Programmer Uses NSA Tool to Liberate Legendary Super Nintendo Emulator From EA

The long-rumored SNESticle was hiding in a GameCube game for more than a decade. Now a programmer has come up with a way to run SNESticle on its own.
January 10, 2022, 2:00pm
GettyImages-1079392524
Image: Getty Images

Half a decade ago, when I wrote about the tale of NESticle, the groundbreaking Nintendo Entertainment System emulator that helped break open the retro gaming scene for the internet era, I had to dig through a lot of corners to pull together some old threads from forgotten forums and chat logs of obscure Internet Relay Chat channels where scene drama often felt like a life-and-death endeavor for people who wanted to understand the inner-workings of their childhood cartridges.

Advertisement

One thing I did not need for telling that story were tools built by the National Security Agency, the surveillance arm of the U.S. government that Edward Snowden famously exposed nearly a decade ago.

But someone who read that article and was inspired by its kicker—which revealed that a Super NES version of the famous emulator was secretly released as an Easter egg in a GameCube boxing game—did need an NSA-produced tool to pull off an impressive reverse-engineering feat: a process to create a bootable version of SNESticle, an emulator that spent much of its life as folklore in the history of retro gaming.

In my research for the 2017 Motherboard piece, I read a rumor on some long-archived forums that the emulator made an appearance in the game; I took the time to check this out in the Dolphin emulator, and lo and behold, when digging into the code for the game, a copyright for SNESticle was there.

For two decades, it was a rumor, the apparent creation of a programmer who denied it would ever see a public release; then, suddenly, it was real.

Johannes Holmberg, a Swedish programmer, was inspired enough by the knowledge that this emulator actually existed in a commercial form that he recently spent nights and weekends over the span of a couple of months reverse-engineering the 2005 Electronic Arts game Fight Night Round 2 to isolate the emulator, a work of then-EA employee Icer Addis that was used to unlock a playable version of Super Punch-Out!! (Addis, commonly known as Sardu in his earlier life as the primary programmer for Bloodlust Software, produced a number of landmark console emulators, including NESticle, alongside a series of crude-but-popular shareware games.)

Advertisement

The result of Holmberg’s work, a Python script published on GitHub and a website titled The SNESticle Liberation Project, allows people who own the original game to modify an optical disc image file to run SNESticle on its own, without the main game getting in the way. (At this time, the emulator essentially works by disabling the original game, rather than extracting the emulator from the game.) The results so far: Most Super NES games run, although more testing needs to be done, and the emulator has features that Super Punch-Out!! did not heavily use, such as Mode 7 effects. However, there are issues, such as differences in controller mapping from an actual Super NES, and a lack of two-player support, that make it slightly less than perfect.

Holmberg, who was following the emulation scene during the early era, remembers the hype around the rumored emulator, which Addis referenced in documentation for his NESticle and Genecyst emulators.

“In hindsight, it was probably never going to happen,” he said. “I’m sure SNESticle would have been great, had it come out in 1997, but there was no way it could have lived up to the hype. Sardu set the bar too high with NESticle.”

But after hearing about the emulator’s existence in a GameCube game, he gained the desire to take steps to “liberate” it from the existing ROM. He didn’t think he would actually do it himself, rather pitch the idea to someone else. (“I initially decided I wouldn't be the one to do it because I lacked the free time as well as the know-how,” he said.) But when push came to shove, he was the one who actually did the work.

Advertisement

How did he do it? That brings us to SNESticle’s faint but unusual tie to the NSA. Holmberg, after analyzing a number of reverse engineering tools, decided upon Ghidra, an open-source project that is primarily the work of the agency. While it has been used for other video game projects in the past (including a Nintendo 64 decompiler, part of a broader trend in tearing apart old games that led to the Super Mario 64’s release on the PC and Playstation 2 in 2020), Holmberg had a bit of a personal debate when choosing to use it over other more complex tools that did the same thing, such as Radare2.

“I'll admit I had some qualms about using software from the NSA … but it's open source, after all, so I think I'm ok with it,” he said.

It helps that the tool, according to Holmberg, proved itself very much up to the job. Ghidra allows users to navigate decompiled executable code in a broken-down format that’s similar to the C programming language. “That just makes it orders of magnitude easier to make sense of the code,” he said.

In many ways, this resurfacing of a vintage console emulator that barely even existed in the mainstream world is notable more for historic reasons—as the creator of the emulator also created one of the best-known emulators of all time—than it is for technical reasons. For one thing, modern emulators have long outpaced it. But the technical concerns still offer interesting questions. Example: Could a decompiled SNESticle be ported to another platform, such as another PowerPC platform like an old iMac? The answer: Theoretically, yes, but the decompilation isn’t quite at the point to allow for something like that, Holmberg says, as more would need to be done to separate the emulator from its surrounding code.

“Realistically, it's probably more work than any sane person would be willing to put in,” he said. “And honestly, my work isn't of much use to anyone wishing to do so.”

Ultimately, it’s worth remembering that this emulator in its released form was designed to run one game, Super Punch-Out!!, and otherwise do nothing else. That it does anything else is gravy. And that it’s possible to break down an old game and extract out an emulator is pretty fascinating. While most people likely will not go to the lengths of building their own ISO file to run a single Super NES game on a console that itself recently celebrated its 20th anniversary, Holmberg is happy that he was at least able to make it possible to get an up-close feel of a historically important emulator.

“For some of us (well, for me anyway), it's just a good feeling, perhaps even a sense of closure, to finally get our hands on this emulator that we so desperately wanted all those years ago,” he said.