• The ResetEra Games of the Year Awards 2018 results are now live! Congratulations to all the winners!
  • Sidebar and Width settings will now no longer reset after 4 hours of inactivity! We have implemented a new system that will remember these preferences on each browser, for both members and guests. This allows you to choose different settings on different devices if you so desire.

Console Hacks - Patient Zero of Piracy and Cheats

enMTW

Banned
Member
Oct 27, 2017
894
#51
Or we could just blame the hackers who attacked the end users.

I mean, of course I over-sold things in the OP, good security practices are always welcome, but it's not Gamefreak's fault that people inject malicious code into the game. That they could have done better in preventing this, because a bad Pokémon should seriously be weeded out serverside if anything, is another topic. The blame lies on the hacker. And that blame feeds back all the way to the initial exploit that made that hack possible.

If anything I want people to stop and think. Releasing exploits that allows for the execution of code allows for the execution of malicious code. That should be obvious. How bad it will get for the Switch is unknown, it's still early and the Switch OS itself is still safe. But that won't last. It never does. And that's when trouble arrives. People can run Linux and whatever all they want, but as soon as it affects the part that normal users interact with, there's going to be trouble.

I worry about Pokémon Switch now. Before the exploit was announced, I was sure to get it. Now... it's a maybe.
Or we could blame the actual responsible party, the one who made bad assumptions.

It is Gamefreak's fault that they did not design around the end user not necessarily being trust worthy. There is a reason every PC game on the planet doesn't have this problem; PC developers assume that attackers exist. Gamefreak fucked up.

There will be no real trouble, you just won't like it. The Switch doesn't have a 360 style integrity validation upon connecting to online services; people will cheat and pirate and you'll just have to live with it. If Nintendo makes secure hardware and Gamefreak makes software in a non-stupid fashion, everything would be fine.
 
Oct 27, 2017
1,585
#52
Or we could just blame the hackers who attacked the end users.

I mean, of course I over-sold things in the OP, good security practices are always welcome, but it's not Gamefreak's fault that people inject malicious code into the game. That they could have done better in preventing this, because a bad Pokémon should seriously be weeded out serverside if anything, is another topic. The blame lies on the hacker. And that blame feeds back all the way to the initial exploit that made that hack possible.

If anything I want people to stop and think. Releasing exploits that allows for the execution of code allows for the execution of malicious code. That should be obvious. How bad it will get for the Switch is unknown, it's still early and the Switch OS itself is still safe. But that won't last. It never does. And that's when trouble arrives. People can run Linux and whatever all they want, but as soon as it affects the part that normal users interact with, there's going to be trouble.

I worry about Pokémon Switch now. Before the exploit was announced, I was sure to get it. Now... it's a maybe.
And these bad decisions are what lead to better decisions. Nintendo will not fix design flaws by telling people to stop exploiting them, they will fix them by losing profit.
 
Oct 26, 2017
2,208
#53
I worry about Pokémon Switch now. Before the exploit was announced, I was sure to get it. Now... it's a maybe.
I don't see how some people cheating should ruin your own personal enjoyment with a game. Pervasive cheating in a multiplayer game is one thing.

Hacks in Pokemon on the other hand don't seem too terrible. Then again, I'm not a big Pokemon guy.
 
Oct 26, 2017
1,123
#54
Such as having a Pokémon game bricked by a Wonder Trade or similar.
huh, Pokemon game bricked by wonder trade?
i know the story of game become glitched if they edit the save file to appears in different location, but bricked?

if you are going to put an example, please explain it.
 

enMTW

Banned
Member
Oct 27, 2017
894
#55
And these bad decisions are what lead to better decisions. Nintendo will not fix design flaws by telling people to stop exploiting them, they will fix them by losing profit.
Nintendo has never shown a technical ability to design secure systems. Going back as far as you want, they have engaged in security through hand waving. Pre-DS systems had effectively no security; cartridge cloning was possible, there was no code signing, it was a free for all. The DS has a litany of flaws - they validated the cartridge itself, not the actual code contained on the cart. That system would be defeated, but prior to that people would just modify the firmware (which, by the way, is not checked by the system on boot to ensure that it is authentic; no signature validation) to skip that check.

The 3DS is a security disaster, too many mistakes to even get into. The Wii U effectively has no security - public, unpatched WebKit flaws, you can download games from Nintendo's CDN, swap the license file for one from the disc version of the game and install that game on an otherwise unmodified system - no kernel patches, no custom firmware required, nothing. Get code exec and you have games that the system sees as legit.

No meaningful online security on either the 3DS or the Wii U. Nothing like what we had in 2002 with Xbox Live. Play pirated, modified games online without peril.

On the Wii U, you can even frame others for cheating, because they don't have what the original Xbox had - a unique per-console chunk of data that is used to uniquely identify the system for purposes of Xbox Live. Instead, Nintendo uses the serial number. Which the user can change to whatever they want.

The Switch is arguably worse than the modern examples - they learned nothing from the original Xbox. They went to Nvidia and asked for a chip. The entire system is commodity hardware that was never intended to be used in scenarios where security is important. And they are paying the price for it.
 
OP
OP
McNum
Oct 26, 2017
863
Denmark
#56
Or we could blame the actual responsible party, the one who made bad assumptions.

It is Gamefreak's fault that they did not design around the end user not necessarily being trust worthy. There is a reason every PC game on the planet doesn't have this problem; PC developers assume that attackers exist. Gamefreak fucked up.

There will be no real trouble, you just won't like it. The Switch doesn't have a 360 style integrity validation upon connecting to online services; people will cheat and pirate and you'll just have to live with it. If Nintendo makes secure hardware and Gamefreak makes software in a non-stupid fashion, everything would be fine.
The actual responsible party is the one that acts. That is, the hackers.

That Gamefreak or Nintendo messed up is not an excuse to take advantage of them. It just makes it easier. But the fault lies with the hackers injecting malicious code into the game. That shouldn't be possible, I agree, but it is, and taking advantage is bad.

And of course I don't like it. I want online play to be hack-free and piracy to be impossible. Until someone changes that, it is the status quo at launch. So the blame goes to those who change that.
 
Oct 25, 2017
5,922
#57
I agree that you should be able to do what you want with the hardware, and I agree that you should be free to modify it, but modding things to play games you feel you've already bought might be problematic depending on how the game is actually played - are you using an open source emulator and your own ROM, or are you actually pirating an emulator as well? People were injecting ROMs in to an emulator written specifically for the Wii that they didn't necessarily buy. People are sticking 100+ games on SNES Classics, and it will be a finite minority who ever owned that many games for the system.
Of course I can't speak for everyone, and undoubtedly there are those that would pirate games. That said, it's pretty simple to dump VC titles from Wii, 3DS, and Wii U at this point and that's where my collection comes from.

Injecting an emulator certainly feels more grey area. If you bought a VC title, it can be assumed you paid for the emulator to run the game and not just the game itself... but I'm sure both the emulator and rom probably have some sort of legal dodging licensing agreement on what constitutes 'ownership' or not.
I too am of the opinion that if you make piracy inconvenient or come at a cost of great effort, WHILE offering an affordable alternative - that's how you get people to stop pirating. I can remember the days of Limewire, Napster and constant torrenting all too well. Spotify, Apple Music, Google Play have made being a legitimate consumer of music more appealing than being an awkward pirate. Netflix and services like Hulu, NowTV in the UK and others have made pirating TV shows less of a pressing need for people.
I definitely agree with this. They are 2 things that feel mutually exclusive at times. Even the most well intentioned hack dev can't prevent their tools from being completely misused once the security on a system has been breached. On that front, I do definitely believe that these companies are fully within their right to try and defeat these hacks and control their ecosystem.

That is to say: A company is well within their rights to disable a known hacked console's ability to play online and use their services. I do however think that said company shouldn't be able to disable a working console, or prevent downloading already purchased software just because of it's status.

That said, I don't think there is ever an excuse for people stealing a AAA game. I think stealing an indie game might actually be worse, morally speaking. And just because some games are old and preserved digitally - that doesn't mean we should have a right to play them for free.
100% agree.

I've played online on consoles that have been bust wide open and it can be horrible. Riven with cheating and instability. If the consequence of people cracking open their hardware is that they are somehow kept offline, I think I might be ok with that. But I'm not sure that's possible. It can become a game of cat and mouse and resources are spent fixing security problems when they could have been spent making great games.
100% agree, which is, again, why I think these devs should be proactive and try and prevent and ban those caught permanently.


To summarize my thoughts: I should be able to hack my 3DS to play homebrew. I should expect that my system will be banned from any online services. I should expect Nintendo to do everything in their power to block any new games/features from working. I should still be able to download and play the games I already bought, and I shouldn't have to worry about Nintendo intentionally remotely disabling my system from working at all (accidental from a borked upgrade caused by hacks is one thing. I assume that risk by hacking the system to begin with).

When you hack a console, the assumption should be that you're giving up ALL future relations with that company on that system. In fact, I know a lot of people DO view it that way, and thus will buy 2 systems. One for homebrew and another for games/online.
 

Aters

Banned
Member
Oct 26, 2017
7,108
#58
Yes yes, hack often leads to piracy and cheats.

I hack my console when I think it offers things the console itself can't. For example I never hacked my PSV even though I could. But for 3DS? Fuck region lock.
 
Oct 28, 2017
1,730
#59
Err, okay. Sorry, I can't help but finding the existence of this thread a bit bizarre and hilarious. You start a thread about console modifications which takes a critical tone, which you're perfectly entitled to do, and that view is a legitimate one to hold. But then you say that anyone that disagrees with you can't offer a counterpoint because that would be "off-topic" and this thread shall be for attacking console modifications only.

Sorry, I don't think that's how it works. Criticisms of arguments that present a counterpoint are always on-topic in a thread about any subject. You can't just mandate that only people who agree with you post in a thread about a certain subject.
 

enMTW

Banned
Member
Oct 27, 2017
894
#60
The actual responsible party is the one that acts. That is, the hackers.

That Gamefreak or Nintendo messed up is not an excuse to take advantage of them. It just makes it easier. But the fault lies with the hackers injecting malicious code into the game. That shouldn't be possible, I agree, but it is, and taking advantage is bad.

And of course I don't like it. I want online play to be hack-free and piracy to be impossible. Until someone changes that, it is the status quo at launch. So the blame goes to those who change that.
That's just not true. The responsible party is the one who ships insecure hardware and insecure software and designs games in a way that enables 'remote bricking' via a corrupted save file, via the damn Internet.

Sure. Piracy and cheating are bad. Telling people that something is bad will not solve the problems, though. Designing secure systems does.
 
Oct 27, 2017
1,585
#61
Nintendo has never shown a technical ability to design secure systems. Going back as far as you want, they have engaged in security through hand waving. Pre-DS systems had effectively no security; cartridge cloning was possible, there was no code signing, it was a free for all. The DS has a litany of flaws - they validated the cartridge itself, not the actual code contained on the cart. That system would be defeated, but prior to that people would just modify the firmware (which, by the way, is not checked by the system on boot to ensure that it is authentic; no signature validation) to skip that check.

The 3DS is a security disaster, too many mistakes to even get into. The Wii U effectively has no security - public, unpatched WebKit flaws, you can download games from Nintendo's CDN, swap the license file for one from the disc version of the game and install that game on an otherwise unmodified system - no kernel patches, no custom firmware required, nothing. Get code exec and you have games that the system sees as legit.

No meaningful online security on either the 3DS or the Wii U. Nothing like what we had in 2002 with Xbox Live. Play pirated, modified games online without peril.

On the Wii U, you can even frame others for cheating, because they don't have what the original Xbox had - a unique per-console chunk of data that is used to uniquely identify the system for purposes of Xbox Live. Instead, Nintendo uses the serial number. Which the user can change to whatever they want.

The Switch is arguably worse than the modern examples - they learned nothing from the original Xbox. They went to Nvidia and asked for a chip. The entire system is commodity hardware that was never intended to be used in scenarios where security is important. And they are paying the price for it.
Totally right. I don't partake in these actions personally, but I have to ask, if Nintendo doesn't care then why should the end-user be responsible for caring?
 
Oct 25, 2017
3,879
#62
I'm less concerned about piracy than i am concerned about hacking. I'm pretty confident at least in a console space that even with hacks out in the wild, there are greater risks for that kind of behavior like having your console straight up banned or bricked by the manufacturer. I've kind of accepted a long time ago that if a console is popular then people will try their best to run pirated software on it. Making backups and the like was never really hard. It was quite easy to rip your own stuff and have it on your pc for whenever you wanted use it in a emulator just to run it better than your old console could, so i imagine someone would have taken the next steps and figured out how to copy that .iso and get it on an actual console.
 
Oct 25, 2017
1,296
#65
I'm not shaming them. I'm shaming those who share the initial exploit. Everything that happens after that is on them.
What the shit?
Are you saying whitehat hackers should never release the exploits to the wild? You know that some companies only fix their bugs and problems after the hacks are outside on the wild for everyone to use, instead of a select few that know it?

It's problem of the company that shipped a buggy product, not the consumer.

Also, are you humanizing a piece of hardware called Switch? Victim blaming?
 
Oct 26, 2017
1,123
#66
I worry about Pokémon Switch now. Before the exploit was announced, I was sure to get it. Now... it's a maybe.
do you stopped playing the new Pokemon games because of the hackers or they are boring?
even if you play online, it's hard if not impossible to use hacked Pokemon in an online game, and i think GF will up the legitimate checker this time more, so you really don't have to worry about someone sending level 1 Pidgey with 999 stats, you don't even need to worry about that guy who send 6 level 100 shiny Arceus (if the rules allow it anyway).
 

enMTW

Banned
Member
Oct 27, 2017
894
#67
What the shit?
Are you saying whitehat hackers should never release the exploits to the wild? You know that some companies only fix their bugs and problems after the hacks are outside on the wild for everyone to use, instead of a select few that know it?

It's problem of the company that shipped a buggy product, not the consumer.
Bingo. Patient has cancer. The blame does not fall with the doctor who diagnoses the patient. Nintendo ships comically insecure hardware on the regular. It's not the fault of the people who identify the insecurity that said insecurity has consequences.
 
Oct 28, 2017
1,730
#69
Nintendo has never shown a technical ability to design secure systems. Going back as far as you want, they have engaged in security through hand waving. Pre-DS systems had effectively no security; cartridge cloning was possible, there was no code signing, it was a free for all. The DS has a litany of flaws - they validated the cartridge itself, not the actual code contained on the cart. That system would be defeated, but prior to that people would just modify the firmware (which, by the way, is not checked by the system on boot to ensure that it is authentic; no signature validation) to skip that check.

The 3DS is a security disaster, too many mistakes to even get into. The Wii U effectively has no security - public, unpatched WebKit flaws, you can download games from Nintendo's CDN, swap the license file for one from the disc version of the game and install that game on an otherwise unmodified system - no kernel patches, no custom firmware required, nothing. Get code exec and you have games that the system sees as legit.

No meaningful online security on either the 3DS or the Wii U. Nothing like what we had in 2002 with Xbox Live. Play pirated, modified games online without peril.

On the Wii U, you can even frame others for cheating, because they don't have what the original Xbox had - a unique per-console chunk of data that is used to uniquely identify the system for purposes of Xbox Live. Instead, Nintendo uses the serial number. Which the user can change to whatever they want.

The Switch is arguably worse than the modern examples - they learned nothing from the original Xbox. They went to Nvidia and asked for a chip. The entire system is commodity hardware that was never intended to be used in scenarios where security is important. And they are paying the price for it.
Sorry, this is called "victim blaming" now. Because wanting to install custom software on a piece of hardware you own is apparently now comparable to blaming human victims for being assaulted.
 
Oct 25, 2017
574
#72
So, because they were lacking features, they deserved to be hacked?

(This is called victim blaming, by the way.)
please step away from gaming forums for long enough to learn what victim blaming is. This really isn't on par with that.

Also,I have never heard of someone's game being bricked because of Wonder Trade. I'm looking it up and cannot find anybody talking about a game being bricked because of Wonder Trade. If it did, that's on Nintendo for not providing security checks when they know that hacking will happen.
 
OP
OP
McNum
Oct 26, 2017
863
Denmark
#73
That's just not true. The responsible party is the one who ships insecure hardware and insecure software and designs games in a way that enables 'remote bricking' via a corrupted save file, via the damn Internet.

Sure. Piracy and cheating are bad. Telling people that something is bad will not solve the problems, though. Designing secure systems does.
Secure systems are nice, but the fault for breaking them lies on those who break them. You don't have to make it easy for them, of course, but it's still on them because they chose to break it.

Jesus Christ.



Agreed. Like, even if it was as a joke, wtf.
Joke? No. Deliberate overexaggeration? That's closer to the truth. But what else do you call it when people justify their actions due to a fault of the attacked party?

A corporation is not a person.
But end users are, and they are also affected.
 
Oct 28, 2017
1,730
#75
Please do not use that language to defend a company shipping insecure products. It's deeply offensive.

A Patient has cancer. The blame does not fall with the doctor who diagnoses the patient. Nintendo ships comically insecure hardware on the regular. It's not the fault of the people who identify the insecurity that said insecurity has consequences.
Yeah I was responding sarcastically after someone in the thread (absurdly) said holding companies responsibile for security vulnerabilities is a form victim blaming. Guess the tone didn't quite come across...
 
Oct 27, 2017
396
#76
User Warned: Equating piracy and homebrew/emulation
Just change the word piracy with homebrew and you won't get banned.

It's the same way you can exchange piracy with emulation in many cases if we're bing honest.
 

enMTW

Banned
Member
Oct 27, 2017
894
#77
Secure systems are nice, but the fault for breaking them lies on those who break them. You don't have to make it easy for them, of course, but it's still on them because they chose to break it.
Again: it's like you don't understand how security works. An insecure system is a system that was not designed to be secure, either on accident or on purpose. Something isn't secure because there are no public exploits, it is secure because it is secure. Nintendo ships insecure systems it hopes are secure, but refuses to do the actual work to create secure systems.

Secure systems are systems that are designed as such. Just because you want one does not mean you get one. You have to do the work.

Yeah I was responding sarcastically after someone in the thread (absurdly) said holding companies responsibile for security vulnerabilities is a form victim blaming. Guess the tone didn't quite come across...
Yeah, my bad, I removed my post. Didn't 'get it' until after you did your first edit.
 
Oct 25, 2017
2,024
#78
Joke? No. Deliberate overexaggeration? That's closer to the truth. But what else do you call it when people justify their actions due to a fault of the attacked party?
You can make a point without having to resort to insensitive hyperbole.
 
Oct 28, 2017
1,730
#79
Secure systems are nice, but the fault for breaking them lies on those who break them. You don't have to make it easy for them, of course, but it's still on them because they chose to break it.
There's no "fault,' sorry. People have a right to install different software on hardware they purchased and own. Sorry you don't like that, but you're just going to have to learn to deal with it.
 
Oct 25, 2017
965
#80
Don't hacked consoles often are not able to go online? In those cases cheats should not be an issue, unless you also mean that cheating in single player stuff is problematic which would be dumb.
 
Oct 25, 2017
3,097
Somewhere
#81
Piracy > decline in software sales > decline in support for the system.
You are all assuming that every switch owner is going to use this and pirate software.

If anything, I'm NOT going to use this because it's so goddamn easy to buy games on switch as it is.

This is just an assumption you're making. I wager you can't find a single scientific source that proves your point.
 

enMTW

Banned
Member
Oct 27, 2017
894
#82
Don't hacked consoles often are not able to go online? In those cases cheats should not be an issue, unless you also mean that cheating in single player stuff is problematic which would be dumb.
Hacked consoles (depending on the method of hack and all that) made by competent manufacturers are restricted from online services. That has never been the case with Nintendo.
 
Oct 27, 2017
4,642
Spain
#83
Personally I am against anything that makes life easier for cheaters in online games.

PUBG stopped being fun for me because of things like that.
 
Oct 25, 2017
574
#86
Joke? No. Deliberate overexaggeration? That's closer to the truth. But what else do you call it when people justify their actions due to a fault of the attacked party?
That's not victim blaming. Victim blaming is a term that refers to a serious social issue of blaming people who had something terrible happen to them. These two aren't even in the same ballpark. There's nothing remotely comparable between people blaming rape victims for being assaulted and a company's paid product getting used in an unintended way. Why the actual fuck would you conflate the two?
 

RM8

Member
Oct 28, 2017
3,174
JP
#90
You are all assuming that every switch owner is going to use this and pirate software.

If anything, I'm NOT going to use this because it's so goddamn easy to buy games on switch as it is.

This is just an assumption you're making. I wager you can't find a single scientific source that proves your point.
I'm 100% sure whoever does this in Mexico (where I'm from), is going to use it to pirate. I've seen this happen since the PS1 days.
 
OP
OP
McNum
Oct 26, 2017
863
Denmark
#92
Again: it's like you don't understand how security works. An insecure system is a system that was not designed to be secure, either on accident or on purpose. Something isn't secure because there are no public exploits, it is secure because it is secure. Nintendo ships insecure systems it hopes are secure, but refuses to do the actual work to create secure systems.

Secure systems are systems that are designed as such. Just because you want one does not mean you get one. You have to do the work.
I know more about it than you think, but probably not as much as I could. But I do know this: Insecure systems don't break themselves. You still need someone to break it. Someone always does, but that's not entirely a good thing.

You can make a point without having to resort to insensitive hyperbole.
Fair enough, point taken. Is there a better term for justifying an attack due to a perceived fault of the target?
 
Oct 25, 2017
3,367
Osaka
#93
I'm 100% sure whoever does this in Mexico (where I'm from), is going to use it to pirate. I've seen this happen since the PS1 days.
Would that person have bought the games if they didn't pirate the console/would he even buy the console if he can't pirate it?
I think we both know the answer to that question, the point is moot.
 

enMTW

Banned
Member
Oct 27, 2017
894
#95
I know more about it than you think, but probably not as much as I could. But I do know this: Insecure systems don't break themselves. You still need someone to break it. Someone always does, but that's not entirely a good thing.
Yeah, you know nothing. An insecure system is already broken. It was shipped broken.

Again, for the last time: A patient is born with a terminal illness. A doctor diagnoses it. It is not the fault of the doctor that the patient is ill. The doctor draws attention to it, points it out.

That's what this is. The Switch is insecure. The insecurity is pointed out. The hackers in question did not introduce that insecurity, Nintendo did. It is Nintendo's responsibility to create secure systems. It is no one's responsibility to bury their heads in the sand and pretend that the system is secure. The world doesn't work that way.
 
Oct 25, 2017
3,097
Somewhere
#97
Yeah, you know nothing. An insecure system is already broken. It was shipped broken.

Again, for the last time: A patient has born with a terminal illness. A doctor diagnoses it. It is not the fault of the doctor that the patient is ill. The doctor draws attention to it, points it out.

That's what this is. The Switch is insecure. The insecurity is pointed out. The hackers in question did not introduce that insecurity, Nintendo did. It is Nintendo's responsibility to create secure systems. It is no one's responsibility to bury their heads in the sand and pretend that the system is secure.
In other words - Nintendo screwed up by missing this insecurity in their system. They'll rectify it for future hardware revisions. Notice how PS4 and XB1 are not having this issue?
 

enMTW

Banned
Member
Oct 27, 2017
894
#98
In other words - Nintendo screwed up by missing this insecurity in their system. They'll rectify it for future hardware revisions. Notice how PS4 and XB1 are not having this issue?
The PS4 has security model issues but they are far less severe. But yeah, that's right. There are a laundry list of fatal security mistakes in the Switch. The obvious result of building an Android tablet and hoping it would meet their security requirements, which differ dramatically from phones and tablets.
 
Oct 28, 2017
1,730
#99
Fair enough, point taken. Is there a better term for justifying an attack due to a perceived fault of the target?
Once again, installing custom software on hardware that you own and are perfectly entitled to modify is not an attack and should never be compared to physical assault, directly or indirectly.
 
Oct 25, 2017
5,922
Notice how PS4 and XB1 are not having this issue?
I mean... the PS4 has been hacked for awhile. They've since fixed the issue via software, the bigger issue is that Nintendo fucked up on a hardware level. Even their OWN software can't go in and fix the problem.