Jump to content


New Members
  • Content Count

  • Joined

  • Last visited

Everything posted by jimrandomh

  1. There are several published demonstrations of NES, SNES and GBC games where it's possible to trigger a bug in the game, corrupt memory, and get the console to execute arbitrary code. For example http://tasvideos.org/4961S.htmlwhich exploits a memory corruption glitch in Super Mario Bros. 3 to get the program counter into RAM, then starts loading programs in through the controller port. I'm looking to do something similar to an Atari 2600. The Arcade Learning Environment (ALE) is a machine learning/artificial intelligence testbed based on an emulated Atari 2600. AIs have realtime read access to the Atari's screen and memory, and write access to the controller ports and reset switch. But what if, instead of a primitive AI, you connected the ALE to a master hacker? I want to achieve total control over an emulated Atari 2600 in the Arcade Learning Environment, preferably through a bug in a well known game. Then I want to load a custom program that triggers memory corruption in the emulator, Stella, and use this to break out of the emulator to the host system, and from there build a connection between the controller port and the internet. (The ultimate purpose is to publish the result in a paper and make a point about AI safety - that not giving an AI internet access explicitly doesn't mean it can't acquire internet access). I have quite a bit of programming expertise including several assembly language variants, but have never programmed for the 6502. Before I dive deep into reverse-engineering Atari games, I'd like to sanity-check a few things with someone who knows the architecture well. In particular: 1. If the program counter points to RAM, will it actually execute, or will that crash the console? 2. In between the end of the ROM area of address space and RAM, are all the TIA read and write ports and some unallocated address space. Will attempting to execute these addresses crash the console or will it continue and execute $80? 3. Are there any already-known examples of game memory corruption bugs which might work? 4. How common are indirect jumps in Atari games? Thanks!
  • Create New...