Last year, Nintendo debutted its HackerOne program that involved giving a bounty of range of $100 - $20,000 to hackers that disclose their system exploits and vulnerabilities for the 3DS. Everyone thought it wouldn't work out for Nintendo, but just around last month the program was extended to include the Nintendo Switch too.

Just recently as you can see in the picture, three people were rewarded so far, however the amounts paid will not be made public. It seems as if a few hackers wouldn't mind giving out their newfound exploits for some easy cash, hopefully for the sake of the Switch hacking scene, it isn't the same with our own resident hackers.

A few examples of what information Nintendo is interested in receiving:

• System vulnerabilities regarding Nintendo Switch
  • Privilege escalation from userland
  • Kernel takeover
  • ARM® TrustZone® takeover
• Vulnerabilities regarding Nintendo-published applications for Nintendo Switch
  • Userland takeover
• System vulnerabilities regarding the Nintendo 3DS family of systems
  • Privilege escalation on ARM® ARM11™ userland
  • ARM11 kernel takeover
  • ARM® ARM9™ userland takeover
  • ARM9 kernel takeover

Source

 

[perkel]

eh i would def take money, 20k is shitload money where i live

 

[Jax_Ripper]

I wouldn't . I would put the hack on the net and ask for donations. If need be.

Jax

Sent from my SM-S120VL using Tapatalk

 

[Risingdawn]

"A wild B9S appears"
"Nintendo is carelessly slacking off"

"Nintendo uses HackerOne program"
"It has no effect!"

"B9S uses Sighax"
"Nintendo has fainted"

 

[:-infern:]

*snip*
That's the give/take risk. Give homebrew, take piracy. This is why Linux on the PS3 was much loved, and the system was entirely uncracked up until Sony decided to play silly bugger and remove Linux from the Slims.

Pretty much every company should have noted that. Give people a sandboxed area to play with and let them run wild. Homebrew AND no piracy.

Firstly you are completely misinformed.

Theres no real reason why Sony removed other OS. Some say piracy, others say because companies were buying mass loads of PS3s and running them as server farms, Sony were taking a loss on every PS3 but expecting returns from games and peripherals which they then weren't getting and the cost of supporting other OS.

Giving people a sandbox to run their own code is a bad idea. People will just use it to find exploits and bypass the sandbox. If you want actual homebrew you have to unfortunately buy an expensive Dev kit, get an expensive license and then start. Which is infeasible.

 

[Pacheko17]

Are there people seriously shaming them?
Are you guys sick?

Not everybody has to go through such hard work to make some lazy ass kids who want to pirate shit have exploits.
People need money to live, and this is a great opportunity for them, if the ones who are complaining didn't sit on their asses all day long and actually had to take care of themselves, they'd understand.

 

[Flashed]

LOL...
I won't do that things. I would do that things because I like that and I enjoy doing that things. I wouldn't turn that into a job and get rewarded.

--------------------- MERGED ---------------------------

Are there people seriously shaming them?
Are you guys sick?

Not everybody has to go through such hard work to make some lazy ass kids who want to pirate shit have exploits.
People need money to live, and this is a great opportunity for them, if the ones who are complaining didn't sit on their asses all day long and actually had to take care of themselves, they'd understand.

We are not talking about 'piracy'.
And I think there's LOTS of thing much easier to do and get paid for. This world can't be a work, must be a open community.

 

[Kourin]

"A wild B9S appears"
"Nintendo is carelessly slacking off"

"Nintendo uses HackerOne program"
"It has no effect!"

"B9S uses Sighax"
"Nintendo has fainted"

"Nintendo uses Ban Wave"
"It's super effective!"

 

[SANIC]

"A wild B9S appears"
"Nintendo is carelessly slacking off"

"Nintendo uses HackerOne program"
"It has no effect!"

"B9S uses Sighax"
"Nintendo has fainted"

This is so ironic

 

[:-infern:]

Why isn't this thread closed yet? It's pointless....

 

[zoogie]

Two more reports were just submitted:
https://hackerone.com/nintendo/hack...ter=type:all to:nintendo&page=1&range=forever

 

[Thunder Hawk]

Two more reports were just submitted:
https://hackerone.com/nintendo/hacktivity?sort_type=latest_disclosable_activity_at&filter=type:all to:nintendo&page=1&range=forever

More people who want to bank on that Nintendo dough... and bad news for us...

 

[WeedZ]

it should be interesting if this changes how "hobby hackers" (people not in it for the money) release their work. I know the mentality right now is "save it for as many firmware versions as possible" but if the bug bounty program starts to take off I don't know if that will be viable anymore.

It was never about making an exploit as widely available as possible. It was about controlling the scene. Don't be naive. This was never a practice before the 3ds and just about every other system was broke wide open. The 3ds scene just got lucky that there were those willing to leak exploits. If it weren't for them, we'd still be waiting with our thumbs up our asses.

 

[TheMCNerd2017]

It was never about making an exploit as widely available as possible. It was about controlling the scene. Don't be naive. This was never a practice before the 3ds and just about every other system was broke wide open. The 3ds scene just got lucky that there were those willing to leak exploits. If it weren't for them, we'd still be waiting with our thumbs up our asses.

What do you mean by "controlling the scene"?

 

[WeedZ]

What do you mean by "controlling the scene"?

Well, you know how smealum released the first ninjhax exploit and blocked access to particular resources, then required everyone to use his launcher platform to write homebrew. Precisely that.

 

[Lumince]

Why complain though. Calling them snitches just makes you sound entitled snob. You don't own the exploits. If I did this stuff as a daily hobby I would go for the money. They found these bugs and they get to make the choice of what they will do with it. Either that being make something out of it for the community or get paid to give it to Nintendo. You want a console to be hacked? Go do it yourself. This is why they are doing it. There is so little respect for devs these days it baffles my mind. You saying "Oh they are snitched" or "Thats for us!" or "But I wanted (Enter unhacked console here) to have hax" just makes it worse. I know I would choose money over someone telling me "oh good job! Thanks for the hax!". Thats not calling being a snitch if no one knew about it. It doesn't involve you in the first place, so how can it be snitching?

 

[WeedZ]

Why complain though. Calling them snitches just makes you sound entitled snob. You don't own the exploits. If I did this stuff as a daily hobby I would go for the money. They found these bugs and they get to make the choice of what they will do with it. Either that being make something out of it for the community or get paid to give it to Nintendo. You want a console to be hacked? Go do it yourself. This is why they are doing it. There is so little respect for devs these days it baffles my mind. You saying "Oh they are snitched" or "Thats for us!" or "But I wanted (Enter unhacked console here) to have hax" just makes it worse. I know I would choose money over someone telling me "oh good job! Thanks for the hax!". Thats not calling being a snitch if no one knew about it. It doesn't involve you in the first place, so how can it be snitching?

But they're not the only ones that find these security flaws. When one hacker sells it out, it's useless for any other to contribute it. Who's to say that these aren't script kiddies that read about vulnerabilities from someone else's work, then traded them over? There used to be a comradery among hackers, devs, and script kiddies sticking it to the man. Not anymore. The scene used to be something special, but I guess most of you haven't been around long enough for that.

 

[Deleted User]

But they're not the only ones that find these security flaws. When one hacker sells it out, it's useless for any other to contribute it. Who's to say that these aren't script kiddies that read about vulnerabilities from someone else's work, then traded them over? There used to be a comradery among hackers, devs, and script kiddies sticking it to the man. Not anymore. The scene used to be something special, but I guess most of you haven't been around long enough for that.

i haven't thought about it from this perspective :/

i guess it all depends on the ethics of the person submitting it. also, with this being in place, devs should now keep everything to themselves and learn how to develop it from head to toe, because they can't risk other's submitting it :/

 

[Lumince]

But they're not the only ones that find these security flaws. When one hacker sells it out, it's useless for any other to contribute it. Who's to say that these aren't script kiddies that read about vulnerabilities from someone else's work, then traded them over? There used to be a comradery among hackers, devs, and script kiddies sticking it to the man. Not anymore. The scene used to be something special, but I guess most of you haven't been around long enough for that.

Im talking about people that ACTUALLY find these exploits on their own and don't even say anything to the community about them. How would it be snitching if none of us are told about them in the first place. Clearly those people that submitted those exploits to nintendo did not care if people "cant contribute to it.

 

[WeedZ]

Im talking about people that ACTUALLY find these exploits on their own and don't even say anything to the community about them. How would it be snitching if none of us are told about them in the first place. Clearly those people that submitted those exploits to nintendo did not care if people "cant contribute to it.

That's called being a dick.

--------------------- MERGED ---------------------------

Most of today's exploits are found by exploring old ones. Companies tend to use the same browsers, processors, ect. That already have known exploits. They just dress them up a bit. So the fact is you likely have several people exploring the same vulnerabilities. Once one sells out, the fun is over for everyone.

 

[Lumince]

That's called being a dick.

I would agree a bit there. But I know If I had the chance to be paid a bit for what I love doing, then I would go for it. But thats me.