您见过或做过的最酷的骇客是什么? [英] What's the coolest hack you've seen or done?

问题描述

作为程序员，我们所有人都以一种有趣的方式组合了一个非常酷的程序或拼凑了一些硬件来解决问题.今天，我正在考虑这些黑客行为，以及现代技术如何弃用其中一些(例如，您不再需要对Tivo进行黑客攻击以添加网络端口).在软件世界中，我们认为像拖放到网页上这样的事情现在是理所当然的，但不久前，这也是一个令人兴奋的骇客.

As programmers, we've all put together a really cool program or pieced together some hardware in an interesting way to solve a problem. Today I was thinking about those hacks and how some of them are deprecated by modern technology (for example, you no longer need to hack your Tivo to add a network port). In the software world, we take things like drag-and-drop on a web page for granted now, but not too long ago that was a pretty exciting hack as well.

我见过的最简单的硬件黑客事件是由多年前一家电信公司的前同事完成的.他在办公室里有一台小型便携式电视，他整天在工作时会看电视.为了解决这个问题，他将开关连接到通过脚在桌子下面激活的开/关.

One of the neatest hardware hacks I've seen was done by a former coworker at a telecom company years ago. He had a small portable television in his office and he would watch it all day long while working. To get away with it, he wired a switch to the on/off that was activated via his foot under his desk.

您亲眼目睹或完成的最酷的硬件或软件黑客是什么?您现在正在处理什么黑客?

What's the coolest hardware or software hack you've personally seen or done? What hack are you working on right now?

推荐答案

我记得此黑客是由鲍勃·史密斯(Bob Smith)编写的，鲍勃·史密斯(Bob Smith)曾使用过DOS时代的旧内存管理器，称为386MAX(或"386 to Max").它不是产品的一部分，而是一个小实用程序，他把它张贴到某个地方.但是，在网络上，我可以找到的唯一对此技术的参考是 DDJ无证专区罗伯特·柯林斯(Robert Collins)的 1996年11月一栏.

I recall this hack as being written by Bob Smith, who did the old DOS-era memory manager called 386MAX (or "386 to the Max"). It wasn't part of the product, it was a little utility program he whipped up and posted somewhere. However, on the web the only reference to this technique I can find is a DDJ Undocumented Corner column from November 1996 by Robert Collins.

在Intel引入 CPUID指令之前，很难检查确切的类型和版本系统上的CPU级别.事实证明，在386和更高版本的大多数版本中，实际上都有一个CPU ID，但是它仅在一个特定的时间可见:在EDX寄存器中重置处理器之后. (假设计算机的BIOS是唯一对此有兴趣的软件.)

Prior to Intel introducing the CPUID instruction, it was difficult to check the exact type and revision levels of the CPU on your system. It turns out that in most versions of the 386 and later, there actually was a CPU ID, but it was only visible at one specific time: right after the processor was reset in the EDX register. (It was assumed that the computer's BIOS would be the only software legitimately interested in this).

问题:如果我们不是BIOS，普通程序如何才能检索该寄存器值?

Problem: how can a normal program retrieve this register value if we are not the BIOS?

此黑客依赖于IBM PC兼容计算机的六个独特功能.它们如下:

This hack relied on six distinct peculiarities of IBM PC compatible computers. They were as follows:

1. 从IBM AT和更高版本开始，有一种方法独立禁用A20地址行在公共汽车上.
2. 大多数计算机的BIOS ROM下方的高内存地址中未安装RAM.
3. 大多数IBM PC总线计算机在读取未在其中安装内存的内存位置时返回0xFF.
4. 0xFF 0xFF 0xFF等是Intel CPU上的非法操作码.
5. 如果在内存中安装异常处理程序，它将在该时代的大多数CPU(386到486)上进行软重启.
6. 在进行软复位或硬复位后，Intel处理器跳转到一个位于可寻址内存顶部的地址，该地址减去16个字节，这就是将BIOS ROM放置在其中的原因.

1. Starting with the IBM AT and later, there is a way to independently disable the A20 address line on the bus.
2. Most computers do not have RAM installed in very high memory addresses just below the BIOS ROM.
3. Most IBM PC bus computers return 0xFF when you read a memory location that has no memory installed there.
4. 0xFF 0xFF 0xFF etc is an illegal opcode on Intel CPUs.
5. If you install an exception handler in memory, it will survive a soft reboot on most CPUs of this era (386 through 486).
6. Upon soft or hard reset, Intel processors jump to an address which is at the top of addressable memory, minus 16 bytes, which is why the BIOS ROM is placed there.

该程序结合了所有这些琐事的知识，以实现目标.

The program combined knowledge of all these pieces of trivia to achieve the goal.

结果是一个DOS命令行程序，该程序执行以下操作:

The result was a DOS command line program, that did the following:

• 安装了非法的操作码异常处理程序
• 关闭总线上的A20地址线
• 软重启CPU(我认为这是通过BIOS调用)

发生软重启时，处理器将尝试跳到内存顶部减去16个字节，这是ROM启动代码所在的位置.但是，由于A20处于关闭状态，它实际上会跳到内存顶部减去16个字节减去1兆字节.在大多数PC上，没有RAM.因此它将从这个不存在的RAM中获取一系列0xFF字节，并尝试执行它.这将创建一个非法的操作码异常.

When the soft reboot occurred, the processor would try to jump to the top of memory minus 16 bytes, which is where the ROM startup code is located. However, since A20 was off, it would actually jump to top of memory minus 16 bytes minus one megabyte. On most PCs there is no RAM there. So it would fetch a series of 0xFF bytes from this non-existent RAM, and try to execute it. This would create an illegal opcode exception.

然后，他的异常处理程序将提取EDX(CPUID)的值并将其存储在他可以找到的位置.然后它将清理混乱(重新打开A20，在DOS下从保护模式切换到实模式)，然后将控制权返回到原始代码.

His exception handler would then pluck out the value of EDX (the CPUID) and stash it somewhere he could find it. It would then clean up the mess (turn A20 back on, flip back from protected mode to real mode for DOS) and return control to the original code.

当它起作用时，真是天才.瞧，这是一个简单的命令行DOS程序，它将为您提供CPUID值.

When it worked, it was genius to behold. Voila, here was a simple command-line DOS program that would give you the CPUID value.

当然，不可避免地会有一些不太兼容"的PC，当您运行此PC时它们将崩溃.嗯.

Of course, there were inevitably PCs out there which were "not quite compatible" which would crash horribly when you ran this. Ah well.

这篇关于您见过或做过的最酷的骇客是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！