![paper mario pro mode paper mario pro mode](https://static.zerochan.net/Shadow.Queen.full.2377972.jpg)
We'll use the filenames to write a payload that updates our current room to the "The End" screen, saves, and then crashes. If that reminds you of Banjo Kazooie's Stop 'n' Swop, that's because it's the exact same idea.įrom here, we can perform the glitch I described above, and instead of crashing, the assembly instruction we wrote in OoT will jump to where filenames are stored (in practice, depending on how much RAM decays between swapping games, usually anything between 0x81d to 0x81f on the idle timer I mentioned earlier will work). If we quickly turn off the console, swap cartridges to Paper Mario, and turn the console back on, that instruction will still be there in memory (luckily when OoT boots, it clears the expansion pak memory, but Paper Mario just ignores it). We can take advantage of this by writing an assembly instruction to expansion pak memory.Īfter this is where the real magic happens. A more recent application of SRM in OoT known as "Lightnode SRM" means that without even leaving Kokiri Forest, we can write the value of one half of the filename to the location specified in the other half. To do what we need to do in OoT, we'll need a very specific filename. We're doing something pretty similar, but with a different result. It's pretty difficult to explain how that works too, but dannyb does a really good job of explaining it where this AGDQ run is timestamped. OoT was shaken up at the end of 2019 with a discovery known as Stale Reference Manipulation (SRM). If we let that idle timer reach 0x81f, which is about 69 seconds (nice), before releasing the stored effects, then execution jumps to expansion pak memory, which Paper Mario doesn't use, and then it crashes from garbage data. By sheer crazy coincidence, this jumps execution to a part of memory where there are player flags and an idle timer.
#PAPER MARIO PRO MODE CODE#
When we release the effects, they make so much data that it overflows to where code is being executed, and the code we overwrite corrupts the stack. We use a glitch called menu storage to store just enough graphics effects at once. Rain managed to find that with a specific setup, we can manage to overwrite a small part of code. However, there is one known way to do this RTA. If you want more information on the TAS method, MrCheeze has a good twitter thread here that I'd recommend: As of right now, it's TAS only since it requires positioning Mario in 6 different float-perfect x/y/z coordinates. This basically means we can use a glitch to write and run our own custom code in the game. RAW Paste Data Arbitrary Code Execution (ACE) has been found in Paper Mario.