Revisiting the Macintosh ROM Easter Egg

eldavojohn writes "NYCResistor has published photos of what they call 'Ghosts in the ROM' after dumping Apple Mac SE ROM images from a roadside Motorola 68000-era Macintosh and looking at all the data (they mention an Easter egg reference to this from 1999). They go into some nice detail about the strategy for extracting this data from a discarded unit and noticing structure. There's also other data that they weren't able to identify, which causes one to wonder how many other Easter eggs are lying about in various ROM chips and what modern Easter eggs must be shipping with software/hardware today."

scrambled channels?

[RackinFrackin]

That first picture reminds me of watching cinemax when I was a teenager, minus the naked women.

Of course...

[Darkness404]

Of course there are easter eggs stored in ROMs. You only need to look as far as to video games to find long rants hidden in there (just see http://www.bretz.ca/dave/tetrisrant.htm [bretz.ca] for an example)

Re:Of course...

[cpu6502]

My first easter egg was in the old Atari console game "Adventure". If you found a hidden room and carried a magic one-pixel sprite (dot) into that room, it displayed the name of the programmer.

Of course once Atari learned about it they had a fit because they wanted programmers to remain anonymous, and that's one of the reasons four programmers quit Atari and founded Activision. They wanted name credit for their artistic creations.

Re:

[mattack2]

Warren Robinett, doesn't everybody remember that?

You're not cleared for that

[cellocgw]

Obligatory: it's the launch codes!

Re:

[Anonymous Coward]

Didn't they bother to search for any of this on Google? This Easter egg was publicized YEARS ago. maybe in 30 years someone else will publish an article about finding data on a hard drive.

That would be the link to the 1999 report of an Easter egg (in the fucking summary no less). The neat thing here is how they got all the pictures from two PROM chips.

Re:

[Impy the Impiuos Imp]

The comments at TFA point out how you know you're old when your common knowledge is someone else's hacker archaeological project.

Isaac Asimov's prediction in Foundation may prove true -- in there scientists (at least 30 kiloyears in the future) argue about the validiy of the "millenial depth" theory, that you only needed to delve into the past 1000 years of history or science papers, and that if it wasn't talked about there, it wouldn't be any further back.

As to the hidden malware issue, read the prologue o

Re:

[MysteriousPreacher]

Read the fine summary? people socially bitcoining their way through this cloudy web 3.0 thing don't have time for such things. Seriously though, the story is indeed worth reading. Much geek wood to be had.

Re:

[NCG_Mike]

I remember actually seeing this via MacsBug back in the early 90s. I also remember we had a few MacPlus' that had engraved signatures on the inside of the box.

Re:Research?

[Zadaz]

Christ, what an asshole.

Yes, this was known. But the process of pulling them off the ROMs yourself? Documenting the process? Yeah, no one was kind enough to wrap all that up in one place. It's a fun read and if you're not careful even you, Mighty Internet Commenter, might learn something.

Shut the hell up and contribute. Bitching gets no one anywhere.

Re:

[MobileTatsu-NJG]

He's speaking in the bitch's native language so he'll understand better.

Re:

[Surak_Prime]

Hey, ease up, Zadaz. You'd probably be an irritating asshole if you were a god of death, too.

http://forgottenrealms.wikia.com/wiki/Kelemvor [wikia.com]

Re:

[milkmage]

Yes.. except people who read the article know it's just a reference the hackers used when dumping the ROMs.

Easter Egg/spyware

[jaymz666]

One man's easter egg can easily be another man's malware. This sounds kind of cool, until you realise there could be any number of malicious "easter eggs"

Re:Easter Egg/spyware

[rhsanborn]

Let's even consider that they aren't malicious, but simply untested. It's a bunch of code that's possibly vulnerable to an exploit.

Re:Easter Egg/spyware

[BenJury]

It's a shame isn't it? We have to forgo these fun little tit-bits for these sorts of issues.

Re:We have to forgo these fun little tit-bits

[TaoPhoenix]

AC replied below, but yes, look how the mood has changed, what used to be a fun programmer's trick when computing was all shiny and new is now a Back Door Security Threat.

Somewhere in that process of loss-of-innocence is how we as a race are struggling, because I don't see us going back to that worldview. I guarantee you (mostly) no one thought of "international hackers" in the 1980's when we were doing cute little tricks like that on Commodores and old Macs and early PC's etc.

Fast Forward to 2012. There's

Re:

[Gr8Apes]

Yep, recall the maze in Excel? How much bloat did that add to Excel?

Re:Easter Egg/spyware

[Luyseyal]

How about an entire flight simulator [wikipedia.org] easter egg?

-l

Re:

[iampiti]

In some old CPUs (Z80 maybe?) some illegal opcodes were discovered to have interesting side effects. Thus, programmers started using them as regular instructions.
It goes without saying that they had to be implemented exactly the same way in later revisions (o compatible versions) of the CPUs.

Re:

[RaceProUK]

'The Undocumented Z80 Documented' covers all those 'illegal' opcodes, as well as other odd behaviours.

Re:Easter Egg/spyware

[wiedzmin]

ikr. a little while ago there was an easter egg of a hardcoded admin username and password in some HP hardware... recently there's an easter egg of some hardcoded keys... fun fun fun.

Re:Easter Egg/spyware

[Darkness404]

...So? You take this risk anytime you use closed source software (or anytime you don't view the source of an open source software program, and your compiler, etc.)

How do you know your web browser right now doesn't have malware built in? After all, have you read the entire source for Firefox/Chrome/Safari/Internet Explorer/Opera for the exact version you are using?

Re:

[John Hasler]

> How do you know your web browser right now doesn't have
> malware built in? After all, have you read the entire source
> for Firefox...?

No, but many others have, and many, many others, including me, have the opportunity to do so. This makes embedding malware in it impractical.

Re:Easter Egg/spyware

[thorntonmark]

http://scienceblogs.com/goodmath/2007/04/15/strange-loops-dennis-ritchie-a/ [scienceblogs.com]

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Easter Egg/spyware

[firewrought]

One man's easter egg can easily be another man's malware. This sounds kind of cool, until you realise there could be any number of malicious "easter eggs".

Um, no. Easter eggs and malware are completely separate camps. By the time you hit upon an easter egg, you've already committed to trusting a progammer's intentions and work quality. Discovering he or she has a sense of humor too does not cause injury to you. By the same token, a virus is a virus, even if it plays a cute animation [wikipedia.org].

While you imply that we should regard easter eggs with a certain suspicion, I gather what's really making you uncomfortable is the fact that there's hidden functionality in that binary you're running. Guess what... easter eggs or not, most software is loaded with hidden functionality: easter eggs, diagnostic functions, test code, old screens, unused modules, compatibility modes, experimental features, platform-specific and customer-specific hacks, and, yes, sometimes malware. Easter eggs have merely made you reexamine some false assumptions you had.

Re:

[jaymz666]

The early cases of spyware, in Bonzi Buddy and Gator, could certainly be considered easter eggs.

Re:

[jedwidz]

15fps ought to be enough for anime.

Re:

[keytoe]

One man's easter egg can easily be another man's malware. This sounds kind of cool, until you realise there could be any number of malicious "easter eggs"

If you want to start from the 'unexpected code' position, then the difference between an easter egg and malware is solely based on intent.

For mine - I had to rewrite some software that handled magnetic card reader hardware for a POS system. We were transitioning to a completely different OS, but I had the original source to use as a template. The old code

Decline of Easter Eggs

[AnotherAnonymousUser]

In the increasingly litigious world of software, it seemed like a lot of Easter eggs disappeared from operating systems and from business software. Software became professional and had less use for a sense of humor, undocumented code became a possible liability, and it seems to be looked upon a little more as having no place in the business world. Which is said, I think.

Re:

[phantomfive]

Not sure it's because of litigation. Lawsuits have always been a danger in the industry.

I think it's just programmers got more boring. When was the last time YOU put an easter egg in your code? It's just not worth the effort (and it can be hard to hide when you're not writing assembly).

Re:Decline of Easter Eggs

[geekoid]

Code is getting a lot more complex. When it's 4 people putting a game together? then you can stick an Easter egg and all laugh about it. when its 20 developers, 12 QA people, and a few million lines of code? it because an addition thing to manage.

TO answer your question:
I often out Easter eggs in my code, but I do most my work on my own.
Also, jokes.

Re:

[roman_mir]

When it's 4 people putting a game together? then you can stick.....

laugh about it. when its 20 .....

code? it because an ...

TO answer...

I often out Easter eggs ....

I do most my work on my own....

Also, jokes.

This entire comment is an Easter egg.

*cracks whip*

[fuzzyfuzzyfungus]

If you have time for easter eggs, you clearly aren't coding hard enough; and if the product has space for easter eggs, we clearly haven't shaved the BOM hard enough!

I expect this nonsense to be gone in revision B, no matter how many nights and weekends it takes!

Chips come in power of 2 sizes

[tepples]

if the product has space for easter eggs, we clearly haven't shaved the BOM hard enough!

Say you have a program that fits in the first 412 KiB of a 512 KiB chip. No, it wouldn't be possible to trim that down to 256 KiB, the next smaller chip, on the provided budget. What else should the developers put into the unused space?

Re:

[Anonymous Coward]

What else should the developers put into the unused space?

A compression routine that would allow the machine code to fit in the 256kb to begin with?

Re:Chips come in power of 2 sizes

[tepples]

A compression routine that would allow the machine code to fit in the 256kb to begin with?

The ROMs of old world Macs were execute-in-place [wikipedia.org], meaning they didn't need to be copied to RAM first. Adding compression would require 412 KiB of RAM to hold the decompressed machine code. At the time, that was considered a huge chunk of RAM for a computer like the Mac.

Re:

[Anonymous Coward]

if the product has space for easter eggs, we clearly haven't shaved the BOM hard enough!

Say you have a program that fits in the first 412 KiB of a 512 KiB chip. No, it wouldn't be possible to trim that down to 256 KiB, the next smaller chip, on the provided budget. What else should the developers put into the unused space?

Clearly, you've never worked in a company run by a bunch of penny-pinching bean counters. They WILL spend billions researching how to shave a not-power-of-two off of ROM if it means they can save a penny on each product produced. And if they can't figure that out, the programming department will get orders to shave their code down to 256KiB. After all, that's around 20% of the space going unused. Over 20% waste! That MUST be dealt with at once! If you nerds can cut down your used space like that, you

These days we call them "backdoors"

[gestalt_n_pepper]

... and "military security risks" usually put in by offshore programmers.

Re:

[geekoid]

Backdoor and easter eggs are different things, and they have both always been around as long as computers have been around.

Now let's go check

[aglider]

All other ROMs, not just Apple's.
I know IBM BIOSes contain a large number of Easter eggs.
Unfortunately we started to call them "bugs" back in the 80s.

lots of chips had images on them

[Dave Whiteside]

there used to be a site [probably still out there]
that had images found on all sorts of chips
CPU's , ROM, etc etc

no Idea what it was called

but there have been digital artists plying their works for years and years...

the MAC images have been know about since like forever ?

Re:

[tepples]

And they could have used a bit of unsharp masking before dithering down to the 1-bit format that all Macs used at the time.

Re:

[gasmasher]

You are probably thinking of the Silicon Zoo [fsu.edu]. Fun site.

Re:

[Dave Whiteside]

yes excellent ;-p

we made it, commodore f*cked it up

[cathector]

my favorite easter egg was in the early amiga 'rom' (kickstart) -
if you held down both shift keys, both ctrl keys, one of the function keys, then inserted a floppy disk,
the screen would briefly flash "the amiga - we made it, commodore fucked it up'.

Re:

[Anonymous Coward]

Urban legend... and definitely not true.

Re:

[cathector]

i'm speaking from experience.

this would have been in kickstart 1.1 or possibly even 1.0,
it was taken out of later editions of kickstart.

also it flashed very quickly, which perhaps might lead to some confusion as to whether it was real or not.
to get it to stay up for even a second i had to launch a bunch of background tasks to slow the whole machine down.

Re:

[Anonymous Coward]

It's genuine and in Workbench 1.2. [amigahistory.co.uk]

LShift-RShift-LAlt-RAlt-ejectdisk-F1 prints "The Amiga, Born a Champion"

LShift-RShift-LAlt-RAlt-insertdisk-F1 prints "We made Amiga, They fucked it up"

In Workbench 1.3, Commodore changed the latter message to "Still a Champion"

Apple ][ easter egg

[v1]

I recall on my //c I could type "VERIFY" (with no filename, or with no DOS booted) and it would return

COPYRIGHT (C) 1984 APPLE COMPUTER (beep!)

I heard a rumor, I'm not sure if it was urban legend or real, that some company pirated apple's rom into their apple 2 clone and it went to court. And in court, they had brought in a clone computer that was "not infringing" and the prosecution asked them to type "VERIFY" and hit return. The message that displayed on their machine closed the case.

Anyone know if that really happened?

Re:Apple ][ easter egg

[Dwedit]

Tried that on an emulator in several different modes.
Nothing but "?SYNTAX ERROR"s all around.
Do you have any evidence that this command is real?

Re:

[v1]

Tried that on an emulator in several different modes.
Nothing but "?SYNTAX ERROR"s all around.
Do you have any evidence that this command is real?

Minor brainfart on my part. It wasn't in the ROM, this was the DOS (3.2) that did it. It was a DOS intercepted command, "VERIFY", to read all blocks from a file to verify it. (mostly useless) If typed without any filename supplied, it would display the above message. It was a copyright message from the DOS, not the BASIC ROM. my bad there. It's been awhile ;)

T

Re:

[Kymermosst]

Actually, it was the VERIFY command in the ProDOS BASIC.SYS that output the copyright message when no filename was given. In ProDOS, if a filename was given, it checked that the file existed, but did nothing else.

Apple DOS 3.3 and earlier read every sector in the file and would return an I/O error if it could not be read. Not specifying a file name resulted in an error.

Re:

[AttyBobDobalina]

Could this be what you are recalling? http://www.folklore.org/StoryView.py?project=Macintosh&story=Stolen_From_Apple.txt&characters=Steve%20Capps&sortOrder=Sort%20by%20Date&detail=high&showcomments=1 [folklore.org]

Re:

[Just Some Guy]

The urban legend (unproven AFAIK) was that Gary Kildall used that stunt to prove that Microsoft ripped of CP/M. From an article in Spectrum [ieee.org]:

In 2006, science fiction writer and technology reporter Jerry Pournelle said on “This Week in Tech,” an Internet radio show, that this secret command triggered the display of a copyright notice for DRI and Kildall’s full name. According to Pournelle, Kildall had demonstrated this command to him by typing it into DOS; it produced the notice and thus proved that DOS was copied from CP/M.

This story, circulated for years, has a few problems. First, no one knows the secret command; Pournelle claims he wrote the command down but has never shown it to anyone. In addition, such a message would be easily seen by opening the binary files in a simple text editor unless the message was encrypted. CP/M had to fit on a floppy disk that held only 160 kilobytes; Kildall’s achievement was squeezing an entire operating system into such a small footprint. But it is difficult to imagine he could do this and also squeeze in an undetectable encryption routine. And although we’re now in an era of hackers breaking into heavily secured computers, no one has ever cracked DOS to find this secret command.

But I set out to look for it anyway. I used a utility program developed at SAFE to extract strings of text from binary files. Not only did Kildall’s name not show up in any QDOS or MS-DOS text strings, it did not show up in CP/M either. The term “Digital Research” did appear in copyright notices in the CP/M binary files, but not in MS-DOS or QDOS binary files.

If Jerry Pournelle did indeed see a hidden message revealed by a secret command, it was not in MS-DOS.

Re:

[IntlHarvester]

On that note, Microsoft had secret easter eggs in their BASIC interpreter:

http://www.pagetable.com/?p=43 [pagetable.com] (bonus confirmation by Bill Gates in the comments)

Re:

[Nyder]

I recall on my //c I could type "VERIFY" (with no filename, or with no DOS booted) and it would return

COPYRIGHT (C) 1984 APPLE COMPUTER (beep!)

I heard a rumor, I'm not sure if it was urban legend or real, that some company pirated apple's rom into their apple 2 clone and it went to court. And in court, they had brought in a clone computer that was "not infringing" and the prosecution asked them to type "VERIFY" and hit return. The message that displayed on their machine closed the case.

Anyone know if that really happened?

Well, I got an Apple IIe, IIc, and IIgs, and a lazer 128 (IIc clone) and I'm way to lazy to hook them up and check it out.

Re:Apple ][ easter egg

[tlhIngan]

I heard a rumor, I'm not sure if it was urban legend or real, that some company pirated apple's rom into their apple 2 clone and it went to court. And in court, they had brought in a clone computer that was "not infringing" and the prosecution asked them to type "VERIFY" and hit return. The message that displayed on their machine closed the case.

Anyone know if that really happened?

It's true, but not quite that cut-and-dried.

It was Apple Computer v. Franklin Computer [wikipedia.org] (yes the Franklin of "spelling ace" and other handheld device fame).

Basically, because the Apple II schematics were in the box, Franklin claimed they could build a clone and use Apple's software, which existed only as machine-readable binary (the copyright of which was unknown). That one case basically locked down the status of object code being copyrightable.

Bell and Howell [wikipedia.org] however obtained a license from Apple to clone it.

Re:

[ColdWetDog]

Oops. Your hat is taped on a bit too tight.

Somebody help this fellow out, will you?

Re:

[inject_hotmail.com]

Why? Everything he/she said is true. Just because you don't believe it or believe that it doesn't happen "to anyone" does not make the OP crazy or an idiot. The OP is informed and is attempting to share knowledge. I don't understand why you (or anyone else) wouldn't appreciate that enough at least to refrain from disrespecting him/her. Obviously you don't have a clue as to how espionage works, or the fact that it even occurs on a daily basis. You'd likely be similarly in disbelieve to hear the monolithic am

Re:

[hey0you0guy]

http://www.apologeticspress.org/apcontent.aspx?category=13&article=925 [apologeticspress.org]

Is "Easter egg" now a euphemisn for...

[John Hasler]

..."back door"?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Typo in correction to summary

[idontgno]

You can see in TFA that they misspell Motorola with two ells. The correct way to handle this is:

...roadside Motorolla (sic) 68000-era Macintosh [blah blah blah]"

As editorial markup, "sic" (Latin for "thus") is enclosed in square brackets, not parentheses:

Sic in square brackets is an editing term used with quotations or excerpts. It means "thatâ(TM)s really how it appears in the original."

It is used to point out a grammatical error, misspelling, misstatement of fact, or, as above, the unconventiona

Re:

[mattack2]

thatÃ(TM)s

[sic], indeed.

Re:

[wonkey_monkey]

after dumping Apple Mac SE ROM images from a roadside Motorolla (sic) [sic] 68000-era Macintosh [blah blah blah]

I think you meant "[sic]", not "(sic)" ;)

And since the summary is eldavojohn's own words, and not a quote from the article, why should he have to repeat their mistakes?

You can see in TFA that they misspell Motorola with two ells.

Did they? Where?

Not cool.

Not not cool, just not anal.

I'll admit to mine...

[respice]

I'm a tech writer, and years ago, on a project, I had a dialog box in a project that had a bunch of tabs. In the help, I put screenshots of each tab. If you were looking at the help for tab "A" and clicked on tab "B," "C," D," etc. in the project, the help for that page would come up, and the screenshots were aligned with one another. Anyway, if you clicked the "Help" button in the screenshot on one and only one of the tabs (in the help, mind you), we jumped to a new page with a picture of the entire doc team and our names. The head of the doc team knew - he was even in the picture - but I don't think anyone else in management knew. There was one SE who knew, and she used to demonstrate it for easily-amused customers.

Now who else will admit to their Easter Eggs?

Previous Easter Egg in ROM

[eulernet]

It reminds me about the easter egg in the Thomson's MO6 ROM, when you pressed the keys M, O and 6 simultaneously:
http://cyberpingui.free.fr/mo6.htm [cyberpingui.free.fr]

Since it's from 1985, it's a little bit older than Apple's one.

Re:fully bootable copy of System 6 in the ROM

[TaoPhoenix]

This is a nice piece of (presumed true) trivia from an AC. Does a ROM-bootable copy of an OS hold implications for security recovery today?

Re:

[account_deleted]

Comment removed based on user account deletion