Last year, Nintendo debutted its HackerOne program that involved giving a bounty of range of $100 - $20,000 to hackers that disclose their system exploits and vulnerabilities for the 3DS. Everyone thought it wouldn't work out for Nintendo, but just around last month the program was extended to include the Nintendo Switch too.

Just recently as you can see in the picture, three people were rewarded so far, however the amounts paid will not be made public. It seems as if a few hackers wouldn't mind giving out their newfound exploits for some easy cash, hopefully for the sake of the Switch hacking scene, it isn't the same with our own resident hackers.

A few examples of what information Nintendo is interested in receiving:

• System vulnerabilities regarding Nintendo Switch
  • Privilege escalation from userland
  • Kernel takeover
  • ARM® TrustZone® takeover
• Vulnerabilities regarding Nintendo-published applications for Nintendo Switch
  • Userland takeover
• System vulnerabilities regarding the Nintendo 3DS family of systems
  • Privilege escalation on ARM® ARM11™ userland
  • ARM11 kernel takeover
  • ARM® ARM9™ userland takeover
  • ARM9 kernel takeover

Source

 

[Deleted User]

This thread is childish.

Grow up.

 

[BullyWiiPlaza]

Not that the entitled pricks in this community deserve any better... A decent decision honestly. Rather get paid and get it over with then hearing all the bitching of the community that the "hacking isn't fast enough" or some people calling it their own hack/exploit all of a sudden. On top of that, potentially a few pennies in donations from this incredibly appreciative community which you might as well throw it out of the window how pathetically little it is. The so-called "hacking community" is literally nothing but kindergarten minus the 0.001% developers. No need to keep ripping your hair out with stupid f*cks

 

[icekoob]

I read this site a lot and I signed up just now to comment on this thread. I get both sides, I mean yes by all means people should make money off their work but also yes this is really bad for the homebrew scene.

My solution is that if exploits are for sale like this, we should just start a crowd fund and buy exploits as a community. That way the hackers get paid and the scene benefits. I would definitely contribute.

Just my two cents.

 

[IMRAN_PETER]

The Hackers if they need cash they could just follow the CEMU team. People always love to rush in for little until they think its too late to back off. In the end they are worthy of that "little" they sought for. Kudos to CEMU developers and Dolphin developers and surely Smealum(you are the bosssss).

 

[gnmmarechal]

This isn't something bad imo. And I can imagine people finding exploits for fun and having little interest in releasing them. Especially if they could use the money.

 

[RayOfLight]

Endergamer549 is PokeAcer https://gbatemp.net/members/pokeacer.366315 (proof here http://i.imgur.com/EHLU8fN.png http://i.imgur.com/4S7fDSM.png)
he stole a New3DS browser update bypass someone entrusted him with and sold it to ninty, to buy things for himself. He changed his irl name on hackerone after the bounty to avoid being busted

 

[0100100001001001]

If I were to find a usable exploit I wouldn't give it to Nintendo right away. First I would open a crowdfunding for its release. The exploit would go to the public if crowdfunding raised more than what Nintendo was offering, and if Nintendo were to offer more I would accidently release it to the public still.

 

[BullyWiiPlaza]

If I were to find a usable exploit I wouldn't give it to Nintendo right away. First I would open a crowdfunding for its release. The exploit would go to the public if crowdfunding raised more than what Nintendo was offering, and if Nintendo were to offer more I would accidently release it to the public still.

This will just promote scammers/liars even more if they can cash in up to $ 20.000 for a fake exploit from the community. Who wouldn't try for that much money?

 

[Zaphod77]

Note for any thinking about reporting a private sploit to Nintendo.

you have to agree not to leak it afterwards. says so right on the page.

so if you do give a sploit to the big N, and then after firmware is released release it to public, don't expect to ever get paid again.

personally i don't have anything against people reporting switch spoits. I hope it remains secure for a few years.

 

[NekoMichi]

Note that not all vulnerabilities can be used to enable homebrew anyway. There's also the risk of not-so-ethical people abusing exploits to compromise personal information stored on consoles, or pull off "harmless" pranks like this one. (At least attempt to, anyway)

 

[Dr.Hacknik]

Sooooo, why didn't they do this with the Wii or Wii U?

 

[FAST6191]

Sooooo, why didn't they do this with the Wii or Wii U?

Ageing Japanese company that does not get the internet does not do fairly internet thing? Say it ain't so.

 

[Juggalo Debo]

I'm split between the two sides of this. Yes I would love to have their info and poc but at the same time how do we know how good the "exploits" were anyway.... they could of been for day 1 firmware which 98% of us upgraded past..... either way it goes we still have teams working hard and doing a damn good job at it.....

 

[omegasoul6]

I'm glad they got paid for their work, it's completely up to them what they do with exploits they have access to.

After seeing a bunch of childish posts in this topic, I really can't blame them for not releasing their exploits to the public instead.

 

[Zaphod77]

no they only pay for exploits that were live at the time of reporting, and only after they fix it.

 

[Johnny2071]

And piracy. You've missed out a big reason of why many people want homebrew. If these vulnerabilities weren't capable of enabling piracy, I wonder how many people would still be mad at them.

Well since

First of all, that's cheating the game to get inf things. I use hacks and even I don't use that but eh you can. Second of all you could play all those systems on a computer and get way better performance. Finally while backing up save data is nice, there is a reason there is a Save Data Backup option. Be glad for what we got and don't whine about people wanting some quick cash.

I don't have to be grateful for a damn thing. I have multiple reasons to be unhappy. Next, you'll be telling me I don't have a right to complain about any of Nintendo's bullshit practices.

Nintendo can be great. They have an iconic history and all the right IPs. But they can't do that if they keep ignoring and restricting their fans. Quality should never take a backseat to profit, or else only idiots will have a good time.

 

[Retinal_FAILURE]

This will just promote scammers/liars even more if they can cash in up to $ 20.000 for a fake exploit from the community. Who wouldn't try for that much money?

gaming for me isn't about where the money is. Not who I give my money too, or doesn't have to be for the most popular company. If one is getting paid then they're not gaming. when I game I have fun, I like challenges in a good game, if I get paid then that'a a job, hell even a profession if you're great at it. But for me I can't have fun at a job, even if that's gaming, b/c then my food on my table is at jeopardy if I svrew up and that isn't fun! Also I accidentally bolded txt for a while and I'm not gonna fix it. Call me rebelious, Sorry!

 

[NekoMichi]

Nintendo can be great. They have an iconic history and all the right IPs. But they can't do that if they keep ignoring and restricting their fans. Quality should never take a backseat to profit, or else only idiots will have a good time.

As a consumer, you have every right to refuse to purchase goods/services from them if you disagree with their practices. This is one of the best ways to get the message across that you do not support what they are doing. Basically, if you don't like what they do then don't become part of their ecosystem.

As for the bounty, it's not really a "betrayal" since developers aren't under any obligation to publicly release vulnerabilities. The findings belong to them and not the community so ultimately they are free to choose what to do with them. Software homebrew is a privilege, not a right.

 

[Boured]

Well since


I don't have to be grateful for a damn thing. I have multiple reasons to be unhappy. Next, you'll be telling me I don't have a right to complain about any of Nintendo's bullshit practices.

Nintendo can be great. They have an iconic history and all the right IPs. But they can't do that if they keep ignoring and restricting their fans. Quality should never take a backseat to profit, or else only idiots will have a good time.

That part I can agree on, Nintendo's practices I can agree are not the best at all. But still, I'm sure most of the people who even told them about the exploits either have never heard that they could hack it or really don't care enough to help it out. They have they're own choice, while it isn't the best thing for the modding scene it's already done. But still, we have many great devs that are trying they're hardest to get exploits out. We may be getting some exploits fixed before they are even found, but trust me when I say devs find things when people say they won't. Remember when people said you couldn't downgrade ever if you were about 10.3? Or that you would never be able to play DS games from an SD card? It can happen, it's a matter of patience.

 

[Johnny2071]

So homebrew on the Switch is still a possibility, and this moral debate is pointless?