Memory Hacking Mupen64plus SuperSmashBros - ZacharyShaver/Hacking_Projects GitHub Wiki

Getting Started

Test preformed by Zachary Shaver February 2, 2018

Purpose

  1. to locate and edit memory addresses in the game

Hypothesis

it is possible to change values of the health of the enemy to gain an advantage over the opponet

What you need

  1. Raspberry pi
  2. SD card with retro-pie image file set up
  3. Another computer to ssh into it with
  4. Ethernet cable
  5. HDMI and monitor to hook it up with
  6. Controllers comparable with the system
  7. Scanmem to locate addresses

Process

First needed to be done is to gain an understanding of the process of memory hacking

  • Scanmem is a program used to locate and edit memory addresses in a program
  • The essential process involves a few steps
    1. Locating the process id
    2. Locating the specific memory address
    3. Narrowing down search
    4. Editing the value
  • this is all much easier said than done
  • the first step i take is starting up the program

    GAME SETUP

       1. Stock
   2. 5 lives
   3. map of your choice i tent to stay away from the pokemon map and hyrule because they are so intensive
  • This creates a controlled environment where results can be tested for repetition

SSH into the PI

Once you are in there are a few basic things you need to do. first of all update the system with

  • sudo apt-get update
  • sudo apt-get upgrade

next install scanmem

  • sudo apt-get install scanmem

search for the memory address of the rom in the emulator

  • ps aux | grep retropie

the results should show a list of processes to locate the correct one look for

  • - <> - <> - <> - retropi/n64/roms/Super Smash Bros

the process id will be the first number value listed in the results under process id tab start scanmem *scanmem

next enter the process id as such

  • pid

time to begin narrowing down the search results this is done by changing the value between each search and slowly cutting it down to the final few hex values

  • hit the enemy
  • in the scanmem terminal type just the value you are searching for this may take a while
  • 9
  • a large number search results
  • hit the enemy new value 12
  • a smaller number of results
  • continue this until there is 10 - 4 results or it will not narrow the results past a certain value
  • 4 results found
  • change the value '
  • set 399

That is the maximum value for health in Super Smash Bros heres what will happen

  • noting at first
  • go hit them and see the results

Video Showing Results

The memory hack was found to be reproducible and reliable with the same methods used

Conclusion

from this experience i learned that this program can be used in ways that are not intended to vulnerabilities will always be found if you look close enough Can this sort of hack be prevented? with clever programming a programmer not only plans for immediate risks but also risks that will pop up in the future this leads directly into my next project of hacking a neural network i will create

Thank you for reading -Zachary Shaver

⚠️ **GitHub.com Fallback** ⚠️