Japanese publisher and hardware manufacturer Nintendo is turning to online hacking communities to help find vulnerabilities in the ever-popular handheld, Nintendo 3DS. According to a recent listing on HackerOne, Nintendo is offering anywhere between $100 to $20,000 to find holes in their software that could lead to piracy, cheating, or dissemination of inappropriate content to children.
HackerOne is an online “vulnerability coordination and bug bounty program” where various companies — ranging from GM to Uber to Slack — ask users to find exploitable bugs within their programs.
Nintendo is looking for a bunch of different errors that can occur on the 3DS, prioritizing game application dumping, save data modification, and game data modifaction. However, it seems like they are also interested in both userland takeovers and kernel takeovers of ARM9 and ARM11 — the processors behind the handhelds.
Why is Nintendo so concerned about hacks to a now four-year old console? It seems partially due to the fact that hackers themselves are still continuously interested in finding the latest exploits to add homebrew applications and pirate games.
Within the past year alone we have seen the eShop removal of Citizens of Earth due to a bug that let the players use unsigned code during the game’s startup. This followed the VVVVVV exploit which also game to light this year, which enable hackers to open *hax services for homebrews.
However, perhaps the biggest push in this program may be the pre-launch leak of Pokemon Sun and Pokemon Moon, which was freely downloadable to many thanks to an uploaded pirated copy. Or, speculatively, perhaps they envision many bugs on the 3DS system may be similarly exploitable on the upcoming Nintendo Switch, and this is a way for them to get early attrition on a similar system.
Regardless of the reason, break out your best mechanical keyboard and trench coat and aim for the $20,000 jackpot.