It’s DOOM, But In Teletext

We’ve seen the 1993 id Software classic DOOM running on so many pieces of unexpected hardware, as “Will it run DOOM?” has become something of a test for any new device. But will it run in the circuitry of a 1970s or 1980s TV set? Not quite, but as [lukneu] has demonstrated, it is possible to render the game using the set’s inbuilt Teletext decoder.

Teletext is a technology past its zenith and which is no longer broadcast in many countries, but for those unfamiliar it’s an information service broadcast in the unseen lines hidden in the frame blanking period of an analogue TV transmission. Its serial data packets can contain both pages of text and rudimentary block graphics, and we’re surprised to learn, can include continuous streams to a single page. It’s this feature that he’s used, piping the game’s graphics as a teletext stream which is decoded by the CRT TV and displayed as a playable if blocky game.

Delving further, we find that DOOM is running on a Linux machine on which the teletext stream is created, and the stream is then piped to a Raspberry Pi which does the encoding on to its composite video output. More powerful versions of the Pi can run both processes on the same machine. The result can be seen in the video below, and we can definitely say it would have been mind-blowing, back when DOOM was king. There are plans for further refinement, of which we’d say that color would be the most welcome.

Continue reading “It’s DOOM, But In Teletext”

A picture showing acupuncture needles wedged into the inside of the payment terminal

Aaron Christophel Brings DOOM To Payment Terminal

Payment terminals might feel intimidating — they’re generally manufactured with security in mind, with all manner of anti-tamper protections in place to prevent you from poking around in the hardware too much. But [Aaron Christophel] thinks that level of security isn’t aren’t always in practice however, and on his journey towards repurposing devices of all kinds, has stumbled upon just the terminal that will give up its secrets easily. The device in question is Sumup Solo terminal, a small handheld with a battery, LTE connection and a payment card slot – helping you accept card payments even if you’re on the go.

Now, this terminal has security features like the anti-tamper shield over the crucial parts of the device, leading to payment processing-related keys being erased when lifted. However, acupuncture needles, a tool firmly in [Aaron]’s arsenal, helped him reach two UART testpoints that were meant to be located under that shield, and they turned out to be all that a hacker needed to access the Linux system powering this terminal. Not just that, but the UART drops you right into the root shell, which [Aaron] dutifully explored — and after some cross–compilation and Linux tinkering, he got the terminal to, naturally, run Doom.

The video shows you even more, including the responsible disclosure process that he went through with Sumup, resulting in some patches and, we hope, even hardware improvements down the line. Now, the payment processing keys aren’t accessible from the Linux environment — however, [Aaron] notes that this doesn’t exclude attacks like changing the amount of money displayed while the customer is using such a terminal to pay.

If you’d like to take a closer look at some of the hardware tricks used in these secure devices, we did a teardown on one back in 2019 that should prove interesting.

Continue reading “Aaron Christophel Brings DOOM To Payment Terminal”

A Milliwatt Of DOOM

The seminal 1993 first-person shooter from id Software, DOOM, has become well-known as a test of small computer platforms. We’ve seen it on embedded systems far and wide, but we doubt we’ve ever seen it consume as little power as it does on a specialized neural network processor. The chip in question is a Syntiant NDP200, and it’s designed to be the always-on component listening for the wake word or other trigger in an AI-enabled IoT device.

DOOM running on as little as a milliwatt of power makes for an impressive PR stunt at a trade show, but perhaps more interesting is that the chip isn’t simply running the game, it’s also playing it. As a neural network processor it contains the required smarts to learn how to play the game, and in the simple circular level it’s soon picking off the targets with ease.

We’ve not seen any projects using these chips as yet, which is hardly surprising given their niche marketplace. It is however worth noting that there is a development board for the lower-range sibling chip NDP101, which sells for around $35 USD. Super-low-power AI is within reach.

Even DOOM Can Now Run DOOM!

For years now, the standard test of any newly hacked piece of hardware has been this: can it run DOOM? id Software’s 1993 classic first-person shooter has appeared on everything, but here’s one from [kgsws] that’s a bit special. It’s DOOM, running inside DOOM itself.

So how has this feat been achieved? There’s a code execution exploit inside the original DOS DOOM II executable, and that has been used to run the more modern Chocolate Doom within the original. It appears as an in-game texture, giving an odd effect as if it’s being watched in a cinema.

The video below the break shows the game-in-game in action, but the real value lies in its in-depth description of the exploit, that takes us through some of the inner workings of the game and ably explains what’s going on. It finishes up with a specially made cinema WAD in which to play DOOM-in-DOOM, and even Hexen-in-DOOM. Pick up your trusty chainsaw, it’s going to be a long night.

Continue reading “Even DOOM Can Now Run DOOM!”

Screenshot of the EFI shell, showing doom.wad and doom.efi in 'ls' command output, and then doom.efi being loaded

DOOM? In Your BIOS? More Likely Than You Think!

We’ve seen hackers run DOOM on a variety of appliances, from desk phones to pregnancy tests. Now, the final frontier has been conquered – we got DOOM to run on an x86 machine. Of course, making sure we utilize your PC hardware to its fullest, we have to forego an OS. Here are two ways you can run the classic shooter without the burden of gigabytes of bloated code in the background.

[nic3-14159] implemented this first version as a payload for coreboot, which is an open-source BIOS/UEFI replacement for x86 machines. Some might say it’s imperfect — it has no sound support, only works with PS/2 keyboards, and exiting the game makes your computer freeze. However, it’s playable, and it fits into your BIOS flash chip.

But what if your computer hasn’t yet been blessed with a free BIOS replacement? You might like this UEFI module DOOM port instead, originally made by [Warfish] and then built upon by [Cacodemon345]. To play this, you only need to compile the binary and an UEFI shell, then use the “Load EFI Shell” option in your UEFI menu – something that’s widely encountered nowadays. This version also lacks sound, but is a bit more fully featured due to all the facilities that UEFI provides for its payloads.

Of course there’s far more efficient ways to slay demons on your computer, but even if they aren’t necessarily practical from a gaming standpoint, these two projects serve as decent examples of Coreboot and UEFI payloads. BIOS replacements like coreboot take up so little space, we’ve even seen Windows 3.1 fit alongside coreboot in the BIOS chip. Wondering what UEFI is, even? Here’s a primer for you. And, if you don’t mind the exceptional bloat of a stripped-down Linux install, here’s a Linux image built from the ground up to run DOOM specifically.

Continue reading DOOM? In Your BIOS? More Likely Than You Think!”

Rat playing DOOM

Rats Learn To Play DOOM In This Automated VR Arena

When we run an article with “DOOM” in the title, it’s typically another example of getting the venerable game running on some minimalist platform. This DOOM-based VR rig for rats, though, is less about hacking DOOM, and more about hacking the rats.

What started as a side project for [Viktor Tóth] has evolved into quite a complex apparatus. At the center of the rig is an omnidirectional treadmill comprised of a polystyrene ball about the size of a bowling ball. The ball is free to rotate, with sensors detecting rotation in two axes — it’s basically a big electromechanical mouse upside down. The rat rides at the top of the ball, wearing a harness to keep it from slipping off. A large curved monitor sits right in front of the rat to display the virtual environment, which is a custom DOOM map.

With the VR rig built, [Viktor] worked on automating the training. A treat dispenser provides the proper motivation, while powered drive wheels engage with the ball to nudge the rat if it gets stuck in the virtual world. [Viktor] says he has trained three rats — [Romero], [Carmack], and [Tom] — to walk down a straight hallway using this automated method. As for the meat of the game — shooting monsters — [Viktor] has that covered too, with a sensor that detects when a rat rears up on its hind legs to register a shot.

Total training time to get the rats to the point seen in the video was about six weeks, and [Viktor] reports the whole thing cost him about $2000. That’s a lot of time and money, but the results are pretty interesting. If you’re more interested in minimalist DOOM builds, we understand — check out DOOM on a lightbulb, or a thermostat, or even a GPS.

Continue reading “Rats Learn To Play DOOM In This Automated VR Arena”