- The 3DS is nearing the end of its lifespan. This seems like a way to test the waters. Nintendo's a traditional Japanese company so slow and steady is the name of the game. There's really no financial reason to beef up the 3DS' security as they just had what is, to my knowledge, its last major launch (Pokémon S&M).
- They're providing an incentive for modders to report their exploits instead of sharing them with the wider community. If they keep their promise, it could really cut back on homebrew and piracy. AFAIK this is unprecedented in gaming. Would definitely help with Nintendo consoles' rampant exploits.
- Nintendo's software is terrible. Case in point: their web browsers use crappy old versions of WebKit, and when they inevitably get exploited, they patch that particular exploit out and leave the rest of that Swiss cheese open for grabs. I don't think they really have a concept of security. Could it mean a sea change is coming in Switch?
It would be nice if they partnered with a web browser developer (Google or Mozilla) to handle this part and ensure they provide an up-to-date engine on their next consoles.
It seems a bit late for the Nintendo 3DS. I wonder if it has anything to do with shared code between this and the upcoming Nintendo Switch. Nintendo has a had an amazing year and I'm really glad they're doing this nonetheless.
To me it seems especially late since the platform has been broken wide open.
The "jailbreaks" now have access to both processors used to boot the system and games, so they can run code before the system loads and intercept writes to their memory locations.
They can block exploits in new firmware versions (and have), but the system has sold so many units there doesn't seem to be a realistic chance of "breakable" systems running out for those interested.
Especially considering the hacks allow you to have more than one 3DS firmware installed at a time, allowing you to do things that require a clean slate while still being hacked.
As long as you don't install some theoretical update that blocked all the exploits directly onto your real NAND, or as long as you don't buy a fresh 3DS with this update baked in already... you're honestly all set.
Yeah right. The homebrew scene on 3DS was literally kickstarted by piggy-backing on a special cartridge made exclusively for piracy purpose (which was exploiting a 3DS firmware vulnerability). People developed the exploits for piracy first then the homebrew developers came. The first few homebrew software for 3DS were shipped as modified "launcher.dat" files for Gateway 3DS.
This shifted later on in the console's lifetime, but at that point people had already developed "backup loaders" and most users were already in for the piracy more than the homebrew.
Not that homebrew isn't great, but it would be a complete lie to say piracy isn't the biggest application of these exploits.
See, if Nintendo had provided a simple way for developers to play around in their own consoles (as simple as "the 3DS will run files that are signed by you, in its regular sandbox; we provide no support for this feature") we likely wouldn't have seen the newest ground-leveling exploits.
Say what you will about the piracy scene, but Nintendo almost killed it with the newest software updates. It took passion and experience, not money, to cause the newest events of what happened here. What if that passion could have been redirected into cool homebrew in the first place?
I'd argue that 3DS piracy would have continued even if Nintendo opened up for homebrew. There's money to be made off of it - if there weren't, the initial exploit with a special cartridge wouldn't have been developed.
On a sidenote, do companies in general want to allow home brew on game consoles? Especially if they're selling them at a loss or at break-even, since they're not going to make money if people buy the consoles just for homebrew purposes.
>do companies in general want to allow home brew on game consoles
Nintendo generally seem to be very anti-homebrew/community lately, using the DMCA to shut down fan projects seems to be their way of destroying that reputation that they built over the 90s.
> On a sidenote, do companies in general want to allow home brew on game consoles? Especially if they're selling them at a loss or at break-even, since they're not going to make money if people buy the consoles just for homebrew purposes.
The PS3 had this issue when the US Air Force built a super computer out of them a while back[1], since you could run Linux on the original PS3 without a jailbreak. They latter pushed an update that disable this feature in response.
What's more likely is that once Geohot and others started hacking the machine, sometimes through linux. Someone at Sony must have realised that it's an attack vector that a miniscule amount of users used.
And it'd be better for them to get rid of the functionality.
> What's more likely is that once Geohot and others started hacking the machine, sometimes through linux. Someone at Sony must have realised that it's an attack vector that a miniscule amount of users used.
> And it'd be better for them to get rid of the functionality.
On the other hand: The people who love to hack Linux to run on their toaster are often the people who have the knowledge to exploit the device. As long as Linux already ran from beginning on, this kind of people had no real incentive to attack the device to run Linux. As soon as this option was removed, this kind of community got furious on Sony and decided to let their exploits loose.
Sony didn't let OtherOS use the GPU proper (it only let you use a basic frame buffer) so there was already incentive to attack the device to expose more capabilities.
They provide camoflauge. If homebrew did not exist, such products could be uncontroversially classified as piracy tools, allowing Nintendo to aggressively remove them from the market. Instead they are in a bittorrent-like situation where even though the vast majority of the use is for copyright infringing activity, there is a loud minority that use it for something legal, and all the pirates pretend to be in that minority when accused of breaking the law.
This culture of "homebrew" truly blossomed during the DS era with a huge number of commercially produced rewriteable cartridges, and 3DS piracy is largely a continuation of that.
I found one, eShop titles have one key each, meaning once the key goes public, anyone can get the game with it, right from Nintendo's servers, namaste!
Don't flood me with your monies just yet, Nintendo, rather pay for better devs! ;)
They're talking about the 'titlekey' system that the eShop uses. The overview of the process is:
1) You attempt to purchase a game on the eShop
1a) Nintenedo servers verify you have funds
1b) Nintendo charges your account credit equal to the amount of the game
2) Once payment is received, the eShop application installs the selected game's 'titlekey' to your 3DS system. These titlekeys are unique per game, not per console -- herein lies the biggest part of the problem. These titlekeys are used as decryption keys for the game contents hosted on Nintendo's CDN (which doesn't need authentication!).
3) If the eShop app senses you have the game's titlekey installed, it will let you download it to your system.
So, once people figured out how to dump the titlekey databases from their systems, and how to import titlekeys into their other systems, they were able to essentially get free games directly off the eShop, using Nintendo's servers!
And then a few weeks after that, a homebrew app called freeShop came by that automated the process -- it has a GUI that lets you browse the games in the eShop, pull and install the titlekey from an online database, and grab/decrypt/install the game straight from Nintendo's servers.
Because Nintendo doesn't tie purchases to your Nintendo Network ID, but rather to the hardware itself, they left themselves wide open to this.
(It should be noted that the Wii U eShop uses a very similar system that has been similarly exploited recently.)
Okay, wow, that's a huge hole in their system. Is there any indication that Nintendo is aware of this and is trying to patch it? Or has it been patched already?
The only incentive I've ever had to jailbreak a 3DS was in order to play region-locked games that were only released in Japan. Why is region-locking still a thing? Why force the most loyal of your customers to buy two consoles - one NA and one JP?
- The 3DS is nearing the end of its lifespan. This seems like a way to test the waters. Nintendo's a traditional Japanese company so slow and steady is the name of the game. There's really no financial reason to beef up the 3DS' security as they just had what is, to my knowledge, its last major launch (Pokémon S&M).
- They're providing an incentive for modders to report their exploits instead of sharing them with the wider community. If they keep their promise, it could really cut back on homebrew and piracy. AFAIK this is unprecedented in gaming. Would definitely help with Nintendo consoles' rampant exploits.
- Nintendo's software is terrible. Case in point: their web browsers use crappy old versions of WebKit, and when they inevitably get exploited, they patch that particular exploit out and leave the rest of that Swiss cheese open for grabs. I don't think they really have a concept of security. Could it mean a sea change is coming in Switch?