Nintendo offers up to $20K if you find Switch or 3DS vulnerabilities

Time to put on your white hats dear hackers

It’s not a surprise to say that Nintendo is in war with hackers. Since the early days of the GameBoy Color, plenty of gamers spent countless hours finding exploits to play “free” games on all the Nintendo systems. Hackers even had their golden age with the Wii. And the confrontation is still running today with the latest Nintendo 3DS Update or the newly released Switch. So Nintendo decided to fight the hackers with their own weapons, through the Hacker One program.

The Hacker One program is simple: it’s a marketplace for big companies that want to hire developers in finding hardware or software vulnerabilities. In other words, Nintendo will pay what we call “white hat hackers” to find possible exploits on their gaming consoles and come up with fixes. Nintendo has been running this program for the 3DS and Wii U since a few months now, and just extended this offer to the Switch. So if you have development skills and want to get funded by Nintendo, the rewards start at $100 and can go up to $20,000!

Here’s a list of activities that Nintendo is focused on preventing, and of vulnerabilities they’re interested in receiving information about:

  • Piracy, including:
    • Game application dumping
    • Copied game application execution
  • Cheating, including:
    • Game application modification
    • Save data modification
  • Dissemination of inappropriate content to children
  • System vulnerabilities regarding Nintendo Switch
    • Privilege escalation from userland
    • Kernel takeover
    • ARM® TrustZone® takeover
  • Vulnerabilities regarding Nintendo-published applications for Nintendo Switch
    • Userland takeover
  • System vulnerabilities regarding the Nintendo 3DS family of systems
    • Privilege escalation on ARM® ARM11™ userland
    • ARM11 kernel takeover
    • ARM® ARM9™ userland takeover
    • ARM9 kernel takeover
  • Vulnerabilities regarding Nintendo-published applications for the Nintendo 3DS family of systems
    • ARM11 userland takeover that doesn’t require other hacks or tools (“secondary” exploits would be those that require other hacks or tools to be effective; those would be out of scope for this program)
    • Hardware vulnerabilities regarding either the Nintendo Switch system or the Nintendo 3DS™ family of systems
  • Low-cost cloning
  • Security key detection via information leaks


You might also like