# ENLBufferPwn: Severe vulnerability in first party 3DS, Wii U and Switch games



## Reploid (Dec 24, 2022)

So that's what MKart 7 update was all about.


----------



## linuxares (Dec 24, 2022)

Reploid said:


> So that's what MKart 7 update was all about.


It would explain a lot wouldn't it.


----------



## Foxi4 (Dec 24, 2022)

Don’t store payment details on your console, use 2FA - always been my policy. Recommend that others do the same.


----------



## linuxares (Dec 24, 2022)

I wonder how far up the line it can go on the Switch.


----------



## pustal (Dec 24, 2022)

Foxi4 said:


> Don’t store payment details on your console, use 2FA - always been my policy. Recommend that others do the same.



Use digital one use cards. Even if you delete them, with some companies history I wouldn't be surprised the infor prevailed somehow in their servers.


----------



## hippy dave (Dec 24, 2022)

linuxares said:


> I wonder how far up the line it can go on the Switch.


It's an entry point, so you won't get a full hack without chaining it to a kernel exploit etc. Unfortunately those are believed not to exist on current firmware, but if someone has a console on old firmware that's already susceptible to pegascape, they could probably exploit it through Mario Kart instead for the lols.


----------



## Osakasan (Dec 24, 2022)

Aaand this is why we cant have nice things.


----------



## Latiodile (Dec 24, 2022)

pustal said:


> Use digital one use cards. Even if you delete them, with some companies history I wouldn't be surprised the infor prevailed somehow in their servers.


those don't exist in some countries, like canada


----------



## Brandoman142 (Dec 24, 2022)

Latiodile said:


> those don't exist in some countries, like canada


There actually is one company that provides digital credit cards in Canada. "float" is the vendor


----------



## Purple_Shyguy (Dec 24, 2022)

Your telling me it's possible people were watching me playing Mario Kart 7 naked through the 0.2 megapixel inner cameras?


----------



## linuxares (Dec 24, 2022)

Purple_Shyguy said:


> Your telling me it's possible people were watching me playing Mario Kart 7 naked through the 0.2 megapixel inner cameras?


In 3d!


----------



## Mhetralla (Dec 24, 2022)

Woah, this is big. Not everyday is a multi-console exploitable vulnerability found.




Spoiler



I wonder if we could use this to launch homebrew on the OLED, without using any hardware mod...


----------



## Latiodile (Dec 24, 2022)

Brandoman142 said:


> There actually is one company that provides digital credit cards in Canada. "float" is the vendor


that's an impressively vague name for a service, no wonder i've never heard of it... and can't find any results for it


----------



## ChibiMofo (Dec 24, 2022)

Foxi4 said:


> Don’t store payment details on your console, use 2FA - always been my policy. Recommend that others do the same.


Don't pay for games at can be pirated (read as: stolen). That's always been my policy. Recommend that others do the same.


----------



## SG854 (Dec 24, 2022)

I'm never conecting to the internet ever again


----------



## DarkCoffe64 (Dec 24, 2022)

Lmao, not only is their online services complete ass, now this too! Has this crap like ever happened on them Sony consoles or Microsoft? Genuinely asking because I'm not sure, heh.
At least it seems they've been stepping up their game to fix this shit, but damn, just... Craptendo and anything regarding the internet are basically opposites of each other, heh.


----------



## M4x1mumReZ (Dec 24, 2022)

I was curious on why MK7 had an update. This exploit can make installing CFW quicker without having to resort to ntrboot and all sorts.


----------



## PopcornSweetie (Dec 24, 2022)

DarkCoffe64 said:


> Lmao, not only is their online services complete ass, now this too! Has this crap like ever happened on them Sony consoles or Microsoft? Genuinely asking because I'm not sure, heh.
> At least it seems they've been stepping up their game to fix this shit, but damn, just... Craptendo and anything regarding the internet are basically opposites of each other, heh.


All i know is that both Sony and Microsoft got their servers hacked a couple or times (especially in the PS3/X360 era)


----------



## SG854 (Dec 24, 2022)

DarkCoffe64 said:


> Lmao, not only is their online services complete ass, now this too! Has this crap like ever happened on them Sony consoles or Microsoft? Genuinely asking because I'm not sure, heh.
> At least it seems they've been stepping up their game to fix this shit, but damn, just... Craptendo and anything regarding the internet are basically opposites of each other, heh.


There was the Sony 2011 hack. Their PSN internet was down for almost a whole month, 23 days. I remember that.


----------



## Halbour (Dec 24, 2022)

linuxares said:


> I wonder how far up the line it can go on the Switch.


Mmmmm I think it will be kinda fun to mess with it... I want a hacked switch

	Post automatically merged: Dec 24, 2022



PopcornSweetie said:


> All i know is that both Sony and Microsoft got their servers hacked a couple or times (especially in the PS3/X360 era


The PS3 is very vulnerable...


----------



## slaphappygamer (Dec 24, 2022)

I’m glad that my switch is banned now.


----------



## M4x1mumReZ (Dec 24, 2022)

SG854 said:


> There was the Sony 2011 hack. Their PSN internet was down for almost a whole month, 23 days. I remember that.


----------



## DKB (Dec 24, 2022)

Ah, shit.


----------



## RichardTheKing (Dec 24, 2022)

I wonder if Nintendo's gonna bother releasing updates for games on consoles they're close to killing off for good, what with the eShop closure early next year...


----------



## Dimensional (Dec 24, 2022)

So sounds like they need to release an update to their SDK too.


----------



## Osakasan (Dec 24, 2022)

RichardTheKing said:


> I wonder if Nintendo's gonna bother releasing updates for games on consoles they're close to killing off for good, what with the eShop closure early next year...


Dude, we just had a patch for MK7 last week fixing this very same exploit


----------



## chrisrlink (Dec 24, 2022)

M4x1mumReZ said:


>



well at least they were wise and gave us infamous 1 for free after they restored psn and to think this all practicly started over the 3.55 hack/geohotz fiasco plus sony was an idiot company who stored user/pass hell even CC #'s in plain text


----------



## J-Lin (Dec 24, 2022)

For, hmm.... research purposes, could someone tell me how one could use this on Mario Kart 8?


----------



## linuxares (Dec 24, 2022)

J-Lin said:


> For, hmm.... research purposes, could someone tell me how one could use this on Mario Kart 8?


Sure, here!

https://github.com/PabloMK7/ENLBufferPwn


----------



## CloudStrife190100 (Dec 24, 2022)

Purple_Shyguy said:


> Your telling me it's possible people were watching me playing Mario Kart 7 naked through the 0.2 megapixel inner cameras?



I've always wondered how my 1 incher got leaked


----------



## pustal (Dec 24, 2022)

Latiodile said:


> those don't exist in some countries, like canada



Revolut doesn't service there?


----------



## Milenko (Dec 24, 2022)

Halbour said:


> Mmmmm I think it will be kinda fun to mess with it... I want a hacked switch


Without other exploits it's pretty useless


----------



## toolazytosearchitmyself (Dec 24, 2022)

Halbour said:


> Mmmmm I think it will be kinda fun to mess with it... I want a hacked switch


I got my hopes up too then re-read the first post.


PabloMK7 said:


> Combined with other OS vulnerabilities


Which as far as I know, there are none on the Switch.


----------



## Latiodile (Dec 24, 2022)

pustal said:


> Revolut doesn't service there?


nope, neither does privacy, or paypal debit


----------



## pustal (Dec 24, 2022)

Latiodile said:


> nope, neither does privacy, or paypal debit



Is this a legal issue?


----------



## Latiodile (Dec 24, 2022)

pustal said:


> Is this a legal issue?


no clue, all i know is that it pisses me off and prevents me from using sites like amazon because i don't have a credit card and canadian amazon doesn't support paypal in any way
and debit isn't an option either, long story


----------



## susbaconhairman (Dec 24, 2022)

Foxi4 said:


> Don’t store payment details on your console, use 2FA - always been my policy. Recommend that others do the same.


i cant lmao, they shut down the ability to add credit cards


----------



## IS1982 (Dec 24, 2022)

Dimensional said:


> So sounds like they need to release an update to their SDK too.


I was gonna say "why would they update the SDK for a console they pulled the plug on", but they sent out updated dev unit firmware this summer. Very odd.


----------



## CommanderCool (Dec 25, 2022)

so the only games i should avoid right now are a really terribly designed third person shooter and an outdated mario kart...on the wii u.  got it.


----------



## kb7cxWMSrPwL (Dec 25, 2022)

Could you imagine a self replicating worm that pollutes legit users with false install and error logs on the switch?
Potentially 10s of millions of users would risk false bans to the point Nintendo would probably have to stop banning even hacked consoles due to sheer volume of complaints


----------



## regnad (Dec 25, 2022)

Boioioing!


----------



## Guacaholey (Dec 25, 2022)

DarkCoffe64 said:


> Lmao, not only is their online services complete ass, now this too! Has this crap like ever happened on them Sony consoles or Microsoft? Genuinely asking because I'm not sure, heh.
> At least it seems they've been stepping up their game to fix this shit, but damn, just... Craptendo and anything regarding the internet are basically opposites of each other, heh.


Those companies have had servers hacked, and Steam had a huge exploit a few years back where hackers could use other user's saved credit cards for purchases.


----------



## Halbour (Dec 25, 2022)

Milenko said:


> Without other exploits it's useless


booooooooooo lol


----------



## Yayo1990 (Dec 25, 2022)

Nooo they may have stolen my pingas and sexy pictures I took in my 3DS 

May as well post them here:



Spoiler











Spoiler


----------



## FAST6191 (Dec 25, 2022)

Would have liked to see a proper viral (in the classical computing sense) hack where one hack proceeds to another and thus everybody ends up on custom firmwares.


----------



## Halbour (Dec 25, 2022)

FAST6191 said:


> Would have liked to see a proper viral (in the classical computing sense) hack where one hack proceeds to another and thus everybody ends up on custom firmwares.


Would _love...._


----------



## Dax_Fame (Dec 25, 2022)

linuxares said:


> I wonder how far up the line it can go on the Switch.


I would also like to see what else possible... Remote console bricking? Now that's critical


----------



## ertaboy356b (Dec 26, 2022)

Nintendo really hates the Wii U, they don't release patches for it


----------



## Guacaholey (Dec 26, 2022)

Dax_Fame said:


> I would also like to see what else possible... Remote console bricking? Now that's critical


Gateway 3DS already did that.


----------



## M4x1mumReZ (Dec 26, 2022)

Guacaholey said:


> Gateway 3DS already did that.


Indeed.


----------



## NinStar (Dec 26, 2022)

Since no one seems to have posted this here yet:


----------



## N7Kopper (Dec 26, 2022)

Guacaholey said:


> Gateway 3DS already did that.


That was local, not remote. You installed Gateway's shitty hacks and used their shitty card firmwares. Remote would be me bricking your 3DS from halfway around the world because you had the misfortune to be matchmade with me.


----------



## Brandoman142 (Dec 27, 2022)

Latiodile said:


> that's an impressively vague name for a service, no wonder i've never heard of it... and can't find any results for it


Main page is: https://floatcard.com/ unfortunately it's designed for corporate rather than individual use.


----------



## wolf-snake (Dec 28, 2022)

DarkCoffe64 said:


> Lmao, not only is their online services complete ass, now this too! Has this crap like ever happened on them Sony consoles or Microsoft? Genuinely asking because I'm not sure, heh.
> At least it seems they've been stepping up their game to fix this shit, but damn, just... Craptendo and anything regarding the internet are basically opposites of each other, heh.


This is how you can tell someone's like 11... Or lives under a rock on the seafloor of the Mariana Trench.


----------



## Sowden (Jan 5, 2023)

Well its a black eye for Nintendo to be ignoring us Wii U users, but I'm thankful to the kind people at Pretendo for creating a Aroma plugin to help protect us. But I'm wondering, has anyone tried testing the first Super Mario Maker, or maybe Dr Luigi on the Wii U?  Or does anyone here have the capability to test?


----------



## Ducolamia (Jan 5, 2023)

Would be nice if this would be a breakthrough for CFW. I really want to soft-mod my OLED, but time will tell.

That being said, don't store credit card info on game systems ever. Lol


----------



## impeeza (Jan 7, 2023)

Mhetralla said:


> Spoiler
> 
> 
> 
> I wonder if we could use this to launch homebrew on the OLED, without using any hardware mod...


No can do because on switch on newer firmwares (since 4.0.1) there is no way to get kernel privilege from userland which is rhe security context of the games


----------

