Arbitrary Code Execution is in Another Castle!

When one buys a computer, it should be expected that the owner can run any code on it that they want. Often this isn’t the case, though, as most modern devices are sold with locked bootloaders or worse. Older technology is a little bit easier to handle, however, but arbitrary code execution on something like an original Nintendo still involves quite a lot of legwork, as [Retro Game Mechanics Explained] shows with the inner workings of Super Mario Brothers 3.

While this hack doesn’t permanently modify the Nintendo itself, it does allow for arbitrary code execution within the game, which is used mostly by speedrunners to get to the end credits scene as fast as possible. To do this, values are written to memory by carefully manipulating on-screen objects. Once the correct values are entered, a glitch in the game involving a pipe is exploited to execute the manipulated memory as an instruction. The instruction planted is most often used to load the Princess’s chamber and complete the game, with the current record hovering around the three-minute mark.

If you feel like you’ve seen something like this before, you are likely thinking of the Super Mario World exploit for the SNES that allows for the same style of arbitrary code execution. The Mario 3 hack, however, is simpler to execute. It’s also worth checking out the video below, because [Retro Game Mechanics Explained] goes into great depth about which values are written to memory, how they are executed as an instruction, and all of the other inner workings of the game that allows for an exploit of this level.

Continue reading “Arbitrary Code Execution is in Another Castle!”

Super Mario Run(s) — Away With Your Money

If you are an Android user and a big fan of Super Mario beware: there is no Android version! There has been no official news on the Android version yet, let alone a version of the game. There is, however, a version circulating outside of Google Play market that will steal your bank account.

Right now attackers are taking advantage of the game’s popularity and Android users despair to spread malware posing as an Android version of Super Mario Run as they did in the past for Pokemon GO. The trojan is called Android Marcher and has been around since 2013, mostly targeting mobile users financial information. After installation, the application attempts to trick users with fake finance apps and a credit card page in an effort to capture banking details. The malware also locks out Google Play until the user supplies their credit card information.

In this new variant of Marcher, it can monitor the device and steal login data of regular apps, not just banking and payment apps, and send the stolen data back to command and control (C&C) servers. Facebook, WhatsApp, Skype, Gmail, the Google Play store are all vulnerable. Criminals can exploit these stolen accounts to carry out additional fraud.

Zscaler researchers advice is:

To avoid becoming a victim of such malware, it is a good practice to download apps only from trusted app stores such as Google Play. This practice can be enforced by unchecking the “Unknown Sources” option under the “Security” settings of your device.

We may add to turn on “App Verification”. Verify Apps regularly checks activity on your device and prevents or warns you about potential harm. Verify Apps is on by default, as is Unknown Sources turned off. Verify Apps also checks apps when you install them from sources other than Google Play. Of course, there is a privacy trade-off. Some information has to be sent about the apps you install back to Google.

The main advice is: use common sense. It’s common practice for companies to release official apps versions through Google Play and highly unlikely to do it via any other way.

Thwomp Drops Brick on Retro Gaming

[Geeksmithing] wanted to respond to a challenge to build a USB hub using cement. Being a fan of Mario Brothers, a fitting homage is to build a retro-gaming console from cement to look just like your favorite Mario-crushing foe. With a Raspberry Pi Zero and a USB hub embedded in it, [Geeksmithing] brought the Mario universe character that’s a large cement block — the Thwomp — to life.

[Geeksmithing] went through five iterations before he arrived at one that worked properly. Initially, he tried using a 3D printed mold; the cement stuck to the plastic ruining the cement on the face. He then switched to using a mold in liquid rubber (after printing out a positive model of the Thwomp to use when creating the mold). But the foam board frame for the mold didn’t hold, so [Geeksmithing] added some wood to stabilize things. Unfortunately, the rubber stuck to both the foam board and the 3D model making it extremely difficult to get the model out.

Like [Han] in carbonite, that's a Rapsberry Pi Zero being encased in cement
Like [Han] in carbonite, that’s a Raspberry Pi Zero being encased in cement
Next up was regular silicone mold material. He didn’t have enough silicone rubber to cover the model, so he added some wood as filler to raise the level of the liquid. He also flipped the model over so that he’d at least get the face detail. He found some other silicone and used it to fill in the rest of the mold. Despite the different silicone, this mold worked. The duct tape he used to waterproof the Raspberry Pi, however, didn’t. He tried again, this time he used hot glue – a lot of hot glue! – to waterproof the Pi. This cast was better, and he was able to fire up the Pi, but after a couple of games his controller stopped working. He cracked open the cement to look at the Pi and realized that a small hole in the hot glue caused a leak that shorted out the USB port on the Pi. One last time, he thought, this time he used liquid electrical tape to waterproof the Pi.

The final casting worked and after painting, [Geeksmithing] had a finished cement Thwomp console that would play retro games. He missed the deadline for the USB Hub Challenge, but it’s still a great looking console, and his video has a lot of detail about what went wrong (and right) during his builds. There’s a great playlist on YouTube of the other entries in the challenge, check them out along with [Geeksmithing]’s video below!

Continue reading “Thwomp Drops Brick on Retro Gaming”

Super Mario on a Human-Machine-Interface!

super mario

Getting Super Mario to work on your TI-83 calculator is almost a rite of passage for young geeks, so we really liked this project where [Chad Boughton] managed to get it running on a PLC’s HMI screen instead!

He’s using a Danfoss DP600LX microcontroller with an HMI display along with a CAN bus joystick. This kind of equipment is typically used to control hydraulic systems, as well as display sensor data — [Chad] was curious to see if he could do animation with it as well — it looks like he’s succeeded! The funny thing is we’ve seen those “joysticks” before and it’s cool to see them used for something like this — like [Chad] said, they’re normally used for actuating hydraulic and pneumatic cylinders.

Stick around after the break to see Mario eat some mushrooms.

Continue reading “Super Mario on a Human-Machine-Interface!”

Super Mario Lamp Encourages Physical Activity

FALTIN1HRBE3Z2Y.MEDIUM

What better way to encourage jumping around in the house than by adding your own Super Mario style question block lamps?

It’s a fun and easy project to do because it makes use of an IKEA Sangen lamp — it just needs some slight modifications and a bit of art work to turn it into this iconic question block. You will be working with mains voltage though, so please be careful!

The lamp itself is made out of fabric which means it can be taken apart easily, and then dyed that classic orange hue. Using a stencil you can spray paint on the question mark and then it’s just a matter of adding a springy-latching-pressure-switch (that’s the technical term for them right?) in line with the light bulb. Results may vary, but [Anred] has a great guide on how to make it to get you started.

Now all that’s missing is a sound effect to go with the switch!

Continue reading “Super Mario Lamp Encourages Physical Activity”

NESBot video game automation

nesbot

If you happen to enjoy video games, but don’t actually like playing them, boy do we have the hack for you! [pjgat09] shows us how, armed with an Arduino, you can force a Nintendo to play games by itself, not unlike an old-time player piano. The hack involves programming an Arduino to accept commands mapped out in “movies”, which are actually scripted sets of button presses that one would perform while playing a game. These sorts of scripts are available from TASVideo, a community specializing in “tool assisted” speed runs of video games. These movies are typically used with emulators, so there are some adjustments that need to be made in order to make them work with a console, since the button presses are mapped to each frame that is drawn on the screen. While we are not sure quite how useful this hack is, it is a pretty novel concept. You can see video of the 5-minute SMB speed run after the jump.

Continue reading “NESBot video game automation”

Simple liquid dispenser for auto-cocktails

[Qdot] came up with a simple way to dosing out liquids to use in his Bartris project. As you can see above, flexible tubing is connected to some inverted bottles that house the liquid. A chopstick is attached to a board on one end, and via string to a servo on the other. When the servo turns it pulls the chopstick tight against the board, cutting off the flow of liquid through the tubing. This isn’t as elegant as the system the Bar2D2 uses but it’s a heck of a lot less expensive.

You can check out some of the build pictures in his Flickr pool. He’s included this concept in a project he calls Adult Mario. Watch the video after the break but the quick and dirty is that the more coins you score in Super Mario Brothers, the more beverage is rationed out into your cup. Ah, human lab rats, is there nothing they won’t do for booze?

Continue reading “Simple liquid dispenser for auto-cocktails”