I love figuring out how these old games are built cause I feel like they were built to be on the constant verge of breaking but just barely keeping away from actually exploding all over itself.
They had to build them that way because they had little memory and processor power to work with, so they had to cut all the corners they could. I mean, for bleb's sake, the actual code is kept in the same space as the data, and the're using jumps. One wrong jump is all it takes to execute data as if it were code and explode everything, as this video demonstrates.
Funnily enough, pwning without modern security features like ASLR (random addresses), NX-bit (prevent data from being executed) and stack canaries (detect buffer overflows) were so similar to this NES ACE. I am talking about Windows XP times. Returning to existing code for example is still done to this day with “return-to-libc”. Having an invalid MP3 (M4A) file still crashes the Nintendo 3DS, like eating a chuck with Yoshi does in SMW. Source engine games had similar issues. Some while ago in Team Fortress 2, a player could spawn with a deformed ragdoll model, so everytime he died he could execute arbitrary code on the PCs of EVERY PLAYER ON THE SERVER. He could open up the calculator, but he could also quickly install viruses. of course, nowadays, one update patches everything and NES games are immutable. But all software on modern processors still share the same basic vectors like on the NES :P
Hello guys, sethbling here. Today, I'm going to show you something unique. This super Mario Bros cartridge is the only one in the world... Well, here's the other one, but that's it. These two games are one of a kind because me, and a friend made an AI using arbitrary code execution with koopa shells. Here, I'll show you. " This is your fault. I'm going to kill you. And all the cake is gone. You don't even care, do you? " *Unplugs super Mario world* As you can see, it's still glitchy but nothing big. That's about it, thanks for watching
This is fascinating. I can barely grasp the concepts involved, but I get it just enough to be very impressed and interested. I like how it is all pure logic down in the metal, but by the way Mario is behaving it looks like witchcraft XD
+JimPlaysGames If you are interested in getting a better understanding down to the bare metal, look up a book called Code www.amazon.com/Code-Language-Computer-Hardware-Software/dp/0735611319 It is a pretty good introduction that is very accessible, but not insulting if you already know how to code. :)
lol asm in mario world isnt that bad i made a captain falcon mod that's in testing but i am trying to make a wavedash power up but i keep getting it to work in a conveyor belt fashion which i dont want i want him to slide.
+Potato on a stick I'm terrified. Which instruction set are you using? I'm being taught the same instruction set in my computer science class and I'd like to learn more about it
+Bea Al My guess is that someone who knows the assembly language (eg someone who wrote an emulator, or just some nerd), had a debug session open while playing the game, and figured out what code was needed to get to the credits screen. Then they *had to* figure out how to do it early in the game. An interest that became a life style ;P
+Lurvik Pretty much. Basically to figure out this glitch, they looked at an existing glitch which would jump to the sprite X coordinate table located at the OAM (object attribute memory), as those values are easily manipulateble by just moving around sprites on the screen. This glitch happened to be the item swap glitch, the glitch which lets yoshi eat an (I think it has to be a non-charging) chuck. From here, they worked out what code they needed to set the gamemode to the gamemode corresponding to the credits, and assembled it to be byte-code readable by the machine. After having figured out what code they need, they just found a way to manipulate the sprite X coordinate table in such a way that that code would be run by the game, and voila, mario warps to the credits. I am by no means an expert in ASM or SMW glitches in general, there might be mistakes in this explanation. Correct me if I'm wrong.
I think it's more than that. The item swap glitch only causes the SNES to be confused, and execute instructions from open bus. They still had to find a way to then manipulate the open bus value to make the SNES execute a jump instruction to their code they wrote in the sprite coordinate tables. All the stuff about making sure that the mushroom would spawn in slot 9, only collecting one dragon coin, the P-switch being in Slot 6 & having x-coordinate 0EFF, and the y-coordinate of the particles being at a certain range of values was to manipulate the open bus value to do that, I think.
to put it simply: when yoshi eats the mushroom, the chuck really wants to be in item spot 9, which is where the mushroom was, which is on yoshi's tongue. the game doesn't know what to do about this, flips the fuck out, and asks the open bus to solve its problems. the open bus takes the x value of the p-switch and uses it to determine that it needs to look at the sprite of the third dragon coin. if it's empty, the data bus does some stuff to the address and the stack that makes the code look at the x and y values of the block particles. if they were in the right position, the code starts to run the values of the red shells, which tell the game to roll the credits if Mario is facing right and not swimming, which is all well and good, except we cant get him back in the game with that alone. the rest of the code introduces a routine that brings Mario into an encounter with iggy, which brings him back into the game, but since we're going to the credits and not iggy, the game glitches out.
@Beef Bronson: you explain the first part incorrect, the reason why the chargeing chuck spond on yoshi tongue, his because mario interupt yoshi eating the mushroom, causing a nil sprite in slot 9 to be on Yoshi tongue, so the chargeing chuck still see slot 9 being empty at would take that spot to appear, but that empty spot his on Yoshi tongue, making the chargeing chuck appear on Yoshi tongue and then get eaten by Yoshi. The mushroom in the reserve box when it come out it was force into slot 9 since the 2 glitch berries are taking slot 11, and slot 10.
@densch123 : Lets expalining with the real world example: you have 12 basket with numbers on them from 0 to 11, number 0 to 9 are brown basket, while basket 10 and 11 are golden basket, all of the fruit your instructed to put them in basket 9 first except for Pineapple, Pineaplle are instructed to be place in the gold basket number 11 first if it his empty. So you have the normal fruit and then the special fruit, you place a fruit first that his not a Pineapple you have to place it in basket 9 first even thought basket 10, and 11 are empty, then if Baske number 9 to 0 are all full, and you try to put a fruit that his not pineapple even though 10 and 11 are empty, that fruit will go to the trash, it will always search for the highest number besket that it can go to that his empty, the mushroom in this case was the pineapple, so two pineapple as to be already in basket 11, and basket 10, so the next pineapple goes into basket 9, then the buyer bought basket 9, while he bought it the seller takes away the object inside so he carries an empty bucket 9, but the buyer as not notice that yet, that it his empty, and the buyer never notice that bucket 9 his empty, so but the seller knows that bucket 9 his empty, so if the seller put a diffrent fruit in the new basket 9 it will disapear and appear in the buyer same number basket. I'm well aware that in the real world you can't actually do that, that was just an example if the real world would behave like a video game.
+pannenkoek2012 For the majority of it I use Adobe Premiere. For more detailed stuff like the numbers at 2:54, I created a Java program that displays graphics that I capture with a screen recorder.
Thank you! It's rare to find a good explanation video of old glitches like this. I liked how you joined those images together to help the explanation. Thank you!
SilentDust and the code writing has gotten pretty crazy. look up "tasbot plays mystery game". they've also gone on to re-write pokemon, one of the times they made it connect to the internet and stream twitch chat
+darkmagician135 That's not quite correct. It didn't connect to the internet. The SNES has no internet capabilities. From what I understand, their laptop was connected to the internet and TASbot was connected to the console, translating the text from Twitch chat into button presses while the console translates those button presses back to text. Stuff like "press L and SELECT at the same time" meaning "A" or something along those lines. It's still pretty crazy how quickly it all works. You'd have to get into the detail of how quickly the console can actually register button presses. 'cause just using one letter per frame sounds like it would be way too slow.
It all makes sense, but christ! Who just sits down and figures all this out, let alone timing everything JUST right so all the code falls into place. This is both simply ridiculous and simply amazing!
+ThePixelPaladin F'n-A, that's what I don't get, how you can execute what you want flawlessly, not like you get on screen indicators of what x-y position you're on...
As someone who does reverse code engineering and exploit development for a living, I recognize the extreme level of care and detailed analysis that went into the research and development of this video. I'm sure this took a lot of time to make, especially given the great care that went into the presentation of data on screen. All of the graphics, organization, and detailed step by step display of each register's value, memory address, and the transformation of each subsequent CPU instruction was simply beautiful. It clearly takes someone who has a passion for reversing (and sharing that skill with others) to put so much time and effort into something that sadly isn't going to have an equal level of payback in views and attention because of the limited audience who will understand, even in a very limited/abstract way, what was being explained in the video. I applaud your efforts man, and I thank you for putting so much time into making something that I, and I'm sure many others, enjoyed immensely. You definitely earned my subscription, and I'm anxious to see what other videos you've made, as well as what future videos you will create.
Just wait until you make a deal with Satan to tie a villager to one of those armor stands with a lead and end up with duplicate UUIDs...no amount of gamemode 3 or kill command spam will save you.
RMoribayashi in hindsight, being able to “compile” a program yourself on paper seems like an amazing consept. It’s like being able to speak another language without an interpreter
I originally saw this video years ago, and just came back because I was playing SMW earlier & it made me remember the vid. Point being, as someone that’s been programming since I was a kid, and have always been known & considered myself a nerd; you sir are some sort of super nerd. I mean that as a compliment. The way that you’re able to explain & break down the code, and the way the hardware runs it. Bravo, sir.
Ah, this is the RUclips algorithm doing its thing again and I end up with the age old question: "Why the hell am I even watching this???" ... and for some reason I have absolutely no regrets in doing so.
I love this video, and the comments/replies to comments helped a lot with understanding the more complicated parts, as well as why certain things work the way they do.
Very interesting - I'm also really curious how this was discovered (most especially how the specifics were mapped). Also, would be killer to see the original coders of the game react to this the first time they saw / heard of it.
It is impossible to explain. Assembly doesn't go well with English as higher level languages like C++ and Java do. Nothing makes any sense, it's all numbers, and numbers designed to behave in very specific ways that would take a huge tutorial to explain in itself. I made an entire program based on corrupting NES and SNES ROMs and had to study a ton of it, and I still don't understand half of it.
I started with assembly and my "4 years moment" would sooner have come with an obscure C++ feature. Within 2 weeks of deciding to edit my sword damage in Minish cap I probably would have understood this video. Maybe you should get into game hacking!
You probably need to know how a computer works and this is not easy. If you got the general idea (they make code with the sprites and then execute it) it's OK.
I understand this. The cliff notes? You swallow a Charging Chuck with everything set up perfectly, and Yoshi and Mario completely break the Space Time continuum
Cool vid! Was this skip discovered through 'standard' gameplay and then the explanation was reverse engineered or did someone break down the code and then search for an optimum place in game to execute the steps you outline in your video?
George B Most definitely the latter. Super Mario World is probably one of the most documented, reverse-engineered game out there. All it takes is a bunch of thinking and planning along with the knowledge of the game and it's mechanics to come up with something like this.
What I don't fully undertand is this....YOU can interpret the bites as code, but how, and more importantly, why does the GAME do that? Why does it come across this specific series of bites (corresponding to the positions of objects on-screen, and the slots they occupy at the time) and read it as code? I get that it has to do with Yoshi eating Chuck and that causes some kinda weirdness with how the game's memory is read, but that's where you lose me. I still don't understand why the game executes the positions set earier as code.
+PremierMilenkov If you are familiar with programming, you know that you can call a function in say, C, by using its name (e.g. do_something()). In assembly, you have to call a function by using the address in memory at which it is stored (e.g. JSL $009047). In all the address space, $000000 - $FFFFFF, everything is stored, including RAM, ROM, hardware registers, PPU registers, and more. Normally ROM is stored from $xx8000 to $xxFFFF, which is where most of the code is. $xx0000 - $xx7FFF is saved for pretty much everything else. So really you can call a subroutine that exists in ROM or RAM. So in this case we have JSR $00E0 (effective address $0100E0), which is a call to RAM instead of ROM like normal. In fact, SMW does write code to RAM and executes it fairly often, it's just that in our case we get to chose where in RAM we want to "write" a subroutine. Sprite X-positions are super easy to manipulate in game so we just use that.
***** Gah, all too complicated...but I think I may have an inkling of why this works. So basically, you're trying to say, rather than calling a function from the game's normal code, that is the ROM, you force the game to call from RAM, which is where the code you wrote using the sprite positions is stored at the time, correct? And so you have to manipulate the game into starting to execute the code from the addresses where you set up said snippet of code with the object positions.
As I understand it, the old credits warp assembly code - the one that jumped to the middle of the credits - was one byte shorter. Suppose you went back to using the old code, but stuck an EA (NOP) at the beginning. Would that double the odds of the credits warp executing successfully, since starting the code from $00E4 or $00E5 would both work? Or would it make no difference in practice?
You can't get E4 or E5 starting points (I think the next after E3 is E6), but you have the right idea. The old old version of the route used 6 bytes. We used the data bus value (4A), divided it by two (25) and stored that to $0100. No LDA was used. The reason it went to the middle of the credits was because it was game mode 25 instead of 1C.
Expanding on that, you could use the old code with the new route that would save one shell position. However, I think we have decided that it is more important that we warp to Yoshi's House since it shows the full enemies list and has a fanfare. Ignoring that, you could probably save a second or two by only placing 5 shells and a P-switch.
I watched this video a few years ago not knowing any programming. A few years later and now able to understand x86 Assembly I'm glad to have found it again now because now I actually understand what's going on even though I don't actually know 65816 Assembly
He said he used Adobe Premier for the animations. Any screen recorder works for the recording, however he probably uses OBS because he regularly streams. Any good emulators works for this. Probably using Snes9x or BizHawk. Any good text editor works. Vim/EMACS is enough, but some people like simpler editors, I really don't know.
Awesome video! You won your more subscribe! Could you explain the glitches in Donkey Kong 1? For example, when you use a barrel and the Rino... and then you make a donkey kong riding another donkey kong. Thx
a wonderful explanation, although a bit too fast. I have a question: there is another end glitch ruclips.net/video/FkQdwUns7H8/видео.html , but it seems to be much easier. I don't see that the player moved the shells into specific positions, and I don't understand how he triggers the end scene. probably eating a fruit while jumping off? (it is too fast to see)
dracenmarx That TAS uses 4 controllers and inputs that don't exist on console. tasvideos.org/4315S.html The last 5 frames have 121 button inputs, which is why we don't use that route for real-time.
+dracenmarx Aside being impossible, Masterjun did move them into specific positions, but in a TAS you can advance frame by frame. He probably went 1 frame forward until he got the perfect position.
@@kjl3080 You're fucking kidding me. Hexadecimal is binary. 00 = 00000000, 01 = 00000001... FF = 11111111. It's not that fucking hard. Assembly instructions are written in hexadecimal(binary) and each instruction is the size of the Instruction Register. You wouldn't know what that is since you clearly haven't even taken basic CS yet. Stop arguing on topics you know nothing about.
I love figuring out how these old games are built cause I feel like they were built to be on the constant verge of breaking but just barely keeping away from actually exploding all over itself.
You must absolutely love Pokemon R/B/G then!
They had to build them that way because they had little memory and processor power to work with, so they had to cut all the corners they could. I mean, for bleb's sake, the actual code is kept in the same space as the data, and the're using jumps. One wrong jump is all it takes to execute data as if it were code and explode everything, as this video demonstrates.
Had the same thoughts man! xD
Funnily enough, pwning without modern security features like ASLR (random addresses), NX-bit (prevent data from being executed) and stack canaries (detect buffer overflows) were so similar to this NES ACE. I am talking about Windows XP times.
Returning to existing code for example is still done to this day with “return-to-libc”.
Having an invalid MP3 (M4A) file still crashes the Nintendo 3DS, like eating a chuck with Yoshi does in SMW.
Source engine games had similar issues. Some while ago in Team Fortress 2, a player could spawn with a deformed ragdoll model, so everytime he died he could execute arbitrary code on the PCs of EVERY PLAYER ON THE SERVER. He could open up the calculator, but he could also quickly install viruses.
of course, nowadays, one update patches everything and NES games are immutable.
But all software on modern processors still share the same basic vectors like on the NES :P
as a programmer, I can assure you that literally every piece of software you have ever used is barely held together by duct tape and prayer
This could all be made up nonsense and I wouldn't know any better...
VivaValdez lmao
VivaValdez it checks out pretty well for me
+ thereal SuperEthan5 :-D Same. I'm taking a CS class and we're learning assembly! It's super fun.
I thought the same thing at a particular point in Bismuth's "Why 4:54 is the perfect speedrun" 😂
Just run address $0069, and if the upload date is 1 April, return nonsense. If not, return false
5:55 "Remember these for later"
Oh man, I hope there's not a quiz at the end, I've already forgotten them :D
Daniel Lo Nigro I was thinking the same thing xD lol
I love how there's "wut" in the URL address of this video xD
"wut_I" Perfect xD
Fits this video perfectly.
Oh, RUclips and it's Base64 video ID systems.
lol
ibb.co/Hn4hpDN
XD
"I hope you now have a general idea of what's going on behind the screen."
*Magic?*
I wonder how long it will be before some speed runner accidentally discovers the code that allows Super Mario World to become self aware.
umm program AI asm code using shells and run it
Hello guys, sethbling here.
Today, I'm going to show you something unique. This super Mario Bros cartridge is the only one in the world... Well, here's the other one, but that's it.
These two games are one of a kind because me, and a friend made an AI using arbitrary code execution with koopa shells.
Here, I'll show you.
" This is your fault. I'm going to kill you. And all the cake is gone. You don't even care, do you? "
*Unplugs super Mario world*
As you can see, it's still glitchy but nothing big.
That's about it, thanks for watching
What is this? Skynet?
It's at 94df0d
@@sackboy1665 panic
This is fascinating. I can barely grasp the concepts involved, but I get it just enough to be very impressed and interested. I like how it is all pure logic down in the metal, but by the way Mario is behaving it looks like witchcraft XD
+JimPlaysGames If you are interested in getting a better understanding down to the bare metal, look up a book called Code www.amazon.com/Code-Language-Computer-Hardware-Software/dp/0735611319 It is a pretty good introduction that is very accessible, but not insulting if you already know how to code. :)
Wow, Jim! How is your next game project by the way? I still enjoy 'earth got mooned' from time to time, by the way :)
lol asm in mario world isnt that bad i made a captain falcon mod that's in testing but i am trying to make a wavedash power up but i keep getting it to work in a conveyor belt fashion which i dont want i want him to slide.
AHHHHH ASSEMBLY CODE
HOLD ME I'M SCARED
+DragonDePlatino same
LDA [$00],Y
INY
INY
TAX
LDA [$00],Y
INY
INY
STA $2142
SEP #$20
CPX #$0001
LDA #$00
ROL A
STA $2141
ADC #$7F
PLA
STA $2140
CMP $2140
BNE $80D3
BVS $808D
STZ $2140
STZ $2141
You scared yet?
+Potato on a stick I'm terrified. Which instruction set are you using? I'm being taught the same instruction set in my computer science class and I'd like to learn more about it
SkyewardSword I just disassembled the SMW ROM and pasted a part of that in here. 65c816 assembly
+Berzark _ ;)
Having somehow understood this, my only question is who on earth took the time to figure this out?!
he did
+Bea Al That's true...
+Bea Al My guess is that someone who knows the assembly language (eg someone who wrote an emulator, or just some nerd), had a debug session open while playing the game, and figured out what code was needed to get to the credits screen. Then they *had to* figure out how to do it early in the game.
An interest that became a life style ;P
+Lurvik Pretty much. Basically to figure out this glitch, they looked at an existing glitch which would jump to the sprite X coordinate table located at the OAM (object attribute memory), as those values are easily manipulateble by just moving around sprites on the screen. This glitch happened to be the item swap glitch, the glitch which lets yoshi eat an (I think it has to be a non-charging) chuck. From here, they worked out what code they needed to set the gamemode to the gamemode corresponding to the credits, and assembled it to be byte-code readable by the machine. After having figured out what code they need, they just found a way to manipulate the sprite X coordinate table in such a way that that code would be run by the game, and voila, mario warps to the credits.
I am by no means an expert in ASM or SMW glitches in general, there might be mistakes in this explanation. Correct me if I'm wrong.
I think it's more than that. The item swap glitch only causes the SNES to be confused, and execute instructions from open bus. They still had to find a way to then manipulate the open bus value to make the SNES execute a jump instruction to their code they wrote in the sprite coordinate tables. All the stuff about making sure that the mushroom would spawn in slot 9, only collecting one dragon coin, the P-switch being in Slot 6 & having x-coordinate 0EFF, and the y-coordinate of the particles being at a certain range of values was to manipulate the open bus value to do that, I think.
Assembly... buses... things... (Pretending that I'm understanding)
7:03 it's nice to know that while Jotaro was studying Marine Biology, Star Platinum was apparently coding in Super Mario World.
good to know that I wasn't the only one thinking that XDD
RickitySplit ORA ORA ORA ORA ORA ORA ORA ORA!
Ya feel like he should be off working on the cure for cancer or something
Hehe funny jojoke
to put it simply:
when yoshi eats the mushroom, the chuck really wants to be in item spot 9, which is where the mushroom was, which is on yoshi's tongue. the game doesn't know what to do about this, flips the fuck out, and asks the open bus to solve its problems. the open bus takes the x value of the p-switch and uses it to determine that it needs to look at the sprite of the third dragon coin. if it's empty, the data bus does some stuff to the address and the stack that makes the code look at the x and y values of the block particles. if they were in the right position, the code starts to run the values of the red shells, which tell the game to roll the credits if Mario is facing right and not swimming, which is all well and good, except we cant get him back in the game with that alone. the rest of the code introduces a routine that brings Mario into an encounter with iggy, which brings him back into the game, but since we're going to the credits and not iggy, the game glitches out.
@Beef Bronson: you explain the first part incorrect, the reason why the chargeing chuck spond on yoshi tongue, his because mario interupt yoshi eating the mushroom, causing a nil sprite in slot 9 to be on Yoshi tongue, so the chargeing chuck still see slot 9 being empty at would take that spot to appear, but that empty spot his on Yoshi tongue, making the chargeing chuck appear on Yoshi tongue and then get eaten by Yoshi. The mushroom in the reserve box when it come out it was force into slot 9 since the 2 glitch berries are taking slot 11, and slot 10.
Nope, still makes no sense.
@densch123 no, you do not have to play this game at all to understand the video
@densch123 : Lets expalining with the real world example: you have 12 basket with numbers on them from 0 to 11, number 0 to 9 are brown basket, while basket 10 and 11 are golden basket, all of the fruit your instructed to put them in basket 9 first except for Pineapple, Pineaplle are instructed to be place in the gold basket number 11 first if it his empty. So you have the normal fruit and then the special fruit, you place a fruit first that his not a Pineapple you have to place it in basket 9 first even thought basket 10, and 11 are empty, then if Baske number 9 to 0 are all full, and you try to put a fruit that his not pineapple even though 10 and 11 are empty, that fruit will go to the trash, it will always search for the highest number besket that it can go to that his empty, the mushroom in this case was the pineapple, so two pineapple as to be already in basket 11, and basket 10, so the next pineapple goes into basket 9, then the buyer bought basket 9, while he bought it the seller takes away the object inside so he carries an empty bucket 9, but the buyer as not notice that yet, that it his empty, and the buyer never notice that bucket 9 his empty, so but the seller knows that bucket 9 his empty, so if the seller put a diffrent fruit in the new basket 9 it will disapear and appear in the buyer same number basket. I'm well aware that in the real world you can't actually do that, that was just an example if the real world would behave like a video game.
SuperNickid that’s genuinely even more confusing
This is what women really want.
You sir, are my hero
Sooo they want everything in place and then jump to the happy ending??? o_O
shadowmax889 The girl will only ever accept the man if he spin jumps and manipulates specific sprite slots at various x and y coordinates
F'ing A!!!! LoL!!!!!
Really? They want a credits warp
Wow... I understood none of that.
+★ ShadowBolt ★ Same here.
TRANSLATION: This glitch makes the credits appear.
ShadowBolt I did understand
im a programmer and i had a bit of a hard time lol
honestly stuff like this is probably more complicated then the actual process that created the game, so dont feel bad.
I don't understand this shit but I liked it.
Óscar Pérez. Same
#metoo
What did you use to make the animations?
+pannenkoek2012 For the majority of it I use Adobe Premiere. For more detailed stuff like the numbers at 2:54, I created a Java program that displays graphics that I capture with a screen recorder.
pannenkoek2012!
pannenkoek2012 An A press is an A press.
holy shit its the pancake man himself?
pannenkoek2012 PANNENKOEK
....whut.
lol
I read that in Billy's voice ;)
Tapaleurre I agree with you and not these other heathens
I'm just a front end web developer :-(
Agreed
instructions not clear, I have a Yoshi stuck in my urethra
Aw *shoot* here we go again.
😂 thank you for this comment.
i woke up today and i said "i absolutely need to see this comment"
[Insert Franklin's "What?" Here]
what the hell happened here
Can you glitch me up a girl friend?
Thank you! It's rare to find a good explanation video of old glitches like this. I liked how you joined those images together to help the explanation. Thank you!
I can only imagine the type of memorization needed to get the values just right by eye.
***** I can only think about how anyone came on this idea. "Hey! Lets use sprites to execute code in SMW!"
SilentDust and the code writing has gotten pretty crazy. look up "tasbot plays mystery game". they've also gone on to re-write pokemon, one of the times they made it connect to the internet and stream twitch chat
+darkmagician135 Connect to the internet? Holy shit. Link please. Now.
+darkmagician135 That's not quite correct. It didn't connect to the internet. The SNES has no internet capabilities.
From what I understand, their laptop was connected to the internet and TASbot was connected to the console, translating the text from Twitch chat into button presses while the console translates those button presses back to text. Stuff like "press L and SELECT at the same time" meaning "A" or something along those lines.
It's still pretty crazy how quickly it all works. You'd have to get into the detail of how quickly the console can actually register button presses. 'cause just using one letter per frame sounds like it would be way too slow.
You might not believe me but after you've done it like 10 times you won't need any more help because it will all be in your head after a few times
But first, let's talk about parallel universes.
TheLolCraft Lol
This was incredibly informative. I'm going to go spawn some dolphins where they don't belong.
zenzetra XD
zenzetra or spawn yosi in cloud
spawn as many mario as you can
That was an absolutely incredible video. I have a masters in Computer Science and you blew my mind.
I bet he has a PHD in computer science and his essay thing for getting excepted was on this
+Patata Potato excepted....
EXCEPTED....
Are you kidding me?
It all makes sense, but christ! Who just sits down and figures all this out, let alone timing everything JUST right so all the code falls into place. This is both simply ridiculous and simply amazing!
+ThePixelPaladin F'n-A, that's what I don't get, how you can execute what you want flawlessly, not like you get on screen indicators of what x-y position you're on...
You can. Emulators let you look at the entire RAM, so you can keep track of your subpixel perfectly. Also, there is a full assembly dump
It wasn't an individual person that figured it out, it was a lot of people making small discoveries over the course of decades.
5:55 "Remember these for later"
**frantically grabs pen and paper**
Timothy Creasman *and opens eyes as wide as possible and looks at every single detail of the video*
As someone who does reverse code engineering and exploit development for a living, I recognize the extreme level of care and detailed analysis that went into the research and development of this video. I'm sure this took a lot of time to make, especially given the great care that went into the presentation of data on screen. All of the graphics, organization, and detailed step by step display of each register's value, memory address, and the transformation of each subsequent CPU instruction was simply beautiful. It clearly takes someone who has a passion for reversing (and sharing that skill with others) to put so much time and effort into something that sadly isn't going to have an equal level of payback in views and attention because of the limited audience who will understand, even in a very limited/abstract way, what was being explained in the video. I applaud your efforts man, and I thank you for putting so much time into making something that I, and I'm sure many others, enjoyed immensely. You definitely earned my subscription, and I'm anxious to see what other videos you've made, as well as what future videos you will create.
Well, I think, I think I got it... I mean, I migth lost it at 0:11 when you said "write some code using koopa shells"...
if that lost you then im guessing that coding pong into pokemon using the pokedex is a bit too much also....
Too much Sprites make me thirsty
LOL
Fuck off
ha
"bitch you thirsty please grab a sprite."
a sprite's x position, duh
clear as water
(screams internally in spanish)
kinsaktube jaja, cierto.
JAJAJAJAJJAJAJAJAJAJA
You:clear as water!
Your mind:DESPACITO!
14yr old me: "math is dumb, won't ever need that crap"
Nearly 30yr old me: "man thats cool asf! how did they figure that out. oh wait.."
I’m taking differential equations in college rn and I still have no idea what this video is about.
Well if I go into gamemode 3 you'll see these armor stands...
Just wait until you make a deal with Satan to tie a villager to one of those armor stands with a lead and end up with duplicate UUIDs...no amount of gamemode 3 or kill command spam will save you.
Everything related to sethbling is armor stands
I just don't get why anybody would dislike this video.
Thanks, it's been over 40 years since I had to look at assembly code but I had no problem following along.
RMoribayashi in hindsight, being able to “compile” a program yourself on paper seems like an amazing consept. It’s like being able to speak another language without an interpreter
good
thank you
CosmoSpeedruns hey look it's cosmo! xD
CosmoSpeedruns hello babe
In other words, you flip flop the flip table in memory, so it flops into the credits.
that was the most insane assembler joy ride i have ever experienced.
“I hope you have a general idea of what is going on…”
This is more thorough and comprehensive than I ever thought I would get!
"I hope you now have a general idea of what's going on behind the scenes"
yup. sure do
"I hope you now have a general idea of what's going on behind the screen."
My brain: *dial-up noises*
this was edited very nicely. reminds me of sancarn, who does really strange minecraft physics theory videos. well done and it was effective : )
"I hope you now have a general idea of what is going on behind the scenes during the Super Mario World credits warp."
IN NO WAY WHATSOEVER
wow
i didn't think Mario world is more complicated than Mario 64
but i won't give up...
I really isn't, the N64 is an incomparable beast
It takes a bit of thinking but I actually understand everything.
That bus was quite creative. And scientific...
This is my favourite computer science video ever.
this shit makes colonizing mars look like child's play
This video is a fantastic way to learn how a computer works. Everyone with an interest in computers should watch it.
This is an amazing video man. It's super neato mosquito to see what happens in the background of these runs.
***** Holy sheez you're here
I originally saw this video years ago, and just came back because I was playing SMW earlier & it made me remember the vid. Point being, as someone that’s been programming since I was a kid, and have always been known & considered myself a nerd; you sir are some sort of super nerd. I mean that as a compliment. The way that you’re able to explain & break down the code, and the way the hardware runs it. Bravo, sir.
I wonder what the creators think about this glitch! xD
Wow, that's amazing. I had no idea the games code could be manipulated like that. I'm amazed that someone managed to figure that all out..
Well it can't anymore. Games today run their memory with the NX-Bit set to 1 by default which prevents the memory in the stack from executing.
Great. Now my brain is on fire. Thanks
WARNING: Basic understatement of assembly code is required to understand this video...
Ah, this is the RUclips algorithm doing its thing again and I end up with the age old question:
"Why the hell am I even watching this???"
... and for some reason I have absolutely no regrets in doing so.
I love how I took Microprocessors at my university last semester and actually understood this.
Yea.... what he said....
I'll bet they didn't teach you this in school!
It's not because it's too complex, it's because it's useful.
I love this video, and the comments/replies to comments helped a lot with understanding the more complicated parts, as well as why certain things work the way they do.
I actually don't grasp what you explained, but it was entertaining nonetheless.
I don't get most of the technical explanation, but the video and the animation are very well made. Thanks for that.
Very interesting - I'm also really curious how this was discovered (most especially how the specifics were mapped).
Also, would be killer to see the original coders of the game react to this the first time they saw / heard of it.
I love that you made a for dummies version of this. Definitely watching that next
This is impossible to follow without being experienced in coding... :(
Someguy8231 shit ive coded for 4 years and this is too funky for me lmao
It is impossible to explain. Assembly doesn't go well with English as higher level languages like C++ and Java do. Nothing makes any sense, it's all numbers, and numbers designed to behave in very specific ways that would take a huge tutorial to explain in itself.
I made an entire program based on corrupting NES and SNES ROMs and had to study a ton of it, and I still don't understand half of it.
I started with assembly and my "4 years moment" would sooner have come with an obscure C++ feature. Within 2 weeks of deciding to edit my sword damage in Minish cap I probably would have understood this video.
Maybe you should get into game hacking!
This was an awesome explanation that made the technical stuff a lot more accessible, while still going into fairly deep details! Thanks!
I barely understood this but it was cool
Dragon Soul Same, I find how game engines actually work very fascinating
Barely isn't even the right word xD
Okay, wow. That was REALLY thorough. I actually understand roughly what's going on in that warp now, thanks!
Nice explanation, even though I didn't catch half of it lol
:)
You probably need to know how a computer works and this is not easy. If you got the general idea (they make code with the sprites and then execute it) it's OK.
I understand this. The cliff notes? You swallow a Charging Chuck with everything set up perfectly, and Yoshi and Mario completely break the Space Time continuum
Cool vid! Was this skip discovered through 'standard' gameplay and then the explanation was reverse engineered or did someone break down the code and then search for an optimum place in game to execute the steps you outline in your video?
George B Most definitely the latter. Super Mario World is probably one of the most documented, reverse-engineered game out there. All it takes is a bunch of thinking and planning along with the knowledge of the game and it's mechanics to come up with something like this.
*****
You mean, "its". I thought you might appreciate that tip since you are a nerd.
mandokir
OH NO !
Someone call Dr. House.
I beleive I've found a severe case of stupidity.
You made an amazingly thorough and well illustrated explanation, thank you so much for taking the time!
Fucking computers.
+CloudCuckooCountry lol
+CloudCuckooCountry ikr, how do they work!?
Aha XD
+CloudCuckooCountry started studying computer science it's really interesting but also very mind blowing lol
+DragunSlyer yep its interesting how the super nintendo handles code is all he is explaining
This is on a next level. Who knows what's possible anymore. Maybe somebody will do this to reality one day
My goal is to one day watch this video and understand 100% of it.
3 years later, how's it going?
@@ShaneChandler87 I've actually been a part of the SMW speedrunning community (on hiatus rn) since then...still don't understand it 100% yet lol
Ok, I will rewatch this video until I deeply get it. See you next century.
What I don't fully undertand is this....YOU can interpret the bites as code, but how, and more importantly, why does the GAME do that? Why does it come across this specific series of bites (corresponding to the positions of objects on-screen, and the slots they occupy at the time) and read it as code? I get that it has to do with Yoshi eating Chuck and that causes some kinda weirdness with how the game's memory is read, but that's where you lose me. I still don't understand why the game executes the positions set earier as code.
+PremierMilenkov If you are familiar with programming, you know that you can call a function in say, C, by using its name (e.g. do_something()). In assembly, you have to call a function by using the address in memory at which it is stored (e.g. JSL $009047). In all the address space, $000000 - $FFFFFF, everything is stored, including RAM, ROM, hardware registers, PPU registers, and more. Normally ROM is stored from $xx8000 to $xxFFFF, which is where most of the code is. $xx0000 - $xx7FFF is saved for pretty much everything else. So really you can call a subroutine that exists in ROM or RAM. So in this case we have JSR $00E0 (effective address $0100E0), which is a call to RAM instead of ROM like normal.
In fact, SMW does write code to RAM and executes it fairly often, it's just that in our case we get to chose where in RAM we want to "write" a subroutine. Sprite X-positions are super easy to manipulate in game so we just use that.
*****
Gah, all too complicated...but I think I may have an inkling of why this works. So basically, you're trying to say, rather than calling a function from the game's normal code, that is the ROM, you force the game to call from RAM, which is where the code you wrote using the sprite positions is stored at the time, correct?
And so you have to manipulate the game into starting to execute the code from the addresses where you set up said snippet of code with the object positions.
+PremierMilenkov Correct!
*****
Ah, thank fudge, so I did get it after all :D
*****
This is fascinating stuff, really.
AH! I knew my Computer Science degree would come in handy some day!
I know what I must do...
As I understand it, the old credits warp assembly code - the one that jumped to the middle of the credits - was one byte shorter.
Suppose you went back to using the old code, but stuck an EA (NOP) at the beginning. Would that double the odds of the credits warp executing successfully, since starting the code from $00E4 or $00E5 would both work? Or would it make no difference in practice?
You can't get E4 or E5 starting points (I think the next after E3 is E6), but you have the right idea.
The old old version of the route used 6 bytes. We used the data bus value (4A), divided it by two (25) and stored that to $0100. No LDA was used. The reason it went to the middle of the credits was because it was game mode 25 instead of 1C.
Expanding on that, you could use the old code with the new route that would save one shell position. However, I think we have decided that it is more important that we warp to Yoshi's House since it shows the full enemies list and has a fanfare. Ignoring that, you could probably save a second or two by only placing 5 shells and a P-switch.
I watched this video a few years ago not knowing any programming. A few years later and now able to understand x86 Assembly I'm glad to have found it again now because now I actually understand what's going on even though I don't actually know 65816 Assembly
super well produced, kudos!
Yes, I wonder what tools/editors he used!
He said he used Adobe Premier for the animations. Any screen recorder works for the recording, however he probably uses OBS because he regularly streams. Any good emulators works for this. Probably using Snes9x or BizHawk. Any good text editor works. Vim/EMACS is enough, but some people like simpler editors, I really don't know.
No he just ripped the audio from Retro Game Mechanics Explain
Perfect explanation and so easy to follow! This gave so much insight in the 6502 internals!!
Awesome video! You won your more subscribe!
Could you explain the glitches in Donkey Kong 1? For example, when you use a barrel and the Rino... and then you make a donkey kong riding another donkey kong.
Thx
I followed very little of that because I have little more than a basic concept of how memory works, but that was f'n awesome! Thanks for making this.
How did someone figure this out?
Reading the codw
Suuuuuper confusing. I don't really understand still, but its a better explanation than any other one I've seen. Cool video!
Aahh...NOW I GOT IT!, no I don't.
inb4, this video becomes the new SM64 - Watch for Rolling Rocks - 0.5x A Presses
a wonderful explanation, although a bit too fast. I have a question: there is another end glitch ruclips.net/video/FkQdwUns7H8/видео.html , but it seems to be much easier. I don't see that the player moved the shells into specific positions, and I don't understand how he triggers the end scene. probably eating a fruit while jumping off? (it is too fast to see)
dracenmarx That TAS uses 4 controllers and inputs that don't exist on console. tasvideos.org/4315S.html The last 5 frames have 121 button inputs, which is why we don't use that route for real-time.
+dracenmarx Aside being impossible, Masterjun did move them into specific positions, but in a TAS you can advance frame by frame. He probably went 1 frame forward until he got the perfect position.
+dracenmarx He kicks a green shell while it gets burnt and turns into a coin.
Nice video, really helped ;)
Now I need to study what all those codes are and what they do.
Shoutouts to Simpleflips
seeing this, makes me think of all 8bit and 16bit games and what type of assembly manipulations can be achieved that no one has discovered yet.
Literally shellcode ;)
This is amazing.
Great job, and thanks a lot for explaining it in a video!
And I thought learning binaries was hard...
This is binary idiot
@@glitchisfluffy no this is assembly (assembled in hex) idiot
@@kjl3080 You're fucking kidding me. Hexadecimal is binary. 00 = 00000000, 01 = 00000001... FF = 11111111. It's not that fucking hard. Assembly instructions are written in hexadecimal(binary) and each instruction is the size of the Instruction Register. You wouldn't know what that is since you clearly haven't even taken basic CS yet. Stop arguing on topics you know nothing about.
I'm happy that I studied a ton about 65c816 assembly to write my ROM corrupter, or I wouldn't have understood a thing.
This is both brilliant and autistic as hell!
This was really well put together and SUPER informative. You're definitely going places! I subscribed and can't wait to watch your next video.
7:02
oraoraoraoraoraoraora
UltimaNylocke muda muda muda
I can't beat the shit out of you without getting closer.
Even though I have my master's degree in Computer Science, this video was mind blowing! Very neat stuff!
but an A press is still an A press
yeah. the half A press is imaginary.
It's nice that Star Platinum made an appearance in this video