Hacking Question Anyone played online with SX OS yet?

[mike4001]

Didn`t play online but downloaded a bunch of game updates with SX OS ;-)

 

[Nyteshade714]

I can't wait until the "I tried to play a backup online and got banned, how do I fix this" threads start popping up in a few days

 

[Quicksilver88]

Exactly: Nintendo will be unable to tell who is the original owner. Is it the one who first got onilne? And what if he just rented it?
And what if a certificate generator will be made one day? The first one might be a pirate and the second one could be a retail customer and he'll see himself getting banned for no reason.

I'd love to see someone try this out and see if it works (spoilers: it will almost certainly will, although for how long, that we cannot tell)

EDIT: by "this" I mean putting the ID back instead of a blank one.

See I agree with Wazzu that you replied to. I don't think N will be banning people when a legit cart ID shows up a few times even if at the same time. They are likely going to blacklist cart IDs that show up a lot (so someone dumped it forgot to strip the cert and it gets highly sent around) and they are also going to blacklist carts with the cert 00 or FF out.

Really its the same old same old, you want online and backups....have two units. I did that with both x360 and ps3. Likely will wait on Switch to see what happens. I have very little interest in online gaming so even if it gets banned I am not sure I give a fig as long as it can do updates.

 

[sychotix]

While that may be true, with technological improvements also come encryption and cipher strength improvements. Currently 4096-bit encryption is one of the higher chains, but as compute power becomes stronger it will open up for much higher encryption availability because CPU's will be able to decrypt the data, or transfer the encrypted data at a higher efficiency.

True, but at least with the current implementation of quantum computing... they won't make for good home computers. They are good at doing one very complex task, not a bunch of small short ones. Lots of problems that still need solving, but to get back to the topic...

I hope that Nintendo ends up just banning backups but leaving the console/account alone... but we'll have to see.

 

[LikeATrollFace]

I heard someone say that if you're cert is banned you can still update your carts. If this is true, why don't we just use a banned cert to update backups? Not on your own switch ofcourse, maybe use a banned switch, an emulator or try to download it manually from the CDN.

 

[Jaimy]

I have made my own .xci dump of Ultra Street Fighter 2 The Final Challangers.
I checked beforehand if online is working when the cart is inserted and used, it does. If I use TX to load the .xci (without the legit cart inserted obviously) it will not let me play online. I have also tried inserting my own cert into BBB backups, which resulted in the same error.

Did you make the dump with certificate?

 

[don_luca]

I have made my own .xci dump of Ultra Street Fighter 2 The Final Challangers.
I checked beforehand if online is working when the cart is inserted and used, it does. If I use TX to load the .xci (without the legit cart inserted obviously) it will not let me play online. I have also tried inserting my own cert into BBB backups, which resulted in the same error.

Thanks for trying this out, this is most interesting.

So it looks like the issue does not reside with the certificate or the dumps, but in SX OS itself and how it communicates with the Nintendo servers.

 

[Crazy-S]

Thanks for trying this out, this is most interesting.

So it looks like the issue does not reside with the certificate or the dumps, but in SX OS itself and how it communicates with the Nintendo servers.

Has anyone considered, that TX has maybe implementet a "safety" feature that prevents loaded Games to communicate with Nintys Online Gaming servers?

 

[dashkiller]

Did you make the dump with certificate?

Yes.

 

[don_luca]

Has anyone considered, that TX has maybe implementet a "safety" feature that prevents loaded Games to communicate with Nintys Online Gaming servers?

It doesn't make much sense to cripple your own software to me, but, yeah, this could be a possibility.

EDIT: actually, no, because people have been updating their games using SX OS, so it would mean that they are able to block only the multiplayer servers and I'm not even sure if they are on the same machine with the game patches.

EDIT 2: another interesting point could be that the software used to make dumps isn't 100% accurate and can't make a proper 1:1 dump of the game card.

 

[Rel]

I have made my own .xci dump of Ultra Street Fighter 2 The Final Challangers.
I checked beforehand if online is working when the cart is inserted and used, it does. If I use TX to load the .xci (without the legit cart inserted obviously) it will not let me play online. I have also tried inserting my own cert into BBB backups, which resulted in the same error.

Interesting, so backups do not work online without the cart inserted. I wonder if this was done intentionally by TX.

 

[sychotix]

It doesn't make much sense to cripple your own software to me, but, yeah, this could be a possibility.

EDIT: actually, no, because people have been updating their games using SX OS, so it would mean that they are able to block only the multiplayer servers and I'm not even sure if they are on the same machine with the game patches.

EDIT 2: another interesting point could be that the software used to make dumps isn't 100% accurate and can't make a proper 1:1 dump of the game card.

Or could it possibly be the already documented anti-piracy techniques that Nintendo implemented? :thinking:

https://gbatemp.net/threads/psa-str...es-implemented-by-nintendo-for-online.507826/

 

[DaveLister]

Are you trying to tell everyone that there are over 150 games for Switch worth playing?

I anunaki flavour fart in your general direction.

 

[ganons]

TX need to clarify if they added this 'feature'

 

[don_luca]

Or could it possibly be the already documented anti-piracy techniques that Nintendo implemented? :thinking:

https://gbatemp.net/threads/psa-str...es-implemented-by-nintendo-for-online.507826/

Which is a very detailed guideline (which you've clearly not read/understood) on how authentication works.

Everything right now is revolving around the point 4, we have an authentic certificate and yet our authentication gets rejected (after being initially accepted!!! Which means that SX OS *is* somehow transparent to the Nintendo Servers, as we're able to download content, even game updates, from it), so there's something missing in the process to create a proper token.

By quoting the steps we have:

1. Your console gets a device authorization token from dauth for the aauth client ID.

We're able to do this as previously shown, otherwise we wouldn't be able to download content from Nintendo.

2. Your console retrieves its certification to play the title it's trying to connect online with, and sends that to aauth.

This is where the things get messy and we don't have a sufficient level of detail about what happens.

We know that:

• If you are playing a gamecard, your certification is your gamecard's unique certificate. This is signed by Nintendo using RSA-2048-PCKS#1 at the time your gamecard is written, and contains encrypted information about your gamecard (this includes what game is on the gamecard, among other, unknown details).
• In the gamecard case, the data uploaded to aauth is "application_id=%016llx&application_version=%08x&device_auth_token=%.*s&media_type=GAMECARD&cert=%.*s", formatted with the title ID for the game being played, the version of the game being played, the token retrieved from dauth, and the gamecard's certificate (retrieved from FS via the "GetGameCardDeviceCertificate" command), formatted as url-safe base64.
• This code lives at .text+0x7DE1C for 5.0.0 account.

Until now, we have been speculating that the biggest problem would be the gamecard's unique certificate, but thanks to @dashkiller 's efforts, we know that there's something more, as he has a dump of his own genuine game card – and it's not working.
We have all the params we need for the aauth string, yet there's something amiss which, at this point, could be only the dauth token which is kinda strange as we're able to download game updates with it and access the eShop.

Thus, more investigation is needed, because there's clearly something missing in the chain.

EDIT: or, of course, the dumper not doing a proper 1:1 dump.

 

[andre1891]

Do you think Nintendo detect the AutoRCM Feature of SX when you installed it?

 

[fenomeno0chris]

Is it safe to play online with own created backups, so the created xci file is unique?

 

[CaptainLoozer]

Is it safe to play online with own created backups, so the created xci file is unique?

We. Don't. Know.

P.S. This is honestly the answer to every "Is is safe to ..." question out there regarding doing anything with your switch that it wasn't intended by nintendo for it to do.

 

[sychotix]

Which is a very detailed guideline (which you've clearly not read/understood) on how authentication works.

Everything right now is revolving around the point 4, we have an authentic certificate and yet our authentication gets rejected (after being initially accepted!!! Which means that SX OS *is* somehow transparent to the Nintendo Servers, as we're able to download content, even game updates, from it), so there's something missing in the process to create a proper token.

No, I did read and understood the majority of the post. We don't yet understand what SX OS is doing under the covers to load the game. Any one of the parameters could be off, causing Nintendo's servers to reject online access. What would be interesting is if he sniffed the traffic from his switch to determine if the parameters are behaving as expected when booting through the cart or through SX OS.

For all we know, SX OS could be booting the game as a "digital" game, and since he dumped a cart game, Nintendo rejects it.

 

[CaptainLoozer]

No, I did read and understood the majority of the post. We don't yet understand what SX OS is doing under the covers to load the game. Any one of the parameters could be off, causing Nintendo's servers to reject online access. What would be interesting is if he sniffed the traffic from his switch to determine if the parameters are behaving as expected when booting through the cart or through SX OS.

For all we know, SX OS could be booting the game as a "digital" game, and since he dumped a cart game, Nintendo rejects it.

Actually we do know that it's actually NOT doing that since it doesn't actually install the title. It just emulates the cartridge being inserted and redirects it to the SD files.