In the world of personal computing, hacks that exploit memory errors to allow for the execution of arbitrary (and often malicious) code are far from surprising anymore. What's more surprising is that such "arbitrary code" bugs are also present on the relatively locked-down computers inside of video game consoles.
This was demonstrated quite dramatically last week at Awesome Games Done Quick (AGDQ), an annual marathon fundraiser that this year raised over $1 million for the Prevent Cancer foundation. The event focuses on live speedruns of classic games by human players and included a blindfolded Mike Tyson's Punch-Out!! run that ranks among the most impressive live video game playing performances I have ever seen. The most remarkable moment of the weeklong marathon, though, came when a robotic player took "total control" of an unmodified Super Mario World cartridge, reprogramming it on the fly to run simple versions of Pong and Snake simply by sending a precise set of inputs through the standard controller ports on the system.
The two-and-a-half minute video of this incredible exploit is pretty tough to follow if you're not intimately familiar with the state of emulator-assisted speedruns. At first, it looks like the game must have been hacked in some way to allow for things like multiple on-screen Yoshis, item boxes that spawn multiple 1-ups, and the ability for Mario to carry items while riding on Yoshi. In actuality, these seeming impossibilities are just glitches that have been discovered over the years through painstaking emulated playthroughs by the community at TASVideos (short for tool-assisted speedrun videos).