Hypotheticaly if instead of searching for my old Ps2/Xbox360 discs i downloaded a rom could the emulated games infect my computer once ran? (if this breakes the rules im sory)

  • Skull giver@popplesburger.hilciferous.nl
    link
    fedilink
    English
    arrow-up
    10
    ·
    10 months ago

    Practically: not really.

    Theoreticaly: any piece of software loading external content can be exploited. Google Chrome, Windows Explorer, and iMessage have all had vulnerabilities where opening a file triggered remote code execution (and subsequently, infection).

    Some emulators will read the code, interpret them, and call emulator code to execute what the instruction is supposed to do. This is relatively safe, but also not very fast.

    Other emulators act more like browsers: they interpret some code, but turn other code into native code your computer can understand directly. This is riskier because someone could craft a ROM that’ll escape the emulator and act like a normal executable, with all the risks that come with that.

    I don’t think emulators have many protections against malicious ROMs. Known vulnerabilities are patched, of course, but emulators aren’t written with the same risk model as we browsers.

    If you want to be extra safe, you can try calculating the hash of the ROM you downloaded (SHA or MD5, you can find free software to do that for every operating system under the sun) and compare that to online databases. If you have the choice between ROMs with a hash you can find online and a ROM with a hash you can’t find, you should probably stick to the known hash.

    If you want the utmost protection, you can set up a virtual machine (in VirtualBox or whatever you prefer), install an OS into that, and run the emulator in there. Getting the 3D graphics working reasonably fast in such a setup is fiddly and comes with a performance cost (or the cost of a whole second GPU lol) but you can shut down the virtual machine with the click of a button and reset it after you’re done and copied out your save file.

    I think that’s probably overkill, but it’s the most secure way to open any content you download from the internet, whether you’re working with ROMs, Office documents, images, or videos. Even that solution isn’t bullet proof, but nothing really is.

    • echo64@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      10 months ago

      Practically, yes. There was a zsnes exploit that did exactly this back in the day.

      • Skull giver@popplesburger.hilciferous.nl
        link
        fedilink
        English
        arrow-up
        4
        ·
        10 months ago

        Was that malware ever injected into ROM websites? A whole bunch of emulators have had vulnerabilities fixed and PoC’s published, but I’m not aware of any malware groups using altered ROMs as an infection method. It’s probably much easier to infect people by hijacking emulator websites through malvertising.

        Because all I know about the zsnes story was that there was a PoC and everybody kind of abandoned zsnes after that?