

Hacking Super Mario World to Warp to the Credits [video] - Kortaggio
https://www.youtube.com/watch?v=vAHXK2wut_I

======
pdkl95
I believe it's been posted before, but sethbling (of vanilla-minecraft-hacks
fame) pulled off the impossible and did the credit warp on an actual SNES,
live[1]. As this video very-nicely explains, this required incredible amounts
of pixel-perfect accuracy.

Lining up the line of koopa shells on exact x-offsets and _very_ narrow
heights mid jump (!) to write the landing-sled - using a controller, realtime
- is utterly insane.

As a side note sethbling's latest project is teaching[2] (using neuro-
evolution) his machine learning bot to play SMW[2], SMB1[3], and Mario Kart
(original)[4]. While he machine learning is simple by today's standards, his
brief videos give a really nice introduction to the topic that should be
accessible to most people.

[1]
[https://www.youtube.com/watch?v=14wqBA5Q1yc](https://www.youtube.com/watch?v=14wqBA5Q1yc)

[2]
[https://www.youtube.com/watch?v=qv6UVOQ0F44](https://www.youtube.com/watch?v=qv6UVOQ0F44)

[3]
[https://www.youtube.com/watch?v=iakFfOmanJU](https://www.youtube.com/watch?v=iakFfOmanJU)

[4]
[https://www.youtube.com/watch?v=S9Y_I9vY8Qw](https://www.youtube.com/watch?v=S9Y_I9vY8Qw)

~~~
Pewqazz
Note that this video is of SethBling pulling off the credits warp for the very
first time, when the current setup for the warp was unknown. Here is a video
of Seth performing the warp that was explained in the posted video, which is
faster by over four minutes:

[https://www.youtube.com/watch?v=KADhybyjOEo](https://www.youtube.com/watch?v=KADhybyjOEo)

------
haberman
Unbelievable. I had watched the glitch itself too many times to count. But
seeing it explained makes it even more impressive.

I would love to hear the story of who figured out how to do this and how much
trial/error it took.

I'd also love to see a similar explanation of the mario pong/snake glitch. It
seems it goes even further and is able to actually input large amounts of
arbitrary code. [http://www.polygon.com/2014/1/14/5309662/bizarre-super-
mario...](http://www.polygon.com/2014/1/14/5309662/bizarre-super-mario-world-
hack-turns-the-game-into-pong-snake)

~~~
steckerbrett
Probably not as awful as it sounds on the surface, with an emulator you can
sit and stare at the current state of the machine quite handily. It would be
essentially impossible to work this sort of thing out without the aid of
tools.

~~~
haberman
Totally, but even with an emulator, the number of obscure glitches that have
to be strung together in just the right way to make this work is staggering.

~~~
Mahn
I would guess the games are disassembled and dissected first in order to
identify potential exploit paths/bugs.

------
emiliobumachar
Just forwarded the link to my work email. This is the ultimate answer to any
objection to security efforts on the grounds that "the vulnerability is too
complex for anyone to bother exploiting".

------
paulkon
This was awesome! Any recommended introductory books for assembly programming
and reverse engineering to appreciate this hack even more?

~~~
Luc
Go old school and dowload this book:
[http://www.romhacking.net/documents/615/](http://www.romhacking.net/documents/615/)

'Programming the 6502', by Rodnay Zaks.

~~~
peterfirefly
His Z80 book is pretty good, too. In fact, I don't remember a single bad book
from the old Sybex (Zaks' publishing company).

------
chjj
Manufacturing shellcode with shells. I like it.

~~~
MrBuddyCasino
Programming with koopas - it truly is turtles all the way down.

------
yoha
The hack looks insanely contrived but this video has a very well paced, well
explained, and well illustrated explanation.

------
smaili
Just out of curiosity, anyone know why only 12 sprites can be loaded at a time
into memory? Is that a hardware limitation or a design decision by the
developers?

~~~
duskwuff
The SNES graphics chip supports up to 32 sprites _per line_ ; this must be a
limitation of the game.

------
SchizoDuckie
These are the chess grandmasters of our time.

If you can fit all of that in your head and understand what you're doing here
while you're doing it, you're a god to me

~~~
SixSigma
It's nothing like as complex as you think, it's all very logical and once you
can code 6502 assembler, it's just lining up ducks.

~~~
duskwuff
Or, in this case... lining up Koopa shells. :)

