Some like to garden in their spare time, while others prefer to smoke cigars or fold complicated origami figurines. Security researcher [grifter] [CTurt] seems to enjoy cracking consoles instead, and had a go at exploiting the Nintendo 64 over an obscure modem interface.
The 1990s were a wild time, where games shipped in cartridges. This format opened up crazy possibilities to add additional hardware to the cartridge itself. Perhaps most famously, Nintendo packed in the SuperFX chip to enable 3D graphics on the Super Nintendo. Later on, the N64 game Morita Shogi 64 shipped with an entire telephone modem in the cartridge itself. The resulting exploit is therefore dubbed “shogihax”.
Armed with a dodgy GameShark and a decompiler, [CTurt] set to work. Through careful parsing of the code, they were able to find a suitable overflow bug in the game when using the modem. Unlike more pedestrian savegame hacks, this not only allowed for the execution of arbitrary code but also the modem interface means that it’s possible to continually stream more data to the console on an ad-hoc basis.
It’s a great hack that takes advantage of a relatively accessible cartridge, rather than relying on more obscure hardware such as the N64DD modem or other rarities. We’ve seen other N64 homebrew hacks before, too. Video after the break.
Thanks to [grifter] for the tip!