Arbitrary Code Execution found in Oracle of Ages

Discussion in '3DS - Flashcards & Custom Firmwares' started by FoulPlay, Mar 29, 2014.

  1. FoulPlay
    OP

    FoulPlay GBAtemp Fan

    Member
    458
    10
    Feb 19, 2008
    United States
    Apologies for the incorrect title - I accidentally entered the counterpart game... This game is about Oracle of Ages, not Seasons.

    As I'm not a hacker by any means for this device I have no idea if this will help any groups or individuals who are looking into exploiting the device... but found it to be worth a post since Total Control has been achieved in the game.

    Earlier this month a glitch in The Legend of Zelda: Oracle of Ages was found that allowed you to warp to strange places in the map and get to the final boss quicker... generally this was just useful for people speedrunning the game... however, there was one individual on the website SpeedRunsLive who has been playing a possible arbitrary code execution within the game and has achieved doing so in just the past hour.

    Link to the video on demand:
    http://www.twitch.tv/sockfolder/b/515221398

    Towards the last 5 minutes or so of the video on demand he has achieved total control and can run any code he wanted to - like I said, I know little to nothing on how the system works, but I felt like something like this would be something worth reporting to someone who knows a bit about the 3DS architecture/security.

    Sorry if this is of no use, however it is interesting when you get the possibility to run unintended code through an application.
     
    cearp likes this.
  2. Ericthegreat

    Ericthegreat Not New Member

    Member
    1,812
    316
    Nov 8, 2008
    United States
    Vana'diel
    Wow and I just left town and it'll get removed by the time I get home....
     
  3. YoshiInAVoid

    YoshiInAVoid GBAtemp Advanced Fan

    Banned
    560
    337
    Jan 10, 2011
    Reminds me of:

     
  4. Clydefrosch

    Clydefrosch GBAtemp Psycho!

    Member
    4,127
    1,181
    Jan 2, 2009
    Gambia, The
    so does that mean we should all go buy ooa now?
     
    SignZ likes this.
  5. YoshiInAVoid

    YoshiInAVoid GBAtemp Advanced Fan

    Banned
    560
    337
    Jan 10, 2011
    The game runs in a sandbox. If you can run code in the virtual console emulator you wont be able to access any 3DS services like accessing the SD card to run homebrew or returning to the 3DS firmware to run ROMs (unless you can trigger an exploit with the virtual console by feeding it corrupt opcodes or some such but I doubt it).
     
  6. Fishaman P

    Fishaman P Speedrunner

    Member
    3,241
    507
    Jan 2, 2010
    United States
    Wisconsin
    Based Sockfolder. He just recently broke open Castlevania: Symphony of the Night with arbitrary code execution, but now Zelda!?

    No one can truthfully say that any of the Zelda games have been well-programmed.
     
  7. Arras

    Arras GBAtemp Guru

    Member
    5,863
    2,679
    Sep 14, 2010
    Netherlands
    Even if this lead to anything, remember that using an exploit like this requires you to program it with button commands. So unless you want to input a specific VERY LONG sequence, knowing one wrong button press may ruin it, I wouldn't bother buying the game for this. (besides it's sandboxed, so probably nothing 3DS related will come of it anyway)
     
    Rockstead likes this.
  8. FoulPlay
    OP

    FoulPlay GBAtemp Fan

    Member
    458
    10
    Feb 19, 2008
    United States
    LOL, I just realized I typed in the counterpart game in the title... Apologies, but can a moderator change the title to Oracle of Ages and not Seasons? Sorry about that, was reading something about Oracle of Seasons whilst making this topic. My bad.
     
  9. Drenn

    Drenn GBAtemp Advanced Fan

    Member
    573
    496
    Feb 22, 2013
    Canada
    There do appear to be some holes in the emulator. When messing around with this glitch, people have lost their restore points for no apparent reason, and I've had it crash the 3ds entirely. It also reset me into GBA mode once or twice, opening the advance shop, but I wouldn't recommend trying that. To do anything useful, you'd need frame-perfect inputs. This won't be too useful in terms of 3ds hacking, only for TASing purposes.

    This leaves Oracle of Seasons as one of the few non-broken Zelda games, but only because there's nowhere to perform the text-warp glitch, which made this possible.
     
  10. Qtis

    Qtis Grey Knight Inquisitor

    Member
    3,797
    1,295
    Feb 28, 2010
    The Forge
    Interesting to see what these will produce. Sandboxing is quite effective in limiting the damage in most cases, but then again, if the sandbox itself is flawed in some way..
     
    Celice likes this.
  11. migles

    migles Mei the sexiest bae

    Member
    6,899
    4,634
    Sep 19, 2013
    Saint Kitts and Nevis
    my dad works for nintendo.
    just rushed and bought the game xD it's a good game anyway
     
  12. lambstone

    lambstone No. Nyet. 不. Non. Nein.

    Banned
    615
    167
    Aug 14, 2011
    Well. Yeah, its a good game I guess.

    But don't place too high hopes on this becoming usable. The 3DS scene is hardly anything like the PSP scene. I don't believe anyone would work on this.
     
  13. migles

    migles Mei the sexiest bae

    Member
    6,899
    4,634
    Sep 19, 2013
    Saint Kitts and Nevis
    my dad works for nintendo.
    in the time of the psp there was always someone who worked on it and i remember at least 2 games with "holes" on it (gta:LCS and lumines) i used lumines on my psp

    in the 3ds scene i just see people trying to earn moners... flashcart sellers like gateway, they only search on improvements to their card... if they find a way to make some kind of cfw they will not release so we are dependent on their product...

    but come on, its a zelda game, i was planing to buy it\get it in the future anyway... it's not like lumines... i didn't liked lumines at all :C
     
    SignZ likes this.