Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Arbitrary Code Execution Discussion

Executing arbitrary code on the SNES with 8F and the Super Game Boy - Page 1

Executing arbitrary code on the SNES with 8F and the Super Game Boy

Posted by: shutterbug2000
Date: 2015-07-20 13:26:30
So, this whole thing started with me learning about a group at AGDQ 2015, who used the SGB and "TASbot" to display the twitch chat on the SNES, using the save corruption total control. But, I got thinking "Well, if it can be done with that code execution, it could surely be done with 8F. It is. I haven't executed "code" using the SGB yet, but it's definitely possible. What I HAVE done is send a "packet" from the Pokemon Red, to the SGB, to the SGB's pallet. The same could be done to execute arbitrary code on the SNES. You'd write the data somewhere in the SNES using packets, then use a JUMP packet to move the SNES program counter to the correct position.

Here's a video I made showing the pallet changing:

https://youtu.be/SITpiVC64sw

(I use a memory editor, but you could use the coordinate entering as well)