Romhack.ing's Internet Archive Mirror No Longer Available
Posted4 months agoActive4 months ago
romhack.ingTechstory
controversialmixed
Debate
80/100
Rom HackingInternet ArchiveCopyrightPreservation
Key topics
Rom Hacking
Internet Archive
Copyright
Preservation
The Internet Archive has removed a mirror of Romhack.ing's database, sparking discussion about the legality and ethics of hosting ROM hacks and patches, and the Archive's role in preserving gaming history.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
2h
Peak period
30
0-12h
Avg / period
7.8
Comment distribution39 data points
Loading chart...
Based on 39 loaded comments
Key moments
- 01Story posted
Aug 23, 2025 at 4:43 PM EDT
4 months ago
Step 01 - 02First comment
Aug 23, 2025 at 6:25 PM EDT
2h after posting
Step 02 - 03Peak activity
30 comments in 0-12h
Hottest window of the conversation
Step 03 - 04Latest activity
Aug 28, 2025 at 9:00 AM EDT
4 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 44998982Type: storyLast synced: 11/20/2025, 5:11:42 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
(I will not directly link to these collections, for the fates are cruel. I'll just say that these IA collections are 'complete' per-console ROM collection archives created by "GoodMerge", a ROM collection validation and repacking tool — and are named very intuitively given that.)
EDIT: Furthermore, what's the proposed workflow? Does the Internet Archive run AVs over its collections? There's no way, right? That would be a massive compute expense.
Distributing a modified ROM is as much copyright infringement as distributing the base ROM itself, so generally hacks are distributed as just the patch file and you have to provide your own copy of the base ROM and patch it from there.
It sounds like this site is packing the two together, and the patchers are causing the flagging issues. That also to me seems like the simple solution is to not do that and just distribute the patches without the software and have a note in the description pointing to a separate source for the patcher.
> Surely an automatic patcher is a pretty trivial piece of software, system-wise. It just reads a binary file and writes out a different binary file after doing some in-memory manipulations. Why would a an AV flag such a program? I don't buy this explanation.
A virus that wants to infect other executables on the system is going to have patching code in it where it's relatively rare in "legitimate" software so it makes sense for antimalware heuristics to find it suspicious.
Sure, but what an AV is going to look for is code that manipulates executable files, not random binary files. If the patchers are designed to apply patch files to ROMs rather than having the patches embedded then it makes even less sense that they get flagged.
> It sounds like this site is packing the two together,
1. No; as you said, no ROM hacking site distributes the original ROM. This one is no exception. They don't want to flagrantly violate copyright. (And in fact, modern patch formats — xDelta, UPS, BPS — are designed to avoid even minor "quotations" of the original copyrighted material, by using "copy offset:length" ops, or by storing partial/sparse patch segments as XOR deltas of the old and new files.)
> and the patchers are causing the flagging issues
2. No ROM hacking site distributes a patcher executable along with the patch. It'd be a huge waste of both bandwidth and storage space on their CDN. Besides the very reason coming up here (novel archives containing executables make anti-virus programs unhappy), there's also the fact that modern emulators, when loading a ROM, will auto-apply a patch in-memory if one is found in the same directory + with the same basename as the ROM. (Similar to how VLC auto-loads subtitle files if found beside a video file.) Creating an on-disk modified ROM using an explicit patcher utility is, for the most part, unnecessary today.
FYI, I downloaded the first ROMhack I saw from the referenced site (romhack.ing). It was a .zip file. Decompressing it, all it contained was a set of .ips files (variants of the patch) and a README.txt.
In short, there is no inherent, structural reason that a site hosting only archive files like this one, would trigger any anti-virus system.
Short answer is that no compiler would produce similar code and it’s probably a red flag that there’s odd dead code, jumps, or places where padding or nops are expected but there is code.
Rom hacks are more in depth, but often play the same tricks because they need to fit into possibly sections they shouldn’t exist in (say, code in BSS), encode instructions in a way that known compilers wouldn’t, long jumps to odd places.
Or more simply, it could be packed with a README that links back to a modding group that hosts stuff on a site with malware or other “hacker” tools.
https://news.ycombinator.com/item?id=45000000
https://romhack.ing/help/rules
Of course, any AV company could add a rule to their signature checking to undo the XOR if they were targeting the romhack.ing site, but it sounds like they aren't being targeted but just getting caught up in the dragnet.
I'm sure I'll get in touch with these folks to understand details, but I just wanted to make it known that if you do encounter what you think are false spam or malware issues, you can always email me directly at jscott at archive.org.
Not just for this instance, but in general... should I start emailing bank CEOs every time I get rejected for a house loan, or Henry Ford's children every time my mechanic refuses to service my car because of a defect they refuse to acknowledge?
https://trac.ffmpeg.org/ticket/10341#comment:4
That's literally how customer service in many industries works, yes.
Also, you should always mail the ceo of a bank if you get rejected for a loan if you think it was done unfairly.
Did they check to see if their service has been compromised?
Why would Windows Defender flag GameBoy ROMs as malware?
Does a GameBoy ROMs website really mirror all 45 petabytes of Internet Archive?