Link
It seems Nintendo has opened up a page where you can report bugs, exploits, etc.
Here is a list of things Nintendo is interested in.
Of course you CANNOT release any exploit you report after you report it. Doing so will result in legal action not to much information provided about that.
Here is the template for reporting the bug.
It seems Nintendo has opened up a page where you can report bugs, exploits, etc.
Here is a list of things Nintendo is interested in.
- backups, including:
- Game application dumping
- Copied game application execution
- Cheating, including:
- Game application modification
- Save data modification
- Dissemination of inappropriate content to children
- System vulnerabilities regarding the Nintendo 3DS™ family of systems
- Privilege escalation on ARM11 userland
- ARM11 kernel takeover
- ARM9 userland takeover
- ARM9 kernel takeover
- Vulnerabilities regarding Nintendo-published applications for the Nintendo 3DS™ family of systems
- ARM11 userland takeover
- Hardware vulnerabilities regarding the Nintendo 3DS™ family of systems
- Low-cost cloning
- Security key detection via information leaks
Of course you CANNOT release any exploit you report after you report it. Doing so will result in legal action not to much information provided about that.
Here is the template for reporting the bug.
- State the name of the applicable platform (e.g., Nintendo 3DS™, New Nintendo 3DS™, or both)
- State the region of the platform you used (e.g., JP, US, or EU)
- State the system version number(s) that the vulnerability applies to
- Describe all of the steps required to reproduce the issue
- Describe the details of what the vulnerability is and, if possible, potential ways to fix the vulnerability
- Describe, if applicable, how individuals might be able to utilize the vulnerability information to impair the applicable system(s) and/or game(s) by showing a proof of concept or functional exploit code. You are allowed to submit a proof of concept or functional exploit code later (within three (3) weeks), after the initial submission of the report.
- Confirm that the vulnerability is not widely known to the public.