How to get the Triforce on an N64 via controller input


Playlists: 'MCH2022' videos starting here / audio

TASBot has appeared at multiple charity events raising more than $1.3M to date by hacking classic video game consoles through controller ports. In this talk, dwangoAC will show how TASBot, with help from a human speedrunner, can use a Stale Reference Manipulation exploit in the N64 game Legend of Zelda: Ocarina of Time to achieve persistent Arbitrary Code Execution to obtain the Triforce and many other surprising outcomes that have to be seen to be believed.

The TASBot community, led by dwangoAC, has exploited glitches in a variety of creative ways leading to Twitch chat streamed through a Super Game Boy, Super Mario Bros. being played inside Super Mario World, and many more. Most of these exploits were on older NES and SNES consoles, but what could be done if Arbitrary Code Execution could be achieved on an N64? This talk aims to show the beautiful results that can ensue after taking complete control of Legend of Zelda: Ocarina of Time, including obtaining the Triforce itself! The talk will cover controller protocol evil maid attacks, Stale Reference Manipulation (Use After Free) exploitation, a four stage bootstrap chain to attain high speed data transfer, and more with audiovisual elements that are sure to be a surprise.