Announcement

Collapse
No announcement yet.

Total Control ACE?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Total Control ACE?

    I'm going to be honest I have no idea what this really means but it looks cool to see OoT more broke than it already is :P You should check out MrCheeze channel!



    Recently, methods have been found in Ocarina of Time to execute arbitrary code using a glitch known as Stale Reference Manipulation (SRM). However these methods only let you run a couple instructions or so. This is enough to make tiny patches to RAM, but not enough to write large payloads that can completely rewrite core gameplay. In this video I demonstrate a human-viable way to do exactly that, which also happens to be much faster than the existing TAS-only method that exploits Bonooru's song.

    The central idea here is to remove the 8 character limit on the title screen, and use that to enter and then run a payload. This can be broken down into three steps:

    1) Removing the filename character limit (0:00 - 0:19)

    2) Inputting a payload into RAM (0:32 - 1:38)

    3) Jumping into the payload (0:19 - 0:32 and 1:38 - 1:58)

    The full description for the above three stages is too long for a youtube video description - please check this pastebin for all the details: https://pastebin.com/29hHtupt
    As one important detail worth repeating, bear in mind that this whole technique takes as an assumption that existing ACE techniques are powerful enough to write one specific 16 bit value to one particular memory address. This is certainly possible, but specific ways to do it haven't been found just yet - for the purpose of this demonstration, I just hacked that value at the beginning.

    Loading a file will cause the game to jump to our payload a single time. Nothing stops us, however, from having a payload that hooks itself back into the game loop and causes itself to keep running, so that's exactly what I do in this video.


    Needless to say, if ACE were to be allowed in longer speedrun categories, this technique would revolutionize all of them. With a well chosen payload, you could continuously warp from one goal directly to the next, as in to the classic SMW example: https://www.youtube.com/watch?v=voL3e...

    some ram watches I used while making this, potentially useful for other glitch hunters: https://pastebin.com/Q97QtLHm
    Bizhawk movie file: https://www.dropbox.com/s/eejwoppns1i...
    The example payload: https://pastebin.com/8qmrS4HT
Working...
X