Arbitrary Code Execution in Animal Crossing

Posted Apr 26, 2024

By Hunter R. 1 min read

Arbitrary code execution, the holy grail of video game exploits… Is it possible in Animal Crossing? There may be more to it than you might think…

This video includes mistakes, misinformation, or oversights! See below for corrections.

Mistakes & Corrections

At 09:23, I mention you can go to any address with QDS/BBR tags, but realistically you are limited by the size of the structured ROM without the PAT tag.

At 18:52, I mention Link’s rock “despawning” with a camera exploit, but this is an oversimplification. The real way to get empty hands and abuse SRM has to do with setting up culling and loading triggers to unload the rock while it’s in your hands, rather than “despawning” it.

In general, multiple objects can be used to overwrite pointers in Ocarina of Time, but for the specific human-viable setup with the file select, LightNode SRM is used. This was glossed over in the video; more information can be found here.

It’s mentioned at 19:49 that the Japanese version of the game is required, but it is theoretically possible to use SRM to switch languages to the included Japanese within the US versions. This would allow for Japanese inputs on a US disc.