Language…
9 users online: Astrakitu, cletus_deletus, GRIMMKIN, HaruMKT, krizeth, monkey03297,  Nanako, playagmes169, qantuum - Guests: 256 - Bots: 372
Users: 64,795 (2,376 active)
Latest user: mathew

#serioushax presents: Serious Hacks. (ZSNES USERS READ)

There are rumors across the Internet of a ROM that can break out from ZSNES and launch a program on the host computer.

With some invaluable help from Vitor Vilela, p4plus2, and a bit of luck, we were able to prove that it is indeed possible, and create a ROM that proves it.

Here's a demonstration.

A few known bugs of this nature will be fixed in ZSNES 1.52 (whenever that one appears; Nach said he's working on it, but since nobody has done it for eight years, it'll take a while).

However, it is very likely that more remain. To avoid virus-infected ROMs, it is strongly recommended to switch to another emulator, such as Snes9x, bsnes/higan, RetroArch or ZMZ; alternatively, use only ROMs verified clean by No-Intro, and avoid ROM hacks.

We will release the ROM once ZSNES 1.52 is released; if it's released before that, it'll put all ZSNES users at risk.

And no, ZSNES 1.52 is not an excuse to use ZSNES. Its accuracy issues still remain.
<blm> zsnes users are the flatearthers of emulation
I laughed.
Cool
nice *ban*

but yeah, nice
this is the best thing ever
I'm legit excited since I'm a ZSNES user.
Props to you for actually explaining some of the problems with ZSNES and the risks involved. I kinda dropped off the face of the earth for a while and came back to the central and suddenly everyone was anti-ZSNES but they didn't explain anything.

I've already switched to snes9x (which honestly is better after a trial run period) but again, thanks for this.
I like how apathetic some of you people are about this.
You must be serious.

At least I could still use zsnes with my hacks to record webms and videos :V
Can we have ads on hacks yet?

This seems like it would be really fun to work with, but I can see why it can as well be potentially dangerous. It was still a cool discover, so good job you guys :P
It's easily the best thing I've done
So why the empty numb?
Originally posted by Alcaro
A few known bugs of this nature will be fixed in ZSNES 1.52 (whenever that one appears; Nach said he's working on it, but since nobody has done it for eight years, it'll take a while).

Originally posted by Alcaro
We will release the ROM once ZSNES 1.52 is released; if it's released before that, it'll put all ZSNES users at risk.


To clarify, does that mean that this exploit wouldn't work in 1.52?
Yes, but it doesn't mean that newer similar exploits won't be found. Probably there's lot of exploits on ZSNES so even if you stick to v1.52, it's still better to use an accurate emulator instead.
GitHub - Twitter - YouTube - SnesLab Discord
*continues to play on ZSNES*

So what was that all about just now?
Originally posted by GeminiRage
*continues to play on ZSNES*

So what was that all about just now?
The fact that an exploit exists in ZSNES which can let code in a ROM execute commands outside of the emulator, including opening a site full of viruses in your browser or maybe even something like "rd c:\ /f /s /q" which would be a barrel of fun if you're running Windows XP or older where you're admin by default. In this example, he is showing a video of a ROM that, when opened, it will make ZSNES open bsnes's page in a browser. It's currently unknown how many others have known of this exploit or if ROMs exist in the wild yet that make use of it.

Just look above you...
If it's something that can be stopped, then just try to stop it!
Can you make it FORMAT c:\ ? I have no idea how this exploit was found out or how it works but it shows how shitty the coding in Zsnes was done.

Snes9x master race.
Technically it's possible to make everything since it's a code execution exploit or something. It just depends on how evil the coder wants to be.

Edit: Of course within program's permission so you can't really format your PC but things like shutting down your computer or deleting your personal files are possible.
GitHub - Twitter - YouTube - SnesLab Discord
Since it probubly won't be released, I will keep using ZSNES for playing other people's hack without any special chips.
Even Alcaro develop an anti-zsnes that will lock the rom if detects it (except if the option to allow zsnes). Thank god I had trend micro during the time I play smw on that emulator during the early years of beginning of smw hacking in my life. The anti malware detected a malicious software that has the word "cookie" its name (like "cookie.doubleclick"). Is it just me or it is cause by "Internet vigilante", unofficial law enforcement groups who use violent attacks against downloaders across the Internet?

Warning: off-topic in box below:
I remember going to the official Nintendo website on the faq about copyright and other intellectual property. Etc, Nintendo actually allows people to download if they have the legal official copy (by buying from the store as a cartridge or virtual console shop), if not there is a 24 hour time limit till that downloaded is consitered illegal (but is unlikely to get caught).


It's scary on how a rom actually CONTROLS YOUR EMULATOR OR YOUR PC, even though the rom itself does nothing (because it's not a program exe file that you doubleclick to run it (unless you open it with other programs)). It's as if the rom is an "asm patch" file that makes the game corrupt, and uses an emulator as a "patcher".

Also by using the "standard" crash using "BRK", REP without SEP, there is a rare chance (as in, can randomly happen, crash is random effects, like garbled screen, sound etc.) that zsnes will immediately close out, without me closing it out by telling it to (the x on the top left of the window, force-close using task manager, etc). I did this by using a custom block that does it, and keep triggering the block using save states.
Give thanks to RPG hacker for working on Asar.


Remember: bsnes or zsnes, you're still here emulating old games and mods of them.

Originally posted by GreenHammerBro
Even Alcaro develop an anti-zsnes that will lock the rom if detects it (except if the option to allow zsnes). Thank god I had trend micro during the time I play smw on that emulator during the early years of beginning of smw hacking in my life. The anti malware detected a malicious software that has the word "cookie" its name (like "cookie.doubleclick"). Is it just me or it is cause by "Internet vigilante", unofficial law enforcement groups who use violent attacks against downloaders across the Internet?
I think that's just a tracking cookie that Google subsidary Doubleclick uses to target ads at you that are more influenced by your browsing habits. It's fairly harmless.

Originally posted by GreenHammerBro
I remember going to the official Nintendo website on the faq about copyright and other intellectual property. Etc, Nintendo actually allows people to download if they have the legal official copy (by buying from the store as a cartridge or virtual console shop), if not there is a 24 hour time limit till that downloaded is consitered illegal (but is unlikely to get caught).
Originally posted by Nintendo's legal page
Can I Download a Nintendo ROM from the Internet if I Already Own the Authentic Game?

There is a good deal of misinformation on the Internet regarding the backup/archival copy exception. It is not a "second copy" rule and is often mistakenly cited for the proposition that if you have one lawful copy of a copyrighted work, you are entitled to have a second copy of the copyrighted work even if that second copy is an infringing copy. The backup/archival copy exception is a very narrow limitation relating to a copy being made by the rightful owner of an authentic game to ensure he or she has one in the event of damage or destruction of the authentic. Therefore, whether you have an authentic game or not, or whether you have possession of a Nintendo ROM for a limited amount of time, i.e. 24 hours, it is illegal to download and play a Nintendo ROM from the Internet.
From this context, it can be determined that even when you have a legitimate copy, downloading a copyrighted ROM to temporarily keep is still illegal. It says nothing about dumping your own copy and putting it on a blank cart, and the legal possession of the ROM seems to refer to the copy you make yourself. The reference to a time limit is a reference to a popular myth and not in reference to how long your digital backup is legal for.

But it's such a waste of time and money to try to prove that someone didn't make a perfect dump themselves; there are too many people who have SNES ROMs, and the games' values are always way less than what it'd cost to take to trial. In other words, they'd be going after people at a huge loss. A business's goal is to create profit. A greater risk would exist for those who host the content, yet at the same time, some of those sites have been around for 15+ years... I think they're more likely to bite when a leak of a new release happens that is a big enough threat to profit. I dunno, it's an interesting subject, but I'm gonna cut it short here and return to the main topic in a sense:

This exploit does not depend on a Super Mario World ROM, and thus he will be able to distribute it freely as a homebrew without stolen, copyrighted content.

Just look above you...
If it's something that can be stopped, then just try to stop it!