Hacking ktemkin drama

[V-Temp]

Basically, yeah. The bug is "considered" working as intended by google/nvidia, but is actually exploitable, and can potentially be used and fixed on the switch indirectly.

It was fixed on the Switch pretty directly as of 5.0.0, they knew what they were attacking and fixing with that firmware update.

This is why ktemkin thought it wasn't a big deal, Nintendo knew about this bug so there was nothing directly lost as far as she was aware or thought.

But its possible she outed a bigger flaw or an execution path indirectly without realizing it.

 

[Tapri]

Why didn’t K talk with her team beforehand(I mean isn’t that typical communication etiquette?) and why did S just blast her outright, and furthermore if money is involved and he’s a lawyer a settlement could be negotiated.

Because she was under the impression Google/NVidia already knew that the "intended feature" could be in a malicious way, but found out they didn't know.

 

[Uwabami]

Why didn’t K talk with her team beforehand(I mean isn’t that typical communication etiquette?) and why did S just blast her outright, and furthermore if money is involved and he’s a lawyer a settlement could be negotiated.

The fact that she didn't talk to her team before she mentioned the bug to Google is the root of the problem. SciresM didn't "just blast her outright", he consulted with 8 other team members, except for two of ktemkins romantic partners.

And if what she says is true, there was no direct monetary gain, but it was mentioned during a paid consulting session. (edit: I assume it was paid for, this was not mentioned by her)

Because she was under the impression Google/NVidia already knew that the "intended feature" could be in a malicious way, but found out they didn't know.

This seems to be a thing both parties disagree on, yeah.

 

[krasaty]

It was fixed on the Switch pretty directly as of 5.0.0, they knew what they were attacking and fixing with that firmware update.

This is why ktemkin thought it wasn't a big deal, Nintendo knew about this bug so there was nothing directly lost as far as she was aware or thought.

But its possible she outed a bigger flaw or an execution path indirectly without realizing it.

Parts of the dejavu exploit chain were patched on 5.0.0. This is a bootrom bug that dejavu likely uses to load the payload. To patch this they will have to release a new revision or ipatch it.

 

[snoofly]

Basically, yeah. The bug is "considered" working as intended by google/nvidia, but is actually exploitable, and can potentially be used and fixed on the switch indirectly.

this.
apart from the fact that sciresm only discovered it independently, i.e. he didn’t own the bug, other parties also knew about it.

 

[brickmii82]

The fact that she didn't talk to her team before she mentioned the bug to Google is the root of the problem. SciresM didn't "just blast her outright", he consulted with 8 other team members, except for two of ktemkins romantic partners.

And if what she says is true, there was no direct monetary gain, but it was mentioned during a paid consulting session.


This seems to be a thing both parties disagree on, yeah.

Ok I think I’m getting a better grasp of the situation now. K basically told the cops the bank door was unlocked before her roommates robbed it so now theyre pissed at her.

 

[the_randomizer]

SciresM is. He's not a bad dude, but he's always been good at trolling. I would have guessed his team of anti-jokers would have snapped from his personality eventually, looks like it finally happened. Not surprising... lol

Oh? Is that why he threw a bitchfest on the ReSwitched Discord the other day? I mean, yes, that Kate did was stupid, but he could have been so much more mature. Two wrongs never make a right.

 

[V-Temp]

Parts of the dejavu exploit chain were patched on 5.0.0. This is a bootrom bug that dejavu likely uses to load the payload. To patch this they will have to release a new revision or ipatch it.

What I mean is they knew about it and closed the path to enable it to work, you need software vulns to get deja vu running to leverage this flaw. This bootrom bug seems to have been the whole principle behind achieving coldboot with deja vu.

If Nintendo has shut off execution then the bug is irrelevant.

So I don't know what Nintendo would have gained from this and I don't know why ktemkin would think Nintendo knew and fixed it, if they didn't know and didn't fix it.

 

[brickmii82]

So no one knows if K got paid, no one knows if Nintendo already patched the vulnerability, and no one knows if it was known already to boot?

 

[Kioku]

Ok I think I’m getting a better grasp of the situation now. K basically told the cops the bank door was unlocked before her roommates robbed it so now theyre pissed at her.

An accurate yet extreme comparison.

 

[Tapri]

What I mean is they knew about it and closed the path to enable it to work, you need software vulns to get deja vu running to leverage this flaw. This bootrom bug seems to have been the whole principle behind achieving coldboot with deja vu.

If Nintendo has shut off execution then the bug is irrelevant.

So I don't know what Nintendo would have gained from this and I don't know why ktemkin would think Nintendo knew and fixed it, if they didn't know and didn't fix it.

It was more of she reporting it to Google/NVidia and but at the same time effecting the switch, she didn't report it to nintendo, but NVidia being a partner, you can imagine the path from there.

So no one knows if K got paid, no one knows if Nintendo already patched the vulnerability, and no one knows if it was known already to boot?

K said she wasn't paid for it herself on twitter.

 

[krasaty]

What I mean is they knew about it and closed the path to enable it to work, you need software vulns to get deja vu running to leverage this flaw. This bootrom bug seems to have been the whole principle behind achieving coldboot with deja vu.

If Nintendo has shut off execution then the bug is irrelevant.

So I don't know what Nintendo would have gained from this and I don't know why ktemkin would think Nintendo knew and fixed it, if they didn't know and didn't fix it.

Dejavu is warmboot. They have patched some things before the bootrom exploit in 5.0.0. Here is a video example and the bootrom exploit would likely have to take place after the switch goes into sleep mode.

 

[Uwabami]

K said she wasn't paid for it herself on twitter.

Not directly, but I would be very suprised if that consulting session was not paid for.

 

[Chary]

Oh? Is that why he threw a bitchfest on the ReSwitched Discord the other day? I mean, yes, that Kate did was stupid, but he could have been so much more mature. Two wrongs never make a right.

For having reportedly had a round table discussion with multiple people, SciresM sure acted like it was done on a whim. Randomly alerting everyone and then blasting with a shred of details ($200k bounty!! Banned!!) was only ever going to lead to madness. He should have acted like a lawyer, had his reasoning ready to go, and then calmly explained it in a way that wouldn't cause as much of a dramatic uproar as it did. And the whole "b-but privacy" card can't be played on that, because that inflammatory way of alerting the masses only made people WANT to pry in private affairs.

 

[V-Temp]

Dejavu is warmboot. They have patched some things before the bootrom exploit. Here is a video example and the bootrom exploit would have to take place after the switch goes into sleep mode.

I know this. I am saying DV was intended to achieve coldboot, that was the whole promise of it eventually. Warmboot is pointless with FG, but DV was the promise to eventually get coldboot and why many wanted to keep their fuses to <4.1.

In patching DV as it had worked up until 4.1, Nintendo knowingly closed off the execution that can be leveraged from DV to enable coldboot. And that's where I think ktemkin means they already knew about it, because they already attacked DV by closing off its execution chain. The vulnerability at the core for coldboot remains, and was why SciresM said not to upgrade 4.1 FG-patched units to 5.0+ because 5.0+ broke DV and made the vulnerability unusable.

--------------------- MERGED ---------------------------

It was more of she reporting it to Google/NVidia and but at the same time effecting the switch, she didn't report it to nintendo, but NVidia being a partner, you can imagine the path from there.

I get that, I meant what's the indication that Nintendo didn't or doesn't know? She seems convinced they do, and firmware 5.0 suggests they do to doesn't it?

 

[brickmii82]

That’s why I said no one knows. Well, other than K. No proof has been established. Moving past that, the exploit was patched?

 

[krasaty]

I know this. I am saying DV was intended to achieve coldboot, that was the whole promise of it eventually. Warmboot is pointless with FG, but DV was the promise to eventually get coldboot and why many wanted to keep their fuses to <4.1.

In patching DV as it had worked up until 4.1, Nintendo knowingly closed off the execution that can be leveraged from DV to enable coldboot. And that's where I think ktemkin means they already knew about it, because they already attacked DV by closing off its execution chain. The vulnerability at the core for coldboot remains, and was why SciresM said not to upgrade 4.1 FG-patched units to 5.0+ because 5.0+ broke DV and made the vulnerability unusable.

Dejavu was never meant to lead to coldboot. SciresM himself stated that coldboot (non-tethered) is never happening above 3.0.1.
Nintendo very likely just patched the way he used to get into the bootrom exploit. This doesn't mean that they know it exists and can be used in a malicious way, but that they closed different holes that sciresm used to lead into this.

 

[Uwabami]

For having reportedly had a round table discussion with multiple people, SciresM sure acted like it was done on a whim. Randomly alerting everyone and then blasting with a shred of details ($200k bounty!! Banned!!) was only ever going to lead to madness. He should have acted like a lawyer, had his reasoning ready to go, and then calmly explained it in a way that wouldn't cause as much of a dramatic uproar as it did. And the whole "b-but privacy" card can't be played on that, because that inflammatory way of alerting the masses only made people WANT to pry in private affairs.

They would've asked why she was banned either way and people would've wildly speculated like they did here (including some mods that shall not be mentioned). The privacy card was played by Qyriad, who was perfectly fine with cherry picking quotes by him from said private chat, but was against publishing the whole thing when he told her to do so.

And risking another warning: some people should be aware they're sitting in a glass house.

 

[brickmii82]

They would've asked why she was banned either way and people would've wildly speculated like they did here (including some mods that shall not be mentioned). The privacy card was played by Qyriad, who was perfectly fine with cherry picking quotes by him from said private chat, but was against publishing the whole thing when he told her to do so.

And risking another warning: some people should be aware they're sitting in a glass house.

So was the exploit patched in 5.0 on the Switch? And you still haven’t provided any proof of the 200K S claimed to be had for the “bug bounty.” All that I can stand behind is that SciresM found a security flaw and Ktempkin used it in a disclosure example(which is dick if no credit was given)

 

[snoofly]

So no one knows if K got paid, no one knows if Nintendo already patched the vulnerability, and no one knows if it was known already to boot?

this post made me laugh out loud to my wife who asked me what.
i said, so this thread, after nearly 2 days, no one know this, no one knows that, no one actually still knows anything for sure