[HN Gopher] Hackers discover how to reprogram NES Tetris from wi...
___________________________________________________________________
Hackers discover how to reprogram NES Tetris from within the game
Author : LorenDB
Score : 145 points
Date : 2024-05-07 11:24 UTC (11 hours ago)
(HTM) web link (arstechnica.com)
(TXT) w3m dump (arstechnica.com)
| bena wrote:
| Getting to the point of arbitrary code execution is always more
| interesting than what you do with it after the fact.
|
| To be able and take apart the game, find out when and where it
| does all this, then where you can manipulate things to input
| instructions, is a level of dedication that's admirable.
| Dwedit wrote:
| Sometimes even after you've come up with the exploit, you can
| create something really beautiful for the console to run
| afterwards.
|
| Pokemon Yellow: https://www.youtube.com/watch?v=Vjm8P8utT5g
|
| Super Mario World: https://www.youtube.com/watch?v=hB6eY73sLV0
| bena wrote:
| Yeah, but once you get to arbitrary code execution,
| everything is on the table. It's about as interesting as just
| creating it from scratch. The "something" stands on its own
| merits, separate from how it was created.
| jordigh wrote:
| Not everything, depends on the system. On the NES, for
| example, you can only mess around with RAM if you find ACE,
| but if the cartridge is using CHR ROM, whatever you create
| with ACE must still use the only tileset available to the
| game. You can get creative drawing graphics with a fixed
| set of tiles, but you'll be constrained nonetheless.
|
| There may be other constraints for other systems. I don't
| know the SNES architecture too well, but I assume even with
| ACE you're still limited in various ways to the constraints
| of the cartridges.
| Dwedit wrote:
| SNES does not put video memory on CHR-ROM, it's all
| writable RAM. The restriction is total RAM avaialble
| (including cartridge save ram), possibly calling
| functions or using data from the original ROM.
| GuB-42 wrote:
| I particularly like the Super Mario World one. Arbitrary code
| execution is triggered by an actual shell code. As in, it is
| done by manipulating Koopa shells in game.
| apantel wrote:
| Time well wasted.
| freedomben wrote:
| what do you do for fun? do you consider that time wasted?
|
| (honest question. I did used to consider fun stuff to be time
| wasted, but as I've gotten older and am paying the price for a
| long-term high stress lifestyle, I'm starting to think
| differently about it)
| smu3l wrote:
| I don't think GP is suggesting the time was wasted. Rather
| the opposite.
| indigodaddy wrote:
| Agree that's also how I interpreted the comment
| freedomben wrote:
| Indeed, that does seem quite plausible! Thanks.
| milesvp wrote:
| Feynman has a fantastic anecdote about getting over what we
| might today call burnout. He was not interested in work at
| all in his professorship, when he noticed a wobble in a plate
| being thrown, and wondered about it. He spent all day working
| on the physics of this toy problem, and claims discovering
| play as the key to his recovery.
|
| If you haven't read them yet, "Surely You're Joking, Mr.
| Feynman", and "What Do You Care What Other People Think" were
| great reads in my 20s.
| jvanderbot wrote:
| The punch line is that the equations he worked out ended up
| being useful for his Nobel Prize winning work. So it ended
| up being useful even if that wasn't the goal.
| Pearse wrote:
| My favourite part of that story is when he shows the
| maths to one of the other professors they can't
| understand why he is "wasting time" on it.
|
| And then he goes on to win the Nobel prize because of
| it..
| hnthrowaway0328 wrote:
| God, I love these people. I feel shameful to not have such a
| hacker mindset -- to do something probably useless just for the
| fun of it.
|
| I love these people.
| mcculley wrote:
| Such exploits always remind me of the line from Stross'
| Accelerando about the ultimate end game for hacking: "running a
| timing channel attack on the computational ultrastructure of
| space-time itself, trying to break through to whatever's
| underneath"
| smegger001 wrote:
| I am fairly sure I would not want to be within the lightcone of
| anyone making a attempt with chance doing anything. thats
| sounds like a good way to trigger vacuum decay and I would
| rather that universe not bluescreen.
| tux3 wrote:
| I'm sure the sysadmins can restart us. They do have backups,
| right?
| mcculley wrote:
| The computational substrate might just be a side-effect of
| something else happening in higher dimensions.
| Drakim wrote:
| Even if you have backups, if you have never tested your
| backups, you don't have backups.
| skeaker wrote:
| Not to worry, the VM we're on has only been running since
| last Tuesday.
| vasco wrote:
| A blue screen would prove someone wrote shitty drivers so
| we'd know the universe is more like Windows than like OS X
| jl6 wrote:
| The universe is actually more like Linux: we got it for
| free, but we have to figure out how it works on our own.
| Diederich wrote:
| Being involved in a vacuum decay event would not be
| bothersome in the slightest.
| alecco wrote:
| A very hard sci-fi novel about something like this:
|
| https://en.wikipedia.org/wiki/Schild%27s_Ladder (beware
| spoilers)
| lampiaio wrote:
| > I would not want to be within the lightcone
|
| If someone were to find an exploit to run arbitrary code
| using the computational ultrastructure of the universe, I
| wouldn't be too sure if in-game restrictions could keep us
| safe, though!
| IIAOPSW wrote:
| I believe that's what we call "physics"
| kromem wrote:
| Well, we just discovered a sync error, so that might be a good
| edge case to start on:
|
| https://www.science.org/content/article/quantum-paradox-poin...
| wizzwizz4 wrote:
| That's not a sync error: it's just a demonstration that all
| collapse theories are inconsistent with some other
| assumptions we like to make. (There are many alternatives,
| the most famous of which is probably Hugh Everett III's
| relative state model, though none of them are completely
| elegant.) It hasn't _just_ been discovered: it 's been known
| since the 60s, and developed on-and-off since.
|
| Of course, we haven't _really_ tested this because we haven
| 't attempted to put _humans_ "in a superposition".
| Physicalists assume that photons are adequate substitutes for
| humans, in the thought experiment, but _something 's_ wrong
| with our intuitions, so imo we should adopt some
| philosophical rigour about this whole thing.
| jpalawaga wrote:
| Honestly, I'm surprised that it took tetris so long to be broken!
| I strongly suspect this will usher in a new era of any% runs, in
| which the goal is to get the end scene/credits of the game to run
| as quickly as possible.
|
| My favourite example of this is Ocarina of Time, which has had
| ACE exploits for years now. The game is so totally broken, it can
| be "beat" in just a handful of minutes by manipulating the games
| memory and editing specific entrance warps.
|
| Perhaps most incredibly, people edit the memory with their hands,
| using nothing more than a couple buttons and the analog joystick.
|
| here is someone who rolled credits in just 3m:
| https://www.speedrun.com/oot/runs/z1l1627m
| jvanderbot wrote:
| I saw a similar one Super Mario, where finding a glitch in a
| warp tunnel triggered an out of bounds read, and prior
| joysticking wrote the appropriate bytes just beyond the buffer
| to trigger whatever they wanted.
|
| There was another one in a Pokemon game where you had to do a
| bunch of buy/ sell transactions to prep memory just so, then
| overflow an item count to trigger a jump.
|
| Truly fantastic stuff. Someday aliens will attack and these
| antics will save us.
| smrq wrote:
| Just based on reading TFA, I doubt it since the ACE apparently
| relies on getting to the kill screen in the first place.
| Imagine if OoT's ACE was triggered by the end credits rolling;
| you can't improve your times with it because it only happens
| after completing a run successfully.
| CyberDildonics wrote:
| _Honestly, I 'm surprised that it took tetris so long to be
| broken!_
|
| Before this, what made you think arbitrary execution was
| plausible?
| naikrovek wrote:
| Things like this are common in software of the era, but few
| look for such things.
| CyberDildonics wrote:
| That doesn't answer the question at all. They said
| specifically that they expected this in tetris before it
| happened for some reason.
| tombert wrote:
| People figuring out ACE in old games utterly fascinates me. I
| remember seeing this in Super Mario World a couple years ago and
| I became a bit transfixed on how that was even possible.
|
| I mean this in the best way, and I am being complimentary, but
| it's going to sound like I'm being a jerk: I love when really
| smart people spend a lot of time and effort doing completely
| useless things.
|
| Is there any reason, at least immediately, to inject code into
| NES Tetris? No, I doubt it, but that's not the point. The point
| is figuring out what's possible, and figuring out what you can
| force some old code and a primitive computer to do. It might not
| be "useful" in the classical sense, but neither is a Sudoku
| puzzle or a crossword puzzle or playing NES Tetris to begin with.
| memco wrote:
| > Is there any reason, at least immediately, to inject code
| into NES Tetris?
|
| It's somewhat obscured by all the technical details but doing
| this exploit does have a practical purpose: it allows highly
| skilled players to play longer since they can now have a way to
| prevent a crash that prevents them from playing past certain
| points. For the average player there's no practicality to this
| but for those who want to compete for the highest scores this
| solves a limitation and opens new opportunities for
| competition.
| bawolff wrote:
| > I love when really smart people spend a lot of time and
| effort doing completely useless things.
|
| Many scientific discoveries happen this way. Number theory was
| originally considered useless but now powers basically all
| public key crypto.
| tombert wrote:
| There's that quote Adam Savage always says that goes
| something like "the difference between 'science' and 'goofing
| off' is writing it down".
|
| I've always liked that sentiment, since it sort of works to
| "ungatekeep" science. It's easy to be intimidated by the
| seeming monolith of "science", but fundamentally science
| basically boils down to "doing, testing, and measuring
| something" and it doesn't really matter what that "something"
| actually is.
| stavros wrote:
| > I love when really smart people spend a lot of time and
| effort doing completely useless things
|
| It's not useless: they like doing it.
|
| Any use other people might derive from the things you don't
| like doing (but still do) is either a happy accident, or
| something that benefits you indirectly (money so you can live,
| recognition, etc).
|
| Doing something because you like it is the most immediate form
| of usefulness to the person it matters most: you.
| 0xDEFACED wrote:
| How long before someone runs Doom on Tetris?
| maCDzP wrote:
| I want to this with Factorio. Build a huge computer within
| Factorio made out of belts. Make it seg fault and break out of
| the game.
| colechristensen wrote:
| The factorio guys are way too dedicated to squashing bugs for
| that.
___________________________________________________________________
(page generated 2024-05-07 23:00 UTC)