Source Code Leak Behind Megamix Revival?

Source Code Leak Behind Megamix Revival?

by February 25, 2009

megamixServer Hack May Have Lead to Official Announcement

Ultimately, the good news is that one of the most celebrated hacking projects in Sonic fandom, Sonic Megamix, is back in development and back in the public eye.  But an unauthorized security snafu and source code leak with the threat of taking it public may have prompted those privately working on it for the past several months to take it out of the shadows sooner than desired, perhaps for the purpose of damage control.

That possibility was alluded to in Stealth’s original announcement about Megamix over the weekend.  Though hinted at by him, some of that history has remained largely overlooked.  With his brief mention came attached a warning:

Recently, there was a “leak” of some Megamix material. This material contained updates made shortly AFTER Megamix’s “cancellation”. The reason – Megamix was only actually “cancelled” for a maximum of three days.

[….]

…Don’t launch into actual complaints about how we choose to handle our business. Don’t rip us off solely for the sake of riding off Megamix fame. Also, don’t go asking for or looking for things that don’t belong to you. If we hear about the leaked material, or see it being spread/used, that’s it.

As it turns out, that leak is now in less than desirable hands and possibly spreading, with those in possession of the hack working on compiling it.  The dirty deed was principally an inside job and propagated by once trusted members of Sonic Retro.  That is according to Tweaker, the Retro administrator once highly involved with the Megamix project and presently only in a “more relaxed” role, so says Stealth, who is now taking the lead role on its development.

It is, again, developers in the Sonic community stealing the hard work of other developers, and yet another example of the sometimes tense relations factions of the Sonic research community continue to have with one another.

TSSZ News has obtained permission from Tweaker to publish, in part, his thoughts on the matter, as select community members were able to see them on a semi-private message board at Sonic Retro.  There are some big community names implicated in his account of the events, including the Sonic Cult’s PACHUKA.

The account reveals that there had been a private development board for Megamix in existence for months.  Tweaker tells TSSZ News that the forum ceased to exist upon the public announcement of Megamix‘s cancellation.

Simultaneous with that, being too trusting, Tweaker had allowed Retro forum member Qjimbo to help with some maintenance on the site.  That is where the problems began:

A few months back—probably the start of the year or so—we were having problems getting the Wiki Contributions tab in profiles working. Without anyone like Xkeeper to help front the technical expertise in order to get it to work, Qjimbo offered his services in helping us get the thing working. We were extremely wary about trusting him, especially after the whole Glowing Bridge incident, and none of us were really comfortable letting him have direct access to the server. We eventually decided that an extremely limited FTP account with access to only the smallest section of the forums we could afford would work out, giving us nothing to worry about personal details getting leaked. The tab got set up, and all was good… for a while. anyway.

I learned yesterday that’s not the only thing he did in that FTP account. While he was working on fixing the wiki contribs tab, Qjimbo took it upon himself to dig through our FTP until he found the forum config files. Within this directory were the root SQL details for our server. He took these, noted them down—whatever—and went on his merry way.

A few months later, post the cancellation of Sonic 1 Megamix (or maybe a bit before; I can’t pinpoint it), Qjimbo got the wild idea that he would try accessing the SQL database to see if it still worked. As luck would have it, it did. He proceeded to thrust himself balls-deep into the forums’ SQL database until he found the hidden Megamix dev forum that we had set up here for the longest. Within this forum were details for our SVN server, which held the entirety of the project’s source code. For whatever reason, Qjimbo took it upon himself to download the entirety of the source code.

You’d think that’s bad enough, but no—it gets worse! After downloading the entirety of the source code, Qjimbo somehow finds it a good idea to give it to Mad Echidna, of all people. Mad had been known to go back in forth between kissing my ass and plotting against me for months, so this was probably one of the worst people that he could share it with (ignoring that he shouldn’t fucking have it in the first place, of course). Indeed, this proved true, as later on Mad Echidna would find himself trying to frequent #cult from that point on. Mad never had a good reputation amongst CulT, of course, so he had a brilliant idea—he’d give PACHUKA the source code to Megamix to gain his trust! And that’s exactly what he did.

[….]

Fast forward a bit—PACHUKA lets me know he has the source, promptly flaunting it in my face and asking me how to compile it. All of us on Team Megamix and the staff channel go absolutely batshit, because we had no idea how any of this could have happened. It wasn’t until many months later—yesterday—that not only was it revealed that Mad Echidna gave PACHUKA the source, but he had also been the one responsible for the flood, which he outright blamed on Chaos Hedgie.

From there, several Sonic Retro member accounts were banned, including that of PACHUKA, with only a few allowed their access privileges back since.  Behind the scenes, there was, according to Tweaker, an uproar over the leak, and a serious back-and-forth between Team Megamix and Sonic Cult members ensued. Some details of those disputes, via chat log transcripts, have since been made known to community factions and other IRC chat areas through unscrupulous means.

TSSZ News reached Qjimbo for comment on the matter.  Admitting that he indeed did retrieve the source to Megamix via MySQL database access privileges on Sonic Retro, he also noted he was shocked at the announcement of Megamix‘s cancellation, and that he only shared the Megamix source with Mad Echidna, someone he had trusted.

“I thought this was a terrible shame, and potentially all the code could go to waste; never to see the light of day or benefit anyone,” he told TSSZ News.

The original exchange, according to Qjimbo, happened several months ago.  Even then, there were reservations.

“I’d even expressed to him my concern to even posessing the sourcecode,” Qjimbo said.

Just last week, according to him, Mad Echidna sent the sourcecode off to PACHUKA.  He continues:

I don’t know why he did this as I had made it very clear to him that the source should not be made public.  [….]  But yes, then all hell broke loose. My intentions were never for this to be public whatsoever, however I do think the buck ultimately rests with me for abusing my access to the database and breaking into the SVN, so I don’t object to my banning. I don’t however think it’s very fair to demonise me for this when I have no personal grudges towards Tweaker or any of the Megamix team.

The way I see it, is it’s like if you lived in a house with someone, and then they took something out your room and decided to share it with the world. There’s not a lot I can or could really do about it, though I do feel apologetic and dissapointed about how it all came about.

Despite Stealth’s threat to stop development on Megamix if the code spreads, it is widely believed members of at least two major IRC communities have the code in their hands.  Qjimbo also tells TSSZ News that copies of the source code he lifted are now circulating throughout Sonic Cult as part of a compilation and that, other than the primary code, he had no involvement in the rest of the file’s contents.  It is unknown right now whether that code has been compiled, per the purported wishes of PACHUKA.

We attempted to reach Mad Echidna and Sonic Cult for this story.  Neither returned our requests for comment.