The Legend of Zelda Ultimate Glitch Explained [Arbitrary Code Execution] - Warp Straight to Zelda!
Vložit
- čas přidán 17. 09. 2016
- This glitch will only work on version 1.1 of the Famicom version of the game. Don't try this on the NES because it won't work.
Shout-outs again to Sockfolder for discovering the glitch and writing this code. Sockfolder is a brilliant glitch hunter and programmer who does similar stuff for other things. If you're interested, follow him on Twitter at / sockfolder and on Twitch at / sockfolder .
Like this video? Subscribe for more awesome content at / magicscrumpy and follow me on Twitter for behind-the-scenes stuff and bonus content at / magicscrumpy - Hry
Here's my shot at making serious, non-Smash content. I really enjoyed making this video. What do you think of it?
Pretty good
Looks pretty cool.
Make more content like this!
awesome af
thats pretty good
the entirety of this video went right over my head so I'll just take your word for it
same
I don't even know why I'm watching this xD because I don't understand half of it
glad i'm not the only one lol
lmao same here I tried paying but I couldn't
Im pretty tech savvy and somewhat sharp. But this was WAY beyond me. ..
How many spawned sprites would a spawned sprite spawn if a spawned sprite could spawn sprites?
69
made it myself, I plan to start streaming eventually. Just see what happens.
*****
Walfas
www.walfas.org/flash/create.swf
I made it myself using the template and resources that are available there.
*****
No problem. There's a Link costume, in case that suits your fancy (given your profile pic and all.)
*****
Oh, I haven't taken a picture of it. I just know that it has assets like the hat and outfit.
The whistle actor thing is like if someone really needs the toilet but all 11 cubicles are taken so they shit in the urinal out of desperation, then later on the janitor quits their job and the person in charge of the kitchen has to clean it up but accidentally uses the wrong handbook and so makes a meal out of the shit in the urinal which the original person who shit in the urinal's partner then is just about to eat but the original person is at an angle where they can warn the partner just as about they're to eat it and as the partner spits it out some person walking past gets it in their face and it turns out that person finds it delicious and the partner and the original person get tons of money as thanks
Jacob Rendall Exactly.
Yes
This has got to be one of the best descriptions of this kind of glitch I have ever read. Well done.
what
@@ruviknoproblem This is an appropriate response, I would also like to ask that, but I'm also too scared to get an answer...
Finally, an easy way to beat the game.
Lmao
But first, let's talk about parallel universes.
First we need to gather up speed for 10 hours straight
It's actually 12 hours
LordSodium 12 hours is way too much, the chances of becoming QPU misaligned is way too high.
Im half pressing A
Oh my gosh, I've never had this many likes. Brb gonna masturbate on the streets of Hollywood.
First off, I admire your attention to detail and amount of effort. That being said...
Watch for Rolling Rocks is not arbitrary code execution. It's a exhibition of engine quirks. It's 50% setup and 50% execution. It's visually apparent. It's easy to follow along. This glitch is different because there's nothing to act as a visual aid when explaining the finer details of memory manipulation. It can't be reliably explained to every audience, they must need background in programming... unless you omit those finer details.
Everyone knows Mario 64 game mechanics better than they know NESdev and the Zelda memory map. So an explanation requires that you pick an audience (assembly programmer, casual gamer, pannenkoek subscriber) and write everything just for them, even if some details are omitted.
I hear "the game freaks out/gets confused" and "rotate left at offset $10" both in the same video, it makes me wonder to which audience you were aiming.
Thank you for making this video.
This is so damn insane from a coder pow. I'm seriously amazed by the whole process and you are stupidly good at describing this stuff. Pure, total awesonemess from subject to delivery. Bravo, sir!
The explanation at 2:10 reminds me of what I'm learning in data structure for C++.
And here I thought that those concepts were useless when I was learning them, thanks!
Are you the guy who also worked out the music loop glitch in Startropics?
oh hello there
Hello, you!
Hey Larry!
Thank you for this, Scrumpy. Glad to see you branch into other games. This was awesome!
wow, this is up there with "watch for rolling rocks in 0.5 a presses"...
the way you explain such complicated subjects so simply, is quite amazing!
Sniffling around 0:55 scared me Scrumps
What if viable kirby could copy a characters whole moveset
DANGG! that would be dope
but, you gotta make his grabs and specials combo into most movesets
that would be hard
so ditto
Not really, set the upthrow angle to 80 and knockback to something decent with low knockback growth and it would combo. The real problem is that hitboxes are attached to animation bones, and every character has a different skeleton. This creates surprisingly straightforward issues like "how would Kirby use the knee if Kirby has no knees?"
Kirby could use "the foot" xD
I really enjoyed this video! I hope you continue to make more of these!
I love these videos, you make the complex code so easy to understand.
You didn't even build up speed for 12 hours
Well, it's official, you earned yourself a new subscriber.
And a Nobel prize for knowledge
This is a great series, unique on youtube as far as I can tell. Keep them coming! I did a few romhack translations so I it's super interesting when you have a basic understanding of how shit works.
Really nice video dude, I would definetely watch more of this
But first we need to talk about parallel universes
TJ Henry Yoshi is very depressing and naive
"Henry"
Because everytime I post a video, """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""Henry"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" strategically builds up speed for 12 hours
gosh dang it, I came to the comments _just_ to make this joke
i really dont get how this became a meme
Arbitrary code execution is awesome, looking forward to seeing this video when YT mobile recognizes it :p
it's up on mobile
It was only 5 years ago when videos wouldn't immediately appear on mobile? Damn
Super cool video Scrumpy. Hope to see more like this in the future.
This is seriously the coolest thing, keep it up dude
Ho Le FUCK! Where was this guy when Apollo 13 was coming down?? This guy needs to be at NASA writing code to launch a space ship in the sky or something! Beautiful explanation, admirable dedication, I didn't understand a fucking word of it. It's really awesome to see this amount of work go into these games, keep finding cool stuff! :)
"Beautiful explanation, admirable dedication, I didn't understand a fucking word of it."
this made my day
He pretty much wrote some code, then used some bugs in the system to make it read the wrong section of memory where this code was and warp him to winning the game
Assembly code is complicated yo
vaiyt assembly is actually really easy
While I generally dislike this question, I think it's more applicable here than elsewhere: How did Sockfolder discover this? This glitch (more of an exploit, really?) requires intimate knowledge of the entire game code at both low and high levels. It's not as simple as looking for a RAM location (the ghost setup using action states would take a TON of dedication to watch in RAM), but it also takes more than looking at the high level code (which probably doesn't specify how events are handled in memory). It also seems too unlikely to fall into the "found it by accident" category.
Whoa, this is great, man! Would be really interesting to have you break down other glitches like that, it's a lot of fun to learn about!
Fantastic video. I took a class in college on assembly language and it was great to be able to follow along and see how assembly was used in creating these classic video games. Interesting topic and well explained. I love content like this!
I'd also like to add that it's nice to see you do something interesting outside of Melee. Melee is great of course, but it definitely helps in terms of the variety of your content. Well done!
can you explain assembly to me, ive been seeing assemblys a lot on this video and i dont know what they are
andrew4043 Um, well you're probably better off googling it. In super, super short, Assembly Language is one step above machine language in terms of creating code you can compute. Languages like Java or C++ are much more higher level in that the code one write in those languages gets converted and translated eventually into a Assembly Language, which a computer understands.
love that early games were literally using the raw Data from the ROM and when people found a way to manipulate the RAM to do shit liek this
What if Marth had a projectile
WHAT IF IKE HAD A PROJECTILE XDDDDDDDDDDDD
Eccentric Kookie what if six more Marth joins the game, Then it’ll be a fire emblem Parallel game
ROY
Nicely done (and explained). Looks like it was a puzzle to get those few instructions to perform the operations needed.
I'd love to see more of this kind of stuff, reminds me of how fascinating the 0/0.5 A press M64 runs are
this was awesome ( I'm a huge coding enthusiast btw)
+You Suck chill troll
Good ol' in game hex editing. :D
You can do something similar to this in the Gen 1 Pokemon games and get any Pokemon you want, including Mew.
I'm actually editing a video about the Missingno. glitch right now. It'll be up either tomorrow or Thursday. I want to make a little series of Pokemon Red/Blue glitch videos and end it with a finale of a really neat speedrun route that abuses a ton of glitches.
Oh? An actually speedrun or just the 0:00 timer glitch? :P
Are you going to cover how the missingno glitch actually works and what the various missingno actually do to your game?
And I've seen other videos and the amount of in game hex editing you can do with the inventory alone is astounding.
People have done amazing things in Pokemon. Have you seen the hack where it showed the twitch stream chat?
Technically not a hack. Unless you count the times where they did do ROM hacks. Or the time where they hacked the 3DS hardware just so that they could play the sixth generation games.
Well I tend to group hacks/exploits together. Depends on how you look at it.
I really enjoyed this video. Please do more videos breaking down speed running strats!
I found this enjoyable and interesting to watch. Thanks Scrumps
Great video, albeit I understand close to nothing of it lmao.
On that note, what if Roy is Marth's Nana? (IC)
this video made me feel stupid
Stunning video, chap. Very nicely explained.
Maybe its because I am a Computer Science major, but this was AWESOME!!!
2:09 How much sprite can a sprite slot spawn if a spawn sprite spot sprite slot spawn?
genius
how do people even find stuff like this?
Code mining?
The person who discovered the glitch probably found the sprite table overflow and then carefully constructed the rest.
its not uncommon for people to look for ways to overflow memory for useful things so there are established ways of searching and known areas that are likely to contain errors that allow the game memory to overflow. from there its just experimenting plus an understanding of assembly language
Overflow stuff is really common in hacking. I guess people just took that code theory and applied it to old games since the code for those is usually really simple and full of easily exploitable bad/dated code.
almost the exact same thing is used in SMW to warp to the credits.
Thanks to the Pepsi man and Sonic videos, I thought there was going to be some crazy reveal at the end... turns out you were being serious and I found myself entranced after the third minute and couldn't take my eyes off of what was happening. Why haven't I subscribed to you yet I look for your vids every day... *subscribes*
So that's how arbitrary code execution works. I was always curious about how the hell that could happen. 10/10 video.
Take a drink every time he says spawn or Sprite
Or byte, code, or glitch.
I realize this is much less versatile than the equivalent Super Mario World glitch, since you have much less room to write code. So you probably can't do stuff like make the game play Snake, Pong, or Flappy Bird. But is there any other crazy stuff you could do with this arbitrary code execution?
If we look how the game is built, it is actually possible to make an ACE that allows for snake or pong. This is a really small routine in the game code that allows the player to change the position of link and the screen. So, you could basically do the exact same glitch as seen here, but write to other locations where more open data in the BUS values. I don't know if the OAM takes place in this ACE but other games are definitely possible. You could also re-write the whole game with ACE if you would like because the ROM portion doesnt really make anything harder in this game. Hope this answers your question :)
It does, thanks! Hopefully people pick up on this and use it like the SMW glitch. I feel like Zelda always gets ignored in the wake of Mario
Color coding is really nice and makes it so easy to follow everything.
Wow Scrumps
this is quite the video.
Amazing work
I was sent here by a man that will keep doing infinite loops, happily.
I was sent here by a man who wants to make Sonic great again.
This video is so in depth, amazing! :)
This all was amazingly done; you explained very well. While it was still would be difficult to perfectly follow this as someone who doesn't understand code well, there's not much you could of done about it, and it is still understandable.
I have always wondered about this stuff. BTW if you like TAS stuff, look up Masterjun3. He's pretty cool, and he has a video of a similar route on his channel.
Also shoutouts to Omni for being Scrumpy's inspiration :P
11 minute video explaining every detail and ends with "we don't know why it puts us in Zelda's room". lol
Thank you for the much more in depth explanations... Greatly appreciated.
I like game glitch videos but I love videos that explain why it happens on a software level. Great Content 10/10.
did I understand even 5% of this? no. did I really enjoy this? yes.
I love at least getting a slight grasp of what happens in coding during glitches
ZELDAAAA MAHSODSODSOD MAISODRAKAROKUNO
^this is the chanting spell to cast zelda
It's very similar to what has been recently achieved with the Super Mario World in-game code execution to warp to the credits. Quite a brilliant discovery which in technical terms goes way over my head, but getting the general concept of it is good enough for me.
Yes, I completely understand all of this. I concur with your analysis.
Try an episode on some original pokemon glitches, Idk which glitch I guess that could be up to you
Mew glitch and lvl 100 pokemon early are good.
+Mijquaza
"original pokemon glitches"
Those are just the tip of the iceberg when it comes to Gen I glitches. Watch some of ChickasaurusGL's videos some time and you'll see what I mean.
Great job, man. Soon enough, you'll be giving pannenkoek2012 a run for his money.
Really loved this video! I think it would be really helpful if while explaining the code you wrote on the name screen, you showed the memory that the code was manipulating at the same time (i.e. showed the values of addresses $10, $11, etc. while explaining what and how the code writes values to them).
this video reminded me of cosmo when he explained that Zelda glitch that it took years to discover. I love it.
I wonder, would this make the swordless challenge possible?
Nope! You have to press A and B at the same time to get the glitch to work right.
MagicScrumpy BibleThump
Actually, yes! You don't have to collect the sword to press A.
You need another item in that slot. Because if you press A without an item...
You get back 00.
MagicScrumpy you can do it in x0.5 A presses
0:55 who is that guys with the running nose in the background?
Could have been an editing error. He doesn't do the whole video in one take, and must have mistakenly left in the remainder of one of the clips.
Really cool video! If you made one about the arbitrary code execution in Symphony of the Night to end the game early, that would be super cool.
Amazing. More than ever I understand how overflow coding works. Though I'm a bit unsure how "branch of positives" or "break instructions" are produced or function ~5:16. Unfortunately, it appears to be an essential part to *fully* understanding this procedure.
What if the knee had the knee?
Great video, but something's getting at my OCD... Any chance you could use a monospace font next time you put code on-screen? Bothers me when stuff doesn't align...
+Carvool For sure! Thanks for pointing that out :D
can't wait till you reach 100k subscribers ! ;D
I love videos like this! Would you perhaps be planning to explain the Relm Sketch Glitch, or the Mario World speed run glitch? Looking forward to more!
ZELDA = 23 0E 15 0D 0A
2E1DA
I see what you did there, Nintendo.
i dont.
@@leolaserbolt Me neither
To everyone that doesn't see it:
23 = 2
0E = E
15 = 1
0D = D
0A = A
2E1DA
ZELDA
@@laurinneff4304 No, hex 23 = dec 35 which corresponds to Z and hex 15 =dec 21 which corresponds to L. It directly says ZELDA.
They did nothing. Those parts of the file name don't matter, because you haven't pulled from the stack yet. There are thousands of other combinations of characters you could put in the place of "ZELDA" that would have exactly the same effect (i.e. nothing), it's just that "ZELDA" is used in this example because it's contextually appropriate.
I hope we get to see this at AGDQ2017
Now you should look up the dog house glitch, (known as) the exploration glitch. Literally every time you go in there the world completely changes randomly into a glitchless world, and each world is different depending on how many enemies you kill. But like the minus world, but for zelda.
I understood maybe a third of it, but it was still interesting to see how these kinds of glitches work.
wish I knew what he was talking about...
TheCoolV (CraftyChicken)
It basically is saying the programming back than was like a series of doors you had to go through to come out another door. You can confuse the script because there is a limited number of doors and you're making knobs for doors that don't exist
it shows how we've developed in computing cause this game took years to make, now could be developed in weeks
Seriously how do people find these? It's crazy.
Theory-crafting and brainstorming.
Id actually guess that it was part theory-crafting, then a ton of debugging through machine code with a debugger on an emulator. It's not terribly hard to watch what's going on in memory while running the game, which is why they know that address XX corresponds to state Y.
Overloading a game is quite a common way to find an opening in a game. There's bound to be some unchecked variable that will cause overflow.
I reckon that if you can overload a game and consistently freeze it doing a specific set of actions, you're bound to run arbitrary code if you can examine what the game is doing near or at that point of freezing. If you can find a way to direct that arbitrary code execution to a way of your liking, you're bound to control the game fully, and maybe even the console if the OS doesn't do any safe-guarding of its own (and thus, hacked consoles).
Sun E Exactly. It's mind-boggling that some viewers believe these exploits were found by accidentally having all save files prenamed like this for no reason.
Lots of drugs
Neat. I love when people figure out how to input code into games like this and Super Mario World.
Reminds me a lot of dotsarecool's Super Mario World tutorials. Very nicely done.
I actually understand a tiny bit of this. Do I get a cookie?
I understand all of it. Does that mean I get a cookie too?
You get a slice of cake
was that a lie?
VoxelFusion No, I took a programming course over summer, and I actually learned something because everyone involved actually wanted to be there.
+SpamDestroyer yay... XD
i want to see it done in real time
great job explaining how/why it works. reminds me of cosmo's old oot wr vid
What's scary is that ASM (or Machine Language) was fun on the commodore 64 way back. The demo scene carried on on that platform years after it was dead. The good old days, cracking games in junior high.
Can anyone link me to some more code execution explanations/tutorials?
Oh
+AldiePezeh thanks man!
watch cosmowright's SotN one
you lost me at "filename"
Good job to the guy who found this and you who explained it!
SteveOwnsMC and it would be even better if he got it to run flappy bird. just like what sethbling did in super mario world.
And I tell you what, this whole bit at 6:00? Exactly like being the Navigator in a game of Rogue Trader (Warhammer 40K). There's a million ways to mess up, and if you do, everything goes horribly, *horribly* wrong.
First let's talk about parallel universes
you lost me at "the"
THIS IS AMAZING! DO MORE OF THESE!
“I don’t know what the fuk you just said little kid! But you’re special, man.
You reached down, and touched me by the heart.”
BUT FIRST WE NEED TO TALK ABOUT PARALLEL UNIVERSES
You sniped my video idea
Came here from the WebAssembly with Rust book by Kevin Hoffman. Cool video!
And then my head, along with my NES, exploded.💥 Great video!👍
What if zelda was a girl?
Calm down Incel, they're only computer drawings...
is this math o_o
Its data
hexidecimal and binary code
KUMA
Memory systems, largely. You will need to know this to be a good programmer who can work with memory allocation. If you're interested in learning more, look into programming in C and then what's called assembly language, after learning C well enough. Then you'd have a good understanding of this stuff :P
Start with a better documented instruction set like X86 or ARM if you're gonna get into Assembly.
Good shit, Scrumpy. I've always had a but of a hunkering for this kind of gamebreaking speedrun. My one criticism would be that the code execution part is a bit hard to follow with how fast you're adding everything up. Maybe actually putting the calculation on the screen would have helped.
Besides that this is some high quality content that I wouldn't mind seeing more of.
I was expecting a shitpost like the Mario half an a press video you made, but I was pleasantly surprised. Well done scrumpy! Keep it up!