Doomception Hack Runs a Copy of Doom in Your Copy of Doom

Kgsws' discovery of a code execution vulnerability in the original Doom II DOS game provides an underpinning for Doom-in-Doom.

ghalfacree
over 2 years ago Retro Tech

Pseudonymous Doom enthusiast kgsws has performed the world's first "Doomception" hack, finding and exploiting a code execution vulnerability in Doom II in order to run Doom inside Doom — in a cinema-style big-screen room.

Released in 1993, Id Software's Doom was a defining moment for the games industry. While far from the only first-person shooter on the market — or even the first from Id Software itself — the game's graphics, level design, music, and general carnage ensured it a spot in the history books. Even today, the game — and its 1994 follow-up, Doom II: Hell on Earth — has a dedicated modding community behind it.

Kgsws' mod for the game, however, goes a little beyond just adding a new level: It allows you to play Doom while you play Doom. Specifically, it exploits a previously-unknown vulnerability in Doom II to execute a separate instance of Doom — or another game, with kgsws having demonstrated the trick with Raven's Heretic as well — from within the game.

Simply executing arbitrary code is one thing, but where kgsws' mod gets clever is in how it's presented to the user. The video output of the second copy of Doom — technically Chocolate Doom, an open source port of the game engine that kgsws was able to modify to their needs — is rendered to a texture, which can be placed on an in-game wall to create a "cinema room."

The same trick allows Heretic, Raven's fantasy-themed shooter, to run in Doom. (📷: kgsws)

"This does only work on the original DOS Doom II version," kgsws says, "no GZDoom or other source ports. This is a good thing as you don't want [a] code execution exploit on modern systems. People would abuse it to spread malicious code."

More details are available in kgsws' demonstration video, while those wanting to try it out themselves can find the modified versions of Chocolate Doom and Chocolate Heretic plus the Doom II exploit required to load them on the project's GitHub repository.

ghalfacree

Freelance journalist, technical author, hacker, tinkerer, erstwhile sysadmin. For hire: freelance@halfacree.co.uk.

Latest Articles