Remote-code exploit discovered in Pokémon Ultra Sun to allow payload injection for speedrunning

Screenshot_2024-08-06_23-10-02.jpg

Wack0 (also known as "Slipstream") identified a "pialease nerf" stack buffer overflow for the game "Pokémon Ultra Sun," which can allow a payload to be executed, for the ability to perform speedrunning tasks or installing custom firmware if this is the case. The exploit appears to only work correctly with "Ultra Sun" at the time of writing with version 2.2.0; however, it is unclear whether older versions will work or if Ultra Moon might be supported.

To follow the steps in the guide, you will need both a first and secondary 3DS console with the same game installed, and both must have the same initial versions; otherwise, the exploit will not work. During this time, the exploit will run in the background on your second 3DS, and you must start a new game using Litten or Popplio as the starter. As you progress through the game, you will need to visit the nearest Pokémon Center. From there, access the Start Menu, select Quick Link, and connect. The first 3DS connected to the secondary will suddenly crash and reset. From there, load the save file and you'll be in the Champions Room to battle with a Level 100 "Darkrai", which is where the code-execution will begin.

:arrow: Source
 

Fishaman P

Speedrunner
Member
Joined
Jan 2, 2010
Messages
3,330
Trophies
1
Location
Wisconsin
Website
twitch.tv
XP
2,382
Country
United States
I guess I'm having a hard time understanding--what implications does this have for speedrunning, per se?
The author used this example code to teleport to the Champion's room from a near-fresh save file, and entered the Hall of Fame in under 40 mins because of it. Of course this would never become an actual category.

In the future, I could see race communities using this exploit to skip intro cutscenes or start with a predetermined mon and stats.
 

duwen

Old Man Toad
Member
Joined
Sep 6, 2013
Messages
3,259
Trophies
2
Location
Bullet Hell
Website
www.exophase.com
XP
4,504
Country
United Kingdom
I wonder if this will spike the price of pre-owned copies of Ultra Sun?
Quick check of CeX shows it's currently at £35 (Ultra Moon is actually more expensive at £38) - let's see where they're at in a month or two.
 

LokeYourLord

Well-Known Member
Member
Joined
Jan 3, 2017
Messages
208
Trophies
0
Age
27
Location
Seoul
XP
852
Country
Korea, South
This is once again one of those cases where I'm just sitting here, bamboozled, at how the fuck someone managed to even figure out and find such a teeny tiny, overtly specific loophole/exploit/bug in the game. It's on the same level as some of the "out of map" exploits in some of the older Call of Duty games, it just truly makes you wonder what the hell people do with their time or how the hell they even find these exploits to begin with. Absolutely insane, but kudos to the dev for even finding something like this... :wacko:
 

Scarlet

Editorial Aspirant
Editorial Team
GBAtemp Patron
Joined
Jan 7, 2015
Messages
5,439
Trophies
2
Location
Middleish South-Left
Website
scarlet.works
XP
16,957
Country
United Kingdom
Does Ultra Moon have the same exploit as Ultra Sun?
The exploit appears to only work correctly with "Ultra Sun" at the time of writing with version 2.2.0; however, it is unclear whether older versions will work or if Ultra Moon might be supported.​
 

Sir Tortoise

Well-Known Member
Member
Joined
Jan 5, 2016
Messages
194
Trophies
0
XP
1,610
Country
It's very cool just by itself, but I don't think this would be used for any serious speedrunning unless there was a way to set this exploit up without external tools. Otherwise you'd just have a homebrew application on your 3DS that immediately edits your save file to complete the game.
 

LokeYourLord

Well-Known Member
Member
Joined
Jan 3, 2017
Messages
208
Trophies
0
Age
27
Location
Seoul
XP
852
Country
Korea, South
I already did, and found nothing. It may have but the article doesn't even mention it :wtf:
You are capable of making a logical inference without having to read the exact words you're looking for and understand from context, right? Yes, it isn't outright mentioned that Ultra Moon is/isn't supported, but there are enough references made to it either directly or indirectly that you can make a logical inference and draw a conclusion by what is being said, no?

What has happened to people these days, all of the most modern educational systems and institutions in the world and yet so many fail at basic fifth grader reading comprehension. We're done for I swear... :nayps3:

#bringbackshaming
 
  • Like
  • Angry
Reactions: Ricken and SDA

wurstpistole

GBAtemp MVP
Member
Joined
Nov 19, 2015
Messages
4,681
Trophies
1
XP
5,553
Country
United Kingdom
I wonder if this will spike the price of pre-owned copies of Ultra Sun?
Quick check of CeX shows it's currently at £35 (Ultra Moon is actually more expensive at £38) - let's see where they're at in a month or two.
Presumably not, since you have been easily able to hack any 3DS without the need of a physical game copy for years now.
 

SylverReZ

80s/90s Commodore Fanatic
OP
Member
GBAtemp Patron
Joined
Sep 13, 2022
Messages
8,047
Trophies
6
Location
The Wired
Website
m4x1mumrez87.neocities.org
XP
24,168
Country
United Kingdom
I wonder if this will spike the price of pre-owned copies of Ultra Sun?
Quick check of CeX shows it's currently at £35 (Ultra Moon is actually more expensive at £38) - let's see where they're at in a month or two.
I doubt the price would ever go higher. A lot of 3DS exploits don't need a game like Cubic Ninja to install custom firmware these days.

I'd like to agree, but look what happened with that Alien game on PS1 despite there being many free alternatives available to run backups on that system.
That's because of the shear number of scalpers who have watched Modern Vintage Gamer's video skyrocketing the price.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • Psionic Roshambo @ Psionic Roshambo:
    I haven't tried those yet.
  • K3Nv2 @ K3Nv2:
    Rp5 is gonna be awesome for ps2
    +1
  • Psionic Roshambo @ Psionic Roshambo:
    Been just doing PS2 on PC and it looks pretty good
  • K3Nv2 @ K3Nv2:
    Might even get some ps3 to work
  • Psionic Roshambo @ Psionic Roshambo:
    Ken I'm not sure the Pi5 can do justice to the PS2, Pi6 probably?
  • BigOnYa @ BigOnYa:
    Yea ps2 plays well on rp5, can confirm
  • K3Nv2 @ K3Nv2:
    No retroid pocket 5
  • Psionic Roshambo @ Psionic Roshambo:
    I haven't tried it yet
  • Psionic Roshambo @ Psionic Roshambo:
    Ahhhh lol
  • BigOnYa @ BigOnYa:
    Oh, this whole time thought you meant raspberry pi 5
    +1
  • Psionic Roshambo @ Psionic Roshambo:
    Me too lol
    +1
  • K3Nv2 @ K3Nv2:
    Adreno 650 is like galaxy s6 specs?
    +1
  • Psionic Roshambo @ Psionic Roshambo:
    But PS2 works on a Pi5? I use Batocera so that's also a factor. Wouldn't mind adding a hundred or PS2 games
  • K3Nv2 @ K3Nv2:
    Early 2020 was 650 feels older
    +1
  • K3Nv2 @ K3Nv2:
    1050 equivalent
    +1
  • BigOnYa @ BigOnYa:
    Yea I've played lots of ps2 games on my pi5 8gb, they play well. I've never tried texture packs on it yet tho, may try for shits n giggles to see.
    +1
  • Xdqwerty @ Xdqwerty:
    what you talking about now
  • Psionic Roshambo @ Psionic Roshambo:
    I have mine OCed to 2.6Ghz so that could help me
    +1
  • BigOnYa @ BigOnYa:
    I have my pi in an arcade cabinet, and the stick w buttons is kinda tough to play modern games, so mostly play arcade classics on it. Was thinking of buying another, but w dev mode on xbox, prob won't now.
  • BigOnYa @ BigOnYa:
    imag0243-jpg.289459
    My cabinet I made, still need to paint/ finish it.
    +2
  • K3Nv2 @ K3Nv2:
    Is it fireproof
    +2
  • Xdqwerty @ Xdqwerty:
    On the third floor of a mall that I sometimes go to, there is an arcade room
    +1
  • SylverReZ @ SylverReZ:
    @BigOnYa, Wow, looks so cool. How long did it take you to build it, and what hardware did you use?
    +1
  • Xdqwerty @ Xdqwerty:
    ok im too stupid to understand what you are talking about
    Xdqwerty @ Xdqwerty: ok im too stupid to understand what you are talking about