Forgot your password?
typodupeerror
Hardware Hacking Apple Hardware

Revisiting the Macintosh ROM Easter Egg 98

Posted by timothy
from the when-engineers-play dept.
eldavojohn writes "NYCResistor has published photos of what they call 'Ghosts in the ROM' after dumping Apple Mac SE ROM images from a roadside Motorola 68000-era Macintosh and looking at all the data (they mention an Easter egg reference to this from 1999). They go into some nice detail about the strategy for extracting this data from a discarded unit and noticing structure. There's also other data that they weren't able to identify, which causes one to wonder how many other Easter eggs are lying about in various ROM chips and what modern Easter eggs must be shipping with software/hardware today."
This discussion has been archived. No new comments can be posted.

Revisiting the Macintosh ROM Easter Egg

Comments Filter:
  • That first picture reminds me of watching cinemax when I was a teenager, minus the naked women.

  • by Darkness404 (1287218) on Thursday August 23, 2012 @12:19PM (#41097077)
    Of course there are easter eggs stored in ROMs. You only need to look as far as to video games to find long rants hidden in there (just see http://www.bretz.ca/dave/tetrisrant.htm [bretz.ca] for an example)
    • Re:Of course... (Score:5, Interesting)

      by cpu6502 (1960974) on Thursday August 23, 2012 @12:31PM (#41097295)

      My first easter egg was in the old Atari console game "Adventure". If you found a hidden room and carried a magic one-pixel sprite (dot) into that room, it displayed the name of the programmer.

      Of course once Atari learned about it they had a fit because they wanted programmers to remain anonymous, and that's one of the reasons four programmers quit Atari and founded Activision. They wanted name credit for their artistic creations.

  • Obligatory: it's the launch codes!

  • by jaymz666 (34050) on Thursday August 23, 2012 @12:24PM (#41097157)

    One man's easter egg can easily be another man's malware. This sounds kind of cool, until you realise there could be any number of malicious "easter eggs"

    • by rhsanborn (773855) on Thursday August 23, 2012 @12:25PM (#41097193)
      Let's even consider that they aren't malicious, but simply untested. It's a bunch of code that's possibly vulnerable to an exploit.
    • by wiedzmin (1269816) on Thursday August 23, 2012 @12:26PM (#41097203)

      ikr. a little while ago there was an easter egg of a hardcoded admin username and password in some HP hardware... recently there's an easter egg of some hardcoded keys... fun fun fun.

    • by Darkness404 (1287218) on Thursday August 23, 2012 @12:30PM (#41097267)
      ...So? You take this risk anytime you use closed source software (or anytime you don't view the source of an open source software program, and your compiler, etc.)

      How do you know your web browser right now doesn't have malware built in? After all, have you read the entire source for Firefox/Chrome/Safari/Internet Explorer/Opera for the exact version you are using?
      • > How do you know your web browser right now doesn't have
        > malware built in? After all, have you read the entire source
        > for Firefox...?

        No, but many others have, and many, many others, including me, have the opportunity to do so. This makes embedding malware in it impractical.

        • by hairyfeet (841228) <{bassbeast1968} {at} {gmail.com}> on Thursday August 23, 2012 @05:47PM (#41102081) Journal

          Oh bullshit. Did everyone forget the Quake 3 malware that sat in the repos for a year and a fricking half? For something that is INSANELY popular like Firefox then MAYBE, just maybe, you've had a couple of dozen guys that aren't the actual devs look at the thing. For the rest, the bazillion little packages that make up your average distro that nobody ever seems to even think about until it breaks? Not a chance. Tell me have YOU gone through the FF source code? How about the Libre Office source? If the answer is no then WTF makes you think anybody else has?

          Just because something CAN be done does not mean it HAS been done, there is a difference. Finally have you looked at some of the source for the obfuscated C contest entries? With that you know ahead of time there is malware in it yet many devs here would be hard pressed to find it, so what makes you think that on code where nobody knows if it has or hasn't and aren't expecting to find anything nasty that you or anyone else would spot the bug if it were obfuscated and hidden among a half a million lines of code?

    • by firewrought (36952) on Thursday August 23, 2012 @02:53PM (#41099353)

      One man's easter egg can easily be another man's malware. This sounds kind of cool, until you realise there could be any number of malicious "easter eggs".

      Um, no. Easter eggs and malware are completely separate camps. By the time you hit upon an easter egg, you've already committed to trusting a progammer's intentions and work quality. Discovering he or she has a sense of humor too does not cause injury to you. By the same token, a virus is a virus, even if it plays a cute animation [wikipedia.org].

      While you imply that we should regard easter eggs with a certain suspicion, I gather what's really making you uncomfortable is the fact that there's hidden functionality in that binary you're running. Guess what... easter eggs or not, most software is loaded with hidden functionality: easter eggs, diagnostic functions, test code, old screens, unused modules, compatibility modes, experimental features, platform-specific and customer-specific hacks, and, yes, sometimes malware. Easter eggs have merely made you reexamine some false assumptions you had.

      • by jaymz666 (34050)

        The early cases of spyware, in Bonzi Buddy and Gator, could certainly be considered easter eggs.

    • by keytoe (91531)

      One man's easter egg can easily be another man's malware. This sounds kind of cool, until you realise there could be any number of malicious "easter eggs"

      If you want to start from the 'unexpected code' position, then the difference between an easter egg and malware is solely based on intent.

      For mine - I had to rewrite some software that handled magnetic card reader hardware for a POS system. We were transitioning to a completely different OS, but I had the original source to use as a template. The old code

  • by AnotherAnonymousUser (972204) on Thursday August 23, 2012 @12:25PM (#41097175)
    In the increasingly litigious world of software, it seemed like a lot of Easter eggs disappeared from operating systems and from business software. Software became professional and had less use for a sense of humor, undocumented code became a possible liability, and it seems to be looked upon a little more as having no place in the business world. Which is said, I think.
    • Not sure it's because of litigation. Lawsuits have always been a danger in the industry.

      I think it's just programmers got more boring. When was the last time YOU put an easter egg in your code? It's just not worth the effort (and it can be hard to hide when you're not writing assembly).
      • by geekoid (135745) <{moc.oohay} {ta} {dnaltropnidad}> on Thursday August 23, 2012 @12:42PM (#41097455) Homepage Journal

        Code is getting a lot more complex. When it's 4 people putting a game together? then you can stick an Easter egg and all laugh about it. when its 20 developers, 12 QA people, and a few million lines of code? it because an addition thing to manage.

        TO answer your question:
        I often out Easter eggs in my code, but I do most my work on my own.
        Also, jokes.

        • by roman_mir (125474)

          When it's 4 people putting a game together? then you can stick.....

          laugh about it. when its 20 .....

          code? it because an ...

          TO answer...

          I often out Easter eggs ....

          I do most my work on my own....

          Also, jokes.

          This entire comment is an Easter egg.

  • by fuzzyfuzzyfungus (1223518) on Thursday August 23, 2012 @12:25PM (#41097185) Journal

    If you have time for easter eggs, you clearly aren't coding hard enough; and if the product has space for easter eggs, we clearly haven't shaved the BOM hard enough!

    I expect this nonsense to be gone in revision B, no matter how many nights and weekends it takes!

    • if the product has space for easter eggs, we clearly haven't shaved the BOM hard enough!

      Say you have a program that fits in the first 412 KiB of a 512 KiB chip. No, it wouldn't be possible to trim that down to 256 KiB, the next smaller chip, on the provided budget. What else should the developers put into the unused space?

      • Re: (Score:3, Funny)

        by Anonymous Coward

        What else should the developers put into the unused space?

        A compression routine that would allow the machine code to fit in the 256kb to begin with?

      • by Anonymous Coward

        if the product has space for easter eggs, we clearly haven't shaved the BOM hard enough!

        Say you have a program that fits in the first 412 KiB of a 512 KiB chip. No, it wouldn't be possible to trim that down to 256 KiB, the next smaller chip, on the provided budget. What else should the developers put into the unused space?

        Clearly, you've never worked in a company run by a bunch of penny-pinching bean counters. They WILL spend billions researching how to shave a not-power-of-two off of ROM if it means they can save a penny on each product produced. And if they can't figure that out, the programming department will get orders to shave their code down to 256KiB. After all, that's around 20% of the space going unused. Over 20% waste! That MUST be dealt with at once! If you nerds can cut down your used space like that, you

  • ... and "military security risks" usually put in by offshore programmers.

    • by geekoid (135745)

      Backdoor and easter eggs are different things, and they have both always been around as long as computers have been around.

  • All other ROMs, not just Apple's.
    I know IBM BIOSes contain a large number of Easter eggs.
    Unfortunately we started to call them "bugs" back in the 80s.

  • there used to be a site [probably still out there]
    that had images found on all sorts of chips
    CPU's , ROM, etc etc

    no Idea what it was called

    but there have been digital artists plying their works for years and years...

    the MAC images have been know about since like forever ?

  • by cathector (972646) on Thursday August 23, 2012 @12:40PM (#41097423)

    my favorite easter egg was in the early amiga 'rom' (kickstart) -
    if you held down both shift keys, both ctrl keys, one of the function keys, then inserted a floppy disk,
    the screen would briefly flash "the amiga - we made it, commodore fucked it up'.

    • by Anonymous Coward

      Urban legend... and definitely not true.

      • by cathector (972646)

        i'm speaking from experience.

        this would have been in kickstart 1.1 or possibly even 1.0,
        it was taken out of later editions of kickstart.

        also it flashed very quickly, which perhaps might lead to some confusion as to whether it was real or not.
        to get it to stay up for even a second i had to launch a bunch of background tasks to slow the whole machine down.

      • Re: (Score:3, Informative)

        by Anonymous Coward

        It's genuine and in Workbench 1.2. [amigahistory.co.uk]

        LShift-RShift-LAlt-RAlt-ejectdisk-F1 prints "The Amiga, Born a Champion"

        LShift-RShift-LAlt-RAlt-insertdisk-F1 prints "We made Amiga, They fucked it up"

        In Workbench 1.3, Commodore changed the latter message to "Still a Champion"

  • Apple ][ easter egg (Score:4, Interesting)

    by v1 (525388) on Thursday August 23, 2012 @12:48PM (#41097517) Homepage Journal

    I recall on my //c I could type "VERIFY" (with no filename, or with no DOS booted) and it would return

    COPYRIGHT (C) 1984 APPLE COMPUTER (beep!)

    I heard a rumor, I'm not sure if it was urban legend or real, that some company pirated apple's rom into their apple 2 clone and it went to court. And in court, they had brought in a clone computer that was "not infringing" and the prosecution asked them to type "VERIFY" and hit return. The message that displayed on their machine closed the case.

    Anyone know if that really happened?

    • by Dwedit (232252) on Thursday August 23, 2012 @01:10PM (#41097783) Homepage

      Tried that on an emulator in several different modes.
      Nothing but "?SYNTAX ERROR"s all around.
      Do you have any evidence that this command is real?

      • by v1 (525388)

        Tried that on an emulator in several different modes.
        Nothing but "?SYNTAX ERROR"s all around.
        Do you have any evidence that this command is real?

        Minor brainfart on my part. It wasn't in the ROM, this was the DOS (3.2) that did it. It was a DOS intercepted command, "VERIFY", to read all blocks from a file to verify it. (mostly useless) If typed without any filename supplied, it would display the above message. It was a copyright message from the DOS, not the BASIC ROM. my bad there. It's been awhile ;)

        T

        • by Kymermosst (33885)

          Actually, it was the VERIFY command in the ProDOS BASIC.SYS that output the copyright message when no filename was given. In ProDOS, if a filename was given, it checked that the file existed, but did nothing else.

          Apple DOS 3.3 and earlier read every sector in the file and would return an I/O error if it could not be read. Not specifying a file name resulted in an error.

    • The urban legend (unproven AFAIK) was that Gary Kildall used that stunt to prove that Microsoft ripped of CP/M. From an article in Spectrum [ieee.org]:

      In 2006, science fiction writer and technology reporter Jerry Pournelle said on “This Week in Tech,” an Internet radio show, that this secret command triggered the display of a copyright notice for DRI and Kildall’s full name. According to Pournelle, Kildall had demonstrated this command to him by typing it into DOS; it produced the notice and thus proved that DOS was copied from CP/M.

      This story, circulated for years, has a few problems. First, no one knows the secret command; Pournelle claims he wrote the command down but has never shown it to anyone. In addition, such a message would be easily seen by opening the binary files in a simple text editor unless the message was encrypted. CP/M had to fit on a floppy disk that held only 160 kilobytes; Kildall’s achievement was squeezing an entire operating system into such a small footprint. But it is difficult to imagine he could do this and also squeeze in an undetectable encryption routine. And although we’re now in an era of hackers breaking into heavily secured computers, no one has ever cracked DOS to find this secret command.

      But I set out to look for it anyway. I used a utility program developed at SAFE to extract strings of text from binary files. Not only did Kildall’s name not show up in any QDOS or MS-DOS text strings, it did not show up in CP/M either. The term “Digital Research” did appear in copyright notices in the CP/M binary files, but not in MS-DOS or QDOS binary files.

      If Jerry Pournelle did indeed see a hidden message revealed by a secret command, it was not in MS-DOS.

    • by Nyder (754090)

      I recall on my //c I could type "VERIFY" (with no filename, or with no DOS booted) and it would return

      COPYRIGHT (C) 1984 APPLE COMPUTER (beep!)

      I heard a rumor, I'm not sure if it was urban legend or real, that some company pirated apple's rom into their apple 2 clone and it went to court. And in court, they had brought in a clone computer that was "not infringing" and the prosecution asked them to type "VERIFY" and hit return. The message that displayed on their machine closed the case.

      Anyone know if that really happened?

      Well, I got an Apple IIe, IIc, and IIgs, and a lazer 128 (IIc clone) and I'm way to lazy to hook them up and check it out.

    • by tlhIngan (30335) <slashdot@wor f . n et> on Thursday August 23, 2012 @03:32PM (#41099993)

      I heard a rumor, I'm not sure if it was urban legend or real, that some company pirated apple's rom into their apple 2 clone and it went to court. And in court, they had brought in a clone computer that was "not infringing" and the prosecution asked them to type "VERIFY" and hit return. The message that displayed on their machine closed the case.

      Anyone know if that really happened?

      It's true, but not quite that cut-and-dried.

      It was Apple Computer v. Franklin Computer [wikipedia.org] (yes the Franklin of "spelling ace" and other handheld device fame).

      Basically, because the Apple II schematics were in the box, Franklin claimed they could build a clone and use Apple's software, which existed only as machine-readable binary (the copyright of which was unknown). That one case basically locked down the status of object code being copyrightable.

      Bell and Howell [wikipedia.org] however obtained a license from Apple to clone it.

  • The summary as originally posted read:

    "eldavojohn writes

    "NYCResistor has published photos of what they call 'Ghosts in the ROM' after dumping Apple Mac SE ROM images from a roadside Motorolla 68000-era Macintosh [blah blah blah]"

    You can see in TFA that they misspell Motorola with two ells. The correct way to handle this is:

    "eldavojohn writes

    "NYCResistor has published photos of what they call 'Ghosts in the ROM' after dumping Apple Mac SE ROM images from a roadside Motorolla (sic) 68000-era Macintosh [blah blah blah]"

    Not cool.

    • You can see in TFA that they misspell Motorola with two ells. The correct way to handle this is:

      ...roadside Motorolla (sic) 68000-era Macintosh [blah blah blah]"

      As editorial markup, "sic" (Latin for "thus") is enclosed in square brackets, not parentheses:

      Sic in square brackets is an editing term used with quotations or excerpts. It means "thatâ(TM)s really how it appears in the original."

      It is used to point out a grammatical error, misspelling, misstatement of fact, or, as above, the unconventiona

    • after dumping Apple Mac SE ROM images from a roadside Motorolla (sic) [sic] 68000-era Macintosh [blah blah blah]

      I think you meant "[sic]", not "(sic)" ;)

      And since the summary is eldavojohn's own words, and not a quote from the article, why should he have to repeat their mistakes?

      You can see in TFA that they misspell Motorola with two ells.

      Did they? Where?

      Not cool.

      Not not cool, just not anal.

  • by respice (974320) on Thursday August 23, 2012 @02:26PM (#41098869)
    I'm a tech writer, and years ago, on a project, I had a dialog box in a project that had a bunch of tabs. In the help, I put screenshots of each tab. If you were looking at the help for tab "A" and clicked on tab "B," "C," D," etc. in the project, the help for that page would come up, and the screenshots were aligned with one another. Anyway, if you clicked the "Help" button in the screenshot on one and only one of the tabs (in the help, mind you), we jumped to a new page with a picture of the entire doc team and our names. The head of the doc team knew - he was even in the picture - but I don't think anyone else in management knew. There was one SE who knew, and she used to demonstrate it for easily-amused customers.

    Now who else will admit to their Easter Eggs?
  • It reminds me about the easter egg in the Thomson's MO6 ROM, when you pressed the keys M, O and 6 simultaneously:
    http://cyberpingui.free.fr/mo6.htm [cyberpingui.free.fr]

    Since it's from 1985, it's a little bit older than Apple's one.

  • Here's an easter egg just for /.'ers. Or is it malware from a black-hatter? Oooh, living life on the edge, what will you do? Clicking on this link may supply you with a happy reward! Or, will it launch an unstoppable game of Thermonucleur War? Decisions, decisions..... http://www.youtube.com/watch_popup?v=KcuDdPo0WZk [youtube.com]

IF I HAD A MINE SHAFT, I don't think I would just abandon it. There's got to be a better way. -- Jack Handley, The New Mexican, 1988.

Working...