Last year, Nintendo debutted its HackerOne program that involved giving a bounty of range of $100 - $20,000 to hackers that disclose their system exploits and vulnerabilities for the 3DS. Everyone thought it wouldn't work out for Nintendo, but just around last month the program was extended to include the Nintendo Switch too.

Just recently as you can see in the picture, three people were rewarded so far, however the amounts paid will not be made public. It seems as if a few hackers wouldn't mind giving out their newfound exploits for some easy cash, hopefully for the sake of the Switch hacking scene, it isn't the same with our own resident hackers.

A few examples of what information Nintendo is interested in receiving:

• System vulnerabilities regarding Nintendo Switch
  • Privilege escalation from userland
  • Kernel takeover
  • ARM® TrustZone® takeover
• Vulnerabilities regarding Nintendo-published applications for Nintendo Switch
  • Userland takeover
• System vulnerabilities regarding the Nintendo 3DS family of systems
  • Privilege escalation on ARM® ARM11™ userland
  • ARM11 kernel takeover
  • ARM® ARM9™ userland takeover
  • ARM9 kernel takeover

Source

 

[chrisrlink]

It's basically a wall of shame. Can't wait to see familiar usernames, though for their sake they might choose something else to hide from the crowd.

more like a hit list

--------------------- MERGED ---------------------------

sure we could have a series of "accidents" that'll shut them up

 

[Molina]

Todays "scene" is nothing but attention whoring and drama.
Not to mention that you barely get any praise if it doesn't lead to piracy.

Aayyyy the easiest example is PS4 scene.
-"We got linux working on PS4"
-Code lover and hack adept "damn, that's amazing, these guys are good"
-The rest "No free gamez? Fuck you then"

During 33c3 I was impressed by their presentation, and I lost faith again in this community by looking on some forum and hacking information site.

 

[lAkdaOpeKA]

I wouldn't worry that much. Usually, when a single firmware version of a specific console is hacked, it's just a matter of time before all other versions get hacked too.
And those probably aren't the only exploits either

 

[DoJo_Master]

Im sure I'm not the first to think of this but what if we had a charity pool for anyone to add money too and the person who finds a real legit exploit would get the reward...

Is there a site that already does something like this?

 

[RemixDeluxe]

Is there a site that already does something like this?

Sounds like a black market version of kickstarter. I'd be down for that.

I made a topic a while back ago discussing how amazing it would be to have a kickstarter for the decryption and documentation of Denuvo. I'd fund such an endeavor if it existed.

Edit: ohh damn I found my old topic.
https://gbatemp.net/threads/would-y...ocumentation-and-decryption-of-denuvo.443045/

 

[Deboog]

Is there a site that already does something like this?

GBAtemp used to have bounties.

 

[Deleted member 331788]

It's basically a wall of shame. Can't wait to see familiar usernames, though for their sake they might choose something else to hide from the crowd.

I doubt the "real" hackers will even get involved in this, the money or rewards are next to nothing ...the people listed on the site are either fake accounts, Nintendo's attempt to get more people interested ...or users who have leaked the work of the real hackers.

 

[gamesquest1]

More like previously releasing all of your photography for free then one day deciding to throw it behind a paywall. I can understand why people would be tempted to do this, but if you're going to make a comparison, make it a fair one.

Well seeing as you don't actually know who these devs are, you don't know their previous stances, they may just be bounty hunters who only hack where there is a bounty to be claimed, so they have not changed their stance at all

I doubt the "real" hackers will even get involved in this, the money or rewards are next to nothing ...the people listed on the site are either fake accounts, Nintendo's attempt to get more people interested ...or users who have leaked the work of the real hackers.

Yeah, very weird how 2 of the accounts were created the same day the bounty program was made and the other one a few days later, maybe they are fakes to try drive other devs to selling their work asap before "someone else" does, I guess it's also possible people who are already actively involved in hacking nintendo systems figured they would jump on the site and get their moolah the day it was announced, I guess devs are going to have to be more careful who they share private work with from now on though, as the people who publicly leak other people's work are probably just as likely to try sell the exploit to Nintendo

 

[FAST6191]

My general feelings.
The would be hack sellers. Are you making it work for you? *high five* Carry on mates. Their work, their choice. In an ideal world I would have the device blown completely wide open, with no chance of clawing it back, maybe a port of android and all that good stuff, mainly as I don't see a future for it, or indeed homebrew**, otherwise.

Okay first a little background info, hacking a console or exploiting is considered either blackhat or grayhat hacking, therefore meaning that if they are getting paid, they are falling into whitehat hacking, therefore abandoning their 'console hacking' hobby

I have never been a fan of colours of hats* but all but the strictest definitions would not inherently cast console hacking as anything really. Said strict reading would have it as because the console maker does not want it then it is not legit and I invite anybody that thinks like that to do one, possibly after a debate as that might be interesting (even judges use phrases like substantial non infringing uses). Everything else would come down to actions and intent. You go hammer and tongs to only making the pirates have an easy life and eschew all others in the process, probably black after a fashion. Make or see made an option to back up your existing titles, well you have plausible deniability now at the very least. Payment or not matters very little in any of this. Equally, give or take any contracts with Nintendo that selling the exploits saw them enter into, there is nothing stopping these hackers from in making a bunch of new exploits and releasing them to the scene.

*and that is before I watched George Carlin on hats


**I covered my thoughts on the subject a little while back in http://gbatemp.net/threads/what-makes-a-good-homebrew-scene-for-a-console.457719/#post-7022656

 

[Pomegrenade]

My general feelings.
The would be hack sellers. Are you making it work for you? *high five* Carry on mates. Their work, their choice. In an ideal world I would have the device blown completely wide open, with no chance of clawing it back, maybe a port of android and all that good stuff, mainly as I don't see a future for it, or indeed homebrew**, otherwise.


I have never been a fan of colours of hats* but all but the strictest definitions would not inherently cast console hacking as anything really. Said strict reading would have it as because the console maker does not want it then it is not legit and I invite anybody that thinks like that to do one, possibly after a debate as that might be interesting (even judges use phrases like substantial non infringing uses). Everything else would come down to actions and intent. You go hammer and tongs to only making the pirates have an easy life and eschew all others in the process, probably black after a fashion. Make or see made an option to back up your existing titles, well you have plausible deniability now at the very least. Payment or not matters very little in any of this. Equally, give or take any contracts with Nintendo that selling the exploits saw them enter into, there is nothing stopping these hackers from in making a bunch of new exploits and releasing them to the scene.

*and that is before I watched George Carlin on hats


**I covered my thoughts on the subject a little while back in http://gbatemp.net/threads/what-makes-a-good-homebrew-scene-for-a-console.457719/#post-7022656

I see your point, anyway thanks for the info man
'hats' off to you!

 

[sarkwalvein]

I have a lot of respect on those people.
I am glad they can work together with Nintendo for improving security on their systems.
Actually, what I am puzzled about is people from around here calling their "traitors" or trying to pass it as something that is wrong or unethical to do.
White hacking is a respectable work.

 

[LuNyX]

They create cracks for after giving a nintendo how they made ... This will make a scandal in the history of 3DS crack.
Maybe even more crack does not exist on the 3DS, it's on...

 

[Bladexdsl]

maybe they just helped fix some Zelda bugs that's why 1.1.2 is out now?

 

[Wander's Hat]

I'm not surprised that those hackers would do that. Like some others have said, get paid by one of the biggest gaming companies for finding vulnerabilities in their system, or cater to a bunch of whiny impatient kids who want piracy?

I have a lot of respect on those people.
I am glad they can work together with Nintendo for improving security on their systems.
Actually, what I am puzzled about is people from around here calling their "traitors" or trying to pass it as something that is wrong or unethical to do.
White hacking is a respectable work.

It's because they're not doing it for them and they're not doing it for the sake of pirac-- er, homebrew.
Personally I'd like it if they'd use the vulns for homebrew (and piracy because let's be real here, that's why most homebrew peeps even hack their consoles), but I can understand why they'd send them to Nintendo and get a bounty for it instead.

 

[Reecey]

maybe they just helped fix some Zelda bugs that's why 1.1.2 is out now?

Good point, that's a strong possibility! I suppose its not necessarily all about exploits to the system on there hacking program, well it doesn't actually mention its for exploited holes on the Switch itself. So does this mean every little exploit within a game you could be paid for letting Nintendo know? wow in that case were all getting paid!!!!

Edit: I think you maybe right:

Cheating, including:

• Game application modification

I think the arrow cheat was fixed in v1.1.2, this could be the reason why they pushed the Zelda update, like you said.

 

[Kourin]

I think the arrow cheat was fixed in v1.1.2

Sorry for slightly off-topic but arrow cheat?

 

[Reecey]

Sorry for slightly off-topic but arrow cheat?

Its been known for a while now, its a glitch in the game, here you go, enjoy!


I think its been fixed now it was called "arrow farming". I've just realized something as well, just how bad Zelda looks on the WiiU, it really does look that much noticeably worse than the Switch version, in my opinion that is. You can tell these footages have been took from the WiiU version

 

[Fotonick]

Its been known for a while now, its a glitch in the game, here you go, enjoy!
I think its been fixed now it was called "arrow farming". I've just realized something as well, just how bad Zelda looks on the WiiU, it really does look that much noticeably worse than the Switch version, in my opinion that is. You can tell these footages have been took from the WiiU version

Lol, then just look better at the videos and you'll see that there's switch buttons in top left corner, so it's switch version that looks bad.

 

[GerbilSoft]

I think the arrow cheat was fixed in v1.1.2, this could be the reason why they pushed the Zelda update, like you said.

Vulnerability information that is already known to Nintendo or the public, for example, does not qualify for a reward.

It's like everyone in this thread intentionally refuses to read the actual bug bounty rules and just acts like they can report any old bug that's already public and receive tons of money. It doesn't work that way.

Never mind that a game "cheat" like the infinite arrow glitch probably doesn't count, since that doesn't affect the system in general.

 

[Bladexdsl]

lol it was a joke post didn't you see creeple?