ReSpec is usually a column about the wonderful technical world of PC gaming, but occasionally there are topics that are just too good to pass up. The legend of Zelda: ocarina of time It’s universally hailed as one of the best Nintendo 64 games ever made, and while it’s not a PC title, the higher-end, more technical speedruns expose how games work on a fundamental level. More importantly, these amazing feats are only possible with a lot of community effort.
ocarina of time it’s a game that would take a normal player around 30 hours to complete; more skilled speedrunners, looking to play the game as fast as possible, can beat it in around three hours and 40 minutes without fail. But the game’s Any% category, which tasks players with completing the game regardless of the methods used, was dropped to three minutes, 54 seconds, and 566 milliseconds. And yes, those milliseconds matter. The second-place record holder is less than a full second off the world record.
Even for such a remarkable feat, that’s not all. ocarina of time bring speedruns to the table. At Summer Games Done Quick 2022, a biannual charity sprint marathon, there was an exhibit spotlighting a group of sprinters who reprogrammed the game on the fly to display new graphics, play new music, and even run an overlay. Twitch chat room. And all of that was done on a stock copy of the game with no pre-programming.
He ocarina of time The speedrunning community has continued to break the game in seemingly impossible ways. I reached out to two of the leading minds in the community to find out what makes the classic Nintendo 64 game work, and it all comes down to one vulnerability: arbitrary code execution.
far from arbitrary
Arbitrary Code Execution, or ACE, sounds a lot more intimidating than it really is. It is a term used in cybersecurity that basically means executing code (or a program) that should not be executed. That’s right dannyb, a speedster for ocarina of time who holds the record for second place in the Any% category, described ACE in ocarina of time: “OoT arbitrary code execution is an exploit whereby a player can use in-game actions to organize a bunch of data in memory to mimic game code, and then manipulate the location where the game seeks to execute the code to that is the place where I just made that arrangement.
With the right actions, dannyb says, players can “basically run any code they want from within the game and make the game do things it wasn’t programmed to do.” These actions include such seemingly useless things as the name you enter when you start the game. That is exactly the action you have allowed ocarina of time get hit so fast.
in a game like ocarina of time, the game checks your memory to meet a certain requirement in order to win the game. The goal of an Any% speedrun is to rearrange memory to see your character’s name instead of where it would normally. This is called stale reference manipulation, or SRM, and dannyb says the exploit is what he cracked ocarina of time speedruns opens up in an important way.
“ACE in any game always needs those two things: precise control over some region of memory so that the player can make the data mimic the code, and the ability to change the location of code execution so that it is the place where is the custom code. lies. In 2019, a technical issue called Deprecated Reference Handling in OoT was discovered, which opened up the second requirement in a big way,” said dannyb.
In the case of a normal ocarina of time run, the seemingly random actions add up to trick the game into checking areas (like your character name) for completion requirements when they shouldn’t. It is a two part process. Create a payload of data, such as your character’s name, and manipulate memory with SRM to point towards that payload.
Hack on the go
This is how speedrunners win ocarina of time in just a few minutes, but it doesn’t fully explain how the affectionately named Triforce% showcase was able to add new textures, models, music, code, and even a Twitch overlay to the game without any on-cartridge mods. Savestate, one of the minds behind this year-long project, explained that it is about preparing the Nintendo 64 console to understand controller data as game data.
It’s a showcase made possible only by TASBot, which can execute inputs at inhuman speeds. As Savestate explains, “We modified an instruction in memory to start reading data from the controller as N64 instructions. Normally this would fail, but thanks to TASBot, it can simulate controllers and manipulate them at inhuman speeds to make them look like N64 instructions so that the game executes the controller data as a set of default instructions.”
Racers can add any code they want to the game through controller inputs alone.
In short, the Triforce% showcase is using ACE and SRM as a normal device ocarina of time speedrun, but it’s specifically changing the way the Nintendo 64 system understands instructions. With that setup, racers can add any code they want to the game just through controller inputs. Savestate continued: “There is no game cartridge mod. To get custom data into memory, we use a glitch that allows us to start adding and modifying things in memory with the help of TASBot while only interacting with the N64 console through its control ports.”
These exploits are also not discovered randomly. Savestate explained that the ocarina of time The community has developed tools to see how memory is organized in the game, as well as programs to simulate different memory arrangements. Emulators like Project64 help a lot as they allow runners and tool developers to explain how the game executes the code step by step.
ocarina of time It’s one of the most iconic games ever made, and Speedrunning’s strong and dedicated community has allowed the game to thrive with new development for decades after its original release. Feats like Fastest Boost ocarina of time Speedruns trivialize the challenge normally associated with winning a game as quickly as possible, but also highlight the incredible technical expertise and community effort that goes into dissecting and analyzing beloved games.
The community is aware of this balance as well, according to dannyb: “OoT’s Any% speedrun category is the only one on our main leaderboards that allows ACE to be a valid way to complete the objective. For everything else, we banned ACE to preserve the uniqueness that brought those categories to life in the first place.”
This article is part of ReSpec, an ongoing bi-weekly column featuring in-depth discussions, tips, and reports on the technology behind PC gaming.