imessage-app-in-less-than-a-week

Apple appears to have blocked Beeper Mini’s iMessage app in less than a week

Apple, beeper, beeper mini, eric migicovsky, iMessage, messaging, rcs, Reverse-engineering, SMS, Tech / /

A very mini runway —

Co-founder: “All data indicates that” Apple has cut off Beeper Mini’s reverse-engineering.

Updated

Beeper mini promotional splash image

Enlarge / Beeper Mini’s promises of “Blue bubbles” on Android seemed to have been nixed by a certain Cupertino-based firm on Friday.

Beeper

Beeper Mini, the Android app born from a reverse-engineering of Apple’s iMessage service, is currently broken, and it is unknown whether it will resume functioning.

Beeper desktop users received a message from co-founder Eric Migicovsky late on Friday afternoon, noting an “iMessage outage” and that “messages are failing to send and receive.” Reports had started piling up on Reddit around 2: 30 pm Eastern. As of 5: 30 pm, both Beeper Cloud on desktop and the Beeper Mini app were reporting errors in sending and receiving messages, with “Failed to lookup on sever: lookup request timed out.” Comments on Beeper’s status post on X (formerly Twitter) suggested mixed results, at best, among users.

The Verge, messaging with Migicovsky, reported that he “did not deny that Apple has successfully blocked Beeper Mini”; to TechCrunch, Migicovsky more clearly stated about an Apple cut-off: “Yes, all data indicates that.” To both outlets, Migicovsky offered the same comment, re-iterating his belief that it was in the best interests of Apple to let iPhone owners and Android users send encrypted messages to one another. (Ars reached out to Migicovsky for comment and will update this post with new information).

On Saturday, Migicovsky notified Beeper Cloud (desktop) users that iMessage was working again for them, after a long night of fixes. “Work continues on Beeper Mini,” Migicovsky wrote shortly after noon Eastern time.

Responding to a post on X (formerly Twitter) asking if restoring Beeper Mini’s function would be an “endless cat and mouse game,” Migicovsky wrote: “Beeper Cloud and Mini are apps that need to exist. We have built it. We will keep it working. We will share it widely.” He added that such an attitude, “especially from people in the tech world,” surprised him. “Why do hard things at all? Why keep working on anything that doesn’t work the first time?

Beeper, as it worked shortly before launch on Dec. 5, sending iMessages from a Google Pixel 3 Android phone.

Beeper, as it worked shortly before launch on Dec. 5, sending iMessages from a Google Pixel 3 Android phone.

Kevin Purdy

Beeper’s ability to send encrypted iMessages from Android phones grew from a teenager’s reverse-engineering of the iMessage protocol, as Ars detailed at launch. The app could not read message contents (nor could Apple), kept encryption keys and contacts on your device, and did not require an Apple ID to authenticate.

The app did, however, send a text message from a device to an Apple server, and the response was used to generate an encryption key pair, one for Apple and one for your device. A Beeper service kept itself connected to Apple’s servers to notify it and you about new messages. Reddit user moptop and others suggested that Beeper’s service used encryption algorithms whose keys were spoofed to look like they came from a Mac Mini running OS X Mountain Lion, perhaps providing Apple a means of pinpointing and block them.

Members of the Discord focused on the original reverse-engineered tool on which Beeper Mini was built, PyPush, also reported that the tool was down Friday evening. Some noted that it seemed like their phone numbers had additionally been de-registered from iMessage.

Beeper Mini’s iMessage capabilities, for which the company was planning to charge $1.99 per month after a seven-day trial, were more than a feature. The company had planned to build additional secure messaging into Beeper Mini, including Signal and WhatsApp messaging, and make it the primary focus of its efforts. Its prior app Beeper, temporarily renamed Beeper Cloud, was marked to be deprecated at some point in favor of the new iMessage-touting Mini app.

This post was updated at 12: 50 p.m. on Saturday, Dec. 9, to reflect restored function to Beeper Cloud (desktop), and Migicovsky’s social media response after the outage.

Apple appears to have blocked Beeper Mini’s iMessage app in less than a week Read More »