Arbitrary Code Execution in Ocarina of Time
HTML-код
- Опубликовано: 9 ноя 2019
- This method was thought of and implemented by fasch and NatalyaHasDied.
Arbitrary code execution allows us to create MIPS CPU instructions from within the game and run them, giving us lots of control over what can be achieved in the game.
Currently we are limited to only a few instructions, but there are theories to expand on this.
I COMPLETELY forgot to mention Blini in the shoutouts section. He found the original Heap Allocation that allowed this to happen. The original SRM also had a really cool side effect of graphical flashing, caused by corrupting a display list segmented address.
My apologies, was recording this very late at night and forgot.
Many people are involved with the research of SRM, the glitch which allows this to be possible. Those people include but are not limited to:
Myself
GlitchesandStuff
Blini
Nat
Tharo
Exodus
Mzxrules
Roman
many others contributing in the OoT server
For any questions, join the OoT Discord Server: / discord 
Игры
![Jordan Adetunji - KEHLANI REMIX (feat. Kehlani) [Official Video]](http://i.ytimg.com/vi/EeJ8n5PxFGE/mqdefault.jpg)
Arbitrary Code injected into Ocarina of Time that turns it into Paper Mario that crashes.
Playing Ocarina of Time Crashes Paper Mario.
Go further. Run Arbitrary code that emulates Paper Mario running arbitrary code emulating Ocarina of Time running arbitrary code emulating Paper Mario crashing.
@@snosibsnob3930 emulating Zelda in Paper Mario is perfectly acceptable
@TF Tingle this had me dying. i imagined an ai like link to be walking into gamestop and asking for a copy of Paper Mario, lol...
ACE has been done in paper Mario as of recently!
ZFG: "The only thing holding Oot back from being the most broken game is arbitrary code execution"
Fig:
Speaking of things being buggy:
Doki profile pic.
@@jake1996able DDLC is amazing. Just had to say that here.
Nice pfp
@@marinellovragovic1207
Yeah. Including the brain damage. 10/10
@@jake1996able more like mental scar 10/10
One thing I'd like to point out that wasn't mentioned in the video: You may have noticed that, in the code explanations, the game seemed to be executing code after a jump instruction was executed. This may seem strange, especially if you are familiar with other kinds of assembly code. This happens because the MIPS CPU, which the Nintendo 64 uses, has a feature called a "branch delay slot." This feature means that the CPU will execute the instruction immediately after the jump instruction, then jump to the new location. It does this to optimize CPU speed (explaining how this works is a bit complicated, so I won't try here), but it can make reading code on the N64 a little weird if you're not familiar with this quirk.
Yeah I purposefully left some specific details out to try and not overload viewers who may not be familiar with this stuff with too much info. This comment will be helpful to anyone who didn't know about delay slots and wants to know, so thanks
it was a possibly good idea in the 90s. now with really long pipelines and ooo execution it's really not a good idea
This was the main question I had after watching the video, so thanks for the explanation!
@@vinesthemonkey Yeah, as well as speculative execution. Basically, the point was that branches are extremely slow and the CPU is partially idle while trying to resolve them, so the branch delay slot was a way to try to keep wasted CPU time to a minimum. We have much better ways to do that now.
Woah, thats actually really intresting!
I knew I got my CS degree for something
Yeah but we'll still get blamed for that virus after we restarted their computer 4 years ago.
Same here. I understood some of those words. Could never have hoped to do so if I didn't get it.
@Tonio It's a joke, we're joking. Even partway through a CS degree you'd know what's going on here
Wow, this is so next-level.
New low%: “0%”, where you get a minimum amount of items and erase them all before beating the game!
Hahaha hell yeah!
This is an amazing idea, but you'd need to figure out a warp to credits that doesn't involve beating fire temple lol.
Alexei Barnes with arbitrary code execution you have the ability to do a lot, just need the right instructions. Hell you could technically write a compiler for more complex instructions and get it to poll all control ports for instructions. You can then do more than just call the delete all items and run credits routine
@@5688gamble ACE only let's you do.. um everything
Yeah that's the thing with code execution.
NSR would be dead as shit for this, because all you do is set up ACE, set up a program that gives you all the items and warps to the credits, and there you go.
Ive never felt felt so computer illiterate
Did you get all that?
-> No
Yes
00:00
so arbitrary code execution is now a
00:03
reality in the Legend of Zelda Ocarina
00:05
of Time just want to start off this
00:08
video by saying that I did not find this
00:10
direct implementation of Ace this
00:13
project was spearheaded by Bosch and
00:15
Natalya has died although they had both
00:18
direct and indirect support from people
00:21
in the glitch hunting community so I'm
00:23
gonna try to explain this in simplest
00:26
terms I can although for something like
00:29
Ace it's very complicated in nature so I
00:32
will be stepping through a bunch of code
00:34
and talking about some lower-level
00:36
aspects of the game but I'll do my best
00:39
to try to make it digestible for
00:41
everybody watching so to start off with
00:44
some foreshadowing
00:46
you will need this exact filename and I
00:48
will explain why much later but it is
00:52
important that every character has the
00:55
right value and you'll see that once I
01:07
press end here the values for all these
01:09
characters will be written to this
01:11
address and that is exactly what we want
01:14
so the glitch that allows ace to work is
01:18
called stale reference manipulation or
01:20
SRM this glitch is such a massive game
01:25
changer it's gonna need its own video
01:29
I'm planning to do that once we have
01:31
enough information to fully understand
01:33
it but to give a little bit of an intro
01:36
and how it relates to this glitch stale
01:39
reference manipulation at its core as a
01:42
glitch that makes use of defect that
01:45
actors and their code all live within a
01:49
fixed space in memory the space in
01:52
memory is known as the actor heap and
01:54
within this space you will find actor
01:57
instances which is data relating to
02:00
actors and actor overlays which contain
02:03
code and data used by that code
02:06
so in an attempt to make this easier to
02:09
understand I'm going to draw some
02:10
pictures to try to help visualize what's
02:12
going on so the space I mentioned call
02:15
the actor heap I'm going to represent as
02:17
this box where the start is over here
02:20
and the end is over here now toward the
02:22
beginning of the heap you'll find the
02:25
instance for link himself so this is the
02:27
data that represents both child and
02:30
adult link and beyond here you have
02:32
space for any actor instance so it's
02:34
data or its overlay for its code so in
02:37
this game what we call actors are pretty
02:39
much anything that goes on the scene
02:42
that you can interact with or are a part
02:44
of the scenery so actors include link
02:47
himself enemies NPCs ladders chests
02:52
gravestones anything that is on the
02:55
scene itself so for this example I'm
02:58
gonna show I'm gonna draw a little box
03:00
that's gonna represent the instance so
03:03
the data for a pot that link can pick up
03:06
now I have on screen a live view of the
03:11
game's RAM and I'm at the location of
03:14
where this pot in front of me is and
03:17
you'll see that once I pick it up some
03:20
numbers are gonna start updating and the
03:22
ones that you see right now are actually
03:24
for its position these three over here
03:27
XY and Z position you'll see that they
03:30
change rapidly when I move and they
03:33
change a little bit when I'm standing
03:34
still cuz link is breathing up and down
03:36
so the important thing to grasp from
03:38
this is that when an actor is grabbing
03:40
another whether that be linked holding
03:42
an actor above his head or a boomerang
03:44
grabbing an actor the actor that is
03:48
grabbing will keep a reference to the
03:51
location and memory of the actor that it
03:54
is holding and in this case link keeps a
03:57
reference to the start of this pot in
04:00
memory now while this reference exists
04:03
various data is being written to the
04:06
actor instance including its position
04:08
its rotation what is holding it etc
04:13
now things get interesting with stale
04:15
reference manipulation when you change
04:16
rooms and by doing that you unload the
04:21
actor that is being grabbed while still
04:25
maintaining that pointer that says that
04:29
you are grabbing something and when you
04:31
change rooms there's a good chance that
04:33
something will take its place like say
04:35
the instance for a chest and now you're
04:39
writing data to something that wasn't
04:40
originally supposed to receive that data
04:42
you can do a vast amount of things with
04:45
this glitch including editing the
04:46
contents of a treasure chests which
04:48
glitches and stuff has done recently and
04:50
it also becomes powerful because you can
04:53
edit the overlays which contain code you
04:57
can see here in this video by gns for
04:59
manipulating chest contents that this
05:01
concept of holding an actor that doesn't
05:03
exist anymore
05:04
is achieved by doing a super slide into
05:07
a new room and then letting go of the
05:11
super slide to pick up the item as the
05:13
room changes and when you do this like I
05:16
showed here you modify what is at that
05:19
location in memory and change the value
05:22
of what is there so that explanation
05:26
took a little bit longer than I was
05:28
hoping but it's really important to
05:29
understand what stale reference
05:31
manipulation is doing to be able to
05:33
understand how it can lead to something
05:34
like ace against L reference
05:37
manipulation will get its own video but
05:39
I hope that that was enough to at least
05:40
grasp the concepts of what's going on
05:43
now with the basic understanding of
05:45
what's tell reference manipulation can
05:47
do we're ready to get into the actual
05:49
arbitrary code execution I've created
05:51
here a macro of the entire setup and as
05:54
it plays I'm going to step through how
05:56
each part is relevant to the setup now
05:59
the actor that we are going to use as
06:00
the entry point for our arbitrary code
06:03
execution is going to be darunia so
06:05
we're gonna do the setup here and Goron
06:06
City we're start off with IHG we're
06:10
gonna be doing a big hover a large
06:13
amount of this setup is just to get a
06:15
pot that we're gonna grab in a very
06:17
specific location in memory so there's
06:20
gonna be a very long hover up here and
06:22
I'm probably gonna fast-forward through
06:23
a lot of
06:24
but yeah neighbors love here I tried to
06:29
skip using it but turns out that using
06:31
it is actually important for the
06:33
allocation of the heap to get the pot
06:35
where we want so I'm gonna do a
06:37
neighbors love super slide up the stairs
06:38
super slide teleport and now we wait for
06:42
a neighbors love to expire because you
06:44
cannot hover with near his love so I'll
06:46
fast-forward through this so his
06:53
neighbors love starts to expire here
06:54
you'll see some chu hovers up normally
06:58
dropping a - out of bounds will crash
07:00
but there's a tiny bit of ground
07:01
underneath that I have to work with just
07:04
gonna be doing hovers and turning around
07:05
to stay over that ground now that we're
07:21
high up enough we're gonna start doing
07:22
some bomb hoppers in a second here the
07:25
goal is to get to the hallway where they
07:28
made Eagle run is who sells you the
07:30
Giants name and the whole reason behind
07:33
this is simply to enter the main room
07:36
from that area to put this pot at this
07:39
exact address that you want no this
07:42
setup requires this long hover does not
07:44
to say that every a setup in the future
07:47
is going to need this exact allocation
07:49
of the pot but for this specific example
07:51
this is what was needed this is a proof
07:54
of concept that can definitely be
07:56
applied everywhere else not just here
07:58
and go on city now as we come up on the
08:03
last time here we're ready to sign up
08:05
into the hallway we land on a little
08:07
table and we're gonna back walk slowly
08:10
to load the hallway you'll see the
08:13
bonneville wall there and we're going to
08:16
enter the main room with this camera
08:18
this affects the allocation of the
08:20
actors and now the pot that we want to
08:23
grab is exactly in the right location so
08:26
we're ready to proceed so we're gonna
08:28
have neighbors love again we're going to
08:31
use that for the super slide off the pot
08:32
but more importantly it's also going to
the reason the game reads input from controller 3 is because there's a special button code to erase all save files on the title screen that needs to be inputted on controller port 3. this button code is there in the event of save files becoming corrupted and crashing the file select screen before it loads which would make erasing them the normal way impossible.
i think there's a video of that somewhere.
Also I believe that the 3rd controller is used for some additional stuff in the debug ROM
Stupid question what is that button combination my game crashes when it tries to load the save file select screen and I think it might be the solution for an issue I have had for years
yeah reading on 3 makes sense for this code, but was saying it was weird that 2 and 4 are not read. And yeah debug does use port 3 but it uses other controllers as well
if you don't feel like pressing 14 buttons at 12ms/button maybe you could just pull out the sram battery
@@nineh9739 @meme lord yeah i was going to say the same thing. Do N64 carts need a game bit to open though?
I was worried about the direction that the series was taking with its new installment, The Legend of Zelda: Reader of Memories, but after this beta preview, I'm really looking forward to it.
ZFG: If arbitrary code execution in OOT is found it is officially the buggiest game ever
Fig 1 week later
meanwhile pokemon RBY ACE is so broken (yet controllable) that you can legit make setups that let you cartridge swap and have it run the actual ACE payload in other GB/GBC games
ZFG clearly never played a Final Fantasy game, especially the oldest ones
I just want to say: You didn't have to make this video. It could've been a blog post, or just a little tweet or something, but I'm very glad you did. There was a lot of effort put into here, good presentation (even you're little mspaint doodles lol), and a very deep & thorough explanation of all the concepts.
As someone who finds this type of stuff extremely fascinating, I just want to sincerely thank you for putting your time into this. This was really cool to watch :^)
this works in real-life too, if you change your name to that legally and slide into a few rooms the right way holding nothing, you can just make whatever happen, i've confirmed it
Well. I bet if you named a baby "null" it might cause a few issues.
What a time to be alive! Can't wait for the 100% child lotad
ME TOO! I'M SO EXCITED FOR EVERYTHING! GAHHAGS LAB FBSGAJDYKABEISIA OAK DHW9U1KZNDUA9EB I'M SO HAPPY!!!!
@@1122markj Okay calm down numale
Uhhh... so... since I don't spend any time on the internet using cringey words like numale. I had to look it up. And.. oh man... I have no idea how this beta male, white knight description would fit someone who is just excited over a Zelda game. Ya coulda just called me a manchild but ooookay
@@1122markj Ok numale
Lmaooooo
Not only is this ACE setup glorious, it also uses best item, Nayru's Love.
1990s: We invented the internet and Ocarina of Time
2020s: We use the internet to watch videos about reverse engineering ocarina of time.
Really amazing work! Excited for the future work of you and other OoT scientists!
I don't even speedrun this game or really didn't understand most of the stuff going on in this video, but this was a lot of fun to watch! You did an amazing job explaining how it works!
00:00 - Setup and explanations
12:28 - First payload execution, and demonstration of its useless but amusing effects!
13:40 - Further explanation, stepping through the instructions
23:45 - Other examples of effects that can be achieved (my favourite at 25:40!)
25:47 - Future possibilities? More elaborate payloads, RTA viability?
thank you!
this is so exciting to see! the side effects are amazing
bootless black tunic link needs to become rta viable
young link in black tunic jumping: MY PEOPLE NEED ME
Jesus christ, ACE in OoT??? What a time to be alive.
Just wait until Halo Reach comes to PC. I've a feeling nerds are afoot.
Anoobis 117 what would ACE do to reach?
@@magsec5 you could theoretically use ACE to set or uncheck flags that let you, for example, wield illegal weapons or change the type of projectile your weapon shoots. This can all be accomplished by modding of course but it would be interesting to see it done in-game.
@@anoobis117 We found Arbitrary Unit Possession /control in halo 2 a few weeks back! Been an amazing time building upon that.
@@Harctwo what a time to be alive
This is without a doubt one of the best videos about ACE in videogames I've ever seen. Information detailed enough, but not overwhelming, clear explanation, both of the glitches involved and of the actual assembly code and RAM locations shown. The comment about the branch delay slot completed all the information I wanted. I really thank you for this outstanding video
I am truly amazed that this day has come. Great job to all of you !
Great video mah guy looking forward to progress relayed through the discord!
ACE will be here in full swing soon enough it seems.
I expect great things of this.
Not like speedrun things, like wacky bullshit things.
i expect this to be featured in Tas block at some point. i cant wait for the stuff they'll come up with
Hi joe
Just taking a class now in college learning about mips assembly programming. Couldn't have seen this video at a better time!
Great work guys. Incredibly impressive
So glad this got recommended to me! My god, the process reaaally looks like a modern day variation of the old day myths about secrets in the game! 🤣
What if... All those secrets back in the days that got spread but could never be verified, are ACEs that got executed on accident?
Wow, I know you aren't alone in finding this glitch but I'm surprised I never saw your channel before, I like your style.
Exceptional video. Thank you for all the effort you've put into this.
absolutely amazing, and a great video, grats. im really looking forward to seeing all the cool shit being done with ace in the future.
This is incredible.
With all the hard work and interest you guys have shown through this research I'm sure there will be something RTA viable in the future, even if it's for less popular categories like NSR.
So glad to be alive at such an exciting time in history!
Now we just have to use ACE to allow us to get the Triforce!
That was a fantastic explanation of how it works. I've never touched a debugger but felt I was able to follow along.
Great work!
Well, I'm glad I paid attention in my CS classes because I was actually able to follow that pretty well. This whole thing has so much potential and I can't wait to see what stuff comes from it.
Fantastic video, the way you describe the N64 CPU as it executes the payload was eye opening for me. I'm not sure if this is strictly what I'm thinking of, but I've read about 'return oriented programming' in reference to 3DS hacking. I was never quite able to wrap my head around it, but it makes a lot more sense now. The way this hack winds up inadvertently breaking the Link actor brings to mind how a ROP payload might fail totally at random, simply due to the chance arrangement of code in memory.
Awesome video man, super informative. Can't wait to see where this takes us.
Finding game-changing bugs in a game from over 2 decades ago, incredible. Wonder what OoT speedruns will look like this time next year
Now we know... 7min 43sec as of today haha
wonderful video. crazy how far this has come.
Awesome video, and very clear explanation. Thanks for sharing!
Did a great job of explaining it! :) The drawing helped a lot!
YES! FINALLY! I LIVED TO SEE THE DAY!
This is awesome. Finally explains hyrule field glitch. :O Great work gents! Powerful stuff.
ZFG called it
OOT is now the buggiest game ever GG
Awesome explanation of ACE and executable ram 👍
Ohhhhh. The current Any% WR makes so much since now! xD Thanks!
All of the code is arbitrary.
My mind wanders.
Hot fucking damn hahaha
So ok.
OOT is this game that
a lot of cats seem hella
pumped of. And this ACE video
is sitting on my desk for
review, so I'm like, yeah
man I'll write something.
But I don't know. I'm like,
so this is about elves or
some noise? That's fine, I'm sure that's
like fucking dynamite in a handbag for
some brosephs. But all I'm saying is,
when do you get to *thrash* anything?
While you're playing knight or some shit,
are you ever in jeopardy of getting mud
on your fairy elf’s dress or whatever from
busting out, and I quote, "the mad
stunts all wicked up-ins"?
@@owfan4134 a fucking homestuck reference, I'm crying
This actually was pretty clear. Great job!
amazing work, thank you all for making this possible
i am speechless, this is an incredible video and an amazing discovery!
Wow this is incredible! Congrats to OoT for being the first N64 game with self contained ace!
1ted59 Actually i think oot is second, doesn’t pokémon stadium have ace?
@@gs6772 I think Stadium's involved glitched save files of the GameBoy Pokémon games that you were transferring data from.
@@gs6772 self contained ace, cause Pokemon stadium needs ace on a gb game
Yo, that's pretty cool. You did a great job of explaining it as well.
This is just like OOT puzzle solving, except even harder
I feel like watching this is making me understand how some of the games I've hacked in the past might have worked. Trying to find and modify entities and scenery is something I've only done a little bit.
In practical terms:
stale-reference manipulation is when a (tiny) fraction of the memory on that RAM stick in your computer never gets zeroed-out by the operating system (due to performance reasons) when an object (e.g., a pot) gets deleted (when you move rooms/zones/etc.). This then gives you the opportunity to make said memory on that RAM stick (of where that pot once was) to be any value you want (if done cleverly), thus giving you the power to manipulate the state of the game.
New world record for OOT Any% using ACE! I guess it is RTA viable. Thanks for this video, it helped explain it quite a bit
I just learned about CPUs and writing data to registers in school. Little did i know it was preparing me for this.
Really impressive results and a nice video as well. I love when two of my favorite topics: gaming and hacking comes together.
Question: you mention that the space for the payload is very limited. Would it be possible to insert a small stager that will read for example input in a loop and write more code in too the memory or is the available space too small to even do that?
BTW, another term that is used in the security community for this type of bug (SRM) is Use After Free or UAF.
Calle Svensson yes a bootstrap has been written that will do exactly that and read from inputs. It hasn’t been put together in a video yet. It uses the scarecrow song to set that up.
And yeah, SRM is definitely a form of a use after free. We name all of our glitches in the game something unique that we as a community can call it by. There may be other glitches in the future that classify as a Use After Free
@@Fig02 Cool! Looking forward to see that.
Yeah, naming a particular instance of a bug within a bug class of course makes sense here as it's easy to talk about it within the community. Just wanted to add some context which other people might find useful if they want to know more about this type of bug in general.
New speedrun category: (N)Ice%. Make a letter N by duping ice arrows in the inventory, and set the quantities of all items with a counter to 69
very exciting, I can't wait to learn more
goddamn that was a fun explanation
Yeah, I do some programming
Oh? In what language?
Ocarina of Time.
... ?
According to ZFG, OoT is now more broken than Gen1 Pokemon.
Holy shit, it finally happened! This is incredible
-MM ACE when-
Nevermind, we found moon warp
25:41 : "I have to go now. My planet needs me."
fantastic explanations
i can't wait for SM64 to get ACE
(even if it's by doing something like "if we take the cartridge out and swap it while idling in RAM...etc etc")
Considering sm64 has been decompiled to C, I wouldn't be surprised if it happens soon, if there are any ace bugs
Very interesting, it’s always amazing to me what the devs at Nintendo were able to do with such limiting memory constraints
Hey, great video! I'm super excited to see what comes out of this, ACE is a super powerful glitch that can lead to some interesting stuff. I've still got a couple questions about this tho. For right now, what I'm understanding is that the only way to deliver a payload is through the file name, right? What are the requirements for something else to act as the payload? And with the tools you have now, can you use it do do something like a credits warp (like you might see in Super Mario Bros.), or would you need a much larger payload for something like that?
ZizZazZuz all that has been used is the filename yes. We did this more as a proof of concept and have ideas to get access to more instructions.
Here we had 1 actual instruction for payload. I think credits warp would take 3.
Based on my understanding of the explanation I think the payload would need to be some value (or a string of values) that the player has enough control over to write instructions with. In this case the filename seems like the most practical as it's stored as a string of values that don't change after they're initially set under normal circumstances
This is beautiful
Do you think you could use return-oriented programming to craft bigger payloads?
Good video, earned a sub
Sağolasın paylaştıklarını izliyorum
Amazing work.
Wow, this is a huge breakthrough
As someone who loves dark link stuff, I'm convinced you successfully transformed into dark link! It makes sense in my head, since dark link is targetable, can target (he targets you and has a target range just like link), it makes sense that dark link can't trigger load zones (hence why you can't activate them) aand I believe that the hop you made is the jump he makes either when dodging and countering the stab or the neutral hop he makes when trying to jump slash with his sword seathed.
Dark Link is his own actor, and I still retained many properties of normal link. I changed links actor type, which resulted in some of those things you mentioned, but it wasn't "fully" dark link
@@Fig02 I didn't get notified of your reply, but thanks for clearing it up :)
im so happy this is possible
I have lived to see the day OoT gets an ACE exploit!
Hmm, can't you RBA most dungeon key counts which are one byte each? And maybe chain exploits by writing glitch items into inventory to RBA with.
I really wanna see how this gets used! Will it see use in any kind of TASes?
Also, I kinda wanna see videos of just showing off & screwing around with the effects of ACE!!
congratulations boys!!
Holy shit. Now there's new stuff to watch.
Absolutely badass
so is the payload mostly dependent on what you set the filename is or the instructions you perform with moving pots around?
Thanks for the great explanation! What property are you changing to get the effect you show at the end?
Setting links boots to 0xFF. His boots handle his gravity/physics
@@Fig02 Hah, nice.
@@Fig02 When you figure out, Gravity is tied to Link's boots and you just delete them to fly.
This is brilliant, we actually used the MIPS architecture in uni. What tools do you use?
Is there any possibility that this could work in MM as well? Or is this likely to remain an OOT-exclusive glitch? It would seem to depend on whether this is a quirk of the Darunia actor or is more widely applicable (perhaps to any actor with text interaction?). Either way, this is an absolutely incredible find - I can't wait to see what this could be capable of with more experimentation.
Wow this is incredible
Would this ACE work with Majora's Mask, I know some OoT glitches work with it and some don't.
SRM, the glitch that allows ACE, does work yes. An appropriate method to do it would need to be found but it should be more than possible
Wouldn't you be able to prepare a far bigger payload by executing small payloads that each set an instruction or two in an empty/reserved space that can afterwards be executed as once, such as a boot loader (not sure if it's the correct term)? And from there be able to input instructions directly?
we have achieved total control in multiple ways since this video. a couple examples are removing the file name limit to write code on the file select screen, and another method using the scarecrows song to write a bootstrapper to read inputs from the control stick to write code
assuming those other methods didnt exist, yeah you probably could write a bootstrapper by chaining a bunch of darunia ace's together
Nice. How does the first hover change the location of the pot?
AndrewAJT it’s the location of the pot in memory, sorry if that wasn’t clear. You load the room from the hallway without having gone through the front, so actors will get loaded in a desirable order.
Couldn't you make it run code to run instructions from port 3 every time you press a button on port 1?
now i'm just waiting on the doom port
I don't know why this video was recommended to me but it -is- fascinating, so...
Link is starting to catch up to Mario's exploitation level. I cannot wait to see what happens when these two absolute legends meet in space-time.
you will need this exact file name: WAMPA.STOMPA..
I really love this kinda low level stuff
ACE in OoT, I hope it leads to some of the Pokemon ACE stuff I've seen in Tasvideos, where they show other games being played.
also you can hold shift when drawing a line in MSpaint, to force the line to be straight.
Could you please explore a little more of that dark link state? I mean, were you even able to pull out your sword? (dark link can't, if I'm not mistaken)
I would love to see a reaction from an actual coder for Ocarina of Time.
it would be hard to track down those nintendo devs from the late 90s but it would be amazing if someone was able to do it. Would need to probably be someone who knows japanese and can navigate japanese phone/email directories.
credits warp from kokiri forest is already possible, cant wait to see oot beaten in 10 minutes!