Cybercrime , Fraud Management & Cybercrime , Governance & Risk Management

Nintendo Source Code for N64, Wii and GameCube Leaked

Nintendo Was Likely Anticipating the Dump After 2018 Intrusion
Nintendo Source Code for N64, Wii and GameCube Leaked
Nintendo's headquarters in Kyoto, Japan (Photo: David Offf via Flickr/CC)

Gamers are poring over a massive leak of Nintendo data, including source code for older gaming systems, prototypes of games and extensive software and hardware documentation.

See Also: Bank on Seeing More Targeted Attacks on Financial Services

The material includes the source code for the Wii, N64 and GameCube systems, and demo games for the N64. Also leaked were extensive hardware and software engineering documents as well as software development kits.

The leak is “of biblical, rarely heard of proportions,” writes Alex Donaldson, a journalist and web developer who follows gaming, on Twitter.

The data likely dates from a 2018-era intrusion into Nintendo’s network, which has been slowly leaking out. Efforts to reach several spokespeople at Nintendo were not immediately successful.

Some of the oldest material dates to the 1990s. Nintendo launched the N64 in 1996, and it was discontinued in 2002. The GameCube was sold from 2001 to 2007, and it was succeeded by the Wii, which ran through around 2013.

So what?

Why does anyone care?

There’s a thriving community of enthusiasts for bygone Nintendo games and systems. Even today, new details about how the storied Japanese company designed games, including scrapped bits that never became public, are of high interest.

Most of the games whose source code was released – especially those from the 1990s – were actually already disassembled and reverse engineered years ago, says a source who asked to remain anonymous. That allowed gamers to make their own “fan” version of games, with their own tweaks, he says. “But now that the actual source code has leaked, it reveals a lot more stuff that couldn’t be revealed via disassembly,” the source says.

As far as Pokémon, he says the documentation shows prototype characters as well as internal discussions at Nintendo on whether those proposed characters were viable. For enthusiasts, it “would be like if a whole bunch of Marvel comics leaked that were unfinished that were just never published,” he says.

And even though the older systems are long-gone from retailers, it’s still lost intellectual property for Nintendo that perhaps could be illegally monetized by others. As Donaldson writes in another tweet:

Donaldson continued: “Obviously, this is all highly illegal, but the internet is now going to do what it always does. I’m glad it doesn’t cover any current Nintendo products, only archival stuff.”

Leaked on 4chan

The material began leaking through anonymous sources in mid-April on 4chan, an unfiltered, public messaging board known for software leaks and offensive content.

ISMG downloaded a copy of the material, which appears to correlate with a description of the leak posted by a user on Resetera.com, a popular gaming forum.

Nintendo’s N64 console, released in 1996 (Source: Evan-Amos via Wikipedia/CC)

The total amount of material is believed to be as much as 2TB. But far less material has been released - just a third of a one percent, according to a YouTube user going by the name Sebastian, who has been posting videos and commentary about the leaks.

Two terabytes would represent a massive amount of material, especially for older game content, he says. Still, the material released so far is revealing, he says in a video posted on Monday.

“We have a lot of documents that came out of this that were not previously public that show how these systems work, the process behind getting the hardware just right and some software development stuff,” Sebastian says.

Nintendo Breached in 2018

The source of the material is unknown, but it's widely suspected to originate from a 2018 intrusion at Nintendo.

After that incident, Zammis Clark of Bracknell, England, pleaded guilty to computer hacking, including gaining access to unauthorized programs and data and uploading malicious software. Clark, who went by the nicknames wack0, Slipstream and Raylee, was sentenced to 15 months in prison in April 2019 in a London court (see: Hacker Who Hit Microsoft and Nintendo: Suspended Sentence).

Zammis was first accused of hacking the internal network of Microsoft in early 2017, stealing 43,000 files and uploading malware.

He was working for the security firm Malwarebytes at the time of his arrest in June 2017 and was subsequently fired from the company. But Clark was released with no restrictions on his use of computers.

Police then later accused him of accessing Nintendo’s network between March and May 2018, stealing more than 2,000 usernames and passwords.

Clark’s Twitter and GitHub accounts appear to have not been active since his legal troubles started a couple of years ago.

The anonymous source says that Clark shared material he stole from Nintendo with a close group of people. Those materials slowly started trickling out onto sites such as 4chan in mid-2018, but over the last few weeks, the leaks accelerated.


About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.