TetrisGYM SPS Vulnerability Research

Oct 31, 2024 by Javantea

First off the tl;dr for those in a hurry.

My SPS source code has been available since July 2022. It's not the only implementation.

So the short explanation is that the design of pickTetriminoSeed, the function that is the basis for the whole of TetrisGYM SPS (v4 and v5 seeds) has a weakness that Tetris original rom does not. The attached seeds are a list of seeds that fall into the same sequence before piece 100. This is caused by @invalidIndex. There are 276 seeds. Because of how the LFSR in generateNextPseudorandomNumber works, it's not just 276 seeds that do that, it's ~2x that. This is true of just about everything I've checked so instead of 4 million unique seeds, we have about 20k-80k sequences that a player can expect to get (research not complete). And because of how it locks, it continues indefinitely. This is probably beyond the capacity of a person to memorize, but we could see players memorize a small fraction of favorable and unfavorable sequences for a benefit in competition. Let's start the work of writing an improved SPS shall we?

Read more »

BikeIM 0.5.1

May 05, 2017 by Javantea


May 5, 2017

On Thursday of this week (May 4, 2017) I released a mail client. It's pretty humble, but I've been using it for a decade and so it was worth it to me to iron out a handful of bugs and make it good enough for other people to use. Currently it won't be much use to you if you run Windows, Mac OSX, don't run your own mail server, or don't understand what fetchmail is*. But those things are fixable and I intend to fix them in the months to come. That means this blog post doesn't have to cater to end users, so I won't attempt to. This blog post will be about how I came to write a mail client and why it makes sense in 2017.

* The wording of that sentence was pretty bad so I'll reverse it. BikeIM-0.5 is usable to you if you run Postfix, if you run Dovecot, if you run OpenSMTPD, if you run fetchmail, if you use GnuPG, if you use Mutt, if you run Linux or *BSD, if you use Git, and understand how to report bugs.

Read more »

Blog 2

Nov 02, 2016 by Javantea


Nov 3, 2016

I spent a little time in the past week porting one of my blogs to Python using Django. If the website looks similar to these four blogs, it's because they are all the same codebase with a handful of tweaks to make it possible to unify them with my other blogs and journals. While they aren't all ported yet, I thought I'd write a quick blog to explain things. For a decade and a half, I've been blogging on a PHP website I wrote in 2002 for Javantea's Fate and improved over time. In 2011, I wrote a blog in Python with Django for my trip to Brasil. When I went to Mexico, I copied the blog and created a second database. When I bought j4va.com for fun and profit (not really), I first put up a copy of java.com with some interesting things in its place. Then when I wanted to turn it into a blog, I copied the Brasil blog and made a third database. Now that I finally want to unify my blogs, it makes perfect sense to simply use the same thing, but copy all the data from the all the blogs into a single database. It's so well-written, that I didn't really need a really bad intro page anymore. So now AltSci.com goes to that unified blog interface. There's a lot of logic that makes it happen, but I'll leave that unsaid.

Of all my travels, only one trip is not available on my unified blog. I decided to use MediaWiki for my Europe Blog and spammers destroyed that blog, so I don't have easy access to the data. Eventually I'll grab the data and post it to this blog. For now, the pictures and videos will do. You have to click on the videos to get them.

Read more »

A Short Classic Cryptography Blog

Dec 21, 2015 by Javantea


Dec 21, 2015

A certain game reminded me of a cryptography trick that I learned years ago and haven't had the opportunity to share. First, let's talk substitution ciphers. I'll give two challenges, one with spaces and one without. 

GZKH YOQU TKP QY QB BKOB Q OATOPY KOWE BZ TXQBE O AZHF 
QHBXZUSCBQZH TKEHEWEX QV BXPQHF BZ ENJAOQH YZVEBKQHF 
YQVJAE COHB JEZJAE GSYB YBOXB XEOUQHF TKEXE VP VQHU 
YBOXBY TXQBQHF

PKCCAMSVCNSLADUYDUCLQUFDTCAFZSGDPFNTFSCCNXSTFKGDTXADUMM
SKLSMPODUCLXSFVKPFFZSJNMPFVKMKXMKVZXNISFZSMSPFDJFZSODMC
LKYZKTYSOMNFSKJSOPSTFSTYSPFDLSPYMNQSOZKFADUKMSOMNFNTXKQ
DUFJNMPFBDZT

The trick for the first one is to look at the list of possible two-letter words. Here is the top 101 words in order of occurrence in AI3. 

of
in
to
is
as
by
on
at
an
In
or
it
he
be
He
It
no
up
On
fr
As
es
so
St
if
At
do
An
US
By
No
UK
uk
To
TV
we
If
id
Dr
go
BC
Mr
Of
My
my
OF
Jr
We
me
Me
CD
us
Is
am
Co
So
Al
AD
Up
DC
al
io
cm
Ed
FM
PC
Be
Do
hi
EP
Go
kg
FC
NY
yo
3D
AM
DJ
SS
LP
UN
co
Op
ad
os
Sr
Ma
SR
EU
mg
CA
Or
Wu
IP
MA
Oz
Oh
Am
HD
un
kW

There are plenty of two letter words in both challenges, so it should be fairly straightforward how to solve those. Once you've tried values for the two letter words, see what substituting the rest of the characters does to other words. You might find obvious words. If you have a dictionary on your system, you can use grep to find a word automatically. If you have the AI3 wordlist, you automatically get the results in order of likeliness which improves the search many times. It also contains words that a normal dictionary doesn't have.

Read more »

next »