Boot Genie: Hacking and Cheating at Boot Sector Games
8:56PM Jul 25, 2020
Eric (XlogicX) Davisson
Hi, this is JP we're doing the show with Cory right now. He likes hacking low level stuff and his reputation precedes him. Cory, say hi to folks
I'm logic, XlogicX. Cory just spoke, but..
Okay sorry. Sorry. All right thank you we're gonna go right to Logic's video right now. Thanks
Sorry about that.
Hello, virtual HOPE. I'm Eric or Logic, I'll be talking about the emerging spectacle that is bootsector gaming, or more specifically cheating at those games. You'll see video demos of the games, applying sheets to the games, and a deep technical dive into exploiting the weak random number generator of one of those games, specifically.
I also brought along a special guest, Nanochess. He's a talented programmer that's made many of these games you'll be seeing and most of the good ones. Also, finally, don't mind the generic slide templates. This talk is mostly just showcase and demo content, so the slides don't even matter that much. Okay, so for just a general overview of what we're gonna be talking about, well first, just briefly we'll talk about what a bootsector game is. And then we'll go over a video showcase of a lot of the games out there, about 25 games in total, and we'll do it real quick. Then we'll talk about what Boot Genie is, and what it can be used for. And then we'll see a demo of some of the Boot Genie cheats for a handful of those games that we just saw. And then a real big portion of this whole presentation is going to be digging into BootRogue, a game. Not only all the cheats, but how to really win at the game without using cheats at all. So, real briefly, a boot sector is supposed to be a small bit of code that bootstraps your operating system.
In this case, a boot sector game is, instead of doing an operating system, it's just a self contained game. So, you're limited to 512 bytes in the MBR boot sector area. It's machine code that loads into RAM and is executed after the BIOS routine. It loads into the 0x7c00 area memory, which may seem trivial, but when you're actually writing these, it does kind of matter for how you assemble it. It's 16 bit and it's real mode. So Ring-0. So, that's some interesting different kinds of instructions that you might have to rely on, and some that you can't use. And it must end in 0x55AA, it's kind of a signature. So that means your games are really actually limited to 510 bytes. And a bootsector game, just to give some perspective here, this is what one would look like. We'll see this game later. It's the Kubik Doom game, which is like a 3d game. It's an amazing looking game for only being 510 bytes. And this is it. So, now that we have a brief idea of what bootsector games are about, let's look at a showcase of what they really look like. That'll really visualize what I'm talking about.
This is Tetros. It's a full color Tetris clone, it doesn't have a score or anything, but it's one of the older bootsector games that is out there. And now we have another Tetris clone called Tetranglix. This one does include a score but, by default, it doesn't actually have color. A significant contribution by Nanochess added color after the fact. There is a good write up of this game, to be found in issue 3 of PoC or GTFO. It's Tetranglix, this Tetris is a bootsector. It's kind of faster than Tetros, but we can see about messing with that later, with Puccini.
So, this is Snake. It's one of a couple versions of Snake or Nibbles clone. It's a basic, nice clean snake game.
This is Petty Bird. It's one of two that I know of Flappy Bird clones. This one has pretty good physics, but not as good graphics as I think Nanochess's version which we'll see.
This is Tron Solitaire. It's like a one player Tron a little bit, but a little bit like Nibbles. It has power ups, has snake strategies, kind of. It's complex and has a progressive scoring system. It's also winnable, and it does require strategy to win the game.
This is Dasher. It's a simple puzzle game with two levels. You slide from wall to wall trying to solve the puzzle and reach the finish.
This is Boot Me Crack Me it's a polymorphic quinn meant for the reverse engineer. At the prompt enter machine code, and this machine code is entered into itself. Modify the program correctly, and you win
This is a game my friend made called Battle Snakes, my friend Goose. It's basically Tron, and it supports two players at once, he did his own keyboard handling for this one. It's pretty good.
This is FBird, it's Nanochess's version of Flappy Bird, which I think has better graphics in my opinion. Expect to see a lot more from Nanochess with boot sector games, this guy's written a lot, and they're really really high quality.
This is Boot-man, it's a Pac Man clone. It has ghost AI and power pills.
This is PillMan, it's Nanochess's take on Pac Man. Although there's no power pills in this one, the trade-off is much better graphics. This one is done in graphics mode.
This is an invaders clone. Also Nanochess. It's in graphics mode, so it looks beautiful, and it's very playful, and actually pretty difficult, although we'll fix that with cheats later on.
This is a boot sector implementation of that 15 number puzzle, physical game. This one actually also has an evil mode. If it boots up red, then it's not actually solvable in order.
This is Validation. It's a social commentary game on the slot machine psychology of social media, like Facebook or Twitter. It's the least fun game to play. And the goal of it is to get a fixed minimum validation score before the timer runs out. Like when your life ends. In this case the timer is set to 2600. There's more story to this. If you want to read the GitHub description, it is more about the story of it. And there is a way to consistently win the game every time. I'm not going to say exactly how right now, but just think of the metaphor, how to actually win at social media, and that's how you'll win at this game.
So this is Boot Rogue, it's a roguelike dungeon crawler RPG with hp, enemies, traps, food, swords and armor. The goal is to get through all 26 randomly procedurally generated dungeons and retreive the Amulet of Yendor. After that, you got to go back up all through those 26 dungeons, and once you get there, you win the game. This is probably my favorite boot sector game. This is one by Nanochess, and we're going to be putting a lot more attention to this game later on.
This game is called Sorry Ass. It's a racing game, with I think pretty clever use of the code-437 graphics here.
Now this is Bricks. It's an Arkanoid breakout clone. This is also done by Nanochess. And somebody had to make it, if he didn't I wanted to. I had another friend John, he was, I think, halfway done making one of these, but Nanochess, he beat all of us.
This is cubicDoom. It's a 3d ray casting shooter. You shoot all the cubes in the room before they touch you, and kill you, and try to get to the next level. It's one of the most impressive bootsector games from a graphical standpoint, and it was done by Nanochess.
Now this is Lights Out. It's a boot sector clone of one of those old classic 90s puzzle games, where you'd have to turn off all the lights. When you press or select a light, all the lights around it toggle, as in above, below, left and right, not diagonally. And, yeah, the goal is to turn them all off. This game also does have an evil mode. So, if the lights are all red, it's actually not solvable. And this is the winning screen that you're seeing right here.
So here's another Snake clone called Snake in my Boot.
The business logic of this was written in C, which is incredible, in a way. The random number generator for the items is a little predictable, but the C just adds so much bloat. You can look at my fork for analysis. It's insane.
And here's a Sokoban clone. I think it's just a really clean game with good color choices and character choices. The graphics are good for what this game is. And it even has wind detection, which I think is pretty good.
This is 4 in a Row. It's Connect 4 clone, and it's meant to be two players. This is me just stupidly playing it against myself but this is what it looks like.
This game is called Follow the Lights. It's basically a Simon clone, just like a memorization game.
This is Toledo Atomchess written by Nanochess, or Oscar Toledo is his actual name. And it comes with AI.
And finally Dino, that T Rex chrome runner game -- has good graphics and honestly really smooth gameplay as well.
So now let's talk about what Boot Genie is. Boot Genie is basically like Game Genie, but for boot sector games. You can do cheating, it's patch based, and it's on assembly level, not machine code level. And that's for flexibility, so it can do multiple cheats at the same time. And doing these hacks and cheats isn't even really that hard. I know they're in assembly language. I know when you reverse engineer, you have to look at that. But, in this case, it's source code, assembly source code, you actually have helpful comments to look at, it could be as easy as changing a variable like three lives to 127 lives.
So first, let's take a look at an intermediate challenging example with Tetris. Next, what we're going to do is we're going to slow the game down. So let's go ahead and take a look at the source code real quick here. We have a delay loop, where we're incrementing bx twice, so we're adding two to it, and that's our delay, just adding two
So, to look at an example of a cheat, or a hack to change the source code, we have adding four to bx. So, that effectively makes it take twice as long, that delay loop. And that's it. Could also make everything a square, so, sort of having challenging pieces. This is what all the pieces look like in the data structure here, and we just make them all squares. That's it.
This is what an actual patch file would look like for doing the delay loop. This is what the source of the patch file would look like. And here's the command for doing the patch, even reversing the patch if you want to take it out.
So, the types of cheats I broke down into a lot of different categories, like more lives, make it slower, change the logic of the game. You can even make it harder, or your character can be invincible, we can do a lot of things. And we'll see a lot of that here, shortly.
So now let's take a look at what these cheats look like in action. We'll start with Tetranglix. And for all these examples, we'll see all the cheats but the ones bolded in green are the ones we're actually going to see a demo of.
In this case, we'll look at the square patch, the time patch you can kind of understand. And then the other ones mostly are dealing with the scoring, like there is a hard coded set, a high score of 1000, or 100,000, where the game kind of stops, we can set that to 1000. And we can even make this score increment in doses of 255 instead of just one point. So, let's take a look at a playthrough with the square patch.
Alright, so for each of these demos, we're going to go through the whole process of git cloning the original source, going in the directory, assembling it with nasm, and then just playing the original real quick just to show the original state of it with qemu. So, we've assembled it, and I'm just gonna run it with qemu real quick here. And this is Tetranglix in its original form, you know, without the color or any of that stuff.
So I just maybe do one line of this, and then we'll go to Boot Genie, right.
So what I'll then do for the rest In the rest of the videos is I'll go ahead and list out all the sheets for this particular game. So I'm going to go back directory and do Boot Genie and just kind of wild card or tetranglix here. And those are the patches that comply for tetranglix. And like I said, For this one, I'm just going to do the all squares patch. So I'm doing a patch Then boot Genie and tetranglix square. Let's go ahead and patch it. And then now I do got to reassemble it because I'm patching the source, not the game itself. So we assembled it. Let's play it
And sort of looks like
square. I'll do a couple lines. I'll fast forward here in a second. Show the ridiculousness of this but yeah, all squares
Really if you want to rack up high score this is probably a quick better way to do it.
Keep those Like that, instead of Bring it all down like that.
But yeah, for invaders, we can overall Slow it down, but instead it'd be more interesting to give us so many lives. We're practically invincible and then we'll make the guys Advanced down a third of the desk. Since each time, giving us ample time Take them out. Let's take a look at that.
Let's go in clone invaders here.
Do it, build it or run it. So Normal invaders normal gameplay
It's actually pretty challenging My opinion All right.
mallets Start on cugini to it. Do the extra lives. fashion and slower advancement patch here. Go and play it now. And just watch real quick how they advanced down right here. barely any You know with 127 live sound like dog again shot so here's the thing the game's sped up a little bit I'm still not playing perfectly here. See, it's still a little easier. can make it really easy to get a high score with food chain In s bird, we can Make the clearance between pipes really large. So we don't Hit them as much we can add a whole bunch of pipes to get the score quicker and we can actually make the game faster it will make it more challenging in this case because the pipe clearance is so large and we just rack up the score even quicker that way. So let's take a look at that.
Let's go ahead and clone f bird symbol
Play it in its original state.
That's what it looks like here.
It's not too bad. It's kind of challenging but still possible.
Let's do our first patch. We're going to come Do these one at a time here just to show The differences as they build upon each other So we're going to do the pipe patch.
So what this does is gives that extra credit So now it's just super easy. But I mean it's it's kind of more boring now just because kind of slow and all that. We want to rack up the high score quickly and add another patch here. More pipes. So when we do this, you'll see they're not so far spaced apart. It's
Yeah, there's a lot more pipes there so you can kind of rack up the score a little bit quicker. So that's cool. But one more Now The game plays really, really fast. And this actually reveals something that most people Probably wouldn't see if they play the game naturally. Once we get past a certain point We're going to go until I no man's land or whatever, it kind of goes back to what Without what it looks like without the cheats on some parts I think it's about a character score 120 or something like that. We'll get there in a minute.
We should be First now
So there's a lot of ways we can share tronsolitare. First we can make the initial score really close. To the score to win the game, we can make the game slower. For another speed hack, we can make the Game not progressively get faster. We can do it. clipping which is basically invincibility, we can set The score required to win the game much lower. So we just get to a question. That way and then lastly we can set every item Not be poisoned, so they're all power ups good power ups up for this stuff. For the demo. We're just going to look at the speed patch. We're going to make it really slow, right now. TronSolitaire. We're going to Grab it, assemble it, play it .
This is kind of what it looks like in Real time
it's gonna play until I see a green Apple called some of these red points in Apple's
Boys There we go. So there's a green apple down there
okay. Let's do a speed patch to it. Make it a lot slower. So this is how our Probably slow it is kind of boring. I'm obviously going to speed up the video but this game is slow enough to where I can beat it. more consistently like I have beaten this game with Any of the cheats When it's this low, it's easy enough to consistently beat it. So, speed it up in a second hair. There we go
and you can see The score
down there. It's in hex, whatever and every like 4000 hex Game naturally speeds up on its own unless you add the other speed patch or it won't do that then but we're not gonna use that word They don't really need it.
So we're almost up to six K go getting close to half They're the 8k
game. We'll get ridiculously fast at that point. Yeah. spastic game here we're about to win.
with all the points Annapolis but it gets hard after a while. There we go. We want That's the flashy windscreen screen
That we get here for Bootman we can play in a couple clearly different level we could even be invincible, but for the purpose of the demo, we're gonna make it really slow and then we'll do the strong pill patch which makes the ghost runaway for a lot longer. In fact, you can go from pill to pill and not have it ghost attacking you at all that lasts so long. So let's take a look at that. All right, so let's look at boot man right here from guy Hill. We're gonna go and git clone this
and we'll go into the directory
and Now we're going to build it or assemble it
and let's go Real quick to see what it looks like in its original form.
So here we go. It's playing through a little bit. Normally doing much dying. Right now let's just take a look at the collection of sheets. Look at our catalog.
So we got to pick from
So first one we're going to do here,
to the speed one
to make it a lot slower although The video will speed it up when we get to that, and then the strong colon so last longer. Let's go and rebuild it, reassemble it and see what this game plays like now. So it's stupid slow, I'll speed the video part up, but then we'll go into warm the pills. There we go and there it is. See how they like to like that forever, you know, as long as it's go through and play to win. The pills lasts so long that it Almost persist until you get the next pill. It's ridiculous.
So there we go, and we've effectively won.
The snake cheats are pretty straightforward. Just slow, way slower and unplayable fast, and we're going to take a look at the slowest in our demo. Finally we'll take a look at snake and I grab it, simulate, play it It looks like at normal speed which is actually kind of fast It does make it challenging at this speed to play pretty far into it. So we're going to do the speed to patch. We're going Make it almost unplayable is slow assist at normal speed, how slow it is. So I have an issue beat it up here in a second. And really I'm going to play it to completion. I'm going to play this until I fill the whole screen up. So I won't bore you With that at the speed it actually in real time, this actually took almost almost two hours to film the whole thing. screen. So I'll only bore you with maybe another 30 seconds of this But here it gonna speed up a little bit here. progressively I think about to score 50 it really kicks off and will blind us here. And that's the way I like to play snake or nibbles. goal to, quote unquote win. game to completely fill up the screen.
Here we go now rockets
No dinner Whatever
that last little bit is What you kind of have to do
And then finally We'll take a deep dive into the last game we're going to talk about which has Boot Rogue. So instead of describing the this game myself, I'm going to let Nanochess himself explain The game
Hi everyone. Eric invited me to explain why In fact, I have their Boot Rogue. the 1989 I had access to a televideo PC. It was a machine with all integrated monochrome monitor file. 5 and One four floppy disk. 10 megabytes hard disk drive and CGA video card. Having software for that machine was very difficult. There weren't any software stores in my area, So are I was dependent on our friend that sometimes bought game disks for me. they were labeled very informatively labeled as game one game two games three and four. My favorite game and The time was Bushido, a Game Boy karate boy kicks ninjas with swords that also throw shurikens. With no manual I discovered the keys that changed the player modes.
after playing it so much I got bored, and the next game was Rogue. These smiling face always made me think , why so happy? How can he be so happy in the unknown? I started to move these smiley through the maze . And with the help of a fat Simon and Shuster English Spanish dictionary, I started translate the messages and then my mind surprised me "Oh he's fighting with monsters now" , "Oh the armor glows" "damn" "that ring cannot be romoved" "what? he died from starving?" With no doubt Rogue was the game with more content that I ever had played. but I didnt know the objective. I killed monsters, I started descending more to find things and then I found it, the Yender's Amulet. The first time I didn't know it was so special and kept decending. . The next time I started going up and then Whole squadrons of monsters fell over me. In a certain moment I felt like a desperate kid fleeing from the dungeons with my treasure, and I jumped euphorically. Probably that euphoria was what I reminded when I started to code bootRogue. The Rogue memories had me searching information about how to generate the mazes and i found a simple description, " a three by three grid with rooms connected randomly'. It was the first thing that I implemented. Then this smiley, the stairs to descend in the dungeon, the yenders amulet and the lights circle It looked so good that in a few days. also added monsters weapons armor, food, traps and then use a lot more time to keep reducing the code until fitting the size of a boat sector. Anything in bootRogue is a homage to Rogue. If someone told me I will endup making a 512 bytes Rogue 30 years into the future
would never have believed it. Then Eric wrote me amessage. Please don't change that random number generator! It is genial!." (the email subject was : "Please keep Rogue.asm as it is, its's perfect!") Thank you guys. Greetings from Mexico.
That was nano chess and by the way, he actually has a couple books On bootsector programming, follow him on twitter too. Find out more. It's excellent. So the irony here is I gained a huge advantage from learning what I learned from doing the cheats without actually
Using the cheats this led me to write 140 page game guide for for the game like a strategy guide. And you'll see some excerpts from it down the road. I haven't published it yet but it is coming out soon. And really the goal of the game is to win it sure, but I guess high score is another goal. So winning is easy enough with with enough patience So my my main goal started to get targeted on getting the highest hp. We'll get there but the first thing we're gonna look at is one of the cheats. It's called Magic Lantern. It's one of my favorites and this is one of the ones that really opened my eyes up to all the patterns and advantages that I now have. So real quick, this is what it looks like to play with Magic Lantern on just going to go and get what I want here because I can see it all and when I go to the stairs, over We're here. We'll get that sorted first but when I go to the stairs, you're going to see the next one.
So talk about patterns real
quick. Let's take a look at one of the dungeons. full view here. We're going to look at the armor and the food. And I'll highlight that here for us. So we can zoom in to what we're looking at. There's one, two and three. And you notice they're spaced the same distance apart. It's pretty consistent. It's a little bit less obvious though is the sword and the Gold here but it is Consistent is just one of them has to span at the top has to span you know from one row to the next.
Sometimes it's one room to the next but it shows you not only that there's patterns But kind of how the whole dungeon is procedurally processed when a lays items out So things seem a little too predictable. I want to look at what affects random how random is created. And this is pretty much it. There's the four lines of code here at the top are what's really doing the magic. The rest of its kind processing it to get it down to like a dice roll format. It really is these four lines of code now there's only one One other line of code that affects random and that's how the the staircase is laid out. To decide which corner to put the stairs in That's just the shift instruction right here. That's All right. So this is all there is to it for how random is done It's not really enough into what these numbers look like.
Like what that entropy is all those kind of things. I want to do something else. So what I do is I use Python scripting automate the GNU debugger. What I do is I set a break point out where the 'rng' number has been generated and log it to a file. And I've used a similar process to malware actually in my real life on systemDminer. And this allowed me to figure out what it was actually doing before I knew what it actually was. And I was logging different things but same kind of idea of breakpoint in key areas and getting the data I need.
So I'm just going demos here. You can see the code in the back there for the script. It's actually pretty Simple in this case, so I just need to go to where bootRogue is. I'm doing gdb with dash x to run the script that I want to run with it and I'm just playing through the game. So doing its thing And log the random And then Run a couple of stupid bash. commands just to Show What numbers look like to some effect but really my analysis
This was in reality pretty manual. What I found was at for the first say like four to 500 calls to random, it seemed pretty random but then after that it's sequence through 128 distinct value. like it was looping so that's that's the lesson from this is then for whatever reason There's 128 values set it just loops through one after another just repeats. Pretty interesting. So there's 128 they're just showing the distributed amount of numbers.
Now that we know that we have a very small closed loop of random values might be worth knowing what kind of things we can do to affect the loop to advance that loop. It's it was under seven things One of them is battle on, you know, attacking and defending the door will affect it. If you plan on a trap or if you need some food that'll affect a little bit and what massively affects it is generating the dungeon itself. The maximum width and max height. Those two things will affect that as well. It makes several calls on random
So in English food makes
it called traps make Call or placement makes a call the process of battling several calls and dungeon generation will do 100 Hundreds of calls for one dungeon So let's make some assumptive jumps.
Here there are only 120 They unique dungeons because that's the only amount of random values that we have to start dungeon generation. If you know the RNG state, when you're starting a dungeon you should be able to count What the next dungeon is going to be able to be on you can affect the RNG state by getting food or hitting traps and encountering battles but we'll only do food and traps because battles are a little bit unpredictable, but really The assumption is we can actually predict and affect the net dungeon that's loaded. So again You can choose the next dungeon is what's his boils down to
But let's revisit patterns. You remember when we saw the In the shield so close next to each other well they do have a site We see the shell of the top and we see one for tile and then we see The food but if you count another 17 tiles you'll You'll see an enemy after that and another 34 tiles, you'll see gold For that, and so on and it actually loops and that loop if yellowlees numbers up including items, it turns out to be a total of 128 So you know, no mistake there. This is actually starting to make A lot of sense. I also noted that there's 20 124 unique types of rooms as To cataloguing all the different types of rooms that I saw it in full dungeons, and yeah, it turns out that there is a finite amount of types of rooms. Including the types of items that show up in them and go figure they follow an ordering as well. If you know one room you can predict the room that follows it over to the right hand side of it. So I mapped it out, though the orange rooms are just general ones, the green ones are rooms starting points there's no room to the left of it.
The purple ones are rooms found in multiple sequences and then that Blue circular area down there is a loop. So once you get in there, you just keep on looping around. So for example, we'll look at dungeon one It starts at room 41 and then you go to 4214 Tune 14 910 three seven. That's the Different nine rooms that dungeon one is made up of. That's how this map works. So to step up a layer of abstraction I started cataloging all 128 dungeons and this is kind of anatomy of a dungeon yeah the dungeon number the seeds That if you give it that RNG value, that's the dungeon that will be produced. And then I show the top 10 exits so like if you did nothing you'd actually go to dungeon 28 if you just went straight for the ladder But if you say hit a trapper got one food, you'd actually go to dungeon 29 and so on for every RNG thing you affect The next dungeon you're going to hit on. I also gave an identity done In green there, that's how many items you'd have to get in order to arrive.
Back at dungeon one At the very bottom you see that room sequence has been covered on the last slide. You also get the amulet location and PR Therefore if this were level 20 That's where the amulet would show up. Then off to the right you see all the dungeons that are the Most likely to be coming from into One
naturally the next thing to think about routing. If you want to Get to your favorite dungeon. You can Get from any one dungeon to one other dungeon but it might cost you it actually It makes way more sense to route through multiple dungeons together. Get to your gold dungeon because it will cost you a lot Some HP because while the less amount of traps You have to hit. But routing is hard. It's actually a computer science thing. Like I actually had to end up writing a script to solve this problem. For me that use recursion and all kinds of crazy program crap I hate doing but we'll talk about that. In a bit, we'll talk about in the context of getting from point A to point B and in this case from dungeon 42. To dungeon one, we'll look at a demo.
So I'm going to show you a demo of the patch shader demo script that I wrote for the Pathfinder script that I wrote for this we mainly hack the game to start at dungeon 42 just to demonstrate this so this is the path from dungeon three to to dungeon one looks a little cryptic. So let's walk us through real quick here, we're on the game, run dungeon 42. To get to the next Dungeon of 51 we need to get one food two traps. So we'll go through the food here, get to traps and we'll exit. And then in dungeon one we need to get to food, no traps. So get to the next dungeon. So we get our one food to food. We go now we're on day three. We only need to get one food, no traps. So let's go over there. Our food exit now we're on dungeon one. So that's that's one way to get there. That's the most economical way to get there. But now I'm going to do a argument to the thing here. items, that means consider all paths we're going to do right here by adding icon to the beginning. But anyway, so we run that we get our direct route. Gotta do anyone random calls just to do that. So this is we're gonna play a patch to make it. So
let me put this in here. There we go.
So we make it to the good items don't disappear. So instead of going on traps, I can just go over the food. See, I went over twice already. Now it's got to go over 79 more times, speed that up. There we go. And then once I'm done, I can go for the exit. And I'm done on dungeon one again. So that's how that works.
Now for a quick tangent
to a side project called bootMage, it's going back to putting Python into gdb. But in this case, we're doing a live dashboard while we're playing the game. It shows us internals to the game that we wouldn't normally be able to see that I'm sure none of us would have displayed if you had more than 512 bytes, but now we can expect The game for higher visibility, and we'll see a demo in that here in a second. cutting out the script here, this one's a little bit longer than the other dumper. It's quite a bit of stuff there, actually. So we're just gonna load up with the road, the game started. And we'll start to move around. And you can see a little dashboard up there. The cool thing about this is you do have a hunger. So as you move around, you will lose hp. Eventually, it's actually every 128 steps.
Well, in the upper right hand corner, you can actually see where you stand with that. So once that counts down all the way, you'll know you're going to lose an HP which is pretty cool. You also get how many items are in each room, and it'll count down, it'll actually decrement as you get the item. And you also get some internals like your current attack and defense when you collect armor and swords, which you wouldn't normally know. And you also get to track money, which the game couldn't do because there was no space left. You know, Oscar just wanted to add money in there or just to have it, you know, and then this is us engaging in a battle, we actually get to see blow by blow When we get into a battle, how much HP everybody has how much they're attacking each other for, it's pretty great. And then we even get, what our current dungeon is, what the next dungeon would be based on the items that we're getting, and even a tip of what the next dungeon should be that you should try to get to, which is based on who we'll get into here in a little bit. But then, you know, even when you play through the entire game, I'm just going to kill myself here real quick. You get some endgame statistics. Beautiful. But now we'll talk about how to get the high score. So anyway, getting back to this, we know we can do routing, but we don't really know what the best route is or what the best dungeons are. But one cool thing about the Pathfinder script is it doesn't do loop checking in this routing. That's advantages in this case. So if we hypothetically said I want to go from dungeon one, back to dungeon one, and do it in seven or eight hops or a lot of hops or you know, dungeon 32, dungeon 30 or whatever. If we do this for a lot of different test cases, then the most efficient routing or the best dungeons, we should See showing up somewhere in the middle of play frequently. So let's take a look at some of those examples. In
this case we're looking at from dungeon
one to one, or 2223234 to four, or five to five, six to six and 12 to 1213 to 13, because some of those other dungeons aren't really routable as easily. But I highlighted in green, the patterns that we were looking for, so dungeons one and 31. Those are the best dungeons and there's a reason for that to dungeon one is a dungeon that has three food in it and there are other dungeons that have three food but not that many. But the cool thing about this one is if we get all three food, we get to another dungeon that allows us to get back to that dungeon in one hop, and we consume all the food which is just one in dungeon 31 as well. So there's no other dungeon that has three food that allows us to get back so quickly. That's why the dungeon one 231 pair is the most efficient, that's what you want to be doing for the entire game once you get to one of those dungeons. So if you want to get the high score the highest HP first identify the dungeon you're in then you use a button path to get to either dungeon one or 31. And just keep alternating those dungeons till you get the amulet and back, and you'll have a lot more HP than otherwise. So what's the best way to identify the current engineering, I mean, I do have a catalog and you can explore the whole dungeon without touching anything. But the most efficient way possible, it's a little bit of movement is to identify the current middle room. And then from there, use the sequence patterns in the previous slides to identify the southeast corner room. And then from there on the next slide, I have some diagrams, that if you know the southeast corner, you can pretty much know what the next dungeon is going to be. You might not know what the current one is, but you will be able to know what the next one is, which is perfect for routing. So let's say that were in room a for the southeast corner, then we would know if we didn't touch anything with the next engine would be 68. I mean, if we got one food, that'd be 69 and so on or whatever. Or say we were in room 12 for the southeast corner, then the next one should start at 104. And that's how this guide works here. So as a reference, this is a full play through a boot rogue. I'm going to speed it up here in a second. But my strategy here is to just get every food item and you know swords or armor on the way but the idea is to try to maximize HP by getting as much food as possible. No matter what the routing may or may not be in here I am on level 26 getting the amulet slimmed down for that.
And then I'll go all the way back up.
Speed up here.
And at the very end, we'll have about 100 or so HP over that hundred and 16 Hp clocking in that. We're now going to use everything we've learned to do a full playthrough of all the strategy to get the highest HP possible. So now we've identified the middle room of room 18. We're going to use that identified the lower corner 18 through to 14 9 - 10 by room routing sequencing so that corner would be 10 - 15 On this room two or 10 which stands to actually be 60, which is similar to all these dungeons, we're just going to go off with dungeon five for the Pathfinder tool. So for Pathfinder is five to one, that's a three hop route 5 to 1 is only a two hop out route, so we're going to use that method.
So for the first hop we got to
do to food and one trap. So that's what we're going to do here. And then we'll do two food one trap again for the next one. So there's one food to food one trap. Next one and then one food to food, one trap, and then we're on dungeon 31 and we're just cycling between dungeon 31 and dungeon one. We'll do that all the way till we get to the amulet. I'll slow it down for us once we get there and see where I fall 18 19 20 it's kind of pretty quick.
All right, here we are going down
getting the amulet
and it will speed back up and just crank all the way all the way back. up to level one, until we win. So just remember the first playthrough we're trying to get as much food as possible, just ignorant of which dungeons we were in, we got like 120 ish, for 116 for HP. But with this, we got 411. That's almost quadruple just by knowing how to route through the right dungeons. Before we conclude, one last thought, is why 128? That seems a little too neat, right? Even though the algorithm seems to be 16 bit we'd expect like 65,000 values, or six 5001 through five, but really seems to be effectively a bit on what that would still be 256 values, not hundred 28. So why is that? Well, it turns out, there are two separate honor 20 value loops and they're mutually exclusive. There's actually a 50% chance that we see that other loop and the first dungeon but if we do see that loop in the first dungeon, the next dungeon will be the loop we are used to but say that 50% We end up starting on the loop we are used to, well, the dungeon to where the next dungeon will be, again, the loop we're used to. It's only one way from that weird loop, we always on the next dungeon get to the loop that we are expecting. So why is that? Well, that has to do with how the ladder is placed, that one weird shift instruction will mess that all up.
So why does it go from one loop to the next but not the other way around, which has to do with an unusual parity issue. And you know, its just the rabbit hole gets even deeper from there. And I have a pretty full analysis on that in my strategy guide, which all will come out soon. And I'll mention on Twitter to announce it. But yeah, just little things like that, that behaviors that can emerge from a 512 byte game, as you've seen with all the other things is pretty amazing. So that brings us to the end. Here's all the GitHub projects, there's boo Genie, the road routing boom age. And then that just is all the 25 boot sector games with GitHub links and descriptions and Really, you can just go to my Git and it's only just on there anyway, that's my Twitter. You don't have to follow me. It's just for I will announce that strategy guide once I get that published, and that's pretty much it at this point. This is where I guess I'll be live and taking q&a and discussions or whatever, we can just chat for the next 10 minutes or however much we have lined up.
Okay, we're back here with x logic and we have a few questions. In fact, there was one that was just posted about JS Linux and that was going to ask xlogic if you've had a chance to try that out with your work.
No, the stack I got I've used it doesn't Yeah, I haven't tried tha I mostly am in QMU and use gdb to debug whereas nanochess he is completely different stack it, whereas I'm in Linux with gdb. he's in Windows and forget what he does in debug. But I think he actually has a different strategy. It's kind of interesting go into that , he starts with this programs as a com file. So you can like, blow them out to be larger than 512 bytes. So he'll try to write it with all the features and then optimize down whereas with me, I'm stuck with 512 bytes, I write as much as I can to make a functional game and then optimize down to add more features as I go, which is probably a worst strategy. But yeah, there's there's a lot of ways to the same thing. I haven't used that way.
Okay, I think we got a question from Greg.
How would you How would you describe some of the data structure that you use to represent the games?
so you know, as arrays are in the individual elements
that's game by game you do whatever you can to optimize for, for some things, I mean, you have see like a sprite, and I might represent them as two colors. So it's one bit for per pixel. Um, but really, it really depends on the game. Sometimes you're, you have certain elements that are directly in memory, and you're modifying them on the fly.
There's a lot of different strategies and ways to do it. But I think that the most general way I could think of it is it just depends on what saves the most bytes, and we do some crazy stuff to save bytes, the code, those commented can be pretty unreadable. Because of that. I'd say it's all on GitHub, GitHub, it's all open source. And I don't want to be the guy that says, you know, read the code. But one cool thing about bootsector games is that being that they're only 512 bytes, or about a couple hundred lines of code, it's really manageable or digestible to read the code. And you'll also notice that once you read over a couple It's kinda you get a feeling that it's a little bit tight knit because we all use the same tricks. It's, it's great. If you're in the demo scene kind of stuff. It's it's right up that alley. But as far as data structures go, anything.
I have another question for you. Do you like to use actual eight or 16 bit chips for this kind of work?
Um, well, so bootsector programming is 16 bit specifically. So I mean, I, I'm emulating it myself a bug, like half a year ago, I did end up buying in an old optiplex that had a actual floppy drive in it, and was doing that off the floppies. But I mean, it's, you know, I won't even say it's like a, I think the processor might be 32 bit or whatever. But I mean, again, this is 16 bit programming specifically. And his little tidbit are off off to the side, not related to that question directly. But I started getting into this because I wanted to learn ring zero programming, which is what you're in your ring ring zero when you're doing this, which is cool. I wanted to learn more about that. But then I quickly learned that it's actually pretty, pretty boring. It's super boring. And but the way I learned rings, or learned how to do that was from tetric books Actually, I learned about it from PoC or GTFO. So that's what got me into it. And when I realized bring zero programming is boring. I was like, let's just make games instead. Which is way more fun.
Alright..I think we have time for a couple more questions. Did you ever try an FPGA for some of your reports or game work?
Not for this. I mean, I've done stuff with FPGA. Really, it's been so long since I've done stuff with that kind of technology that back then it was they were called cplds I mean, it's a little bit different, but you know, computer Programmable Logic device. It was literally decades ago since I messed with those. But no, I haven't been to games with FPGAs That kind of technology.
I got one last question here. actually is from, from L ball. How many pages are in the boot rope strategy guide that you're working on?
Um, yeah, that's eyeball. He's probably been a show-off right now, but it's 130 pages
130.Most of it's because you know, each there's the dungeons. You know, there's maybe like two dungeons to a page. So a lot of it is not so much like content words, but just a lot of graphical information. And I know what the talk it seems like and I flew through that some of it might have been sort of in comprehensible and it's because the other is a little bit more context to it. But with the book, you can kind of slow step through and really understand it all.
Very good. Well, I think That's all the time we have right now. We were thank you very much for being a speaker here with the show and a couple of words you want to say to everybody or anything before we go before we go on.
Thanks for having me. Thanks. Thanks for listening and join the bootsector gaming community. I want to have more games.
We're done. All right. Thank you very much. xLogicx.