Want early access to new videos and some behind the scenes content? Consider becoming a channel member ua-cam.com/channels/QvW_89l7f-hCMP1pzGm4xw.htmljoin
Huh, that weird thing where you don't notice what channel a video was uploaded by and start watching it happened. Cool to see speedrunning-adjacent stuff here!
Edit: I just realized you're using a PS5 controller (1:29). With its circular frame around the thumbstick (no notches) any setups like this one, where you need to hold a direction, will be impossible to be consistent. 0:47 This setup to get to the door is actually really brilliant, so I want to explain its key points! The setup changes a 1/20th of a second timing after seconds of waiting into simply hitting two buttons something like 0.6 to 0.85 seconds apart, and with visual validation. And it's really cool because it's based on some clever geometry. When Link starts to run after playing the "ocarina" he runs around the camera in a curve, throws a Deku nut to stop on the spot, and then turns 90° and sidewalks straight outward from there. This fans out the possible paths, so it is easy to tell them apart. It's like rotating around a bicycle axle, and then moving outward along a spoke. It's hard to tell where you are in a tight curve, but it's easy to tell which spoke you ran outward on. From there a learned adjustment will land Link on the correct frame consistently. With 5 possible frames that reach the hallway, this eases the mechanical skill of the trick to hitting B and then a C button 0.6 to 0.85 seconds apart (guesstimate from a quick frame count of my old run). (Alas, it is still a hard trick on the knowledge side, especially if you don't have someone coaching to point out how to recognize each situation and what to do. I'm not sure whether any tutorial fully explains the trick, but even if they did, it could be a lot to digest, and overlooking one key part could lead to repeated failures without knowing what is wrong.) A newer setup has Link slow down by rubbing along the wall in proportion to how early we hit a button, so early or late cancel out with moving slow or fast and we get to the door on the perfect frame. This makes it easier to learn, but the timing window isn't quite as forgiving as 5 frames.
Ocarina of time has such insane data manipulation glitches-would love to see you cover them like SMR or ACE! On a side note, ZFG1 is a great resource for ocarina of time glitches, especially those complex memory-related ones.
Fig aswell, he's the 1 with probably 1 of the most indepth knowledge about Ocarina of Time, concidering he was a big part of the whole decomp project for OOT (that made OOT PC port actually a reality) he used to speedrun and actually get somewhat close to the 100% WR by ZFG, but if we're talking about actual technical knowledge about why glitches work, Fig is definitely better than ZFG.
" I'm not very good at games" meanwhile, at the time of writing this, your 6 most popular videos are all gaming related... So you're obviously doing something right when it comes to making gaming content.
@@Rebateman and also that just kind of makes my point more, he is just as much gaming channel as I am [If not more] and literally only do gaming content.
thank you for such an insightful video, it would be wonderful to see more content like this. never to take away from the extreme dedication that speedrunners have to figure this out in the first place but to have a real understanding of 'how' is amazing.
It's pretty old tech so I can't quite remember, but iirc you can fix the cutscene softlock issue by pausing and unpausing in Link's house after loading your save, then going back to Gohma's room. The setup is also *extremely* precise, you need to make sure that you perfectly adhere to every input and step once you're normalised. The goal is to have the counter hit 90 by the time you go over the hump and deload the blue warp, so you need to be in both a specific place on the blue warp to start and unload it exactly on frame 90 by doing exact movements. The specific movements are done because they're consistent and repeatable, and if done exactly will guarantee 90 on the timer. OoT has a lot of surprisingly consistent movement techniques, so if you can normalise yourself you'll be able to repeat actions perfectly. The last 11 frames of the counter increment as you walk through the door, since the warp is loaded again for a split second when the camera centers behind you. This means that it hits 101 at the exact point necessary for it to start the cutscene but for the base ID to be overwritten every time. It might be worth trying to find the cutscene timer value, that lets you see if you've done the movement correctly. It's at [801CA10C] + 0x182 for NTSC v1.0, which is to say the value of address 801CA10C + 0x182.
Yes that is one of the fixes, but it was just easier to edit the value (: Also thanks for the extra info, I toyed with the idea of finding the timer but I’d already resigned myself to the fact that I was never going to be good enough to execute it
@@nathanbaggs Haha, that's fair! You'd be surprised honestly, precise does not necessarily corrolate with difficulty! None of the specific steps in Ganondoor are particularly difficult to execute, so long as you're in the right place to begin and press the right buttons then it should work. One thing that might be messing you up is the PS5 controller, since it doesn't have notches on the analogue stick. The setup for Ganondoor expects you to have a notch for a consistent walking angle, and most people play with an N64 or Gamecube controller. The actual trick itself is definitely doable though, I promise you'll be able to manage it! There's nothing like the feeling of it working for the first time =p
@@nathanbaggs I think there's a setup for PAL, but I'm not 100% sure. It's actually easier since the game runs at a glorious 17fps, lol. It's also pretty easy to build an n64 controller adapter with an Arduino, having done a project in the past that involved sniffing the controller logic it's pretty fun!
I am subscribed for a couple of videos already, and I must say, your improvement in presentation and delivery is really cool to see. I don't know if I'm alone in my opinion, but this is the first video in which I felt your energy as more grounded, less "youtubery", and like you aren't mad at me lol
As someone who does computer security as their day job this buffer overflow particularly has always fascinated me. The fact you can perform it with a controller blows my mind.
A pretty bog standard explanation of how the glitch work, but perhaps better than most for actually opening up the hex editor. I always wanted to make a proper video on it by myself, but never did since I always get lost in the weeds of what order to introduce things and for the longest time I struggled naming things effectively. The closest I got to a complete picture of things was the collab I did with Bismuth on his two part Wrong Warp video; that was back when I knew SRM was going to obsolete the wrong warp any%. Technically, the frame you open the door does not matter, what matters the number of blue warp actor_update calls/increments of the animation timer after you break free from the first part of the warping up animation. It needs to hit 101 (child dungeons) on the final blue warp actor_update call before the scene is destroyed, immediately after your next entrance of the Deku Tree basement has been confirmed and copied to 8011A5D0.
I've seen this trick performed hundreds of times over the years and this is the best explanation i've ever heard! Great video! The new ACE routes just don't have the excitement of this one... WinWaker
If only the speedrunning community knew you could open the memory editor - would save them a lot of hassle 😂 Seriously though these are really interesting and well produced videos, thanks !
The joke here is the speedrunners opening the memory viewer mid-run to trivialize the strats. I think naxxtor is aware the speedrunning community knows about memory viewers and reverse engineering
I too am fascinated at some of these more extreme glitches, I never really took an interest in speedrunning/glitching until I saw someone perform a code injection exploit in a Super Mario Brothers game using only controller inputs... it amazed me. This Zelda one is also a favourite and I have seen some explanations over the years, this is definitely the best though.
Great explanation. The people really did good job at reverse engineering OoT code. I remember watching streams of that work. One thing that I think is good to pay attention to, is the weight the ocarina item is lifting. Not only it breaks the lock, but even if you had normal ocarina, you wouldn't be able to play it in a boss room. For a moment I was concerned that you did navi dive, but then I realized you're not going to the bottom of the well like so many times you would in OoT.
Great video, seeing it months later. Not sure what the original comments essay is on about with crediting the glitch, the original finder of wrong warp, christianf23, didnt know how it worked either and it took about 24 hours before mzx figured out exactly how it worked and a further period of time before sockfolder and robdog figured that ganondoor would work. Theres no credit needed to be handed out here as it was a community effort and no one single person owns the glitch... Its honestly kinda sad to see someone having a tirade about something they werent even present for. Its unfortunate many of the comments in this video miss the point of why you did things a certain way (playing in an n64 emulator instead of the pc port to better explain it as the n64 sees it on real hardware rather than in memory of your pc) or are bringing up the runners decision to transistion to another gender. I've been part of the oot speedrunning community for almost 15 years at this point and was once good friends with the runner before she transitioned and chose to ignore all previous friendships... Its odd to see people say rip etc when you could just acknowledge someones accomplishments as if it was a different era in their life without having to further talk about it, especially in an unrelated vid. Great content though and keep it up.
Great video. This is really interesting stuff and well produced too! Is it possible you weren't able to pull off the warp after trying for over an hour due to using an emulator? Maybe its implementation is not 100% accurate compared to the real hardware and timing was slightly off because of it? Anyway, awesome stuff. Good luck on future videos!
This is actually true. Only project64 allocates memory in a true way and even then there can be small, strange issues on emulators, for instance the frame rendering and frame speed could be one frame off like you have said. I run all these glitches and I prefer original hardware.
In OoT emulator makes pause buffered tricks much more difficult, but tricks like this one work the same and are probably faster to learn on emulator due ease of set up and save states. OoT in particular is hard to learn without good documentation and/or "coaching"- usually just someone in Twitch chat or Discord helping out, which was especially common when OoT Speedrunning and SpeedRunsLive were more popular. For example, I suck, but when I started out the 3rd fastest runner at the time (doktor_m) randomly dropped in to help. The community is probably just as helpful today, but less active.
nah, he wasn't using the correct setup, everytime he did it he moved different to how the runners move, and even then, depending on how your angle is after you use the deku nut, press up and z-target to start your sidewalk/sidehop to the door also changes how you should do different things to move the frames along. from what I gathered in this video, Nathan wasn't aware that there are different setups for different camera angle's (the different setups happen as soon as you get to the dirt mount near the boss door) this can range from doing a sword slash, throwing another nut, doing a full 180 turn etc.
@@Edsploration. not anymore since there is a romhack now called GZ, which is a practice rom that comes with savestates and various cheats and QoL changes, including a memory editor. this is what has taken over the emulator space since now you can practice WITH savestates on actual hardware, be that N64 or Wii (the 2 most prominent consoles for OOT) this makes learning routes and glitches for a speedrun much more concistent, since if you need to pause buffer a trick, goodluck learning that on emulator, it's horrible, while with GZ you can practice this on actual hardware, so it'll be identical to how it'll be in an actual run.
6:25 this is how dank% speedrun works. You set a deku stick on fire then do this glitch, it will look like you're smoking it, which is even more hilarious by the fact the stick will burn from the end to the tip just like a joint would.
It probably doesn't check specifically for negative numbers, but rather if the variable is greater than 0. That way, if there is a positive number there, it executes, otherwise it's assumed to be 0
If I had to guess the check it's probably at Cutscene_ProcessScript in z_demo.c where it exits early if curFrame is bigger than csFrameCount or a loop doesnt run because totalEntries is less than 0. Which sounds about right but I'm not familiarized with Ocarina of Time's source code so take it with a grain of salt :p
It's actually not such an amazing coincidence that you end up at Ganon's Tower Collapse, because that scene has a LOT of entrances, a random entrance is quite likely to go there.
Think I missed it as part of the explanation but why do you need to change room on exactly the last frame? Softlock I guess? But why would it softlock if you spend a couple of cycles in the next room instead of just one?
I think if you enter the door too early, you spawn in the next room in the deku tree basement and the timer is cancelled. If you enter the door too late, the timer has taken over and you spawn in front of the deku tree where the cutscene plays.
You must hit the right frame so the game sees you going through a door, but if done at the right frame the addresses of the door and the room will be added together and the value on that frame happens to be the entrance to tower collapse.
When you take two loading zones at once, one of the loading zones is taken, but the other loading zone can have properties that bleed into the one that is actually taken. So in this case we want to load the Deku Tree basement, while having the blue warp set the property to play a cutscene. The 2nd loading zone taken usually cancels the 1st, and if that worked it wouldn't even be frame perfect, but that can't work here because once the blue warp has started fading out, the door loading zone is disabled and can't be activated. But there's another way to combine two loading zones together, where you take the 2nd loading zone on the last possible frame after taking the first. In that case the 2nd loading zone comes too late to cancel the first. So that's why it's frame perfect. Go through the door 1 frame early and the blue warp never activates so you just arrive in the basement. 1 frame late and the blue warp activates too early and cancels the loading of the basement.
Looking at my old notes on this, Ganondoor is frame perfect because there's a one frame window where the game commits to entering new area but then the blue warp actor gets one final call to actor_update before the whole scene is destroyed. So the way it goes is, you open the door and the door writes 0x252 into 801DA2BA, which is the next entrance index variable, and then triggers a fade out animation. When the animation completes, that value is copied into the current entrance index variable at 8011A5D0, and flags a scene switch to happen on the next frame. Then when the blue warp actor updates (if timed correct), it sets the next cutscene to 0xFFF1 and next entrance to 0x00EE; but the value is set too late to be transferred to the current index variable.
I've been trying to find out what hashing method the Citra emulator uses on its textures, to assign a full texture dump without having to rely on citra's dump tool... it's 16 character hexadecimal but I can't find what method it's using, it's most likely unique.
Check out the source code? Here's my homework: At src/video_core/custom_textures/custom_tex_managee.cpp has the function CustomTexManager::DumpTexture which saves the actual textures to disk, its last argument is u64 data_hash and it's used as the hash for the file name Tracing uses of that function we arrive at src/video_core/rasterizer_cache/rasterizer_cache.h which has the function RasterizerCache::UploadSurface and calls DumpTexture, the hash is calculated with ComputeHash (inside the same file) which in turn calls Common::ComputeHash64 Looking for it we can find it in the conveniently named file src/common/hash.h and it's just a wrapper over CityHash64 So there you go, the mystery hash function is just CityHash, have fun!
Maybe you can recreate a bug that happened to me in NA MajMask. Shot a keese flying in a circle and fell through the ground after leaving north clock town exit... still never recreated it nor understood it
While not really useful, I actually managed today to run into the Crater with young link and exit it at the exact frame the timer ran out. This lead to link exiting Death Mountain, only to instantly die
Enjoying your channel. Great analysis. But your interest was piqued by the 2013 video: how on earth did a gamer (albeit fanatic) without access to the source code figure out these sequences? A brute force approach would take more than the age of the universe (to reference a meme)
You can still analyze the behavior of the game without the original source code by just using conventional Reverse Engineering methods and then plan your "attacks" with that knowledge. Otherwise how could we ever hope to analyze malware or mod games?
They found it when they used Farores wind and accidentally wrong warped and started testing it all all locations. Someone was using a memory viewer after that to find addresses that worked for finding Ganon.
why isn't the ghoma fight intro cut scene considered the last viewed cut scene (instead of the one when you enter deku tree) for the double ko strat where you die at same time as ghoma?
You should have used a ship of harkinian [the pc port] it has a really cool flag visualizer as part of it. Also it is actually, as a port to the PC of the original code, actually running is Nintendo meant it to
How about new Star Wars game glitch which lets you skip physical simulation frames if you play any coded content with your video card while playing the game (for example, UA-cam video)?
I'm running the game the way Nintendo originally envisioned. On Windows, trough an emulator, with a ps5 controller. I mean, can't get more authentic than that lol.
cool you used my channel in your description :) so im guessing this stream is still not available on the SpeedDemosArchive channel? i wonder why it was deleted there! it is THE stream that everybody is still talking about now 10 years later!
likely removed by SDA at request of the runner who has since transitioned and been in a number of controversies. Keep it up though, it is a classic run.
@@Monokai i kinda thought that too at first, but from this same year their other stream is still on there! and also a bunch of other streams both before and after their transition, so that cant really be the case i guess
@@raafmaat dunno, I'd ask Uyama but he doesn't run SDA anymore. Maybe she claimed it and then SDA realized they actually have the rights to it (it's in their agreements when you sign up as a runner to these events)
@@Monokai yeah maybe, and i think sda used to just wipe vods if they had any kind of swearing or slightly adult topics or whatever, so that might also have been the case here (mostly the donation messages i think)
you should also reverse the cheat code glitch that can apparently brick the 3ds with metroid nes the cheat code "engage ridley mother f&%$£$" uncenseored it would be interesting to see a in depth break down of how it goes so wrong, not sure if the 3ds emulators have memory explorerers but cheat engine or some of the other tools your aware of would maybe be of use if they don't have their own, would be more of a mess to explore since it wouldn't be just the games memory you'd be looking at.
You aren't "reverse engineering" anything. You're just explaining a glitch. Reverse engineering is a process of hex dumping and discovery which I'm sure was done when these glitches were originally found. A video about reverse engineering old games would be cool as hell. I only clicked because of your deeply misleading title.
for this video presentation alone it's important to have the memory layout of the game as it would appear on n64 and nothing else. Ship would appear in his computers memory and not being a correct representation of what the addresses would be on N64...
Something tells me this is not your content. You never explicitly said you discovered how this glitch works, but you never credited anyone for it either. It didn’t cost me anything to watch your video so what do I complain about, right? True, it just leaves bad taste in my mouth. This seems like a low effort video compared to the amount of hours that led to discovering and perfecting the glitch. All you seem to have done is summarize it based on someone else’s research. And you spent a whole “hour” trying to execute a frame perfect move? Oh please! What an achievement. I don’t know why it irks me so much, it just does. You seem to take otherwise interesting topics and just half ass them to hell. “Worms? I am going to hack the game and make it work online again! Well only until I discover someone else has done it already, but then I am going to milk it for two videos anyway.” Or “Zelda glitch? I will just read a blog or forum post, not credit anyone and show their findings in my emulator - that should do it. And trying to recreate a frame perfect move that fans spent days/weeks perfecting? I will give it a solid hour before not achieving” What in the hell man? I didn’t know YouTubing and getting sponsors was this easy.
@@MillennialN64Dad I think you misunderstood or I was not clear. I knew he didn’t make or invent the glitch. He credited that. I was talking about the actual mechanics of the glitch, for example the memory values, etc. - the stuff he presented in the video. Even if that is what you meant, the fact remains that there was no credit for that.
Want early access to new videos and some behind the scenes content? Consider becoming a channel member ua-cam.com/channels/QvW_89l7f-hCMP1pzGm4xw.htmljoin
Huh, that weird thing where you don't notice what channel a video was uploaded by and start watching it happened. Cool to see speedrunning-adjacent stuff here!
Edit: I just realized you're using a PS5 controller (1:29). With its circular frame around the thumbstick (no notches) any setups like this one, where you need to hold a direction, will be impossible to be consistent.
0:47 This setup to get to the door is actually really brilliant, so I want to explain its key points!
The setup changes a 1/20th of a second timing after seconds of waiting into simply hitting two buttons something like 0.6 to 0.85 seconds apart, and with visual validation. And it's really cool because it's based on some clever geometry.
When Link starts to run after playing the "ocarina" he runs around the camera in a curve, throws a Deku nut to stop on the spot, and then turns 90° and sidewalks straight outward from there. This fans out the possible paths, so it is easy to tell them apart. It's like rotating around a bicycle axle, and then moving outward along a spoke. It's hard to tell where you are in a tight curve, but it's easy to tell which spoke you ran outward on. From there a learned adjustment will land Link on the correct frame consistently. With 5 possible frames that reach the hallway, this eases the mechanical skill of the trick to hitting B and then a C button 0.6 to 0.85 seconds apart (guesstimate from a quick frame count of my old run).
(Alas, it is still a hard trick on the knowledge side, especially if you don't have someone coaching to point out how to recognize each situation and what to do. I'm not sure whether any tutorial fully explains the trick, but even if they did, it could be a lot to digest, and overlooking one key part could lead to repeated failures without knowing what is wrong.)
A newer setup has Link slow down by rubbing along the wall in proportion to how early we hit a button, so early or late cancel out with moving slow or fast and we get to the door on the perfect frame. This makes it easier to learn, but the timing window isn't quite as forgiving as 5 frames.
"A suspiciously tapered glass bottle."
I just about did a spit-take at that one
Remember, if it don't got a flare...
@@KingBowserLP ...something something up there
i like this these kinds of videos, usually when other youtubers explain glitches, they don't show how the memory changes.
Ocarina of time has such insane data manipulation glitches-would love to see you cover them like SMR or ACE!
On a side note, ZFG1 is a great resource for ocarina of time glitches, especially those complex memory-related ones.
ZFG1 is literally a top tier OoT speedrunner.
The* top tier
Fig aswell, he's the 1 with probably 1 of the most indepth knowledge about Ocarina of Time, concidering he was a big part of the whole decomp project for OOT (that made OOT PC port actually a reality) he used to speedrun and actually get somewhat close to the 100% WR by ZFG, but if we're talking about actual technical knowledge about why glitches work, Fig is definitely better than ZFG.
DannyB is also someone you may ask about technical details of the game. Cool dude, knows a lot of stuff.
This is exactly what I wanted to know when I first discovered speedrunning in 2016. Particularly this and code manipulation in old Pokémon games
" I'm not very good at games" meanwhile, at the time of writing this, your 6 most popular videos are all gaming related... So you're obviously doing something right when it comes to making gaming content.
And yes I did go to your channel and sort by popular and then count them
Correction - top 7 at least. Haven't seen the 8th one yet but if it's about c++ in games, then it is the top 9 videos as unity is a game engine.
@@Rebateman yeah I realized the one about a stamps was a game related one after posting this
@@Rebateman and also that just kind of makes my point more, he is just as much gaming channel as I am [If not more] and literally only do gaming content.
Unfortunately reverse engineering games doesn’t necessarily make me any good at them (: thanks for checking out the other videos though!
I've been speedrunning OoT for some time and I'm familiar with this glitch but I never knew how it actually worked internally so thanks for this video
quickly becoming one of my favourite channels, thanks for not playing music over it anymore!
I'd always had a general idea of how this worked, but never bothered to look further into it. Thanks for the great explanation!
thank you for such an insightful video, it would be wonderful to see more content like this. never to take away from the extreme dedication that speedrunners have to figure this out in the first place but to have a real understanding of 'how' is amazing.
It's pretty old tech so I can't quite remember, but iirc you can fix the cutscene softlock issue by pausing and unpausing in Link's house after loading your save, then going back to Gohma's room.
The setup is also *extremely* precise, you need to make sure that you perfectly adhere to every input and step once you're normalised.
The goal is to have the counter hit 90 by the time you go over the hump and deload the blue warp, so you need to be in both a specific place on the blue warp to start and unload it exactly on frame 90 by doing exact movements. The specific movements are done because they're consistent and repeatable, and if done exactly will guarantee 90 on the timer. OoT has a lot of surprisingly consistent movement techniques, so if you can normalise yourself you'll be able to repeat actions perfectly.
The last 11 frames of the counter increment as you walk through the door, since the warp is loaded again for a split second when the camera centers behind you. This means that it hits 101 at the exact point necessary for it to start the cutscene but for the base ID to be overwritten every time.
It might be worth trying to find the cutscene timer value, that lets you see if you've done the movement correctly. It's at [801CA10C] + 0x182 for NTSC v1.0, which is to say the value of address 801CA10C + 0x182.
Yes that is one of the fixes, but it was just easier to edit the value (:
Also thanks for the extra info, I toyed with the idea of finding the timer but I’d already resigned myself to the fact that I was never going to be good enough to execute it
@@nathanbaggs Haha, that's fair!
You'd be surprised honestly, precise does not necessarily corrolate with difficulty! None of the specific steps in Ganondoor are particularly difficult to execute, so long as you're in the right place to begin and press the right buttons then it should work.
One thing that might be messing you up is the PS5 controller, since it doesn't have notches on the analogue stick. The setup for Ganondoor expects you to have a notch for a consistent walking angle, and most people play with an N64 or Gamecube controller.
The actual trick itself is definitely doable though, I promise you'll be able to manage it! There's nothing like the feeling of it working for the first time =p
So correct about the controller
Ah interesting point. I do have an N64 from when I was a kid knocking about somewhere, but it’ll be the PAL version
@@nathanbaggs I think there's a setup for PAL, but I'm not 100% sure. It's actually easier since the game runs at a glorious 17fps, lol. It's also pretty easy to build an n64 controller adapter with an Arduino, having done a project in the past that involved sniffing the controller logic it's pretty fun!
Awesome video! Love these kinds of deep dives
I am subscribed for a couple of videos already, and I must say, your improvement in presentation and delivery is really cool to see. I don't know if I'm alone in my opinion, but this is the first video in which I felt your energy as more grounded, less "youtubery", and like you aren't mad at me lol
As someone who does computer security as their day job this buffer overflow particularly has always fascinated me. The fact you can perform it with a controller blows my mind.
A pretty bog standard explanation of how the glitch work, but perhaps better than most for actually opening up the hex editor. I always wanted to make a proper video on it by myself, but never did since I always get lost in the weeds of what order to introduce things and for the longest time I struggled naming things effectively. The closest I got to a complete picture of things was the collab I did with Bismuth on his two part Wrong Warp video; that was back when I knew SRM was going to obsolete the wrong warp any%.
Technically, the frame you open the door does not matter, what matters the number of blue warp actor_update calls/increments of the animation timer after you break free from the first part of the warping up animation. It needs to hit 101 (child dungeons) on the final blue warp actor_update call before the scene is destroyed, immediately after your next entrance of the Deku Tree basement has been confirmed and copied to 8011A5D0.
Drop the ego dude
I've seen this trick performed hundreds of times over the years and this is the best explanation i've ever heard! Great video! The new ACE routes just don't have the excitement of this one...
WinWaker
If only the speedrunning community knew you could open the memory editor - would save them a lot of hassle 😂
Seriously though these are really interesting and well produced videos, thanks !
They knew hence why they could reverse engineer OOT for a native pc Port. (Ship of harkinian)
The joke here is the speedrunners opening the memory viewer mid-run to trivialize the strats. I think naxxtor is aware the speedrunning community knows about memory viewers and reverse engineering
Love your content, keep it up!! :)
I too am fascinated at some of these more extreme glitches, I never really took an interest in speedrunning/glitching until I saw someone perform a code injection exploit in a Super Mario Brothers game using only controller inputs... it amazed me. This Zelda one is also a favourite and I have seen some explanations over the years, this is definitely the best though.
Great explanation. The people really did good job at reverse engineering OoT code. I remember watching streams of that work. One thing that I think is good to pay attention to, is the weight the ocarina item is lifting. Not only it breaks the lock, but even if you had normal ocarina, you wouldn't be able to play it in a boss room.
For a moment I was concerned that you did navi dive, but then I realized you're not going to the bottom of the well like so many times you would in OoT.
Thanks for these videos they're fascinating🎉 Speed running and TAS could be and endless source for these videos
I look forward to every one of your videos, really makes my day!
Glad you like them!
I've always wanted a breakdown of this. Thank you
Love your little 'subscribe' notes. Very clever, my good man.
In some other Zelda content people normally change file 2 and 3 to please and subscribe, this one was unique lol
8:26 the reasons being rather aggressive object culling
Love culling in this game. Like melting king Zora.
Speed running is like vers jumping in everything everywhere all at once
I think you should definitely cover the 100% NSR [no source requirement ] run.
I love your videos, keep it up and I can't wait to see your channel grow and grow!
Great video, seeing it months later.
Not sure what the original comments essay is on about with crediting the glitch, the original finder of wrong warp, christianf23, didnt know how it worked either and it took about 24 hours before mzx figured out exactly how it worked and a further period of time before sockfolder and robdog figured that ganondoor would work. Theres no credit needed to be handed out here as it was a community effort and no one single person owns the glitch... Its honestly kinda sad to see someone having a tirade about something they werent even present for.
Its unfortunate many of the comments in this video miss the point of why you did things a certain way (playing in an n64 emulator instead of the pc port to better explain it as the n64 sees it on real hardware rather than in memory of your pc) or are bringing up the runners decision to transistion to another gender. I've been part of the oot speedrunning community for almost 15 years at this point and was once good friends with the runner before she transitioned and chose to ignore all previous friendships... Its odd to see people say rip etc when you could just acknowledge someones accomplishments as if it was a different era in their life without having to further talk about it, especially in an unrelated vid.
Great content though and keep it up.
I swear, N64 Link is the Superman of speedruns. The only powers/tricks he doesn’t have are the ones the speedrunners haven't thought of yet.
Awesome! You're doing the princess's work!
Interesting channel, subbed, will check out some of your other vids, I dabble with code but could never quite grasp interpretting low level memory
keen for the other video technique, i do appreciate the breakdown and how the games are running.
Great video. This is really interesting stuff and well produced too! Is it possible you weren't able to pull off the warp after trying for over an hour due to using an emulator? Maybe its implementation is not 100% accurate compared to the real hardware and timing was slightly off because of it? Anyway, awesome stuff. Good luck on future videos!
I just don’t think I’m very good at speed running (:
This is actually true. Only project64 allocates memory in a true way and even then there can be small, strange issues on emulators, for instance the frame rendering and frame speed could be one frame off like you have said. I run all these glitches and I prefer original hardware.
In OoT emulator makes pause buffered tricks much more difficult, but tricks like this one work the same and are probably faster to learn on emulator due ease of set up and save states. OoT in particular is hard to learn without good documentation and/or "coaching"- usually just someone in Twitch chat or Discord helping out, which was especially common when OoT Speedrunning and SpeedRunsLive were more popular. For example, I suck, but when I started out the 3rd fastest runner at the time (doktor_m) randomly dropped in to help. The community is probably just as helpful today, but less active.
nah, he wasn't using the correct setup, everytime he did it he moved different to how the runners move, and even then, depending on how your angle is after you use the deku nut, press up and z-target to start your sidewalk/sidehop to the door also changes how you should do different things to move the frames along.
from what I gathered in this video, Nathan wasn't aware that there are different setups for different camera angle's (the different setups happen as soon as you get to the dirt mount near the boss door)
this can range from doing a sword slash, throwing another nut, doing a full 180 turn etc.
@@Edsploration. not anymore since there is a romhack now called GZ, which is a practice rom that comes with savestates and various cheats and QoL changes, including a memory editor.
this is what has taken over the emulator space since now you can practice WITH savestates on actual hardware, be that N64 or Wii (the 2 most prominent consoles for OOT)
this makes learning routes and glitches for a speedrun much more concistent, since if you need to pause buffer a trick, goodluck learning that on emulator, it's horrible, while with GZ you can practice this on actual hardware, so it'll be identical to how it'll be in an actual run.
6:25 this is how dank% speedrun works. You set a deku stick on fire then do this glitch, it will look like you're smoking it, which is even more hilarious by the fact the stick will burn from the end to the tip just like a joint would.
Your channel is so cool. Glad I stumbled on to it.
It probably doesn't check specifically for negative numbers, but rather if the variable is greater than 0. That way, if there is a positive number there, it executes, otherwise it's assumed to be 0
If I had to guess the check it's probably at Cutscene_ProcessScript in z_demo.c where it exits early if curFrame is bigger than csFrameCount or a loop doesnt run because totalEntries is less than 0. Which sounds about right but I'm not familiarized with Ocarina of Time's source code so take it with a grain of salt :p
I could see an argument that these are the same thing.
It's actually not such an amazing coincidence that you end up at Ganon's Tower Collapse, because that scene has a LOT of entrances, a random entrance is quite likely to go there.
What is that game at the start of the video?? That glitch is awesome ahaha!
you got a sub....dunno why but i subscribed, glitches are fun :D
1:23 lmao love this kind of humor
very informative video nate. but im also very interested in that shirt: is it light pink or eggshell? looks great. i need one just like it.
Think I missed it as part of the explanation but why do you need to change room on exactly the last frame? Softlock I guess? But why would it softlock if you spend a couple of cycles in the next room instead of just one?
I think if you enter the door too early, you spawn in the next room in the deku tree basement and the timer is cancelled. If you enter the door too late, the timer has taken over and you spawn in front of the deku tree where the cutscene plays.
You must hit the right frame so the game sees you going through a door, but if done at the right frame the addresses of the door and the room will be added together and the value on that frame happens to be the entrance to tower collapse.
When you take two loading zones at once, one of the loading zones is taken, but the other loading zone can have properties that bleed into the one that is actually taken. So in this case we want to load the Deku Tree basement, while having the blue warp set the property to play a cutscene. The 2nd loading zone taken usually cancels the 1st, and if that worked it wouldn't even be frame perfect, but that can't work here because once the blue warp has started fading out, the door loading zone is disabled and can't be activated. But there's another way to combine two loading zones together, where you take the 2nd loading zone on the last possible frame after taking the first. In that case the 2nd loading zone comes too late to cancel the first. So that's why it's frame perfect. Go through the door 1 frame early and the blue warp never activates so you just arrive in the basement. 1 frame late and the blue warp activates too early and cancels the loading of the basement.
Looking at my old notes on this, Ganondoor is frame perfect because there's a one frame window where the game commits to entering new area but then the blue warp actor gets one final call to actor_update before the whole scene is destroyed.
So the way it goes is, you open the door and the door writes 0x252 into 801DA2BA, which is the next entrance index variable, and then triggers a fade out animation. When the animation completes, that value is copied into the current entrance index variable at 8011A5D0, and flags a scene switch to happen on the next frame. Then when the blue warp actor updates (if timed correct), it sets the next cutscene to 0xFFF1 and next entrance to 0x00EE; but the value is set too late to be transferred to the current index variable.
I've been trying to find out what hashing method the Citra emulator uses on its textures, to assign a full texture dump without having to rely on citra's dump tool... it's 16 character hexadecimal but I can't find what method it's using, it's most likely unique.
Check out the source code? Here's my homework:
At src/video_core/custom_textures/custom_tex_managee.cpp has the function CustomTexManager::DumpTexture which saves the actual textures to disk, its last argument is u64 data_hash and it's used as the hash for the file name
Tracing uses of that function we arrive at src/video_core/rasterizer_cache/rasterizer_cache.h which has the function RasterizerCache::UploadSurface and calls DumpTexture, the hash is calculated with ComputeHash (inside the same file) which in turn calls Common::ComputeHash64
Looking for it we can find it in the conveniently named file src/common/hash.h and it's just a wrapper over CityHash64
So there you go, the mystery hash function is just CityHash, have fun!
I want a patch where, when you play the sword like an ocarina, it sounds like a trumpet
I really don’t want to alarm the dude in that first clip, but the dude in the game is sitting on his right
9:06 Nintendo knew what they were doing Kappa
You’re awesome, what’s your background?
I would love some videos on ACE in other games like paper mario
We have this game decompiled. Why wasnt that used or referenced?
did we watch the same video?
Maybe you can recreate a bug that happened to me in NA MajMask. Shot a keese flying in a circle and fell through the ground after leaving north clock town exit... still never recreated it nor understood it
You should do a reverse Engineering of the Ocarina of Time Triforce % speed run
While not really useful, I actually managed today to run into the Crater with young link and exit it at the exact frame the timer ran out. This lead to link exiting Death Mountain, only to instantly die
I never expected myself being this captivated by this, i have not played Zelda nor have I been reverse engineering. This is so cool still
You make some of the coolest videos!!!
Enjoying your channel. Great analysis. But your interest was piqued by the 2013 video: how on earth did a gamer (albeit fanatic) without access to the source code figure out these sequences? A brute force approach would take more than the age of the universe (to reference a meme)
You can still analyze the behavior of the game without the original source code by just using conventional Reverse Engineering methods and then plan your "attacks" with that knowledge. Otherwise how could we ever hope to analyze malware or mod games?
They found it when they used Farores wind and accidentally wrong warped and started testing it all all locations. Someone was using a memory viewer after that to find addresses that worked for finding Ganon.
Thanks for the extra insight!
This is what i have been searching for
Glad you found it
nice video tho i feel like it should be named "Explaining This Insane Glitch" as I have not seen any RE in this video
Awesome!
:3 I've played games since the early 90s, and I was born in 89. I'm very good at games. Hehe
"suspiciously tapered"
i agree ace is a whole other level
"much like being an adult" hahahhaah
Good vid. I only managed to get the wrongwarp to work once.
Once more than I did (:
Nice. Thank you!
6:41
Sounds like something we say to Ai 🤖
why isn't the ghoma fight intro cut scene considered the last viewed cut scene (instead of the one when you enter deku tree) for the double ko strat where you die at same time as ghoma?
thanks for not saying which glitch
Nice video
You could've played an old TAS file.
1:23 the magic of autism!
You should have used a ship of harkinian [the pc port] it has a really cool flag visualizer as part of it. Also it is actually, as a port to the PC of the original code, actually running is Nintendo meant it to
I found ship doesn’t like certain frames on Ganon door.
How about new Star Wars game glitch which lets you skip physical simulation frames if you play any coded content with your video card while playing the game (for example, UA-cam video)?
I'm running the game the way Nintendo originally envisioned. On Windows, trough an emulator, with a ps5 controller.
I mean, can't get more authentic than that lol.
cool you used my channel in your description :) so im guessing this stream is still not available on the SpeedDemosArchive channel? i wonder why it was deleted there! it is THE stream that everybody is still talking about now 10 years later!
Thanks for preserving it, it’s such a classic!
likely removed by SDA at request of the runner who has since transitioned and been in a number of controversies. Keep it up though, it is a classic run.
@@Monokai i kinda thought that too at first, but from this same year their other stream is still on there! and also a bunch of other streams both before and after their transition, so that cant really be the case i guess
@@raafmaat dunno, I'd ask Uyama but he doesn't run SDA anymore. Maybe she claimed it and then SDA realized they actually have the rights to it (it's in their agreements when you sign up as a runner to these events)
@@Monokai yeah maybe, and i think sda used to just wipe vods if they had any kind of swearing or slightly adult topics or whatever, so that might also have been the case here (mostly the donation messages i think)
What was the intro game?
you should also reverse the cheat code glitch that can apparently brick the 3ds with metroid nes the cheat code "engage ridley mother f&%$£$" uncenseored it would be interesting to see a in depth break down of how it goes so wrong, not sure if the 3ds emulators have memory explorerers but cheat engine or some of the other tools your aware of would maybe be of use if they don't have their own, would be more of a mess to explore since it wouldn't be just the games memory you'd be looking at.
That’s such an iconic stream from GDQ 2013. RIP Cosmo.
Hahaha. How Nintendo intended it. XD
Rip cosmo
RIP Cosmo. The magic mushrooms were delicious.
please fix/patch bully and the movies
❤❤❤😊
Lmk if I can help you I would happily offer footage from my runs if you’d like any for free.
Cosmo got me interested in Speedrunning, many of us I bet.. So sad to see him fall for the lie of transgenderism. How the mighty have fallen
2:09 There are no "chickens" in Legend of Zelda you filthy casual...
LIK, COMMEN & SUBSCRIB
☝️
You aren't "reverse engineering" anything. You're just explaining a glitch.
Reverse engineering is a process of hex dumping and discovery which I'm sure was done when these glitches were originally found.
A video about reverse engineering old games would be cool as hell. I only clicked because of your deeply misleading title.
Why show your face that much
2.2Kth like lol
>emulator
Yuck. My homies all use Ship.
for this video presentation alone it's important to have the memory layout of the game as it would appear on n64 and nothing else. Ship would appear in his computers memory and not being a correct representation of what the addresses would be on N64...
Who liked the video and broke the 69 likes?!? Now I have to like the video too!
Something tells me this is not your content. You never explicitly said you discovered how this glitch works, but you never credited anyone for it either. It didn’t cost me anything to watch your video so what do I complain about, right? True, it just leaves bad taste in my mouth. This seems like a low effort video compared to the amount of hours that led to discovering and perfecting the glitch. All you seem to have done is summarize it based on someone else’s research. And you spent a whole “hour” trying to execute a frame perfect move? Oh please! What an achievement. I don’t know why it irks me so much, it just does. You seem to take otherwise interesting topics and just half ass them to hell. “Worms? I am going to hack the game and make it work online again! Well only until I discover someone else has done it already, but then I am going to milk it for two videos anyway.” Or “Zelda glitch? I will just read a blog or forum post, not credit anyone and show their findings in my emulator - that should do it. And trying to recreate a frame perfect move that fans spent days/weeks perfecting? I will give it a solid hour before not achieving”
What in the hell man? I didn’t know YouTubing and getting sponsors was this easy.
Just take it easy man lmao 😂
@@Omgitssoup I know. I can’t even explain why it pisses me off so much. But hey, it’s viewer engagement, so win/win?
Every single person except you knows he didn’t make the glitch so no credit needed.
@@MillennialN64Dad I think you misunderstood or I was not clear. I knew he didn’t make or invent the glitch. He credited that. I was talking about the actual mechanics of the glitch, for example the memory values, etc. - the stuff he presented in the video. Even if that is what you meant, the fact remains that there was no credit for that.
@@InShadowsLinger ohhhh ok thank you