Hacking Video Games: How TASBot Exploits Glitches and Plays Games Perfectly

TASBot is an augmented Nintendo Robotic Operating Buddy that can play classic video games without any of the button mashing limitations us humans have. By pretending to be a controller connected to a game console, TASBot sends carefully crafted sequences of button presses and exploits weaknesses in video games to execute arbitrary code on popular games such as Super Mario Bros. 3 and Pokemon Red.

After a brief overview of video game emulators and the tools they offer, I'll show a live demo of how the high accuracy of these emulators makes it possible to create a frame-by-frame sequence of button presses accurate enough to produce the same results even on real hardware. I'll show how the same tools can be used to find exploitable weaknesses in a game's code that can be used to trigger an Arbitrary Code Execution, ultimately treating the combination of buttons being pressed as opcodes.

This talk will explore the idea that breaking older video games using modern tools and techniques can be a fun way to learn the basics of discovering security vulnerabilities and will finish off by connecting a 25-year old Super Nintendo directly to the internet and allowing the audience to interact with it. An overview of some of the details that will be described in the talk can be found in an article I coauthored for the Proof-of-Concept security journal

Speaker: Allan Cecil, Ciena Corp