I can't read this without thinking that I have wasted a life that could have been better spent synthesizing shell code out of the precise contents of Yoshi's mouth.
This is not responsible disclosure. The person who discovered this vulnerability should have notified nintendo and given them enough time to respond with a patch.
Think about how many hard-earned coins and power ups could potentially be lost due to malware that takes advantage of this vulnerability.
Heh, after I read your first two sentences and was ready to downvote you (having had "bad experiences" with "responsible disclosure").
After I read the last sentence, I imagined 10-year-old me playing Super Mario Brothers and suddenly freaking out because all my coins were just hacked and stolen.
No. They weren't. That's the idea. By exploiting some bugs, they managed to make the game execute arbitrary code. The menu, the two games and the victory screen were all programmed by manipulating the RAM using nothing but controller input.
TAS stands for Tool ASsisted, basically scripts pressing the buttons on the controller
On the right side of the screen each letter lighting up represents a controller input (l is left, r is right etc)
Each line represents a gamepad controller (virtual in this case). When you see multiple lines it means multiple controllers (I am assuming this, as later there is more than 8 contollers active which is strange)
Whats happening is a script running to glitch the game from the start into a certain state, beginning of the video until 1:40, then it looks like an exploit happens of the previous glitches in memory, followed quickly after by a massive data load that is the code for the pong/snake demos that follow.
TAS stands for Tool Assisted Speedruns. There's a huge history of gamers competing to complete games as quickly as possible. Eventually tools were created that allowed people to simulate key presses in such a way that previously impossible feats became a reality. For example, many game quirks rely on pixel perfect or frame perfect executions of button presses. Also, some sequences of button presses are simply too quick or elaborate for the human hand to reproduce. Thus, the TAS scene emerged and took speedrunning to a whole new level. It's unfair to compare a human speedrun with a TAS speedrun, so it is necessary to specify the "TAS" acronym whenever a run is shown having been created with the use of tools. Human and TAS speedruns are completely different to watch and both highly interesting.
> This run uses two multitaps in port 1 and port 2 which allows for 8 controllers (1-1, 1-2 ,1-3, 1-4, 2-1, 2-2, 2-3, 2-4) of which 4 are used (1-1, 1-2, 2-1, 2-2) for the last input.
In general, Super Mario World is being played back on a Super Nintendo emulator using prerecorded inputs (a file exists that says which buttons should be held down on each frame). But these inputs aren't a recording of someone actually playing; these button presses were constructed frame-by-frame very carefully to produce these specific effects. Theoretically, if you could manipulate a Super Nintendo controller with perfect precision 60 times per second you could reproduce this.
Specifically, some objects in-game have pointers to code associated with them ("what to do if this block gets hit by a turtle shell", that sort of thing). The P-switch has one of these pointers assigned to a very special value by coincidence: its pointer points to the memory location where button presses are mapped. This pointer is never supposed to be followed, but by making a bunch of objects very carefully the authors can glitch the game into jumping to that memory address. Once execution is there, they can write a bootloader by making sure the button inputs on each frame correspond to the correct opcodes, letting them execute arbitrary code that they write in on the controller port.
I wasn't involved in the production of this TAS, so I'm not an expert, but that's my understanding of what's going on.
Funny. I remember calling the Dutch Nintendo help-line (from a land-line no less) to find out how to get to the final castle's backdoor. This is back when I was about 10 years old.
Now, there's people coding games in that game by playing it.
http://tasvideos.org/3957S.html
I can't read this without thinking that I have wasted a life that could have been better spent synthesizing shell code out of the precise contents of Yoshi's mouth.