Super Mario Bros just got its “holy grail” glitch – now speedrunning has a problem
Forty years after launch, the game that basically invented speedrunning just crossed a line even Mario veterans didn’t think was possible: the original Super Mario Bros. now has a reproducible arbitrary code execution exploit. In plain English, players can force the game to run whatever code they want mid-run – but only under brutal, hardware-specific conditions that raise a bigger question for the scene: does this kind of glitch belong in “real” runs at all?
Key takeaways
- Researchers have proven a full arbitrary code execution (ACE) setup in the original Super Mario Bros. after four decades of glitch hunting.
- The exploit currently only works on the Famicom Disk System (and accurate emulators), not the standard NES cartridge version.
- The setup chains Minus World tech, enemy slot overflows, and deliberate crashes – a year-long science project more than a casual trick.
- This discovery could force a rethink of any% and glitch categories, and reignites the old debate: when does a “run” become homebrew programming?
Yes, Mario now has true arbitrary code execution
The phrase popping up in German headlines – “Neuer ACE-Exploit in Super Mario Bros entdeckt” – isn’t exaggerating. This isn’t another wall clip or wrong warp. It’s the same class of break that turned Pokémon Red, Super Mario World, and Ocarina of Time into programmable sandboxes for speedrunners.
Arbitrary code execution (ACE) means you’re no longer just tricking the game into loading the credits early. You’re manipulating memory so precisely that the CPU starts treating in-game values – enemy data, item IDs, whatever – as if they were instructions written by Nintendo. With the right setup, you can:
- Warp straight to the end of the game.
- Write new values into RAM to give yourself items, lives, or power states that never existed.
- Potentially build whole new “levels” or messages inside the constraints of the ROM.
For years, Super Mario Bros. was the odd one out. It has Minus World, wall clips, flagpole glitches – the classic broken stuff – but no proven way to straight-up hijack the game’s brain. That’s why some runners called ACE for SMB the “holy grail” of glitches. It felt almost sacrilegious to imagine the most iconic platformer of all time joining the list of games you can reprogram mid-run.
Now it has. And, as usual, the path there was way weirder than “somebody pressed left at the right frame.”
The catch: it only works on Famicom Disk System hardware
Before anyone dusts off their NES carts: this exploit doesn’t work there.
The method relies on how the Famicom Disk System version of Super Mario Bros. handles memory and loading. The FDS isn’t just a different region; it’s a different storage medium with writable areas and a different layout of RAM and disk buffers. That flexibility – the very reason the Disk System existed – is what opens the door to ACE.
On a classic NES cartridge, big chunks of the game logic and data are burned into ROM. You can corrupt RAM all you like, but actually redirecting the instruction pointer to “code” you’ve sculpted out of enemy data is much harder because of how the memory map is wired. Current research points to this as the key limiter: the NES cart simply doesn’t arrange memory in a way that allows the same rewrite chain.
On FDS (or a cycle-accurate emulator mimicking it), you’ve got just enough wiggle room. The exploit abuses that to:
- Overflow object/enemy slots twice in specific rooms.
- Force the game to load and then crash on glitched objects.
- Land in a controlled “crash” state where what should be level data is treated like CPU instructions.
So yes, it’s real ACE. But it lives in a very particular branch of the Mario multiverse: Famicom Disk System only. For NES purists and people who grew up with the cartridge, that’s going to be a sticking point.
Born from Minus World chaos and a year in the void
This didn’t come from someone randomly mashing buttons on 1-1. The path to ACE started somewhere much stranger: a crash in the Japanese Super Mario Bros. 2 (aka The Lost Levels) on modern hardware.
Glitch hunters noticed that under very specific conditions, the game would crash in a way that looked like more than just “oops, we broke it.” The crash pattern hinted that the CPU was jumping into areas it shouldn’t – a classic ACE smell for anyone who’s studied old Nintendo glitches.
From there, the community did what it always does: it turned a crash into a science experiment. Using Minus World-style techniques – warping into invalid level slots, abusing the famously cursed World -1 – researchers spent roughly a year trying to reproduce the same behavior in the original Super Mario Bros.
The rough outline of the setup looks like this:
- Beat the game once to unlock the necessary state (sometimes via Minus World routes to speed that part up).
- Enter the glitchy World -1 environment that already half-breaks how the game loads levels.
- Manipulate enemy and object slots using things like Long Firebars, Bowsers, and Buzzy Beetles until the game’s tracking table overflows.
- Trigger a deliberate crash that lands the CPU in a “corrupted but controllable” state.
- Use further in-level actions to sculpt RAM into a valid sequence of instructions – your arbitrary code.
None of this was plausible without modern emulator accuracy. Older emulators tended to smooth over or mis-handle the kind of cycle-perfect weirdness that makes ACE possible. As FDS cores got more faithful – down to how many cycles a disk read takes and how memory mirrors – tiny discrepancies that used to be shrugged off as “emulation artifacts” turned into hard data.
That’s the uncomfortable truth behind this discovery: the most influential 8-bit game of all time is still being “finished” by fans with tools Nintendo never dreamed of.
FinalBoss // Gear
Level up your setup
01Best-selling Switch 2 gameson Amazon→02Switch 2 accessorieson Amazon→038BitDo controllerson Amazon→04Discounted game keyson Kinguin→Affiliate links · As an Amazon Associate, FinalBoss earns from qualifying purchases.
Want to Level Up Your Gaming?
Get access to exclusive strategies, hidden tips, and pro-level insights that we don't share publicly.
Ultimate Gaming Strategy Guide + Weekly Pro Tips
This could rewrite speedrunning… if the community lets it
On paper, ACE is a nuclear bomb dropped into any% categories. If you can just program your own warp to the end, why would you bother with flagpoles and pipes?
We’ve seen this play out before. Pokémon runs that used to be about clever routing and menu speed turned into “how fast can you inject the code that finishes the game.” Super Mario World went from cape-flying mastery to glitched credits in under a minute. Communities had to split categories into “with ACE” and “without ACE” just to keep traditional runs alive.
Super Mario Bros. is more sacred than most. Its any% warps are basically the backbone of speedrun culture. Players know the 4-2 pipe manipulations and 8-4 clips by heart even if they’ve never touched a timer. Dropping ACE into that ecosystem is not trivial; it risks turning the definitive “beat Mario fast” experience into something most people would describe less as “playing” and more as “performing a memory exploit.”
Expect a few things to happen:
- New categories will appear fast. “Any% ACE” or “ACE showcase” runs will show off the tech, especially in tool-assisted speedruns (TAS) where humans don’t have to hit the inputs in real time.
- Mainline any% is going to dig its heels in. There’s a strong chance the default leaderboard keeps the existing ruleset and bans ACE on the basis that it turns the game into a programmable shell.
- Hardware debates will get loud. If the exploit is FDS-only, do FDS runs and NES runs even belong on the same board anymore? Some scenes already separate “console” and “virtual console” – this is that argument on hard mode.
- RTA viability is an open question. The setup sounds nightmarishly precise. A clean, fully controlled ACE run in real time could be months or years away, if it ever happens at all.
Top runners who have spent years grinding frame-perfect flagpole glitches now have to decide: do they chase the new tech, or treat it as a separate hobby? The answer will define whether ACE becomes a quirky sideshow or the new standard for “fastest possible” Mario.
The glitch says as much about preservation as it does about speed
The sexy headline is “old game broken wide open.” The deeper story is what it took to get there.
This ACE exploit is the product of:
- Hyper-accurate emulation of obscure hardware (Famicom Disk System).
- Detailed reverse engineering of how a 1985 platformer manages memory.
- A community willing to live in a corrupted level like World -1 for a year just to see what happens.
That’s not just speedrunning. That’s digital archaeology.
Every time a game like this gives up a new glitch, we learn something about how it was actually built – the cut corners, the undocumented behavior, the so-called “undefined” states the hardware happily wanders into. For companies talking about “preserving their legacy” via subscription services and ROM drops, this is the other half of the job: letting the community poke, prod, and outright break your classics until we understand them better than the original teams did.
The irony is that modern anti-tamper tech on new hardware often makes this kind of research harder, not easier, even as emulation of 80s machines reaches near-perfection. In that sense, Super Mario Bros. getting true ACE in 2026 isn’t just a cool party trick – it’s a reminder that the most enduring games are the ones the audience is allowed to take apart.
What to watch next
- Leaderboard decisions: Watch how sites like speedrun.com classify this. The moment “Any% (ACE)” appears – or is explicitly banned – will set the tone for how mainstream this becomes.
- First full TAS route: A tool-assisted run that goes from power-on to custom code execution will be the real “proof of concept” for how far this exploit can be pushed.
- Hardware demonstrations: When someone pulls off the full ACE chain on an actual Famicom Disk System on camera, that’s when the wider scene will start paying serious attention.
- Follow-up discoveries: Once you know ACE is possible, incremental improvements usually follow – faster setups, more reliable crashes, and maybe, eventually, a stripped-down version that edges toward RTA viability.
- Spillover into other games: Techniques developed here – especially around object overflow and crash control – will absolutely get tested on other NES and FDS titles.
TL;DR
Glitch researchers have finally achieved arbitrary code execution in the original Super Mario Bros., using a brutal setup that chains Minus World tech, enemy overflows, and deliberate crashes on Famicom Disk System hardware. It potentially lets runners warp straight to the end or even “reprogram” parts of the game, but only under conditions that look more like low-level hacking than platforming. The big thing to watch now is how the speedrunning community draws the line between a legendary new tech showcase and what still counts as a traditional Mario run.