Zammis Clark Breach

Revision as of 12:50, 5 September 2020 by Xprism (talk | contribs) (fix formatting)

The Zammis Clark Breach is a massive data breach of internal Nintendo files rumored to be over 2.5TB in size, carried out by British security researcher Zammis Clark.[1]

The breach occurred in March 2018 when Zammis Clark illegally breached and obtained access to Nintendo's internal network, accessing servers used for the development of Nintendo's games and consoles. Zammis downloaded a large number of files from these servers rumored to total over 2.5 terabytes, including the source code and development files for various Nintendo games as well as development repositories for Nintendo systems including the Wii, iQue Player, and 3DS.

While the contents of the breach have not been released publicly in full, a number of files from the breach have been gradually released to the public since it occurred, ranging from the initial release in April 2018 up to July 2020. While the initial releases were done by Zammis himself, Zammis disappeared from the Internet (presumably due to prosecution by law enforcement) in late 2018 before news reports were released in early 2019 stating that he had been arrested for the breach, although not incarcerated due to concerns over his autism making him a potential target while in prison.

Even though Zammis has been arrested and is presumably no longer allowed to access the Internet unsupervised, files from his breach continue to be leaked to the public (primarily on 4chan), implying that Zammis gave out data to a number of individuals prior to his arrest who are now slowly distributing it to the public.

The impact of the Zammis Clark Breach has been massive, releasing development files for a number of Nintendo products and exposing internal documents which were never meant to be seen by the public. Nintendo estimated damages of USD$1.8 million as a result of the breach, and as new items from the breach continue to be released, it remains to be seen what Nintendo properties will be affected and how Nintendo will respond to the situation.

Ganix

After Zammis released the Spaceworld 97 ROMs to the pret discord server, with a limit of only 20 downloads, Team Spaceworld (TSW) was founded, made up of people who got the ROM. TSW's goals were to write documentation as well as create a translation for the Spaceworld ROMs. Zammis mentioned the files he had in TSW, and sent it to several people for archival. He also shared screenshots.

Soon after the Spaceworld ROM was shared in pret, screenshots of the build were slowly posted to 4chan's /vp/ board. The hype ramped up and was at a maximum when the ROM got leaked. The translation was never finished (files for an unfinished translation were released on 2020, Apr 22 - this was presumed to have been from TSW) and TSW becomes quiet.

Ganix was one of the people whom Zammis entrusted his data with. He anonymously shared the Blue/Yellow assets with helix chamber and helped create the pokethon ROM (using the Blue/Yellow source code and prototype assets).

In December 2019, when Ganix uploaded the Diamond/Pearl beta sprites, a friend of his leaked the URL and doxxed him on 4chan. Ganix then admitted to uploading the beta sprites as well as other actions on the Glitch City Laboratories Forums, stating he had deleted everything he had.[2]

In March 2020, everything else TSW still had (given to them by Ganix) were released to 4chan (refer to the 2020, March 19 leak below). Ganix got furious and made a long statement on discord, saying how TSW could not be trusted. He also referred to the content Zammis gave him as "bad data", resulting in that phrase becoming synonymous with him.

Timeline of Releases

2018, April Zammis releases the iQue Player SDK and unencrypted ROMs through the SUXXORS scene release group [3]

2018, May 26

Zammis posts Pokemon Spaceworld 97 ROMs to the pret discord server, through a Firefox Send link with a limit of 20 downloads.[4]

2018, May 31

Pokemon Spaceworld 97 Gold ROM leaks to 4chan.[5]

Pokemon Spaceworld 97 Silver ROM leaks to 8chan.[6]

2019, Feb 18

Helix Chamber releases the Pokemon Red/Green/Blue prototype assets they received from Ganix.[7] This was later found in the Gold/Silver/Crystal source code leak.

2019, June 17

Ganix shares a Japanese Diamond Debug ROM with The Cutting Room Floor (TCRF)[8], claiming to have dumped it from a cartridge. He also supplemented it with a picture of the cartridge.[9] He mentioned that he modified a few strings in the ROM due to wanting to protect the safety of the developers. This (claiming to have dumped it from a cartridge) was later believed as the ROM was most probably compiled from the Diamond/Pearl source code.

2019, December 19

Ganix uploads Diamond/Pearl beta sprites, a friend of his leaks the site URL to 4chan.[10] This was later found in the full Diamond/Pearl source code leak.

2020, March 19

A debug build of Pokemon Blue and Yellow was released to 4chan. The release also included a file named CRYSTAL_BY_NUM.SYM as well as screenshots of: an internal Game Boy manual, official Game Boy emulator, debug menu of Pokemon Gold, and Pokemon Diamond/Pearl prototype. [11]

Said file, the official Game Boy emulator, and the debug build of Pokemon Gold was later found in the Gold/Silver/Crystal source code leak. The internal Game Boy manual was also found in the Gigaleak and the Pokemon Diamond/Pearl prototype was able to be compiled from the Gigaleak as well.

2020, April 11

Nintendo lotcheck spreadsheets for Nintendo Entertainment System, Super Nintendo Entertainment System, Nintendo 64, Nintendo 64DD, Virtual Boy, Game Boy, Game Boy Color, Game Boy Advance, Nintendo DS, Nintendo DSi, Pokemon Mini were released to 4chan.[12]

2020, April 12

Pokemon Red/Blue's localization source code was released to 4chan.[13] On the same day, debug builds of Pokemon Gold and Silver were also released to 4chan.[14]

2020, April 25

Pokemon Gold/Silver/Crystal's source code was released to 4chan, which included Spaceworld 99 Gold and Silver.[15]

2020, April 28

Titlekeys for DSiWare and WiiWare titles were released to 4chan.[16] These was generated using the titlekey generation algorithm, which was later released. 3DS .cia files of the following titles were also released:

  • Mew Trading App(E)
  • NinoTool
  • O-Power ROM
  • Mew Trading App(J)
  • CTR-N-NAGA
  • CTR-N-AJZA
  • CTR-N-AXDA
  • Pokémon Anti-Cheat
  • Don't touch this title (This is NDO Production Test Title)
  • CTR-N-AJ7A

2020, April 29

3DS .cia files of the following titles were released:

  • 000400000001A8A00.1040
  • 000400000001A8A00.2080
  • 000400000001A8A00.3120

2020, May 2

Big leak of source code and documentation to Nintendo 64, Nintendo 64DD, Nintendo GameCube, Nintendo Wii and iQue systems were released to 4chan.[17]

2020, May 7

Header files of the 3DS OS "Horizon" was released to 4chan.[18]

2020, May 9

"Factory firmware setup cartridge for EUR n2DSXL" was released to 4chan. Shortly after, the full factory files (including the previous firmware setup cartridge) was released. [19]

2020, May 19

Pokemon Ruby/Sapphire/FireRed/LeafGreen's Japanese source code was released to 4chan.[20]

2020, May 21

Pokemon X/Y "distribution rom for debug" was released to 4chan.[21]

2020, May 23

Source code and documentation for the Nintendo 3DS was released to 4chan.[22]. On the same day, source code to the Nintendo 3DS's Virtual Console was released to 4chan[23], as well as Pokemon Diamond/Pearl's Japanese source code.[24]

2020, May 24

More source code for the Nintendo 3DS was released to 4chan.[25]

2020, May 29

Nintendo's titlekey generation script was released to 4chan.[26]

2020, July 24

Big leak of source code and prototypes of multiple Super Nintendo Entertainment System games, full source code to Pokemon Diamond/Pearl (including all commits since 2006, March 8), an unreleased GBA peripheral "netcard", as well as lotcheck master ROMs of Nintendo Entertainment System and Famicom were released to 4chan. This was termed the gigaleak.[27]

2020, July 26

iQue/BroadOn localization source code for multiple Nintendo 64 games were released to 4chan.[28]

2020, September 2

Pokemon Emerald's localization source code, as well as files related to the Wii (verilog and documentation for Wii GPU, source code for diagnostic tests, Startup Disc images (development and retail, both are identical except for signatures, v0)) was released to 4chan.[29] The Emerald source also included a map editor. A screenshot of it was floating around in 4chan prior to this leak, and the leak proved that it was genuine.