Very recently, SethBling and Cooper Harasyn discovered a new exploit for Super Mario World! This allows you to install a permanent jailbreak onto your console, complete with a hex editor and mod loader! Watch more about it here:
https://www.youtube.com/watch?v=Ixu8tn__91E
If you don't have a multitap or enough skill in Super Mario World, watch this video for instructions on installing it with a Game Genie:
https://www.youtube.com/watch?v=GoPyJtWVOgc
Once you have the jailbreak installed, consult the following manual for usage instructions:
https://docs.google.com/document/d/1bVZFGK_aYFyIlFsj-IZr9DLV57DaiGskBO0u--dGhT8/edit (https://docs.google.com/document/d/1bVZFGK_aYFyIlFsj-IZr9DLV57DaiGskBO0u--dGhT8/edit)
Installing mods is very simple: use the hex editor on page FFFF to write in a mod, and press Select+R to activate it.
Do not activate an invalid mod, and do not activate a mod unless you know it is valid. If you don't know a valid mod to enter, write 6B to the first byte in the page, which will cause the mod to do nothing.
I have created some mods myself for Super Mario World, for use with this jailbreak. If you want to try these out, or suggest ideas for mods I could code, feel free.
Zero Out Mod Space
A6 F0 E0 0F 90 06 A9 00 9F 00 FF FF E6 F0 6B
[spoiler]A6 F0 LDX $F0 ; Load current index
E0 0F CPX.B #$0F ; If this is within the code...
90 06 BCC EndOfMod ; ...skip to end of mod
A9 00 LDA.B #$00 ; Store the value #$00...
9F 00 FF FF STA.L $FFFF00, X ; ...into the current index
:EndOfMod
E6 F0 INC $F0 ; Increment index
6B RTL ; End of mod code
[/spoiler]
Always Shoot Fireballs On Yoshi
A9 01 8D 1E 14 6B
[spoiler]A9 01 LDA.B #$01 ; Store the value #$01...
8D 1E 14 STA.W $141E ; ...into "Yoshi has wings" flag
; Usually, this is #$00 when Yoshi doesn't have wings,
; and #$02 when he does.
; Setting this to #$01 is apparently an unused mode.
; With it, Mario (in any powerup) can shoot fire,
; but flight and the tongue attack are disabled.
6B RTL ; End mod code
[/spoiler]
Infinite Time
A2 03 BF 0C FF FF 9D 30 0F CA 10 F6 6B 12 17 0F
[spoiler]A9 12 LDA.B #$12 ; Load the letter "I"...
8D 31 0F STA.W $0F31 ; ...into the hundreds digit
A9 17 LDA.B #$17 ; Load the letter "N"...
8D 32 0F STA.W $0F32 ; ...into the tens digit
A9 0F LDA.B #$0F ; Load the letter "F"...
8D 33 0F STA.W $0F33 ; ...into the ones digit
8D 30 0F STA.W $0F30 ; Store some non-zero value into the timer frame counter
6B RTL ; End of mod code
[/spoiler]
Press X To Kill All Enemies
A5 18 29 40 F0 1E A2 09 BD C8 14 C9 08 90 12 BD
7A 16 29 02 1D D0 15 1D 32 16 D0 05 A9 02 9D C8
14 CA D0 E4 6B
[spoiler]A5 18 LDA $18 ; Load some controller data
29 40 AND.B #%01000000 ; If X isn't being pressed...
F0 1E BEQ EndOfMod ; ...skip to end of mod
A2 09 LDX.B #$09 ; Load #$09 into X
:LoopStart
BD C8 14 LDA.W $14C8, X ; Load enemy state
C9 08 CMP.B #$08 ; If enemy state < #$08...
90 12 BCC NextEnemy ; ...skip the current enemy
BD 7A 16 LDA.W $167A, X ; Load sprite properties
29 02 AND.B #$02 ; If invincible to fire/cape/etc...
1D D0 15 ORA.W $15D0,X ; ...or being eaten...
1D 32 16 ORA.W $1632,X ; ...or not able to interact with player...
D0 05 BNE NextEnemy ; ...skip the current enemy
A9 02 LDA.B #$02 ; Load #$02 (enemy killed, falling off screen) into A
9D C8 14 STA.W $14C8, X ; Store "enemy killed" into the current enemy state
:NextEnemy
CA DEX ; Decrement X
D0 E4 BNE LoopStart ; Branch back if X is not 0
:EndOfMod
6B RTL ; End of mod code
[/spoiler]
Coin Counter Counts Jumps Instead
9C CC 13 A2 00 A5 72 C9 0B 90 0C C9 0D B0 08 A5
F0 D0 06 EE CC 13 E8 86 F0 6B
[spoiler]9C CC 13 STZ.W $13CC ; By default, never add coins to your coin total
A2 00 LDX.B #$00 ; Load #$00 into X ("already added coin" flag)
A5 72 LDA $72 ; Load "player is in air" flag
C9 0B CMP.B #$0B ; If "player is in air" flag < #$0B...
90 0C BCC ClearFlag ; ...clear jumping flag
C9 0D CMP.B #$0D ; If "player is in air" flag >= #$0D...
B0 08 BCS ClearFlag ; ...clear jumping flag
A5 F0 LDA $F0 ; If "already added coin" flag is set...
D0 06 BNE EndOfMod ; ...skip to end of mod
EE CC 13 INC.W $13CC ; Increment coins
E8 INX ; Increment X
:ClearFlag
86 F0 STX $F0 ; Store X (0 or 1) into "already added coin" flag
:EndOfMod
6B RTL ; End of mod code
[/spoiler]
Max Speed Star Power
AD E4 13 C9 70 90 05 A9 1F 8D 90 14 6B
[spoiler]AD E4 13 LDA.W $13E4 ; Load player dash timer
C9 70 CMP.B #$70 ; If player dash timer < #$70 (max run speed)...
90 05 BCC EndOfMod ; ...skip to end of mod
A9 1D LDA #$1D ; Store ending value of star timer - 1...
8D 90 14 STA.W $1490 ; ...into star timer
:EndOfMod
6B RTL ; End of mod code
[/spoiler]
Gotta Go Slow!
AD E4 13 F0 0A A5 71 C9 09 F0 04 22 06 F6 00 6B
[spoiler]AD E4 13 LDA.W $13E4 ; If player dash timer is zero...
F0 0A BEQ EndOfMod ; ...skip to end of mod
A5 71 LDA $71 ; Load current player animation
C9 09 CMP.B #$09 ; If player already dying...
F0 04 BEQ EndOfMod ; ...skip to end of mod
22 06 F6 00 JSR.L $00F606 ; Jump to death subroutine
:EndOfMod
6B RTL ; End of mod code
[/spoiler]
Press Down In Air To Ground Pound
A5 75 0D F3 13 D0 22 A5 F0 D0 0D A5 72 1A 25 16
29 04 F0 15 64 7D 85 F0 64 7B C6 80 A9 1C 8D E0
13 A5 72 D0 06 22 BF 86 02 64 F0 6B
[spoiler]A5 75 LDA $75 ; If player is underwater...
0D F3 13 ORA.W $13F3 ; ...or flying with a P-Balloon...
D0 22 BEQ EndPound ; ...make sure player isn't pounding
A5 F0 LDA $F0 ; If player is already ground-pounding...
D0 0D BNE GroundPound ; ...skip to ground-pounding code
A5 72 LDA $72 ; Load "player in air" flag
1A INC A ; Increment (to make this comparison shorter)
25 16 AND $16 ; AND with controller data
29 04 AND #$04 ; If player is not pressing down and not in air...
F0 15 BEQ EndPound ; ...make sure player isn't pounding
64 7D STZ $7D ; Stop any current movement upwards
85 F0 STA $F0 ; Store something non-zero into "ground-pounding" flag
:GroundPound
64 7B STZ $7B ; Make the player not move horizontally
C6 80 DEC $80 ; Make the player move down
A9 1C LDA.B #$1C ; Store the "butt-slide" pose...
8D E0 13 STA.W $13E0 ; ...into player's current pose
A5 72 LDA $72 ; If player is still in the air...
D0 06 BNE EndOfMod ; ...skip to end of mod
22 BF 86 02 JSR.L $0286BF ; Cause a Yellow-Yoshi stomp earthquake
:EndPound
64 F0 STZ $F0 ; Player is not ground-pounding anymore
6B RTL ; End of mod code
[/spoiler]
Yoshi Can Flutter-Jump
AD 7A 18 F0 6B A5 72 F0 67 A5 74 05 75 D0 61 A5
19 C9 02 F0 5B A5 F0 F0 2A A5 F2 3A 30 01 3A 85
7D 85 F2 A5 7B 30 08 C9 20 90 0A A9 20 80 06 C9
DF B0 02 A9 DF 85 7B A5 7D 10 0E C9 E0 B0 0A C6
F0 80 06 A5 F1 F0 02 C6 F1 A5 15 89 80 F0 20 A5
7D 30 1C C9 20 90 18 9C 0D 14 A5 F1 D0 11 A9 01
85 F0 A5 7D 85 F1 A9 30 85 F2 A9 09 8D F9 1D 6B
64 F0 64 F1 64 F2 6B
[spoiler]; Variables used:
; $F0 = Time to flutter jump
If this is non-zero value, it will apply flutter effect
; $F1 = Flutter jump rest
Amount of time left
; $F2 = Flutter carry
Calculated player Y speed
AD 7A 18 LDA.W $187A ; If player isn't on Yoshi...
F0 ?? BEQ Reset ; ...stop the flutter jump
A5 72 LDA $72 ; If player is on the ground...
F0 ?? BEQ Reset ; ...stop the flutter jump
A5 74 LDA $74 ; If player is climbing...
05 75 ORA $75 ; ...or swimming...
D0 ?? BNE Reset ; ...stop the flutter jump
A5 19 LDA $19 ; Load player powerup
C9 02 CMP.B #$02 ; If player has cape...
F0 ?? BEQ Reset ; ...stop the flutter jump
A5 F0 LDA $F0 ; If player isn't flutter jumping...
F0 ?? BEQ NoFlutter ; ...don't apply its effects
A5 F2 LDA $F2 ; Load flutter carry
3A DEC A ; Decrement it
30 ?? BMI Label1 ; If player is supposed to be rising...
3A DEC A ; ...rise twice as fast
:Label1
85 7D STA $7D ; Store into player Y speed
85 F2 STA $F2 ; Store into flutter carry
A5 7B LDA $7B ; If player is moving left...
30 ?? BMI MoveLeft ; ...jump to code for moving left
C9 20 CMP.B $#20 ; If player X speed < #$20 (not quite running, to the right)...
90 ?? BCC Label2 ; ...jump past speed-limiting code
A9 20 LDA.B #$20 ; Load #$20 into A
80 ?? BRA Label2 ; Jump past code for moving left
:MoveLeft
C9 DF CMP.B $#DF ; If player X speed >= #$DF (not quite running, to the left)...
B0 ?? BCS Label2 ; ...jump past speed-limiting code
A9 DF LDA.B #$DF ; Load #$DF into A
:Label2
85 7B STA $7B ; Store into player X speed
A5 7D LDA $7D ; If player is falling...
10 ?? BPL Fluttered ; ...jump past flutter decrement
C9 E0 CMP.B #$E0 ; If player is almost done rising...
B0 ?? BCS Fluttered ; ...jump past flutter decrement
C6 F0 DEC $F0 ; Decrement the flutter jump counter
80 ?? BRA Fluttered ; Don't run the resting code if we're flutter jumping
:NoFlutter
A5 F1 LDA $F1 ; If there is still flutter jump rest time...
F0 ?? BEQ NoRest ; ...don't decrement the rest timer
C6 F1 DEC $F1 ; Else, do
:NoRest
:Fluttered
A5 15 LDA $15 ; Load some controller data
89 80 BIT.B #$80 ; If player isn't holding the jump button...
F0 ?? BEQ EndOfMod ; ...skip to end of mod
A5 7D LDA $7D ; If player is rising...
30 ?? BMI EndOfMod ; ...skip to end of mod
C9 20 CMP #$20 ; If player is just starting to fall...
90 ?? BCC EndOfMod ; ...skip to end of mod
9C 0D 14 STZ.W $140D ; Disable spinjumping
A5 F1 LDA $F1 ; If we are resting...
D0 ?? BNE EndOfMod ; ...skip to end of mod
A9 01 LDA.B #$01 ; Store the value #$01...
85 F0 STA $F0 ; ...into the flutter jump timer
A5 7D LDA $7D ; Store the player Y speed...
85 F1 STA $F1 ; ...into the flutter carry
A9 30 LDA.B #$30 ; Store the resting time...
85 F2 STA $F2 ; ...into the flutter rest timer
A9 09 LDA.B #$09 ; Load sound #$09 (cape fly sound)
8D F9 1D STA.W #$1DF9 ; Play sound
:EndOfMod
6B RTL ; End of mod code
:Reset
64 F0 STZ $F0 ; Reset
64 F1 STZ $F1 ; every
64 F2 STZ $F2 ; flag
6B RTL ; .
[/spoiler]
Just for reference, I'm going to put some RAM addresses here that, for purposes of mods, are completely empty.
"Cleared on" key:
R = reset
T = titlescreen load
O = overworld load
C = cutscene load
L = level load
Y = every frame when Yoshi is on screen
D = death
P = "Peach rescued" scene
2 = player number select
F = part of the "cape flight" routine
* = cleared sometimes on the overworld
| = contains the low byte of the level number when loading the levels, cleared when done
4 = not cleared, but decrements every fourth frame until it hits zero
N = new game
U = untouched
$7E:0058 | RTO |
$7E:005C | RTO |
$7E:0060 - $7E:0063 | RTO |
$7E:0079 | RTOL |
$7E:007C | RTOL |
$7E:0087 | RTOL |
$7E:00F0 - $7E:00F7 | RTO |
$7E:0695 - $7E:0700 | RT |
$7E:0D9C | RT |
$7E:0DA1 | RT |
$7E:0DC3 | RT2 |
$7E:0DC4 - $7E:0DC6 | RT |
$7E:0DD4 | RT |
$7E:0DD9 | RT |
$7E:0DDB | RT |
$7E:0EF5 - $7E:0EF6 | RT |
$7E:0F3A - $7E:0F3F | RT |
$7E:0F42 - $7E:0F47 | RT |
$7E:0F5E - $7E:0F71 | RT |
$7E:13C8 | RT |
$7E:13D8 | RTOL |
$7E:13E6 - $7E:13E7 | RTOL |
$7E:140A | RTOF |
$7E:140B - $7E:140C | RTOCL |
$7E:1415 - $7E:1416 | RTOC |
$7E:145E - $7E:145F | RTOC |
$7E:146C | RTOC |
$7E:1473 | RTO |
$7E:1475 | RTO |
$7E:1477 | RTO |
$7E:1479 | RTO |
$7E:147B | RTO |
$7E:147D | RTO |
$7E:1487 - $7E:148A | RTO |
$7E:14AC | 4 |
$7E:14BE | RTOC |
$7E:14C1 | RTOC |
$7E:14C4 | RTOC |
$7E:14C7 | RTOC |
$7E:15E8 | RTO |
$7E:1696 | RTOCL |
$7E:17BB | | |
$7E:1864 | RTOL |
$7E:1869 | RTOL |
$7E:1879 | RTOL |
$7E:188A | RTOLDP |
$7E:188E | RTOCL |
$7E:18B4 | RTOL |
$7E:18B7 | RTOL |
$7E:18BB | RTOL |
$7E:18C5 | RTOL |
$7E:18D8 | RTOCL |
$7E:18E6 | RTOL |
$7E:18F6 | RTOCL |
$7E:1908 | RTOL |
$7E:191B | RTOY |
$7E:191F | RTO |
$7E:1923 - $7E:1924 | RTO |
$7E:1926 - $7E:1927 | RTO |
$7E:1929 | RTO |
$7E:192C | RTO |
$7E:1934 | RTO |
$7E:1936 - $7E:1937 | RTO |
$7E:1B7F | RTO* |
$7E:1DEF | RT |
$7E:1DFD - $7E:1DFE | RTOL |
$7E:1E00 | RTOL |
$7E:1E01 | RT |
$7E:1F2B - $7E:1F2D | RN |
$7E:1F3B | RT |
$7E:1F48 | RT |
$7E:1FFA | RT |
$7E:1FFF | RT |
$7E:C100 - $7E:C67F | U |
$7E:C6E0 - $7E:C7FF | U |
$7F:0D00 - $7F:3FFF | U |
$7F:8183 - $7F:837A | U |
$7F:9C7B - $7F:C7FF | U |
These are a lot of addresses, so any mod definitely won't run out of usable addresses any time soon. There are even 17 unused direct page addresses, which are shorter to represent and should be enough for all purposes. ($7E:00F8 - $7E:00FF are also unused by SMW, but they are used by the hex editor. $7E:0000 - $7E:000A are only useful as scratch space.)