Any% ACE Explanation

1. By passing through a loading plane while grabbing a pot, Link is in the state of 'holding' an actor which is no longer loaded. By loading other actors at an offset in that space, the properties of the grabbed item that Link is supposed to be affecting (e.g. position, rotation) become ways of writing over the new actors' data. We take advantage of this by corrupting a pointer to the function that draws the Moon's Tear present in the observatory. We redirect this pointer into Link's instance, and by manipulating his angles further redirect execution to the controller inputs.
2.  
3. Filenames in the game are 8 bytes, and so can be used to form mips instructions (within the limits of the Japanese characterset). Fortunately, Majora's Mask keeps a stale copy of the name of the last created file in RAM, which allows us to use the names of two separate files to form these instructions. When we redirect the game's execution to the controllers, the first thing that controller 1 does is jump to the secondary file name, which then jumps to the primary file name and then away to normal execution. Along the way we are able to erase an instruction that suppresses input from the other three controllers, which means that now we can form instructions using multiple controllers (only the inputs of controllers 1 and 3 are 4 byte-aligned in RAM, so only those two can form full instructions).
4.  
5. Reserving controller 3 for a jump to safe execution, controller 1 can form nearly arbitrary instructions each frame. This allows us to write a small snippet of code which, when executed, sends us to the final cutscene of the credits (and also removes the usual fadeout).