Dupe State: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
[[File:Dupe State Eco.gif|frame|Collecting [[Blue Eco|blue eco]] while in dupe state.]] | [[File:Dupe State Eco.gif|frame|Collecting [[Blue Eco|blue eco]] while in dupe state.]] | ||
'''Dupe state''' is a "state" that Jak can enter while performing the duplication exploit on scout flies | '''Dupe state''' is a "state" that Jak can enter while performing the duplication exploit on scout flies which allows for a degree of arbitrary code execution. The state is essentially a buffer overflow in the <code>actor</code> heap involving the hint detection system that leads to undefined behavior. | ||
The known side effects and behaviors that can occur while in dupe state include seemingly random game crashes, infinite loops, [[Statue Glitch|statue glitch]] with red and yellow eco, baby spiders in Spider Cave not hatching, orb vents not opening while powered with blue eco, Jak's idle animation being disabled, and collectable entities or actors not disappearing after collecting them. | |||
Dupe state can travel across save files, which is a trait not seen in any other known exploit in the game. | |||
== Technical == | == Technical == | ||
When the first scout fly in an area is collected, a <code>hint detected!</code> notice will flash for a single frame in the top left debug text area (if Cheat Mode/Debug Mode is enabled). If the player pauses and loads a save file while this hint notice is on screen, the hint detection will begin writing out of bounds in process memory. So far, it is known to be able to access the <code>cspace-array</code> and <code>sparticle-launch-control</code> areas of memory. | |||
<blockquote> | <blockquote> | ||
''A lot of the stuff in levels in Jak 1 is a "process". So there is a process for each orb, enemy, animated thing, camera, Jak,..... Each process gets run once per frame by the kernel, and each process has some memory associated with it to store its state (like where the item is located, what animation it plays...). Many processes have their memory allocated manually, like the orbs, which go into a special "collectables" heap. But other things, (like flies which spawn from crates, eco....) go on the "actor" heap. This actor heap has some really complicated code that will move around the memory for processes to compact them together and get larger chunks of free memory. However, this code is really sensitive - if any process using the actor heap accidentally writes past its allocated memory, the engine won't be able to maintain the actor heap any more. This means that deleting actors might not work, or there could be random memory corruption. Some common side effects of the actor heap getting messed up is objects don't disappear when they are supposed to, because they cannot be deleted from the actor heap. Other times, certain objects won't spawn because the actor heap is too full. Or sometimes, when it tries to spawn new enemies, it will just crash because it overwrites something else in the actor heap. I believe in debug mode, it would display "Low Actor Memory" in this case. I am not sure how save data could cause this to happen though.'' | ''A lot of the stuff in levels in Jak 1 is a "process". So there is a process for each orb, enemy, animated thing, camera, Jak,..... Each process gets run once per frame by the kernel, and each process has some memory associated with it to store its state (like where the item is located, what animation it plays...). Many processes have their memory allocated manually, like the orbs, which go into a special "collectables" heap. But other things, (like flies which spawn from crates, eco....) go on the "actor" heap. This actor heap has some really complicated code that will move around the memory for processes to compact them together and get larger chunks of free memory. However, this code is really sensitive - if any process using the actor heap accidentally writes past its allocated memory, the engine won't be able to maintain the actor heap any more. This means that deleting actors might not work, or there could be random memory corruption. Some common side effects of the actor heap getting messed up is objects don't disappear when they are supposed to, because they cannot be deleted from the actor heap. Other times, certain objects won't spawn because the actor heap is too full. Or sometimes, when it tries to spawn new enemies, it will just crash because it overwrites something else in the actor heap. I believe in debug mode, it would display "Low Actor Memory" in this case. I am not sure how save data could cause this to happen though.'' | ||
- '''[https://github.com/water111 Water111]''' | - '''[https://github.com/water111 Water111]''', 2019 | ||
</blockquote> | </blockquote> | ||
Revision as of 00:16, 1 October 2024
Dupe state is a "state" that Jak can enter while performing the duplication exploit on scout flies which allows for a degree of arbitrary code execution. The state is essentially a buffer overflow in the actor heap involving the hint detection system that leads to undefined behavior.
The known side effects and behaviors that can occur while in dupe state include seemingly random game crashes, infinite loops, statue glitch with red and yellow eco, baby spiders in Spider Cave not hatching, orb vents not opening while powered with blue eco, Jak's idle animation being disabled, and collectable entities or actors not disappearing after collecting them.
Dupe state can travel across save files, which is a trait not seen in any other known exploit in the game.
Technical
When the first scout fly in an area is collected, a hint detected! notice will flash for a single frame in the top left debug text area (if Cheat Mode/Debug Mode is enabled). If the player pauses and loads a save file while this hint notice is on screen, the hint detection will begin writing out of bounds in process memory. So far, it is known to be able to access the cspace-array and sparticle-launch-control areas of memory.
A lot of the stuff in levels in Jak 1 is a "process". So there is a process for each orb, enemy, animated thing, camera, Jak,..... Each process gets run once per frame by the kernel, and each process has some memory associated with it to store its state (like where the item is located, what animation it plays...). Many processes have their memory allocated manually, like the orbs, which go into a special "collectables" heap. But other things, (like flies which spawn from crates, eco....) go on the "actor" heap. This actor heap has some really complicated code that will move around the memory for processes to compact them together and get larger chunks of free memory. However, this code is really sensitive - if any process using the actor heap accidentally writes past its allocated memory, the engine won't be able to maintain the actor heap any more. This means that deleting actors might not work, or there could be random memory corruption. Some common side effects of the actor heap getting messed up is objects don't disappear when they are supposed to, because they cannot be deleted from the actor heap. Other times, certain objects won't spawn because the actor heap is too full. Or sometimes, when it tries to spawn new enemies, it will just crash because it overwrites something else in the actor heap. I believe in debug mode, it would display "Low Actor Memory" in this case. I am not sure how save data could cause this to happen though.
- Water111, 2019
Tutorial
To activate dupe state, you need to load a save file (without saving) on a specific frame of a spin kick while collecting a scout fly. Once you load back in, the dupe state will be active. It works best on Geyser Rock with the first scout fly you encounter. You are able to load any save file once you have the initial spin kick set up, allowing the state to carry over with Jak to any level you load him in to.
Discovery
Dupe state was inadvertently found along side the discovery of Precursor Orb, Scout Fly, and Power Cell duplication in Jak and Daxter: The Precursor Legacy, which was discovered by RNGPenguin on January 14, 2018. While other runners attempted to perform the duplication exploit, some of them reported strange side effects when failing the dupe and reloading the save file to try again. These side effects were listed earlier at the top of the page. Two days later on January 16, 2018, Ruh found a consistent setup to cause the strange side effects and coined the name Dupe State.