Submission #7124: Doomsday31415's SNES Donkey Kong Country "game end glitch" in 01:03.70

Super Nintendo Entertainment System
game end glitch
(Submitted: game end glitch)
(Submitted: Donkey Kong Country (USA).sfc USA v1.0)
Bizhawk 2.6.1
3828
60.0988138974405
9834
Unknown
Submitted by Doomsday31415 on 5/17/2021 10:38 PM
Submission Comments
Why play the game when you can just play the first level?

General Information

  • Emulator: Bizhawk 2.6.1
  • Version: USA 1.0
  • Objective: "Defeat" King K Rool as quickly as possible
  • Categories:
    • Uses death to save time
    • Takes damage to save time
    • Heavy glitch abuse
    • Corrupts memory
    • Major skip glitch
    • Final boss skip glitch
    • Executes arbitrary code
    • Genre: Platform

Funky Start

A relatively new glitch was discovered where pressing down immediately after Start at the beginning causes the kongs to start in a funky barrel instead of as solo Donkey Kong. This saves a little over a second by not loading the world map music and moving slightly faster.

Split-up Glitch

The split-up glitch causes allows the player to control both kongs at once, in addition to having both kongs interact with objects as if each was the active kong.
There are a few ways to trigger this, but the fastest way is to do the following:
  • Pick up a DK Barrel
  • Bounce on an enemy to drop it
  • Before the DK Barrel breaks, pick it back up again
  • Get hit and die (note: while in this state, you can only die from falling in a pit, so you must get hit over a pit)
  • Break open a DK Barrel
You will now be controlling both kongs at once. Needless to say, being able to do this causes all manner of glitches to occur, including the one we're interested in.

Invisible Animal

Using the split-up glitch, you can ride an animal buddy with both Kongs at the same time. This causes weird graphical effects, and the animal buddy object can despawn if you travel too far in either direction.
Notably, this allows applying the "jump" logic to an invalid object like a bonus, which causes an infinite loop. The infinite loop fills the stack until it eventually overwrites the source of the infinite loop, corrupting many pointers in the process.

BRK is your friend

The most obvious effect of these pointers being corrupted is the Kongs will now fall through the ground. However, it is also possible to execute invalid behavior 3F, which quickly BRK's. This sends the program counter to $7003.

Open Bus Strikes Again

If you don't know what Open Bus is, you can find a high level explanation here.
Suffice it to say, $7000-$7FFF is all Open Bus, and it ends up doing 70 70 over and over again.
It then reaches $800b, which quickly results in another BRK back to $7000 or $7003.

HDMA to the rescue

This would normally result in some sort of infinite loop, but while all this is going on, HDMA is still actively trying to send data during certain windows for graphical effects.
I won't go into too many details here, but these commands can overwrite what Open Bus would normally spit out, and vary wildly in effect.
By finding an extremely unlikely command through a very specific timing, it is then possible to reach the controller registers located from $4218 to $421F.

The Payload

Unfortunately, the path I took to get here ended up clobbering both the data bank and direct page registers, and we can't beat the game without resetting them. Thus, the payload looks like this:
  • 5B 20728C 80FA
  • 80F8 48 AB 22D784B8
The first frame fixes the direct page register and continually calls a lengthy function in the game until the controller data is updated. This last bit is important because the controller data isn't filled instantly, so we need to stall after the process starts without knowing when it started.
The second frame fixes the data bank register and jumps to $B884D7. This location is called very early on when loading the level after King K Rool is beaten, and conveniently sets all the necessary flags as well.

What about Wrong Warping?

It is entirely possible on Bizhawk to do the same jump using the controller registers by doing a wrong warp to level FFE9. This is both significantly easier to do and faster, but it has a fatal problem: It doesn't work on real hardware.
The way Bizhawk updates the controller registers in this instance is flawed, and as such reads data that is basically a bunch of 0's or thereabouts on actual hardware. This will always be the case if the ACE is attempted during a level transition, and as such is not viable anywhere.
Thankfully, the HDMA ACE is done in the middle of the level, and there's no reason to believe the controller registers should be disabled.

Notes

For more details on some of the movement done here, please refer to the explanation video.

Special Thanks

p4plus2 and Ilari: For helping me to better understand why the wrong warp method doesn't work on real hardware, and for helping me to better understand the magic of HDMA.
SnakPak: For confirming that the BRK is triggered on console.
Everyone on the DKC speedrun, TASVideos, and TASBot discord servers who gave advice or encouragement. It's much appreciated!

Suggested Screenshot


Samsara: Judging.
Samsara: Congrats on finding a working strategy for this! Reception to the run is excellent, the submission text was a great read and the video was an even better watch. Accepting to Moons as a new category!
EZGames69: Processing
Last Edited by adelikat on 11/6/2023 3:44 AM
Page History Latest diff List referrers