It is not a secret that many big corporations and companies conceal sensitive data and projects from the public. In concern to video game companies, many of these internal game-related projects would never see the light of day even though there had already been a lot of money and time put into them. When these projects are ultimately canceled, it would be due to insufficient interest, development or technological issues or lack of required personnel caused by other demanding projects with a higher priority. In front of the public, the company-issued statements in regard to project cancellations are carefully crafted to discourage public dissent or its existence is entirely denied from the start.
However, 2020 would become a troublesome year for Nintendo as they had to deal with, what many news reporters would believe to be, the biggest data leaks in the history of video gaming. Information about long forgotten projects, delicate specifications of hardware prototypes and development agendas within game prototype builds would surface. As the event would be dubbed the Nintendo „Gigaleak“, this blog article will delve into the circumstances surrounding the leaks and the consequences not only for Nintendo but also for the gaming industry.
Background
Nintendo is a Japanese video game company that is engaged in developing and publishing video games and video game consoles. With an annual revenue of more than 11 billion dollars, Nintendo stands as a powerhouse in the video game landscape with influence and prestige sounding within the global market [1]. As with other similarly large industrial giants, Nintendo also has to deal with malicious attacks that are targeted towards phishing user account data, finding exploits in their security infrastructure and also within their games and consoles. Needless to say, a potential security leak could lead to serious issues which could undermine Nintendo’s ability to secure and protect valuable user data, both from a legal and moral perspective.
Even prior to the actual leaks which started in July 2020, Nintendo was already dealt a bad card in terms of cybersecurity incidents. In March 2020, Nintendo reported that up to 160.000 Nintendo Switch accounts were accessed by hackers and their Nintendo Network IDs were phished [2]. The manner on how the hackers could obtain access to the accounts is assumed to be either via credential stuffing attacks or by exploiting the legacy login system via NNID [3]. With sensitive user data including nicknames, birth dates and email-addresses leaked, Nintendo was urged to upgrade security measurements which later resulted in Nintendo requiring users to use two-factor authentication in order to prevent future unauthorized access [4]. The fact that the Gigaleak happened just months after this security incident could be attributed to bad luck on Nintendo’s part.
The Gigaleaks
To establish the base line of the blog article about the Gigaleak itself, it is important to mention that the leaks most likely started long before 2020, as a small set of leaks happened in 2018 which illegally publicized tech demo builds of Pokemon Gold and Silver from the Pokemon Space World Demo in 1997 [5]. Due to the comparable insignificance of the leak amount to the Gigaleak and it being an isolated incident, it was not evidently connected to the Gigaleak. Yet by the nature of how the later Gigaleaks would be distributed, a clear connection and reference to the 2018 leak could be established [6]. As the total file sizes of the leaks vary greatly, they are not always one gigabyte in size as some leaks are smaller than that. Despite this, as they likely all come from the same source, these individual incidences are still categorized as belonging to the Gigaleak events. More on the topic of the method of leak distribution and Behind the Scenes circumstances will be explained here.
Now for the leaks themselves: the Gigaleak consisted of nine separate leak incidents which exposes different topics of illegally obtained information and data. Its contents ranges from old documentation and drafts of potential technological patents, to development-specific game project CVSs (Concurrent Versions System) and unreleased game builds. With the exception of the very first leak in March 2018, the actual dump of data happens between July and December of 2020. This blog article will first explore the individual leaks and immediate caused impact. Afterwards, it will describe the circumstances surrounding the supposed leaker and the manner with which the data was obtained. Lastly we will summarize the findings of the leaks and Nintendo’s response and actions in regard to strengthening its security.
First Leak: March 2018
Back in March 2018, leaks surfaced on multiple platforms and they likely came from the same source. Leaks of a mysterious ROM containing the Space World 1997 prototype of Pokemon Gold and Silver (labelled “SW97”) were uploaded to PRET’s discord server [7]. PRET stands for “Pokemon Reverse Engineering Team” and their github account shows feats of decompilations and disassemblies of various Pokemon game titles, including being able to fully reverse engineer Pokemon Red and Blue back into Z80 assembly code [8].
More presentable images such as records of old and scrapped Pokemon designs and a discontinued China-only console model called the iQue Player were leaked onto the image-based bulletin board 4chan [9]. Especially the Pokemon design leaks sparked huge discussions on the internet and gave valuable insight on earlier design prototypes and also about certain common criteria which ruled Pokemon designs out from being picked [10].
Second Leak: July 2020
Around the 24th of July 2020, a series threads on 4chan titled “Gigaleak” would publish several compressed files containing source codes of earlier Nintendo consoles such as the Super Nintendo Entertainment System (SNES) and the Nintendo 64 (N64). The leaks were numerous gigabytes in size and the term Gigaleak would primarily refer to the leak incidences on the image-based bulletin board 4chan. As the terminology is not adopted naturally, some people refer to the leak of SNES and N64 source codes as separate incidences while internet archivists would sum them up into one big leak [11] [12].
People immediately sought out validation of these files by bringing in the opinion of former Nintendo employees who in fact confirmed them to be valid as they have seen the exact files during their work days at Nintendo. Especially the sheer size and the granular detail of the information would speak for its validity [13].
Besides the leaks of the console source code, several game ROMS and SVN repositories were leaked, which covered the following Nintendo consoles and handhelds: SNES, Famicon/NES, Gameboy, Gameboy Color and N64 [11]. The repositories revealed unused assets directly tied to the game or even related to Nintendo’s future game projects which were created as initial prototypes [13].
These types of leaks sparked discussion but also caused concern as private conversations between members of the development team were found within the source code and repository history, including some very private mail exchanges. The former lead developer of Star Fox especially commented on the fact that he was frustrated by the public discussion on the source code comments and that many did not understand the technological leap in utilizing one of the first multi-threaded tokenized script languages for a video game [14].
As the public would marvel over the findings of the leaks, the tightlipped community focused on game preservation would find themselves in a difficult spot if Nintendo decided to tighten up their security in response to the leaks. On the other hand, it would serve as solace to those who were affected by the Nintendo account breaches back in March 2020 [14].
Third-Fifth Leak: September 2020
After an uneventful month of August, the leaks continued in September. The first of the September leaks happened on the first week with documents surfacing about two unreleased GameCube models. The first model would resemble the current Nintendo Switch as the model specification of this hybrid console version would list a built-in display and the ability to be connected to a TV via docking station [15].
The second model with its codename ‘Tako’ would render games at HP video resolutions. The model with its high specs would be thought of as an competitive answer to the XBOX360 and the PlayStation 3. It is unclear how far this console consideration went in terms of prototype manufacturing as nothing but its specifications was leaked [16].
Just one week later, a fourth set of leaks happened with a very sizeable amount of data. It’s informal name would be titled “Gigaleak 3” due to the sheer size of leaked materials but the actual numbering would stay inconsistent with the transpired events and public retelling. The fourth set of leaks contained internal documents for Wii Sports and Wii Sports Resort for the Nintendo Wii, and also various source code repositories for the portable Nintendo DSi handheld and DSi apps. The leak also contained numerous unreleased GameBoy games alongside prototypes of unreleased localized versions, many of which were thought to have never existed [17] [18]. The most notable content of this leak was the entire source code for Pokemon Platinum, hence why some also called this leak set the “Platinum Leak” [19].
On the last day of September, the fifth set of leaks happened with debug and demo ROMs of various Poekmon games including Pokemon Ranger, Pokemon Mystery Dungeon and the FireRed/LeafGreen remakes. These builds were primarily used for quality assurance and E3 demo panels. The leaks also contained SDKs for the Nintendo DS and source code repositories for the 3DS boot ROMs [20].
Sixth-Eighth Leak: October 2020
The month of October would see three individual sets of leaks yet again but the topic would stay solely focused on Nintendo’s Pokemon games for the Nintendo 3DS handheld and the Nintendo Switch. The first set included source code repositories of Pokemon Sun an Moon and their rereleases UltraSun and UltraMoon [21]. The seventh leak contained source code repositories for Pokemon Sword and Shield including prototype UI designs and beta builds which were based off Pokemon Sun and Moon. Although the files within the leaks were password-protected, they were easily brute-forced [22].
The last October leak contained another password-protected archive of a more recent build of Pokemon Sword. The leak itself did not receive much traction on the internet as most information could be traced with the early leaks of Pokemon Sword.
Ninth Leak: December 2020
Another leak happened on December 2020, now we exclusive info about the development and design specifications of the Nintendo Switch with an included SDK from 2015 and related documents about security details. The design mockups visualizes the Nintendo Switch prototype to have a circular shaped display and far less powerful hardware than the finalized product. The initial concept of the Nintendo Switch was that of a stronger Nintendo 3DS with no docking capabilities but instead communicating with the television wirelessly [23].
Besides the information about the Nintendo Switch, the leak also contained secretive information about Nintendo’s surveillance protocols in concern to a Belgian hacker and the subsequent attempts to recruit and hire him [23]. This Belgian hacker by their online handle Neimod and codename “Belgian Waffle” was active in the 3DS homebrew scene with a history of hacking Nintendo-related products. Nintendo’s surveillance resulted in a portfolio of Neimod’s daytime activities and even included his engagement with family, occupation and close friends [24].
Lastly, the leaks included the source code repository for the Nintendo Switch boot ROM that was affecting both hardware revisions.
Tenth Leak: July 2021
After a long hiatus, the Gigaleak continued with one final leak on the 20th of July. The leaks included the source code of Nintendo Wii’s Service program and several prototype builds of Pokemon X and Y, Pokemon Emerald, Pokemon Diamond and Pealr and Pokemon Let’s Go Eevee!. It also included the full development repository for the cancelled iQue Box, which was the successor to the china-only iQue and all related documentation [25].
Lastly, it also contained the personal email inbox of Murakawa Tsushin, who is a Nintendo employee and in charge of the localization from Japanese to Korean and English and handful of other European languages. The fact that this particular mail box was included in the leaks would later become another important clue for the investigation of the main perpetrator of the Gigaleak incidents [26] [27].
The Perpetrators
In order to search for the perpetrator who initiated the leaks, it is important to clarify the means in which the files were obtained and the time periods of the leaked information. when discussing the time frame of the first and second leak incident, the leaks happened on two different platforms: the PRET discord server and 4chan. It is highly plausible by the file formats and structure, that the source was likely the same.
The first indicator was the unique file format found in the leaks which were specific to BroadOn’s development tools. BroadOn was a software engineering company who was contracted by Nintendo to develop Wii hardware and software. Many of the Wii specifications found in the leaks were exclusively accessible only by the BroadOn company. So the suspicion was that either BroadOn’s security was compromised and their server was leaking data or the perpetrators were working as employees at BroadOn [28].
As time went on and numerous other leaks surfaced, it would seem that the leakers were in possession of far more material than BroadOn’s reach could suggest. Due to how the leaks were systematically uploaded and distributed to the internet, it would seem that the leaker would incorporate the help of several of their trusted acquaintances who would then spread the files as their proxy. The leaker themselves would adopt several different nicknames and online handles for each occassion. For the purposes of sharing files and plan the leaks, they would found Team Spaceworld (TSW) and use the Glitch City Laboratories forum to spread insights and files prior to their leaks on 4chan [29]. As Nintendo would trace back the amount of material leaked to the past incidents of Nintendo server access infringements, they would soon stumble upon the name of Zammis Clark, who was previously pleaded guilty for infiltrating Microsoft and Nintendo’s servers between March and May of 2018 [30].
In search for validating Zammis Clark to be the perpetrator, they traced back all of his aliases including SlipStream, wack0, Riley, Raichain, Raylee. Many of his online handles could be traced back even to his participations in pokemon challenge romhacks where he openly used these aliases [31]. Clark, at the time of his server infiltrations, worked as a security expert at Malwarebytes and had an unusual obsession with Nintendo and Pokemon.
The Breach
Assumingly, Clark gained access to Nintendo’s internal network via VPN and then obtained 2,365 usernames and passwords. During the time frame of March and May of 2018, he illegally obtained material in size of at least 2 terabytes and then distributed them to his close friends who would then leak the files on 4chan on his behalf. Even though Zammis Clark was sentenced to 15-months in prison, his condition and the mercy of the judge spared him from prison [32].
Even after Zammis Clark ceased any activities surrounding the distribution of leaks or supporting any third party actions that would be incriminating, the damage was already done. More than 2 terabytes of uncompressed information was on the internet and ready to be leaked [33].
Nintendo’s Response in concern to security
In Nintendo’s 82nd Annual General Meeting of Shareholders in 2022, Nintendo addressed the security concerns surrounding the 2020 leaks. Nintendo’s president Shuntaro Furukawa had stated that in concern to information security, they have introduced an information security management system and an Information Security Committee. Additionally, Nintendo had established policies for information management which also adopted countermeasures both in physical and technical manners. Nintendo also confirmed that they will cooperate with outside specialists and conduct diagnostics to check for any potential security issues. Lastly, Nintendo will raise awareness of information security among their employees through training and other means to discourage malicious social engineering [34].
Closure
The later half of 2020 proved to be a hectic time period as old gaming myths and rumors were solved and answered. Of more than 2 terabytes of data leaked, only several gigabytes was released to the public via uploads. And from the leaked materials, some of them even dated as far back as 1980. The Nintendo Gigaleak is considered the biggest dump of illegally obtained information in gaming history. For fans and video game preservationists, the Gigaleaks were both insightful and meaningful as for example in 2021, the leaks of Super Mario Advance’s source code was used to recreate music that would sound native prior to being compressed to fit hardware limitations [35].
Although the means to achieve the Gigaleak was malicious and negligent, depending on the point of view and use case, Nintendo’s Gigaleak serves as another example that video games are a work of art and active game preservation can happen through the development studio or also by the overly proactive fanbase alike.
Sources
References
[1] Macrotrends. Nintendo Revenue 2010-2022 | NTDOY. published on 30.11.22. https://www.macrotrends.net/stocks/charts/NTDOY/nintendo/revenue (last accessed: 29.07.23)
[2] Shirey, J Brodie. Nintendo Confirms that 160,000 Accounts Have Been Hacked. published on 24.04.20. https://screenrant.com/nintendo-hack-160-thousand-accounts/ (last accessed: 29.07.23)
[3] Cimpanu, Cimpanu. Nintendo says 160,000 users impacted in recent account hacks. published on 24.04.20. https://www.zdnet.com/article/nintendo-says-160000-users-impacted-in-recent-account-hacks/ (last accessed: 29.07.23)
[4] Hope, Alice. Hackers Breached Over 160,000 Nintendo Accounts and Misused Payment Information, the Company Admits. published on 05.05.20. https://www.cpomagazine.com/cyber-security/hackers-breached-over-160000-nintendo-accounts-and-misused-payment-information-the-company-admits/ (last accessed: 29.07.23)
[5] Niwanetwork. 2018-2020 Nintendo, Microsoft data breaches. published on 21.10.20. https://niwanetwork.org/wiki/2018-2020_Nintendo,_Microsoft_data_breaches (last accessed: 29.07.23)
[6] Klepek, Patrick. A Massive Leak of Nintendo Source Code Is Causing Chaos in Video Games. published on 28.07.20. https://www.vice.com/en/article/7kp7bx/a-massive-leak-of-nintendo-source-code-is-causing-chaos-in-video-games (last accessed: 29.07.23)
[7] Glitch City Laboratories Archives. Clarification on Recent Events. published on 05.09.20. https://archives.glitchcity.info/forums/board-2/thread-8950/page-0.html (last accessed: 29.07.23)
[8] Retroreversing. Reversing Pokemon Red and Blue (Game Boy). published on 21.07.23. https://www.retroreversing.com/pokemonredblue (last accessed: 29.07.23)
[9] Wikiwand. Nintendo data leak. published on 08.09.20. https://www.wikiwand.com/en/2020%E2%80%9321_Nintendo_data_leak (last accessed: 29.07.23)
[10] Radulovic, Petrana. The best parts of the Pokémon Gold demo leaks are the early Pokémon designs. published on 31.05.18. https://www.polygon.com/2018/5/31/17413826/pokemon-gold-demo-leak (last accessed: 29.07.23)
[11] Retroreversing. Gigaleak – SNES Source Code Leak. published on 03.09.20. https://www.retroreversing.com/gigaleak (last accessed: 29.07.23)
[12] Hernandez, Patricia. Massive Nintendo leak reveals early Mario, Zelda, and Pokémon secrets. published on 26.07.20. https://www.polygon.com/2020/7/26/21339018/nintendo-gigaleak-super-mario-64-zelda-pokemon-what-is-it-snes (last accessed: 29.07.23)
[13] Fingas, Jon. Nintendo ‘gigaleak’ reveals the classic games that never were. published on 26.07.20. https://www.engadget.com/nintendo-game-code-art-leak-232524453.html (last accessed: 29.07.23)
[14] Simmons, Nathan. The Truth Behind The Epic Nintendo Leak. published on 27.07.20. https://www.svg.com/230528/the-truth-behind-the-epic-nintendo-leak/ (last accessed: 29.07.23)
[15] McFerran, Damien. Turns Out Nintendo Was Thinking About A Switch-Style Device Back In The GameCube Era. published on 03.09.20. https://www.nintendolife.com/news/2020/09/turns_out_nintendo_was_thinking_about_a_switch-style_device_back_in_the_gamecube_era (last accessed: 30.07.23)
[16] Strickland, Derek. Before the Switch, Nintendo had a portable Gamecube hybrid. published on 07.09.20. https://www.tweaktown.com/news/74947/before-the-switch-nintendo-had-portable-gamecube-hybrid/index.html (last accessed: 30.07.23)
[17] Walker, Ian. New Nintendo Leak Includes Numerous Unreleased Game Boy Games. published on 10.09.20. https://kotaku.com/new-nintendo-leak-includes-several-unreleased-game-boy-1845017212 (last accessed: 30.07.23)
[18] Richards, Brian. Wii Sports included in latest Nintendo leak, shows Miis with ears and jetpack mini game. published on 13.09.20. https://nintendoeverything.com/wii-sports-included-in-latest-nintendo-leak-shows-miis-with-ears-and-jetpack-mini-game/ (last accessed: 30.07.23)
[19] Retroreversing. Nintendo Platinum Leak. published on 19.09.20. https://www.retroreversing.com/platinumleak (last accessed: 30.07.23)
[20] Ryccardo. The Gigaleak 5 (Pokémon spinoffs and FDS master disks). published on 30.09.20. https://gbatemp.net/threads/the-gigaleak-5-pokemon-spinoffs-and-fds-master-disks.574759/ (last accessed: 30.07.23)
[21] Ryccardo. Pokémon 7th/8th gens & Wii service discs leaked (The Gigaleak 6). published on 17.10.20. https://gbatemp.net/threads/pokemon-7th-8th-gens-wii-service-discs-leaked-the-gigaleak-6.575701/ (last accessed: 30.07.23)
[22] Hernandez, Patricia. Pokémon Sword and Shield beta has unprecedented leak. published on 22.10.20. https://www.polygon.com/2020/10/22/21528532/pokemon-sword-shield-leak-beta-prototype-early-build-cut-monsters-nintendo-switch-game-freak-4chan (last accessed: 30.07.23)
[23] Robinson, Andy. Nintendo has reportedly suffered another major data leak, now related to Switch. published on 22.12.20. https://www.videogameschronicle.com/news/nintendo-has-reportedly-suffered-another-major-data-leak-now-related-to-switch/ (last accessed: 30.07.23)
[24] Dirkes, Jonas. Nintendo: Switch-Hacker werden gejagt – Schock-Taktiken geleakt. published on 26.01.21. https://www.ingame.de/news/nintendo-switch-leak-hacker-geheim-dokumente-neimod-belgien-twitter-90150247.html (last accessed: 30.07.23)
[25] UltimatePopCulture. 2020–21 Nintendo data leak. published on 08.09.20. https://ultimatepopculture.fandom.com/wiki/2020%E2%80%9321_Nintendo_data_leak (last accessed: 30.07.23)
[26] Retroreversing. The Unexpected 2021 Nintendo Leak. published on 21.07.23. https://www.retroreversing.com/nintendo-2021-leak (last accessed: 30.07.23)
[27] Retroreversing. Nintendo Hidemaru Mail Leak. published on 21.07.23. https://www.retroreversing.com/nintendo-hidemaru-mail-leak (last accessed: 30.07.23)
[28] Robinson, Andy. Nintendo has reportedly suffered a significant legacy console leak. published on 04.05.20. https://www.videogameschronicle.com/news/nintendo-has-reportedly-suffered-a-significant-legacy-console-leak/ (last accessed: 31.07.23)
[29] RareGamingDump. Zammis Clark Breach. published on 26.05.21. https://wiki.raregamingdump.ca/index.php/Zammis_Clark_Breach (last accessed: 31.07.23)
[30] Kan, Michael. Wii Hacker: Leaked Source Code for Nintendo Gaming Systems Is ‘Nonsense’. published on 05.05.20. https://www.pcmag.com/news/report-source-code-for-older-nintendo-gaming-systems-leaks-online (last accessed: 31.07.23)
[31] Youtube. TheZZAZZGlitch’s April Fools event 2018 – the results!. published on 09.04.18. https://youtu.be/ro9sH2qHyD8?t=32 (last accessed: 31.07.23)
[32] Warren, Tom. Security researcher pleads guilty to hacking into Microsoft and Nintendo. published on 28.03.19. https://www.theverge.com/2019/3/28/18286027/microsoft-nintendo-vtech-security-hack-breach-researcher-guilty (last accessed: 31.07.23)
[33] Klepek, Patrick. A Massive Leak of Nintendo Source Code Is Causing Chaos in Video Games. published on 28.07.20. https://www.vice.com/en/article/7kp7bx/a-massive-leak-of-nintendo-source-code-is-causing-chaos-in-video-games (last accessed: 29.07.23)
[34] Nintendo. Q&A Summary. published on 04.07.22. https://www.nintendo.co.jp/ir/pdf/2022/qa2206e.pdf (last accessed: 31.07.23)
[35] Porter, Jon. Listen to this amazing remaster of Super Mario World’s soundtrack. published on 05.02.21. https://www.theverge.com/tldr/2021/2/5/22267967/super-mario-world-restored-soundtrack-audio-samples-gigaleak (last accessed: 31.07.23)
Image Sources
[I1] https://www.eurogamer.net/pokemon-designs-leak-from-gold-and-silver-demo
[I2] https://www.polygon.com/2018/5/31/17413826/pokemon-gold-demo-leak
[I3] https://nintendo-online.de/artikel/report/40338/inside-nintendo-188-die-spektakulaersten-entdeckungen-des-nintendo-gigaleaks-2020-teil-3
[I4] https://twitter.com/dylancuthbert/status/1286789583061934080
[I5] https://twitter.com/toruzz/status/1301198144013824000
[I6] https://techraptor.net/gaming/news/new-nintendo-gigaleak-files-show-wiimote-prototypes-and-more
[I7] https://twitter.com/Lewchube/status/1319034284422955008
[I8] https://twitter.com/forestillusion/status/1341230631913541633
[I9] https://wiki.raregamingdump.ca/index.php/Zammis_Clark_Breach
[I10] https://www.youtube.com/watch?v=CxKTbcs1t7M
[Ix] self-procured
Leave a Reply
You must be logged in to post a comment.