Arbitrary code execution to convert Super Mario to Flappy Bird, done entirely by hand on a real device!
https://youtu.be/hB6eY73sLV0
The first exploit modifies the UI to show exact sprite co-ordinates (used for the payload), then the new game is 331 bytes written with spin jumps!
miniblog.
Related Posts
It's weird how even pure languages tend to treat the Unix execution model as ambient state.
Are there any PLs that define a main function like this?
fn main(args, stdin, stdout, env) -> exit code
YAML is a funny language: it's not Turing complete, but it can have arbitrary code execution bugs.
Computing AMD-specific instructions on Intel by just brute-forcing the whole execution space and seeing which values differ: