Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Bug Nintendo Privacy Security Software The Almighty Buck Games Hardware Technology

Nintendo Offers Up To $20,000 To Hack the 3DS (silicon.co.uk) 45

Mickeycaskill writes: Nintendo will pay up to $20,000 for system and software vulnerabilities in the Nintendo 3DS family of handheld gaming consoles. The company is looking to prevent activities such as piracy, cheating and the circulation of inappropriate content to children. The stated goal is to "provide a secure environment for our customers so that they can enjoy our games and services. In order to achieve this goal, Nintendo is interested in receiving vulnerability information that researchers may discover regarding Nintendo's platforms." Silicon.co.uk reports: "Rewards will range from $100 to $20,000, with one given per 'qualifying piece of vulnerability information.' Hackers looking to claim a reward will have to provide Nintendo with either a proof-of-concept or a piece of functional exploit code in order to qualify."
This discussion has been archived. No new comments can be posted.

Nintendo Offers Up To $20,000 To Hack the 3DS

Comments Filter:
  • by Anonymous Coward
    $20,000 is peanuts compared to what a good exploit can bring in. The Xkey360 is a good example of a hack that brought in buckets of cash for the folks that made the kit.
  • by Anonymous Coward

    Thankfully they weren't wifi enabled or 1998 could've been an interesting year...

    https://www.youtube.com/watch?v=aYQpl8Jj6Yg [youtube.com]

  • I mean I haven't even seen a 3DS in months I just figured they were obsolete or something. You know like the WII and that thing you have to explain is not a handheld the WII U.

    • by Anonymous Coward

      There's a very active homebrew/modding scene for the 3DS currently, with a pretty good selection of homebrew apps that you can directly install into a modded console. Including apps that will literally download and install pirated content directly from Nintendo's own CDN servers. So yeah, you could say they have a bit of a piracy problem at this point.

      • Considering you can download an entire collection of every Nintendo DS game ever produced and run any of them off of flash in an R4 cartridge, they probably want to prevent that from coming to be for the 3DS.

        There is nearly zero incentive, except for collecting purposes, to search out old DS cartridges to play. An R4 cartridge costs less than a vintage DS Pokemon cart and can hold the entire Pokemon DS collection.

  • Yeah.. Once you win the prize, they will sue you for the hack
  • THEY decide what hacks get the money and how much.... I'd like this kind of thing more if it was more of a community decision, where the company puts up some funds in escrow and then some independent evaluation or poll among the user community decides which hacks are worth the most. As it stands, even though Nintendo is asking for help from hackers, they hold all the cards AND the cash.

    Nice PR ploy, but until they actually pay up for this "help" I'm choosing not to hack my way any closer to them than twic

  • .. for your hacks than Nintendo does. $20000 is peanuts. Even the retired ladies cleaning the toilets at Nintendo get a bigger annual bonus for their hard work.
  • SKY3DS [sky3ds.com] can already play backups

  • by MobyDisk ( 75490 ) on Wednesday December 07, 2016 @08:56PM (#53444037) Homepage

    Security holes in these types of devices are what enable the homebrew developer community. Until Nintendo provides support for homebrew development on the 3DS, no ethical hacker should be providing vulnerabilities to Nintendo. Now, if Nintendo put that $20,000 toward providing homebrew options, then ethical hackers will want to help Nintendo since it would help secure their platform.

    Although, with the rise of smart phones, there is a much smaller homebrew community on the 3DS than there was on previous generations of their hardware.

    • Unless you add a bluetooth controller, there is no comparison between smartphone games and actual handheld games like the 3DS. Kneading your fingers against flat glass will never be a replacement for a handheld with real buttons.

      The fragmentation of the bluetooth controller market, along with the iOS/Android separation, keeps mobile gaming fragmented and weak.

      Just mho, of course.

    • by tepples ( 727027 )

      This July, Nintendo offered devkits to individuals for the first time. See https://developer.nintendo.com... [nintendo.com]

  • by k3vlar ( 979024 ) on Wednesday December 07, 2016 @08:59PM (#53444047)
    This tactic will likely work, even for the pitifully low amount of money Nintendo's offering, and here's why:

    Real exploit developers will be less likely to release their kits. As soon as they do, nothing's stopping someone from decompiling or reverse-engineering their exploits, and then sending them in to Nintendo claiming ownership and collecting the pitiful reward.

    For every true developer doing it for the challenge, there's two dozen desperate wannabes who will steal it to try and make a quick buck, and it's a lose-lose for everyone. This is why the Wii & Wii U modding and homebrew scene died, it's why the iOS jailbreaking scene died, and those are just recent examples.

    .
    • > As soon as they do, nothing's stopping someone from decompiling or reverse-engineering their exploits, and then sending them in to Nintendo claiming ownership and collecting the reward.

      Thanks for the idea! ;)

    • People doing it for the challenge probably will continue to do it, then. I can sympathize with them. Many times defeating the copy protection on an 'entertainment' device or game is more fun for nerds than playing the actual game.

      So it's not a lose-lose for the hacker having their fun finding and refining the exploits.

    • by trawg ( 308495 )

      For every true developer doing it for the challenge, there's two dozen desperate wannabes who will steal it to try and make a quick buck, and it's a lose-lose for everyone. This is why the Wii & Wii U modding and homebrew scene died, it's why the iOS jailbreaking scene died, and those are just recent examples.

      Hmm, interesting perspective. I guess from the other side though, a lot of us nerds are constantly berating these companies for not being vigilant enough when it comes to security.

      It's possible I guess that the security holes that allow us to jailbreak platforms to exploit other functionality could be considered "beneficial" but I suspect the reality is if those holes exist, it's just as likely they can be exploited by malicious actors.

      If the net result is more secure software - that stops us jailbreaking

    • This tactic will likely work, even for the pitifully low amount of money Nintendo's offering, and here's why: Real exploit developers will be less likely to release their kits. As soon as they do, nothing's stopping someone from decompiling or reverse-engineering their exploits, and then sending them in to Nintendo claiming ownership and collecting the pitiful reward. For every true developer doing it for the challenge, there's two dozen desperate wannabes who will steal it to try and make a quick buck, and it's a lose-lose for everyone. This is why the Wii & Wii U modding and homebrew scene died, it's why the iOS jailbreaking scene died, and those are just recent examples. .

      Then perhaps Nintendo should raise that fucking pathetic reward.

      If the bug bounty reward were $2 million, chances are you would bypass all of this other nickel-and-dime bullshit.

      And don't give me this shit that Nintendo can't afford it. They can't afford not to protect their products making millions, and bounty payouts are also written off as a business expense.

  • PCHs might. Not for the money, they'd come to the teacher anyway and tattle-tale all about their findings... then have these doe-eyed looks hoping for a "good job, boys" from teach. Because their hack might... (omnious pause, tension builds...) enable PIRACY!!! Ba-dam Tssss. In the old days people just openly released their stuff. Nowadays you got to take precautions and pretend you're a whistleblower, but you can still can get your stuff out in the open anonymously.
  • When a developer finds that kind of bug they have the upper hand, I would add a zero and make it $50,000 - $200,000 and if Nintendo wasn't willing to enter contract to exchange the security research for the money by say 20-30 days I would pull a Google and do a Day-Zero publish on the defect. Then I would rinse and repeat including a contractual boilerplate clause to protect and indemnify and collect my payment in bitcoin. 20K is insulting.
    • When a developer finds that kind of bug they have the upper hand, I would add a zero and make it $50,000 - $200,000 and if Nintendo wasn't willing to enter contract to exchange the security research for the money by say 20-30 days I would pull a Google and do a Day-Zero publish on the defect. Then I would rinse and repeat including a contractual boilerplate clause to protect and indemnify and collect my payment in bitcoin. 20K is insulting.

      Given the amount of money Nintendo makes off these products, $200K is insulting.

      Make it $2 million. THEN you'll find the right amount of attention and results.

  • Nintendo is really late on this boat, not even sure why they are doing this now.

    The 3DS was hacked a few years ago, but required a 4.5 or less version firmware.
    Then like 2 years ago, a entry point was found under the 9.2 firmware, while 9.2 was the current firmware, and it was a community found exploit, which led to custom firmwares that didn't need hardware cards (like the Gateway or Sky). Since then we've had excellent work on hacking the 3ds, found multi entry points, homebrew entry points and other st

  • 1. Develop exploit.
    2. Sell exploit kit to people who want to pirate soft but can't develop exploit.
    3. Wait for about as long as it takes to reverse engineer your exploit.
    4. Report exploit to Nintendo and collect the 20k. It's just pocket change, all right, but someone's going to report it anyway.
    5. Start over at 1.

  • About two weeks out from Christmas and you can't find a 3DS in any retail store. I guess for research, I could pay 3x the retail price to a scalper on eBay.
  • This sounds like they are going to use the same system for the NX that they use for the 3DS to release and deliver games physically and digitally.

Genius is ten percent inspiration and fifty percent capital gains.

Working...