2022-07-25, 15:00–15:50, Battery 🔋
TASBot has appeared at multiple charity events raising more than $1.3M to date by hacking classic video game consoles through controller ports. In this talk, dwangoAC will show how TASBot, with help from a human speedrunner, can use a Stale Reference Manipulation exploit in the N64 game Legend of Zelda: Ocarina of Time to achieve persistent Arbitrary Code Execution to obtain the Triforce and many other surprising outcomes that have to be seen to be believed.
The TASBot community, led by dwangoAC, has exploited glitches in a variety of creative ways leading to Twitch chat streamed through a Super Game Boy, Super Mario Bros. being played inside Super Mario World, and many more. Most of these exploits were on older NES and SNES consoles, but what could be done if Arbitrary Code Execution could be achieved on an N64? This talk aims to show the beautiful results that can ensue after taking complete control of Legend of Zelda: Ocarina of Time, including obtaining the Triforce itself! The talk will cover controller protocol evil maid attacks, Stale Reference Manipulation (Use After Free) exploitation, a four stage bootstrap chain to attain high speed data transfer, and more with audiovisual elements that are sure to be a surprise.
Allan Cecil (dwangoAC) is a security consultant with Bishop Fox by day and is a published author, patent holder, and accomplished public speaker. He is on staff as senior ambassador of TASVideos.org, a website devoted to using emulators to complete video games as quickly as the hardware allows. As keeper of TASBot he is a Twitch partner at https://Twitch.tv/dwangoAC and a YouTube partner at https://YouTube.com/dwangoAC supported by a vibrant https://Discord.TAS.Bot community. He participates in Games Done Quick and other charity speedrunning marathons, using TASBot to entertain viewers with unique glitches in games that have helped raise more than $1M for various charities.