I don't think you understand the concept of white hat hacking if you think it should be all about selling your information for profit rather than open-sourcing it to help others understand the nature of current and future vulnerabilities.A white-hat hacker would just report that shit to Nintendo for a profit and leave it be, not sharing it with everyone, people who just want homebrew and people who want to play everything for free alike. People can pretend it's only for the former all they want, they know it's not true. They simply don't care.
And about piracy to a level where it becomes untenable to develop for the system, causing software support to wither and die.
So, because they were lacking features, they deserved to be hacked?
(This is called victim blaming, by the way.)
Wait that's a real name? I am.. somehow less surprised than I should be at that.
I will say this thread has been more educational for me than I expected it to. Thanks for, you know, actually explaining things instead of giving up and yelling. I would have understood that, too.
I do still want things to remain un-hacked, but that ship has sailed for the Switch. I do hope nothing bad will come of it for me since I have a launch Switch, but I worry. About broken online that I soon have to pay for. About ridiculously unlikely Pokémon in trade or PvP. Not that I don't want a Shiny Ralts, but I want a legit one. And that can't be guaranteed if save hacks are available and I get one in a Wonder Trade. And about piracy to a level where it becomes untenable to develop for the system, causing software support to wither and die.
Most of that will likely not happen. Some of it may. There is a non-zero chance of it now and that bothers me.
I think we can move on from this point since OP already made a decent and gracious apology that made it pretty clear they understand why it wasn't an appropriate term to use in this context.I dunno, I feel it's pretty insulting to actual victims (of rape, racism, etc.) to use this term to refer to multinational corporations. You are dilluting its meaning into nothingness.
I think a better term to describe what you take issue with is simply post-hoc rationalization: "I want to hack this thing, so let me think up a list of plausible reasons why I'm doing it".
Wait that's a real name? I am.. somehow less surprised than I should be at that.
I will say this thread has been more educational for me than I expected it to. Thanks for, you know, actually explaining things instead of giving up and yelling. I would have understood that, too.
I do still want things to remain un-hacked, but that ship has sailed for the Switch. I do hope nothing bad will come of it for me since I have a launch Switch, but I worry. About broken online that I soon have to pay for. About ridiculously unlikely Pokémon in trade or PvP. Not that I don't want a Shiny Ralts, but I want a legit one. And that can't be guaranteed if save hacks are available and I get one in a Wonder Trade. And about piracy to a level where it becomes untenable to develop for the system, causing software support to wither and die.
Most of that will likely not happen. Some of it may. There is a non-zero chance of it now and that bothers me.
Yeah, I messed up on that, didn't know how specific it was. Sorry, won't do it again.
In a vacuum, no. But the same method you use for SummVM and Monkey Island (fine taste in games, I might add), can also be used for less friendly code. And that's my main problem. As I said, I'd be okay with an exploit that didn't allow for cheats and piracy, but unless a homebrew tool was made so it explicitly banned that, I just don't see it as safe. The bad comes with the good. I wish we could only get the good, or the system remained un-hacked.I don't think you understand the concept of white hat hacking if you think it should be all about selling your information for profit rather than open-sourcing it to help others understand the nature of current and future vulnerabilities.
Anyway, a question to everyone who seems opposed to system modification in every case: when I get a Switch, I would love to be able to modify it to run ScummVM to run CD backups of classic games I own like Monkey Island and Fate of Atlantis, and for other similar uses that have nothing to do with piracy, hacking online games, etc. Is that really such a bad thing?
The cost of people working in those programs to prevent insecurities or the cost of piracy? Because them "not liking" said programs is already telling enough. If the insecurity is found by someone who helps the provider of the hardware to close it then he simultaniously prevents exploits for malicious and non malicious purposes. If he just tells everyone whats up then he opens it up for both.There is not a mechanism to care. How things work is that insecurity is used by people for their own gains. The insecurity is not the fault of the person who revealed it. The nature of insecurity is that it will be discovered eventually and will be used however one wants. In this case, the insecurity was so blatant that dozens of people had knowledge of it for months. There was no option to keep it private, not that researchers have a requirement to do so or even should.
That is not the only mechanism of 'white hat' work. There is no requirement to sell exploits for cash, nor do most actors like those programs. By not revealing insecurity to the world, insecurity flourishes. By introducing a cost, vendors have an incentive to create secure products.
They know what systems connect to their servers and what they do (and what they own), if there are malicious actors stupid enough to connect to the internet, then they'll risk a very likely ban. Packet studies on the Switch have showed it does extensive telemetry, and you're either going to be turning that off (red flag) or trying to fake it (red flag, and impossible with enough data calls as things eventually won't align server side vs. client side).
Hell, they'll know if Pin 10 is always grounded and could potentially ban off of just that if they were so inclined, and they'll know if you're on T214 or T210, and they'll know the SBK derivative of your ID and start blacklisting that if they so desire. We don't know if they can detect CFW but, given their recent forays into banning 3DSes, they probably have methods.
Their changes from the 3DS to the Switch are fairly extensive, even the CDN authentication was completely redone.
So, because they were lacking features, they deserved to be hacked?
(This is called victim blaming, by the way.)
Incredible.So, because they were lacking features, they deserved to be hacked?
(This is called victim blaming, by the way.)
The cost of people working in those programs to prevent insecurities or the cost of piracy? Because them "not liking" said programs is already telling enough. If the insecurity is found by someone who helps the provider of the hardware to close it then he simultaniously prevents exploits for malicious and non malicious purposes. If he just tells everyone whats up then he opens it up for both.
Again, I'm not even saying that this is a black and white issue, but that your doctor comparison doesn't make any sense. None of this applies to a doctor and his doings.
And yes, there is no "mechanism to care". Morality as a human concept is dwindling in times of the internet for sure, but it's still a thing.
By introducing a cost, vendors have an incentive to create secure products.
It's incentive to hack it. What's wrong with people wanting more features out of the product they buy?
I totally messed up with that post. I do apologize. And yes, I will make it a point to apologize to everyone calling that out, because I was an idiot. That'll teach me to be less of an idiot.
I never said that's all what it's about. Helping others to understand the nature of current and future invulnerabilities includes everyone, people like you and your above stated motivation and people who just want to pirate everything.I don't think you understand the concept of white hat hacking if you think it should be all about selling your information for profit rather than open-sourcing it to help others understand the nature of current and future vulnerabilities.
Anyway, a question to everyone who seems opposed to system modification in every case: when I get a Switch, I would love to be able to modify it to run ScummVM so I can play CD backups of classic games I own like Monkey Island and Fate of Atlantis on the go, and for other similar uses that have nothing to do with piracy, cheating in online games, or anything of the sort. Is that really such a bad thing?
I think anyone can see that the flaws are Nintendo and nVidias fault - but on the subject of lawful and ethical...
What's ethical about breaking a software eco-system and providing the means to shatter crypto for a device - when its done for the notoriety?
If it damages legitimate sales - and it probably will - I cannot see releasing the details of this exploit as ethical. It might be what these groups do, and the blame for its coming into being might well lie squarely with the companies behind the product, but its not an ethical thing to my mind.
Again, if we're making health analogies - is this not like finding an anti-biotic resistant bacteria that affects a particular set of people, and then giving people the recipe or sample for that bacteria to the Internet at large?
You can argue it would always be released, and that might be the case, but to me - the choice to do so is a deliberate one and the earlier its done, the longer lasting the effect.
I stopped jailbreaking iPhones when apple offered me the features I wanted that I could only get before thru hacks.
Maybe in about 10 years Nintendo will figure that approach out.
Switch telemetry is non-interesting. It's nothing like what you see on the Xbox One or even the 360. It will not be a problem.
That will also not be a problem. And their 3DS banning stuff is exactly the reason for the concern - it is amateur, trivial to defeat nonsense.
That wasn't faux outrage, it was legitimately hilarious. I would've reported it if I wanted to report it.He's already addressed it and apologized (and continues to do so). No need to keep quoting him with the faux-outrage in the hopes of a mod seeing it. At best, report it.
You're right on all of this.I'm sorry, I am just not going to spend an hour and a half to explain how security research works. You are advocating for researchers to act on behalf of the companies interests alone, and that's just not how the world works or how it should.
It is also irrelevant in this case - a malicious actor (Team-Xecuter) had discovered the vuln before most others, weaponized it and had announced their intentions to use it to sell a piracy enabling device. At that point, covering up the flaw is not an option.
Yes, thats the same for me. When Apple gave me the features that I was having to get through Jailbreaking, I stopped.I stopped jailbreaking iPhones when apple offered me the features I wanted that I could only get before thru hacks.
Maybe in about 10 years Nintendo will figure that approach out.
I like this case studyI think anyone can see that the flaws are Nintendo and nVidias fault - but on the subject of lawful and ethical...
What's ethical about breaking a software eco-system and providing the means to shatter crypto for a device - when its done for the notoriety?
If it damages legitimate sales - and it probably will - I cannot see releasing the details of this exploit as ethical. It might be what these groups do, and the blame for its coming into being might well lie squarely with the companies behind the product, but its not an ethical thing to my mind.
Again, if we're making health analogies - is this not like finding an anti-biotic resistant bacteria that affects a particular set of people, and then giving people the recipe or sample for that bacteria to the Internet at large?
You can argue it would always be released, and that might be the case, but to me - the choice to do so is a deliberate one and the earlier its done, the longer lasting the effect.
Yeah, go ahead and laugh, I really messed that one up, it's worth the ridicule.That wasn't faux outrage, it was legitimately hilarious. I would've reported it if I wanted to report it.
Has there ever been a piece of homebrew created for a modded console that genuinely improved it in a crucial way that was not possible before? .
Everyone on this board probably has 3 devices within arm reach that can already do the things you want your Switch to do.
What's that saying. "Your right to swing your first ends at my face."?OP I'd prefer it if you distinguished between online and offline cheats.
ONLINE: abhorrent behaviour that ruins other people's fun
OFFLINE: me playing the game I paid for the way I damn well please
There's a very cavernous difference between the two. As such I enjoy homebrew cheat systems.
Telemetry can be updated, its an always rolling thing. If they so desire, they can hire the necessary engineers to design better and better telemetry. I generally don't agree with your desire to dismiss everything and anything as 'trivial'.
For many, the 3DS' 'trivial' telemetry, which it was, was capable of banning wide swathes of idiots.
Hans improving the framerate in many 3DS games on n3DS.Has there ever been a piece of homebrew created for a modded console that genuinely improved it in a crucial way that was not possible before?
Telemetry is the absolute wrong way to do what you achieve what you describe.
A microscopic number of users are banned
Good telemetry did not play a role - that was a myth spread by pirates. The bans were due to a pattern of pre-release play; always occurring after the game leaks, never before. And ultimately the bans were meaningless due to other security failures.
Anyway, a question to everyone who seems opposed to system modification in every case: when I get a Switch, I would love to be able to modify it to run ScummVM so I can play CD backups of classic games I own like Monkey Island and Fate of Atlantis on the go, and for other similar uses that have nothing to do with piracy, cheating in online games, or anything of the sort. Is that really such a bad thing?
Assuming T214 Mariko is a real thing, I doubt piracy is going to kill the Switch. I'd say the majority of people who bought a Switch at full price during its first year are not interested in stealing from devs. The fact that (presumably) Nintendo and Nvidia were able to act before Smash, Pokemon, or a price drop is a really good thing.
Yes, tons of them.Has there ever been a piece of homebrew created for a modded console that genuinely improved it in a crucial way that was not possible before?
Good telemetry lets you track behavior, it never hurts to have good user data even if it only sometimes catches bad actors. It often lets you catch dumb-ass actors.
And as noted, all access to their servers is now console-ID unique, if they have a suitable web to catch you with a small chance every time you connect, eventually your ID will be blacklisted permanently. They *did* learn something from the Xbox and their own cock-ups on the 3DS/WiiU. Now, obviously, the best way to not have this issue is to not have a compromised bootloader or... the ability to run completely unsigned code just by having .nsp with no header checks... (I don't know how that survived to 5.0)...
But this is why they joined HOne. Obviously they knew they were incompetent enough to need help and, well, help they've gotten.
The most recent ban wave wasn't on pre-release software. That was a few months ago, had nothing to do with releases, nothing had released.
Its real. We even know what it is at this point.
Hell, NVidia knew about this bootloader issue last year apparently because that's when this thing showed up. So the disclosure was, probably, not even necessary in terms of impact on timetables of this releasing.
So, because they were lacking features, they deserved to be hacked?
(This is called victim blaming, by the way.)
But I'll quote you anyway because I said I'd do so. Yeah, I was stupid saying that.
Hans improving the framerate in many 3DS games on n3DS.
Translation patches.
Countless excellent romhacks.
Improved load times on many disc based consoles when switching to playing games on flash storage/HDD.
Region free on many consoles.
Ports of DOOM, Quake, ScummVM, and many other games.
Adding (basically native) Gamecube support to the Switch.
Adding media support on things like oXbox and Wii.
Supporting installing PSP games on the Vita and PS TV that would otherwise not be supported.
Just off the top of my head.
I thought the first mention of Mariko was in Switch's 5.0 update. What evidence of its existence was there last year? Not that I don't believe you, I'm just curious.
Without affirmative tamper state identification, you are constrained to tightly controlled, quadruple checked after the fact bans. It's very difficult to do those at a scale and frequency that they matter; just ask Microsoft.
The most recent banwave was about pre-release play. It done well after the fact, but that was the commonality. I am not speculating - I know the cause for a fact. Nintendo does not have systems in place on the 3DS to validate the systems integrity and does not collect sufficient data to do that validation on the backend. Virtually all data collection is user controllable, can be toggled off.
A smarter company would use telemetry data to identify users who run wares downloader/CFW updater apps and ban them in delayed, rolling waves, but that is not what's Nintendo did.
Introducing the ability to play backups from another console that the device was not originally intended to is not a new feature, it's piracy.
So it looks like the homebrew community has given us some translation patches, some small performance increases, and the ability to run software that can already run on every device in your home. All for the low low price of mass piracy and cheaters ruining every online game.
What about the rest of us who want to use the device the way it was intended?
I would love to meet these DOOM and ScummVM enthusiasts who apparently think it is so important that every single device they ever purchase be able to run their favorite software to the point where it's worth harming the device's ecosystem over.
To that end I agree, pre-emptive checks on system integrity is indeed paramount to better identification of user-end tampering.
I'll cede, I wasn't aware the cause was tracked down as last I spoke on this with a dev a month ago was left at 'not known'.