sorry for my euphoria.
producing malware is not my intention.
Yeah, that is not a good idea at all.
Don't you think it's a bit scary, that most people run handheld-emulators, which were never pentested?
I think that this situation is quite dangerous (i can only talk about the gameboy). Pokemon Blue is an excelent example for this:https://www.youtube.com/watch?v=D3EvpRHL_vk
<--- you know this video?
what we see her is emulated execution on the ram-area, futher more we see execution on the ram-area with fixed offset, it won't change, so it's reproduceable.
You might say "hey, whats wrong with it, he's just playing pong on pokemon". Sure, he's just playing pong, and I don't think that this is bad, but it becomes a problem if you think about multiplayer-mode via lan or wlan in a public place or about downloading a rom from the internet. Multiplayer-mode can be quite dangerous, because the gameboy does not check buffer-overflows.
I guess that it could be easy for an attacker to inject some packages, which cause an overflow --> manipulate the return-address and delete your sav-file for example.
ok, this might be nasty but acceptable for you,
but is it ok for you if an attacker breaks out of your emulator and opens a remote-shell/bash/cmd on port 8080, or if he writes a payload in your sav-file which does so every time you start this game in the emulator.
yes, sav-files can cause overflows: https://www.youtube.com/watch?v=Zd2595c_72M
if you don't know how exploiting works basically, but you're interresing in UNDERSTANDING (please don't bash me) read this: http://www.phrack.org/issues.html?issue=49&id=14#article
another issue is, how can you verify the rom your using?