Last year, Nintendo debutted its HackerOne program that involved giving a bounty of range of $100 - $20,000 to hackers that disclose their system exploits and vulnerabilities for the 3DS. Everyone thought it wouldn't work out for Nintendo, but just around last month the program was extended to include the Nintendo Switch too.

Just recently as you can see in the picture, three people were rewarded so far, however the amounts paid will not be made public. It seems as if a few hackers wouldn't mind giving out their newfound exploits for some easy cash, hopefully for the sake of the Switch hacking scene, it isn't the same with our own resident hackers.

A few examples of what information Nintendo is interested in receiving:

• System vulnerabilities regarding Nintendo Switch
  • Privilege escalation from userland
  • Kernel takeover
  • ARM® TrustZone® takeover
• Vulnerabilities regarding Nintendo-published applications for Nintendo Switch
  • Userland takeover
• System vulnerabilities regarding the Nintendo 3DS family of systems
  • Privilege escalation on ARM® ARM11™ userland
  • ARM11 kernel takeover
  • ARM® ARM9™ userland takeover
  • ARM9 kernel takeover

Source

 

[Windaga]

I don't see an issue with it. Companies hire individuals (or other companies) to look for weaknesses/exploits in their products all the time. I've hired about 12 in the past 2 years I've been working with my current company. I can't personally justify getting upset at someone for taking a legal job - especially if it's a company looking for help protecting their product. Seems kind of silly to get worked up about it, personally.

Also, the notion that any company needs "an excuse" to do anything to protect their product in any fashion is ridiculous - especially when what they're preventing is outside of the product's intention. Nintendo doesn't need an excuse to do anything, let alone protect their product. If anything, claiming the opposite seems like an excuse: "I want this system hacked because of the ability to play (totally legit) ROMs, stream (totally legit) videos and movies, play (totally legit) backups, etc" and, "Nintendo needs to stop using "losing game sales" as an excuse to go after piracy" seem ludicrous to me.

Of course, there are "legit" reasons for wanting homebrew on a console, especially one that's lacking some basic features. (Youtube, basic web browsing, audio/video playback, save file manager, etc.) But most of those features will eventually make their way to the console. I wouldn't be upset if someone used those features as justification, sure, but it does seem odd to lash out against a company for wanting to protect their assets.

 

[FAST6191]

Here is Microsoft directly hiring hackers in 2006
https://arstechnica.com/information-technology/2006/08/4909/
1998* covering a company hiring dedicated hackers
https://books.google.co.uk/books?id=JnigMwlD9bcC&pg=PT85&lpg=PT85#v=onepage&q&f=false
No hacks have ever happened since right?

*"Street hackers"... can't believe I forgot about that term.

 

[GerbilSoft]

Both Microsoft and Sony have bug bounty programs.

• Microsoft: https://technet.microsoft.com/en-us/library/dn425036.aspx
• https://firebounty.com/bug-bounty-program/294/sony

Granted, neither one specifically lists game consoles, but I'd think they'd take them anyway.

In 2007, a kernel vulnerability was found in the Xbox 360. It was publicly disclosed *after* they sent details to Microsoft and a patch was released. http://www.securityfocus.com/archive/1/461489/30/0/threaded (Bonus: Not on a Patch Tuesday - shows that Microsoft's priority is for *their* security, not yours.)

But it's only Nintendo that's the evil one, so we must excommunicate anyone who dares to give them non-public vulnerability information. /s

 

[xdarkmario]

 

[Bladexdsl]

why don't we wait and see what happens in the next update than you can call these guys traitors

 

[Haloman800]

The program is called HackerOne because the hackers won. Either they get free Nintendo games via piracy, or they get paid from Nintendo; either way, they win

 

[the_randomizer]

Bounties/bribery is a very good motivator, just sayin'

 

[Boured]

Jesus, there is more salt here than on the fries at my work.

In all seriousness I really don't care about them telling Nintendo. They're choice, but its honestly quite sad how people are reacting so negatively to this. Why are people so self entitled? It makes me quite angry.

 

[FAST6191]

Either they get free Nintendo games via piracy, or they get paid from Nintendo; either way, they win

Games on a modern Nintendo console? Now I know you have been here and active for years so where did this break from reality come from?

 

[vinstage]

As stated by many other users, this shouldn't be such an issue? As much as I love the community here, a lot of it can be salty and above all over reactive.

Bug Bounty Programmes are nothing new and we shouldn't react so negatively towards them, that's unless you want fucked up bank accounts and systems, which I highly doubt.

I personally don't blame Nintendo for this. What do you all expect? For them to turn a blind eye to this?

Not everyone in this world agrees with piracy, they're not going to turn a blind eye to please the smaller audience. I honestly don't know what you all expect.

 

[Haloman800]

Games on a modern Nintendo console? Now I know you have been here and active for years so where did this break from reality come from?

How is BotW or Tetris 3DS not video games?

 

[air2004]

I would do the same if I knew how. Admiration from the scene doesn't put food on the table.

 

[mosb3rg]

2 Things.. i feel like anything that is going to happen, still will because ultimately those devs aren't updating there working on whats currently working. and Secondly i sincerely doubt those white hats even needed to get involved. this material is publicly available for the most part. Im not really concerned at the moment.. sure it might mean they notice that moving forward.. but we already couldn't update because it no longer worked.. so again not sure i see a problem with whats being mentioned. would ultimately only affect those who updated doesnt mean it wouldn't be possible moving forward.

Good luck to those working on it, will be nice to have some just regular homebrew on it to emulate some old console stuff on my tv again ;-)

 

[SonicCloud]

I mean , anything that gives money will atract people , even if its just 3 people.
I don't think this people should be called "Traitors" as some people in this thread said before , after all , they might not even be into this forums and neither they must have used hacks before. Besides , these people could have need atleast 200$ , so who knows?.

 

[Sumea]

It might be the fact that Switch is somewhat android like so android coders who are quite whitehat in many cases are also looking into the system. 3DS is not interesting to people outside nintendo fans and console enthusiastic people.

So I dunno how I feel about this "oh well" I guess, in the end it is power of these hackers that they have and it is theirs to choose which way they would like it to go.


One sad thing is these are some exploits I can't find a 3c33 talk or something like that explaining how the hardware and software does some stupid stuff in stupid way like last years PS4 and 3DS/Wii U talks.

 

[Johnny2071]

Jesus, there is more salt here than on the fries at my work.

In all seriousness I really don't care about them telling Nintendo. They're choice, but its honestly quite sad how people are reacting so negatively to this. Why are people so self entitled? It makes me quite angry.

Not being able to have inf. durability and inf. health in BotW, being able to play 32X, PS1, Saturn, Dreamcast, or PS2 games, or backup save data (that I could very well lose) onto my computer, all because Nintendo turned hackers against us makes me angry.

 

[GerbilSoft]

It might be the fact that Switch is somewhat android like

No, it isn't. Going by that logic, iOS is also "Android like" because it uses Webkit.

 

[Quantumcat]

What the hackers should do is get a quote from Nintendo after telling them what sort of exploit they have, then set up a PayPal email and tell the community, that if you can match or exceed what Nintendo have offered, then I'll release it to the community. And if not, then I'll sell it to Nintendo. If you don't reach the needed amount then I'll just send refunds to everyone. And when it gets released, only the people that paid money can have it, say for a few months. Then it will be released to the general public.

 

[NekoMichi]

The big picture:

Paid exploit hunt = no homebrew on Switch ever = no emulators for old systems (like PSX, Saturn, Dreamcast, etc.), codes for difficult sections on games like BotW, or being able to back up hard work.

And piracy. You've missed out a big reason of why many people want homebrew. If these vulnerabilities weren't capable of enabling piracy, I wonder how many people would still be mad at them.

 

[Boured]

Not being able to have inf. durability and inf. health in BotW, being able to play 32X, PS1, Saturn, Dreamcast, or PS2 games, or backup save data (that I could very well lose) onto my computer, all because Nintendo turned hackers against us makes me angry.

First of all, that's cheating the game to get inf things. I use hacks and even I don't use that but eh you can. Second of all you could play all those systems on a computer and get way better performance. Finally while backing up save data is nice, there is a reason there is a Save Data Backup option. Be glad for what we got and don't whine about people wanting some quick cash.