You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
The flag is in a debug register only accessible from the PPC (no IOS snoopery!), and all addresses (what gets hashed, the hash value it is compared to, and the debug register) are mangled so you get no xrefs in IDA/Ghidra/etc.
Then a completely *different* piece of code checks the debug register (addressed in a *different* way), and if it is set, it introduces a buffer overflow. That buffer overflow is carefully crafted to corrupt heap structures just enough.
HBC won't crash immediately, but with high likelihood will later. This was based on a real bug I had, and which took me a month to debug. With a remote gdb stub and a debug build and logging. I ended up teaching myself to read swizzled glyph textures from hex dumps.
So yeah, when you're doing obfuscation, you're doing it wrong if you think using Real Crypto is going to help you. For integrity checking, make it as inconspicuous as possible, so it blends in. For code obfuscation, just go nuts with bizarre DIY stuff.
(For those new to this saga: HBC has integrity protection because I had to add "reverse DRM" because scammers were *selling* it by literally using game piracy tools; the rev-DRM means you can only install it with the official installer, which includes a warning that it is free).
And also: the reason why the heap overflow was carefully tuned to make it crashy, but not *always*, was our policy that any security we add can *never* make the app completely unusable, because users have in the past put themselves in situations where (...)
(...) HBC is the only thing that works on their console, and the only way they can fix the rest of it, and I absolutely *never* want some reverse-DRM bullshit to be the final nail in the coffin of a Wii brick (even if the user got themselves in this situation another way).
Other highlights: other install/system state integrity checks in HBC will turn your screen upside-down, or show a scam warning for a couple minutes, or 60 minutes. Always leaving it usable. To some extent.
as much as I usually hate DRM, I am in awe at the evil genius of this
(just read the rest of the thread, guess TIL sometimes free stuff needs to be protected from greed, not just the other way around,,,)
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
