ReSpec is usually a column about the wonderfully artistic world of computer games, but sometimes there are topics that are just too good to miss. The Legend of Zelda: Ocarina of time It’s universally acclaimed as one of the best Nintendo 64 games of all time, and although it’s not a PC title, the game’s technical peaks reveal how games work on a fundamental level. More importantly, these amazing achievements can only be achieved with a lot of societal effort.
Ocarina of time is a game that takes about 30 hours to beat the average player; More skilled sprinters, who aim to play the game as fast as possible, can beat it in about three hours and 40 minutes without errors. But the Any% of the game category, which tasks players with completing the game regardless of the methods used, dropped to three minutes, 54 seconds, and 566ms. And yes, those milliseconds matter. The second record holder is less than a full second behind the world record.
Even as an impressive feat, that’s not all Ocarina of time The speed you bring to the table. At Summer Games Done Quick 2022, the biannual speedrunning marathon for charity, there was a show that highlighted a group of speedrunners reprogramming the game on the fly to display new graphics, play new music, and even play a Twitch chat overlay. And all of this was done on a stock copy of the game with no pre-programming.
the Ocarina of time The speed community has continued to break the game in seemingly impossible ways. I reached out to two of the community’s leading minds to find out what makes the classic Nintendo 64 game tick, and it all comes down to one exploit: arbitrary code execution.
far from arbitrary
Arbitrary Code Execution, or ACE, looks scarier than it actually is. It’s a term thrown around in the cybersecurity field that basically means running code (or a program) that shouldn’t be running. This is how dannyb, a fast runner, does it Ocarina of time Which holds the second record in the Any% category, described in ACE at Ocarina of time: “Arbitrary code execution in OoT is an exploit where a player can use in-game actions to arrange a set of data in memory to mimic game code, and then manipulate the location where the game is looking for the code to run to be where we just did that arrangement.”
With the right actions, dannyb says, players can “basically run any code we like from within the game, and cause the game to do things it wasn’t programmed to do.” These actions include seemingly useless things like the name you enter when you start the game. This is exactly the procedure that was allowed Ocarina of time to be defeated quickly.
In a game like ocarina of time, The game checks its memory for certain requirements that must be met in order to beat the game. The goal in any % sprint is to rearrange the memory to look at your character’s name instead of where it would normally look. This is called legacy reference manipulation, or SRM, and dannyb says the vulnerability is what cracked it. Ocarina of time Open speed on the main road.
An ACE in a video game always needs these two things: precise control over some area of memory so that the player can make the data there mimic the code, and the ability to change the location of code execution to be where the custom code lies. In 2019, a bug called Stale Reference Manipulation in OoT, which opened up the second requirement in a big way,” said dannyb.
in normal condition Ocarina of time On, it adds seemingly random actions to trick the game into checking areas (like your character’s name) for completion requirements when it shouldn’t. It’s a two part process. Create a data payload, such as your character’s name, and manipulate the memory using an SRM to point to that payload.
Hacking on the fly
This is how the fast racers beat Ocarina of time In just a few minutes, but it doesn’t quite explain how the lovably named Triforce% demo was able to add new textures, models, music, code, and even a Twitch overlay to the game without any cartridge mods. Savestate, one of the brains behind this years-long project, explained that it’s all about configuring the Nintendo 64 console to understand console data as game data.
It’s a demonstration only possible thanks to TASBot, which is capable of executing inputs at non-human speeds. As Savestate explains, “We modify instructions in memory to start reading console data as N64 instructions. Normally, this would malfunction, but thanks to TASBot, it’s able to emulate and manipulate controllers at inhuman speeds to look like N64 instructions so that the game executes the console data as a set of predetermined guidelines.
Runners can add any token they want to the game just with console input.
In short, the display interface uses Triforce %ACE and SRM as usual Ocarina of time speedrun, but it specifically changes how the Nintendo 64 console understands directions. With this setup, runners can add any token they want to the game just with console inputs. Savestate continued: “There is no modification to the game cartridge. To get data allocated into memory, we use a glitch that allows us to start adding and modifying items in memory with the help of TASBot while only interacting with the N64 console through its console ports.”
These vulnerabilities are not discovered randomly either. Savestate explained that Ocarina of time The community has developed tools to look at how memory is arranged in a game, as well as programs to simulate different memory arrangements. Emulators like Project64 help a lot, letting runners and tool developers see how the game implements the code step by step.
Ocarina of time is one of the most critically acclaimed games of all time, and a strong and dedicated speed runner community has allowed the game to thrive with new developments for decades after it was originally released. Exploits like the one that work faster Ocarina of time Quick Races downplays the challenge usually associated with winning a game as fast as possible, but it also highlights the incredible technical expertise and community efforts that go into dissecting and analyzing beloved games.
The community is aware of this balance too, according to dannyb: “OoT’s Any% speedrun class is the only class in our main leaderboards that allows an ACE as a valid way to complete an objective. For everything else, we ban ACEs in order to maintain the distinction that made These categories come to life in the first place.
This article is part of ReSpec – an ongoing bi-weekly column featuring in-depth discussions, tips and reports on the technology behind PC games.
Leave a Reply