The words "open bus" trigger PTSD I didn't know I had
@RozeeVeritas Жыл бұрын
Good to know i'm not the only one (joke)
@CristianConsonni Жыл бұрын
It's not the same bus!
@Bismuth9 Жыл бұрын
@@CristianConsonni I was referring to Super Mario World.
@Patashu Жыл бұрын
Imagine an open bus...
@matthewdrury6443 Жыл бұрын
Imagine an `void open(*bus)`.
@Patashu Жыл бұрын
I love how cheeky this ACE is. I also love how hilariously useful SMB3 is for making payloads. You literally couldn't ask for better.
@MrCheeze Жыл бұрын
Well, except for RTA viability. Not sure whether there even exists any setup game that would be any good for RTA or not.
@Patashu Жыл бұрын
@@MrCheeze 'shell code' in SMW comes to mind, off the top of my head I'm not sure if there's an NES game that good
@Pascal-eu2oe Жыл бұрын
@@MrCheeze Probably 7-1 ACE in Mario 3 could do it, but it'd probably be pretty tedious, time-consuming, and really easy to mess up. And it'd almost certainly be slower than just playing Mario 1 normally.
@Ryusuta6 ай бұрын
To be honest, one of the most fascinating things about this for me was seeing a version of 8-4 that didn't have loops in it. Kinda cool how it actually flows pretty seamlessly.
@MrCheeze Жыл бұрын
Extremely cool find! Love me some payloads stored in uninitialized ram. Honestly, I'm surprised this could exist without being found already... SMB1 is one of those games known for being so well studied that undiscovered ACE couldn't possibly exist. (Admittedly, most people were probably not checking for logic that runs only in out-of-bounds world numbers and requires uninitialized RAM setup.) Anyway, great work!
@MrCheeze Жыл бұрын
Alternative comment: This really puts the N in Stop 'N' Swop.
@negativeseven Жыл бұрын
I discovered this exploit several years back. Indeed, needing to rely on initialized RAM as well as inaccurate emulation were both rather discouraging for most people to pursue actually running a useful payload.
@Storster Жыл бұрын
It's amazing seeing such a thing become possible in a game that most people consider completely ripped apart already. Entertaining stuff!
@alkali99 Жыл бұрын
this is amazing work. its cool how simply it recovers from executing in open bus. awesome
@a1d3n_isme Жыл бұрын
"Use < and > to look at explanations" Me using a phone: 💀
@zboredskilled9 ай бұрын
just connect a keyboard to your phone, simple.
@autumnshinespark7 ай бұрын
Same
@tonyacatlett36836 ай бұрын
Lucky, I mostly use console and only have wired keyboards and mouses.
@l3onardomgbr5 ай бұрын
@@tonyacatlett3683 mad respect
@Blankult5 ай бұрын
I just put it at 0.25 speed and did quick play/pauses lol
@Scrimsion Жыл бұрын
Legendary acomplishment for smb1 even though it's with a cart swap. Amazing video and amazing find! :)
@crescendo755 Жыл бұрын
This is amazing congrats! So cool to see ACE in this game
@SuperDorrie994 Жыл бұрын
Wow! Never would have thought of this. Great work!
@dillthepill08 Жыл бұрын
this is friggin awesome i have been waiting for smb1 ace for as long as i remember
@cobaltguyyyyy6 ай бұрын
Pov: todd rodgers most accurate speedrun
@kargaroc38610 ай бұрын
The way this is worded kinda implies that "open bus" is a sort of state that the CPU can be within. But as far as I know, *the* open bus is any memory region that isn't mapped, and this is what happens when you jump there. Its kinda like saying "during unmapped memory, such and such happens"
@100thCoin10 ай бұрын
Ah, good catch. My choice of words was a bit poor. I was trying to find the best way to phrase "During an instance where the PC is located at an unmapped address" and assumed "During open bus" would be a pretty good umbrella for that. Perhaps I meant to write "During open bus execution".
@AlbertTheGamer-gk7sn Жыл бұрын
Now, you can recreate Marionaires's create account TAS using arbitrary code execution, where you will create an account on Super Mario Bros., play World 0, and start playing the game revealing the hidden locations.
@aureliassong3 ай бұрын
Wow amazing, congrats on ACE’ing a new game!
@NtQueryInformationProcess Жыл бұрын
I knew something like this was possible, good job! I believe glitch enemies in some worlds let you execute arbitrary code, I remember playing a glitch level and getting far enough resulted in jumping to somewhere in work RAM and I think I remember it jumping to open bus as well, so this could be even faster
@Selicre Жыл бұрын
Well that is utterly insane. Congrats on getting this accomplished. Is this the first smb1 ACE? Now, fingers crossed for an ACE without a cart swap.. though that might be a very tall order.
@100thCoin Жыл бұрын
As far as I am aware, this is the first time ACE has been used in SMB1.
@ethanfranzen8684 Жыл бұрын
This is awesome! I doubt much is possible in SMB1 with ACE, given the amount of memory you can access, but, at least, you can use it to legitimately force things to be interesting! I kind of want to see a proper analysis for exactly what happens, instruction by instruction, in the game's code, as you stall for time with conflicting button inputs and when the IRQ interferes. I infer that the SRE instruction shifts the bits of a target byte in the zero page.
@Alexs2374311 ай бұрын
FUN FACT: In this TAS, Mario is doing the Mario. ~swing your arms from side to side...~
@mataloger Жыл бұрын
Great work! I hope you get to perform it with a tas-bot sometime 🙂.
@100thCoin Жыл бұрын
Oh hey, sorry I took two months to reply. This was console verified by Alyosha before I even uploaded my own video. If I recall, this might be an earlier version of the TAS, but it still executes the payload, thus completing the game in 8-4. kzbin.info/www/bejne/lYLWYXqVnLF4r80
@DaVince216 ай бұрын
I was not ready for that onslaught of explanations in the first second. Nice and detailed though.
@Fritzafella Жыл бұрын
ACE in smb1?? Open bus manip combined with a variant of the Tennis x Mario glitch?? This game hasn't been totally torn apart yet it seems!
@autumnshinespark7 ай бұрын
Whoa cool, i understood that ASM ^^ Awesome job!
@flibidydibidy Жыл бұрын
Very cool!
@KabAudio Жыл бұрын
Amazing work as always 100th coin!!!!!
@MrLlama-gl2hk Жыл бұрын
Retro Video Game Mechanics has a pretty good video on how an open bus works: kzbin.info/www/bejne/mYHHnXmLm6qBpc0 It's part of a larger video about a Super Mario World glitch but it's still a very solid 15-minute explanation. The best tl;dr summary I can give is that CPU is asking for memory that doesn't exist. Instead of getting an actual response, it merely sees an echo of the memory request itself or the response to a previous request.
@Abyssoft Жыл бұрын
This is amazing, what gave you the idea to try this?
@100thCoin Жыл бұрын
I've been playing around with ACE in SMB3 for a while, so I decided to look for ACE in SMB1. I knew killing Bowser beyond world 8 could lead to game crashes, and I decided to investigate it. As it turns out, Negative7 did a lot of research on this topic and found that killing bowser in world $FC jumps to address $3D0. That region of RAM is far too useless to manipulate into a meaningful payload (or even a jump instruction to somewhere better) so I decided to chart every world in the game to see what killing bowser would do. At the time I started this, I wasn't very familiar with open bus, but I found that world $16 (world N) jumped there. I left it as a comment and moved along. I was modifying bizhawk at this time to allow for cart swapping mid-TAS. I had the goal of making a stop 'n' swop tas for TASVideo's april fools shenanigans. The original idea was just going to start the game in world 8 by playing Tennis, but I really wanted to see if I could use ACE to some degree. After learning a bit more about open bus, I took another look at world N, and to my surprise, I could easily manipulate an RTI instruction into existence, and this jumps to uninitialized RAM. All I needed to do was initialize it, and that's where my SMB3 TAS comes in. I figured the fastest way to initialize that would be through subframe inputs. I think this takes about 2 seconds? On a bit of a tangent, I've been considering making a stop 'n' swop TAS of dragon quest 3. You have a really good video about that run, and it would be cool to see it TASed.
@CristianConsonni Жыл бұрын
Very nice! If you press B then you go to regular "second quest" or something different happens?
@100thCoin Жыл бұрын
It's a valid completion of the game. Going to the second quest works as usual.
@sirgog Жыл бұрын
This is incredible. How does it change from N-2 to 8-4 at around 1:15?
@100thCoin Жыл бұрын
The game changing from N-2 to 8-4 was the entire purpose of running the arbitrary code (which happened by killing Bowser in world N). This was achieved by storing a value of 7 in address $75F (This sets the game in world 8), a value of 3 at address $7FC (This sets the game in level 4), and running JSR $865A, as the code at $865A updates the HUD to display the current world-level.
@juliano__proencio33743 күн бұрын
Im 100% sure kosmic is talking about this TAS is his latest video
@100thCoinКүн бұрын
The video also included my total control "Travelling Salesman" TAS, in case you needed a bit more confirmation.
@juliano__proencio3374Күн бұрын
@@100thCoin alright, thank you
@BLGHA2 ай бұрын
Can you make a non L+R TAS of this?
@100thCoin2 ай бұрын
A non L+R TAS of this could certainly exist. For this TAS specifically, I only did the series of SMB3 inputs at the start of the video, as optimal SMB1 gameplay isn't my strong suit, and some friends of mine in the SMB speedrunning discord (Seraphmlll and Mizumaririn) did the SMB1 inputs. If I were to make that TAS myself it would likely be suboptimal.
@BLGHA2 ай бұрын
@@100thCoin Ah, ok. I was only wondering because I wanted to see what the best run could be.
@denelson835 ай бұрын
You need to put the elements of your video above the timeline that KZbin puts at the bottom of the video when paused. I am having trouble reading the text behind the controls at the bottom-right corner of the video.
@100thCoin5 ай бұрын
That's definitely something I hadn't considered when I made this video, and something I'll be making an effort to fix in future videos. Thanks for the feedback!
@TheOfficialDorianelevator11 ай бұрын
i have a french keyboard (azerty keyboard) and due to that the , key works but the . key dosen't since french keyboards use shift+; for the . character, so due to that i can't frame advance forward, if anyone with a azerty keyboard can tell me how to frame advance then please reply to this comment with the answer.
@Roro_23383 ай бұрын
late reply, but try the Windows On-Screen Keyboard. you should be able to toggle to QWERTY layout on that.
@TheOfficialDorianelevator3 ай бұрын
@@Roro_2338 i still remember this video and thank you for the answer, i might try that soon to be able to step frame by frame.
@six_buck_dlc4 ай бұрын
i don’t understand anything you said but i feel smart reading it
@BHSilver5 ай бұрын
Question, when jumping, the "A" being showed on execute load screen being pressed, - is the reason why there is a Line of A's is because its a button being held down the whole time, or is it being pressed every time its shown on the execute load? I've never programmed a TAS b4, so this coding is new to me.
@100thCoin5 ай бұрын
If the A Button is shown multiple times in a row, you can think of it as being held down.
@BHSilver5 ай бұрын
@@100thCoin Thank you, thought so, but wasn't 100% sure.
@crescendo755 Жыл бұрын
I wonder if this concept could be used with OOT/SM64 to start SM64 with the upstairs key and go straight to the final Bowser.
@casultaser5 ай бұрын
And how could you use ACE in SMB3 before evwn starting the game? Normally in SMB3 ACE you would clear 1-1 and 1-2 normally, grab the 2 warp whistles in 1-3 and 1-Fortress, warp to world 7, enter 7-1, place some Koopa shells in very specific spots, and clip into one of the pipes, entering it from the wrong direction, leading to you going Out of Bounds and with a few more inputs warp to the credits,
@100thCoin5 ай бұрын
At SGDQ 2016, there was a TAS showcased that completes Mario 3 in 2 seconds. In 2018, Masterjun made improvements (so the credits don't softlock) and submitted a TAS beats the game in 0.78 seconds. I optimized that further down to 0.22 seconds. It's a lot to explain (and I plan to explain how those work in a future video) but to summarize: A hardware issue can lead to DPCM audio samples corrupting the data read from the controller. SMB3 uses DPCM audio for drums in the music, so the developers needed a way to prevent the samples from corruptign the controller. Their solution is to read the controller in a loop until two consecutive reads match. If any of them don't match, it's assumed to be because the DPCM audio bug occurred, but in the world of TASing, I could maliciously mas hthe A button so fast that it never matches for two consecutive reads. Due to the order of events in the NMI of SMB3, an IRQ is scheduled for 193 scanlines, ROM banks are swapped out for updating graphics, the controllers are read, then the banks are swapped back. If the IRQ occurs before the banks are swapped back, a jump to address $A826, expecting bank 24, but bank 26 is loaded instead. An RTS instruction pulls unrelated data off the stack and we begin executing RAM from address $0001. The game stored the buttons held + newly pressed buttons in address $17 and $18, and addresses $F5 through $F8. Using those bytes that I can control, I can create instructions for the CPU to process. In my 13 frame TAS, these instructions are TAX (X now equals $F4), TSX (I need the stack pointer to be greater than $30), JSR $0000, JSR $9000. In my TAS that sets things up for ACE in SMB1, I use the btyes I can manipulate to write a function that gives me more control, then I use that to write everything I need before swapping carts. This function is mostly written by loading X with whatever byte I need, then storing it somewhere. I can't use the A or Y registers, since lots of other bytes on the zero page will change the values, but the X register can remain unchanged between frames, allowing me to swiftly LDX and STX to write code.
@jayburstin3462 Жыл бұрын
Are you planning to submit this to TASVideos? Hopefully switching games is allowed, because this TAS is awesome 🤞
@100thCoin Жыл бұрын
I initially submitted a less optimized version on April first, and it seemed to have some incredibly positive feedback. It failed console verification, which lead to us discovering the open bus inaccuracy in the current release of Bizhawk (2.9). That's been fixed for the next release, so I'll probably try submitting this after Bizhawk's next release? There is still the issue of swapping carts in the middle of the TAS. My current modification to Bizhawk to make cart swapping work is a little sloppy, so I doubt that pull request will go smoothly.I'll be asking the judges of TASVideos what to do before I submit, that's for sure.
@Creative_YT5 ай бұрын
I’m going to make an fnf chart of those controller inputs
@CloudCarry Жыл бұрын
legendary
@zszushi3 ай бұрын
How do I display keystrokes? I would like to see it displayed in Bad Apple videos as well.
@100thCoin3 ай бұрын
in the Bizhawk emulator, under "View" is an option for "Display Input" which shown on screen the buttons being pressed. It's not very intuitive to display inputs like that for a subframe TAS though, as there are hundreds of inputs per frame.
@zszushi3 ай бұрын
@@100thCoin tysm
@mariofan123613 ай бұрын
niftski has competition
@Halely-j4j5 ай бұрын
so if we get ace we can skip to bowser and win in less than a minute
@TheNoSwearGuy Жыл бұрын
You do know TAS timing ends when Mario touches the axe and not on the last input for both SMB and SMB2J, right? Those two games are the only exceptions to the "timing ends on the last input" rule. This TAS is actually a 1:15.725, not a 1:15.442
@nehuensio5 ай бұрын
acctually, tases have the same time rule for all games, time starts when the console or emulator is powered on/started and ends on the last input
@TheNoSwearGuy5 ай бұрын
@@nehuensio TAS timing is different for SMB and SMB2J. For those two games, TAS timing ends when the player touches the axe
@kriller3771 Жыл бұрын
Bro what, I don’t know what else to say that just what
@kriller3771 Жыл бұрын
This is insane, so far beyond me
@gameboyadvance45 Жыл бұрын
0:02 super Mario 3 intro?
@100thCoin Жыл бұрын
The first two seconds of this TAS happen inside Mario 3. There's some wild exploits where you press mismatched inputs 100 times in a single frame leading to an ACE exploit 11 frames after the console boots. I use that to write the payload that is executed in SMB1, as well as set up RAM so SMB1 will start in world 'N'.
@Mabi19 Жыл бұрын
Cartswap TASes are really cool. Unfortunately you still need an exploit in both games; I guess you could write enough code to patch around the initialisation routine and achieve more control that way, but that seems sketchy.
@chair5476 ай бұрын
rta viable when? with like... tennis or smth idk
@superofsrb21965 ай бұрын
you could do the save state thing to save the second it takes to walk to the axe
@NCXDKG5 ай бұрын
Question: where are the < and > keys *on a phone?*
@nehuensio5 ай бұрын
there is none, sorry
@burritoman2k Жыл бұрын
Oh wow
@c7fab Жыл бұрын
cool cool
@RozeeVeritas Жыл бұрын
Can i download the TAS file?
@100thCoin Жыл бұрын
Sure! I mention in the description, that the TAS was made in a modified version of bizhawk. This was done for 2 reasons: Cartridge swapping, and fixing incorrect open bus emulation. The solution for console verification was to send two separate TAS files. They can be found here: SMB3 Inputs: tasvideos.org/UserFiles/Info/638160503431898737 SMB1 Inputs: tasvideos.org/UserFiles/Info/638179553100801346 The SMB3 run sets up the RAM, then the SMB1 run begins from a "savestate" that boots the game with the RAM the SMB3 TAS ends with. Keep in mind, if you are using the current latest version of bizhawk (2.9) the SMB1 run will have incorrect open bus behavior, leading to the game rebooting at the end of the movie. If you would prefer to have a single TAS file, that requires compiling my custom fork of Bizhawk that adds cart swapping. Let me know and I can link you to my fork of bizhawk, along with a single TAS file.
@Charcoal190 Жыл бұрын
Holy shit.
@Snooty48354 ай бұрын
Bro why are people so hung up on 4:54 being the limit? Haven’t they seen this! /j
@Judge_Zion Жыл бұрын
some of us are stuck on mobile.
@SamiSaba28 күн бұрын
1:15 in smb1 was possible?
@misterdoctorprofessorpatrick7 ай бұрын
see guys it is possible to get below 4:54
@thejazzo35955 ай бұрын
impress
@damin99135 ай бұрын
So the thumbnail was a lie no blue mario😢
@100thCoin5 ай бұрын
Ah, my bad. The colors on the thumbnail are mimicking the "TAStudio" icon's color palette. In hindsight, as my channel grows, fewer and fewer people would get that reference. I've started to just leave the thumbnails with normal colors, since more people would understand. Sorry for the confusion.