How does the −1 world bug work in Super Mario Bros

World -1 in the original Super Mario Bros. - one of the most famous bugs on the NES. If you go to the transition zone (Warp Zone) in a special way, the game is buggy, and when you enter the pipe you find yourself in a strange world.



You can get into the −1 world, almost passing level 1-2 and standing on the pipe leading to the surface of the earth, to the flagpole and the end of the level. Then you need to move to the left edge of the pipe, bend down and jump to the right, so that Mario is almost at the ceiling. It may take several attempts, but as a result it will get to the desired point and automatically pass through the pipe, and then through the wall into the room with the transition zone. If at least one pixel of the pipe is not visible, Mario will be trapped and the player will have to wait until the time runs out.

')

Another way to get into the world is −1: break two brick blocks on the ceiling, leaving the rightmost one. Then you need to go to the left end of the pipe and jump to the right. It is not necessary to bend down in this case, because Mario may try to hit (without actually destroying it). In this case, the game will fail, and Mario will be able to pass through the pipe and the wall. But this method is more complicated and long. If everything is done correctly, the player will see three pipes in the transition zone in front of him. If you climb into the left or right pipe, Mario will fall into the world −1. If you descend into the middle pipe, it will go to level 5-1. In case the right wall of the transition zone becomes visible, the bug ceases to act.



But this is not the whole story about why this bug works. Some say that this is happening, because the number of the world is not displayed on the screen of the transition zone above the pipe when you enter it. But this is not true, and those who have an understanding of the mechanics of the game will never believe such an explanation. After reading this article, you can tell dreamers what is really happening. In this article we will examine in detail and reveal the secrets of the appearance of the bug of the “world minus one”.

How do the transition zones

To understand how we get into the world −1, we first need to figure out how the Warp Zone works. There are three such zones in the game: one at the end of the world, 1-2 (to go to worlds 2, 3, or 4), the second at the end of 4-2 (moves to world 5), and the third can be reached via a vine in the world 4- 2 (and choose world 6, 7 or 8). Let's see how the game finds out which worlds the transition zone should lead to.





Picture 1



Zone numbers are stored starting at the $ 87F2 offset of the running program, the data is as follows: 04 03 02 00 24 05 24 00 08 07 06 00 (00 separates the zones from each other). The first 4 bytes relate to the zone in the world 1-2, the next 4 bytes - to the underground zone of the world 4-2, and the last 4 bytes - to the elevated zone of the world 4-2. We can prove it by hacking the game. I used the HEX editor to change the value of 04 to 08, and see what happened:







By editing memory, you can get into other worlds-bugs, for example, in the world 0.







The next part of the data (in red, figure 1) refers to the underground zone in the world 4-2, and consists of 24 05 24. This corresponds to the passage into the world of $ 24 (36) through the left pipe, into world 5 through the middle pipe and again into the world $ 24 (36) through the right tube. But the left and right pipes do not exist, so we can only get into the world 5. What does 24 mean in the transition zone? By the numbers $ 24 in Super Mario Bros. denoted by empty spaces. They are needed because the $ 87F2 offset indicates not only WHERE the pipes are moved, but WHAT to write to them. The transition zone object should always draw three tiles corresponding to the pipes of the zone, but since there is only one pipe in the second zone, the game draws empty spaces to the left and to the right. We can show a hack that changes these values ​​on the left and right to draw values ​​that we do not need. Therefore, the use of empty space is justified.







These transitions technically still work, we just can not use them without a pipe. With a hack, I inserted another pipe to show you what happens when you enter the pipe, which transfers to the world 36. As the pipe with the number 5 transfers us to the world 5, so the pipe without the number transfers to the world _, that is, to the level −1 .







Since technically $ 24 means 36, we are actually transferred to the world of 36. But the game means this number as an empty place, so it seems that we have entered the world _. In fact, this is the world of 36. But wait, the values ​​of 24 are only in the second zone. How do we move into this world from level 1-2?

How the world bug −1 works

In fact, all transition zones are the same object. The game determines which zone to load, based on the value at $ 06D6. By default, this value is 00, that is, no zone corresponds. But this is normal, because most of the time we are not near the transition zones. However, near the end of level 1-2, we create a scrolling lock object.







It is created when we are horizontal in this place.



This object, when created, executes code that also increases the value at $ 06D6 by one, creating pipes in the transition zone. Usually we get into the transition zone, running across the top of the screen, this creates another scrolling lock object, which creates the correct value for the transition zone.







Here's how it works:

• First, the game loads the value 04 at $ 06D6. This means that the first transition zone will be used.
• Then she checks at what level the player is. If the player is in world 1, she uses 04 and saves this value at $ 06D6, and then skips all subsequent code.
• If the player is in another world, she loads the value 05. Then the game checks on what type of level the player is on. If the player is on the underground, underwater or castle level, then she saves the value 05 on $ 06D6.

As mentioned above, if we are at level 1-2, this saving is not performed, because the game skips these instructions and the value remains 04. If the player is at the level above the ground, the game records the value 06 at the address $ 06D6.



As a result, for a zone of level 1-2, the value will be 04, for a subterranean zone of level 4-2 - 05, and for an elevated zone - 06. The game displays the message WELCOME TO WARP ZONE if the value at $ 06D6 is 04, 05 or 06, which is always true when we create transition zones during normal gameplay. When we go through the transition zone creation object, the game creates a transition zone greeting text.



After the text is output, the procedure determines which transition zone to load by subtracting 04 from the value of $ 06D6. So if the value is 04, we get 00, if 05, then 01, and if 06 is 02. But since we created the scrolling blocking object, and after that we entered the wall, the value of $ 06D6 is still 01.



This value 01 corresponds to the transition zone of level 4-2, so the game thinks that we are in the zone of level 4-2, and not 1-2. We can check this by going into the second pipe, which takes us into the world 5. If we go into the left or right pipe, we go into the world 36, or the world −1. This explains how we get into the −1 world.

World -1

Why is this world an infinitely looped copy of world 7-2? First, let's look at why the world −1 is similar to 7-2. When we enter the pipe, the game launches an algorithm that determines which room Mario should be placed in. If the value at $ 06D6 is 00, which happens in most cases, the game skips this code and sends Mario to the area specified in the $ 0650 address.



This means that when we pass through a curved pipe at level 1-2, the value of $ 06D6 is equal to 00, which is possible only with burglary, we go to where the displacement sends from 25, which corresponds to the end of the level. This happens when Mario enters a curved pipe. But if the value is not equal to 00 and this is not the case of the world −1, because the scrolling lock sets the value to 01, the game uses the world number to search for the corresponding area offset in the lookup table to figure out which level data to load.



If you set $ 24 as the level number, the transition zone code, which determines the transition location, uses the value of $ 24 to offset the world and gets the value of $ 33, which tells the game to look for an offset of $ 33 (51) bytes from the beginning of the lookup table, which is 01, corresponding to the world 7-2. The search table consists of only 34 bytes, because usually this is enough for the game, so the offset by 51 bytes is outside the area of ​​the search table, in the area of ​​the enemy data table. We take this data from a table to which the lookup table really should not have access. And also other worlds-bugs work. So, the game loads what it considers to be a 36-1 level, but containing data of a 7-2 level.







Now let's find out why the levels are looped. This is because the game changes the objects in these enemies. Let's see how it works. The region change object is 3 bytes long. The first byte is the location of the object in the game, the second is the offset of the region's address, telling the game where to send the player when he goes down the pipe or goes up the vine. The third byte is divided into two parts. The important part is the first three bits: the number of the world.







The current world number does not match the number in the object. The region offset is not updated, therefore it loads a clone of level 7-2, which is intended to change the region object, but since the region offset is set at $ 25, we move to world 7. When we are actually at level 7-2, the region offset is set to $ 25, because the number of the world corresponds to the current number of the world of the object.



However, the −1 world, which reads data from 7–2, is not in world 7, therefore the game does not load the $ 25 offset into the offset variable, which would allow us to leave the level. Instead, it still contains the value 01, set at level 1-2. Since the offset never changes, instead of going to the surface, the level is loaded first. Therefore, the world −1 is infinitely looped.



So we solved the mystery of the bug with the world −1 in Super Mario Bros.! Now we know what the world is −1 and how it appears, and most importantly, how we manage to get there. I hope you were interested.