Homebrew Nintendo now has a 3DS bug bounty page open

[dpad_5678]

Haha, they're trying to bribe Smealum!



@smealum You fuckin better not take it

 

[Rockhoundhigh]

Haven't seen the forums get this patronizing in a while.

 

[gamefan5]

Gonna laugh if this actually ends up going through. It is hilarious that no one here expects it due to nintendo's bad history with security.

The Pokémon ban fiasco was hilarious in its own right. And now, we might get a part 2 to this? Awesome.

Now, on whether hackers might go woth this or not.
Personally, I could see it happeneding in said person does not have an attachment to the community.
But I can also see some hackers that would love to throw oil into the fire and make sure that the scene is in a frenzy just for shits and giggles. You cannot predict human nature.

That being said, I will defilnitely laugh if ends up being real.

 

[SaffronXL]

Haha, they're trying to bribe Smealum!

If the didn't have their head so far up their self-righteous ass they would offer huge salaries to Smea, Aurora, Plailect, theCruel, etc. THAT might actually be effective.

 

[Raylight]

If the didn't have their head so far up their self-righteous ass they would offer huge salaries to Smea, Aurora, Plailect, theCruel, etc. THAT might actually be effective.

need i say it a third time? i mean seriously. Nintendo are cheap af with the crap they do

 

[Deleted User]

Looks like Nintendo are building a wall.

 

[tvall]

• System vulnerabilities regarding the Nintendo 3DS™ family of systems
  • Privilege escalation on ARM11 userland
  • ARM11 kernel takeover
  • ARM9 userland takeover
  • ARM9 kernel takeover

if i remember correct from the 32c3 talk, didnt arm9userland=arm9kernel due to lack of mmu or something like that?

 

[Raylight]

Looks like Nintendo are building a wall.

im not paying for it neither is anyone else here... i hope

 

[SaffronXL]

Looks like Nintendo are building a wall.

To keep out the Chinese, ironically.

--------------------- MERGED ---------------------------

im not paying for it neither is anyone else here... i hope

Mexico

 

[Deleted-19228]

lol at Nintendo, good luck preventing 3DS hardmod downgrades. Nintendo should have done what Microsoft did with the 360, which was eFuses that prevented downgrading. so far, there is 0 ways of doing a downgrade now that they blow the eFuses.


EDIT:
What Nintendo needs to do: make a new revision board with eFuses, no exposed pads for NAND, and to make sure a FIRM is not able to be injected into a newer firmware. the FIRM one can be solved by making the system menu require the latest FIRM to even work, this would brick anyone trying to use older FIRMS.

JTAG/RGH. Bypasses the efuse check iirc

 

[duffmmann]

This is far too little, far too late. They might as well be trying to stop people from hacking the Wii at this point, its just not going to do any good.

 

[SaffronXL]

JTAG/RGH. Bypasses the efuse check iirc

With an FPGA, there's always a way.

 

[MsMidnight]

Surprised nobody mentioned showing 3dbrew to Nintendo yet

 

[sj33]

Surprised nobody mentioned showing 3dbrew to Nintendo yet

I'm sure they're well aware of it. Nintendo aren't looking for publically-available information.

 

[Raylight]

Surprised nobody mentioned showing 3dbrew to Nintendo yet

their also lazy how much does it take to look up hacks and their source code.

I'm sure they're well aware of it. Nintendo aren't looking for publically-available information.

What are they looking for they have the bluebrints

 

[SaffronXL]

Surprised nobody mentioned showing 3dbrew to Nintendo yet

They know already, they're not THAT stupid. It's like the choad that reported the unban tutorial thread to Nintendo at the end of November. They know already.

 

[driverdis]

The last part is kinda interesting:

Hardware vulnerabilities regarding the Nintendo 3DS™ family of systems

• Low-cost cloning
• Security key detection via information leaks

Does that mean there's an effort underway to build cheapo clone 3DSes? If so, interesting, and thanks for the heads up, Nintendo.

my guess is that low cost cloning is actually low cost NAND backups. The 3DS is vu

JTAG/RGH. Bypasses the efuse check iirc

Yes, it does bypass the eFuse check. The eFuses prevented downgrading at all if you went over the last version supported by JTAG [Microsoft started blowing eFuses after]. there was no way other than swapping the processor with one that had the eFuses intact (NAND and DVD drive needed to be swapped also) to get it to work. the eFuses did prevent any sort of downgrading, RGH made it possible to bypass checks on newer firmwares but downgrading is still impossible.

 

[MsMidnight]

They know already, they're not THAT stupid. It's like the choad that reported the unban tutorial thread to Nintendo at the end of November. They know already, dipweed.

No need to call me a dipweed. And if they knew, why haven't they pushed updates for the known system vulns ? Are they just waiting for somebody to exploit it and then patch it ?

 

[plushifoxed]

Why now, though. Isn't the 3DS EOL?

Almost, yeah...but there *are* still a few 3rd-party releases and a couple first-party ones upcoming.
Also...considering Game Freak's MO last generation, where they developed two game pairs for the DS with a skeleton crew working on it while most of the team worked on X and Y, and considering the amount of circumstantial evidence in Sun/Moon pointing to it, I get the feeling that they will be doing remakes of (Fire)Red/(Leaf)Green on the 3DS, since they like to continue supporting their players on the prior handheld before moving entirely onto the next one.
Pokemon games are big money, and Kanto-based games would be even more so. I think Nintendo may try to mount a concerted effort to stop new people from hacking their 3DSes and installing A9LH and the like, so that more people will have to simply buy the games rather than getting them illegitimately.
They may also be attempting to shore up the defenses of the 3DS's security system so that it's a little more secure in case they have to reverse course and support the 3DS further (like, for example, if the Switch flops too badly).

 

[Raylight]

No need to call me a dipweed. And if they knew, why haven't they pushed updates for the known system vulns ? Are they just waiting for somebody to exploit it and then patch it ?

i dont get it either they have the code and they can look through github what do they want from us that they dont have.