Language…
9 users online:  AmperSam, Cristian Cardoso, CroNo, Dan2point5, Hayashi Neru, JeepySol, JPhanto, Maw, random_box - Guests: 255 - Bots: 361
Users: 64,795 (2,377 active)
Latest user: mathew

#serioushax presents: Serious Hacks. (ZSNES USERS READ)

@Counterfeit a.k.a. Jr. Troopa

The rom opening a website is not by ASM, a snes game cannot do that. The emulator must've think that a string of text or code in the rom has commands for the emulator only, not for the game itself to do something else. In other words, the emulator reads the instructions as "emulator instructions", not "rom" opcodes. I think the exploit is came from the "about" menu window, that has a button that opens the official zsnes website.
Give thanks to RPG hacker for working on Asar.
Originally posted by Gregor
I like how apathetic some of you people are about this.


Not me, I'm actually happy for this. I don't understand how people just don't like ZSNES, up to the point where there was even a patch warning others about music breakage, etc.
Despite how many people hate it, I'm not switching to Higan nor Snes9x.

e: ghb ninji'd me
Originally posted by GreenHammerBro
@Jr. Troopa

The rom opening a website is not by ASM, a snes game cannot do that. The emulator must've think that a string of text or code in the rom has commands for the emulator only, not for the game itself to do something else. In other words, the emulator reads the instructions as "emulator instructions", not "rom" opcodes. I think the exploit is cane from the "about" menu, that has a button that opens the official zsnes website.
It's not in the About menu and I know where it is, but out of respect, I'll let the people who made this ROM explain it to you when the time comes. (No, an SNES game isn't supposed to do that, but a ZSNES bug allows it to happen, so...)

Just look above you...
If it's something that can be stopped, then just try to stop it!
Okay, in the future, if anyone submits a (homebrew) rom or an ips patch hack that makes the rom with new exploits to modern emulators to infect their computer with malware, the submitter shall be banned permanently, with no "lenientcy" (as in zero tolerance), not an x amount of time to return. Even if it's "accidental" or "unintentionally". I had sunkist.notifyicondata already wreaked my files before killing it. And have accidentally damage innocent files. Causing several softwares to lose their functioning, displaying blank error messages.

Is this is a good idea? One user submitted a tool program named "xkas gui" and it contain malware (in a "classic" way), the user was banned for 24 hrs for that. "Regardless if intentional or not" what the moderators said. God I hope I get a new computer soon, I just notice ransomwares are elvolving after each previous version is defeated. Look up "cryptolocker", look up this. It's like antibiotic resistance.
Give thanks to RPG hacker for working on Asar.
Finally, I can force players to look at some nasty hentai online. Zsnes never fails to impress me. #smw{:TUP:}
Originally posted by MolSno
Finally, I can force players to look at some nasty hentai online. Zsnes never fails to impress me. #smw{:TUP:}
Do what Kid Adventure 3 did: no warning on the level's contents, no opting out once you enter the bonus level, just straight up hentai for beating a boss. ;P

Originally posted by GreenHammerBro
proposing a strict rule against malicious software
You're about 9 1/2 years late, bro.

(Un?)fortunately for me, this exploit just causes ZSNES on my Linux build to segfault so I don't get to see the full extent of what it'd be made to do, and I wouldn't recommend any hack moderator ever testing it out on their native OS in case someone puts something in it that'd FUBAR their installation and I am not going to force moderators to test a hack twice (once in ZSNES in a Windows VM and another in an accurate emulator) because that's ridiculously time-consuming for an ancient emulator. We have dropped ZSNES support over a year ago in hack moderation, and with this security issue, we have more reason than ever before to stay away from it.

SMW hacks made prior to the official release of this ROM, and all ones hosted on this site, are safe to run in ZSNES (regardless of whether they run as intended) as in the past, moderators used to use it without bad things happening (see legacy section and remoderation) but any hack released after the release, I urge people to not use ZSNES 1.51 or older on those hacks in case someone decides to dick around.

An official announcement will come later.

Just look above you...
If it's something that can be stopped, then just try to stop it!
So when is ZMZ going to be legit enough so I can switch asap?
Originally posted by Maruhai
So when is ZMZ going to be legit enough so I can switch asap?


It should be already if you don't mind some random, quiet noise in the audio (that doesn't always happen, by the way), the lack of netplay and the video recording feature.

I wish Alcaro could fix at least the audio thing... that'd be golden.
Originally posted by Masterlink

I wish Alcaro could fix at least the audio thing... that'd be golden.

Indeed, try playing the Haunt... you'll hear it...
Originally posted by Masterlink
It should be already if you don't mind some random, quiet noise in the audio (that doesn't always happen, by the way), the lack of netplay and the video recording feature.

I wish Alcaro could fix at least the audio thing... that'd be golden.

Yeah that's what I'm hoping for too, video recording is nice too but I could do without it.
Originally posted by Masterlink
Originally posted by Maruhai
So when is ZMZ going to be legit enough so I can switch asap?

It should be already if you don't mind some random, quiet noise in the audio (that doesn't always happen, by the way), the lack of netplay and the video recording feature.

I wish Alcaro could fix at least the audio thing... that'd be golden.

Yeah, there's other problems with ZMZ too (hi terrifying slowdown), but it should be good enough.

I wonder...does this exploit work in ZMZ? (probably not, but I might as well ask)
Originally posted by RanAS
I wonder...does this exploit work in ZMZ? (probably not, but I might as well ask)
Nope, just ZSNES.

Just look above you...
If it's something that can be stopped, then just try to stop it!
Originally posted by Maruhai
So when is ZMZ going to be legit enough so I can switch asap?


Never because Alcaro is done with it.
My hat is off to you gentlemen. You guys are wizards :D

Quote
There are rumors across the Internet of a ROM that can break out from ZSNES and launch a program on the host computer.


Even more reason to use ZSNES! Just imagine how much more powerful your SMW ROM hacks could be if you harness the power of the host x86 PC! MSU1 can't hold a candle to having a quad-core i7 at your disposal.

Quote
We will release the ROM once ZSNES 1.52 is released


So, in other words, never =(

(I kid, but only a little bit ...)

Quote
if it's released before that, it'll put all ZSNES users at risk.


Just noting that they're still completely at risk. It's possible black hats have already found this, or will seek this out now.

Infosec set deadline dates to motivate vendors to patch quicker. You should give them 2-4 weeks before releasing this.

And yes, I would say the same thing if this were my software that was exploited here.

Quote
Probably there's lot of exploits on ZSNES so even if you stick to v1.52, it's still better to use an accurate emulator instead.


There is absolutely many more exploits like this to be found.

I do want to warn everyone though, other emulators aren't immune to this either.

We're better protected by nature of having cleaner, less dangerous code. But this sort of thing happens to all sandbox software (in a way, an emulator is a sandbox.) It would be foolish of me to act like bsnes is immune.

However, one thing I am working on with bsnes/higan, is to offer **optional** ROM signing. That would ensure this sort of thing wouldn't happen, if you were to stick to signers you trust.

Quote
It's currently unknown how many others have known of this exploit or if ROMs exist in the wild yet that make use of it.


I am 90% certain I saw one many years ago that called MessageBoxA. But unfortunately, it was so long ago, I have no idea how to go about finding it. It was probably pre-v1.51 too.

Quote
Can you make it FORMAT c:\ ?


Yes, you absolutely can. And much, much worse.

Quote
Despite how many people hate it, I'm not switching to Higan nor Snes9x.


Don't worry, pretty soon SMW hacks will silently replace your ZSNES with ZMZ, and you'll be none the wiser ;)
Well, I already knew about this whole thing long before C3, but...I still find it rather amusing. I probably wouldn't use it for any sort of mischief, but considering I never test my hacks in ZSNES, I wouldn't do it for homebrew either, and there's at least one feature of the hardware I want to use that I think ZSNES doesn't emulate properly, it might be a good idea to have some kind of warning (such as this) anyway.

Funny thing, I've actually used 4 different emulators in about as many days: SNES9X 1.53 is what I have Lunar Magic's emulator shortcut set to run as well as what I normally use for LPs, but when I'm just playing a SNES game or hack without recording it, I usually use higan 0.92-accuracy (no, not 0.94...sorry, byuu; I still prefer to open ROMs with the right-click menu), and I use bsnes 0.72 for debugging. (Though I have had at least one occasion where something broke in 0.92 but not 0.72, so that's obnoxious.) I used higan 0.92-balanced for my Rabbit Rampage LP, though, because the sound was going staticky in SNES9X. I don't trust my computer to run any version of bsnes/higan in conjunction with an active screen recorder for every game (and especially not accuracy mode), but it seemed to work all right there. The only reason I even keep ZSNES around is for ripping graphics, and from what I've heard, ZMZ's savestates are similar enough that they still work in both the ripper and Racing Stripe.

----------------

I'm working on a hack! Check it out here. Progress: 64/95 levels.
Originally posted by GeminiRage
*continues to play on ZSNES*

So what was that all about just now?

ZSNES requires blood.

Your blood.

Originally posted by tcdw
Since it probubly won't be released, I will keep using ZSNES for playing other people's hack without any special chips.

Oh that's what you think.

Looks like I'll have to nag Nach some more.

Originally posted by Mogsiah
image

That's two donors for the blood bank.

Originally posted by GreenHammerBro
The rom opening a website is not by ASM, a snes game cannot do that.

Yes, of course it's impossible.

As are NGHE and LMSW. 'Impossible' just makes it more interesting, it has never really stopped me.

Originally posted by byuu
My hat is off to you gentlemen. You guys are wizards :D

Evil wizards.

You may call me Lord Voldemort.

Quote
MSU1 can't hold a candle to having a quad-core i7 at your disposal.

Didn't you joke about a MSU2 a while ago that does exactly that?

How's bZSNES v2 going? Absolutely mandatory to emulate at least one of these bugs.

Quote
Infosec set deadline dates to motivate vendors to patch quicker. You should give them 2-4 weeks before releasing this.

And yes, I would say the same thing if this were my software that was exploited here.

The difference is that you're slightly less dead.

The fixes have been written, but yeah, if Nach remains dead for another week, I'll have to publish it anyways.

I did obfuscate the ROM a bit, but that won't do much to deter people who know how to use debuggers...

Quote
I am 90% certain I saw one many years ago that called MessageBoxA.

Screw MessageBoxA, it's boring. ShellExecuteA all the way!

But yeah, I've heard the same things (though I didn't look very closely). That's the 'rumors across the Internet' I'm refering to.

Quote
But unfortunately, it was so long ago, I have no idea how to go about finding it.

Probably unpublished due to exactly these virus risks.

No idea why the bugs weren't reported and fixed. Or maybe they were, and we're looking at entirely different bugs here, who knows? ZSNES is a quite entertaining device...

Quote
It was probably pre-v1.51 too.

These bugs have been there for ages. I found exactly the same vulnerable code in v1.17B, I'd just need to adjust some offsets to run it on that too. I think they've been here since SA-1 was first added, back in 1997 or 1998 or something.
<blm> zsnes users are the flatearthers of emulation
Quote
Didn't you joke about a MSU2 a while ago that does exactly that?


Key word is joked. ZSNES went ahead and made it a reality :P

Quote
How's bZSNES v2 going? Absolutely mandatory to emulate at least one of these bugs.


That's going to be especially hard to emulate on my Raspberry Pi 2.

Does it also have to support the Win32 'shell browser' API you called?

Quote
No idea why the bugs weren't reported and fixed.


I've reported bugs and submitted fix patches that didn't even impact performance, and had them rejected (most famously, VRAM writes during active display. It even eliminated their need for the 'Hook' game-specific hack.)

Not only does ZSNES not want to fix their bugs, they want to keep them for backward-compatibility with ROM hacks that are dependent upon them.

I think you may have found the one exception here ... although if someone comes out with an amazing hack based on this exploit before Nach is finished, they might just go ahead and keep things the way they are :P
I didn't know byuu hang around here. Neat I suppose?
I think there is a legitimate use for this, to direct the user to bsnes download page if ZSNES is detected. ;) Would end all these questions about ROMs not working in ZSNES.

Originally posted by Mr. GreenThunder

Can you make it FORMAT c:\ ?


You cannot unless ZSNES runs with administrator rights and it should never run with administrator rights.
If we're trying to persuade long-time stubborn users into switching emulators because of a security flaw, why would we not recommend ZMZ first? I've seen this happen a few times. ZMZ was listed as the fourth recommendation in the OP of this thread instead of the first, and in the VLDC8 release thread ZMZ was nowhere to be found - I had to tell SNN to include it as a suggestion. I think we should start trying to get more word out about this because long-time users of ZSNES are obviously going to be much more inclined to switch to an emulator with the same everything (mainly GUI) but with improved accuracy.