Announcement

Collapse
No announcement yet.

The Nintendo Bug Bounty: What does it mean for 3DS users?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • The Nintendo Bug Bounty: What does it mean for 3DS users?

    Last night, the website HackerOne – a website dedicated to “empowering companies to protect consumer data, trust and loyalty” – posted a filing by Nintendo.

    In this filing, known as the Nintendo Bug Bounty program, they are offering to pay between $100 to $20,000 for any information they can get on vulnerabilities within the 3DS system software. Here’s what they are looking for:

    https://wololo.net/2016/12/06/nintend...ing-3ds-users/

    https://hackerone.com/nintendo
    sigpic
    The Hackmaster
    dlevere's blog

  • #2
    Below are examples of types of activities that Nintendo is focused on preventing:

    Piracy, including:

    Game application dumping
    Copied game application execution

    Cheating, including:

    Game application modification
    Save data modification

    Dissemination of inappropriate content to children

    Below are examples of vulnerabilities that Nintendo is interested in receiving information about:

    System vulnerabilities regarding the Nintendo 3DS™ family of systems

    Privilege escalation on ARM11 userland
    ARM11 kernel takeover
    ARM9 userland takeover
    ARM9 kernel takeover
    Vulnerabilities regarding Nintendo-published applications for the Nintendo 3DS™ family of systems
    ARM11 userland takeover
    Hardware vulnerabilities regarding the Nintendo 3DS™ family of systems
    Low-cost cloning
    Security key detection via information leaks
    sigpic
    The Hackmaster
    dlevere's blog

    Comment


    • #3
      Nintendo's got to be pretty desperate if it's resorting to offering reward money for info that could be used to stop piracy.

      However, it's going to be useless in the long run. Any patch that Nintendo releases to remove certain 3DS exploits...will itself prove to have exploitable vulnerabilities which will only allow the hacking to continue. There is no such thing as a truly "unhackable" system. Yet Nintendo refuses to admit that.

      They're wasting their time on the aging 3DS, when they should be focusing on shoring up any potential patches regarding the Switch.

      Which begs the question: why would Nintendo be trying to remove all exploits and vulnerabilities from the 3DS' firmware...unless they're afraid the 3DS could pry open the Switch for hacking purposes...like a sardine can (and the 3DS would be the "church key")?
      Tempus fugit, ergo, carpe diem.

      Time flies, therefore, seize the day.

      Comment


      • #4
        Now that's unexpected... Why only the 3DS, and not the WiiU?

        Comment


        • #5
          No clue on that one.
          sigpic
          The Hackmaster
          dlevere's blog

          Comment


          • #6
            The Wii U has essentially been written off as a commercial failure by Nintendo. However, they're letting it survive on life support until the Switch is released early next year. The 3DS is still quite a successful cash cow for Nintendo, and they're still pissed about Pokemon Sun and Moon being leaked almost 2 weeks ahead of its intended release date. Seeing as how Sun and Moon are 3DS games, it KIND OF makes sense that Nintendo would be trying to shore up the 3DS with (exploitable) patches to its various exploits. However, notice that word in parentheses. Nintendo CANNOT win the piracy war. Us pirates have always had the upper hand, and it really sticks in Nintendo's craw that they can't do anything about it.

            Hence...the "3DS Bug Bounty" and their partnership with HackerOne.
            Tempus fugit, ergo, carpe diem.

            Time flies, therefore, seize the day.

            Comment


            • #7
              Four new people paid off by Nintendo in the HackerOne program

              https://gbatemp.net/threads/nintendo...rogram.467316/
              Last edited by dlevere; 07-25-2017, 01:36:56 PM.
              sigpic
              The Hackmaster
              dlevere's blog

              Comment

              Working...
              X