
Super Mario World "Executes Arbitrary Code" [video] - ingenter
https://www.youtube.com/watch?v=OPcV9uIY5i4
======
tptacek
Here's the basic technique:

[http://tasvideos.org/3957S.html](http://tasvideos.org/3957S.html)

I can't read this without thinking that I have wasted a life that could have
been better spent synthesizing shell code out of the precise contents of
Yoshi's mouth.

~~~
hmsimha
real hackers use KoopaShell

------
peterkelly
This is not responsible disclosure. The person who discovered this
vulnerability should have notified nintendo and given them enough time to
respond with a patch.

Think about how many hard-earned coins and power ups could potentially be lost
due to malware that takes advantage of this vulnerability.

~~~
jlgaddis
Heh, after I read your first two sentences and was ready to downvote you
(having had "bad experiences" with "responsible disclosure").

After I read the last sentence, I imagined 10-year-old me playing Super Mario
Brothers and suddenly freaking out because all my coins were just hacked and
stolen.

"MOOOOOOOM!"

------
zetx
This appears to be the same as what was shown at AGDQ 2014 (Awesome Games Done
Quick): [http://gamesdonequick.com/](http://gamesdonequick.com/)

Here's their live run with them explaining what is happening:
[http://www.twitch.tv/speeddemosarchivesda/b/492923053?t=10h2...](http://www.twitch.tv/speeddemosarchivesda/b/492923053?t=10h20m20s)

------
joshschreuder
I love stuff like this. It's been posted a few times here, but the Pokemon
Yellow code execution is amazing to watch also:

[http://tasvideos.org/3767S.html](http://tasvideos.org/3767S.html)

------
batmansbelt
What are we looking at here? Would this hypothetically work with a cartridge,
or is this exploiting a bug in the emulator?

~~~
panic
This was actually done live with a real cartridge last week at AGDQ:
[http://www.youtube.com/watch?v=ioQmbEoYL0M](http://www.youtube.com/watch?v=ioQmbEoYL0M)

~~~
jalada
This is impressive. Emulators have nuances that make me wonder when watching
TASs if they would actually work on the game itself.

Are all 'accepted' TASs tested in a similar way?

~~~
AndyKelley
Not all of them. Here are the rules:
[http://tasvideos.org/MovieRules.html](http://tasvideos.org/MovieRules.html)

------
noselasd
For the uninitiated, can anyone explain what's going on ? What does this video
show me ?

~~~
mey
TAS stands for Tool ASsisted, basically scripts pressing the buttons on the
controller

On the right side of the screen each letter lighting up represents a
controller input (l is left, r is right etc)

Each line represents a gamepad controller (virtual in this case). When you see
multiple lines it means multiple controllers (I am assuming this, as later
there is more than 8 contollers active which is strange)

Whats happening is a script running to glitch the game from the start into a
certain state, beginning of the video until 1:40, then it looks like an
exploit happens of the previous glitches in memory, followed quickly after by
a massive data load that is the code for the pong/snake demos that follow.

~~~
TheSisb2
TAS stands for Tool Assisted Speedruns. There's a huge history of gamers
competing to complete games as quickly as possible. Eventually tools were
created that allowed people to simulate key presses in such a way that
previously impossible feats became a reality. For example, many game quirks
rely on pixel perfect or frame perfect executions of button presses. Also,
some sequences of button presses are simply too quick or elaborate for the
human hand to reproduce. Thus, the TAS scene emerged and took speedrunning to
a whole new level. It's unfair to compare a human speedrun with a TAS
speedrun, so it is necessary to specify the "TAS" acronym whenever a run is
shown having been created with the use of tools. Human and TAS speedruns are
completely different to watch and both highly interesting.

~~~
mey
Thanks for the correction, I should've known that but missed it in my brief
check.

------
richforrester
Funny. I remember calling the Dutch Nintendo help-line (from a land-line no
less) to find out how to get to the final castle's backdoor. This is back when
I was about 10 years old.

Now, there's people coding games in that game by playing it.

I thought myself a gamer.

------
kylek
AGDQ 2014
[https://www.youtube.com/watch?v=OPcV9uIY5i4](https://www.youtube.com/watch?v=OPcV9uIY5i4)
starting at 31:49

