Homebrew Nintendo now has a 3DS bug bounty page open

[Mikemk]

Or somehow replacing the corrupted payloads with the normal code through an update. That would revoke access to D9/H9/G9, etc./QUOTE]
Not possible

 

[shelby--san]

No. However they are trying to stomp out everything according to the page

Yes, I have seen that. ;(
Why now, though. Isn't the 3DS EOL?

use the very method we used to write back the firms

Would they really go that far?
They had the means to patch the other, more primitive exploits we had before.. and except for QR code injecting, pulling games from eShop (instead of patching them) and nuking TubeHax...
I feel they waited far too long to take actions.

 

[angelus kun]

why nintendo dosent read github pages of luma source code a9lh source code on gbatemp wiki and 3dbrew i think they know everything about this but the money its more useful for they

 

[Alex658]

luma has firmprotection so it won't let a9lh be over written

Okay, I'll reply to you just this one time to see if you get it.

Remember the way a9lh worked? How you had to get back to 2.1 to get the console keys and install the exploit?
Well, they still have the master keys, since OTP cannot be changed (one time programmable code), they could just as easily overwrite firm 0/1 by re-exploiting their own code, or somehow reversing a9lh.

Well, this shall prove amusing, now more than ever i want to see what is disclosed by smea at the talk. they claimed to have won the game after all.

 

[Raylight]

Okay, I'll reply to you just this one time to see if you get it.

Remember the way a9lh worked? How you had to get back to 2.1 to get the console keys and install the exploit?
Well, they still have the master keys, since OTP cannot be changed (one time programmable code), they could just as easily overwrite firm 0/1 by re-exploiting their own code, or somehow reversing a9lh.

Well, this shall prove amusing, now more than ever i want to see what is disclosed by smea at the talk. they claimed to have won the game after all.

Last i heard he was arrested in japan. was that true?

 

[hacksn5s4]

i got a9lh because its permant homebrew and it gives you full acess to the system before homebrew got patched and you had to stay on an older firmware and not be able to play online you can also install homebrew to the homemenu

 

[xtheman]

Last i heard he was arrested in japan. was that true?

That was fake. His twitter even states that

 

[Mikemk]

Why now, though. Isn't the 3DS EOL?

Obviously not, if they're investing tens to hundreds of thousands of dollars removing exploits.

Remember the way a9lh worked? How you had to get back to 2.1 to get the console keys and install the exploit?

A9LH can install on any version 9.2-, only dumping the OTP needs 2.1, and that need only be done once

 

[Raylight]

That was fake. His twitter even states that

I dont really keep up with my twitter.

 

[SaffronXL]

They pay based on the severity of the issue, they're not going to give $20k for some exploit that has little to no practical use...

They're never going to pay anyone anywhere near $20k, and you know it. If they can, they should hire more full-time security pros. These bounty schemes can work well for stopping undiscovered or unpublicized exploits, but the 3ds is 99.9% totally hacked by exploits that are common knowledge, and even open sourced on github. The time to fix this was 6 years ago, that genie ain't goin back in that lamp.
The only information type I can imagine that would actually be beneficial to Nintendo is regarding:

• Dissemination of inappropriate content to children

That could be improved on. But the other stuff isn't going to change through a silly bounty program.

 

[hacksn5s4]

still its not like nintedo can go in your house and take your hacked 3ds away so why bother only people who don't know about hackign will update there systems

 

[Alex658]

Obviously not, if they're investing tens to hundreds of thousands of dollars removing exploits.


A9LH can install on any version 9.2-, only dumping the OTP needs 2.1, and that need only be done once

I know that, but you cannot install a9lh without the OTP in o3ds no matter the version. And OTPless on 9.2 wasn't much of a success after it was deemed unsafe by aurora for N3DS. I'd rather pretend that didn't happen.

 

[Raylight]

They're never going to pay anyone anywhere near $20k

well thats to be expected there a bunch of bell pinchers

 

[Mikemk]

And OTPless on 9.2 wasn't much of a success after it was deemed unsafe by aurora for N3DS. I'd rather pretend that didn't happen.

It's not unsafe, it's just buggy. They'll eventually put it back in the guide after they figure out what caused the bricks.

 

[SG6000]

Something tells me that the kind of individual who would diligently and successfully work on finding a system exploit isn't the kind of individual likely to be attracted to a little bit of pocket money in exchange for their discoveries.

 

[Alex658]

If they do manage to patch a9lh and make firm 0/1 write protected (a similar way a9lh+cfw does), we would still have the OTP keys. Where you couldn't rewrite them via normal means, but OTP would give you the highest permission escalation avaliable except for the bootrom.
That's curious.

 

[sj33]

Not sure why people are so paranoid about updates overwriting FIRM. Just check before you update.

 

[fodder]

They're never going to pay anyone anywhere near $20k, and you know it. If they can, they should hire more full-time security pros. These bounty schemes can work well for stopping undiscovered or unpublicized exploits, but the 3ds is 99.9% totally hacked by exploits that are common knowledge, and even open sourced on github. The time to fix this was 6 years ago, that genie ain't goin back in that lamp.
The only information type I can imagine that would actually be beneficial to Nintendo is regarding:

• Dissemination of inappropriate content to children

That could be improved on. But the other stuff isn't going to change through a silly bounty program.

Maybe for the 3DS, sure, but I'm sure once the switch is released they'll update their profile and start giving out those $20k bounties

 

[kingaz]

No, this doesn't mean that Nintendo is getting serious about fixing 3DS security.

No, this doesn't mean that Nintendo hasn't been keeping an eye on the scene (think of all of the exploit games that have been pulled same-day).

No, this doesn't mean that the 3DS is going to be supported for longer than we thought. It's still on its way out.

This is almost certainly a test run for a possible Switch bug bounty program.

 

[Kourin]

It's fake, literally anyone can make these with no proof that you own the domain.

Not to mention it was made a few hours ago and it miraculously was found out straight away.