Werewolf file: NES cartridge image and ZIP file in one
This file is a NES console ROM . And at the same time a ZIP file. It is simultaneously fully functional and as NES ROM, and as a ZIP file.
What is in this zip file? ROM source code.
What happens if you compile this source code? It will create a NES ROM, which is also a ZIP file containing the source code of this NES ROM.
')
Running ROM
This NES ROM can be “burned” on the NES cartridge and it will work on the NES. Even if you convert all the data from the cartridge, the NES image will still be a ZIP file.
The release of the 0x14 PoC || GTFO magazine was simultaneously a PDF, ZIP file and NES ROM. It was this release that inspired me to create a NES game from scratch for Tymkrs .
The method I used to create the NES ROM, which is also a ZIP file, is NOT the same method used in issue 0x14 PoC || GTFO . My method embeds a ZIP file in NES ROM and allows you to write an NES image to a cartridge, saving the ZIP file data. In the method used by the PoC || GTFO, the ZIP file data is stored outside the NES ROM file, so the 0x14 PoC || GTFO release cannot be written to the cartridge while preserving the ZIP file data.
This NES image uses the iNES file format. The iNES file format is actually quite simple.
At the beginning of the ROM, there is an iNES header that provides some information about the NES ROM so that emulators can understand the data of the NES image. The iNES header is followed by the PRG data, which is the data from the NES ROM software logic. Then comes the CHR data, that is, sets of background tiles and sprites. All the empty space in the PRG is filled with indents, in addition, there may be several bytes at the end of the PRG data (in this NES ROM there are 6 necessary bytes at the end of the PRG data, which I cannot change).
INES file format
There are a lot of components in ZIP files, so we will focus on those parts that are important to us.
For each file and directory contained in the zip file, there is a Central Directory File Header file header. Any header of the central directory file can be found by performing a byte search of the signature signature 0x504B0102 in the zip file. An important part of the information is a local header offset (Local Header Offset), since when we embed a ZIP file in the NES ROM, we will change each offset.
ZIP central file header format
ZIP files define their beginning and end, moving to the end of the file and moving to the beginning, until they reach bytes 0x504B0506 of the End of Central Directory Record signature signature. When embedding a ZIP file in NES ROM, it is important for us to update the Central Directory Offset at the end of the central directory entry. We can also specify the length of the ZIP file comment (ZIP File Comment Length) and this number of bytes after the end of the ZIP file data will be a ZIP file comment.
The format of the end of the central ZIP directory entry
If we find enough padding in the PRG data, we can simply replace this empty data with a zip file. In my NES ROM, I counted off bytes from the end of the PRG data until I had enough space to embed the ZIP file and recorded how far into the NES ROM I began to embed the ZIP file. Then I updated all the zip file data offsets by adding the distance at which the zip file starts in the NES image. After that, I set the length of the ZIP-file comment length to the size of the remaining part of the NES ROM data, that is, the end of the PRG data and all CHR data.
NESZIP file format
This file remains an NES image because none of the required PRG data and CHR data is damaged. It is also a ZIP file, because all the offsets are correct and all the data after the ZIP file data is declared as a ZIP file comment.
Let's first test the file to make sure that it is both a NES ROM and a ZIP file at the same time. After downloading the file as NES ROM, I make a copy of it.
NES ROM copy
Renaming the file allows me to change the extension from .nes to .zip.
Change the extension of the copy of NES ROM to .zip
After replacing the extension to .zip, the file is considered a ZIP file.
When unpacking this file, a directory is created.
If we look at the contents of the directory, we will see the source code of the file. We just took the NES ROM, renamed it to a zip file and successfully unpacked it.
Updating the zip file data offsets, I decided to have a little fun with this zip file. The headers of the files in the central directory indicate the OS (Host OS) in which the ZIP file was created, so I decided to make the ZIP file state that it was created on the Atari ST.
In fact, this part is the simplest. The packaged source code became a ZIP file small enough to be easily embedded in the NES ROM, so I decided to make NES / ZIP recursive. To automate the process of creating a ZIP file of source code or to automate the process of embedding a ZIP file in NES ROM it took not so much work.
This project is a simple proof of concept, demonstrating the ability to embed a ZIP file in NES ROM in a way that creates a file that simultaneously becomes both a ZIP file and an NES image, and allows you to write data to a cartridge while preserving all its properties.
Since I decided to make this NES ROM compatible with NES-NROM-128 printed circuit boards (because of their simplicity), the process will work for almost any NES ROM if it has enough indents in the PRG data to embed the ZIP file.
To implement this process on other NES ROMs, additional work may be needed because different 6502 assemblers may indent PRG data differently. I have not tested this method with more complex NES games that have bank switching. Also, I have not tested the possibility of adding indents to the size of PRG data for embedding larger zip files.
With that said, don't be surprised if I give you an NES cartridge with a secret ZIP file hidden in NES ROM data.
The source code for this project is laid out on GitHub (or can be obtained by unpacking the NES ROM file) and is licensed under the BSD 2-Clause License.
What is in this zip file? ROM source code.
What happens if you compile this source code? It will create a NES ROM, which is also a ZIP file containing the source code of this NES ROM.
')
Running ROM
This NES ROM can be “burned” on the NES cartridge and it will work on the NES. Even if you convert all the data from the cartridge, the NES image will still be a ZIP file.
Source of inspiration
The release of the 0x14 PoC || GTFO magazine was simultaneously a PDF, ZIP file and NES ROM. It was this release that inspired me to create a NES game from scratch for Tymkrs .
The method I used to create the NES ROM, which is also a ZIP file, is NOT the same method used in issue 0x14 PoC || GTFO . My method embeds a ZIP file in NES ROM and allows you to write an NES image to a cartridge, saving the ZIP file data. In the method used by the PoC || GTFO, the ZIP file data is stored outside the NES ROM file, so the 0x14 PoC || GTFO release cannot be written to the cartridge while preserving the ZIP file data.
NES ROM file format
This NES image uses the iNES file format. The iNES file format is actually quite simple.
At the beginning of the ROM, there is an iNES header that provides some information about the NES ROM so that emulators can understand the data of the NES image. The iNES header is followed by the PRG data, which is the data from the NES ROM software logic. Then comes the CHR data, that is, sets of background tiles and sprites. All the empty space in the PRG is filled with indents, in addition, there may be several bytes at the end of the PRG data (in this NES ROM there are 6 necessary bytes at the end of the PRG data, which I cannot change).
INES file format
ZIP file format
There are a lot of components in ZIP files, so we will focus on those parts that are important to us.
For each file and directory contained in the zip file, there is a Central Directory File Header file header. Any header of the central directory file can be found by performing a byte search of the signature signature 0x504B0102 in the zip file. An important part of the information is a local header offset (Local Header Offset), since when we embed a ZIP file in the NES ROM, we will change each offset.
ZIP central file header format
ZIP files define their beginning and end, moving to the end of the file and moving to the beginning, until they reach bytes 0x504B0506 of the End of Central Directory Record signature signature. When embedding a ZIP file in NES ROM, it is important for us to update the Central Directory Offset at the end of the central directory entry. We can also specify the length of the ZIP file comment (ZIP File Comment Length) and this number of bytes after the end of the ZIP file data will be a ZIP file comment.
The format of the end of the central ZIP directory entry
Hiding ZIP file in NES ROM
If we find enough padding in the PRG data, we can simply replace this empty data with a zip file. In my NES ROM, I counted off bytes from the end of the PRG data until I had enough space to embed the ZIP file and recorded how far into the NES ROM I began to embed the ZIP file. Then I updated all the zip file data offsets by adding the distance at which the zip file starts in the NES image. After that, I set the length of the ZIP-file comment length to the size of the remaining part of the NES ROM data, that is, the end of the PRG data and all CHR data.
NESZIP file format
This file remains an NES image because none of the required PRG data and CHR data is damaged. It is also a ZIP file, because all the offsets are correct and all the data after the ZIP file data is declared as a ZIP file comment.
Let's first test the file to make sure that it is both a NES ROM and a ZIP file at the same time. After downloading the file as NES ROM, I make a copy of it.
NES ROM copy
Renaming the file allows me to change the extension from .nes to .zip.
Change the extension of the copy of NES ROM to .zip
After replacing the extension to .zip, the file is considered a ZIP file.
When unpacking this file, a directory is created.
If we look at the contents of the directory, we will see the source code of the file. We just took the NES ROM, renamed it to a zip file and successfully unpacked it.
Updating the zip file data offsets, I decided to have a little fun with this zip file. The headers of the files in the central directory indicate the OS (Host OS) in which the ZIP file was created, so I decided to make the ZIP file state that it was created on the Atari ST.
Create recursion
In fact, this part is the simplest. The packaged source code became a ZIP file small enough to be easily embedded in the NES ROM, so I decided to make NES / ZIP recursive. To automate the process of creating a ZIP file of source code or to automate the process of embedding a ZIP file in NES ROM it took not so much work.
Summarize
This project is a simple proof of concept, demonstrating the ability to embed a ZIP file in NES ROM in a way that creates a file that simultaneously becomes both a ZIP file and an NES image, and allows you to write data to a cartridge while preserving all its properties.
Since I decided to make this NES ROM compatible with NES-NROM-128 printed circuit boards (because of their simplicity), the process will work for almost any NES ROM if it has enough indents in the PRG data to embed the ZIP file.
To implement this process on other NES ROMs, additional work may be needed because different 6502 assemblers may indent PRG data differently. I have not tested this method with more complex NES games that have bank switching. Also, I have not tested the possibility of adding indents to the size of PRG data for embedding larger zip files.
With that said, don't be surprised if I give you an NES cartridge with a secret ZIP file hidden in NES ROM data.
Source
The source code for this project is laid out on GitHub (or can be obtained by unpacking the NES ROM file) and is licensed under the BSD 2-Clause License.
Source: https://habr.com/ru/post/349208/
All Articles