
Nintendo Launches Vulnerability Rewards Program for Nintendo 3DS - phwd
https://hackerone.com/blog/Nintendo-3ds-Launches-bug-bounty-program-on-HackerOne
======
Fej
This is interesting for several reasons:

\- The 3DS is nearing the end of its lifespan. This seems like a way to test
the waters. Nintendo's a traditional Japanese company so slow and steady is
the name of the game. There's really no financial reason to beef up the 3DS'
security as they just had what is, to my knowledge, its last major launch
(Pokémon S&M).

\- They're providing an incentive for modders to report their exploits instead
of sharing them with the wider community. If they keep their promise, it could
really cut back on homebrew and piracy. AFAIK this is unprecedented in gaming.
Would definitely help with Nintendo consoles' rampant exploits.

\- Nintendo's software is terrible. Case in point: their web browsers use
crappy old versions of WebKit, and when they inevitably get exploited, they
patch that particular exploit out and leave the rest of that Swiss cheese open
for grabs. I don't think they really have a concept of security. Could it mean
a sea change is coming in Switch?

~~~
m-p-3
It would be nice if they partnered with a web browser developer (Google or
Mozilla) to handle this part and ensure they provide an up-to-date engine on
their next consoles.

------
cakebrewery
It seems a bit late for the Nintendo 3DS. I wonder if it has anything to do
with shared code between this and the upcoming Nintendo Switch. Nintendo has a
had an amazing year and I'm really glad they're doing this nonetheless.

~~~
BoorishBears
To me it seems especially late since the platform has been broken wide open.

The "jailbreaks" now have access to both processors used to boot the system
and games, so they can run code before the system loads and intercept writes
to their memory locations.

They can block exploits in new firmware versions (and have), but the system
has sold so many units there doesn't seem to be a realistic chance of
"breakable" systems running out for those interested.

~~~
striking
Especially considering the hacks allow you to have more than one 3DS firmware
installed at a time, allowing you to do things that require a clean slate
while still being hacked.

As long as you don't install some theoretical update that blocked all the
exploits directly onto your real NAND, or as long as you don't buy a fresh 3DS
with this update baked in already... you're honestly all set.

~~~
rhinoceraptor
Also, $200 for a new 3DS is still less than what a couple of games would have
cost if you bought them retail.

------
dovdovdov
I found one, eShop titles have one key each, meaning once the key goes public,
anyone can get the game with it, right from Nintendo's servers, namaste!

Don't flood me with your monies just yet, Nintendo, rather pay for better
devs! ;)

~~~
sleepychu
Are you sure? I've never heard this. Do you mean the kind of key you can buy
in a shop and redeem on the eShop?

~~~
gatesphere
They're talking about the 'titlekey' system that the eShop uses. The overview
of the process is:

1) You attempt to purchase a game on the eShop 1a) Nintenedo servers verify
you have funds 1b) Nintendo charges your account credit equal to the amount of
the game 2) Once payment is received, the eShop application installs the
selected game's 'titlekey' to your 3DS system. These titlekeys are unique per
game, not per console -- herein lies the biggest part of the problem. These
titlekeys are used as decryption keys for the game contents hosted on
Nintendo's CDN (which doesn't need authentication!). 3) If the eShop app
senses you have the game's titlekey installed, it will let you download it to
your system.

So, once people figured out how to dump the titlekey databases from their
systems, and how to import titlekeys into their other systems, they were able
to essentially get free games directly off the eShop, using Nintendo's
servers!

And then a few weeks after that, a homebrew app called freeShop came by that
automated the process -- it has a GUI that lets you browse the games in the
eShop, pull and install the titlekey from an online database, and
grab/decrypt/install the game straight from Nintendo's servers.

Because Nintendo doesn't tie purchases to your Nintendo Network ID, but rather
to the hardware itself, they left themselves wide open to this.

(It should be noted that the Wii U eShop uses a very similar system that has
been similarly exploited recently.)

~~~
kayla210
Okay, wow, that's a huge hole in their system. Is there any indication that
Nintendo is aware of this and is trying to patch it? Or has it been patched
already?

~~~
dovdovdov
Well, it's locking millions of customers out from the eShop until they do a
software update vs. letting a few thousand pirates slip.

------
sleepychu
Interesting post, weird that an article doesn't work if you don't have cookies
on (just completely blank)

------
ythn
The only incentive I've ever had to jailbreak a 3DS was in order to play
region-locked games that were only released in Japan. Why is region-locking
still a thing? Why force the most loyal of your customers to buy two consoles
- one NA and one JP?

~~~
serge2k
Because Nintendo.

Why release a console called the WiiU? Because Nintendo.

Why destroy relationships with 3rd party publishers? Because Nintendo.

Why constantly launch new products without adequately stocking stores? Because
Nintendo.

Why shitty online? Because Nintendo.

Why were downloaded games locked to hardware instead of account? Because
Nintendo.

They do their own thing and pretty much do not care.

------
mdrzn
Does anyone want to talk about the background image behind the title? There
are some interesting bugs there.. Can someone grab that .jpg?

------
throwaway7767
Ugh, bug bounties being used for developing stronger DRM. Well, I guess we
have to take the bad with the good.

