How Can We Help?
This exploit was developed by Ziddia
https://ziddia.blog.fc2.com/blog-entry-63.html
The current overflow only works on Mugen 1.1A4, but is most likely possible on Mugen 1.0 and Mugen 1.1B1 with unique overflows per version
To summarize it, by abusing the lack of security on the Flag Parameter of the AssertSpecial controller, we can input custom bytes into the Stack via the Flag parameter
Effectively, this runs VirtualProtect on the Stack area, allowing Arbitrary Code Execution on the stack itself
Whose contents are controlled by the bytes in the Flag parameter
From the stack we enable execution on the file area itself, then start executing the code at the top of the file with less restrictions on lowercase letters (bytes), at this point you can run virtual protect on existing mugen regions to change how the game functions entirely.
Additionally, this exploit has a few general advantages
It executes at file parse time (when characters are loaded)
It doesn’t take significant amount of code to use
Thusly, it activates ‘instantly’ and does not slow down the loading of characters by a meaningful amount
In the following parts, I will be going over how to handle this unlimited power responsibly in both aspects
Asking others to download characters you make with this exploit.
Downloading characters others make that use this exploit.
By using a universal file template