Last year, Nintendo debutted its HackerOne program that involved giving a bounty of range of $100 - $20,000 to hackers that disclose their system exploits and vulnerabilities for the 3DS. Everyone thought it wouldn't work out for Nintendo, but just around last month the program was extended to include the Nintendo Switch too.

Just recently as you can see in the picture, three people were rewarded so far, however the amounts paid will not be made public. It seems as if a few hackers wouldn't mind giving out their newfound exploits for some easy cash, hopefully for the sake of the Switch hacking scene, it isn't the same with our own resident hackers.

A few examples of what information Nintendo is interested in receiving:

• System vulnerabilities regarding Nintendo Switch
  • Privilege escalation from userland
  • Kernel takeover
  • ARM® TrustZone® takeover
• Vulnerabilities regarding Nintendo-published applications for Nintendo Switch
  • Userland takeover
• System vulnerabilities regarding the Nintendo 3DS family of systems
  • Privilege escalation on ARM® ARM11™ userland
  • ARM11 kernel takeover
  • ARM® ARM9™ userland takeover
  • ARM9 kernel takeover

Source

 

[Deboog]

Good on Nintendo. Imo it's better they appreciate the hacking community and work with them for security than lawyer up and try to sue all our asses.
This just makes the race for exploits all the more competitive. Step your game up Smea.

 

[DrkBeam]

Of course the companies need to secure their system and one of the most worried about security is Nintendo, it doesn't mean it has the best security on consoles, Xbox one is almost bulletproof, but it might mean they could attack cfw, banning people or lead to a system non functional in the worst case scenario, they have the right to give the vulnerabilities to nintendo

 

[Deleted User]

Xbox one is almost bulletproof

Private userland exploit + game dumping exists for it.

 

[andxor]

Snitches get stitches


j/k. Everybody is entitled to do whatever they think is right with the vulnerabilities they discover themselves. But the good news is that ultimately with every update we can see what is changed/fixed and figure out how to exploit it. Just don't update your firmware version

 

[RemixDeluxe]

My thoughts, this is a great thing. Why, because the quicker Nintendo find an exploit the quicker it's patched. The quicker it's patched the quicker the original exploit will be released to the community.

As long as you're not stupid enough to blindly hit the update button as soon as a "stability" update is released. And if you're too impatient to wait for old fw developments to catch up then you weren't that interested in homebrew in the first place.

Many hackers wait to release an exploit until it's already patched, that way they only target hard-core hack users who aren't that interested in anything else the system has to offer and continue with a (mostly) clean conscience.

Part of this program when sharing the exploit secrets is to also keep it confidential. Otherwise it would be pointless if Nintendo can just get it free from searching up exploit online.

 

[dAVID_]

Some people live off finding zero days.

 

[DrkBeam]

Private userland exploit + game dumping exists for it.

I said almost, is even public the userland exploit?, I think the ps4 has at least a kernel exploit

 

[Deleted User]

I said almost, is even public the userland exploit?, I think the ps4 has at least a kernel exploit

It's private, atleast it might make some people to move their lazy asses and do something about Xbox One. People just told themselves "It's impossible" and the end. big dot. If they would actually try then Xbox One would even had kernel exploit by now.

 

[Risingdawn]

Part of this program when sharing the exploit secrets is to also keep it confidential. Otherwise it would be pointless if Nintendo can just get it free from searching up exploit online.

Well, if it's only released after it's patched there is nothing to search for in the first place, unless Nintendo is searching for vulns it has already patched.
And I'm not saying the person revealing the exploit is the one releasing it, several dozen people could all be sitting on a vulnerability but not releasing it for fear of retribution, until the vuln is patched at which point it becomes alot safer.

 

[petethepug]

Honestly, its like they are trying to do what Sony is doing to with their Playstations, but they have it backwards.

Instead of doing it with a few people why not get a whole team involved & "spies" that watch over this stuff on Gbatemp, reddit, or what not.

Also there's nothing to be ashamed about, people just want to make a quick buck. If nintendo was stupid enough people could break their security interly. (and steal their money!)

 

[Devin]

The homebrewers and emulator writers of the GCN/Xbox days and Wii days have moved on the the Android platform.
No risk for piracy as it's open source and no tricky hacks.

But yeh, people aren't smart.
They can softmodding, jailbreaking and even call flashcards jailbreaking.
They think they can emulate a system at Day 1 and expect backuploaders within a week.

Which makes sense. I have a JXD tablet I got from a Temper that plays emulates everything I want it to, (Haven't tried PS1 but assuming it'd be at a decent playable state.) has a nice screen, dual circle pads, and was super cheap. (I think I traded someone on here a Steam game code for it.)

I remember back when the PS3 was first hacked they called it jailbreaking. It was probably due to geohot's previous accomplishments in the iOS scene that led people to just calling it a jailbreak. It's starting to feel like people want instant gratification from their Switch purchase and the game they bought along with it aren't enough. With three people already having discovered exploits in the system, (We don't know what. They could've all been save exploits that wouldn't do anything for opening up the Switch.) I'm sure that more will popup over time. If people worked at it and found the exploits themselves rather stealing an existing exploit somehow. (First thought that comes to mind is the Govanify leak.) Then I don't see what the problem is with them doing whatever they want with it is. Would I rather sell an exploit I found to Nintendo and get paid for it? Or release it to the public with possible legal ramifications in order to get the cheers of the scene for a good month or two? I'd choose the former and as a bonus would even have something to add on my resume.

 

[Corgi]

Maybe one day my name will be up there. Gotta pay the bills somehow.

 

[DinohScene]

Which makes sense. I have a JXD tablet I got from a Temper that plays emulates everything I want it to, (Haven't tried PS1 but assuming it'd be at a decent playable state.) has a nice screen, dual circle pads, and was super cheap. (I think I traded someone on here a Steam game code for it.)

I remember back when the PS3 was first hacked they called it jailbreaking. It was probably due to geohot's previous accomplishments in the iOS scene that led people to just calling it a jailbreak. It's starting to feel like people want instant gratification from their Switch purchase and the game they bought along with it aren't enough. With three people already having discovered exploits in the system, (We don't know what. They could've all been save exploits that wouldn't do anything for opening up the Switch.) I'm sure that more will popup over time. If people worked at it and found the exploits themselves rather stealing an existing exploit somehow. (First thought that comes to mind is the Govanify leak.) Then I don't see what the problem is with them doing whatever they want with it is. Would I rather sell an exploit I found to Nintendo and get paid for it? Or release it to the public with possible legal ramifications in order to get the cheers of the scene for a good month or two? I'd choose the former and as a bonus would even have something to add on my resume.

Exactly that.

Todays "scene" is nothing but attention whoring and drama.
Not to mention that you barely get any praise if it doesn't lead to piracy.

 

[RemixDeluxe]

Well, if it's only released after it's patched there is nothing to search for in the first place, unless Nintendo is searching for vulns it has already patched.
And I'm not saying the person revealing the exploit is the one releasing it, several dozen people could all be sitting on a vulnerability but not releasing it for fear of retribution, until the vuln is patched at which point it becomes alot safer.

Its not difficult to come up with a completely different profile name than what you normally go by on your online profile across social media and forums so the retribution thing is null. I'm not too worried for the Switch's future, cause the people that do have something worthwhile to contribute actually are passionate about homebrew to not sell themselves out like this. People can defend this and not call it snitching the same way people defend censorship and claim its "localization" (not the same things.)

For the rest of you applauding this for fear of piracy, unless you were born yesterday you are beyond ignorant on how long it actually takes for progress to be made for user exploits or any sort of piracy to happen. On 3DS and Wii U it wasnt years until something was usable, exploits weren't just available at 3DS/Wii U launches and homebrew devs held on to them purposely to make you feel better. I cant believe people think like this.

 

[Onepunchbruh]

Hmmmmmmmmm this looks bad.

 

[Devin]

Exactly that.

Todays "scene" is nothing but attention whoring and drama.
Not to mention that you barely get any praise if it doesn't lead to piracy.

Damned if you do release something that leads to piracy ("You're killing the system early!"), damned if you don't. (This thread.)

 

[Deleted User]

For the rest of you applauding this for fear of piracy, unless you were born yesterday you are beyond ignorant on how long it actually takes for progress to be made for user exploits or any sort of piracy to happen. On 3DS and Wii U it wasnt years until something was usable, exploits weren't just available at 3DS/Wii U launches and homebrew devs held on to them purposely to make you feel better. I cant believe people think like this.

Finally somebody did comment it! Thank you Remix, maybe they will (finally) understand

 

[Risingdawn]

Its not difficult to come up with a completely different profile name than what you normally go by on your online profile across social media and forums so the retribution thing is null. I'm not too worried for the Switch's future, cause the people that do have something worthwhile to contribute actually are passionate about homebrew to not sell themselves out like this. People can defend this and not call it snitching the same way people defend censorship and claim its "localization" (not the same things.)

For the rest of you applauding this for fear of piracy, unless you were born yesterday you are beyond ignorant on how long it actually takes for progress to be made for user exploits or any sort of piracy to happen. On 3DS and Wii U it wasnt years until something was usable, exploits weren't just available at 3DS/Wii U launches and homebrew devs held on to them purposely to make you feel better. I cant believe people think like this.

I agree, pretty much said same thing to somebody asking about 2.0.0 on switch. It will be years before we see anything on a fw worth seeing it on.

Myself, not massively bothered by switch so mines staying on 2.0.0 until something worthwhile comes out, I'd like my Switch to say hello world just once before it updates.

 

[RemixDeluxe]

Finally somebody did comment it! Thank you Remix, maybe they will (finally) understand

Maybe they think Homebrew Devs hacked into Nintendo's systems and got Super Mario Odyssey early too. Who the fuck knows how they think, its too one dimensional.

 

[linuxares]

Maybe they think Homebrew Devs hacked into Nintendo's systems and got Super Mario Odyssey early too. Who the fuck knows how they think, its too one dimensional.

The hack of Valve was kind of cool how they manage to get access to it. I actually knew one of the people that helped get access to the system.