An investigation concerning an upload of a source code leak of the Video Game Undertale
February 11, 2019
Recently a project of interest popped up in my activity feed on GitHub as someone I follow (I do not remember who) starred the project, that project being a leak of the source code of the video game Undertale.
For those of you who don’t know Undertale is an RPG inspired by Earthbound and developed by Toby Fox (who also developed Deltarune), currently you can buy a copy for $9.99 on the official website.
The uploader reuploaded the game’s source code to GitHub without a proper license. This could lead to lost sales or people misusing the files in unexpected ways. Either way it’s bad, this post is what I learned during my investigation of the uploaders actions.
To keep things simple, someone used a special tool called a decompiler to take apart the files of the video game Undertale. This process allows you to see how the game’s “scripts” (files that tell the game program what to do) work in detail along with extracted assets such an images and unused music from the game.
This while an interesting process, should not be done without the creators permission, at least if you do this don’t publish without permission. The developers work hard on the games and shouldn’t have their hardworks’ secrets published on the internet unless they (the developers) want them published.
It’s started a community effort to get the decompiled code into a working state
This could lead to fan game style “forks” (a copy of the game but with changes, for example a different story, new art, or additional mechanics) of the game Undertale. While those forks are technically also illegal due to copyright and license restrictions, it’ll be interested to see how community efforts which aren’t out of malice will be treated by the developers and the publishers.
“Isn’t this like totally illegal ???” (Issue #8)
A user raised an issue asking the uploader if they knew their project was likely illegal (Issue #8) (See Screenshot) and in return was mocked by the uploader who said in reply “Do wat yee want Caz a pirate is free”. It’s clear that the uploader acted out of malice. What’s worse is based on what I learned about the uploader, they’re an adult, not some teenager acting out of defiance againist society.
Who is the uploader?
Based on comments in the GitHub issues for the project, the most likely uploader is the GitHub User @Silica (See Screenshot)(I’m 99% sure, but prove me wrong!), however the uploader uploaded through an alternate account @TotallyTobyFox (See Screenshot) to evade detection by the publisher.
While the alternative account plays it off if they were just given the source code and permission from “their friend” to publish the decompiled source code, its likely they decompiled the source code themselves, after all if this “friend” was okay with it being published, why didn’t they create a GitHub Profile and do it themselves? Looking at Silica’s other GitHub Projects they are more than capable of doing that type of decompile project on their own (e.g. it wasn’t handed to them by a friend). Of course someone whose uploading leaked / decompiled source code probably doesn’t want it traced back to themself for hopefully obvious reasons. Copyright infringement can lead to civil damages and sometimes jail time, you have a vested interest in hiding your identity.
The thing that broke their anonymity is likely that they shared with their friends who had a negative reaction to the project. In the first issue discussing the project members suggested the uploader delete the project before they get into legal trouble. (Issue #1) (See Screenshot) This traces back to a now deleted issue (See Screenshot) This is of course speculation and the GitHub account may in fact be unrelated, but the evidence points otherwise. But if someone can point to evidence proving otherwise, please send me an email (firstname.lastname@example.org). Users continue to express their outage at the project and are upset the maintainer choose to silence the voices of their critics. (Issue #11) (See Screenshot)
What happens next?
It’s possible the publisher will take action to get the files removed, perhaps they’ll try to get the identity of the uploader and take legal action. The only certain thing is the developers will be outraged to see their work treated this way.
Waiting on a comment from FanGamer
FanGamer did not provide a comment for the post. They said thanks for making us aware of the issue. It appears they filed a DMCA Notice to GitHub.
Waiting on a comment from Silica
I wasn’t able to find an email for Silica, Silica if you see this article and wish to tell your side of the story, please email email@example.com with your comment and I’ll place it here.
Update February 15th, 2019
A few things have happened since publishing this post.
If you visit the GitHub Repo of the leak you’ll see a DMCA Takedown Notice instead of the repo.
It was pointed out that the GitHub Account might be wrong. As before it’s unconfirmed and only a suspicion.
GitHub User Pika stated the following
the github user is wrong.
look around bitbucket for GM:S related projects to find them 👀
It’s unclear whether anything further will occur of this. I’ll post further updates as I learn more.
Blog of Nathaniel Suchy. Student at Wake Technical Community College | Reverse Engineer, Software Developer, English & German Speaker | 🏳️🌈 Non-binary (They/Them pronouns), Asexual/Aromantic