I would be very interested to hear what the many programmers here on Tildes has to say about this, more specifically, is it a big security risk? And if it is, how would someone go about to hack...
I would be very interested to hear what the many programmers here on Tildes has to say about this, more specifically, is it a big security risk? And if it is, how would someone go about to hack the switch through this interpreter?
A lot of this really comes down to how this is implemented in my opinion. If by "Ruby interpreter" we mean a hard-coded list of commands that this system translates to Ruby-like operations which...
A lot of this really comes down to how this is implemented in my opinion. If by "Ruby interpreter" we mean a hard-coded list of commands that this system translates to Ruby-like operations which don't expose any of the underlying Ruby language, then this is probably safe/useless for hacking the switch. If all you can do is math and drawing lines on the screen, this is probably useless.
If this accidentally exposes any of the meta-programming aspects of Ruby or even certain parts of the underlying language, then this is basically a way for people to hack into the switch readily. Even the limited subset of commands approach may fall down if the author has forgotten about certain aspects, or even accidentally exposed insecure functions. For example with a quick Google search I found this post which details a Ruby interpreter escape using essentially just printing a formatted String: https://eyalitkin.wordpress.com/2017/06/02/mruby-vm-escape-step-by-step/
It isn't hard to imagine that many more things like this are lurking in anything that exposes Ruby directly. It's notoriously hard to get this right in dynamic languages, as they often offer tools for re-programming parts of the language itself, and Ruby is no exception here.
Entirely speculating here, but it's highly unlikely the author has covered all their bases here unless they omitted all of Ruby, and just built a new independent thing safely from the ground up. If they haven't done that, then this basically guarantees that at some point in time this becomes an exploit vector for the Switch, but who knows what they actually did.
Urgh, fuck Nintendo is what I think about this. They're a backwards company regarding this sort of thing, hyperprotective of their hardware. They're the King of walled gardens. Apple is merely the...
Urgh, fuck Nintendo is what I think about this. They're a backwards company regarding this sort of thing, hyperprotective of their hardware.
They're the King of walled gardens. Apple is merely the gardener.
My guess is, like with other forms of piracy, the money "lost" in this case would not have actually translated to revenue for Nintendo anyway. Some of it would, maybe, but only a small fraction.
My guess is, like with other forms of piracy, the money "lost" in this case would not have actually translated to revenue for Nintendo anyway. Some of it would, maybe, but only a small fraction.
I do agree, it´s all about money really. And i have never been able to support money first, everything else after up to this point, which all the large company´s like Nintendo live by. It is...
I do agree, it´s all about money really. And i have never been able to support money first, everything else after up to this point, which all the large company´s like Nintendo live by. It is simply how the world works in our current society. We don´t build temples and churches anymore, we build world trade centers and the like. Money is our god in a way.
I was more curious about the technicality of it, i`m no hacker. When my car breaks down i ask a mechanic, when the switch gets hacked i ask a programmer.
Nintendo systems have historically been hacked through code exploits in certain games, it's not really surprising that they'd quash any code interpreters snuck onto their store in a game. Even if...
Nintendo systems have historically been hacked through code exploits in certain games, it's not really surprising that they'd quash any code interpreters snuck onto their store in a game. Even if the dev thinks it's too limited to be useful, that doesn't mean the hacking community can't find a way to exploit it—they've got a long and storied history of doing exactly that.
Hopefully it's fixed soon, A Dark Room is an excellent game.
Would Nintendo let them back on the console? They knowingly pushed a version of the game that allowed outside code to be run and broke their agreement.
Would Nintendo let them back on the console? They knowingly pushed a version of the game that allowed outside code to be run and broke their agreement.
Sure, it's a security risk, although in the end not a huge one. On the whole, the Switch's security is pretty good; the most notable vulnerability, Fusée Gelée/ShofEL2/memecpy, was due to an...
Sure, it's a security risk, although in the end not a huge one.
On the whole, the Switch's security is pretty good; the most notable vulnerability, Fusée Gelée/ShofEL2/memecpy, was due to an Nvidia screwup, and was nothing to do with Nintendo. plutoo gave a talk at 34c3 about Switch hacking, and everything is pretty well-isolated from everything else – even a malicious game (or Ruby code running inside a game) wouldn't really be able to do much.
I would be very interested to hear what the many programmers here on Tildes has to say about this, more specifically, is it a big security risk? And if it is, how would someone go about to hack the switch through this interpreter?
A lot of this really comes down to how this is implemented in my opinion. If by "Ruby interpreter" we mean a hard-coded list of commands that this system translates to Ruby-like operations which don't expose any of the underlying Ruby language, then this is probably safe/useless for hacking the switch. If all you can do is math and drawing lines on the screen, this is probably useless.
If this accidentally exposes any of the meta-programming aspects of Ruby or even certain parts of the underlying language, then this is basically a way for people to hack into the switch readily. Even the limited subset of commands approach may fall down if the author has forgotten about certain aspects, or even accidentally exposed insecure functions. For example with a quick Google search I found this post which details a Ruby interpreter escape using essentially just printing a formatted String:
https://eyalitkin.wordpress.com/2017/06/02/mruby-vm-escape-step-by-step/
It isn't hard to imagine that many more things like this are lurking in anything that exposes Ruby directly. It's notoriously hard to get this right in dynamic languages, as they often offer tools for re-programming parts of the language itself, and Ruby is no exception here.
Entirely speculating here, but it's highly unlikely the author has covered all their bases here unless they omitted all of Ruby, and just built a new independent thing safely from the ground up. If they haven't done that, then this basically guarantees that at some point in time this becomes an exploit vector for the Switch, but who knows what they actually did.
As far as I know, it was a proper Ruby interpreter (apparently using a relatively old version of mruby).
Urgh, fuck Nintendo is what I think about this. They're a backwards company regarding this sort of thing, hyperprotective of their hardware.
They're the King of walled gardens. Apple is merely the gardener.
To be fair the ease of piracy on 3DS lost them a lot of money.
[citation needed]
My guess is, like with other forms of piracy, the money "lost" in this case would not have actually translated to revenue for Nintendo anyway. Some of it would, maybe, but only a small fraction.
I do agree, it´s all about money really. And i have never been able to support money first, everything else after up to this point, which all the large company´s like Nintendo live by. It is simply how the world works in our current society. We don´t build temples and churches anymore, we build world trade centers and the like. Money is our god in a way.
I was more curious about the technicality of it, i`m no hacker. When my car breaks down i ask a mechanic, when the switch gets hacked i ask a programmer.
Nintendo systems have historically been hacked through code exploits in certain games, it's not really surprising that they'd quash any code interpreters snuck onto their store in a game. Even if the dev thinks it's too limited to be useful, that doesn't mean the hacking community can't find a way to exploit it—they've got a long and storied history of doing exactly that.
Hopefully it's fixed soon, A Dark Room is an excellent game.
Would Nintendo let them back on the console? They knowingly pushed a version of the game that allowed outside code to be run and broke their agreement.
I don't see why not but this may very well be the first issue of its kind for Nintendo, so it's hard to say.
Sure, it's a security risk, although in the end not a huge one.
On the whole, the Switch's security is pretty good; the most notable vulnerability, Fusée Gelée/ShofEL2/memecpy, was due to an Nvidia screwup, and was nothing to do with Nintendo. plutoo gave a talk at 34c3 about Switch hacking, and everything is pretty well-isolated from everything else – even a malicious game (or Ruby code running inside a game) wouldn't really be able to do much.