It’s an interesting topic.
Huh, Kirupa sure is a genius for coming up with the idea to put that note in there. He and I were talking about that tutorial and he brought up how code can be similarly-open in languages/frameworks like .NET, where you can reflect on the program’s bytecode easily.
The live performance aspect of it is certainly interesting. (I’m in robot mode so I’m going to continue to not come up with interesting words.) Who knew that eSports would glamorize hex editing?
But it’s not like people gathered their knowledge of the games internals purely by playing the game. Without reverse engineering tools like emulators, MHS and Cheat Engine, it would be a lot more difficult for anyone to stumble upon glitches that involve writing out long sequences of memory and/or manipulating pointers.
(screenshot from @sockfolder)
The people who generally find these things are sitting around playing the game watching hex-addressed values change. Luckily for them, other people have found or come up with names for those values, either because game developers left the symbol names in the shipping binary, or because they used classic GameShark-style reasoning (I have 73 arrows now, but had 45 earlier. Let’s look through memory snapshots to find the (likely) one address that happened to have that sequence of values.)
I’ve tried my hand at repeating some of the less-complicated glitches on my 3DS. So far, I’ve gotten out of the forest without ever getting a sword or beating the Deku tree, and I’ve gotten into the Deku tree and Jabu-Jabu’s belly as an adult.
But the things I’ve done are pretty simple in comparison to what others have done.
Indeed. There was a sort-of fun assignment in college that was your typical buffer exploit project: You’re given a binary (I think with symbols removed, so you couldn’t read the disassembly as easily), which asks for user input when it runs. You know that the text input code is using a vulnerable form of strcpy… or at least you should know that given that I assume that’s what the previous lecture in the class was talking about. Anyway, the goal is to use your input string to get the program to do something other than crash or print the “you suck” message. Generally the resultant input string looks something like:
Kͭ҉͎i̺̔ͬ̏ͮ̕r̨̹̾́u͊͜p̢̰͉̯͔̅ͨ́̂̃a̴̠̝̐͐̽̎͌̔͒ ͈̇C̱͉̗̈̉͗̽ͤ̒͜ͅh̶̘̜̒̂ͯͬ̒̃ͦì̌ͧ͗̋n̲̲͉̺͖͖ͬͥͦͨͪ̂n͗͘a̷̫̻͕͚ͥͭͪ̑ͥ̅ͮt͎̣̩̄͋̎͜h͚͕͐̐̎a͎͖̙̳̠̮ͯ͑̊ͨ͠m̱̑̌̇̓̚b̮͖̝̤̺̍i̵̠̹̦͕̗̬̻̓
… because you’re disregarding the original intent of the input field and writing binary via Unicode, or ASCII, or whatever.
Requoting because I had a different angle on this. You didn’t imply the opposite of this, but game developers generally aren’t (and certainly weren’t in the past) trying to write secure software. As long as some totally game-breaking glitch isn’t encountered by 9x.y% of players (where x and y depend on your quality standards), then I don’t think anyone’s going to spend time trying to fix it. You probably know that from your many roles at Adobe. Online games are a bit different, since if one person finds a glitch, they can either abuse it to get to the top of a leaderboard, and/or spread it around so that lots of people know it and ruin the (perceived) experience.
But yeah, I wouldn’t be happy writing encryption software or banking software or similar. There are people who enjoy that sort of stomping out of edge cases, and it’s nice that they exist.
Hey, sometimes it’s as easy as prepending a _ to someone’s URL folder name in an ActionScript contest… 
