Poking Nintendo: Why the ‘Lockpick’ DMCA Blitz Should Surprise Absolutely No One

Home > Anti-Piracy > DMCA >

Hacking software and hardware, to achieve functionality that was never intended, can be fun and rewarding. When motivation is directly linked to restrictions perceived as unnecessary or unfair, that can lead to moral justification. That's understandable in some cases, but when a company like Nintendo counters by targeting a tool like Lockpick, that's not surprising; it's inevitable.

lockpickNintendo’s N64 console went on sale in Japan in June 1996, selling for ¥25,000 (around US$185). By the end of day one, all 300,000 units had sold out.

For hardcore gamers in Europe facing a release date eight months away, importing an N64 was a tempting but expensive option. Adjusted for inflation, imported Japanese N64s changed hands for the equivalent of $1,400 in today’s money; a copy of Super Mario 64? A snip at $165.

Months before the console was finally released in Europe, N64 went on sale in the United States. Imported into the gray market in Europe, US cartridges were cheaper than their Japanese counterparts. Unfortunately, Japanese console owners soon found that while US cartridges would play on their machines, Nintendo had ensured that they wouldn’t physically fit in the slot.

The restrictions could be removed by dismantling the N64 but removing Nintendo’s security screws required a special tool that was difficult to source. Jumping through these hoops to play a genuine cartridge on a genuine console not only felt ridiculous but probably amounted to a breach of license/copyright. Had Nintendo’s slot shenanigans been in digital form today, circumvention would likely constitute an offense under the DMCA.

Yet, despite Nintendo deploying tactics equivalent to these across many consoles spanning decades, some people appeared surprised by news of Nintendo’s latest circumvention crackdown. The gaming giant couldn’t prevent its special screws from being removed in private homes but, since the modern equivalent is playing out in public, action was always inevitable. Only the timing was in question.

Nintendo Targets Lockpick_RCM & Lockpick

News of Nintendo’s decision to target Lockpick_RCM & Lockpick first appeared in a tweet posted by Simon Aarons. In common with many others, Aarons forked the tool on GitHub, and when Nintendo filed a DMCA notice to have Lockpick taken down, he received an early heads-up and decided the internet deserved one too.


In layman’s terms, Lockpick_RCM & Lockpick allow Switch owners to extract encryption keys for use in other software including hactool, hactoolnet/LibHac, and ChoiDujour.

At that point, there’s a fork in the road. The road on the right leads to homebrew and emulation, which developers and some parts of the modding community insist is the only way. The road branching to the left is somewhat darker, leads to piracy, and puts Lockpick and those dependent on it in jeopardy.

Nintendo Doesn’t Mention Emulation Directly

Some believed this ambiguity was enough to keep Nintendo at bay but, as this tweet attempts to explain with the help of ChatGPT (and forgiving the first Bowser reference), Nintendo now fears the worst.


The DMCA notice submitted to GitHub is yet to be officially published, and at the time of writing, the repos haven’t been taken down either. GitHub often grants developers a short period of time to address complaints filed by rightsholders, to avoid entire repos being unnecessarily removed. According to Nintendo’s take on events, not much can be done short of removing all functionality.

The company explains that the Switch contains multiple technological protection measures, including those that permit the console to interact exclusively with legitimate Nintendo video game files. In summary, this prevents users from playing pirated copies of Nintendo’s games on Switch devices but also prevents users from copying and playing games on devices that are not Nintendo Switch. An emulator reference, presumably.

Nintendo: Circumvention of TPMs is Illegal

“The reported repository offers and provides access to circumvention software that infringes Nintendo’s intellectual property rights. Specifically, the reported repository provides Lockpick to users,” the complaint reads.

“The use of Lockpick with a modified Nintendo Switch console allows users to bypass Nintendo’s Technological Measures for video games; specifically, Lockpick bypasses the Console TPMs to permit unauthorized access to, extraction of, and decryption of all the cryptographic keys, including product keys, contained in the Nintendo Switch.”

In discussions over the weekend, some users highlighted that the keys in question are extracted from their own devices, devices they paid for and therefore own. They also note that pirates are unlikely to extract their own keys, but by effectively declaring that emulation/homebrew fans can’t extract keys from their own devices, Nintendo will force them to obtain keys in other ways.

While the prediction concerning key acquisition seems valid, in the unlikely event Nintendo addresses key ownership, licensing agreements would almost certainly tilt in favor of the gaming company. In practical terms, citing the DMCA’s anti-circumvention provisions is more than enough.

“The decrypted keys facilitate copyright infringement by permitting users to play pirated versions of Nintendo’s copyright-protected game software on systems without Nintendo’s Console TPMs or systems on which Nintendo’s Console TPMs have been disabled,” Nintendo informs GitHub.

“Trafficking in circumvention software, such as Lockpick, violates the Digital Millennium Copyright Act of the United States (specifically, 17 U.S.C. §1201), and infringes copyrights owned by Nintendo.”

After Several Years, Why Did Nintendo Act Now?

At this point, it’s worth highlighting that Lockpick was first uploaded to GitHub on December 8, 2018, with Lockpick_RCN uploaded on March 4, 2019. Despite functionality being clear from the start (and a naming convention suggesting that circumvention of digital locks was always the aim), it’s taken Nintendo four years to take action. So why now?

Absent any comment from Nintendo, only speculation remains. However, if one was attempting to compile a shortlist of credible reasons, people playing Zelda: Tears of the Kingdom on PC almost two weeks before the game is officially released on Switch, would be extremely difficult to beat.


Not only does this example supply motivation to act in spades, there’s almost a need to justify it beyond the explanation in the takedown notice.

Regardless of any objections over the right to maintain emulators or arguments over legitimate reverse engineering and related fair use defenses, this isn’t a case of Nintendo being massively unreasonable, it’s Nintendo reading the law, liking the odds, and then recalling that anti-circumvention notices cannot be countered.

In addition to the repos mentioned above, Nintendo’s notice also requests the removal of around 80 forks. If every last trace of Lockpick is eventually removed from GitHub, that shouldn’t come as a surprise. It was always inevitable; someone just had to poke the bear in both eyes at exactly the right time.

Update: Two DMCA anti-circumvention notices have just been published by GitHub.

The first targeted and took down a total of 54 repos. The second targeted and took down 333 repos.

Update 2: Two additional DMCA anti-circumvention notices targeting encryption keys have taken down more than 400 repos.


Popular Posts
From 2 Years ago…