Some guy made a modloader inside an unmodified SMW cartridge

This is an archive of a topic from NESdev BBS, taken in mid-October 2019 before a server upgrade.
View original topic
Some guy made a modloader inside an unmodified SMW cartridge
by on (#196981)
https://www.youtube.com/watch?v=Ixu8tn__91E

This is so awesome. Remember last year when someone found out about the arbitrary code execution glitch in Super Mario World? Well this time, he corrupted the save data of the cartridge, causing it to glitch out the game. Inside of the cartridge's save data, there's a installer, a hex editor and a mod page. The installer loads up the hex editor into the game and the hex editor allows you to change any part of the game that's writeable. This includes the mod page 0xFFFF which allows you to write your own mods for the game. What's the best about this is that you don't need any special hardware other than two multitaps and three SNES controllers for the installation process and that it's completely legal because you're not stealing any code from Nintendo (Kinda like Game Genie being legal), but just making your own, and that you can copy the installer and the hex editor onto another cartridge. So far, there are two mods: Telekinesis mod and SNES Mouse mod.

So what do you guys think about this?
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#196986)
I think it's pretty awesome. Though cumbersome to do manually, I consider it kind of cheating when someone uses an Arduino or something to do the button presses.

I'm amazed whenever anyone finds a code injection exploit in CPUs and systems.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#196991)
This is really neat.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#196996)
He mentions a method to copy data from one cartridge to another by hot swapping cartridges. I thought I read somewhere that removing cartridges from a SNES while powered on is a good way to blow a fuse.

It's a cool creation though, a step up from flappy bird. The telekinesis mod looks to be entertaining.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197041)
Does this mean we will see SMW hacks on original cartridges soon?

I honestly don't know enough or understand code, so this is a legitimate question.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197044)
Only if they can fit the total complexity of the hack into the 2 KiB of save RAM on the cart.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197047)
Is 2K enough to mount an SD card connected to a controller port? SD supports SPI mode, and the NES and Super NES controller port is SPI-like enough that an SD card reader that plugs into a controller port would probably be trivial: just a circuit to demultiplex the select and MOSI signals from the console's strobe and clock outputs.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197071)
I think a SWM Game Hack Game Competition needs to be run. And that it is insane.
Also how does one remove the cart when running, the slot in the front of the cart is for when you turn it "on" the cartridge gets "locked" in, so you can't remove it.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197076)
Oziphantom wrote:
Also how does one remove the cart when running, the slot in the front of the cart is for when you turn it "on" the cartridge gets "locked" in, so you can't remove it.

I think it's discussed somewhere here but I couldn't find the thread. Anyway, while some carts do have the slot, most don't. That SMW being a launch title could mean there are more carts with the slots than later games though. Anyway, no matter whether a cart came with the slot or not, you can pull it out any time for later revisions of the console.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197080)
Also, only US games have that lock. I had never heard about it until someone linked that article a while back.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197085)
Attachment:
WP_20170601_001.jpg
WP_20170601_001.jpg [ 89.39 KiB | Viewed 3171 times ]


I've never seen one without a lock. I check both of mine, both have it.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197090)
Major brainfart. The thing I hadn't noticed before was the US carts that have a different shape due to NOT enforcing the lock.

Anyway, the lock is just a plastic tab, it's not like it's hard to bypass. :)
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197092)
With the number of SNESes that seem to be suffering sudden CPU/PPU failure in recent years, encouraging a cartridge hot-swapping fad seems like the height of irresponsibility...
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197094)
Sumez wrote:
Anyway, the lock is just a plastic tab, it's not like it's hard to bypass. :)

Sure but it sorts of kill the "no hardware modification" challenge.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197095)
Do you count using a cartridge adapter as a "hardware modification"? I have probably four or five different adapters as it is, including a couple of import adapters, an Action Replay and a backup/rom dumping thingy, which I guess is less common. Still I'd think people would be less likely to have a SNES multitap.

When and why does the guy hotswap his cartridge anyway, though? I think I missed that.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197107)
Sumez wrote:
When and why does the guy hotswap his cartridge anyway, though? I think I missed that.

He doesn't do it in the video, but it's a method for transfering the jailbreak from one cartridge to another (takes seconds vs the hour or so it takes to do it from scratch).
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197109)
He also reappropriated a controller for faster hexnumerical manual input. https://www.youtube.com/watch?v=Y_Bu815G5FE&t=6s
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197139)
AWJ wrote:
With the number of SNESes that seem to be suffering sudden CPU/PPU failure in recent years, encouraging a cartridge hot-swapping fad seems like the height of irresponsibility...


I agree. It seems like a bad idea to me. But I don't think too many people will be trying to copy from one SMW cart to another. Especially when you could very easily use another device to upload whatever you want to SRAM.

But excluding that hotswap copy part, it's a cool project. But with so little room to work with I can't imagine too many possibilities. The most obvious would be some kind of "trainer" to cheat or alter game state in various ways.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197142)
Tangent question: Is there any risk at all hotswapping carts in a NES?
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197144)
FrankenGraphics wrote:
Tangent question: Is there any risk at all hotswapping carts in a NES?

I've done it hundreds of times. I don't think the risk is zero but it in my view it's pretty low.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197233)
A nice mod would be to have Fire Mario and Yoshi as two players. Player 1 would control Yoshi and player 2 would control Mario's shooting direction. Imagine if you also had a healthbar and could climb the ladder with Yoshi and do spinjumps. I think that for that, there would need to be some slight changes to the game's variables in order for it to work. The controls for aiming would be the only special part. Mario would never get off of Yoshi.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197239)
8bitMicroGuy wrote:
A nice mod would be to have Fire Mario and Yoshi as two players. Player 1 would control Yoshi and player 2 would control Mario's shooting direction.

Like with Wheelie Rider in Kirby Super Star?
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197245)
tepples wrote:
8bitMicroGuy wrote:
A nice mod would be to have Fire Mario and Yoshi as two players. Player 1 would control Yoshi and player 2 would control Mario's shooting direction.

Like with Wheelie Rider in Kirby Super Star?

I'm not sure how that is. Can you embed a video of it?
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197247)
I have a Super NES and Kirby Super Star but lack appropriate capture equipment. My Philips DVD recorder works well with my NES, but with my Super NES, color cuts in and out.

Google video search results for kirby super star wheelie rider
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197251)
rainwarrior wrote:
FrankenGraphics wrote:
Tangent question: Is there any risk at all hotswapping carts in a NES?

I've done it hundreds of times. I don't think the risk is zero but it in my view it's pretty low.


I thought I read somewhere that one thing that enables or helps with hot swapping is by having the power connection pins longer than the signal pins. But I'd imagine the design of both the cartridges and the system would play some role in how things behave with hot swaps. And also would be how fast you remove and connect cartridges. The cartridge going in crooked or removed that way might also have an effect.

So just because the NES might tolerate hot swapping doesn't mean the SNES will be as kind.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197253)
My favorite part about this is that you can get a smw cart to dump itself to the screen with some convoluted controller inputs. With Nintendo's view that coping devices are illegal, logically they would consider the TV, SNES, controllers, multitaps, SMW cart itself, and the keyboard-PC-hexeditor "an illegal device". Guess we all need to turn in those items to the authorities because they're illegal to own...
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197266)
infiniteneslives wrote:
My favorite part about this is that you can get a smw cart to dump itself to the screen with some convoluted controller inputs. With Nintendo's view that coping devices are illegal, logically they would consider the TV, SNES, controllers, multitaps, SMW cart itself, and the keyboard-PC-hexeditor "an illegal device". Guess we all need to turn in those items to the authorities because they're illegal to own...


It is pretty cool but oh how painful it would be to manually go through and dump 512KB of ROM data by hand. But the fact that it's possible with only licensed hardware is amusing.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197267)
Webcam + ocr?
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197275)
Capture card + 1bpp output.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197285)
Or, you could use the mod loader to insert a memory dumping tool like the one built into Dezaemon SFC and just shove ROM data out one of the controller ports instead of to the screen. But then you wouldn't really be doing it using only licensed hardware anymore...
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197298)
infiniteneslives wrote:
My favorite part about this is that you can get a smw cart to dump itself to the screen with some convoluted controller inputs. With Nintendo's view that coping devices are illegal, logically they would consider the TV, SNES, controllers, multitaps, SMW cart itself, and the keyboard-PC-hexeditor "an illegal device". Guess we all need to turn in those items to the authorities because they're illegal to own...

But you never signed any EULA that forbids you from doing those things. The SNES and the cartridge came from the time when EULAs were not required in order to play games. Nintendo loses :P
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197304)
8bitMicroGuy wrote:
But you never signed any EULA that forbids you from doing those things.


I'm entertaining Nintendo's flawed logic that fact that performing an illegal act with a device makes the device itself illegal to own. By Nintendo's logic, practically all worldly items are illegal because they could be used to commit illegal acts.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197406)
infiniteneslives wrote:
8bitMicroGuy wrote:
But you never signed any EULA that forbids you from doing those things.


I'm entertaining Nintendo's flawed logic that fact that performing an illegal act with a device makes the device itself illegal to own. By Nintendo's logic, practically all worldly items are illegal because they could be used to commit illegal acts.

Wow, now you gave me an idea of a dystopian society where Nintendo rules the world and forces people to play their games.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197439)
And then we apply the Ludovico technique…
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197446)
Myask wrote:
And then we apply the Ludovico technique…

Which is?
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197467)
A fictional aversion-therapy technique from A Clockwork Orange.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197517)
Once I learned it was from a novel, I did a web search.

It's a fictional name for a real technique that has been used, among other places, as part of "pray away the gay" therapy. It approaches political issues that I for one would rather not discuss in this topic.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197591)
tepples wrote:
Once I learned it was from a novel, I did a web search.

It's a fictional name for a real technique that has been used, among other places, as part of "pray away the gay" therapy. It approaches political issues that I for one would rather not discuss in this topic.
Wow, what an association from just a little notion.
Myask wrote:
And then we apply the Ludovico technique…
I'd just like to know to who this technique would be applied and against what.
Re: Some guy made a modloader inside an unmodified SMW cartr
by on (#197650)
tepples wrote:
Once I learned it was from a novel, I did a web search.

I for one would rather not discuss in this topic.

Well, I was more referring to the movie, but yes, probably not for discussion here.