A popular new category has been created on the site movies which is getting a lot of attention - Executes arbitrary code. This category has been seeing a lot of arguments, questions, and speculation as to what qualifies and what doesn't.
After seeing the issues, on September 4 2014, I decided to create a thread which presents a very Grey situation and elicit responses in an extreme case to cut across the various viewpoints and determine what the key factors are.
The summary gathered so far is as follows:
- There must be arbitrary code added from a source which is external to the game.
- If the code is taken from elsewhere within the game itself, it's not arbitrary.
- The above must perform arbitrary execution.
- It should be capable of being able to perform any singular activity that the game itself would be able to perform from this point onwards. Otherwise, the execution isn't arbitrary enough.
- Ideally, the exploit used should not be intentional.
- For a counter example, exploiting Mario being pushed out of walls in Super Mario Bros. is a feature, not a bug, as it's designed to prevent Mario from being trapped.
- For another counter example, abusing Samus being knocked backwards at high speeds in a forward direction in Super Metroid is not a bug, as by design Samus is supposed to visually display damage this way.
This does leave some question if certain labels should be applied in certain cases, or if new labels should be created for the following scenarios:
- Getting the instruction pointer of the game to point where it shouldn't, and get it to execute other code at this point.
- More interesting is if it executes images and sound.
- More interesting is if the instruction pointer is modified to execute code in a misaligned fashion.
- The arbitrary code being ran is in a Virtual Machine or interpreter being ran and managed by the game's engine, thus having much less access as to what it can affect in the game, or limited as to how it can affect it.
- Interesting to consider how one system within another should be viewed when the internal system cannot affect the outer one, and the internal one is the one being exploited. Do we look at the internal system as being the one qualifying the staging point for arbitrary execution and thus qualifying, or do we look at the outer system that continued executing normally?
- For example, a Gameboy game being ran within the Super Gameboy would qualify for this concept, and it should be noted that DMG code executing in this scenario does have the capability to modify the SNES's RAM and its instruction pointer. I imagine similar scenarios do exist though where the above concept would apply yet the inner system is unable to affect the outer one.
- Interesting to consider how one system within another should be viewed when the internal system cannot affect the outer one, and the internal one is the one being exploited. Do we look at the internal system as being the one qualifying the staging point for arbitrary execution and thus qualifying, or do we look at the outer system that continued executing normally?