This is a hacking and gaming tour de force! [Seth Bling] executed a code injection hack in Super Mario World (SMW) that not only glitches the game, but re-programs it to play a stripped-down version of “Flappy Bird”. And he did this not with a set of JTAG probes, but by using the game’s own controller.
There are apparently a bunch of people working on hacking Super Mario World from within the game, and a number of these hacks use modified controllers to carry out the sequence of codes. The craziest thing about our hack here is that [Seth] did this entirely by hand. The complete notes are available here, but we’ll summarize the procedure for you. Or you can go watch the video below. It’s really incredible.
First, there’s a “powerup incrementation glitch” that lets you get Mario into an undefined powerup state. Then [Seth] executed another hack to stop the game’s timer, so that he would have plenty of time to play around.
From here, he could enter bytes directly into RAM by positioning Mario in exactly the right place and dropping a mushroom. Mario’s x-coordinate value was written to memory. [Seth] had to get Mario on exactly the right pixel just by comparing his position against the background. That’s so incredibly tedious and requires such precision that the first few bytes of code he entered were a routine that displayed Mario’s position in the coin counter. You can see this working around 3:30.
The next trick is to add in a bootloader that lets him enter bytes by spin-jumping. This lets him enter bytes relatively easily — move to the right position indicated in the coin display, and then spin-jump. By this point, the graphics are all messed up, but he’s live-patching a running system at the byte level, so what do you expect? The coolest feature of the bootloader? A checksum at the end verifies the code so that you can pick up again at the code entry phase, rather than having to re-do a half hour’s worth of “up-up-down-down-left-right-left-right-B-A”.
In the end, a rudimentary “Flappy Bird” game is loaded into the system. It only took [Seth] an hour to pull this off, but the early parts of the chain are so critical that he can’t make any mistakes. The next time you’re sitting around with your disassembler/debugger and type backspace, imagine having to restart over again from the beginning. This is high-wire hacking without a net. Amazing!
Thanks [gudenau] and [Le Samourai] for the tip!
This is the dictionary definition of a hack, Thoroughly impressed.
Somebody please find a thin excuse on which to declare “Not a hack!”
There’s no arduino or Raspberry pi involved…..it couldn’t possible be a hack….;)
Actually he coded an arduino and pi emulator in Minecraft using nothing but redstone and armor stands just the day before.
That’s sorta “involved”, right?
He’s just pressing buttons, and anyway the real hack (being able to insert random bytes) has been known for years now. So basically this is just “it is possible to program flappy bird for SNES, and I had a lot of time to waste”. Totally not a hack.
Strange that I was suggested this video yesterday, by youtube… and now it shows up here. (I watched it yesterday in awe)
Very well done. If anybody is interested in using tools to do this on many retro and modern gaming platforms, take a look at http://tasvideos.org/Movies-Moons-Stars-SNES-99G-C3055Y.html (that link goes to relevant Super Mario World, game breaking runs) but the entire site is a well known, massive resource for all types of games and consoles, mainly focused on beating the said game as quickly as possible.
I submitted a tip for this the day of, right when the stream ended. :-/
Sorry about that! I actually received the link first over Twitter and then found an e-mail about it in the tip line. I guess I didn’t dig far enough back in time. Fixed.
Wait a minute is he using gold coins as printf?
This and the ESP-ethernet-thing: Wow. Just wow. Some people are awesome.
This is like something from an 80’s SciFi movie – crazy and very cool!
No Joke! I actually had to look at the date to make sure it wasn’t April 1st…
This guy is a legend.
Over an hour to program a game that you’ll be sick of attempting to play in about 30 seconds. +100
I understand the “hardness” aspect of doing this all manually and I have a great deal of respect for the amount of effort this actually takes but why doesn’t he at least script this if he absolutely has to do it without “programming” it? Or is the process part of the enjoyment here?
It’s been scripted before, in fact many many times. Search for “TasBot”. It connects to the SNES controller port and plays back pre-recorded input events and can even pretend to be a multitap to input many bytes in ram at once.
No human has ever done this manually by hand with a real game pad before Seth, and it is quite a claim to fame to add to his already amazingly huge list.
Ahh, yes. I have seen TASBot before, notably when it raises money for AGDQ the last few years. They even had a segment this year with four people trying to speed run Super Mario World in real time. One of the people competing was Seth.
https://www.youtube.com/watch?v=_IXZo1awTcM
I agree, this particular trick done manually has probably not been done before. Just curious what the motivation is, if any? Different strokes, maybe.
Far be it for me to speak for Seth, but I assumed it’s no different than “Why would you spend all that time building X when you can buy one on Amazon?” sort of thing.
Perhaps even a “first” thing as well, as in why climb that mountain or beat that record.
Seth has been doing this sort of stuff for some time (8 years I’ve known of him at least) so clearly he loves doing it too.
But ultimately no, I don’t know his answer to that.
I see it as a) programming as recreation, and b) sort of like Paganini’s caprices: less music in the normal sense than an elaborate demonstration of untouchable swag. Really, it’s as much about finesse as the end result.
Seth bling is excellent at pushing the “limitations” of a system. His work with minecraft’s Redstone and command blocks is incredible.
I watched this stream live. It really was a beautiful moment. Sethbling’s excitement as, live, he accomplished something no human had ever done.
A truly awesome feat! I’ve seen some arbitrary code execution in Super Mario World and Pokemon before, but they were all done using some kind of bot or automated input device. While most of these hacks are theoretically possible, I’d never thought I’d see someone performing this manually! Awesome work!
This is amazing work.