by ReSpec is usually a column about the wonderful, technical world of PC gaming, but occasionally there are topics that are too good to pass up. The Legend of Zelda: Ocarina of Time is universally recognized as one of the best Nintendo 64 games ever made, and while it’s not a PC title, the game’s higher-level, more technical speeds expose how games work on a fundamental level. Most importantly, these incredible feats are only possible with a lot of community effort.
Ocarina of Time it’s a game that would take a normal player around 30 hours to beat. the most skilled speedrunners, who aim to play the game as fast as possible, can beat it in about three hours and 40 minutes without problems. However, the game’s Any% category, which tasks players with completing the game regardless of the methods used, drops to three minutes, 54 seconds, and 566 milliseconds. And yes, those milliseconds matter. The second-place finisher is less than a full second off the world record.
Even if it is such a remarkable feat, it is not only that Ocarina of Time speedruns bring to the table. At Summer Games Done Quick 2022, a six-monthly speedrunning marathon for charity, there was an exhibit that highlighted a team of speedrunners reprogramming the game on the fly to display new graphics, play new music, and even run a Twitch chat overlay. And all this was done in a stock copy of the game with no pre-programming.
The Ocarina of Time The speedrunning community continued to break the game in seemingly impossible ways. I reached out to two of the top minds in the community to find out what the classic Nintendo 64 game is doing, and it all boils down to one exploit: Arbitrary Code Execution.
Far from arbitrary
Arbitrary Code Execution, or ACE, sounds a lot more intimidating than it actually is. It’s a term used in cyber security that basically means running code (or a program) that shouldn’t be running. This is Dannyb, a speedrunner Ocarina of Time which holds the record for second place in the Any% category, described in ACE Ocarina of Time: “Arbitrary code execution in OoT is an exploit through which a player can use in-game actions to organize a bunch of data in memory to mimic game code and then manipulate the location where the game wants to execute the code so it’s the place where we just made that arrangement.”
With the right actions, Dannyb says players are able to “run basically any code we like through the game and make the game do things it wasn’t programmed to do.” These actions include things as seemingly useless as the name you enter when you start the game. This is exactly the action he allowed Ocarina of Time to be struck so quickly.
In a game like ocarina of time, the game tests its memory to meet a certain requirement to win the game. The goal in an Any% speedrun is to rearrange the memory to look at your character’s name instead of where it usually appears. This is called Stale Reference Manipulation, or SRM, and dannyb says the exploit is what broke it Ocarina of Time speedruns are opening in a big way.
“The ACE in any video game always needs these two things: precise control over some area of memory so that the player can make the data there mimic code, and the ability to change the execution location of the code to be the custom lie code. In 2019, a bug called Stale Reference Manipulation was discovered in OoT, which opened up the second requirement in a big way,” said Dannyb.
In the case of a normal Ocarina of Time perform, seemingly random actions add up to trick the game into checking areas (like your character’s name) for completion requirements when it shouldn’t. It’s a two-part process. Create a data payload such as your character’s name and manipulate memory with SRM to point to that payload.
Hacking on the fly
That’s how speedrunners beat Ocarina of Time in just a few minutes, but it doesn’t fully explain how the lovingly named Triforce% showcase was able to add new textures, models, music, code, and even a Twitch overlay to the game without any modification to the cartridge. Savestate, one of the minds behind this multi-year project, explained that it’s all about preparing the Nintendo 64 console to understand controller data as game data.
It’s a showcase only possible thanks to TASBot, which is able to perform entries at inhuman speeds. As Savestate explains, “We modify an instruction in memory to start reading the controller data as N64 instructions. Normally, this would crash, but thanks to TASBot, it’s able to simulate controllers and manipulate them at inhuman speeds to resemble N64 instructions, so the game executes the controller data as a set of predefined instructions.”
Racers can add any code they want to the game just through the controller inputs.
In short, the Triforce% showcase uses ACE and SRM as usual Ocarina of Time speedrun, but it specifically changes the way the Nintendo 64 console understands instructions. With this setup, racers can add whatever code they want to the game just through the controller inputs. Savestate continued: “There is no modification of the game cartridge. To transfer custom data to memory, we use a bug that allows us to start adding and modifying items in memory with the help of TASBot, while only interfacing with the N64 console through the controller ports.”
These feats aren’t just discovered by accident. Savestate explained that the Ocarina of Time The community has developed tools to examine how memory is laid out in the game, as well as programs to simulate different memory configurations. Emulators like Project64 help a lot, allowing racers and tool developers to examine how the game runs the code step by step.
Ocarina of Time is one of the most iconic games ever made, and the strong, dedicated speedrunning community has allowed the game to thrive with new developments for decades after its initial release. Farms like this one that feeds faster Ocarina of Time Speedruns play down the challenge usually associated with beating a game as quickly as possible, but they also highlight the incredible technical expertise and community effort that goes into dissecting and analyzing beloved games.
The community is also aware of this balance, according to dannyb: “OoT’s Any% speedrun category is the only one on the main leaderboards that allows ACE as a valid way to complete the objective. For everything else, we ban ACE to preserve the uniqueness that brought these categories to life in the first place.”
This article is part of ReSpec – an ongoing bi-weekly column featuring discussions, tips and in-depth reports on the technology behind PC gaming.
Editors’ recommendations
