Console hackers are shocked after DOJ arrests prominent mod-chip makers

Anyone who follows the console-hacking scene is by now used to the familiar stories of legal efforts to put a stop to the practice. Companies like Nintendo frequently make use of court orders, cease and desist letters, and civil lawsuits to stop the distribution of game ROMs and/or devices that allow those ROMs (and homebrew software) to run on their hardware.

Still, some members of the console-hacking community expressed surprise at the recent arrests of Gary "GaryOPA" Bowser and Max "MAXiMiLiEN" Louarn, members of the notorious Team Xecuter hacking group (aka TX).

The 38-page indictment, announced Friday by the Department of Justice, also names Yuanning "100+1" Chen, who has yet to be arrested according to the DOJ announcement. The document runs down a laundry list of Team Xecuter's alleged crimes, chief among them designing and selling a variety of products "designed to be circumvention devices that had the purpose of allowing users to play pirated ROMs."

The indictment focuses heavily on Team Xecuter's SX line of products, designed to get around copy protection on the Nintendo Switch. But the group has developed and sold jailbreaking devices dating back to the days of the original Xbox, sometimes under different branding.

A long-time hacking scene member who communicated with Team Xecuter regularly (and who asked for anonymity to discuss sensitive subjects) said they were "totally surprised" by the arrests. In fact, the source said that it wasn't until the day the arrests were announced that they realized TX's Bowser had been missing from a private group chat room for the past five days.

"I've had quite a few people come to me asking to wipe out their MaxConsole account and history," the source said, referring to a recently shuttered hacking scene site administrated by Bowser. "So it definitely spooked a lot of people in the community."

The manhunt

Perhaps more surprising than the arrests themselves was the international dragnet needed to bring the TX members in: Bowser was a Canadian national apprehended in the Dominican Republic; Louarn was captured in Avignon, France; and Chen operates out of Shenzhen, China, according to the DOJ. The trio was arrested despite the fact that the indictment alleges TX "regularly used encrypted means of communication" such as Signal, Telegram, and PGP, and "developed a variety of techniques to mask and protect servers under the enterprise's control."

"[Bowser] never did a good job of hiding his location," the anonymous source told Ars Technica. "But they protected their coders quite a bit. [Louarn] I think didn't mention [his location] much but it wouldn't be too hard to find, people knew his general area and his name was public, too."

"They were pretty good at staying anonymous in the past, but in this day and age, when large amounts of money are involved, it's very hard to stay hidden," a second anonymous source from the hacking scene told Ars. "With a company like Nintendo actively gunning for you, it was only a matter of time for someone to get caught."

Then again, it's hard to stay completely hidden when you're selling a product to the public. "Not leaving traces on the Internet is difficult," Aurora, a writer for console-hacking news site Wololo, told Ars. "After all, TX has contact with resellers from whom law enforcement might've gathered names/contact information; furthermore, the TX website was reported not to have the best security, so who knows—maybe some information was leaked from there somehow."

The Department of Justice did not respond to a request for comment on the apprehension or the case against the group.

The MaxConsole front?

"[Bowser] and the rest of TX being arrested was very much a shock," Chary, a senior writer and editor for hacking news and community site GBATemp told Ars. Bowser was a long-time member on GBATemp who "had always maintained this odd pseudo-involvement with TX, as if he always magically had insider info but wasn't actually part of [it]," Chary said. "It became a bit of a joke, as he'd post news regarding [hacking device] features or firmware changes moments before the update itself would go live, yet he always pretended as if he was uninvolved."

Bowser—who was arrested in Canada back in 2008 as part of a counterfeit DVD investigation—served as "kind of a PR guy" for Team Xecuter, according to Aurora, the closest thing to a public face for the team of coders and foreign manufacturers that made up the TX supply chain. Bowser has also served as an admin and one of the public faces behind MaxConsole, a site that for decades mixed standard console news with the latest info from the hacking community.

According to the DOJ indictment, though, the news posted on the front page of MaxConsole served partly as a front for an invite-only section of the forums that facilitated the distribution of pirated games.

"I [am] going to be busy setting up the 'underground' stuff (rompacks, coverarts, emulators) on maxconsole forums, that will also help on 'grey side' of the device for those wishing to play more than original snes cartridges," Bowser says in an email quoted in the indictment. "We have a plan in the works to have secure links to these retro rompack on a protected server, so it will not be a problem," Bowser says in another quoted email.

Eventually, Chary said GBATemp stopped including links back to MaxConsole for news, in part because those links were often taken down due to DMCA requests from Nintendo. "Our users especially didn't like the backlinking to MaxConsole, as they found the site to be shady," Chary said.