Reprogramming Super Mario World From Inside The Game

[SethBling] recently set a world record speed run of the classic Super Nintendo game Super Mario World on the original SNES hardware. He managed to beat the game in five minutes and 59.6 seconds. How is this possible? He actually reprogrammed the game by moving specific objects to very specific places and then executing a glitch. This method of beating the game was originally discovered by Twitch user [Jeffw356] but it was performed on an emulator. [SethBling] was able to prove that this “credits warp” glitch works on the original hardware.

If you watch the video below, you’ll see [SethBling] visit one of the first available levels in the game. He then proceeds to move certain objects in the game to very specific places. What he’s doing here is manipulating the game’s X coordinate table for the sprites. By moving objects to specific places, he’s manipulating a section of the game’s memory to hold specific values and a specific order. It’s a meticulous process that likely took a lot of practice to get right.

Once the table was setup properly, [SethBling] needed a way to get the SNES to execute the X table as CPU instructions. In Super Mario World, there are special items that Mario can obtain that act as a power up. For example, the mushroom will make him grow in size. Each sprite in the game has a flag to tell the SNES that the item is able to act as a power up. Mario can either collect the power up by himself, or he can use his friendly dinosaur Yoshi to eat the power up, which will also apply the item’s effects to Mario.

The next part of the speed run involves something called the item swap glitch. In the game, Mario can collect coins himself, or Yoshi can also collect them by eating them. A glitch exists where Yoshi can start eating a coin, but Mario jumps off of Yoshi and collects the coin himself simultaneously. The result is that the game knows there is something inside of Yoshi’s mouth but it doesn’t know what. So he ends up holding an empty sprite with no properties. The game just knows that it’s whatever sprite is in sprite slot X.

Now comes the actual item swap. There is an enemy in the game called Chargin’ Chuck. This sprite happens to have the flag set as though it’s a power up. Normally this doesn’t matter because it also has a set flag to tell the game that it cannot be eaten by Yoshi. Also, Chuck is an enemy so it actually hurts Mario rather than act as a power up. So under normal circumstances, this sprite will never actually act as a power up. The developers never programmed the game to properly handle this scenario, because it was supposed to be impossible.

If the coin glitch is performed in a specific location within the level, a Chargin’ Chuck will spawn just after the coin is collected. When the Chuck spawns, it will take that empty sprite slot and suddenly the game believes that Yoshi is holding the Chuck in his mouth. This triggers the power up condition, which as we already know was never programmed into the game. The code ends up jumping to an area of memory that doesn’t contain normal game instructions.

The result of all of this manipulation and glitching is that all of the values in the sprite X coordinate table are executed as CPU instructions. [SethBling] setup this table to hold values that tell the game to jump to the end credits. The console executes them and does as commanded, and the game is over just a few minutes after it began. The video below shows the speed run but doesn’t get too far into the technical details, but you can read more about it here.

This isn’t the first time we’ve seen this type of hack. Speed runs have been performed on Pokemon with very similar techniques. Another hacker managed to program and execute a version of single player pong all from within Pokemon Blue. We can’t wait to see what these game hackers come up with next.

73 thoughts on “Reprogramming Super Mario World From Inside The Game

  1. Wow, that’s incredible. How did he know the exact positions that he was in? Was there some sort of debugger or monitoring tool hooked up to the hardware to show memory details?

    1. If you know the assembly, you can decompile the game code and try to figure out what does what. He figured out there was a glitch within the code that triggers premature ending credit by setting game objects in certain way to “write” the memory of SNES.

    1. I dont get why the world record is such a big thing (for you). The glitch-setup is pretty clever, the execution interesting to watch… but the world record? I couldnt care less. I praise jeffw356 for his brain, but not this guy for his (imho) wasted time on being the best at something, that has only (if anything) virtual value. No, the glitch will let my mouth stand open, but not someone stacking cups, spinning a pen on his fingers or speedrunning a videogame…

      1. What’s the point of being so negative? I’m noticing a disturbing tendency of the commenters of HAD to be overly negative for no reason. What did you accomplish other than putting me in a bad mood? Nothing.

      2. Also, Seth isn’t just doing it faster. He has dug in deep and fully understands what is going on here. He has developed his own strategies to make the glitch faster and easier. Don’t discredit him because he’s improving on an already great accomplishment.
        Who cares if you don’t care about world records? You do. Who cares about world records? Other people. Don’t act so entitled and elite.

      3. @Indyaner
        World record is important to create hype, to get people to watch. If you search for this glitch execution you’ll find it ALL OVER the place right now. If instead he had not positioned it as a record, but just an execution of an already known glitch, it would get no viewership.

        The real importance is the fact that he reproduced it on a (presumably) unmodified hardware, which proves that it is possible and not just a ‘Tool assisted speedrun’.

          1. He did all of his runs during twitch livestreams. His SNES is absolutely unmodified.
            If you try it, you’ll very likely not ever get it without studying the exact positioning of everything. I mean, good luck, but don’t think it’s easy.

      4. =OH NO! How dare he do something with his on time that you don’t care about! If only the poor guy had the foresight to consult you! Well hopefully he won’t make this mistake again.=
        Seriously I thought HaD got rid of this type of stuff.

      1. ^ This, precisely.

        Having spent many, many hours playing that particular game and never beating it (lack of skill, not lack of effort!), I look at this as simply an elaborate cheat. Finding an exploit that pulls up the credits is hardly the same thing as actually beating the game.
        In my eyes this is like claiming a world land speed record by reprogramming a speedometer to read 1000 mph. It’s clever and mildly interesting, but it’s just not the same thing.

        1. This is more like counting cards at the casino. You’re using brainpower and all the information out there to make sure you come out on top. It’s definitely working the system, but you’re only using what you have on hand, and is also available to everyone else.

          IIRC there is a class of speedrun records for strict/non-glitched/skipped section play.

          1. I would liken it more to moving a few tiles then flipping the table while playing Mahjong and then saying you beat Mahjong in record time. As my limited understanding of Mahjong is that the ultimate point of the game is to clear the tiles.

            Then when confronted by someone who doesn’t believe that flipping the table is a valid method of beating Mahjong, arguing that thanks to gravity/physics existing by the act of tipping table you have completed the task of clearing the board and therefor beaten Mahjong. Points for thinking outside the box and all but the challenge was not completed.

            This isn’t exactly a Gordian knot situation where the only possible method of beating the challenge is to thing outside the box and exploit the purposefully vague rule set. This is breaking a legitimately completable challenge where there are certain expectations on how one is to complete said challenge and then saying that simply because it was possible to break the challenge you have completed it.

          2. @Scuffles
            I know the point you are making, but it always bugs me a little when I people refer to the tile-matching/board-clearing game as “Mahjong.” Really, it’s a rummy-style game of betting and skill played with four people.

            Sorry for the pedantry.

        1. Or I can appreciate the ingenuity involved while recognizing that the game/task in question was not beaten and continuing to not bother watching any speedruns.

          Sorta how I handle the Olympics :P

      2. Generally there’s separate record categories for glich and glitchless runs of the game. There’s also categories for 100% runs, and game specific categories like a set number of stars in Mario 64

      3. THIS. Pretty similar to using a game genie or a trainer file. WTF is the point of “beating” a game that way? If I race a guy 100mi and he gets in a car at mile 2 and speeds past me at 60mph and totally trounces my time, I would say he is not really running the same race. If I use some steroid that isn’t on the list yet, my homerun record still stands.

        1. You have it backwards, you’re the one in the car taking it easy, he’s the guy trying to beat you on foot. Winning Mario by figuring out an in game means of hacking the code requires way more investment and skill than going through the levels and most people on this planet would have no chance of pulling it off themselves. In any case, I’m sure he’s beat the game the regular way a hundred times. Enough to make it boring. Finding new ways of beating the game makes it exciting again.

      1. By trying to write code, to the best of ones ability, that does not allow unknown behavior.
        Writing code that is not vulnerable to bufferoverflows or the like. Basicaly write good, not sloppy, code.

        1. They’re trying to write the best looking code that fits on a finite ‘disc’-space. With the stakes being someone beats the game in under 5 min there is little incentive to debug assembly to make sure someone can’t cause two impossible things at the same time.

        2. I don’t know how you’d write that kind of code on the SNES just from a hardware limitations standpoint, let alone given the budgetary and time constraints game devs are usually under.

  2. i wouldnt call it a speed run but i still think its rather clever. makes me wonder what else you can code in there by playing the game. i want to see someone code pong using smw as their ide.

    1. This is what the online speedrunning community would generally call an “any%” speedrun, meaning that the player intentionally skips large portions of gameplay in order to make the game end quicker. If you go on youtube you can look up a lot of “any%” speedruns and you will be able to see similar glitches being done, although generally the really impressive any% are done with a tool-assist, meaning that rather than having a player’s hands at the controls, there is a recording of pixel-timed button presses being fed through an emulator.

  3. As the holder of 3 legitimate world records it is with authority that I speak when I say this guy deserves the kudos for such an amazing feat.

    My legitimate world records, lest anyone doubts my authority to speak on this matter, are thus;

    1. The fastest time to complete the book “War and Peace.” 13.86s ⭐️WR

    2. The fastest time to watch an entire episode of “60 minutes.” 6.42s ⭐️️WR

    3. The fastest time to complete the London marathon. 27m42s ⭐️WR

    1. They set a win (completion) condition, which is getting the end credits. He succeeded in that goal without using any extra assistance. That’s one of the categories of speedrunning.

      If your goal is “king is thrown over (literally)”, then that’s a way to win, yeah :’)

  4. I might be insane, but I think hackaday puts ignorant people in these chat areas to say disparaging things about the hack so that decent people can defend them. It’s shameful if they are…

    Everyone who is complaining about him “not beating the game” needs to realize that using the star road path could also be cheating since you aren’t beating every level. If you avoid going star road and go the normal path, you skip the star road and the bonus levels in the “Wacky” zone, so you aren’t beating the -WHOLE- game. Also if you take the backdoor you can’t beat the front door level so NOONE has even beat the whole game in one run by that idiotic thinking. To say he “didn’t beat it” is like saying “oh you missed a goomba on the 3rd level”. No one cares but you. The rest of the world is clapping.

    My point is that it’s ignorant and stupid to argue or even sound offended that he did something amazing that doesn’t involve walking though each stage.

    Remember, NO ONE has beaten all the levels in one run, so shut up.

    1. Everyone who is complaining about him “not beating the game” needs to realize they’re fucking manchildren.

      It’s a goddamn *game.* Beating it doesn’t treat disease, solve world hunger, or prevent war. It contributes absolutely *nothing* to society besides the enjoyment it brings you. It’s not inherently more constructive than weighing and measuring your bowel movements, and anyone who gets bent out of shape over someone not speedrunning correctly needs either some perspective or a lobotomy.

      1. In fact, a lot of speedrunning competitions are sponsorships for charity – and record breaks / insane glitches / new discoveries are what pull in the biggest donations.

        So in a sense, beating the game in this way DOES contribute to society.

  5. Sincerely, it’s like comparing the invention of lamp to how many lamps one can break in their foreheads for a Guiness Record. And try to understand how lamps work and try to build them faster is something praiseworthy, but not comparable to an Edison. But that’s a cool guy, that aknowledges the trick author. What is really sad is that so many people think this is a “justt a cheat”, damn, its a complex mental work that most people are just not capable of doing (most because of lack of inteligence, others for lack of willpower to continue and finish). But just like in logic, the fact that mentally handicaped people can’t enjoy other’s people mental achievments was something predicted.

  6. This is a great in-depth write-up of the method and how it works, thanks Rick! To all those making comparisons that just fall flat, shut it. It’s not like flipping a game board and claiming you won, it’s not like rigging a speedometer to say you achieved a certain speed when you did not, and it’s not like taking a car in a foot race. For something like a race, it would be more akin to figuring out how to warp spacetime so that one step would be a thousand miles, same with the speedometer analogy. As for the board game analogy, I don’t think it holds up to scrutiny because they are usually played against human opponents. For games like solitaire, it would be closer to using a finite probability generator (of Hitchhiker’s Guide fame) to collapse the waveforms of the card about to be drawn to exactly what you want/need. If played against a human, the closest analogue I can think of would be the “Scholar’s Mate” in chess in which you win in four moves. The key being to “hack” your opponent’s mind so they fall into the trap. Easier than it sounds, usually claiming I can beat someone in four moves causes them to make the mistake that allows me to do so.

    http://en.wikipedia.org/wiki/Scholar%27s_mate

    Anyway, about the hack. I watch a lot of Twitch TV, which is dedicated to broadcasting people and their game of choice to stream, so I knew about the beginnings of this hack. Originally it was used to get Lakitu’s flying cloud as an item and use it to skip some level on the Star Road and make the game easy to beat in little time. This, however takes it to a whole new level I didn’t think possible. Granted, I don’t play games looking at what is in each memory location and trying to exploit this to my gain, but I digress. I have actually thought about this and other similar hacks often while viewing people practicing their speedruns (the Ocarina of Time record run comes to mind). What if I had a cluster of Raspberry Pis or a render farm just running emulators and fuzzing the inputs? I’m sure a whole bunch of garbage would come out of it, but every once in a while, a glitch that could be exploited by humans to their positive advantage could be found and flagged and then reviewed for the exact conditions that trigger it as well as snapshots of what specific memory locations looked like at the time of execution. Perhaps find a glitch and then have the “fuzz farm” test for that in all different locations of the game. Or have a human look over it and see what exactly is happening and maybe apply it to the levels/places of most advantage. If a game breaking/winning glitch was found, it could be easily monetized by selling it to the speedrunners after making sure a human could really perform it. I’m sure some of the more popular speedrunners would pay good money to have a new world record or keep their name on their old one. And the process wouldn’t be all that labor-intensive either. This is an enormous comment, but I have been thinking about this for a while.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.