Plumber Injection Attack In Bowser's Castle

An anonymous reader writes to make sure everybody Yoshi Bullet Bill Reznor is aware of Security Advisory SMB-1985-0001: Plumber Injection Attack in Bowser's Castle. "Ksplice, working in conjunction with Lakitu Cloud Security, has released a high-severity advisory about a Plumber Injection attack in multiple versions of Bowser's Castle. An Italian plumber could exploit jump on headbutt fireball this bug to bypass security measures (walk through walls) in order to rescue Peach, to defeat Bowser, or for unspecified other impact theft of giant gold coins consumption of narcotics vicious attacks on Koopas . This vulnerability is demonstrated by 'happylee-supermariobros,warped.fm2.' Attacks using this exploit have been observed in the wild, and multiple other exploits are publicly available. A bouncing star patch radioactive flower Tanooki suit has been made available."

Plumber injection attack?

[Shikaku]

Are we talking about pipe cleaning?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Tackhead]

Are we talking about pipe cleaning?

Yes, that's what Peach calls it.

The Princess? She had a crush on Trent Reznor, couldn't get enough of that Nine Inch Goombas [watchplayread.com] action in her never-ending quest to get Closer to Mario [d8i.com]...

Re:

[Kagura]

High-production-value Mario parody called "Do the Mario" [youtube.com]. It's highly relevant.

Re:

[TitusC3v5]

More like spanking the monkey [youtube.com], really.

Re:

[Thud457]

holy crap /., all day , notstop, and not a serious article worthy of discussion.
oh, wait, that's every day around here...

way to go fucking overboard. It would be more sneaky to keep the normal submission queue going and slip a few carefully-crafted ringers into YRO and then watch the resulting 1500-post flamefest.

"fool me once, shame on me. fool me 23 times without respite, fuck you!" hhok...

Re:

[TaoPhoenix]

No, then the next story will come through next week that the law saying basically "every copyrighted word or picture in any form is a felony" will go through Congress except it will be real, and we'll be begging for April Fool's day.

Italian?

[Anonymous Coward]

What about a Swedish Plumber? Or is the difference in meatball consumption important?

It just keeps getting worse.

[kyrio]

I just want my achievement!

Re:

[aitmanga]

I just want my achievement!

Me too

Re:

[SteveFoerster]

Sure, why not?

Re:

[J053]

Me too!

I'm usually game for these,

[Anonymous Coward]

...but this has got to be the least-creative April fools article in history. Really, really lame.

Re:

[macshit]

You've got to admit it's a great headline though -- reading that was the first time I actually laughed out loud this april 1st...

Sure, it's all pretty lame, especially compared to the sublime "OMG ponies!1!" -- but except for that (what on earth happened that year?!), slashdot's april fools have always been lame.... it's a slashdition!

Re:

[Anonymous Coward]

Please STOP with the reading of Slashdot on April Fools' day. You do NOT have a sense of humor.

Re:

[Jon.Laslow]

I just use the "Mark All Read" feature on my RSS feed.

Plumbers high on mushrooms

[thomasdz]

It always seem that they are hopped up on mushrooms and screaming that they're running away from "Goombas" or some other ridiculous thing.

Ok I actually laughed at this one.

[AbRASiON]

Pretty good, but I only just logged in this morning (Australia) so I saw them in all in a row.
Plumber injection attack indeed, which reminds me - on topic
http://www.pbfcomics.com/?cid=PBF213-Mario_Too.jpg [pbfcomics.com]

Epic

[Reapman]

Great read, but seriously, isn't this news a bit old? I mean we're talking about a product several revisions old. I'm sure in the years since this product was originally published Bowsers had a chance to install additional safeguards to the perimeter. I doubt a single plumber could ever break in now....

Re:

[jd2112]

No, but two could...

Rated: Not Funny

[Haedrian]

(Title is a throwback to a very old game, anyone want to guess?)

Seriously, the first few were good, it was all quite funny.. this one is just... meh.

Can we be finished with this day already?

Re:

[geekoid]

No mater how much you wish it, this day will be as long as all the others. so..go away.

Somewhat on topic

[nebaz]

This is old, but I enjoyed it. 'New Super Mario Bros'. movie trailer. [youtube.com]

Does the patch actually work?

[Daetrin]

Did they just make up something random, or could you actually apply the patch to a ROM and "fix" the "bug"?

Re:

[godblessthenet]

It's a real patch. The second video is the result of attempting to run the same speed run on a patched copy.

Re:

[Shikaku]

http://blog.ksplice.com/2011/04/smb-1985-0001-advisory/ [ksplice.com] Which can be viewed here. You know, the first link in the article.

Re:

[Daetrin]

Ok, as long as you want to point out the obvious, does the second video (which i'd already watched before i asked the question, thanks) actually show the results of a patched rom? Or did they just tweak the speed run script a tiny bit so that it looks the same but the bug fails to be triggered? If it were a serious article i'd be willing to take them at their word, but since the whole thing is a joke anyways i couldn't blame them if they "cheated" in order to make it more humorous.

Re:

[godblessthenet]

Yes, it actually shows the results of a patched ROM. There is a (short) analysis of the patch at: http://www.reddit.com/r/programming/comments/ggeac/security_advisory_plumber_injection_attack_in/c1nefj4 [reddit.com]

no Gottlieb / Premier make you pay $30+ rom update

[Joe The Dragon]

no Gottlieb / Premier will make you pay $30+ rom update and use the DMCA to shutdown any giving out the code for free.

Re:

[RabidJackal]

Whoops, didn't notice this comment before I posted :)

It works; but it messes with the wall ejection routine to the point that you'll easily get stuck in normal gameplay. see my technical comment [slashdot.org] for further info on how it works.

Who still runs smb anymore?

[rsilvergun]

I'm an old codger, and even I've upgraded to the 64-bit version. [wikipedia.org]
, and I suspect most people are at least running the 128-bit version [wikipedia.org], although I've heard it's a downgrade.

yay news!

[Pheonix28]

Gotta love April 1st... all the wonderful "news" stories that get posted, just wonderful.

Better than other forms of injection

[Tisha_AH]

They could have injected it into Bowser's shorts. He would be walking really funny.

OK

[guybrush3pwood]

Ok, why am I getting all these combo boxes in the posts? It's driving me nuts.

Re:

[geekoid]

What are you talking about?

Re:

[farkus888]

I don't think anyone else is seeing them, must be something wrong with your browser.

Re:

[mattack2]

Or even his Bowser.

Re:

[guybrush3pwood]

I'm getting this in two different PCs in both Chrome and Internet Explorer. The HTML code of the posts has select tags in some words. I'm not getting this in any other page. I want to kill somebody.

Re:

[guybrush3pwood]

Oh my, oh my... Let it be noted: we don't have April Fools over here...

Ih he had uses

[geekoid]

Open Sewer he could have patched these himself years ago.

Patch Mechanics

[RabidJackal]

For those interested, the provided patch works by loading a fixed value of 1 into register A during the wall ejection routine instead of loading the value in address 0x45. 0x45 keeps track of the way Mario is facing.

So basically, the wall ejection routine kicks in, thinks Mario is facing right (1), and ejects him left (back out of this wall).

(Information collaborated with Ilari of TASvideos [tasvideos.org] and the SMB RAM Map on Data Crystal [romhacking.net].)