
Manual arbitrary code injection in Super Mario World [video] - bendykstra
https://www.youtube.com/watch?v=hB6eY73sLV0
======
BHSPitMonkey
Really scary stuff. I hope the SNES Security team is taking this seriously and
gets a patch out to customers quickly.

------
josso
Really impressive job by SethBling and p4plus2.

The notes for how to replicate it can also be found in this Google Document[1]
and the payload for the injected game itself is also available[2].

[1]:
[https://docs.google.com/document/d/1TJ6W7TI9fH3qXb2GrOqhtDAb...](https://docs.google.com/document/d/1TJ6W7TI9fH3qXb2GrOqhtDAbVkbIHMvLusX1rTx9lHA/preview)

[2]:
[http://paste.ofcode.org/EiTmWXkmqJ4eAcJBvqEDwz](http://paste.ofcode.org/EiTmWXkmqJ4eAcJBvqEDwz)

------
leeoniya
this one is also pretty crazy:

Super Mario World Credits Warp Explained

[https://www.youtube.com/watch?v=vAHXK2wut_I](https://www.youtube.com/watch?v=vAHXK2wut_I)

------
pbkhrv
Reminds me of what it takes to debug a dozen microservices talking to each
other.

------
smaili
Just out of curiosity, are there any risks of corrupting the cartridge?

~~~
mikeash
The game code itself is in ROM, so there's no risk there. There is some
nonvolatile storage on the cartridge used to save games, which could
potentially be corrupted. The save state is so simple that I don't think
there's any risk of trouble from that, besides losing (or gaining!) saved
progress.

~~~
FreeFull
The game also stores a checksum of the nonvolatile storage, so even if you do
corrupt it, it will be detected and cleared.

------
matt_morgan
My 9 year old son, a SethBling fan (like me), got home from school right when
I clicked on this. I had to explain why I was watching YouTube while
"working." Great video for us to watch together!

