I can't read this without thinking that I have wasted a life that could have been better spent synthesizing shell code out of the precise contents of Yoshi's mouth.
This is not responsible disclosure. The person who discovered this vulnerability should have notified nintendo and given them enough time to respond with a patch.
Think about how many hard-earned coins and power ups could potentially be lost due to malware that takes advantage of this vulnerability.
Heh, after I read your first two sentences and was ready to downvote you (having had "bad experiences" with "responsible disclosure").
After I read the last sentence, I imagined 10-year-old me playing Super Mario Brothers and suddenly freaking out because all my coins were just hacked and stolen.
TAS stands for Tool ASsisted, basically scripts pressing the buttons on the controller
On the right side of the screen each letter lighting up represents a controller input (l is left, r is right etc)
Each line represents a gamepad controller (virtual in this case). When you see multiple lines it means multiple controllers (I am assuming this, as later there is more than 8 contollers active which is strange)
Whats happening is a script running to glitch the game from the start into a certain state, beginning of the video until 1:40, then it looks like an exploit happens of the previous glitches in memory, followed quickly after by a massive data load that is the code for the pong/snake demos that follow.
In general, Super Mario World is being played back on a Super Nintendo emulator using prerecorded inputs (a file exists that says which buttons should be held down on each frame). But these inputs aren't a recording of someone actually playing; these button presses were constructed frame-by-frame very carefully to produce these specific effects. Theoretically, if you could manipulate a Super Nintendo controller with perfect precision 60 times per second you could reproduce this.
Specifically, some objects in-game have pointers to code associated with them ("what to do if this block gets hit by a turtle shell", that sort of thing). The P-switch has one of these pointers assigned to a very special value by coincidence: its pointer points to the memory location where button presses are mapped. This pointer is never supposed to be followed, but by making a bunch of objects very carefully the authors can glitch the game into jumping to that memory address. Once execution is there, they can write a bootloader by making sure the button inputs on each frame correspond to the correct opcodes, letting them execute arbitrary code that they write in on the controller port.
I wasn't involved in the production of this TAS, so I'm not an expert, but that's my understanding of what's going on.
Funny. I remember calling the Dutch Nintendo help-line (from a land-line no less) to find out how to get to the final castle's backdoor. This is back when I was about 10 years old.
Now, there's people coding games in that game by playing it.
[+] [-] tptacek|12 years ago|reply
http://tasvideos.org/3957S.html
I can't read this without thinking that I have wasted a life that could have been better spent synthesizing shell code out of the precise contents of Yoshi's mouth.
[+] [-] hmsimha|12 years ago|reply
[+] [-] raldi|12 years ago|reply
I see what you did there.
[+] [-] peterkelly|12 years ago|reply
Think about how many hard-earned coins and power ups could potentially be lost due to malware that takes advantage of this vulnerability.
[+] [-] jlgaddis|12 years ago|reply
After I read the last sentence, I imagined 10-year-old me playing Super Mario Brothers and suddenly freaking out because all my coins were just hacked and stolen.
"MOOOOOOOM!"
[+] [-] zetx|12 years ago|reply
Here's their live run with them explaining what is happening: http://www.twitch.tv/speeddemosarchivesda/b/492923053?t=10h2...
[+] [-] joshschreuder|12 years ago|reply
http://tasvideos.org/3767S.html
[+] [-] batmansbelt|12 years ago|reply
[+] [-] panic|12 years ago|reply
[+] [-] sputnikus|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] noselasd|12 years ago|reply
[+] [-] mey|12 years ago|reply
On the right side of the screen each letter lighting up represents a controller input (l is left, r is right etc)
Each line represents a gamepad controller (virtual in this case). When you see multiple lines it means multiple controllers (I am assuming this, as later there is more than 8 contollers active which is strange)
Whats happening is a script running to glitch the game from the start into a certain state, beginning of the video until 1:40, then it looks like an exploit happens of the previous glitches in memory, followed quickly after by a massive data load that is the code for the pong/snake demos that follow.
[+] [-] bvk|12 years ago|reply
Specifically, some objects in-game have pointers to code associated with them ("what to do if this block gets hit by a turtle shell", that sort of thing). The P-switch has one of these pointers assigned to a very special value by coincidence: its pointer points to the memory location where button presses are mapped. This pointer is never supposed to be followed, but by making a bunch of objects very carefully the authors can glitch the game into jumping to that memory address. Once execution is there, they can write a bootloader by making sure the button inputs on each frame correspond to the correct opcodes, letting them execute arbitrary code that they write in on the controller port.
I wasn't involved in the production of this TAS, so I'm not an expert, but that's my understanding of what's going on.
[+] [-] IvyMike|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] richforrester|12 years ago|reply
Now, there's people coding games in that game by playing it.
I thought myself a gamer.
[+] [-] kylek|12 years ago|reply