Hacking ktemkin drama

V-Temp

Well-Known Member
Member
Joined
Jul 20, 2017
Messages
1,227
Trophies
0
Age
32
XP
1,322
Country
United States
Basically, yeah. The bug is "considered" working as intended by google/nvidia, but is actually exploitable, and can potentially be used and fixed on the switch indirectly.

It was fixed on the Switch pretty directly as of 5.0.0, they knew what they were attacking and fixing with that firmware update.

This is why ktemkin thought it wasn't a big deal, Nintendo knew about this bug so there was nothing directly lost as far as she was aware or thought.

But its possible she outed a bigger flaw or an execution path indirectly without realizing it.
 

Tapri

Forum Lurker
Member
Joined
Oct 15, 2015
Messages
138
Trophies
0
XP
239
Country
United States
Why didn’t K talk with her team beforehand(I mean isn’t that typical communication etiquette?) and why did S just blast her outright, and furthermore if money is involved and he’s a lawyer a settlement could be negotiated.

Because she was under the impression Google/NVidia already knew that the "intended feature" could be in a malicious way, but found out they didn't know.
 

Uwabami

Well-Known Member
Member
Joined
Feb 4, 2014
Messages
946
Trophies
1
XP
2,254
Country
Germany
Why didn’t K talk with her team beforehand(I mean isn’t that typical communication etiquette?) and why did S just blast her outright, and furthermore if money is involved and he’s a lawyer a settlement could be negotiated.
The fact that she didn't talk to her team before she mentioned the bug to Google is the root of the problem. SciresM didn't "just blast her outright", he consulted with 8 other team members, except for two of ktemkins romantic partners.

And if what she says is true, there was no direct monetary gain, but it was mentioned during a paid consulting session. (edit: I assume it was paid for, this was not mentioned by her)

Because she was under the impression Google/NVidia already knew that the "intended feature" could be in a malicious way, but found out they didn't know.
This seems to be a thing both parties disagree on, yeah.
 
Last edited by Uwabami,

krasaty

Member
Newcomer
Joined
Jul 13, 2018
Messages
23
Trophies
0
Age
22
XP
203
Country
United Kingdom
It was fixed on the Switch pretty directly as of 5.0.0, they knew what they were attacking and fixing with that firmware update.

This is why ktemkin thought it wasn't a big deal, Nintendo knew about this bug so there was nothing directly lost as far as she was aware or thought.

But its possible she outed a bigger flaw or an execution path indirectly without realizing it.
Parts of the dejavu exploit chain were patched on 5.0.0. This is a bootrom bug that dejavu likely uses to load the payload. To patch this they will have to release a new revision or ipatch it.
 

snoofly

Well-Known Member
OP
Member
Joined
Aug 18, 2015
Messages
1,013
Trophies
0
Age
52
XP
2,062
Country
United Kingdom
Basically, yeah. The bug is "considered" working as intended by google/nvidia, but is actually exploitable, and can potentially be used and fixed on the switch indirectly.
this.
apart from the fact that sciresm only discovered it independently, i.e. he didn’t own the bug, other parties also knew about it.
 

brickmii82

Well-Known Member
Member
Joined
Feb 21, 2015
Messages
1,371
Trophies
1
Age
39
XP
2,570
Country
United States
The fact that she didn't talk to her team before she mentioned the bug to Google is the root of the problem. SciresM didn't "just blast her outright", he consulted with 8 other team members, except for two of ktemkins romantic partners.

And if what she says is true, there was no direct monetary gain, but it was mentioned during a paid consulting session.


This seems to be a thing both parties disagree on, yeah.
Ok I think I’m getting a better grasp of the situation now. K basically told the cops the bank door was unlocked before her roommates robbed it so now theyre pissed at her.
 
Last edited by brickmii82,

the_randomizer

The Temp's official fox whisperer
Member
Joined
Apr 29, 2011
Messages
30,969
Trophies
2
Age
36
Location
Dr. Wahwee's castle
XP
18,417
Country
United States
SciresM is. He's not a bad dude, but he's always been good at trolling. I would have guessed his team of anti-jokers would have snapped from his personality eventually, looks like it finally happened. Not surprising... lol

Oh? Is that why he threw a bitchfest on the ReSwitched Discord the other day? I mean, yes, that Kate did was stupid, but he could have been so much more mature. Two wrongs never make a right.
 
Last edited by the_randomizer,

V-Temp

Well-Known Member
Member
Joined
Jul 20, 2017
Messages
1,227
Trophies
0
Age
32
XP
1,322
Country
United States
Parts of the dejavu exploit chain were patched on 5.0.0. This is a bootrom bug that dejavu likely uses to load the payload. To patch this they will have to release a new revision or ipatch it.

What I mean is they knew about it and closed the path to enable it to work, you need software vulns to get deja vu running to leverage this flaw. This bootrom bug seems to have been the whole principle behind achieving coldboot with deja vu.

If Nintendo has shut off execution then the bug is irrelevant.

So I don't know what Nintendo would have gained from this and I don't know why ktemkin would think Nintendo knew and fixed it, if they didn't know and didn't fix it.
 

brickmii82

Well-Known Member
Member
Joined
Feb 21, 2015
Messages
1,371
Trophies
1
Age
39
XP
2,570
Country
United States
So no one knows if K got paid, no one knows if Nintendo already patched the vulnerability, and no one knows if it was known already to boot?
 

Tapri

Forum Lurker
Member
Joined
Oct 15, 2015
Messages
138
Trophies
0
XP
239
Country
United States
What I mean is they knew about it and closed the path to enable it to work, you need software vulns to get deja vu running to leverage this flaw. This bootrom bug seems to have been the whole principle behind achieving coldboot with deja vu.

If Nintendo has shut off execution then the bug is irrelevant.

So I don't know what Nintendo would have gained from this and I don't know why ktemkin would think Nintendo knew and fixed it, if they didn't know and didn't fix it.

It was more of she reporting it to Google/NVidia and but at the same time effecting the switch, she didn't report it to nintendo, but NVidia being a partner, you can imagine the path from there.


So no one knows if K got paid, no one knows if Nintendo already patched the vulnerability, and no one knows if it was known already to boot?

K said she wasn't paid for it herself on twitter.
 

krasaty

Member
Newcomer
Joined
Jul 13, 2018
Messages
23
Trophies
0
Age
22
XP
203
Country
United Kingdom
What I mean is they knew about it and closed the path to enable it to work, you need software vulns to get deja vu running to leverage this flaw. This bootrom bug seems to have been the whole principle behind achieving coldboot with deja vu.

If Nintendo has shut off execution then the bug is irrelevant.

So I don't know what Nintendo would have gained from this and I don't know why ktemkin would think Nintendo knew and fixed it, if they didn't know and didn't fix it.
Dejavu is warmboot. They have patched some things before the bootrom exploit in 5.0.0. Here is a video example and the bootrom exploit would likely have to take place after the switch goes into sleep mode.
 

Chary

Never sleeps
Chief Editor
Joined
Oct 2, 2012
Messages
11,326
Trophies
3
Age
25
Website
opencritic.com
XP
97,126
Country
United States
Oh? Is that why he threw a bitchfest on the ReSwitched Discord the other day? I mean, yes, that Kate did was stupid, but he could have been so much more mature. Two wrongs never make a right.

For having reportedly had a round table discussion with multiple people, SciresM sure acted like it was done on a whim. Randomly alerting everyone and then blasting with a shred of details ($200k bounty!! Banned!!) was only ever going to lead to madness. He should have acted like a lawyer, had his reasoning ready to go, and then calmly explained it in a way that wouldn't cause as much of a dramatic uproar as it did. And the whole "b-but privacy" card can't be played on that, because that inflammatory way of alerting the masses only made people WANT to pry in private affairs.
 

V-Temp

Well-Known Member
Member
Joined
Jul 20, 2017
Messages
1,227
Trophies
0
Age
32
XP
1,322
Country
United States
Dejavu is warmboot. They have patched some things before the bootrom exploit. Here is a video example and the bootrom exploit would have to take place after the switch goes into sleep mode.

I know this. I am saying DV was intended to achieve coldboot, that was the whole promise of it eventually. Warmboot is pointless with FG, but DV was the promise to eventually get coldboot and why many wanted to keep their fuses to <4.1.

In patching DV as it had worked up until 4.1, Nintendo knowingly closed off the execution that can be leveraged from DV to enable coldboot. And that's where I think ktemkin means they already knew about it, because they already attacked DV by closing off its execution chain. The vulnerability at the core for coldboot remains, and was why SciresM said not to upgrade 4.1 FG-patched units to 5.0+ because 5.0+ broke DV and made the vulnerability unusable.

--------------------- MERGED ---------------------------

It was more of she reporting it to Google/NVidia and but at the same time effecting the switch, she didn't report it to nintendo, but NVidia being a partner, you can imagine the path from there.

I get that, I meant what's the indication that Nintendo didn't or doesn't know? She seems convinced they do, and firmware 5.0 suggests they do to doesn't it?
 

krasaty

Member
Newcomer
Joined
Jul 13, 2018
Messages
23
Trophies
0
Age
22
XP
203
Country
United Kingdom
I know this. I am saying DV was intended to achieve coldboot, that was the whole promise of it eventually. Warmboot is pointless with FG, but DV was the promise to eventually get coldboot and why many wanted to keep their fuses to <4.1.

In patching DV as it had worked up until 4.1, Nintendo knowingly closed off the execution that can be leveraged from DV to enable coldboot. And that's where I think ktemkin means they already knew about it, because they already attacked DV by closing off its execution chain. The vulnerability at the core for coldboot remains, and was why SciresM said not to upgrade 4.1 FG-patched units to 5.0+ because 5.0+ broke DV and made the vulnerability unusable.
Dejavu was never meant to lead to coldboot. SciresM himself stated that coldboot (non-tethered) is never happening above 3.0.1.
Nintendo very likely just patched the way he used to get into the bootrom exploit. This doesn't mean that they know it exists and can be used in a malicious way, but that they closed different holes that sciresm used to lead into this.
 

Uwabami

Well-Known Member
Member
Joined
Feb 4, 2014
Messages
946
Trophies
1
XP
2,254
Country
Germany
For having reportedly had a round table discussion with multiple people, SciresM sure acted like it was done on a whim. Randomly alerting everyone and then blasting with a shred of details ($200k bounty!! Banned!!) was only ever going to lead to madness. He should have acted like a lawyer, had his reasoning ready to go, and then calmly explained it in a way that wouldn't cause as much of a dramatic uproar as it did. And the whole "b-but privacy" card can't be played on that, because that inflammatory way of alerting the masses only made people WANT to pry in private affairs.
They would've asked why she was banned either way and people would've wildly speculated like they did here (including some mods that shall not be mentioned). The privacy card was played by Qyriad, who was perfectly fine with cherry picking quotes by him from said private chat, but was against publishing the whole thing when he told her to do so.

And risking another warning: some people should be aware they're sitting in a glass house.
 

brickmii82

Well-Known Member
Member
Joined
Feb 21, 2015
Messages
1,371
Trophies
1
Age
39
XP
2,570
Country
United States
They would've asked why she was banned either way and people would've wildly speculated like they did here (including some mods that shall not be mentioned). The privacy card was played by Qyriad, who was perfectly fine with cherry picking quotes by him from said private chat, but was against publishing the whole thing when he told her to do so.

And risking another warning: some people should be aware they're sitting in a glass house.
So was the exploit patched in 5.0 on the Switch? And you still haven’t provided any proof of the 200K S claimed to be had for the “bug bounty.” All that I can stand behind is that SciresM found a security flaw and Ktempkin used it in a disclosure example(which is dick if no credit was given)
 

snoofly

Well-Known Member
OP
Member
Joined
Aug 18, 2015
Messages
1,013
Trophies
0
Age
52
XP
2,062
Country
United Kingdom
So no one knows if K got paid, no one knows if Nintendo already patched the vulnerability, and no one knows if it was known already to boot?
this post made me laugh out loud to my wife who asked me what.
i said, so this thread, after nearly 2 days, no one know this, no one knows that, no one actually still knows anything for sure
 
General chit-chat
Help Users
    DJPlace @ DJPlace: @Sonic Angel Knight no he's from a youtube user named DevilArtemis it's spin off of team four...