Nintendo leak allegedly reveals Switch security details, tactics used against hackers
A series of Nintendo internal documents allegedly leaked earlier today, and may contain information that could be very damaging to the company.
Given the sensitive nature of the leak, it’s difficult to be sure where it got first posted, and whether its content is legit or if this is an elaborate hoax. The files could very well be a mix of legitimate leaks mixed with stuff of more dubious origin.
According to twitter account @forestillusion, some older Nintendo switch private keys were leaked, but “apparently changed sometime between the files in this leak and the launch of the system”.
Someone tested the leaked keys and they didn’t match. The private key apparently changed sometime between the files in this leak and the launch of the system. So close.
— Forest of Illusion (@forestillusion) December 22, 2020
Hacker Marcan of Fail0verflow fame also implicitly acknowledged that the leak was real, making a parallel with some of what has been found in the documents (he is named in the documents as well) and his own experience working as freelancer for Nintendo in 2015. In particular, the documents reveal how Nintendo apparently attempted to track some hackers down, with the intent to work directly with them (hire them) or intimidate them through legal threats depending on the case. 3DS hackers such as Yellows8, Smealum, and Neimod are apparently directly named in the documents.
Storytime: I did some pentesting and advising work for Nintendo after they approached me (via email, not stalking) in 2015. This was professional work on a freelance/consulting basis.
That NDA has expired. I won’t talk about project details but let’s talk about how that went.
— Hector Martin (@marcan42) December 22, 2020
The leak also contains apparently useless files such as the occasional funny picture. It is unclear if this is part of the leak, or was introduced there by the person who did the leak.
Totaling almost 1GB of data such as powerpoint presentations, keys in text files and pdf documents, it might take a few days for hackers to go through the files and see if anything interesting is in there for them. Given that most files date back to 2013, it is likely that any encryption key, if any, is too old to be used anywhere by the scene, but only time will tell.
This goes without saying, but please do not share any link to the leaked data here. We will take down such links as the data probably contains Nintendo intellectual property.