Zammis Clark Breach

From Rare Gaming Dump
Revision as of 17:31, 5 March 2021 by Lavacakes (talk | contribs)

The Zammis Clark Breach (parts thereof also commonly known as the "Gigaleak") was a massive data breach of internal Nintendo files rumored to be over 2.5TB in size, carried out by British security researcher Zammis Clark.[1]

The breach occurred in March 2018 when Zammis Clark illegally breached and obtained access to Nintendo's internal network, accessing servers used for the development of Nintendo's games and consoles. Zammis downloaded a large number of files from these servers rumored to total over 2.5 terabytes, including the source code and development files for various Nintendo games as well as development repositories for Nintendo systems including the Wii, iQue Player, and 3DS.

The earliest known date of the leaks is March 13th. In the files from the September 2nd leak, the date modified on every folder is March 13th, 2018. The build of the second archive in the October 21st leak was also made March 13th.

The latest known date of the leaks is May 25th, when Zammis could have stopped grabbing files. A build of Pokemon Sword dated May 25th was leaked in October.

While the contents of the breach have not been released publicly in full, a number of files from the breach have been gradually leaked to the public since it occurred, ranging from the initial release in April 2018 up to October 2020. While the initial releases were done by Zammis himself, Zammis disappeared from the Internet (presumably due to prosecution by law enforcement) in late 2018 before news reports were released in early 2019 stating that he had been arrested for the breach, although not incarcerated due to concerns over his autism making him a potential target while in prison.

Even though Zammis has been arrested and is presumably no longer allowed to access the Internet unsupervised, files from his breach continue to be leaked to the public (primarily on 4chan), implying that Zammis gave out data to a number of individuals prior to his arrest who are now slowly distributing it to the public.

The impact of the Zammis Clark Breach has been massive, releasing development files for a number of Nintendo products and exposing internal documents which were never meant to be seen by the public. Nintendo estimated damages of USD$1.8 million as a result of the breach, and as new items from the breach continue to be released, it remains to be seen what Nintendo properties will be affected and how Nintendo will respond to the situation.

Timeline of Releases

April 2018 - April 2020

2018, April

Zammis releases the iQue Player SDK and its unencrypted ROMs through the SUXXORS scene release group [2]

2018, May 26

Zammis posts Pokemon Spaceworld 97 ROMs to the pret discord server, through a Firefox Send link with a limit of 20 downloads.[3]

2018, May 31

Pokemon Spaceworld 97 Gold ROM leaks to 4chan.[4]

Pokemon Spaceworld 97 Silver ROM leaks to 8chan.[5]

2019, Feb 18

Helix Chamber releases the Pokemon Red/Green/Blue prototype assets they received from Ganix.[6] These were later found in the Gold/Silver/Crystal source code leak.

2019, June 17

Ganix shares a Japanese Diamond Debug ROM with The Cutting Room Floor (TCRF)[7]'s Discord server, claiming to have dumped it from a cartridge. He also supplemented it with a picture of the cartridge.[8] He mentioned that he modified a few strings in the ROM due to wanting to protect the safety of the developers. This (claiming to have dumped it from a cartridge) was later believed to be a lie as the ROM was most probably compiled from the Diamond/Pearl source code.

2019, December 19

Ganix uploads Diamond/Pearl beta sprites, a friend of his leaks the site URL to 4chan.[9] This was later found in the full Diamond/Pearl source code leak.

2020, March 19

A debug build of Pokemon Blue and Yellow was released to 4chan. The release also included a file named CRYSTAL_BY_NUM.SYM as well as screenshots of: an internal Game Boy manual, official Game Boy emulator, debug menu of Pokemon Gold, and Pokemon Diamond/Pearl prototype. [10]

Said file, the official Game Boy emulator, and the debug build of Pokemon Gold was later found in the Gold/Silver/Crystal source code leak. The internal Game Boy manual was also found in the Gigaleak and the Pokemon Diamond/Pearl prototype was able to be compiled from the Gigaleak as well.

2020, April 11

Nintendo lotcheck spreadsheets for Nintendo Entertainment System, Super Nintendo Entertainment System, Nintendo 64, Nintendo 64DD, Virtual Boy, Game Boy, Game Boy Color, Game Boy Advance, Nintendo DS, Nintendo DSi, Pokemon Mini were released to 4chan. (These were previously sent by Zammis on Discord in 2018, and were not redistributed by the unknown group responsible for the other leak releases.)[11]

2020, April 12

Pokemon Blue/Yellow's localization source code was released to 4chan, with the password poke1024.[12] On the same day, debug builds of Pokemon Gold and Silver were also released to 4chan.[13]

2020, April 25

Pokemon Gold/Silver/Crystal's source code was released to 4chan, which included Spaceworld 99 Gold and Silver.[14]

2020, April 28

Titlekeys for DSiWare and WiiWare titles were released to 4chan.[15] These were generated using the Wii/DSi/WiiU/3DS titlekey generation algorithm, which was later released. 3DS .cia files of the following titles were also released:

  • Mew Trading App(E)
  • NinoTool
  • O-Power ROM
  • Mew Trading App(J)
  • CTR-N-NAGA
  • CTR-N-AJZA
  • CTR-N-AXDA
  • Pokémon Anti-Cheat
  • Don't touch this title (This is NDO Production Test Title)
  • CTR-N-AJ7A

2020, April 29

3DS .cia files of the following titles were released:

  • 000400000001A8A00.1040
  • 000400000001A8A00.2080
  • 000400000001A8A00.3120

May 2020 - Present

2020, May 2

Main page: unsorted.7z

A leak of the software source code and documentation for the iQue Player and Wii was released on 4chan. This leak consisted of two BroadOn source trees, including the IOS source code and project page and the iQue Player software source code. As part of the iQue Player files, some internal data relating to the Nintendo 64 (similar to the contents of the Oman Archive) was found in the leak as well.[16]

2020, May 7

Main page: hw.7z

Header files of the 3DS version of Horizon OS was released to 4chan.[17]

2020, May 9

"Factory firmware setup cartridge for EUR n2DSXL" was released to 4chan. Shortly after, the full factory files (including the previous firmware setup cartridge) was released. [18]

2020, May 19

Pokemon Ruby/Sapphire/FireRed/LeafGreen's Japanese source code was released to 4chan.[19]

2020, May 21

Pokemon X/Y "distribution rom for debug" was released to 4chan.[20]

2020, May 23

Source code and documentation for the Nintendo 3DS was released to 4chan.[21] On the same day, source code to the Nintendo 3DS's Virtual Console was released to 4chan[22], as well as Pokemon Diamond/Pearl's Japanese source code.[23]

2020, May 24

More source code for the Nintendo 3DS was released to 4chan.[24]

2020, May 29

Nintendo's titlekey generation script for Wii/DSi/WiiU/3DS was released to 4chan.[25]

2020, July 24

Big leak of source code and prototypes of multiple Super Nintendo Entertainment System games, full source code to Pokemon Diamond/Pearl (including all commits since 2006, March 8), the source code and ROM files for the unreleased iQue NetCard, CGB and AGB bootrom source code, as well as lotcheck master ROMs of Nintendo Entertainment System and Famicom games were released to 4chan. This was termed the Gigaleak.[26]

2020, July 26

Main page: bbgames.7z

iQue/BroadOn localization source code for multiple Nintendo 64 games were released to 4chan. This was termed the Gigaleak 2 and received media attention for containing partial Super Mario 64 source code including unused data.[27]

2020, September 2

Main page: emeralds.7z

Pokemon Emerald's localization source code, as well as ATI's Wii source tree (including full hardware source code for the Wii) and the Wii Startup Disc partition data, was released to 4chan.[28] The Emerald source also included a map editor; a screenshot of it was floating around in 4chan prior to this leak, and the leak proved that it was genuine.

2020, September 9

3 archives were released to 4chan on this day[29], the contents of those files include: Pokemon Platinum's Japanese source code and its associated SDKs, lotcheck master ROMs of Game Boy and Game Boy Color, NTR bootrom source code, TWL IPL source code, iQue ROMs, Wii Sports Resort and Wii Fit Plus internal documentation, and many documentations. The folders inside this leak were all modified on 3/13/2018.

The lotcheck master ROMs had 240 ROMs that did not match the No-Intro 2020-09-05 database of GB and GBC. A non-exhaustive list of the unreleased ROMs are as follows:

  • Lunar Chase (X in English)
  • Sutte Hakkun (1996 and 1998 builds)
  • Gargoyle's Quest II (English)
  • "Kick Attack" (Magnetic Soccer in Japanese)
  • Game Boy Camera Hello Kitty
  • Gimmick Land aka Tomato Adventure
  • Hajimari no Mori (GBC version)
  • Pokemon Picross
  • Edd the Duck
  • Donkey Kong Land III prototype
  • Workboy
  • MBC3 tester
  • MBC5 tester

2020, September 30

Debug and demo builds of Pokemon Ranger and Mystery Dungeon, irisSDK, and lotcheck master ROMs of Famicom Disk System were released to 4chan.[30]

2020, October 17

5 archives were released to 4chan on this day[31], the contents of those files include: full source code to Pokemon Sun/Moon (including all commits from 2014-2017), previously unseen Wii factory and repair tools (32 different versions of SDboot, Wii Backup Disc source code, previously unseen Pre-Repair Check Disk source code, Mii Support Disc), Wii factory software (121J/RVL_DIAG) source code, many RVL_SDK and NDEV software prerelease internal versions, Every single version of IOS + tons of new IOS source code, Wii System Menu 1.0 RC1 (pre-1.0, has unused content)

2020, October 21

Main page: October 2020 Pokémon Sword leaks

2 archives, develop_Develop_30_20171222164419.zip and develop_Develop_264_20180326134219_Sword.zip and were released to 4chan on this day[32]. The first archive is a debug build of Pokemon Sword/Shield dated 2017, December 22 with the password ejfid934. The second archive contains a debug build of Pokemon Sword/Shield dated 2018, March 26, along with a .nss file. The password is JF9034jf.

2020, October 22

Main page: October 2020 Pokémon Sword leaks

2 new archives, develop_Develop_562_20180525204848_Sword.zip.001 and develop_Develop_562_20180525204848_Sword.zip.002 were released to 4chan on this day. The password is f9fdja9.

2020, December 21

2 archives, as usual. Documents.7z and NintendoSDK_fromSSD_IKEDA_20151124.zip were released to 4chan. These archives contain a Switch SDK from 2015 as well as several documents detailing Nintendo's efforts to handle hacking, including targeting specific hackers and exploits. Not only that, but it has a bunch of documents detailing other things, such as prototype Nintendo hardware and forgotten plans circa 2013-2014.

2020, December 22

One new archive, Secure.7z, was released to 4chan. This archive contains a bunch of leaked presentations and spreadsheets (and allegedly some source code for the Switch GameCard bootrom). It also contains plans for a different (yet familiar) design for the Nintendo Switch, the early oval design people saw in leaks from 2015 and 2016.

2020, December 24

A few new archives were released today to 4chan. 3 of these archives contain 3 revisions of the Switch's bootrom, and the fourth archive contains a beta ROM of the game Pokemon Let's Go Eevee. This game can only be run through hactool after using dev-keys however, as it hasn't been signed for retail consoles.

Status of Source Code

Bootroms

Bootroms[33]
Name Status When they were leaked Download
DMG bootrom Not leaked
CGB bootrom Leaked 2020, July 24 "gigaleak"
AGB bootrom Leaked 2020, July 24 "gigaleak"
NTR bootrom Leaked 2020, September 9
TWL IPL Leaked 2020, September 9
Horizon (3DS) Boot9 Leaked 2020, May 23
Horizon (3DS) Boot11 Leaked 2020, May 23
Switch Leaked 2020, Dec 24 t210_t214_brom.7z

Pokemon

Pokemon
Name Status When they were leaked Region Includes full source control?
Red/Green Not leaked
Blue/Yellow Leaked 2020, April 12 Localization No
Gold/Silver Leaked 2020, April 25 All Yes (there are compressed archives of the source at different points in time)
Crystal Leaked 2020, April 25 All No
Ruby/Sapphire Leaked 2020, May 19 Japan No
FireRed/LeafGreen Leaked 2020, May 19 Japan No
Emerald Leaked 2020, September 2 Localization No
Diamond/Pearl Leaked 2020, May 23 and 2020, July 24 All Yes
Platinum Leaked 2020, September 9 Japan No
HeartGold/SoulSilver Not leaked
Black/White Not leaked
Black 2 /White 2 Not leaked
X/Y Not leaked
Omega Ruby/Alpha Sapphire Not leaked
Sun/Moon Leaked 2020, October 17 - Yes
Ultra Sun/Ultra Moon Leaked 2020, October 17

*cuts into mid development

- Yes

Ganix

After Zammis released the Spaceworld 97 ROMs to the pret discord server with a limit of only 20 downloads, Team Spaceworld (TSW) was founded, made up of people who got the ROM. TSW's goals were to write documentation as well as create a translation for the Spaceworld ROMs. Zammis mentioned the files he had in TSW, and sent it to several people for archival. He also shared screenshots.

Soon after the Spaceworld ROM was shared in pret, screenshots of the build were slowly posted to 4chan's /vp/ board. The hype ramped up and was at a maximum when the ROM got leaked. The translation was never finished (files for an unfinished translation were released on 2020, Apr 22 - this was presumed to have been from TSW) and TSW becomes quiet.

Ganix was one of the people whom Zammis entrusted his data with. He anonymously shared the Blue/Yellow assets with Helix Chamber and helped create the Pokethon ROM (using the Blue/Yellow source code and prototype assets).

In December 2019, when Ganix uploaded the Diamond/Pearl beta sprites, a friend of his leaked the URL and doxxed him on 4chan. Ganix then admitted to uploading the beta sprites as well as other actions on the Glitch City Laboratories Forums, stating he had deleted everything.[34]

In March 2020, everything else TSW still had (given to them by Ganix) were released to 4chan (refer to the 2020, March 19 leak above). Ganix got furious and made a long statement on discord, saying how TSW could not be trusted. He also referred to the content Zammis gave him as "bad data", resulting in that phrase becoming synonymous with him.

In April 2020, Ganix posted screenshots of the following: Pokemon Mystery Dungeon (GBA) debug menu, Pokemon Generation 3 games' debug menu and Pokemon Ranger builds in the Hall of Origin Discord server.[35] He deleted those messages shortly after posting them. These were later posted to 4chan (refer to 2020, May 19 and 2020, September 30 leaks above).

  1. https://www.theverge.com/2019/3/28/18286027/microsoft-nintendo-vtech-security-hack-breach-researcher-guilty
  2. https://nintendosoup.com/nintendos-ique-player-hacked-fifteen-years-after-launches/
  3. https://media.discordapp.net/attachments/705829278851268649/736921633515896872/post.jpg
  4. https://i.imgur.com/UsGGX4x.png
  5. https://i.imgur.com/y31FWhm.png
  6. https://i.imgur.com/wHIQ1CJ.png
  7. https://i.imgur.com/sN3Z4Jh.png
  8. https://i.imgur.com/5etiK9n.png https://i.imgur.com/Iadwsl6.jpg
  9. https://i.imgur.com/wL3L1rv.png
  10. https://i.imgur.com/OQ50o2a.png
  11. https://i.imgur.com/uYmwKBa.png
  12. https://i.imgur.com/yTFaP4j.png
  13. https://i.imgur.com/us6TyAH.png
  14. https://i.imgur.com/jMc7Pp1.png
  15. https://i.imgur.com/DoxjTNE.png
  16. https://i.imgur.com/COFLHEo.png
  17. https://i.imgur.com/B40eALm.png
  18. https://i.imgur.com/sogDewS.png
  19. https://i.imgur.com/c5XUZiZ.png
  20. https://i.imgur.com/duSgmWe.png
  21. https://i.imgur.com/MwWazSn.png
  22. https://i.imgur.com/GJ327LN.png
  23. https://i.imgur.com/aLAD9Km.png
  24. https://i.imgur.com/tUUyyud.png
  25. https://i.imgur.com/0EcgYcz.png
  26. https://i.imgur.com/LnRJsOz.png
  27. https://i.imgur.com/x9ovGMK.png
  28. https://i.imgur.com/v8tPfo3.png
  29. https://i.imgur.com/hAGdlTr.png
  30. https://i.imgur.com/yNAgyhK.png
  31. https://i.imgur.com/OMjpDRq.png
  32. https://i.imgur.com/1L21KDA.png
  33. Credit: Starfrost
  34. https://archives.glitchcity.info/forums/board-2/thread-8950/page-0.html
  35. https://i.imgur.com/TlFkkQz.png

See also