I sometimes pick up random projects just because I can, this was one of those times. I made it as a week long project a while back this year but never shared here, so thought to go for it haha.
I created a game inspired by Doom and the backrooms called The Backdooms under 2.4kb in minified html. (for reference, this entire post would be around 1.8kB haha)
I had to use a not popular way of using GZip with Zlib headers (had to write my own script for compressing it, also in the repo) to eventually convert it a size 40 QR code that works right in your browser using Decompressionstream API.
This is of course a very oversimplified description of it, using a lot of the same technologies that DOOM had but combining it with infinite seed based map generation in 2.4kb (QR codes can only store 3kb, which includes changing formats) was pretty hard.
Here are some links about it if you want to nerd out and read more:
YOU'RE A LEGEND! I just managed to ADD (somewhat of) TOUCHSCREEN SUPPORT, better movement, enemy spawning and damage mechanisms in the space that freed up because of this! Genuinely, thank you, made my month :)
Really cool project! TIL about 'data:' URLs—while I was familiar with the 'data:' URI scheme and had used it before, I didn’t realize it could be used as a full URL. Funny enough, I had been thinking about building something similar that fits entirely within a QR code, but I held off because I mistakenly thought it would require an HTTP(s) link. I was heavily inspired by this work: Can you fit a whole game into a QR code?(https://www.youtube.com/watch?v=ExwqNreocpg)
Thank you for your kind words!
I was also inspired by this video back in lockdown, I believe, super cool but I went the opposite route for browser based because of more compatibility.
Pardon my dumb query, as I'm a tech novice, but aren't QR just encodings of data? And the max amount of data a QR can encode is like 3kb, which would roughly correspond to 3000 or so plaintext characters. So the achievement here is that this Doom-like game can be run from an executable roughly of that size?
QR codes have various encoding modes: numeric, alphanumeric, 8 bit and kanji. The most common is alphanumeric encoding and the densest is 8 bit encoding which just stores binary data.
The QR code standards seem to be a little ambiguous on the meaning and purpose of the 8 bit encoding. I got the impression they added it to support alternative character encodings. Still, it's a mode that "represents an 8-bit byte value directly".
> The default interpretation for QR Code is ECI 000020 representing the JIS8 and Shift JIS character sets.
> 8.3.4 8-bit Byte Mode
> The 8-bit byte mode handles the 8-bit Latin/Kana character set in accordance with JIS X 0201 (character values 00HEX to FFHEX).
> In this mode data is encoded at a density of 8 bits/character.
> 8.4.4 8-bit Byte Mode
> In this mode, one 8 bit codeword directly represents the JIS8 character value of the input data character as shown in Table 6, i.e. a density of 8 bits/character.
> In ECIs other than the default ECI, it represents an 8-bit byte value
directly.
In any case, it is possible to use QR codes to store arbitrary binary data. The qrencode tool can do this natively. Decoder support is more tricky, they tend to assume all QR codes contain text. I had to send patches to zbar to help it decode QR codes with binary data in them because it was passing the data through iconv and mangling the output. I also had to add options to the zbar tools to make them decode exactly one QR code
I just wanted to print out 4096 bit RSA secret keys as QR codes. People started QR encoding video games pretty soon after. It's awesome.
This is also a valid self-contained HTML document. You have to add `;charset=utf-8`, if you need to go beyond ASCII, and for some browsers watch for URI-encoding of some syntactically significant characters (like `#` and `%`, `?`).
Base64 is indeed good to be "safe" and/or somewhat 'conceal' the payload, but it also makes it larger by 1/3 (every three bytes of input become four characters of the base64 output). So taking the risk some devices would not like raw "ASCII dataURI", the QR of the backrooms QR could shave off 738 bytes.
BTW, this is my "HTML sandbox" for testing stuff in a browsers that I summon daily through keyword bookmark to test simple stuff:
Yeah, sadly, top-level dataURIs are increasingly neglected and banished from browsers, mainly because they were misused for scams in the past; for example no modern browser allows navigating to top-level dataURI by clicking a link. Only bookmarks, manual entry, and external invocation (share) work (sometimes).
My pleasure :]
N.b., if you'd like to try fiddling with Backdooms in that Sandbox, either use the "original" HTML payload (with or without `data:text/html,` prefix in the content), or use "verbatim" (`data:text/html;verbatim,` prefix) when trying that last dataURI payload from the comment, otherwise all `%23` would be double encoded, so you'd get wrong colours. ";verbatim" turns off implicit URI Encoding. (It is not part of the tech, just my hacky hatch to be able to test both "true" dataURIs that can be used "verbatim" in URLs, or have convenience of auto-encoding, but have to extract sandbox iframe resulting payload afterwards, for "ejecting" the "project".
I'm saying the primary gateway most iOS users are using for loading a QR code - the camera app - will not present a transition to load your URL in this situation
Whether the resulting HTML game is playable in Safari is a different discussion.
The QR code, as generated, is effectively "not clickable" for most iOS users, unless they are using something other than the most common way to read QR codes on their phone like a 3rd party QR code reading app or similar.
fwiw, it works fine with the Pixel's built-in QR code scanner. It recognises it as text, not a URL, but it can copy to clipboard and then pasting in the browser works. Obviously I then die immediately because none of the controls work, but you can't have everything.
Hey just wanted to update, crazy timing but I Managed to add kind of some mobile touch support here because of a recent PR to FURTHER optimize it (crazy), so you can actually play it now if you figure out the controls lol
You do not need to scan a QR code via a physical camera in your hand directly; any general purpose computer can run a QR code parsing program which accepts arbitrary images as input. It's so easy to do that there exist web pages which implement said QR code scanning in JS. Thus, the parent poster has recommended that you save the QR code .png file to your disk and then use such a piece of software, such as the website they linked, to extract the data encoded in that QR code.
That is how you can use nearly any general-purpose computer to scan a QR code.
Hey just wanted to update, I Managed to add kind of some mobile touch support here, so if you get an alternate chromium based browser, you can put in the URI to play on mobile too!
Nope it doesn't, you can use any QR code scanner that takes image input!
I would've loved to include smartphone controls but that would take a LOT of extra bandwidth.
I'm kinda relieved that it doesn't work on an iPhone. I often scan codes posted around to save the time typing URLs and running arbitrary code by just scanning a QR code freaks me out.
I kinda see that too. Basically, the way some authors use to increase content size with redundant words is the default behavior for Ai chats plus all the disclaimers to avoid possible litigations or negative public image.
It runs inside a web browser though. This is no different from visiting an arbitrary link and running whatever arbitrary code in the Javascript sandbox of that link and one already knows a q.r. code an take one to an arbitrary link.
This QR code does. But what about a QR using similar designed by someone less honorable? With QR codes, you have no idea what will happen until you scan it. At that point, it could be too late
That said, I wouldn't mind an upgrade to the standard of say say if the link be printed above the code in human readable form in some way, the reader would refuse to open it, or at least be configurable to refuse to open it if they not match.
A friend and I were talking about a somewhat related idea.
We were wondering if we could encode the STL for a 3d print entirely into a QR code and then put that on the actual printed object - so that any piece you made could be replicated by just scanning the object and printing again.
When looking into it I thought it just was too much data, even looked into multi-colored QR codes. But I didn’t realize you could just make a bigger QR code…
This is very cool. On a similar bent I built https://urlfile.app because I wanted to see if I could share files via a URL (and I also wanted to genrate QR codes via Edge so I could load the files onto my phome). It works for small files fairly well...
Pretty cool, though like others I had some slight technical issues. On Firefox mobile I got a black screen (that was yesterday, maybe it's been updated since then). Firefox desktop today it worked once I figured out that:
a) the keyboard doesn't work until after I click to fire, and this state resets itself every time I press f5 to restart the game (presumably a browser focus issue)
b) both up/down and w/s work for back and forward, but a and d don't work for left and right, you need to use the left/right arrows.
The combination of the two had me scratching my head for a little while!
Heyo! Thanks for checking it out!
"On Firefox mobile I got a black screen" - Yup I broke it while trying to add mobile controls earlier, but it works well now!
"the keyboard doesn't work until after I click to fire, and this state resets itself every time I press f5 to restart the game" yes- this is actually something for starting the game music and some other processes
Tested it on an offline Android. I'm amazed that it works, although I could never figure out the controls so I always end up dead within a few seconds!
You might want to explain those controls in the readme :)
Great crazy thing!
I am waiting for the addition of "self contained QR code" to canitrundoom (although I don't know if it can be technically approved).
Yet... that game will now make me think twice before scanning any QR ^^
This is super cool. Recently, I tried making an offline, P2P chat program that fits inside of a QR code. In case network was down, the code could be scanned by mobile, allowing users to join a chat room. However this doesn’t seem possible at the moment, as
1. browsers don’t allow offline direct communication for safety reasons
2. couldn’t fit all needed data/prereq modules within the QR.
This stuff is starting to feel closer to Snow Crash than I'm comfortable with, when I saw that QR code I wondered if my brain was being altered :-D Amazing work.
Hey just wanted to update, I Managed to add kind of some mobile touch support here, so if you get an alternate chromium based browser, you can put in the URI to play on mobile too!
This is the obligatory comment on every ray casting game calling itself Doom like. I was scrolling down the page, checking if I had to add it, but luckily it was already done :-D
I was thinking yesterday whether it would have a potential application in the field of low resources communication : you produce a QR code containing your info that you transmit over SSTV so the other party can get the message. Supposedly much more efficient than FT8 or JS8Call.
Or much more malevolent as well. Just because something novel and fun/entertaining can be done does not mean assholes will not use the same techniques for their gain.
PoCs like this are neat and definitely shows some skillz by the author, but now I'm hoping security types take a look at this to see how vulnerable this could be from asshats.
It's already a good practice not to go around scanning random QR codes. Nobody has to go through the trouble of compressing a bunch of code to run in your browser when you can just make a QR code point to any malicious domain on the internet and infect devices all day long.
I am now waiting for news that someone has bio hacked a cockroach or a fruitfly to play doom, if not autonomously then for the full cold shivers, they are now robotisising insects, which could then be accesed through an interface to play doom
on a toothbrush booted from a qr code.
Sci-fi is lagging
Hey just wanted to update, I Managed to add kind of some mobile touch support here thanks to an awesome PR to further reduce the size, so if you get a chromium based browser, you can put in the URI to play on mobile too!
Totally understandable, I can make a snake game inside it fully compatible with mobile but mobile controls just take up a lot of space due to the sheer nature of them haha.
But the compression algorithm is up, feel free to make what you think is awesome and compatible, I'd love to see if you find out hacky solutions to make that work too :P
I might just do something like that. Although I inevitably get caught up in designing some minor tech part.
Last time I attempted something like that I made stack machine texture maker, then embedded it inside a version of TTT that minifies+gzips to under 1500bytes. After a few years of pondering I think there are a few more enhancements to be had.
For reference, This URL has a bunch of textures in it.
Sometimes, sometimes just optical, but in any case, there's even a guy, Ken Sherriff, who has been doing this as a hobby for ages. It's not like this is merely theoretical.
Sure if the parser is broken anything might happen.
Historically there have been exploits for Sony's PSP using modified .tiff images or an exploit for the Nintendo 3DS where a modified .m4a file could be used.
I created a game inspired by Doom and the backrooms called The Backdooms under 2.4kb in minified html. (for reference, this entire post would be around 1.8kB haha) I had to use a not popular way of using GZip with Zlib headers (had to write my own script for compressing it, also in the repo) to eventually convert it a size 40 QR code that works right in your browser using Decompressionstream API.
This is of course a very oversimplified description of it, using a lot of the same technologies that DOOM had but combining it with infinite seed based map generation in 2.4kb (QR codes can only store 3kb, which includes changing formats) was pretty hard.
Here are some links about it if you want to nerd out and read more:
Repository Link (MIT License): https://github.com/Kuberwastaken/backdooms
A Hosted (slightly improved) version of The Backdooms: https://kuberwastaken.github.io/backdooms/
Game Trailer: https://www.youtube.com/shorts/QWPr10cAuGc
My Linkedin post about it: https://www.linkedin.com/feed/update/urn:li:activity:7295667...
(PS: You'd need something like https://qrscanner.org/ or something that can scan bigger QR codes and put the text data onto your browser to play it)
My Blogs documenting the process and development in detail:
https://kuberwastaken.github.io/blog/Projects/How-I-Managed-... https://kuberwastaken.github.io/blog/Projects/How-I-Managed-...
I have them credited in the repo as well :P
The QR code standards seem to be a little ambiguous on the meaning and purpose of the 8 bit encoding. I got the impression they added it to support alternative character encodings. Still, it's a mode that "represents an 8-bit byte value directly".
> The default interpretation for QR Code is ECI 000020 representing the JIS8 and Shift JIS character sets.
> 8.3.4 8-bit Byte Mode
> The 8-bit byte mode handles the 8-bit Latin/Kana character set in accordance with JIS X 0201 (character values 00HEX to FFHEX).
> In this mode data is encoded at a density of 8 bits/character.
> 8.4.4 8-bit Byte Mode
> In this mode, one 8 bit codeword directly represents the JIS8 character value of the input data character as shown in Table 6, i.e. a density of 8 bits/character.
> In ECIs other than the default ECI, it represents an 8-bit byte value directly.
In any case, it is possible to use QR codes to store arbitrary binary data. The qrencode tool can do this natively. Decoder support is more tricky, they tend to assume all QR codes contain text. I had to send patches to zbar to help it decode QR codes with binary data in them because it was passing the data through iconv and mangling the output. I also had to add options to the zbar tools to make them decode exactly one QR code
I just wanted to print out 4096 bit RSA secret keys as QR codes. People started QR encoding video games pretty soon after. It's awesome.
https://youtu.be/ExwqNreocpg
https://news.ycombinator.com/item?id=24287347
For example, this self-contained webpage: <html><body>Hi!</body></html>
encoded is: data:text/html;base64,PGh0bWw+PGJvZHk+SGkhPC9ib2R5PjwvaHRtbD4=
If you paste that into a browser, it will render "Hi!". Very short and easy.
But if you encode is as a QR code, it won't work in this situation.
Base64 is indeed good to be "safe" and/or somewhat 'conceal' the payload, but it also makes it larger by 1/3 (every three bytes of input become four characters of the base64 output). So taking the risk some devices would not like raw "ASCII dataURI", the QR of the backrooms QR could shave off 738 bytes.
BTW, this is my "HTML sandbox" for testing stuff in a browsers that I summon daily through keyword bookmark to test simple stuff:
Duck browser doesn't allow it to be saved as a bookmark, but Safari is fine with it.
Anyway, I have put some remarks and docs for that thing into https://gist.github.com/myfonj/c8ce74bf549e19600026ce9022388... , if you are interested.
By the way, this "Backrooms" can also work from non-base64 URI and as such is significantly smaller (https://github.com/Kuberwastaken/backdooms/pull/3#issuecomme...)
Thanks for sharing :)
Whether the resulting HTML game is playable in Safari is a different discussion.
The QR code, as generated, is effectively "not clickable" for most iOS users, unless they are using something other than the most common way to read QR codes on their phone like a 3rd party QR code reading app or similar.
Also, it won't work on your phone, can't put in that compatibility with size restraints, sadly.
What kind of device do you use to scan the QR code, then?
That is how you can use nearly any general-purpose computer to scan a QR code.
I'm sure the number of people who've ever scanned a QR code on a desktop computer is more than zero, but not much more.
The reason for doing this project isn't practicality, it's because I can
Or, related: https://www.reddit.com/r/OpenAI/comments/138kbhs/someone_sho...
We were wondering if we could encode the STL for a 3d print entirely into a QR code and then put that on the actual printed object - so that any piece you made could be replicated by just scanning the object and printing again.
When looking into it I thought it just was too much data, even looked into multi-colored QR codes. But I didn’t realize you could just make a bigger QR code…
[1] Running Doom on the Raspberry Pi Pico 2: A Def Con 32 Badge Hack:
https://shop.sb-components.co.uk/blogs/posts/running-doom-on...
https://www.oocities.org/trentgamblin/sizehack/entries.html#...
I made a PacMan-like game in under 10KB... it was called HackMan :)
But I am most proud of the storyline that came with it!
a) the keyboard doesn't work until after I click to fire, and this state resets itself every time I press f5 to restart the game (presumably a browser focus issue)
b) both up/down and w/s work for back and forward, but a and d don't work for left and right, you need to use the left/right arrows.
The combination of the two had me scratching my head for a little while!
"the keyboard doesn't work until after I click to fire, and this state resets itself every time I press f5 to restart the game" yes- this is actually something for starting the game music and some other processes
You might want to explain those controls in the readme :)
I'll try to familiarize myself with it more and add it eventually!
Yet... that game will now make me think twice before scanning any QR ^^
And yup! It's pretty insane how much you can do with QR codes, wrote about it here if you're interested in reading more :P https://kuberwastaken.github.io/blog/Technology/QR-Codes-and...
But if you want to skip the friction of scanning the QR code, you can directly play a hosted version at: https://kuberwastaken.github.io/backdooms/
Very impressive compression trick, as a proof of concept, it is worthy of praise, congrats.
I imagine this approach could be used for much more practical uses.
(PS I updated the hosted version again and it's much better for mobile controls, try it out if you get the time!)
PoCs like this are neat and definitely shows some skillz by the author, but now I'm hoping security types take a look at this to see how vulnerable this could be from asshats.
https://en.wikipedia.org/wiki/.kkrieger
...but...
It seems like a fundamental design issue to make a QR code game that isn't designed for the platform where QR codes are most used.
But the compression algorithm is up, feel free to make what you think is awesome and compatible, I'd love to see if you find out hacky solutions to make that work too :P
Last time I attempted something like that I made stack machine texture maker, then embedded it inside a version of TTT that minifies+gzips to under 1500bytes. After a few years of pondering I think there are a few more enhancements to be had.
For reference, This URL has a bunch of textures in it.
https://fingswotidun.com/ttt/#W1s2NCw2NCwxMzExOV0sWzY0LDY0LD...
Year 3678, Show HN: I compiled DOOM for an alien CPU architecture.
Vernor Vinge kind of touches this topic a bit in his Zones of Thought series.
https://www.smbc-comics.com/comic/2011-02-17
https://www.righto.com/search/label/reverse-engineering
Edit: Add a gif instead, you won't have to rely on YouTube with that.
Also pushed a commit to hopefully fix the blank screen issue for phones!
On a different context, loading a game in QR code also made me to think, can anyone inject a malware script using QR codes?
Also, it won't work on your phone, can't put in that compatibility with size restraints, sadly
Historically there have been exploits for Sony's PSP using modified .tiff images or an exploit for the Nintendo 3DS where a modified .m4a file could be used.