The emulator behind the Nintendo 3DS' Virtual Console is usually locked down to only run ROMs officially distributed through the Nintendo eShop. A new exploit released this week, however, opens the platform to load and run any existing Game Boy or Game Boy Color ROM.

The exploit relies on a buffer overflow error in the current version of the 3DS' Web browser. When loaded with specific timing, this overflow can be used to replace a legitimately purchased Game Boy Color game in the Virtual Console's memory with a ROM loaded on an SD card or stored at a Web address, as long as both ROMs are the same size. Game Boy Advance games currently aren't supported by the hack, and in-game saving functions don't work on side-loaded ROMs, though users can store progress using the Virtual Console's save state function.

While the exploit seems to work with any 3DS firmware up to the latest release (9.4), it doesn't seem to work with the Web browser found on the new 3DS that will launch in the US next month. This suggests it will be trivial for Nintendo to patch the memory hole out in a future release of the 3DS firmware and Web browser.

This is the second 3DS security hole to be discovered in recent months; in November, hackers exploited a buffer overflow in obscure 3DS title Cubic Ninja to allow the system to run unsigned, homebrew code.

This exploit also seems to confirm suspicions that the 3DS Virtual Console is built off an emulator that is perfectly capable of running Game Boy software without any modification on the part of the developer on Nintendo. While the slow drip of official eShop releases adds incidental features like digital instruction booklets, it appears there's no technical reason that Nintendo couldn't throw its entire legacy library onto the service for legitimate download.



Posted: Jan 28, 2015 6:07 pm
Related Forum: Gaming Discussion

Source: http://arstechnica.com/gaming/2015/01/exploit-allows-3ds-to-run-arbitrary-game-boy-roms/