I noticed that many games show gameplay videos. Some examples I can think of right now are: the beginning of Super Mario World, the end of Kirby's Adventure, and the beginning of GoldenEye if you don't push any buttons.
How are those videos saved in the game? Is it a playback of a video file, or is it loading a RAM state and keypresses? If the latter, is it possible to exploit these videos, so as to take control of the game at that point, possibly skipping many levels?
Basically the entire game engine is run as if the game was played, except that there are some memory flags present that indicate whether it is actual game or a demo; the demo setting disables interactive input, often also the music and SFX, and points to some kind of buffer to instructions for the engine to process.
The instructions may include keypad input in some compressed form, or actions for the actors to perform.
In Super Mario Bros I think it is keypad input, because I have seen it desync.
The demo may also be prepended with a short savestate-like structure that tells the engine which scene to load. In SMB, it does not exist. When it exists, in the simplest case, it is just the stage number. I would imagine that to be the case in Castlevania, for example. More complex settings may include positions of each actor.
Braindead 13 can also be exploited this way, skipping most of the game. I think each game stores the demos differently. Doom I & II has them as separate files, for example.
It's basically explained in the link Morrison provided, but I'll explain it in a few lines here:
If you wait long, the game will play a demo. If you don't touch anything, the demo will always be exactly the same. The ball shoots automatically from the panel after a short while, and the comp is programmed to always stay underneath the ball (no matter how fast the ball travels... when playing the game normally, you are able to more at a relatively slow speed, but the comp can move from the far left of the screen to the far right of the screen in 1 frame if needed). You are however able to control the A button in the demo. This allows you to shoot the ball from the panel before it would automatically fire. If there are enemies, the timing of the fired ball has influence on the game, and the demo will be different. By firing at the right frame, it's possible to get the laser powerup. You can now fire shots with the A button inside the demo! This gives you even more control over it. It seems however still impossible to for instance die in the demo, since the comp always stays underneath the ball. When getting or losing the laser powerup, the panel will shrink for a moment though, and with the right manipulation of the demo by using the laser, it was possible to go game over, since the panel just shrunk when the ball was about to hit it. The Arkanoid continue code, which allows you to continue in the level where you last died still worked, so this way, it was possible to restart in a level relatively late in the game... but you should probably just watch the movie :)
What's really fun with Super Mario Bros is that you can poke the "Are we in a demo?" byte while the game is running. If you turn off demo mode, you can take control of the game, even though no music will play. If you turn on demo mode while playing normally, the character will start walking as if they are being controlled by the demo, then pressing Start at any time resets the game back to World 1-1 as if the demo had finished.
Byte in ram is 0770. 00 for demo, 01 for normal gameplay.
Joined: 11/11/2006
Posts: 1235
Location: United Kingdom
Banjo-Kazooie uses a series of input built-in rather than anything complicated like actor positioning, as is probably likely with most 'modern' games. An interesting way to mess with this is that there are codes in PJ64 to make the game think you are always on a spring pad or flying pad. I haven't seen if its possible to die in a demo in this game but you never know..
<adelikat> I am annoyed at my irc statements ending up in forums & sigs
I guess it should be possible, but:
1. It would only work on a specific game.
2. It could be very hard to do.
3. It would be illegal to distribute.
4. If the TAS is obsoleted, it would be awful to reprogram.
5. You don't gain much from doing it.
I haven't seen this, but several people have reported that in the demo of the "Sharkfood Island" mystery egg in the good ending, sometimes it desyncs and Banjo doesn't make it all the way to the top.
put yourself in my rocketpack if that poochie is one outrageous dude
Lunar Magic has a mode that allows you to do this using ZSNES. Install the title screen ASM hack, go to the proper level (C7? I am not sure currently), play the game however, using slowdown, savestates, whatever, and when you're all done just make one last savestate and use it.
I believe there is a similar system for SMB1, as well, in one of the many editrs (Mario Edit?)
Certainly. For Super Mario Bros ― how interesting movie do you think you could build, given the following limitations?:
* The demo program is 75 bytes long, where the input is 43 bytes long (RLE-coded).
* If the demo program is not changed, the maximum length of the movie performance is 5355 frames, where the input (buttons being held) may change 19 times. For reference, a jump changes input twice (A press, A release).
If you are up for the job, the ROM locations to hack are the following:
$8340 = input table; $8354 = input length table; $836B = input callback program entry; $838A = input callback program end.
Joined: 12/25/2007
Posts: 86
Location: Muhos, Finland
Also super mario world demo input can edit via Lunar Magic (too bad it sont run well on Linux :( )
<small>Big signature cleared by admin; read <A>forum rules</a>.</small>
<small>-Me:..and big sig. was just small picure(two row's), It dont even lag my 3660's web browser >_></small>
I always thought it was intentional, since it seemed to always alternate between them. Oops?
One interesting thing is that it always desyncs in the same way (one frame off), and it always causes that second Goomba to vanish. Neat.
Tetris also has a list of predetermined peices. The following code nop's that branch: GEVOVAIA
The computer now gets randomized peices, but uses the fixed movements intended for the original fixed set.
Joined: 4/8/2005
Posts: 1573
Location: Gone for a year, just for varietyyyyyyyyy!!
Xkeeper wrote:
Warp wrote:
Bisqwit wrote:
In Super Mario Bros I think it is keypad input, because I have seen it desync.
It seems that desyncing recordings are a much older problem than I thought... :P
I always thought it was intentional, since it seemed to always alternate between them. Oops?
One interesting thing is that it always desyncs in the same way (one frame off), and it always causes that second Goomba to vanish. Neat.
In Genesis Gods, there are several gameplay demos that are loaded after each other, if you wait in the main menu. They use predefined keypad input. However, just before a demo loads, there is 1 gameplay frame where player has control, so it is possible to make the demos desynch in more than just one way. It is a minor programming error, a funny one.
In Super Mario Land 2, there are some codes to play the demos.
At the title screen hold down these buttons and wait for the demo to come up:
Demo #1: Up + select
Demo #2: Up + A + select
Demo #3: Up + B + select
Demo #4: Up + A + B + select
I just remembered something else.
In the original Arcade versions of Street Fighter 2 and SF2: Champion Edition, when you beat the game without continuing (but losing at least one round), you see all characters fighting in pairs as the staff roll scrolls by. Of course, there's no playback of any kind involved here, since it's just CPU-handled characters fighting each other.
However, sometimes, and for reasons completely unknown to me, the collision detection gets turned off somehow. When that happens, the CPU characters continue their frantic fighting, except no blow connects, and they can even walk through each other. Weird stuff.
The ending to Sonic 1 desyncs if you hold C, due to it being unable to press C itself (because it doesn't register a "new" press of C if you're holding it.)
"If any man is not free, then I too, am a small pie made of chicken"