Front-page Hacking Gaming Hardware 

Remote-code exploit discovered in Pokémon Ultra Sun to allow payload injection for speedrunning

Screenshot_2024-08-06_23-10-02.jpg

Wack0 (also known as "Slipstream") identified a "pialease nerf" stack buffer overflow for the game "Pokémon Ultra Sun," which can allow a payload to be executed, for the ability to perform speedrunning tasks or installing custom firmware if this is the case. The exploit appears to only work correctly with "Ultra Sun" at the time of writing with version 2.2.0; however, it is unclear whether older versions will work or if Ultra Moon might be supported.

To follow the steps in the guide, you will need both a first and secondary 3DS console with the same game installed, and both must have the same initial versions; otherwise, the exploit will not work. During this time, the exploit will run in the background on your second 3DS, and you must start a new game using Litten or Popplio as the starter. As you progress through the game, you will need to visit the nearest Pokémon Center. From there, access the Start Menu, select Quick Link, and connect. The first 3DS connected to the secondary will suddenly crash and reset. From there, load the save file and you'll be in the Champions Room to battle with a Level 100 "Darkrai", which is where the code-execution will begin.

:arrow: Source
 
  • Like
  • Wow
  • Haha
Reactions: ModernSithLord, nowthatweareseparated, Tarmfot and 34 others
Click to expand...
AdenTheThird

AdenTheThird

The Apathetical Atheist
Member
Level 11
Joined
Apr 1, 2018
Messages
1,157
Trophies
1
Location
Pacific Ocean
XP
2,677
Country
United States
Jesus Christ yall. This just in, local Temper asks a question and inadvertently starts a war.

Fishaman P said:
The author used this example code to teleport to the Champion's room from a near-fresh save file, and entered the Hall of Fame in under 40 mins because of it. Of course this would never become an actual category.

In the future, I could see race communities using this exploit to skip intro cutscenes or start with a predetermined mon and stats.
Click to expand...
Gotcha. Thanks for the clarification. It'll be interesting to see how this affects the speedrunning communities and if any other similar exploits are discovered. What an incredible exploit!
 
  • Like
Reactions: SylverReZ
The Real Jdbye

The Real Jdbye

*is birb*
Member
Level 24
Joined
Mar 17, 2010
Messages
23,526
Trophies
4
Location
Space
XP
14,253
Country
Norway
Fishaman P said:
The author used this example code to teleport to the Champion's room from a near-fresh save file, and entered the Hall of Fame in under 40 mins because of it. Of course this would never become an actual category.

In the future, I could see race communities using this exploit to skip intro cutscenes or start with a predetermined mon and stats.
Click to expand...
Any% ACE is its own category in many games. However, I'm not sure if the need for a second console would be allowed under typical Any% ACE category rules.
 
  • Like
Reactions: raxadian
4d1xlaan

4d1xlaan

Well-Known Member
Member
Level 5
Joined
Apr 21, 2024
Messages
638
Trophies
0
XP
666
Country
United States
LokeYourLord said:
You are capable of making a logical inference without having to read the exact words you're looking for and understand from context, right? Yes, it isn't outright mentioned that Ultra Moon is/isn't supported, but there are enough references made to it either directly or indirectly that you can make a logical inference and draw a conclusion by what is being said, no?
Click to expand...
the shared exploit targets ultra sun, yes, but until you can demonstrate that the same vulnerability doesn't also exist in ultra moon (allowing to write an exploit targeting it instead), I would probably hold off from acting like a know it all
 
Pismire

Pismire

Member
Newcomer
Level 4
Joined
May 5, 2023
Messages
9
Trophies
0
XP
383
Country
United States
KiiWii said:
Do you have any links to these n64 ones?

Do you mean like the OOT stale reference etc?
Click to expand...

Yeah, the ACE vulnerabilities on Majora's Mask, OOT, Paper Mario 64... Nintendo seems to be secretly skilled at coding their games in such a way that doing extremely arbitrary things can lead to some truly powerful stuff.

It's interesting to think about, I wonder if most of these things are found in Nintendo games purely because of the larger community there and if there's exploits like this elsewhere that're just waiting to be found.
 
  • Like
Reactions: KiiWii
Fishaman P

Fishaman P

Speedrunner
Member
Level 11
Joined
Jan 2, 2010
Messages
3,326
Trophies
1
Location
Wisconsin
Website
twitch.tv
XP
2,357
Country
United States
The Real Jdbye said:
Any% ACE is its own category in many games. However, I'm not sure if the need for a second console would be allowed under typical Any% ACE category rules.
Click to expand...
Even if the technique were allowed in a meme category, it would definitely be with a more optimized payload. Fighting the Champion with a (randomized) Lv100 Darkrai is definitely not the fastest way to the HoF/credits.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

ROMhacking.net shuts down after nearly 20 years

European Citizens Initiative launched against the destruction of videogames, requires one million signatures

carrot c4k3 releases Xbox one kernel exploit

Hacking Gaming Hardware  Remote-code exploit discovered in Pokémon Ultra Sun to allow payload injection for speedrunning

Cemu Android has apparently been leaked

RetroAchievements adding GameCube support July 15th

Sony is blocking PlayStation games from running on Proton

Rare Dolphin/Gamecube Console Pic

General chit-chat
Help Users
  • No one is chatting at the moment.
    Psionic Roshambo @ Psionic Roshambo: Tater