The practice of hacking standard Super Mario World cartridges in stock Super Nintendo hardware has come a long way in a short time. Three years ago, a robot had to enter thousands of button presses per second to insert random code on top of the game. Last year, streamer SethBling proved that this kind of code insertion was possible for a human acting with pixel-perfect precision.
Now, SethBling and others in the SMW hacking community have gone a step further by permanently writing a full hex editor and gameplay mods on a stock Super Mario World cartridge with nothing but standard controller inputs.
SethBling’s ten minute video explaining the entire jailbreaking process is a must for anyone interested in the details of constantly changing a 25-year-old game without any special hardware. Basically, the jailbreak builds on an exploit discovered by Cooper Harrsyn that allows players to write data directly to the small, 256-byte save files permanently stored on the Super Mario World cartridge.
If you arrange that data just right, you can trick the game into running custom code by loading the save file, saving you the hassle of manually jailbreaking the game every time you launch it. With that exploit in hand, Harasyn and SethBling teamed up to create a compact on-screen hex editor that could be loaded from one of the game’s save files. From there, players can edit the system RAM to change game status in many ways, by giving Mario random power-ups, messing with color palettes, or even beating levels with the push of a button.
More importantly though, the hex editor can be used to write additional in-game mods that can be stored in that tiny storage space. Those mods can run on top of any frame of the game, running a short code loop on top of the standard game loop. In the video, the hackers show off a clever mod that gives Mario telekensis powers as a proof of concept (coded with the help of TASbot team member p4plus2). Another mod adds support for the SNES mouse to the game.
It took SethBling about an hour of painstaking in-game work to get the hex editor on a real Super Mario World cartridge save file (using the method described here). From there, it takes about 10 minutes to copy that data to a backup cartridge (by taking advantage of the persistence of some portions of RAM between system resets).
If you don’t want to go through all that trouble, you can use this Bizhawk emulator SRAM file to test out the hex editor and simulated modding on the cartridge for yourself. Or maybe SethBling will continue to make copies of its jailbroken cartridge and sell them online to interested parties. Hint hint!