

Pokemon Yellow Total Control Hack - hobs
http://aurellem.org/vba-clojure/html/total-control.html

======
hoopism
I'm not a gamer myself but I have come across several of these types on
hacks... I am always impressed with the dedication of gamers to understand the
execution to this extent. Really is a cool aspect to video games.

There's a cool story of a guy who beat Mario 64 without ever jumping...
[http://kotaku.com/the-man-who-does-the-impossible-in-
super-m...](http://kotaku.com/the-man-who-does-the-impossible-in-super-
mario-64-1656869221)

~~~
barosl
The explanation on the "water level overflow" is marvelous...

> I had been wondering if raising/lowering the water level could help me
> collect this star in 0 A presses, and then it suddenly hit me: what if I
> raised the water level to the maximum possible value? I theorized that if I
> did this, then the water level would actually overflow onto the lowest
> possible water level. Using hacks, I tested this and found it to be true.
> Consequently, I then raised the water level using TAS until it reached a
> very special water level, which I'm naming the "overflow water level," at
> which the water level oscillates between the highest water level and the
> lowest water level. I make use of this to ascend and descend in the town,
> thereby allowing me to collect the star in 0 A presses.

> To raise the water, I make use of a glitch, which works as follows. The
> water in the town raises and lowers periodically. Whatever water level you
> unload the town on becomes the median water level for the next time you load
> the town. So if you consistently unload the town while the water is at the
> top of its cycle, then the water will gradually rise, and that's what I do
> in the video.

------
eertami
There was also the recent Twitch chat inside Pokemon at AGDQ 2015:
[https://www.youtube.com/watch?v=Tv7RqnT0_Wo#t=508](https://www.youtube.com/watch?v=Tv7RqnT0_Wo#t=508)

~~~
JonnieCache
Oner of my recent favourite things has been watching people do these tricks
live. Here's another AGDQ video, the guy executes an elaborate buffer overflow
in mario 3 _by hand_ to make it skip to the credits. It's called a 'wrong
warp' or a 'credits skip' and it's completely ridiculous.

[https://youtu.be/c-bkDz0wPsI?t=3774](https://youtu.be/c-bkDz0wPsI?t=3774)

~~~
eertami
Same, I pretty much leave AGDQ open on a secondary monitor for the whole
duration.

I didn't see Mario 3 live but it seems pretty insane. In a similar technique
of wrong wraps is the glitch run of Zelda 2
([https://www.youtube.com/watch?v=IXEx9zIEoJw#t=288](https://www.youtube.com/watch?v=IXEx9zIEoJw#t=288))
- the speedrunning community has an insane level of dedication, there are so
many of these frame perfect tricks/exploits and it's just like... how do you
even discover it!?

------
libc
No matter how many times I encounter this it never ceases to amaze me. Maybe
it's because I played these games growing up, or maybe it's just my interest
in low level bit twiddling like this, but probably a bit of both. The process
he uses to figure it all out is just as impressive as the hack itself.

------
knd775
This is incredible. I have always wanted to get into this type of thing, but
it seems so incredibly difficult without a large amount of experience.

~~~
bitexploder
Try Matasano's Microcorruption CTF. It is designed for people with no
experience. You will do the same things the author of the post did.

uctf strips away the layers of complexity related to a specific environment,
giving you a clean place to learn the first principles. Whereas, if you tried
this on a Gameboy, you must learn a lot of domain specific things, and learn
how a computer works at a rather low level. For example: once you have built
an exploit payload or two, it isn't so magical how using an inventory of items
that are represented with integers can become code.

~~~
artmageddon
I've gotten to the second or 3rd level with it. I just wish they gave a little
more hints as to what I could learn about to help progress along with the
levels.

~~~
bitexploder
Usually if you can figure out the type of vulnerability you are going after,
you can search for it and then use the first principles of that bug type and
apply it to the current level.

The first few levels are just to get you used to thinking in machine code,
reading and thinking in hex, and used to reversing. They are a little tougher
for some, depending on your background.

~~~
artmageddon
That's good to know! My background is in CS, so I've done a bit of computer
architecture and assembly(been quite awhile though). Very new to reversing;
I've tried out Lena's tutorials and decided to give this a shot instead. I'll
keep that in mind :)

------
acjohnson55
Reminds me of the trick that was first used to make a TI-85 execute arbitrary
assembly code. Someone disassembled a ROM and found that the CUSTOM menu was
actually implemented by an unchecked jump to (presumably) the code of the
function the user selected. Normally, the interface will only let you select
built in functions, but by hacking a RAM backup, it was possible to make it
jump to the data held in a STRING variable and execute it as code. Typically,
this was populated with a bootloader that executed a shell stored within a
PRGM. That shell provided a menu to execute arbitrary other code also stored
in PRGM data.

------
slipstream-
There's also this:
[http://forums.glitchcity.info/index.php/topic,6638.0.html](http://forums.glitchcity.info/index.php/topic,6638.0.html)
(featured on HN before)

and this (G/S ACE, through a translation error):
[http://forums.glitchcity.info/index.php/topic,6716.0.html](http://forums.glitchcity.info/index.php/topic,6716.0.html)

~~~
hobs
Yep, got this from a list posted on the top one:
[http://beza1e1.tuxen.de/articles/accidentally_turing_complet...](http://beza1e1.tuxen.de/articles/accidentally_turing_complete.html)

You may find more interesting items such as:

    
    
       Apache Rewrite Rules
       Sendmail
       BGP

------
joshschreuder
Are there any good Youtube channels which look at these hacks and explain a
bit about how they work?

I found this one:
[https://www.youtube.com/channel/UClgilE1XxsorM1iX9YtS4FA](https://www.youtube.com/channel/UClgilE1XxsorM1iX9YtS4FA)
in the related videos of the Pokemon Yellow video which looks pretty good.

------
elwell
+1 for use of Clojure

+2 for use of Clojure's UTF-8 flexibility for direction arrows

------
Scuds
Similar deal with super mario world, using programmed controllers to poke
arbitrary code into memory and execute it.
[https://www.youtube.com/watch?v=OPcV9uIY5i4](https://www.youtube.com/watch?v=OPcV9uIY5i4)

~~~
gcr
You no longer need a special controller: a person has abused this glitch to
skip straight to the credits on real hardware on an actual SNES controller.

------
frinxor
nitpick: should be labeled (2013)

------
c1yd3i
wow

