• Announcements

    • Spaff

      These Forums are closing!   10/04/2019

      After more than a decade of serving this community well, these forums have finally run their course and it's time to close them down. That doesn't mean we want to close the doors on our community, quite the opposite!
      Our discord server grows ever busier by the day, and we encourage all Double Fine fans to meet us over there www.discord.gg/doublefine In a short time these forums will become a read only archive and will remain that way until they become needed again.
      You never know, it might happen.  There is... a prophecy. Thank you all for being part of these forums, and remember that the fun is definitely not over - so please join us on Discord! Love ya, Spaff, Tim, Info Cow, and all of Double Fine.


  • Content count

  • Joined

  • Last visited

Everything posted by SmashManiac

  1. So there's been a lot of progress in the Final Fantasy VII/VIII/IX modding community recently about using ESRGAN and Gigapixel, two deep learning AI programs for upscaling images, to upgrade the low-resolution 2D backgrounds of these games to high resolution, and there's currently discussions on how to apply a similar technique to upscale FMVs. I couldn't help but immediately remember that Grim Fandango Remastered had these exact issues and would be a really good candidate for this treatment, either through an official patch or by fans (or both). You can find more information about the techniques used here and here along with screenshots. For reference, here's an example of an original Final Fantasy VII background vs a 400% upscaled version from the work-in-progress Remako HD Field Mod:
  2. Glitch in Act 3

    Not sure if that's your problem, but many people don't realize you can scroll your inventory past the first two rows. Otherwise, can you give a bit more details? It's not really clear what you mean by "not receive an item".
  3. Secret room

    I just realized I previously made a mistake, and that the last sentence isn't quite accurate. Gaussian elimination is not really possible for the general case because you can at best multiply by the negation of a coefficient, which automatically eliminates the variable. So it doesn't seem like there's anything better than just feeding in values and see what sticks to come up with formulas. So the approach I would do then is to pick an output variable and make it equal to the logical disjunction of all 128 conjunctions for which it's equal to 1, then convert all disjunctions to XORs by using the equivalence x V y <=> x + y + xy and all negations to XORs by using the equivalence ¬x <=> x+1, and then finally simplify the formula, which can go up to 256 XOR-separated clauses of up to 8 conjunctions. Of course, that needs to be repeated for each of the 8 output variables. So unless the result turns out to be relatively simple somehow, trying to mix in 256 boolean variables (the key) and a few constants through XORs and applying the 8 resulting formulas 14 times (the number of rounds) just doesn't seem like a realistic approach to me right now.
  4. Secret room

    For those that didn't notice, there is a Data/Content/Secret/Rooms/SecretRoom.lua, and this file is encrypted. I'm assuming you are supposed to have a book item pointing to this file, place it on the pedestal in DRMRoof, input the correct key, and hack one of the exits to point to it after deciphering. Problem is, with the exception of the Steam Workshop content, I explored every nook and cranny of the game I could think of, and I did not find any hints as to what that key could be, and none of my guesses worked. I was hoping that Christo would reveal a clue after deciphering PrincessChambersCopy, but that room unfortunately contains nothing of interest. (For the curious, I was able to decipher PrincessChambersCopy by hacking Book.lua to replace math.random() with string.char().) I also tried using some of the keys used in pre-release teaser puzzles, but to no avail. What I'm afraid of is that the key might be hidden in the original prototype, and the only way to get it right now is to purchase the overpriced Amnesia Fortnight 2012 bundle. I know that there is a similar puzzle in the prototype and that it unlocks a secret message from Brandon, but I have no idea what its contents is...
  5. A new puzzle...

    I just had a new idea today: Since one of the codes is on the front of the cartridge and the other on the back, maybe you need to flip the back one before merging the images, and most likely horizontally to match the text orientation of the original labels. Well, I didn't find any interesting results, but I didn't test all permutations either (rotations, flips, reversing colors, AND vs OR vs XOR, order of operations), so that's still something to explore. Here's a picture where I attempted an XOR after an horizontal flop of the back code.
  6. Secret room

    Pretty sure that's just JPEG compression artifacts. Besides, the logos on the previews are not part of the art being sold and are standard to all Fangamer products, so I doubt they're relevant. Still, you may want to compare the logo with other products in the Double Fine shop yourself to verify this.
  7. Secret room

    I just realized there's another official Hack 'n' Slash merch in the Double Fine store in addition to the T-shirt. I completely forgot it existed because it's not showing up in the "All" category of the shop. Hack 'n' Slash - Landscape I'm not seeing anything special on it, but given the T-shirt incident you never know...
  8. Secret room

    Back at it again! First of all, I got as a gift an official Hack 'n' Slash T-shirt, and I figured it might be interesting to describe the package contents here for completeness. The T-shirt itself looks exactly like the pictures in the store, except the inner part has the T-shirt size instead of "MD". There's no hidden label hidden inside it or anything. The plastic wrap had a nice little sticker with the same design, the T-shirt size, the Double Fine URL... and the string "HACK N' SLASH", with a missing apostrophe before the "N". Inside the plastic wrap, there was also a small Fangamer swag package, including a Fangamer marketing brochure, an untitled holiday 2017 postcard by Laura Wilson, a Super Smash Bros. pin, and a Final Fantasy VII... um... thing - it feels plastic-y on the printed side and like paper on the other side, and if it's a sticker I can't peel it off. Interestingly, the postcard's "From" and "To" labels are printed using the same retro font as the one used on the T-shirt. So pretty cool, but at first glance, nothing interesting that might relate to this puzzle. However, upon closer inspection, I realized that the Hack 'n' Slash logo printed inside the T-shirt actually contains a hidden barcode! You can read it on its top and bottom edges - it's the same on both. Heck, it's even visible on this official store picture and we all overlooked it: So I blew up the picture, rotated it horizontally, put a few monochrome filters onto it, and send it to an online barcode decoder for analysis. Turns out it's a Code 128 barcode which reads: +thegame.com/shirt I'm assuming you're supposed to concatenate "hacknslash" with "thegame.com/shirt" for the URL, which is unfortunately the same URL than one from a previous puzzle, which redirected to the store page to purchase the T-shirt in the first place, and it doesn't work now anyway. So in other words, it's a really cool discovery, which revealed absolutely nothing. Oh well. But the fact that we missed this for so long suggests that we might have overlooked other hints. The other thing that I wanted to mention is that I continued looking into AES, specifically the multiplicative inverse in the finite field GF(2^8) transformation step in SubBytes() as it is the only non-linear transformation of AES. The official specifications mentions using the extended Euclidean algorithm to perform this, but I couldn't wrap my head around that concept. Instead, after playing with equations for a little while, I came up with a nice way to find the multiplicative inverse, which is as follows: if abcdefgh is a non-null byte, then it's multiplicative inverse in GF(2^8) ABCDEFGH can be found by resolving the following set of equations (addition is the XOR operator, and multiplication is the AND operator): (a+c+d+h)A+(b+c+g)B+(a+b+f)C+(a+e)D+dE+cF+bG+aH=0 (b+d+e)A+(a+c+d+h)B+(b+c+g)C+(a+b+f)D+(a+e)E+dF+cG+bH=0 (c+e+f)A+(b+d+e)B+(a+c+d+h)C+(b+c+g)D+(a+b+f)E+(a+e)F+dG+cH=0 (a+d+f+g)A+(c+e+f)B+(b+d+e)C+(a+c+d+h)D+(b+c+g)E+(a+b+f)F+(a+e)G+dH=0 (a+b+c+d+e+g)A+(a+b+c+d+f)B+(a+b+c+e)C+(a+b+d)D+(a+c+h)E+(b+g)F+(a+f)G+eH=0 (b+e+f)A+(a+d+e)B+(c+d)C+(b+c)D+(a+b)E+(a+h)F+gG+fH=0 (a+c+f+g)A+(b+e+f)B+(a+d+e)C+(c+d)D+(b+c)E+(a+b)F+(a+h)G+gH=0 (b+c+g)A+(a+b+f)B+(a+e)C+dD+cE+bF+aG+hH=1 It's possible to solve this system of linear equations using elimination of variables or Gaussian elimination, but doing so appears to cause formulas to blow up, so I haven't done so for the general case. I'm interested to see what the final solution looks like to see how strong is the nonlinearity of AES is, but I don't have a good way to do so right now. In any case, with that it's possible in theory to remove all references to GF(2^8)'s polynomial representation for mathematical analysis and focus exclusively on pure bit formulas to represent the result of AES, which is pretty neat.
  9. Secret room

    I was under the impression that tjablin's posted C code was not actual disassembly, but only reproduced the output? Unless Hack.exe also uses LibTomCrypt? As the encryption is triggered by entering DRMRoof, the trick to avoid multiple encryption is to not exit DRMRoof while a book is on the pedestal, including with PrincessChambers already there by default.
  10. Secret room

    Thanks a lot, I'll take a closer look at those when I have some time. The AES functions in the game are exposed in the Lua environment through the DFHack object as encipherBuffer and decipherBuffer. Their implementation are in the Hack.exe x86 binary. tjablin apparently did a disassembly, but the code he posted as reference is no longer accessible, and I'm not sure if the C version he wrote is an exact match or not.
  11. Secret room

    Hmm you're right. I read through the entire AES standard, and if we would skip the finite-field multiplicative inverse substitution in the SubBytes step, each output bit could be represented as a series of XOR operations. I have no idea what a formula for this multiplicative inverse would look like... if one can even be written.
  12. Secret room

    So here's a potentially dumb question. Say i_x is the xth bit of the AES-256 block input (after CBC XOR in our case), k_x the xth bit of the key, and c_x the xth bit of the ciphertext block output. What would the functions c_x(i,k) and i_x(c,k) look like?
  13. Secret room

    Heh, I thought for weeks about the P versus NP problem just for the kicks myself. No dice. I'm surprised this paper doesn't reference the controversial eXtended Sparse Linearization (XSL) attack. Not sure if that's important or not though. I don't know if attacking the zeroes matter, but if it does then I should point out that the last bytes at the end of the file immediately before the PKCS #7 padding should be: 00 00 00 00 00 00 00 Being able to guess the key string itself would be great, but if it's a long sentence like the normal PrincessChambers.lua key then we might be in trouble unless it's based on a string in the game or a known incantation. As for clues, if they exist in the game, they are either truly well hidden, hidden in plain sight, or we overlooked them somehow. Otherwise, there could be clues hiding anywhere, including the following locations: Amnesia Fortnight 2012/2014 material, including the 2012 special edition box set, trailers, documentary, the Hack 'n' Slash prototype and its box art. All marketing material, including the full game press release with the HTTP trace, the ZIP/JPG hybrid teaser puzzle, trailers, the official wiki, the development blog and the official T-shirt. Messages from Noughtceratops's Twitter account. Devs Play season 1 episode 4, including the Zelda IPS patch and the currently-unsolved hacked Zelda cartridge winner puzzle. Unless Brandon, someone else linked to the game or Double Fine gives us more information, that's what we have to work with.
  14. Secret room

    I've been questioning this statement recently. Here's what I've gathered so far: The key string is hashed using SHA-256, which is used as the key for AES-256-CBC with a null IV, to generate the output. We already know the first 4 blocks of 16 bytes each of the original plaintext due to the Lua file structure and the game's directory structure (see my post from June 19, 2016). Due to the properties of CBC, deciphering a block only requires the key, the block's ciphertext and the previous block's ciphertext, or the IV if there is no previous block. With this information, we have 4 sets of AES-256 "equations" with only the hashed key as the unknown variable. The question is, is deducing the key from those "equations" realistic? It sounds unlikely to me, but I could not find a definitive answer to this question. I've seen claims that terabytes of known plaintext block matches wouldn't be enough to do so, but could not find the mathematical arguments to support them.
  15. Official wiki?

    Yes, the official Hack 'n' Slash wiki is indeed the GamePedia one, but nobody really bothered to maintain it since its original creation.
  16. Secret room

    Netrix, can you share the script you're using for bruteforcing? Also, I just had an idea watching keybounce's stream. There's a few empty chests in the game. I originally thought it was unfinished content, but it is possible it's a hint for the secret room somehow.
  17. If you're talking about why the world collapsed near the end of your recording, it's kinda your fault. I suggest you try to figure out what happened by yourself. If you can't figure it out, here's what happened: A turtle spawned while you were hacking the spawn behavior, and as you were editing the 2nd entry, the turtle tried to execute it. By coincidence, you had it set on GRABGRASS while the turtle was swimming, a case that is not normally possible. The game then tried to load the nonexistent graphics for this combination, triggering the error.
  18. I can't even chat on YouTube Live streams because of their forced Google integration...
  19. That's unfortunate. Almost all hacks in the game can be reverted by going back in time. This should help you a lot for your next playthrough. Fortunately, you should be able to quickly get back to where you were, since you already know the solutions to the previous puzzles.
  20. Did you bomb a bomb and enter its portal? That might be the cause of your issue. I believe loading a state before acquiring the bombs should solve it. I'd very much like to see people stream the game live, although this is the kind of game where "silly ideas" is very likely to spoil something unless you've already beaten the game though, so I think I would be more of a spectator until then.
  21. Code not updating on first exit from Algorithm room

    It's not normal, but the current version of the game contains many unintended bugs unfortunately, so don't be surprised if you stumble on more weird stuff like this. As for a solution, considering Double Fine has not updated the game in years, it would probably require a community patch mod.
  22. Should the mac version be "1.0.0"?

    No, it's the correct version. I believe the patches affected the Lua code only, not the native executable.
  23. Welcome to the new Action Forums!

    I don't remember if it was like that before or not, but... No HTTPS support? Seriously?? Do you realize that your forum users are leaking their passwords on the Internet just by signing in right now?
  24. Clean 2nd playthrough

    If I remember correctly, as long as you don't load a different save from boot before starting a new game or switch between saves in one play session, you should be good.
  25. Secret room

    There is still potential in dictionary attacks. I know Netrix tried it previously, but he appeared to have limited his attempt to a single word with mixed capitalization. My guess is that whatever this password is, it's probably a short sentence with correct grammar. I wouldn't be surprised if a dictionary generated from the in-game strings exclusively would be sufficient for the job. Also, I just had another idea: is it possible to deduce an AES-256 key if we already know a chuck of the original data big enough to cover the key length? Based on the Lua source code and the game files, if we assume that the original SecretRoom.lua is compiled and was done so at the same location than the encrypted version, then I believe the first 69 bytes would be: 1B 4C 75 61 51 00 01 04 04 04 08 00 2A 00 00 00 40 44 61 74 61 2F 43 6F 6E 74 65 6E 74 2F 53 65 63 72 65 74 2F 52 6F 6F 6D 73 2F 53 65 63 72 65 74 52 6F 6F 6D 2E 6C 75 61 00 00 00 00 00 00 00 00 00 00 00 02