|
|
|
|
|
|
by kirjavascript
897 days ago
|
|
|
It can and we have achieved Arbitrary Code Execution in NES Tetris. The setup is horrifyingly complicated and precise though, involving getting some near-impossible scores and entering specific names in the highscore list, then reaching the crash on the same frame that the internal values for random number generation happen to represent a jump instruction to said highscore list (and we get lucky and various registers also happen to contain values we need). Then from there, there is some bootstrapping before total control is achieved. |
|
|
This setup would even allow crude human-possible ACE. Right now we're limited to small payloads (I made a proof of concept that activates the unused two player mode), but more sophisticated setups might give us more power.