Hacking Bounty question

[xenom0rph]

So a friend of mine was me telling Nintendo paid out 20k$ for a vulnerability in layer 6. I don't actually know how to check these types of things and would definitely like to fact check him. Because I can't find a single thing about that as far as just a standard Google search goes. I know there is a place the bug bounty's are posted, just dunno if it's public or what. Btw, my buddy said it was on hackone.

 

[yankii]

hackone

Hacktwoah, actually.

 

[M7L7NK7]

It was $4500

 

[Lostbhoy]

Coconut.... Oh your not talking about the chocolate bar....

 

[[Truth]]

It was $4500

This and here is the bug:
https://hackerone.com/reports/3174987

 

[Ettino]

It was $4500

That's pretty cheap. You would have thought they'll put more money in to this stuff.

 

[RyanTheArchivist]

Nintendo will pay anywhere from $100 - $50,000 dependent on the severity of the bug and what system(s) are effected as stated by them https://hackerone.com/nintendo

 

[twatsandwich]

Hurdur there are no bugs in horizon os hurdur

Obviously this is nothing on it's own, but hopefully will shut up the people repeating that nonsense. Good to see the bug program working!

 

[RyanTheArchivist]

Hurdur there are no bugs in horizon os hurdur

If you actually went to the site and read the history you'd realize that... yes there isn't a single kernel exploit reported under HOS. The few "critical" issues listed are all exploits within games themselves which are sandboxed to the point where they can't effect the OS.

 

[twatsandwich]

This and here is the bug:
https://hackerone.com/reports/3174987

If you actually went to the site and read the history you'd realize that... yes there isn't a single kernel exploit reported under HOS. The few "critical" issues listed are all exploits within games themselves which are sandboxed to the point where they can't effect the OS.

Yet. There isn't a single kernel vul reported yet.

These things are always about stacking vuls. Every bug identified pushes the understanding of the system and adds an attack vector that can be used within an exploit chain.

 

[RyanTheArchivist]

Yet.

The last kernel exploit in HOS was iirc back in firmware 7.X and it's been clean ever since. Chances are if one appears it's going to be in a future update due to a mistake they made.

 

[twatsandwich]

The last kernel exploit in HOS was iirc back in firmware 7.X and it's been clean ever since. Chances are if one appears it's going to be in a future update due to a mistake they made.

Anyone who thinks identifying a complete exploit chain in a console like the switch 2 takes a few months is a moron though.

Could take years, could require a newer firmware, could be on base.

It'll happen though. Software is buggy by default. Even NASA has bugs.

Post automatically merged: Aug 30, 2025

Now that I think about it though, these bug bounties are a double edged sword. Brings in more interest in security research of the console, but also likely leads to bugs being patched earlier.

Back in the day people would sit on bugs like this for years and share them privately between security researchers as tools to further research into the console.

 

[lunarfreyax]

That's pretty cheap. You would have thought they'll put more money in to this stuff.

let ask nintendo for $10 mil like the hassaku emulator devs did !

 

[xenom0rph]

Ok so it was only 4500$ no where near as severe as I thought. Well time to go call my buddy on his bs lol. I'm still sitting on an unopened launch console, I'm patient and most of all I can't wait to stick it to Nintendo. They deserve 100% of what's coming to them for everything they are doing to the industry.

 

[yankii]

They deserve 100% of what's coming to them for everything they are doing to the industry.

True, releasing genre-defining experiences is bad for the industry because it raises the bar for everyone else.

 

[Dan-the-Rebirth]

I love how here on gbatemp most people love Nintendo games while at the same time want to hack their console "to prove a point"

 

[Renos44]

Ok so it was only 4500$ no where near as severe as I thought. Well time to go call my buddy on his bs lol. I'm still sitting on an unopened launch console, I'm patient and most of all I can't wait to stick it to Nintendo. They deserve 100% of what's coming to them for everything they are doing to the industry.

Ah you mean the exact same things the rest of the industry has been doing for atleast the last 10 years. But negativity and misinformstion drives up those numbers so content creators jump on for the console launch rage clicks.

Almost everything the switch 1 and 2 do were pioneered by Microsoft. Yet i dont hear calls to hack the xbox to "stick it to microsoft"

 

[Ettino]

let ask nintendo for $10 mil like the hassaku emulator devs did !

Wouldn't go that far, but 4,500 usd is like almost half of what most professionals in this field make in a month (if they're making 6 figures).

 

[chrisrlink]

dude nintendo is so anti consumer I wouldn't even sell vulns to them if i was starving (suprised they even pay honestly))

 

[masagrator]

(suprised they even pay honestly))

But they are cheapskates because 50k$ for something that can destroy their revenues is baffling. And there are people who would pay more to make exclusive product for hacking Switch 2 that they can sell on aliexpress and would still profit from this significantly.