Nintendo Animal Crossing Memory Corruption Vulnerability in Letter Trigram Handler

A critical memory corruption vulnerability has been identified in Nintendo Animal Crossing, as well as its Japanese versions, Dōbutsu no Mori+ and Dōbutsu no Mori e+, all running on GameCube. The issue arises from the Letter Trigram Handler component, where the game's trigram validation process for letters can be manipulated. This vulnerability is exploited by loading a specially crafted save file onto the GameCube memory card, which tricks the game into bypassing normal checks and allows for arbitrary code execution.

Impact

Exploitation of this vulnerability leads to memory corruption, with potential consequences such as arbitrary code execution on the affected GameCube console.

Reproduction

The vulnerability can be reproduced by using a memory card loaded with a save file that has been crafted to exploit the game's trigram validation process. This can be done by editing a standard Animal Crossing save file to include a ROM file patching instruction as a 'NES game' save entry. Once the modified save file is imported onto the GameCube memory card, loading the 'NES Console' item in the game will trigger the exploit. The game will read the injected code from the memory card and execute it, bypassing the game's normal operation.