I'm surprised the 3DS hasn't been hacked trough this functionality. It would be an awesome opportunity to create some kind of worm that quickly spreads around the world and you also get to name it with a trendy name like "Fail Pass".
Fortunately, small protocols like this are pretty easy to write securely if you sanity check all of your inputs and bail if anything is wrong.
I don’t know the Mii format but it can’t be large, and the only arbitrary input there is the name, I believe.
Nintendo themselves are pretty good at writing secure stuff; it’s usually libraries or 3rd party games which have been responsible for the software exploits in Nintendo software.
> I'd say Nintendo have a pretty bad history of writing secure format parsers.
Those examples are very old at this point. You may be surprised to learn that Nintendo have learned from these, and are much better at this than they used to be.
The Switch is only hackable via hardware; no software methods work, and the only one that did was caused by a hardware problem on Nvidia’s part.
The original Wii exploit was to use tweezers to short two circuits at a special time. The software that revealed led to the software exploits which are used today.
The Wii U was exploited by its backwards compatibility with the Wii.
If marcan wants to tell me I’m wrong, I’ll believe him, but until then I’m convinced that Nintendo is far better at this than they used to be.
