Nintendo Offering Bounties For Finding 3DS Exploits

Tuesday, December 6th, 2016

Share this page

We are proudly a Play-Asia Partner

SUPPORT OPRAINFALL BY TURNING OFF ADBLOCK

Ads support the website by covering server and domain costs. We're just a group of gamers here, like you, doing what we love to do: playing video games and bringing y'all niche goodness. So, if you like what we do and want to help us out, make an exception by turning off AdBlock for our website. In return, we promise to keep intrusive ads, such as pop-ups, off oprainfall. Thanks, everyone!

By


nintendo bounties

Nintendo has had enough of exploits for hackers to exploit on the 3DS and is now offering bounties. They have issued a request on hackerone.com, wishing to prevent things such as piracy and cheating, along with “dissemination of inappropriate content to children.” There will be rewards in the form of United States currency of $100 to $20,000 “per qualifying piece of vulnerability information.” However, Nintendo has not mentioned how the reward would be calculated. There are some rules however, like if it’s not well-known, along with the following:

Below are examples of vulnerabilities that Nintendo is interested in receiving information about:

  • System vulnerabilities regarding the Nintendo 3DS™ family of systems
    • Privilege escalation on ARM11 userland
    • ARM11 kernel takeover
    • ARM9 userland takeover
    • ARM9 kernel takeover
  • Vulnerabilities regarding Nintendo-published applications for the Nintendo 3DS™ family of systems
    • ARM11 userland takeover
  • Hardware vulnerabilities regarding the Nintendo 3DS™ family of systems
    • Low-cost cloning
    • Security key detection via information leaks

Nintendo reserves the right to choose whether or not it will address any reported vulnerabilities.

Please include the details requested in below when submitting vulnerability information to Nintendo. All such reports should be submitted in English.

  • State the name of the applicable platform (e.g., Nintendo 3DS™, New Nintendo 3DS™, or both
  • State the region of the platform you used (e.g., JP, US, or EU)
  • State the system version number(s) that the vulnerability applies to
  • Describe all of the steps required to reproduce the issue
  • Describe the details of what the vulnerability is and, if possible, potential ways to fix the vulnerability
  • Describe, if applicable, how individuals might be able to utilize the vulnerability information to impair the applicable system(s) and/or game(s) by showing a proof of concept or functional exploit code. You are allowed to submit a proof of concept or functional exploit code later (within three (3) weeks), after the initial submission of the report.
  • Confirm that the vulnerability is not widely known to the public.

What do you think about Nintendo’s decision to try and find more of the 3DS’ exploits to fix? Do you think these problems can truly be fixed? Will you participate to gain some extra cash? Be sure to let us know what you think about all of this in the comments below!

About Jonathan Falu

I am currently a college student at Temple University as a MSP major in Emergent Media, and wish to one day be a paid video game critic. I currently do video reviews on the channel The Smartest Moron on Youtube over here: https://www.youtube.com/c/TheSmartestMoronReviews




  • Panpopo

    This is interesting. This means that Nintendo still sees the 3DS platform as viable for the future, and am not throwing all their eggs in the Switch basket.

    Nothing on the Wii U, which is expected if not a bit sad.