Serial interrupt ACE: Difference between revisions

Serial interrupt ACE (view source)

603 bytes added , 11 days ago

m

→‎Example setup: Minor mistake in disasm

20

edits

Revision as of 23:08, 6 May 2024 (view source) Kagamiin (talk \| contribs) (Adding tags; replacing "exploit" with "glitch" in certain places; adding incomplete/researchneeded notices) Tag: Visual edit ← Older edit		Revision as of 23:44, 7 May 2024 (view source) Kagamiin (talk \| contribs) m (→‎Example setup: Minor mistake in disasm) Newer edit →
(2 intermediate revisions by the same user not shown)
Line 102: Main code: 3E 81 E0 01 E0 02 F0 43 0E 01 A9 E0 43 C9 {{Explanation\|title=Disassembly of the payload  \|contents=  ld a, $81 ; 3E 81 ldh [rSB], a ; E0 01 ldh [rSC], a ; E0 02 trigger serial transfer ldh a, [rSCX] ; F0 43 read X scroll ld c, $01 ; 0E 01 xor a, c ; A9 toggle X scroll LSB ldh [rSCX], a ; E0 43 write it back ret ; C9}} To prepare the setup: Line 134 ⟶ 144: == Attribution == * Invalid printer opcode ACE was originally discovered by Evie in 2021.<ref>https://youtube.com/watch?v=FI8pPtMdMe0</ref> * This article was originally written by Kagamiin, who also originally discovered the exploit. * This article was originally written by Kagamiin, who discovered that a serial interrupt could be used to trigger invalid printer opcode ACE and create an infinite interrupt chain. * TimoVM coined the name "Serial Interrupt ACE" for this technique. Line 141 ⟶ 152: * [[Arbitrary code execution]] * [[OAM DMA hijacking]] <references /> [[Category:Arbitrary code execution]] [[Category:Generation I glitches]]