
Pokemon Sword and Shield Are Crashing Roku Devices - chromaton
https://gamerant.com/pokemon-sword-shield-roku-device-crash/
======
lilyball
> _Most people familiar with the situation are attributing the problem to a
> Roku, in that it 's the Roku devices that are malfunctioning and not the
> Nintendo Switch._

I would certainly hope that "entering an endless boot loop" is considered a
malfunction no matter what network traffic is occurring.

~~~
ernesth
> I would certainly hope that "entering an endless boot loop" is considered a
> malfunction no matter what network traffic is occurring.

Once the switch is in airplane mode, the endlessly looping device seems fixed.

The fact that it reboots is probably a bug.

The fact that it reboots endlessly is caused by the nintendo switch endlessly
broadcasting the same signal.

~~~
chungus_khan
That's still not really Nintendo's fault though. Network services are allowed
to repeatedly broadcast the same packets, and it does so for legitimate
purposes. If competently written, the Roku should have no trouble discarding
invalid input.

~~~
antris
>Network services are allowed to repeatedly broadcast the same packets, and it
does so for legitimate purposes.

To add to this, even if it wouldn't be for legitimate purposes, a device
shouldn't enter a boot loop because another device is malfunctioning.

~~~
helen___keller
Malfunctioning or malicious.

------
rahuldottech
Explanation, from Reddit:

> _Pokémon sends a network discovery packet to each device on port 26037. Roku
> also listen on that port for LAN based updates so that multiple devices on
> the same network can update each other. It was an obvious decision. Saved
> Roku around a quarter million dollars in CDN traffic costs. Roku is popular
> in the commercial space where it’s often used as a media source to control
> sometimes 100s of TVs on the same network. It just so happens that Pokémon’s
> network discovery packet shares the exact same bytes as Roku’s signed
> bytecode to reboot._

> _The odds are astronomically low. We could have wound up with an alien
> planet full of Justin Timberlake clones, but the universe decided this was
> our colossal fluke._

~~~
Rooster61
I'm skeptical of this. Did they provide any proof to that effect? The odds are
indeed INCREDIBLY low, low enough for me to suspect Roku doing something lazy
in their network traffic sanitization.

EDIT: Nope, nothing. They just stated it as fact and left it it at that. I'm
calling shenanigans. Amusing theory, but it really is too incredulous to
believe without any evidence.

~~~
pvg
Look at the name of the subreddit.

~~~
Rooster61
Yes, it's called ProgrammerHumor. No, that doesn't automatically mean
someone's posting something sarcastic/bullshit.

I'd find a collision of such low probability very humorous if it actually
happened.

~~~
akvadrako
It’s more than humorous - assuming the signature is secure, nothing that
amazing has yet happened in the history of the universe.

~~~
JackRabbitSlim
It probably happens all the time. We just realize its astronomically low and
assume the easier to understand, safer explanation in our own incompetence
instead and go back to saying we never see that sort of thing.

~~~
randomb_1979
"There are 10^11 stars in the galaxy. That used to be a huge number. But it's
only a hundred billion. It's less than the national deficit! We used to call
them astronomical numbers. Now we should call them economical numbers." \-
Richard Feynman

------
Driky
The title wrongfully is accusatory. The switch is very bad when it comes to
network "cleanliness" with its propensity to broadcast for anything. But the
fact that some roku devices are unable to handle proprietary network calls is
on Roku not on Nintendo...

~~~
mattigames
Allowing videogames to make network calls using arbitrary port numbers seem
like poor engineering by Nintendo, videogames should have to use an API to do
network calls regardless of what port the console uses to connect to such
networks (internet or other network).

~~~
kjs3
Says who?

~~~
mattigames
Nobody you consider important.

~~~
kjs3
Well, yeah...anyone who doesn't bother or isn't capable of explaining why they
make absolutist pronouncements as to how other people should do thing aren't
particularly important to _anyone_.

------
wil421
Pokemon is using a local WiFi feature I didn’t know existed until I started
playing. The WiFi symbol on the switch has L on it. Meaning it’s searching for
users connected to WiFi but it’s not connected to the internet.

I might be able to sniff the packets later today.

To me it looks like a Roku issue. A device shouldn’t go into a reboot loop if
it encounters something unexpected. I also heard the switch uses its own
version of Bluetooth to add 8 players but since its nonstandard they won’t let
you connect any BT devices to it.

~~~
rtkwe
What about going into a reboot loop if you see a signed request to reboot? [0]
It's unverified but this story makes sense in a cosmic coincidence sort of
way.

[0]
[https://www.reddit.com/r/ProgrammerHumor/comments/dy0p86/how...](https://www.reddit.com/r/ProgrammerHumor/comments/dy0p86/how_do_you_even_begin_to_debug_something_like_this/f7xzay7/)

~~~
scarejunba
Why sign the reboot code if you're always sending the same code? Like, the
signing is useless. The signed code is now the new reboot code and it's
effectively unsigned.

~~~
rtkwe
True but omitting any challenge response means the master node can just push
the info out without having to communicate with any of the child nodes. It's
true it's basically just a reboot code but a cryptographically random number
to a randomly chosen port is honestly a fairly safe choice Roku just got
cosmically unlucky if the theory is correct.

~~~
DSMan195276
I agree with your point, but there's just no way that's true. A bare minimum
MD5 signature is 16-bytes (Obviously not secure, but this isn't safe from
replay attacks anyway), with a more acceptable SHA256 obviously being
32-bytes. Any type of signature _should_ be sufficiently random that Nintendo
is never going to accidentally match them, so that means the odds of matching
a random 64-bit integer is already 16 quintillion to one, and just for MD5
we're talking 16 quintillino _times_ 16 quintillion - that's beyond hopeless.
It's the same thing as calling heads or tails correctly either 128 or 256
times in a row.

If I had to guess it's probably something silly like not actually checking the
signature for validity, or (more likely, IMO) incorrectly checking the length
of the packet and getting a buffer overflow/underflow that eventually crashes
the Roku.

~~~
rtkwe
Maybe. Could also be they did include some half-hearted validation like the
message includes "reboot after" with some long or variable validity period.
That would increase the number of possible valid codes.

Also I get the huge unlikeliness of this happening but massively unlikely
things do occasionally happen.

~~~
DSMan195276
> Also I get the huge unlikeliness of this happening but massively unlikely
> things do occasionally happen.

This is less likely then two people generating the same random GUID. For
SHA256, it's the same as generating two GUIDs in the same message and having
them _both_ be identical.

------
pcroh
More like "Roku Devices Are Letting Themselves Crash When They Receive Packets
They Don't Understand"

~~~
rtkwe
According to a reddit post it's actually that the Roku understands perfectly
but the packet happens to exactly match the request for a reboot that Roku
uses for managing P2P updates:

[https://www.reddit.com/r/ProgrammerHumor/comments/dy0p86/how...](https://www.reddit.com/r/ProgrammerHumor/comments/dy0p86/how_do_you_even_begin_to_debug_something_like_this/f7xzay7/)

------
jsgo
Roku has released an update to hopefully fix this.

[https://www.theverge.com/2019/11/18/20970743/roku-pokemon-
sw...](https://www.theverge.com/2019/11/18/20970743/roku-pokemon-sword-and-
shield-crashing-boot-loop-fix)

------
badrabbit
And this boys and girls is why they don't let us run vuln scans on production
during work hours (or unplanned). I've worked at at least two companies where
a scan caused some important device to crash and have business impact because
the scan packets were unusual. They will fire you if you mistakenly ran the
scan against a prod asset.

~~~
yjftsjthsd-h
I understand that it should be structured to minimize risk, but if your prod
stack can be taken down by a scan... you really do want to find that out in a
controlled manner and not because a script kiddie decided to do the same test.

~~~
wil421
You don’t know what you don’t know. There was a UNIX bug that caused the
system to crash or execute code just by being fingered.[1]

> Connect to your fingerd daemon and type more than 528 (= 512 + 16)
> characters (any will do). If your daemon crashes or terminates the
> connection with no data sent back, you probably have the vulnerability.

[1]
[http://seclab.cs.ucdavis.edu/projects/vulnerabilities/doves/...](http://seclab.cs.ucdavis.edu/projects/vulnerabilities/doves/1.html)

------
Giho
Isn't this an attack vector? Why would even a device respond to wireless
signals in such way that they reboot? So now you can send annoying packets
instead of jamming the network.

~~~
oneepic
I imagine that was not the exact intent. Perhaps it was designed to respond to
wireless signals, but something triggered a fault.

------
joshmn
Previous:
[https://news.ycombinator.com/item?id=21560166](https://news.ycombinator.com/item?id=21560166)

------
inputError
This has to be one of the most random issues of all time.

~~~
genera1
TBH legendary issues like mails failing over 500 miles [0] or recent reddit
post about MRI disaing all iPhones in the hospital [1] take the cake

[0]
[http://web.mit.edu/jemorris/humor/500-miles](http://web.mit.edu/jemorris/humor/500-miles)
[1][https://www.reddit.com/r/sysadmin/comments/9mk2o7/mri_disabl...](https://www.reddit.com/r/sysadmin/comments/9mk2o7/mri_disabled_every_ios_device_in_facility/)

~~~
murph-almighty
Your first story, in turn, reminds me of this:
[https://www.reddit.com/r/talesfromtechsupport/comments/420oa...](https://www.reddit.com/r/talesfromtechsupport/comments/420oan/companywide_email_30000_employees_autoresponders/)

------
eu
ISP's routers too have issues with this:
[https://www.dslreports.com/forum/r32578490-Need-help-on-a-
po...](https://www.dslreports.com/forum/r32578490-Need-help-on-a-possible-
software-bug-on-Altice-Fiber-gateway)

------
PhasmaFelis
I'm not clear if this happens only if the Switch is on the same network as the
Roku, or if it can affect Rokus in range even on different networks. The first
seems most plausible, but the article seems to imply the second in a couple of
places.

~~~
Qwertystop
The Switch is capable of communicating both over an existing network through a
wired or wireless router, and through wireless peer-to-peer communications
with other nearby Switches. Previous Pokemon games (and other games on the
Nintendo 3DS) have used local wireless as a constant background feature in
this manner, but to my knowledge, most Switch games that use local wireless
only do it at specific times (when playing multiplayer) instead of always-on
in the background, so it doesn't seem unreasonable that only the Pokemon game
causes this problem, or that it would be heard by nearby devices on other
networks. Other games would break it only when someone is actually playing
local multi-system multiplayer Smash Bros or something, which is going to be
rarer and you're probably less likely to be trying to use the Roku at the same
time.

The only thing I would find implausible about breaking Rokus by proximity
would be why the Rokus are picking up the communication from a Switch, when
presumably they didn't break whenever someone used a 3DS within ten yards (or
we'd have heard these complaints years ago). But that could easily be down to
changes in protocol by Nintendo between the two systems, such that one is
ignored and the other is mistaken for relevant data.

I don't have a Roku or an easy way to inspect nearby wifi packets, so I can't
easily test this theory.

------
jzollinger0804
Sounds like a pesky Rotom to me ;)

~~~
zapzupnz
Unrelated: Sword and Shield still have the Rotomdex, except it's a smartphone
rather than a 3DS. In French, Rotom is called Motisma; the Rotomdex is called
a Motismart (as in, smartphone). Pretty neat, I thought.

~~~
grenoire
Pokémon localisation for European languages (and English too) has always been
full of puns and jokes like that; they really put a lot of care into them.

------
tantalor
_This device complies with part 15 of the FCC Rules. Operation is subject to
the following two conditions: (1) This device may not cause harmful
interference, and (2) this device must accept any interference received,
including interference that may cause undesired operation._

~~~
rsynnott
That's not what the FCC means by interference:
[https://en.wikipedia.org/wiki/Title_47_CFR_Part_15](https://en.wikipedia.org/wiki/Title_47_CFR_Part_15)

~~~
bcaa7f3a8bbc
Yes, this is not what FCC means by interference, and no Part 15 regulation is
violated here. But there's no need to downvote. If we review the terms of Part
15,

> (1) This device may not cause harmful interference

> (2) this device must accept any interference received, including
> interference that may cause undesired operation.

You'll see it's actually a general, universal principle of good communication,
and applies to many cases other than RF spectrum. Internet pioneer Jon Postel
once said TCP implementations should follow a general principle of robustness:

> (1) Be conservative in what you send

> (2) Be liberal in what you accept.

It's almost identical to the principles of Part 15.

A few years ago, when the Mirai botnet launched its massive DDoS attack, a HN
user used Part 15 as an analogy of the future directions of IoT's security
model. And in this example of protocol conflict between Pokemon and Roku, it
also applies.

------
umvi
I bet there was someone on the Pokemon team that wanted to exercise esoteric,
obscure networking features just because they read about it in some spec and
wanted to try it out.

It's like the person on your team that insists on shoehorning language
features into the application from the dustiest corners of the language
instead of sticking to the tried-and-true idioms.

~~~
sgspace
These kind of features have been in pokemon games for over a decade. All the
DS pokemon games search for other local Nintendo DSs’

~~~
Qwertystop
And the later ones (and all the 3DS ones) have the option to do that
perpetually in the background, which would probably be why this issue comes up
here instead of on other local multisystem Switch games that only do it at
specific times.

