ReSpec is usually a column about the wonderful, technical world of PC gaming, but occasionally there are topics that are too good to ignore. The Legend of Zelda: Ocarina of Time is widely hailed as one of the best Nintendo 64 games of all time, and while it’s not a PC title, the game’s most technically demanding speedruns show how games work at a fundamental level. More importantly, these incredible feats are only possible with a great deal of community effort.
Ocarina of Time is a game that would take a normal player about 30 hours to play; The most experienced speedrunners who want to play the game as fast as possible can complete it in about three hours and 40 minutes without any glitches. But the game’s Any% category, which prompts players to quit the game regardless of the methods used, is reduced to three minutes, 54 seconds, and 566 milliseconds. And yes, those milliseconds matter. The second-place record holder is less than a full second behind the world record.
While it’s such a remarkable feat, that’s not all Ocarina of Time Speedruns brings to the table. At Summer Games Done Quick 2022, a biannual speedrunning marathon for charity, there was a showcase that highlighted a group of speedrunners who spontaneously reprogrammed the game to display new graphics, play new music, and even twitch chat – Run overlay. And all this was done on a stock copy of the game with no pre-programming.
The Ocarina of Time speedrunning community has continued to break the game in seemingly impossible ways. I turned to two of the leaders in the community to find out what defines the classic Nintendo 64 game, and it all boils down to one exploit: Arbitrary Code Execution.
Far from just any Rob Tek/Shutterstock
Arbitrary Code Execution or ACE sounds a lot more intimidating than it actually is. It’s a term thrown around in cybersecurity that basically means running code (or a program) that shouldn’t be running. This is how Dannyb, an Ocarina of Time speedrunner who holds second place in the Any% category, described ACE in Ocarina of Time: “Arbitrary Code Execution in OoT is an exploit where a player uses in-game actions to arrange can put a bunch of data in memory to mimic the game code, and then manipulate the place where the game wants to run code to be where we just made that arrangement.
With the right actions, Dannyb says, players can “execute essentially any code within the game and make the game do things it wasn’t programmed to do.” These actions include things as seemingly useless as the name you type when you start the game. This is exactly the action that allowed Ocarina of Time to be beaten so quickly.
In a game like Ocarina of Time, the game checks its memory for a specific requirement that must be met in order to beat the game. The goal in an Any% speedrun is to rearrange the memory to see your character’s name instead of where it would normally look. This is referred to as Stale Reference Manipulation, or SRM, and dannyb says the exploit is what opens up cracked Ocarina of Time speedruns in a big way.
[Former World Record] OoT Any% Speedrun in 3:55,300!
“ACE always needs these two things in any video game: fine-grained control over a specific area of memory so the player can mimic the data there, and the ability to change the location of code execution to be where it is the custom code is lies. In 2019, a bug called stale reference manipulation was discovered in OoT, which opened up the second requirement in a big way,” Dannyb said.
In the case of a normal Ocarina of Time run, seemingly random actions add up to make the game check areas (like your character’s name) for completion requirements when they shouldn’t. It’s a two-part process. Create a data payload, e.g. B. your character’s name, and manipulate memory with SRM to point to that payload.
Hacking on the fly
OoT Triforce Percent ACE Showcase: TASBot brings us together here at SGDQ 2022! (beta + new content)
That’s how speedrunners beat Ocarina of Time in just a few minutes, but it doesn’t fully explain how the affectionately named Triforce% showcase was able to add new textures, models, music, code, and even a twitch overlay to the game when it didn’t Modification of the cartridge. Savestate, one of the minds behind this year-long project, explained that it’s about preparing the Nintendo 64 console to understand controller data as game data.
It’s a showcase only possible through TASBot, which can execute inputs at inhuman speeds. As Savestate explains, “We modify an instruction in memory to start reading control data as N64 instructions. Normally this would crash, but thanks to TASBot it’s able to simulate controllers and manipulate them at inhuman speed to look like N64 instructions, causing the game to execute the controller data as a series of predetermined instructions.”
Runners can add any code to the game simply by entering controller input.
In short, the Triforce% Showcase uses ACE and SRM like a regular Ocarina of Time speedrun, but specifically changes how the Nintendo 64 console understands instructions. With this setup, runners can add any code they want to the game simply by entering controller inputs. Savestate continued, “There is no modification to the game cartridge. To get custom data into memory, we use a glitch that allows us to add and change things in memory using TASBot while only connected to the N64 console through the controller ports.”
Nor are these exploits discovered by accident. Savestate explained that the Ocarina of Time community has developed tools to study how memory is arranged in the game, as well as programs to simulate different memory arrangements. Emulators like Project64 help a lot as they allow runners and tool developers to step through how the game executes code.
Ocarina of Time is one of the most iconic games of all time, and the robust, dedicated speedrunning community has allowed the game to thrive with new developments decades after its original release. Exploits like the one that powers the fastest Ocarina of Time speedruns trivialize the challenge usually associated with beating a game as quickly as possible, but they also highlight the incredible technical know-how and effort of the community, that go into dissecting and analyzing popular games.
According to dannyb, the community is also aware of this balance: “The OoT Any% speedrun category is the only one in our main leaderboards that allows ACE as a valid path to the goal. For everything else, we ACE ban to preserve the uniqueness that brought these categories to life in the first place.”
This article is part of ReSpec – an ongoing bi-weekly column featuring discussion, advice and in-depth coverage of the technology behind PC gaming.
Editor’s Recommendations
