Thought this was old news, I see the revelation is testing almost everything. Last I heard, they had already tried to recreate the sequence of inputs perfectly, to no avail -- leaving something like crooked cart as a likely suspect. Cool to see it was resolved down to a single bit.
Likely, helped out by the decomp project? For those that don't know, if you own an SM64 cartridge, you can legally dump or download the ROM contents, then extract the assets, then compile the assets with the open source decompiled game engine code, and produce a bit-exact copy of the ROM for example--ah, not that that would be all that useful, but, with suitable patches for IO devices, SM64 is fully playable on Windows and everything else, bare metal, no emulator required!
(The help would be, total knowledge of RAM addresses -- much of which have been known for a long time thanks to research into cheat codes. Which are... partly just cheating for the sake of cheating, but on a more practical level, also for faster practicing for legit speedruns.)
And if anyone finds 25-year-old video games an odd priority, remember, this is just practice with all the same techniques that security researchers employ to strengthen our online ecosystem. ACE (arbitrary code execution) in
Ocarina of Time may just be cute, but ACE in a networked device might cost people millions of dollars in lost data, downtime and etc.!
Neat fact: controller-exclusive ACE has been demonstrated in at least one game, on the consoles: NES, SNES, uhh Genesis I think?*, Gameboy, Gameboy Advance, PlayStation, N64 (one of the newest additions to this list), and GameCube. Not sure about PS2 and Xbox.
*I know there's been use of "game end glitch", which is usually a glitch of similar severity, but perhaps not enough functionality to get ACE. So these typically have the form of, writing a few bytes of arbitrary memory, changing gamestate to "credits".
Note that most modern consoles (say PS2/GC and up) have (almost) all been hacked since a long time -- but these are somewhat different exploits. For example the GC's first hack came within weeks of launch, by abusing a lack of error checking/verification on savegame files for Twilight Princess, hence called the Twilight Hack; it was merely the first game they tried to hack, and lo, the first-party launch title proved fruitful. Wii, DS, Wii U, Switch, PS3, PS4, etc. have all similarly had hacks. (PS2 is the odd one out -- or am I thinking of PS3, I forget anymore -- a surprise benefit of Sony openly supporting Linux on the platform, of all things!) The difference is, these consoles have external storage, so the attack surface is much higher. But none of them have been hacked by controller input alone, as of yet, I think.
Heh, which, sorta the Switch was a controller hack, if you think about it, but not really... The trick there was, gaining access via the controller port, which is USB I think, but also a few debug pins happen to be accessible. Which map to the home/power buttons on the main SoC, so, the "paperclip hack" was literally just putting the glorified cellphone into bootloader mode, or something like that.
Tim
Home
Help
Search
Login
Register
