The summer games happened quickly Shortly after our guide to Summer Games Done Quick 2022 was released, the event hosted a stunning display of a classic video game—one that has since been filled with Ars article responses. If we’re going to split hairs, this run through the 1998 N64 classic Legend of Zelda: Ocarina of Time isn’t a “speedrun,” but it’s another example of the “TASBot” concept transforming games in ways we’d never dreamed of for 24 years. before. The team of fans and developers behind this week’s “Triforce-%) demo have since revealed how they accomplished the feat with nothing more than a stock N64 and an original Ocarina retail cartridge—though the secret involves controller inputs that are so fast and accurate that cannot be performed by anything less than a computer.

Nothing stale about this run

An early 2020 video explaining how stale reference manipulation works. You may want to watch it before watching the SGDQ 2022 video, embedded below. The 53-minute demo (embedded at the end of this article) begins with an exploit previously discovered in late 2019, which the community dubbed “Stale Reference Manipulation.” This exploit takes advantage of a vulnerability in the original 1.0 version of the game, which allowed players to manipulate numeric values ​​assigned to specific objects in the game’s memory. The most fascinating explanation of this complex technique can be found in a YouTube video from early 2020 (embedded above), as it describes the various numerical values ​​assigned to each object in the game, such as X-, Y- and the Z-. axes and their rotation. Experienced players can make the values ​​overlap or overlay the original game code so they can be manipulated as they see fit. The technique we see in this week’s run requires Link to pick up a rock while going through a “loading zone,” a corridor used to disguise loading pauses on N64 hardware, and to do so in a way that the game doesn’t designed to handle . Advertising
Originally, this exploit was a speedrunning tool, as it could trick the game into loading the final sequence of units and technically count as “completion” in just a few minutes. But the Triforce percentage goes much further.

Combining new RAM content into a classic game

Zoom / Hey, wait, this doesn’t belong here… but as the TASBot demo team points out, an Arwing from Star Fox 64 was left on the original Ocarina tape, as a reminder that this item was used to test some animation routines in the early development period. The summer games happened quickly By picking up and dropping specific objects, then making the game’s hero move and maneuver in a specific order, the TASBot team opens a Pandora’s box of what’s known as arbitrary code execution—the kind of vulnerability used by hackers around the world to make a closed computer system run whatever code they want. Additionally, the TASBot chain of motions and commands starts telling the N64 to accept button input from all four N64 controllers as if it were code. Zoom / This item handling menu was left in the game as a beta item, which was easily revealed for use in the SGDQ 2022 run. The summer games happened quickly At this point, a computer takes up all four ports on the N64 controller and sends out a series of rapid-fire buttons, as if it were a giant-fingered superhero equivalent of The Flash. The buggy Ocarina cartridge has instructed the N64 to accept each button press in a way that corresponds to specific code strings. Once enough of this payload has been sent, the team can return normal control to the “player one” port, so that a real person can play through an entirely new sequence of content—all of which will be dumped into the N64’s random access memory (RAM ) from the incredibly fast input of the other three controllers. These patches can do a lot of incredible things that, combined, look like a full blown patch of a cartridge’s read-only memory (ROM), although the TASBot team is limited to changes specific to the console’s RAM: tiny changes to existing code, complete file replacements, or commands to tell the game to ignore content that would normally be loaded from the ROM. As a result, this exploit may crash or crash if players go outside of the expected path that this exploit is optimized for.