Nintendo Offers Up To $20,000 To Hack the 3DS (silicon.co.uk) 45
Mickeycaskill writes: Nintendo will pay up to $20,000 for system and software vulnerabilities in the Nintendo 3DS family of handheld gaming consoles. The company is looking to prevent activities such as piracy, cheating and the circulation of inappropriate content to children. The stated goal is to "provide a secure environment for our customers so that they can enjoy our games and services. In order to achieve this goal, Nintendo is interested in receiving vulnerability information that researchers may discover regarding Nintendo's platforms." Silicon.co.uk reports: "Rewards will range from $100 to $20,000, with one given per 'qualifying piece of vulnerability information.' Hackers looking to claim a reward will have to provide Nintendo with either a proof-of-concept or a piece of functional exploit code in order to qualify."
Good luck with that, Nintendo. (Score:2, Interesting)
Remember, the GBC had an ACE exploit. (Score:1)
Thankfully they weren't wifi enabled or 1998 could've been an interesting year...
https://www.youtube.com/watch?v=aYQpl8Jj6Yg [youtube.com]
Do they really have a piracy problem? (Score:2)
I mean I haven't even seen a 3DS in months I just figured they were obsolete or something. You know like the WII and that thing you have to explain is not a handheld the WII U.
Re: (Score:1)
There's a very active homebrew/modding scene for the 3DS currently, with a pretty good selection of homebrew apps that you can directly install into a modded console. Including apps that will literally download and install pirated content directly from Nintendo's own CDN servers. So yeah, you could say they have a bit of a piracy problem at this point.
Re: (Score:1)
Considering you can download an entire collection of every Nintendo DS game ever produced and run any of them off of flash in an R4 cartridge, they probably want to prevent that from coming to be for the 3DS.
There is nearly zero incentive, except for collecting purposes, to search out old DS cartridges to play. An R4 cartridge costs less than a vintage DS Pokemon cart and can hold the entire Pokemon DS collection.
It's a trap! (Score:1)
It's funny though... (Score:2, Troll)
THEY decide what hacks get the money and how much.... I'd like this kind of thing more if it was more of a community decision, where the company puts up some funds in escrow and then some independent evaluation or poll among the user community decides which hacks are worth the most. As it stands, even though Nintendo is asking for help from hackers, they hold all the cards AND the cash.
Nice PR ploy, but until they actually pay up for this "help" I'm choosing not to hack my way any closer to them than twic
Pirates pay more ... (Score:1)
They're a little bit late (Score:2)
SKY3DS [sky3ds.com] can already play backups
Don't help them until they support homebrew (Score:3)
Security holes in these types of devices are what enable the homebrew developer community. Until Nintendo provides support for homebrew development on the 3DS, no ethical hacker should be providing vulnerabilities to Nintendo. Now, if Nintendo put that $20,000 toward providing homebrew options, then ethical hackers will want to help Nintendo since it would help secure their platform.
Although, with the rise of smart phones, there is a much smaller homebrew community on the 3DS than there was on previous generations of their hardware.
Re: (Score:1)
Unless you add a bluetooth controller, there is no comparison between smartphone games and actual handheld games like the 3DS. Kneading your fingers against flat glass will never be a replacement for a handheld with real buttons.
The fragmentation of the bluetooth controller market, along with the iOS/Android separation, keeps mobile gaming fragmented and weak.
Just mho, of course.
Re: (Score:3)
This July, Nintendo offered devkits to individuals for the first time. See https://developer.nintendo.com... [nintendo.com]
Re: (Score:2)
Likewise, you need Apple's blessing to publish on Nintendo's competitor (the iPod and iPhone).
Re: (Score:2)
yay! Thanks for posting that!
It will work, but not how you think (Score:5, Insightful)
Real exploit developers will be less likely to release their kits. As soon as they do, nothing's stopping someone from decompiling or reverse-engineering their exploits, and then sending them in to Nintendo claiming ownership and collecting the pitiful reward.
For every true developer doing it for the challenge, there's two dozen desperate wannabes who will steal it to try and make a quick buck, and it's a lose-lose for everyone. This is why the Wii & Wii U modding and homebrew scene died, it's why the iOS jailbreaking scene died, and those are just recent examples.
.
Good idea (Score:2)
> As soon as they do, nothing's stopping someone from decompiling or reverse-engineering their exploits, and then sending them in to Nintendo claiming ownership and collecting the reward.
Thanks for the idea! ;)
Re: (Score:2)
People doing it for the challenge probably will continue to do it, then. I can sympathize with them. Many times defeating the copy protection on an 'entertainment' device or game is more fun for nerds than playing the actual game.
So it's not a lose-lose for the hacker having their fun finding and refining the exploits.
Re: (Score:2)
For every true developer doing it for the challenge, there's two dozen desperate wannabes who will steal it to try and make a quick buck, and it's a lose-lose for everyone. This is why the Wii & Wii U modding and homebrew scene died, it's why the iOS jailbreaking scene died, and those are just recent examples.
Hmm, interesting perspective. I guess from the other side though, a lot of us nerds are constantly berating these companies for not being vigilant enough when it comes to security.
It's possible I guess that the security holes that allow us to jailbreak platforms to exploit other functionality could be considered "beneficial" but I suspect the reality is if those holes exist, it's just as likely they can be exploited by malicious actors.
If the net result is more secure software - that stops us jailbreaking
Re: (Score:2)
This tactic will likely work, even for the pitifully low amount of money Nintendo's offering, and here's why: Real exploit developers will be less likely to release their kits. As soon as they do, nothing's stopping someone from decompiling or reverse-engineering their exploits, and then sending them in to Nintendo claiming ownership and collecting the pitiful reward. For every true developer doing it for the challenge, there's two dozen desperate wannabes who will steal it to try and make a quick buck, and it's a lose-lose for everyone. This is why the Wii & Wii U modding and homebrew scene died, it's why the iOS jailbreaking scene died, and those are just recent examples. .
Then perhaps Nintendo should raise that fucking pathetic reward.
If the bug bounty reward were $2 million, chances are you would bypass all of this other nickel-and-dime bullshit.
And don't give me this shit that Nintendo can't afford it. They can't afford not to protect their products making millions, and bounty payouts are also written off as a business expense.
Politically-Correct Hackers (Score:2)
$20,000 ? Nice try add a zero to get serious (Score:1)
Re: (Score:2)
When a developer finds that kind of bug they have the upper hand, I would add a zero and make it $50,000 - $200,000 and if Nintendo wasn't willing to enter contract to exchange the security research for the money by say 20-30 days I would pull a Google and do a Day-Zero publish on the defect. Then I would rinse and repeat including a contractual boilerplate clause to protect and indemnify and collect my payment in bitcoin. 20K is insulting.
Given the amount of money Nintendo makes off these products, $200K is insulting.
Make it $2 million. THEN you'll find the right amount of attention and results.
Re: (Score:2)
Security testing, if performed for purposes other than to enable infringement, is not only explicitly exempt from the DMCA's circumvention ban (17 USC 1201(j)) but also likely explicitly permitted under the bug bounty program's terms.
Re: (Score:2)
Re: (Score:2)
Which country is that that lacks an implementation of the WIPO Copyright Treaty of 1996? And how many refugees from the U.S. copyright regime can your country and its like-minded neighbor(s) absorb?
Re: (Score:2)
So 20k is more like the "20k to life" option?
As a person who owns 2 hacked 3DS's (Score:2)
Nintendo is really late on this boat, not even sure why they are doing this now.
The 3DS was hacked a few years ago, but required a 4.5 or less version firmware.
Then like 2 years ago, a entry point was found under the 9.2 firmware, while 9.2 was the current firmware, and it was a community found exploit, which led to custom firmwares that didn't need hardware cards (like the Gateway or Sky). Since then we've had excellent work on hacking the 3ds, found multi entry points, homebrew entry points and other st
Here's how you do it (Score:2)
1. Develop exploit.
2. Sell exploit kit to people who want to pirate soft but can't develop exploit.
3. Wait for about as long as it takes to reverse engineer your exploit.
4. Report exploit to Nintendo and collect the 20k. It's just pocket change, all right, but someone's going to report it anyway.
5. Start over at 1.
Can't hack what you can't get (Score:2)
Preparing for the NX release (Score:2)
This sounds like they are going to use the same system for the NX that they use for the 3DS to release and deliver games physically and digitally.