Why do people not just update? - Some versions after 1.6 came bundled with adware/malware and have a 30 second nag screen asking you to donate before you can play games. (But nowadays the ad/malware is gone, so if you don't mind the nagscreen, go for it) What emulator should I use now? - Parallel Launcher is a good option and take 2 minutes to set up. Here is a guide; ua-cam.com/video/CTNhulgpH6Y/v-deo.html I'm using Version ... of this emulator, am I safe? - If it is newer than 1.7, you are safe. I want to emphasize that exploits like this can happen in any emulator and have been found in others as well. This wouldnt be an issue if they were patched and people updated, but for a ~20 year old emulator thats still used, this is not realistic.
I used the older version of Project64 because Ocarina of Time mods crashed on the newer version. I think that's why many people prefer the older version.
Except they don't? I use Project64 2.3 and so long as you don't have an attention span of a TikTok child you can just opt out of the adware in the installation menu. You will be left with the nagging, but it's easily disabled in the configuration files. I never had any issues with Project64.
A similar vulnerability exists in an old GBA emulator called VBA. I don't know the technical details, but basically the emulator could execute ELF files, but there is an unchecked strcpy() in the ELF header parser which leads to RCE. Programmers, please, check buffer write bounds, or at the very least compile with -fstack-protector. Edit: The ELF file is supposed to run on the emulated GBA like a ROM, not on the host computer like another program.
@@kodicraft The ELF files are supposed to be executed as GBA binaries within the emulator sandbox, not host binaries running outside the emulator. Should have clarified.
I'm a bit confused. It's been awhile since I dabbled with emulators, and VBA used to be the chosen one akin to P64. So... did someone figure out the Dolphin compatibility for the GBA Link up functions for the systems? I thought that was the main reason people kept using it.
Dear foreigners, "Project 64," despite being pronounced as if spelt "Project sixty-four," is not supposed to be spelt with "S." Therefore, Project 64 is not secure.
@@notalostnumber8660 this exploit has no effect at all on real hardware.. and most likely no effect on any other emulators. So basically automatically detects PJ64 bc it will only work on there.
I have been learning GBA homebrew and sent a demo to a friend; she said she didn't trust the file, to which I said "nah mate, that's not a problem unless someone figured out a way to install a virus through an emulator" This conversation was two weeks ago
@@gluttonousmaximus9048 my mate is kinda paranoid about those things (good reason too, people on discord get hacked all the time, so if my account had been compromised that could be a way in)
Kaze confirmed that there's a team of people working on a version 1.6.2 to fix the vulnerability, so you'll be still getting to play PJ64 1.6 without this issue if released
@@medhathobo That's already done, it's called Luna's Project 64 and it's the cross-platform Win-Linux fork. It's forked from 2.4 and it removed the nagware and has a bundle of pre-config'd plugins
Unrelated, but LUA scripts used to mod/compatibility patch ROMs are essentially EXE files and can do anything. People are very willing to download and run random ones
@@v0xl yes, but it still opens a window for vulnerability, if the sandbox implementation is flawed. A high profile sandboxing flaw are what led both PS4 and PS5 to be jailbroken from a web exploit, for instance.
@@v0xl Lua in emulators have kept the ability to load compiled C libraries as a useful tool for script creators. Most popular C library is probably LuaSocket which works great in emulators that didn't already include a socket library.
People are still talking about those? One of the dumbest "recent" trends. Creepypasta are classics but if you try to do it nowadays its just laughable.
@@SilentOnion Most of the mario 64 creepypasta hacks have died out The only reason why B3313 is actually like popular, is because of how massive the romhack actually is It's like 420 worlds btw, and it does great montage to the Greenio ARG series, while doing the most insane things
same thing happened to the SNES emulator ZSNES back in the day. luckily most romhackers had already switched to a more accurate emulator by then but ZSNES was still the mainstream emulator people used when they didnt know better
Isn't ZSnes still the major emulator for experimental romhacking-enhancements like widescreen? I don't remember because I admit, I always only used Snes9X.
Me: I wonder what kind of arcane combination of obscure glitches they used to break out of the virtual machine Kaze: So yea the emulator doesn't validate the store instruction correctly 🤦♀
It's a pretty basic issue I'm seriously questioning how hasn't been brought up until now. Certainly he can't be the first to realize this exploit. Chances are most rom hackers of back then would stay quiet on this...
@@nicklespale22 It's probably been brought up repeatedly every few years, these things usually are when they date back that far in the history of less-than-entirely-accepted programming. Trying to find out who's personally responsible for oversights like this is next to impossible and almost as impossible as finding out who first discovered the vulnerability, described it in an online post somewhere and was ignored by everyone else. It sure wasn't me.
Really sad news to hear regarding PJ64. I used it like a decade and a half ago already to play my N64 games and loved how easy it was to setup compared to others.
I saw that in one of the Romhacks for Simple's comp had like a shared database for images that it could pull from so Simple drawing in one hack could be used in another, and as soon as I saw that I was like "DAMN THATS SO SICK" and "oh that's DEFINETLY a vulnerability"
I guess that obnoxious support us screen that precedes using Project 64, and that sent me over to Mupen64 and Parallel for RA, turned out to be a blessing in disguise.
Ended up doing much the same, though the move was less for that reason and just, well, Retroarch. “Wait, so this is a ton of emulators wrapped into one? Sign me up!” Of course, the problem there is that it’s harder to adjust settings for individual emulators in Retroarch. Bit me in the @$$ recently when DSemue decided that pressing B on Deck/A on DS force quits the emulation.
Mupen64 is the way! As soon as Project64 started looking sus, I switched over and never looked back. No Retroarch for me though - I like the concept, but in practice it just gives me a headache. I run Rosalie's Mupen GUI, it does a nice impression of PJ64.
@@lpfan4491 Learned something along those lines when my Zelda Randomizer journey got to Wind Waker. WW Rando just about worked on Retroarch, but photos with the Picto Box wouldn’t show up (though they’d still count for triggers) and it was prone to crashing. And I think it was JUST Wind Waker I could get running. Ultimately I just got Dolphin standalone, and the big emulator bunch I got for Steam Deck has Dolphin separate too.
I still don't understand why the speedrun community only allow PJ64 1.6 and some Mupen fork with the same timing as PJ64 1.6 instead of an accurate emulator. I just get the impression that they're afraid of change.
@@Spax_well that and newer emulators have much higher system requirements than pj64 and I assume the speedrunning communities for most n64 games want to make it as accessible as possible, but at the same time project 64 isnt particularly accurate which is why emulator and real console always have to be separate categories for n64 speedruns so maybe n64 speedrunners should just tell people to git gud and "just buy a better pc", idk
I think it's always good to remind everyone using Linux that Wine and Proton (Steam) aren't emulators and also aren't sandboxing your system. There's been demonstrated attacks how malicious code can escape and gain root access to host system.
Yep, they're compatibility layers to allow windows programs to run as if they're linux ones, and as such, you should only run programs you trust in them
Heck, even Windows malware can oftentimes do their job under Wine. By default, Wine mirrors your user folders inside the simulated Windows filesystem, so ransomware has no trouble finding your data and encrypting it. Stay safe out there, folks. It's a lot more inconvenient, but simply installing the flatpak version of Wine under a different user and switching to it to run Windows software, while inconvenient and tough to set up, will do a great job to keep your OS safe.
Yes, and while they absolutely shouldn't be seen as any kind of security tool, it can take additional work from a malware developer for non-trivial things. You have to check if the system is actual Windows or Wine, then write Linux-specific functionality to actually damage the host system (enable auto-starting, infecting system files, etc). I find it unlikely someone would go through that extra effort unless they had reason to believe it would be very easy to deliver to Linux users.
Joke’s on that, I couldn’t figure out how to make Wine work in the first place. And frankly I’ve gotten so used to sticking to Linux for the Deck that I don’t care about learning anymore.
Used PJ64 since forever. It was my very first emulator. Ever since updating to the newer versions, I would always get a nag screen bypass and they would usually work, but last time I tried, it didn't. So I said goodbye old friend and moved to mupen. Honestly just a better experience overall. I'm definitely gonna try out this parallel launcher, I'd never heard of it before now, sounds sweet.
How did nobody notice this vulnerability for so long?! It's a textbook bounds-checking bug, and nobody even thought that it might be in an emulator until now? Shit, now we need to look at all the other emulators for _other_ consoles, to make sure such a problem doesn't _also_ exist in _them_!
@@KazeN64 can you share that information? Where did you first read about this issue with pj64? I am curious as to which forums can people read to be properly informed.
Insane timing, I recently got back into my childhood games and decided that I'd take a look at Majora's Mask since I always love OoT and always wanted to see what Majora's Mask is like. I was cautiously looking for the best most reliable N64 Emulator and saw that the public opinion was a mix of "Project64 is the best/standard" and "Project64 is one of the worse N64 emulators", so I held back from making a choice for the time being and wowie was my patience rewarded with crucial knowledge.
MM has SO MANY GRAPHICS BUGS in emulation. Currently funnily enough the best way to go emulate it is to get citra and play the 3DS version. I'm not messing with you, the 3DS version has less issues than the N64 version emulation wise. (if you have a Gamecube IRL that can play disc ISOs, get the Zelda Collector's Edition disc that came with Wind Waker, it has the least broken version of MM that's emulated).
@@neoqwertyThe 3DS version is NOT the best version, unless you're also using a mod in Citra that fixes a few things. Sure it looks great, but a lot of stuff they did is really bizzare (especially the swimming)
@@neoqwerty this hasn't been true for a very long time, you can just use parallel launcher OR ares if you have a decent pc, the latter being the most accurate n64 (and snes!) emulator out right now. if you want qol features then you can use majora's mask redux, which is a much better qol improvement than even the 3ds version
@@neoqwerty dolphin works too as an emulator for the GC Collectors Edition version which is what I do, can do graphical enhancements like upscaling and texture replacements and all that jazz, though the decompile project for MM is 93% done (OOT is already 100%, and has been ported to run on PC natively by someone else, moddable and running at 60fps) so I'll be swapping to that once it's finished. only downside with the dolphin version is the FPS - since the game's physics are tied to the framerate, it needs to be modified on the code level for it to not break so I'd advise against the 30/60FPS hacks. the PC porters should fix that like they did with OOT
This is so sad to see, pj64 1.6 has served me well for a long time, and the newer versions have long been known to be major downgrades. Ah well, sadly bugs like this are inevitable sooner or later, glad Aglab caught it before any nefarious people did!
Really, downgrades is never a great reason not to update an emulator because the improvements are going to outshine it over time. Especially considering it's still open source and you can potentially get someone who knows code to restore cut features.
This is a bit of a strange take. You can still use 1.6 if you want to, just don't run untested/untrustworthy ROM's on it, keep it to strictly only ROM's you've checked the SHA-256 on. It's not like you can't have multiple emulators installed if you really want to try the latest and greatest random modded ROM from user25832.
I just downloaded a rom a few hours ago and thought "at least no one is messing with roms, like putting viruses in them or something". I guess I jinxed it.
At this point I just assume hackers can use pretty much any file type to execute an attack. You know it's bad when you've gotten paranoid about downloading image files, like me, because maybe some hacker found some ultra obscure vulnerability in the photos app or smth.
@@MultiCool55 And you wouldn't even be far off. At one point, people were hacking people's computers through Team Fortress 2 sprays and Minecraft skins by hiding code in the image files. More recently, a libpng vulnerability was discovered that affected everything that has ever used libpng, including most browsers, apps, and Discord. Sooner or later they'll probably be able to poison you by hacking the Apple Water Bottle™️ and injecting poison.bin into your liquid.
First updated versions of PJ64 comes bundled with malware and now the "safe" versions of the emulator can install malware if you use the wrong roms. Glad I dropped PJ64 years ago.
It almost feels like the Project64 developers have completely lost any sort of passion for making the emulator & now see it as nothing more than a paycheck.
I use the project 64 version recommended by B3313 in one of their video descriptions, which seems like a modified version of the emulator, I think it's lunar's or smth? Is that one safe?
@@mariotheundying Luna's Project 64 is a good one. From the dev's site on what's different from normal PJ64 "This is a build of Project64 3.0.1 that I made to have a Linux compatible alternative to 2.4 (Yes, it works on Windows too). It removes the nagware and adds all of the good plugins for SM64 romhacks with good settings. Read the info below, then download it by clicking the icon on the left." Kaze says the vulnerability isn't present in PJ64 versions past 1.7, so this is safe (it's using a fork from PJ64 2.4 that's intended to work on both Linux and Windows and it's currently on version 3.0.1)
Parallel Launcher is a godsend if you're not on a Windows machine. I'm glad you and Vinny mentioned it. I really recomended it for how easy it is to install mods and for the graphics plugins Kaze mentioned.
I was blown away when I was watching a video on the history of SM64 hacks and got a look at what Parallel could really do. I have it through Retroarch…and mainly play on the Steam Deck. So that potential is shackled twice over with how I have access to it. I could get it separately on my laptop, but that’s Windows. Not sure what the problem would be, but doesn’t sound like you recommend it.
@ami7810 the steamdeck is just running a modified version of Arch Linux isn't it? should be able to access the AUR to install it if that's the case (but arch being arch something might break if you're not paying attention lol). and there's no problem with the windows version, it's just one of the only cross-platform ones whereas others are windows ONLY (linux wasn't as big 20 years ago except for server stuff so was never developed for it). robomike said Vinny mentioned it, and he's a windows user, so yeah edit: just did a quick sanity check and apparently the steamdeck has flatpak compatibility built in, so you could just grab parallels off the flathub (or the Discovery app in case of steamdeck) and go that route since it has no chance of breaking (flatpaks are containerised, nothing on your system gets installed/modified, so they don't risk breaking your system)
I need to give a shoutout to the ares emulator which is the go-to for homebrew developers (not ROM hacks) on the N64. Thanks to the work of developers like Rasky, LuigiBlood, Luke Usher, and others, ares' N64 core boasts the highest accuracy of any current N64 emulator including very accurate DMA timings, FPU exceptions, cache coherency, basically perfect RSP timings, and others; more than I can name. Of course, with high accuracy also come higher requirements so it's not the best for people who just want to play something but I can't recommend it enough for developers, testers, and enthusiasts.
After that donate screen appeared for the first time for me I just gave up and used another emulator, I agreed those guys deserved to receive donations but forcing you to wait 30 seconds to use the software was just an asshole move. I guess this security risk was just the final nail on the coffin. R.I.P Project 64 - You won't be missed.
@@Crazy_Gamer_OGThat is objectively untrue. In fact it's made worse that the intro sequences happen only after the 30 second waiting period. Don't stick to PJ64. It's actually awful at emulating the N64 accurately and is the bane of most decomp romhackers for its many issues with displaying materials wrong. Pleasure just use Parallel Launcher, you have so many more options and plugins for emulating N64 games.
@@Crazy_Gamer_OGagreed. I haven't used PJ64 as much recently, but I accepted it's just part of using it. Besides, they put in a lot of work to get games working at all. It's a small price to pay for being able to use it. Besides, I would support emulator devs if I could, I just don't have money to.
In fact you don't need to wait 30s, when you launch the emulator at the beginning you just have to right click on PJ64 in the taskbar and then click on Project 64, the emulator will restart without displaying the donation screen!
I feel like this can make creepypasta rom hacks scarier as long as it doesn't contain any malware or any bad code since coders and game devs can do wacky things with this, so it's both good and bad at the same time if you look at it this way, bad due to security reasons, but good in the creepypasta sense for more scares
yep - imagine a Mario 64 ROM that acts like it's haunted by screwing with your computer as you play it could kill explorer or minimize all other applications, although you'd have to be careful because there's a point where the game straight-up becomes a virus if you go too far with this concept :P
I know this going to sound crazy but I remember a long but long time ago when I was playing Mario Kart 64 the emulator suddenly crashed with a error message saying "WTF" and after that I swear Mario Kart 64 never worked again.
These hackers and scammers are starting to become more dangerous than I have ever imagined, It happened with UA-camrs, Discord, steam, Playstation, (One of my friends told me), Instagram and other social media platforms. We need to be more careful out there to prevent hackers from hacking into our stuff
Hello Kaze, I really I appreciate you putting out this video, but I just have one question. I don’t know if you’ve heard the Mario Party Netplay emulator, but it’s just a modified version of project 64 that comes with everything needed to play Mario Party 1-3 with netplay. As such, those are the only games running on the emulator. Is it safe to continue using this modified version of Project 64. If it will help, I would like to add that I got the roms from Vimm’s lair.
if there is a checksum verification, it should be fine (since that'd mean noone could have edited the official rom). but if it says unknown checksum, it is not 100% safe. though i dont think anyone would have put the exploit into a rom this fast.
With the amount of N64 emulators we have today, there's no damn good excuse for anyone to use PJ64 1.6 Take 5 minutes of your time and setup Mupen or Parallel
@@based980 Does that care? Why people play NFS MW on PS2 when its on PC? Why people play Big Rigs if we all know is a piece of trash? Why people use emulators when they have the original hardware? Sometimes there is not a clear answer. The only thing that matters is the actual solution.
@@sebastiankulcheWhich is absolutely worth pursuing, but I think the point being made is that *most* people who use PJ64 would be better off on a different emulator. There will be a few people who have very specific use-cases as always with existing software. Hell, some people still use MS DOS
@@CDJAM-webm Not that I know of. But I'm curious to see what crazy stuff it could do if it did, and now extended it's madness to execute any kind of code using the PJ64 emulator bug, lol. As long as there's nothing permanently harmful, I'd love to see it USE this bug and do some crazy stuff with it.
Holy shit this is terrifying Though I _will_ say that in a bright side, being able to BSOD Windows from within the emulator _does_ open up for some great ideas with horror-based content creation, as manipulating one's system could be really effective
you mean like Eternal Darkness on the GameCube? The first time it did that video input lost I panicked lmao. It did NOT help the font they used was basically exactly like the one one the TV I had.
Never thought that i would have to change my emulator after using P64 1.6 for almost 12 years now. Thank you for the warning. Edit: Can you all shut the fucking hell up please??? Expecially @Henrik0x7F!
What do you think the likely hood is that "The Project 64 creators are creating these hacks just to spite the people who or not using there adware infested versions"
@@Henrik0x7Fno, this exploit is unique to this emulator. It's possible other exploits will be found for other emulators, but that's not the same as "every emulator has this problem".
Dispite the obvious security problems with this I can't help but see this being useful for a awesome horror rom hack that takes advantage of your pc and does stuff like changing your wallpaper and sending you messages through websites.
This played just like one of Mutahar's scare videos: sounds like something scary because it is vaguely relevant to me, until I hear the details and learn it has nothing to do with me lol I currently have PJ64 2.6, honestly a holdover saved from a previous machine, and the installer had no prompts for any extra wares, and the nag screen was negated by typing in a phrase (so no config file modifying or anything). I can imagine switching to another emulator at some point, but considering my needs at the moment, it doesn't seem necessary.
Honestly, the guy is a total chad for showcasing the vulnerability with something silly instead of exploiting it for malicious intent. Reminds me of the ol' gmod cough virus that popped up deliberately to make that massive problem as visible as possible to garry.
I somewhat predicted this would happen. When rom hacks are getting your system information and detecting what your romhacking account is, I wondered how long it would be until people make viruses.
Very good video. Used PJ64 for a long time and have always been too casual with downloading tons of ROMs online. Thanks for putting this out there. That nag screen is super weird so I’ll probably download GlideN. That Anti-piracy screen was amazing btw lmao
I was told like 8 years ago that PJ64 was scummy and needs to be avoided at all costs. I didn't realize so many people were still using it after the near-decade of drama about how horrible and unsafe it is.
There are certain safe versions of it I've used in the past (I believe they were community forks) but yeah PJ64 is the anti-Dolphin. Where Dolphin is almost better than the original hardware and flawlessly integrates multiple play styles, PJ64 is pretty stone age still to this day
PJ64 it's the face of the sad state of N64 emulation. So many people using this crap simply because there aren't many good alternatives. It's awful to have to rely on outdated plugins to run N64 instead of running everything natively. The same thing was happening with the PSX emulation, where ePSXe was the standard but it was terrible, an emulator worse than PJ64. If you didn't want to mess around with plugins, you either had to use the even older PSFin, completely outdated with no usuable configurations; or Mednafen which doesn't even have a GUI, making it a huge pain in the ass to use. Then Duckstation came along and improved everything, no need for plugins, command lines or outdated code, works out of the box and with a great optimization. I just wish we have a good N64 emulator just like Dolphin or Duckstation.
Project64 1.6 was my only option to play rom hacks like "Beyond of the Cursed mirror" Because,the version that donate screen appear and you have to wait 30 seconds dont run hacks like "Beyond of the Cursed mirror" when i open this hack for example the game crash for no reason!
If other emulators crash when trying to play your hack it is likely that the hack you are playing wouldn't work on an actual N64 either and relies on some bugs specific to Project 64. In other words, it's a poorly made hack and probably can't be played elsewhere. I think it was either near or endrift, or maybe both, that added compatibility in their emulators for some well known romhacks that were actually made wrong and shouldn't work on real hardware, but that is basically an unheard of level of support
I remember using Pj64 in the early 2010s. I made a lot of content that it’s still live to this day on my channel and helped me to revive those nostalgic times by allowing me to play classic games. It had a great run, and it will be missed, but it’s time to move on.
An efficient way to handle this without checks is just have two tables, one for reading and one for writing. Unmapped write entries go to a dummy page in memory that's never read. Unmapped read entries go to another dummy page that's filled with whatever open-bus value gets read.
That's what I did in my ancient emulator years ago. The lookup tables got huge but ram was getting plentiful in the early 2000s. I am guessing zil didn't want the increased ram requirements
I'm using the version that has the 30-second ad at the moment. I was only using it for Banjo-Kazooie rom-hacks and they don't lag at moments unlike Project64 1.6, but now it looks like that is my main emulator to use at least until I find a better option.
What the fuck was the point of making this vulnerability public just like that? I doubt anyone knew about it before this, now that people actually know how this all works thanks to this info, people WILL start posting these virus roms NOW.
It's **never** a better idea to ignore serious sercurity issues. In **some** cases, it's considered polite to notify the company who makes the product first and give them some time to fix it. But since the bug has appareantly already been fixed in newer versions, ignoring it just means people don't know the risks they're unintentionally subjecting themselves to.
PJ64 1.6 always fills me with so much nostalgia, so I'm very sad to find out it's not safe to use anymore. But, I'm glad we're at the point that the emulator is no longer needed anyways, because communities around the N64 and SM64 are constantly changing and improving. There's so much more resources and tools than there were before since PJ64 1.6's inception. For making SM64 machinima, 1.6 can still be used, but there's already a fork of Project64 specifically for that purpose. Like always, thank you for making this video and spreading awareness about this!
I'm glad I stumbled upon this video, as it's been a while since I've considering even using Project 64, and hadn't already uninstalled it from my computer. From now on, I'll be using N64 emulators through Retroarch, and maybe RMG on the Steam Deck assuming it's any decent, since I haven't tested it much as of yet.
People should be aware that any software that reads in data from somewhere could have a vulnerability like this. For example, Minecraft with data packs. While nothing has been publicly disclosed, it could very well exist. Step A. Take precaution and be very careful. Step B. Have a recovery plan and assume it will someday be needed.
A Nintendo 64 emulator is the perfect target for this type of thing, because they know that emulation is kind of a complex topic and children are going to be very curious about this topic because it's old Mario video games they can play on their Android phone. It's appealing to children, most children have no idea how any this works so they're going to be prone to downloading whatever tutorial told them on the internet. 😮😢
You can skip the old PJ64 nag screen by just running the exe twice. the second instance will say something like 'pj64 is already running, do you want to restart?' Choose yes and it'll restart without the nag screen.
I know that for me on one of the recent builds, just launching an N64 game from a Windows folder is enough to skip the 30 second window for me, despite the fact that they patched in unique codes so you can't just use "thank you from project64" anymore and have to actually support them to get the dialogue box to go away once if you trigger it, say, when just opening the program directly.
What surprises me is how long it took for someone to find this. I thought I found a similar bug in Dolphin, but they were clever and set up the memory map specifically to make this kind of thing impossible. (I can write to arbitrary addresses within a given range, but nothing important is put there, so all it can do is cause a non-exploitable crash.)
My friend and I have theory crafted things like this after that ZSNES exploit was made public In general I think it's time people start ditching older emulators since this'll likely become more common Desmume is next for sure
Thought this was a known thing for a few years that it was vulnerable to exploits, or maybe it was something else like someone in the comments mentioned VBA had a similar exploit. I was just wondering which N64 emulator I should install or if I should just hope 1.6 can run ok in Wine now (had issues in 2014) since I'm planning to move back to Linux, but I guess that's answered with Parallel Launcher.
As a cybersecurity major, this is one of the coolest fucking cases of ACE I've seen in a while. Hiding a payload inside a .n64 file that only deploys on a specific emulator that you found a zero-day for is genius level shit. Not that I condone malware creation, but it is genuinely insanely cool research.
This ending gave me a heart attack. I was in bed listening to the video with my headset when, all of a sudden, the Windows notification sound was followed by glitchy audio.
Why do people not just update?
- Some versions after 1.6 came bundled with adware/malware and have a 30 second nag screen asking you to donate before you can play games. (But nowadays the ad/malware is gone, so if you don't mind the nagscreen, go for it)
What emulator should I use now?
- Parallel Launcher is a good option and take 2 minutes to set up. Here is a guide; ua-cam.com/video/CTNhulgpH6Y/v-deo.html
I'm using Version ... of this emulator, am I safe?
- If it is newer than 1.7, you are safe.
I want to emphasize that exploits like this can happen in any emulator and have been found in others as well. This wouldnt be an issue if they were patched and people updated, but for a ~20 year old emulator thats still used, this is not realistic.
wait... new versions have malware?
@4 i've been using new version of pj64 for 8 months 😭😭
I used the older version of Project64 because Ocarina of Time mods crashed on the newer version. I think that's why many people prefer the older version.
Except they don't?
I use Project64 2.3 and so long as you don't have an attention span of a TikTok child you can just opt out of the adware in the installation menu. You will be left with the nagging, but it's easily disabled in the configuration files. I never had any issues with Project64.
Been also using the latest version of Project64. How do I know if my installer is clean or compromised?
Rick Astley never could have predicted his role in the exploitation of countless vulnerabilities in computing systems.
Yeah 😂
I guess he really did give us up 💀
@@TMHLBPFanI don't blame him
@@WyvernLP Better than Ohio skibidi toilet among us palestine amazing digital circus
Funniest thing is, he probably already played a role in XSS vulnerability or another RCE vuln
A similar vulnerability exists in an old GBA emulator called VBA. I don't know the technical details, but basically the emulator could execute ELF files, but there is an unchecked strcpy() in the ELF header parser which leads to RCE. Programmers, please, check buffer write bounds, or at the very least compile with -fstack-protector.
Edit: The ELF file is supposed to run on the emulated GBA like a ROM, not on the host computer like another program.
I feel like there's an easier way to get RCE with a crafted ELF and a program willing to execute ELF files...
@@kodicraft The ELF files are supposed to be executed as GBA binaries within the emulator sandbox, not host binaries running outside the emulator. Should have clarified.
damn, when i play mmz2 i get the elf wars irl
There is a reason (actually more than one) why it’s called Very Bad Amulator
I'm a bit confused. It's been awhile since I dabbled with emulators, and VBA used to be the chosen one akin to P64. So... did someone figure out the Dolphin compatibility for the GBA Link up functions for the systems? I thought that was the main reason people kept using it.
The S in Project64 stands for Secure
Dear foreigners,
"Project 64," despite being pronounced as if spelt "Project sixty-four," is not supposed to be spelt with "S." Therefore, Project 64 is not secure.
my guy 👍
to be fair, they fixed that bug over a decade ago before this exploit was discovered.
Project Secureixty-Four?
@@thewhitefalcon8539 🌮
That anti-piracy screen at the end is genuinely amazing
who was it made by or did Kaze make it?
I wonder if you can detect PJ64 so it doesn't crash real hardware/other emulators
@@notalostnumber8660It's def possible using a silent and timed payload.
@@Kat-01 Devwizard made it
@@notalostnumber8660 this exploit has no effect at all on real hardware.. and most likely no effect on any other emulators.
So basically automatically detects PJ64 bc it will only work on there.
I have been learning GBA homebrew and sent a demo to a friend; she said she didn't trust the file, to which I said "nah mate, that's not a problem unless someone figured out a way to install a virus through an emulator"
This conversation was two weeks ago
If she didn't trust the file YOU made and sent, there's something else you need to be concerned about.
@@gluttonousmaximus9048 some people are just really scared of running stuff on their pc lmao
@@gluttonousmaximus9048 my mate is kinda paranoid about those things (good reason too, people on discord get hacked all the time, so if my account had been compromised that could be a way in)
If you sent it to her by Discord, then she did the right thing.
@@muizzsiddique aye, she's a smart cookie - that's what I like about her
Kaze confirmed that there's a team of people working on a version 1.6.2 to fix the vulnerability, so you'll be still getting to play PJ64 1.6 without this issue if released
When/if that happens, I'll need to get it.
Figured someone would just make a version that works best. Though, I thought someone would just remove the nag screen on a newer version.
@@medhathobo That's already done, it's called Luna's Project 64 and it's the cross-platform Win-Linux fork. It's forked from 2.4 and it removed the nagware and has a bundle of pre-config'd plugins
Huge
wouldn't it be a good idea to pin this comment? @KazeN64
The next simple flip troll hack competition is going to be wild
Anything can happen in a roll hack after all
Unrelated, but LUA scripts used to mod/compatibility patch ROMs are essentially EXE files and can do anything. People are very willing to download and run random ones
isn't it sandboxed by default in most emulators? lua was designed for this after all
@@v0xl yes, but it still opens a window for vulnerability, if the sandbox implementation is flawed. A high profile sandboxing flaw are what led both PS4 and PS5 to be jailbroken from a web exploit, for instance.
At least you could read one before running it
@@kolskytraveller1369 I hope that means that it is like a batch file.
@@v0xl Lua in emulators have kept the ability to load compiled C libraries as a useful tool for script creators. Most popular C library is probably LuaSocket which works great in emulators that didn't already include a socket library.
Oh no, this creates such a scary potential for those "every mario 64 copy is personalised" mods.
B3313 with a crash that crashes your computer would go so hard 🔥
@@MarioKartSuperCircuitme using a virtual machine
People are still talking about those? One of the dumbest "recent" trends. Creepypasta are classics but if you try to do it nowadays its just laughable.
@@SilentOnion Most of the mario 64 creepypasta hacks have died out
The only reason why B3313 is actually like popular, is because of how massive the romhack actually is
It's like 420 worlds btw, and it does great montage to the Greenio ARG series, while doing the most insane things
God no, that stuff was unbearable slop as is.
same thing happened to the SNES emulator ZSNES back in the day. luckily most romhackers had already switched to a more accurate emulator by then but ZSNES was still the mainstream emulator people used when they didnt know better
zsnes is still sort of the mainstream emulator sadly, probably because it has the best interface of all emulators
@@standoidontwantalastname6500 What about ZMZ? Do just not enough people know about it or is there something else?
The only good thing about ZSNES is that it's very nostalgic...
Other than that, oh God not ZSNES
Isn't ZSnes still the major emulator for experimental romhacking-enhancements like widescreen? I don't remember because I admit, I always only used Snes9X.
@@standoidontwantalastname6500Use ZMZ.
Me: I wonder what kind of arcane combination of obscure glitches they used to break out of the virtual machine
Kaze: So yea the emulator doesn't validate the store instruction correctly
🤦♀
It's a pretty basic issue I'm seriously questioning how hasn't been brought up until now. Certainly he can't be the first to realize this exploit. Chances are most rom hackers of back then would stay quiet on this...
@@nicklespale22 It's probably been brought up repeatedly every few years, these things usually are when they date back that far in the history of less-than-entirely-accepted programming. Trying to find out who's personally responsible for oversights like this is next to impossible and almost as impossible as finding out who first discovered the vulnerability, described it in an online post somewhere and was ignored by everyone else. It sure wasn't me.
Really sad news to hear regarding PJ64.
I used it like a decade and a half ago already to play my N64 games and loved how easy it was to setup compared to others.
I saw that in one of the Romhacks for Simple's comp had like a shared database for images that it could pull from so Simple drawing in one hack could be used in another, and as soon as I saw that I was like "DAMN THATS SO SICK" and "oh that's DEFINETLY a vulnerability"
Thats likely parallel launcher. It has a few things to integrate with rhdc
I guess that obnoxious support us screen that precedes using Project 64, and that sent me over to Mupen64 and Parallel for RA, turned out to be a blessing in disguise.
Same xD
Ended up doing much the same, though the move was less for that reason and just, well, Retroarch. “Wait, so this is a ton of emulators wrapped into one? Sign me up!”
Of course, the problem there is that it’s harder to adjust settings for individual emulators in Retroarch. Bit me in the @$$ recently when DSemue decided that pressing B on Deck/A on DS force quits the emulation.
@@isenokami7810 Another issue with Retroarch is that the compilation is often less polished than just having each emulator individually.
Mupen64 is the way! As soon as Project64 started looking sus, I switched over and never looked back.
No Retroarch for me though - I like the concept, but in practice it just gives me a headache. I run Rosalie's Mupen GUI, it does a nice impression of PJ64.
@@lpfan4491 Learned something along those lines when my Zelda Randomizer journey got to Wind Waker. WW Rando just about worked on Retroarch, but photos with the Picto Box wouldn’t show up (though they’d still count for triggers) and it was prone to crashing. And I think it was JUST Wind Waker I could get running. Ultimately I just got Dolphin standalone, and the big emulator bunch I got for Steam Deck has Dolphin separate too.
I still don't understand why the speedrun community only allow PJ64 1.6 and some Mupen fork with the same timing as PJ64 1.6 instead of an accurate emulator. I just get the impression that they're afraid of change.
"if it ain't broke, don't fix it" is an all too common fallacy
to clarify, I meant in general. not the emulator specifically
@@Spax_well that and newer emulators have much higher system requirements than pj64 and I assume the speedrunning communities for most n64 games want to make it as accessible as possible, but at the same time project 64 isnt particularly accurate which is why emulator and real console always have to be separate categories for n64 speedruns so maybe n64 speedrunners should just tell people to git gud and "just buy a better pc", idk
@@Spax_ that's not a fallacy, its just out of place. this thing is really broken and needs to be fixed, so that argument never applied to begin with.
@@freedustin As broken as the Atari Jaguar CD amirite?
@@ExtremeWreck i just felt a part of my soul shatter the way it usually only does when I hear "the phillips CD-i controller".
the Waverace 64 rom that stole your Ruenscape gold
Wisdom from Mononobe no Futo
@@heyhackursFr
@@heyhackursFor real.
I think it's always good to remind everyone using Linux that Wine and Proton (Steam) aren't emulators and also aren't sandboxing your system. There's been demonstrated attacks how malicious code can escape and gain root access to host system.
Yep, they're compatibility layers to allow windows programs to run as if they're linux ones, and as such, you should only run programs you trust in them
Heck, even Windows malware can oftentimes do their job under Wine. By default, Wine mirrors your user folders inside the simulated Windows filesystem, so ransomware has no trouble finding your data and encrypting it.
Stay safe out there, folks. It's a lot more inconvenient, but simply installing the flatpak version of Wine under a different user and switching to it to run Windows software, while inconvenient and tough to set up, will do a great job to keep your OS safe.
I believe Steam runs games in a sandbox, but the point still stands.
Yes, and while they absolutely shouldn't be seen as any kind of security tool, it can take additional work from a malware developer for non-trivial things.
You have to check if the system is actual Windows or Wine, then write Linux-specific functionality to actually damage the host system (enable auto-starting, infecting system files, etc). I find it unlikely someone would go through that extra effort unless they had reason to believe it would be very easy to deliver to Linux users.
Joke’s on that, I couldn’t figure out how to make Wine work in the first place. And frankly I’ve gotten so used to sticking to Linux for the Deck that I don’t care about learning anymore.
Used PJ64 since forever. It was my very first emulator. Ever since updating to the newer versions, I would always get a nag screen bypass and they would usually work, but last time I tried, it didn't. So I said goodbye old friend and moved to mupen. Honestly just a better experience overall. I'm definitely gonna try out this parallel launcher, I'd never heard of it before now, sounds sweet.
You have never heard of it?
@RoseQuartz692 nah
@@gibberishdump1610 how
@@RoseQuartz692 green beans
How did nobody notice this vulnerability for so long?! It's a textbook bounds-checking bug, and nobody even thought that it might be in an emulator until now?
Shit, now we need to look at all the other emulators for _other_ consoles, to make sure such a problem doesn't _also_ exist in _them_!
there are a few emulators with confirmed similar bugs already!
@@KazeN64is there a list?
oh this will be interesting
i would be a good idea if something bad was found to also check the alternatives if they have a similar problem
I hope this does not affect duckstaion, 🐬,citra,cemu,pcxs 2
@@KazeN64 can you share that information? Where did you first read about this issue with pj64? I am curious as to which forums can people read to be properly informed.
Insane timing, I recently got back into my childhood games and decided that I'd take a look at Majora's Mask since I always love OoT and always wanted to see what Majora's Mask is like.
I was cautiously looking for the best most reliable N64 Emulator and saw that the public opinion was a mix of "Project64 is the best/standard" and "Project64 is one of the worse N64 emulators", so I held back from making a choice for the time being and wowie was my patience rewarded with crucial knowledge.
MM has SO MANY GRAPHICS BUGS in emulation. Currently funnily enough the best way to go emulate it is to get citra and play the 3DS version.
I'm not messing with you, the 3DS version has less issues than the N64 version emulation wise. (if you have a Gamecube IRL that can play disc ISOs, get the Zelda Collector's Edition disc that came with Wind Waker, it has the least broken version of MM that's emulated).
@@neoqwertyThe 3DS version is NOT the best version, unless you're also using a mod in Citra that fixes a few things. Sure it looks great, but a lot of stuff they did is really bizzare (especially the swimming)
@@neoqwerty this hasn't been true for a very long time, you can just use parallel launcher OR ares if you have a decent pc, the latter being the most accurate n64 (and snes!) emulator out right now. if you want qol features then you can use majora's mask redux, which is a much better qol improvement than even the 3ds version
@@Infindox The reply was about emulation-compatibility, not the game itself.
@@neoqwerty dolphin works too as an emulator for the GC Collectors Edition version which is what I do, can do graphical enhancements like upscaling and texture replacements and all that jazz, though the decompile project for MM is 93% done (OOT is already 100%, and has been ported to run on PC natively by someone else, moddable and running at 60fps) so I'll be swapping to that once it's finished. only downside with the dolphin version is the FPS - since the game's physics are tied to the framerate, it needs to be modified on the code level for it to not break so I'd advise against the 30/60FPS hacks. the PC porters should fix that like they did with OOT
This is so sad to see, pj64 1.6 has served me well for a long time, and the newer versions have long been known to be major downgrades.
Ah well, sadly bugs like this are inevitable sooner or later, glad Aglab caught it before any nefarious people did!
Depends on what you mean by downgrade. The newer versions have better compatibility, but are less mod-friendly.
What's wrong with PJ64 3.0? And soon we 4.0 will see the day of light.
the downgrades is that other emulators cannot make games run in 21:9 without stretching the image, PJ64 1.6 could...
Really, downgrades is never a great reason not to update an emulator because the improvements are going to outshine it over time.
Especially considering it's still open source and you can potentially get someone who knows code to restore cut features.
This is a bit of a strange take. You can still use 1.6 if you want to, just don't run untested/untrustworthy ROM's on it, keep it to strictly only ROM's you've checked the SHA-256 on. It's not like you can't have multiple emulators installed if you really want to try the latest and greatest random modded ROM from user25832.
I just downloaded a rom a few hours ago and thought "at least no one is messing with roms, like putting viruses in them or something". I guess I jinxed it.
use a rommanager for verification, checksums are a thing
At this point I just assume hackers can use pretty much any file type to execute an attack.
You know it's bad when you've gotten paranoid about downloading image files, like me, because maybe some hacker found some ultra obscure vulnerability in the photos app or smth.
@@MultiCool55 And you wouldn't even be far off. At one point, people were hacking people's computers through Team Fortress 2 sprays and Minecraft skins by hiding code in the image files. More recently, a libpng vulnerability was discovered that affected everything that has ever used libpng, including most browsers, apps, and Discord. Sooner or later they'll probably be able to poison you by hacking the Apple Water Bottle™️ and injecting poison.bin into your liquid.
A similar thing was discovered in ZSNES a long time ago.
@@MultiCool55 only unusual image formats should concern you, it's really not that bad. lol
First updated versions of PJ64 comes bundled with malware and now the "safe" versions of the emulator can install malware if you use the wrong roms. Glad I dropped PJ64 years ago.
It's sad too because some mods can only run on P64, but I dislike P64 a lot so I just avoid it
It almost feels like the Project64 developers have completely lost any sort of passion for making the emulator & now see it as nothing more than a paycheck.
I use the project 64 version recommended by B3313 in one of their video descriptions, which seems like a modified version of the emulator, I think it's lunar's or smth? Is that one safe?
@@mariotheundying Luna's Project 64 is a good one. From the dev's site on what's different from normal PJ64
"This is a build of Project64 3.0.1 that I made to have a Linux compatible alternative to 2.4 (Yes, it works on Windows too). It removes the nagware and adds all of the good plugins for SM64 romhacks with good settings. Read the info below, then download it by clicking the icon on the left."
Kaze says the vulnerability isn't present in PJ64 versions past 1.7, so this is safe (it's using a fork from PJ64 2.4 that's intended to work on both Linux and Windows and it's currently on version 3.0.1)
yes i only use mupen64plus (and various versions of it like simple64 aka m64p) because i only use linux and that is the best one for linux
Parallel Launcher is a godsend if you're not on a Windows machine. I'm glad you and Vinny mentioned it. I really recomended it for how easy it is to install mods and for the graphics plugins Kaze mentioned.
I was blown away when I was watching a video on the history of SM64 hacks and got a look at what Parallel could really do. I have it through Retroarch…and mainly play on the Steam Deck. So that potential is shackled twice over with how I have access to it.
I could get it separately on my laptop, but that’s Windows. Not sure what the problem would be, but doesn’t sound like you recommend it.
@ami7810 the steamdeck is just running a modified version of Arch Linux isn't it? should be able to access the AUR to install it if that's the case (but arch being arch something might break if you're not paying attention lol). and there's no problem with the windows version, it's just one of the only cross-platform ones whereas others are windows ONLY (linux wasn't as big 20 years ago except for server stuff so was never developed for it). robomike said Vinny mentioned it, and he's a windows user, so yeah
edit: just did a quick sanity check and apparently the steamdeck has flatpak compatibility built in, so you could just grab parallels off the flathub (or the Discovery app in case of steamdeck) and go that route since it has no chance of breaking (flatpaks are containerised, nothing on your system gets installed/modified, so they don't risk breaking your system)
What can it do that rmg can't?
yeah well I am on windows and I HATE IT! Is there a safe version of PJ64 or is my version safe? Mine is version 2.3
I would also recommend Rosalie's Mupen GUI for anyone that is familiar with P64's interface and wants to stick with something similar to it.
Unfortunately it seems to not run some rom hacks for me
I need to give a shoutout to the ares emulator which is the go-to for homebrew developers (not ROM hacks) on the N64. Thanks to the work of developers like Rasky, LuigiBlood, Luke Usher, and others, ares' N64 core boasts the highest accuracy of any current N64 emulator including very accurate DMA timings, FPU exceptions, cache coherency, basically perfect RSP timings, and others; more than I can name. Of course, with high accuracy also come higher requirements so it's not the best for people who just want to play something but I can't recommend it enough for developers, testers, and enthusiasts.
After that donate screen appeared for the first time for me I just gave up and used another emulator, I agreed those guys deserved to receive donations but forcing you to wait 30 seconds to use the software was just an asshole move. I guess this security risk was just the final nail on the coffin.
R.I.P Project 64 - You won't be missed.
It's just 30 seconds, man... That's less time than it takes for most roms to get past the intro sequences.
@@Crazy_Gamer_OGThat is objectively untrue. In fact it's made worse that the intro sequences happen only after the 30 second waiting period. Don't stick to PJ64. It's actually awful at emulating the N64 accurately and is the bane of most decomp romhackers for its many issues with displaying materials wrong. Pleasure just use Parallel Launcher, you have so many more options and plugins for emulating N64 games.
@@Crazy_Gamer_OGagreed. I haven't used PJ64 as much recently, but I accepted it's just part of using it. Besides, they put in a lot of work to get games working at all. It's a small price to pay for being able to use it. Besides, I would support emulator devs if I could, I just don't have money to.
In fact you don't need to wait 30s, when you launch the emulator at the beginning you just have to right click on PJ64 in the taskbar and then click on Project 64, the emulator will restart without displaying the donation screen!
@@mozydiaz8296 Also they figured out launching it through a batch file that bypasses it
These days, all you need is Rosalie's Mupen GUI for your N64 emulation needs.
+1, I use it and it's good but the vulkan rendering backend crashes a lot
pj64: this emulator can get you *HACKED*
kaze's n64 emulator: this emulator can get you *JACKED*
Explain *JACKED* real quick, if you'd please.
@@mightywaranvil2912 getting fuckin ripped man, like buff AF. Muscles for days son.
@@trulyinfamousbro was thinking "jacked" as in "jacked off" 💀
Thanks man I was literally about to install but I first wanted to see on UA-cam if there were better emulators and I came up with this video
I feel like this can make creepypasta rom hacks scarier as long as it doesn't contain any malware or any bad code since coders and game devs can do wacky things with this, so it's both good and bad at the same time if you look at it this way, bad due to security reasons, but good in the creepypasta sense for more scares
Creepypasta hacks are about to get wild 😎
yep - imagine a Mario 64 ROM that acts like it's haunted by screwing with your computer as you play
it could kill explorer or minimize all other applications, although you'd have to be careful because there's a point where the game straight-up becomes a virus if you go too far with this concept :P
@@SKCro.Playing hacks on console should start becoming more common then cause there's nothing else the console can do other than work within the game.
@@SKCro. SM64 can't close Explorer, unless it's an .exe game programmed to do this.
Get ready, the next generation of Ben Drowned is gonna be hilarious AF
I know this going to sound crazy but I remember a long but long time ago when I was playing Mario Kart 64 the emulator suddenly crashed with a error message saying "WTF" and after that I swear Mario Kart 64 never worked again.
That crash screen is magical.
On the topic of N64 emulators, I would really love to hear your opinion on the N64 core of Ares.
6:18 It concerns me more that userspace code can crash the whole system on windows ...
NtRaiseHardError with OptionShutdownSystem still causes a BSOD on windows 11.
It can't unless you run It as admin.
@@ehs03y3ol then I hope that he ran pj64 as admin to implement this joke only, and that it's not required to run pj64 or any games for that matter.
@@ehs03y3ol it doesn't require admin to use NtHardError to create a BSOD.
the bluescreen seems fake no?
>Kaze: Here is how the ACE functions to run viruses, it's lucky that no one's taken advantage of it.
>Nintendo Ninjas: Interesting...
These hackers and scammers are starting to become more dangerous than I have ever imagined, It happened with UA-camrs, Discord, steam, Playstation, (One of my friends told me), Instagram and other social media platforms.
We need to be more careful out there to prevent hackers from hacking into our stuff
That last clip is pure gold and had me dying. xD
you talking about virus rom one or sub one?
I was talking about the last clip with the "anti-piracy" feature. Not the outro.
@@itranscendencei7964 that what sain "pj664 not supported" and crashed PC?
Yes
You either die a legendary emulator or you live long enough to see yourself become a villain
If anything, it became the villain a decade ago when they started bundling malware in it, even if they did eventually sort it out.
You either die a Kega Fusion or live long enough to see yourself become a PJ64.
@@acronym.4328 Gens: I ain't a legend? I can run 32x!
Project 64 was never not the villain, from when they only released the source code to old versions, to now
@@thewhitefalcon8539Is only distributing in source code an evil thing?
Dang, that's actually nuts
No it's completely normal
@@cadetsparklez3300Dang, that's actually normal
TETRABIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIT
Here before the replies begin to start a flood
@@yourlocalbeingwithoutafacepointless spam
Hello Kaze, I really I appreciate you putting out this video, but I just have one question. I don’t know if you’ve heard the Mario Party Netplay emulator, but it’s just a modified version of project 64 that comes with everything needed to play Mario Party 1-3 with netplay. As such, those are the only games running on the emulator. Is it safe to continue using this modified version of Project 64. If it will help, I would like to add that I got the roms from Vimm’s lair.
if there is a checksum verification, it should be fine (since that'd mean noone could have edited the official rom). but if it says unknown checksum, it is not 100% safe. though i dont think anyone would have put the exploit into a rom this fast.
@@KazeN64 My apologies, but if I may, how would I check to see if my checksum is verified or not?
With the amount of N64 emulators we have today, there's no damn good excuse for anyone to use PJ64 1.6
Take 5 minutes of your time and setup Mupen or Parallel
Actually Project 64 can run some few games that even the other ones couldnt do it perfectly and cant make you get softlock, like Rayman 2.
@@sebastiankulche but why would you play rayman 2 on the n64
@@based980 Does that care? Why people play NFS MW on PS2 when its on PC?
Why people play Big Rigs if we all know is a piece of trash?
Why people use emulators when they have the original hardware?
Sometimes there is not a clear answer. The only thing that matters is the actual solution.
@@sebastiankulcheWhich is absolutely worth pursuing, but I think the point being made is that *most* people who use PJ64 would be better off on a different emulator.
There will be a few people who have very specific use-cases as always with existing software. Hell, some people still use MS DOS
@@mgord9518 Yes, but i cant play a few games in other emulators than PJ64. Plus PJ64 is way better optimized.
So you give me the reason or not?
Why do I now feel the strong urge to definitely play the next version of the B3313 mod on this specific unsafe emulator?
b3313 uses ace?
@@CDJAM-webm Not that I know of. But I'm curious to see what crazy stuff it could do if it did, and now extended it's madness to execute any kind of code using the PJ64 emulator bug, lol. As long as there's nothing permanently harmful, I'd love to see it USE this bug and do some crazy stuff with it.
Holy shit this is terrifying
Though I _will_ say that in a bright side, being able to BSOD Windows from within the emulator _does_ open up for some great ideas with horror-based content creation, as manipulating one's system could be really effective
I wish I could crash my Wii game so it displays an error message for the funny
That's how most homebrew methods for the Wii work, actually.
you mean like Eternal Darkness on the GameCube? The first time it did that video input lost I panicked lmao. It did NOT help the font they used was basically exactly like the one one the TV I had.
Wow, thanks for telling us this! I never would have thought that that could even happen!
Creepypasta romhacks are gonna be on a whole new level
In Soviet Russia, ROM hacks you!
Good thing I recently switched to Parallel Launcher.
Did you run random mods from unknown sources before?
Luckily, I only use the emulator Neko Project II, to play Touhou 1-5 xd
Never thought that i would have to change my emulator after using P64 1.6 for almost 12 years now.
Thank you for the warning.
Edit: Can you all shut the fucking hell up please??? Expecially @Henrik0x7F!
What do you think the likely hood is that "The Project 64 creators are creating these hacks just to spite the people who or not using there adware infested versions"
Every emulator has this problem. It's not specific to pj64 1.6. Only run ROMs you trust
@@keith3278so deep into unlikely I'd have to imagine someone who uses logic like that falls into conspiracy rabbit holes VERY easily.
@@Henrik0x7Fno, this exploit is unique to this emulator. It's possible other exploits will be found for other emulators, but that's not the same as "every emulator has this problem".
@@Henrik0x7FNice job on not watching the video
Dispite the obvious security problems with this I can't help but see this being useful for a awesome horror rom hack that takes advantage of your pc and does stuff like changing your wallpaper and sending you messages through websites.
If anyone wants a Project64 Alternate, try Rosalie's Mupen GUI.
This played just like one of Mutahar's scare videos: sounds like something scary because it is vaguely relevant to me, until I hear the details and learn it has nothing to do with me lol
I currently have PJ64 2.6, honestly a holdover saved from a previous machine, and the installer had no prompts for any extra wares, and the nag screen was negated by typing in a phrase (so no config file modifying or anything). I can imagine switching to another emulator at some point, but considering my needs at the moment, it doesn't seem necessary.
Commenting to help the video performance and spread awareness. Thanks for putting this out there!
Honestly, the guy is a total chad for showcasing the vulnerability with something silly instead of exploiting it for malicious intent.
Reminds me of the ol' gmod cough virus that popped up deliberately to make that massive problem as visible as possible to garry.
PJ64 1.6 had a great run, it will be missed!
I somewhat predicted this would happen. When rom hacks are getting your system information and detecting what your romhacking account is, I wondered how long it would be until people make viruses.
Prpject 1.6 is very old, did you really predict it when it already happened
Very good video. Used PJ64 for a long time and have always been too casual with downloading tons of ROMs online. Thanks for putting this out there. That nag screen is super weird so I’ll probably download GlideN. That Anti-piracy screen was amazing btw lmao
The malware thing with PJ64 was back when it was closed source. The project went open source years ago.
out of curiosity, why do people use Project 64 instead of mupen?
I was told like 8 years ago that PJ64 was scummy and needs to be avoided at all costs. I didn't realize so many people were still using it after the near-decade of drama about how horrible and unsafe it is.
My knowledge was always that 1.6 was fine but after that they went off the deep-end with malware & stuff
+1
There are certain safe versions of it I've used in the past (I believe they were community forks) but yeah PJ64 is the anti-Dolphin. Where Dolphin is almost better than the original hardware and flawlessly integrates multiple play styles, PJ64 is pretty stone age still to this day
Same. I've used Simple64 for a long time, and now that Ares works with the OoTMM combo randomizer that's become my main
PJ64 it's the face of the sad state of N64 emulation. So many people using this crap simply because there aren't many good alternatives. It's awful to have to rely on outdated plugins to run N64 instead of running everything natively. The same thing was happening with the PSX emulation, where ePSXe was the standard but it was terrible, an emulator worse than PJ64. If you didn't want to mess around with plugins, you either had to use the even older PSFin, completely outdated with no usuable configurations; or Mednafen which doesn't even have a GUI, making it a huge pain in the ass to use. Then Duckstation came along and improved everything, no need for plugins, command lines or outdated code, works out of the box and with a great optimization. I just wish we have a good N64 emulator just like Dolphin or Duckstation.
A righteous Rick Roll? Wonders never cease.
Thanks for telling us and the explanation!
Well, Project64 1.6 was released 13 years ago. Of course vulnerabilities would be found.
yep, it's just that people still use it so they have to be warned
Vimm is our best friend!
Our savior!
Project64 1.6 was my only option to play rom hacks like "Beyond of the Cursed mirror"
Because,the version that donate screen appear and you have to wait 30 seconds dont run hacks like "Beyond of the Cursed mirror" when i open this hack for example the game crash for no reason!
You can edit the document file to make it so it doesn't pop up anymore
There are alternatives, next time, give simple64 a shot.
And sometimes,i like to use some GameShark codes but some emulators dont have GameShark option
If other emulators crash when trying to play your hack it is likely that the hack you are playing wouldn't work on an actual N64 either and relies on some bugs specific to Project 64. In other words, it's a poorly made hack and probably can't be played elsewhere. I think it was either near or endrift, or maybe both, that added compatibility in their emulators for some well known romhacks that were actually made wrong and shouldn't work on real hardware, but that is basically an unheard of level of support
I remember using Pj64 in the early 2010s. I made a lot of content that it’s still live to this day on my channel and helped me to revive those nostalgic times by allowing me to play classic games.
It had a great run, and it will be missed, but it’s time to move on.
Someone has to make a scary SM64 rom hack that uses this vulnerability
RMG > PJ64
An efficient way to handle this without checks is just have two tables, one for reading and one for writing. Unmapped write entries go to a dummy page in memory that's never read. Unmapped read entries go to another dummy page that's filled with whatever open-bus value gets read.
That's what I did in my ancient emulator years ago. The lookup tables got huge but ram was getting plentiful in the early 2000s. I am guessing zil didn't want the increased ram requirements
I'm using the version that has the 30-second ad at the moment. I was only using it for Banjo-Kazooie rom-hacks and they don't lag at moments unlike Project64 1.6, but now it looks like that is my main emulator to use at least until I find a better option.
What the fuck was the point of making this vulnerability public just like that? I doubt anyone knew about it before this, now that people actually know how this all works thanks to this info, people WILL start posting these virus roms NOW.
i had the same concern about posting the video for this reason, but the people that found the exploit thought it was a better idea to warn people.
To be fair this vulnerability could've been discovered by hackers at one point, we never truly know.
@@LerrycapetimeThere likely would have been warnings and it would've become common knowledge or something like that if it was exploited already.
It's **never** a better idea to ignore serious sercurity issues. In **some** cases, it's considered polite to notify the company who makes the product first and give them some time to fix it. But since the bug has appareantly already been fixed in newer versions, ignoring it just means people don't know the risks they're unintentionally subjecting themselves to.
@@AliceGorgoniaThis just doesnt work with what I've already replied and the comment itself
I instantly switched to the Parrel Launcher when I found this out.
PJ64 1.6 always fills me with so much nostalgia, so I'm very sad to find out it's not safe to use anymore. But, I'm glad we're at the point that the emulator is no longer needed anyways, because communities around the N64 and SM64 are constantly changing and improving. There's so much more resources and tools than there were before since PJ64 1.6's inception.
For making SM64 machinima, 1.6 can still be used, but there's already a fork of Project64 specifically for that purpose.
Like always, thank you for making this video and spreading awareness about this!
Phew... So glad that all my rom files are years old. Thank you for the heads up.
this is the type of stuff that gets me to feel that i gotta get smarter asap cuz i dont fully get it, BUT i get that its a dangerous emulator
I found a few emulator escape bugs before, including one in the 3DS VC GBC emulator, but was never able to exploit that one due to complications.
its like putting a lit match inside a cardboard box, it never ends well.
I'm glad I stumbled upon this video, as it's been a while since I've considering even using Project 64, and hadn't already uninstalled it from my computer. From now on, I'll be using N64 emulators through Retroarch, and maybe RMG on the Steam Deck assuming it's any decent, since I haven't tested it much as of yet.
People should be aware that any software that reads in data from somewhere could have a vulnerability like this.
For example, Minecraft with data packs. While nothing has been publicly disclosed, it could very well exist.
Step A. Take precaution and be very careful. Step B. Have a recovery plan and assume it will someday be needed.
RCE is rather unlikely in Java, though, unless someone does something insanely stupid (see: Log4J).
A Nintendo 64 emulator is the perfect target for this type of thing, because they know that emulation is kind of a complex topic and children are going to be very curious about this topic because it's old Mario video games they can play on their Android phone. It's appealing to children, most children have no idea how any this works so they're going to be prone to downloading whatever tutorial told them on the internet. 😮😢
5:01 project 64 needs your helpto defeat gigigas!
You can skip the old PJ64 nag screen by just running the exe twice. the second instance will say something like 'pj64 is already running, do you want to restart?' Choose yes and it'll restart without the nag screen.
I know that for me on one of the recent builds, just launching an N64 game from a Windows folder is enough to skip the 30 second window for me, despite the fact that they patched in unique codes so you can't just use "thank you from project64" anymore and have to actually support them to get the dialogue box to go away once if you trigger it, say, when just opening the program directly.
For me the biggest news here was finding out that people seriously used Project64 like it's 2012 still or something
Lmao I love pong with Mario's head
Seriously, thanks for the heads up!
What surprises me is how long it took for someone to find this.
I thought I found a similar bug in Dolphin, but they were clever and set up the memory map specifically to make this kind of thing impossible. (I can write to arbitrary addresses within a given range, but nothing important is put there, so all it can do is cause a non-exploitable crash.)
My friend and I have theory crafted things like this after that ZSNES exploit was made public
In general I think it's time people start ditching older emulators since this'll likely become more common
Desmume is next for sure
I believe the late Near (formerly Byuu) demonstrated the same type of vulnerability in ZSNES.
Thought this was a known thing for a few years that it was vulnerable to exploits, or maybe it was something else like someone in the comments mentioned VBA had a similar exploit. I was just wondering which N64 emulator I should install or if I should just hope 1.6 can run ok in Wine now (had issues in 2014) since I'm planning to move back to Linux, but I guess that's answered with Parallel Launcher.
Haven’t seen a vulnerability this bad since ZSNES
this is a really good short video! you got my sub, keep it up! :)
Not gonna lie, this could have been used with incredible effects for simpleflip's troll hack competition. Though it'd be more terrifying than anything
Bruh. I haven't seen the "You are an idiot" vid in like 20 years. Where in god's name did you find that and run it on Windows 11?!
Kaze, I can’t seem to find the version of GLideN64 you showed in the video, do you have a link?
As a cybersecurity major, this is one of the coolest fucking cases of ACE I've seen in a while. Hiding a payload inside a .n64 file that only deploys on a specific emulator that you found a zero-day for is genius level shit. Not that I condone malware creation, but it is genuinely insanely cool research.
Can't wait for Anti-1.6 measures to be in future rom hacks that hopefully instead of viruses do wacky cool stuff lol
Cool video :]
This ending gave me a heart attack. I was in bed listening to the video with my headset when, all of a sudden, the Windows notification sound was followed by glitchy audio.
TY for spreading the word, like many others I've been using Project64 1.6 for ages, but now I've slam dunked that shit into the recycle bin