"Hacker Discovers How to Remotely Pwn a Game Boy Using 'Pokémon Crystal' After 22 Years"
Nintendo released an adapter in January 2001 that enabled Game Boy Color owners to play Pokémon online. Xcellerator, an independent security researcher, has now discovered a way to hack into another player's Game Boy 22 years later by exploiting a bug in the game. He described how he disassembled and studied the code behind the Mobile Adapter GB, the hardware cable that connected the Game Boy to the Internet via a mobile phone, and the Mobile System GB, the service that ran the adapter and allowed players to interact with their Pokémon Crystal characters. The adapter worked by sending data back and forth between the Game Boys of the two players in Pokémon Crystal. Xcellerator's initial approaches did not work out, but he still detailed them in his blog post. After much exploration, he discovered a vulnerability in the Japanese version of Pokémon Crystal, which he exploited using the mobile adapter. A flaw exists in the way Nintendo handles team names that allowed him to trick the Game Boy into treating another part of the message as the next bit of code to execute. By triggering this bug and injecting a 'program' into the messages, he was able to gain control of the Game Boy on the other end of the phone line, which would then execute the code he smuggled in. This article continues to discuss Xcellerator's demonstrated Game Boy hack.