Hacking CDNSP is dead

[Kioku]

@Ashura66 Told you in the other thread they are done playing

Now let's see what SciresM and co. have to say about this.

I'd assume something along the lines of "Told you so!"

 

[Sonansune]

If its like 3DS, which it likely is, then its a signed token for purchase validity. You'd not have the ability to crack it as its just an authentication token given to you to then give back to the CDN, to allow a download of a title you own on your account. With the way the accounts check for authenticity now, this is most likely what they added.

You basically have to own the title to be handed a token.

demolished. lol

 

[bundat]

iirc 3ds only need dauth for downloading base game, not for updates. would be nice if someone try if downloading updates get you instaban or not
if that's the case we can limit CDNSP to download updates and get base game NSP elsewhere (converted from XCI, scene release etc)

I was thinking the same thing, but then if you release the cert file publicly, you CANNOT trust that people will not try to use it in the old CDN downloaders and instaban the cert.

So if certs can still be used to download updates, they still most likely won't be released publicly anymore, as ANYONE can troll the cert and instaban it.

But I'm also interested if anyone has experimented with their own/private cert with downloading updates of games you do not own. This should be equivalent to users updating in OFW the XCI games they played, so if it's also an instaban, we should start hearing about it in the ban sticky thread as a lot of SX OS users update their XCI games in OFW.

 

[Albytrozz]

@Ashura66 Told you in the other thread they are done playing

Now let's see what SciresM and co. have to say about this.

They'll have a new app that gets around CDN bans that will come out just before Atmosphere 1.0... ETA July 2026

 

[Rikikoo]

Since nobody apparently posted this, here's what the server answers:
Headers:

{'Server': 'AkamaiGHost', 'Mime-Version': '1.0', 'Content-Type': 'text/html', 'Content-Length': '176', 'Expires': '<stubbed out date>', 'Date': '<stubbed out date>', 'Connection': 'keep-alive'}

Content:

<HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>\nAn error occurred while processing your request.<p>\nReference<stubbed out identifier>\n</BODY></HTML>

EDIT: I'm also interested in knowing where these talks about DenebEdgeToken originate from. SSL sysmodule reversing?

 

[Garou]

I was thinking the same thing, but then if you release the cert file publicly, you CANNOT trust that people will not try to use it in the old CDN downloaders and instaban the cert.

So if certs can still be used to download updates, they still most likely won't be released publicly anymore, as ANYONE can troll the cert and instaban it.

But I'm also interested if anyone has experimented with their own/private cert with downloading updates of games you do not own. This should be equivalent to users updating in OFW the XCI games they played, so if it's also an instaban, we should start hearing about it in the ban sticky thread as a lot of SX OS users update their XCI games in OFW.

so true
keep the cert private then, and download all updates and put it on file hosters

 

[NeoSlyde]

Anyone knows what will happen for updates?

 

[Draxzelex]

If people want a "safe" way to download updates officially for .NSP files similar to .XCI files, I recommend deleting the fake ticket for them via Tinfoil (or backing it up), booting into non-RCM OFW, RCM OFW if your fuses aren't burnt, downloading the updates there, then reinstalling the ticket. Having the .NCA files stored in the USER partition shouldn't matter since apparently Nintendo doesn't scan the USER partition (otherwise EmuNAND would be immediately detected).

 

[DocAmes1980]

I was thinking the same thing, but then if you release the cert file publicly, you CANNOT trust that people will not try to use it in the old CDN downloaders and instaban the cert.

So if certs can still be used to download updates, they still most likely won't be released publicly anymore, as ANYONE can troll the cert and instaban it.

But I'm also interested if anyone has experimented with their own/private cert with downloading updates of games you do not own. This should be equivalent to users updating in OFW the XCI games they played, so if it's also an instaban, we should start hearing about it in the ban sticky thread as a lot of SX OS users update their XCI games in OFW.

I download game updates in CFW for legit and backup titles. I will try now but I don't know if there will be any updates for backup NSPs since I updated a few days ago.

EDIT: All of my games were up to date.

 

[MaxiBash]

I'm scared, what if security Dauth detects flashcarts and you go online?

 

[Draxzelex]

I'm scared, what if security Dauth detects flashcarts and you go online?

But there aren't any flashcarts available for the Switch

 

[MaxiBash]

But there aren't any flashcarts available for the Switch

FreeShop is also dead now, and it can detect CIA's.

 

[Draxzelex]

FreeShop is also dead now, and it can detect CIA's.

I'm getting increasingly confused. What do flashcarts have to do with .CIA files? The whole point of 3DS flashcart's were to load .3DS files. Plus, that was the 3DS; we're currently talking about the Switch.

 

[MaxiBash]

I'm getting increasingly confused. What do flashcarts have to do with .CIA files? The whole point of 3DS flashcart's were to load .3DS files. Plus, that was the 3DS; we're currently talking about the Switch.

Nintendo can detect if a game is legit, right?
If you play off a CIA or a flashcart, it can detect if the game is legit.
This makes me wonder if it can detect if flashcarts are legit.

 

[Ashura66]

so true
keep the cert private then, and download all updates and put it on file hosters

That wont help as the detection is now near instant

 

[Draxzelex]

Nintendo can detect if a game is legit, right?
If you play off a CIA or a flashcart, it can detect if the game is legit.
This makes me wonder if it can detect if flashcarts are legit.

That's...usually what Nintendo does to ban users in the first place; checking for signs of illegitimate games. A good flashcart wouldn't leave traces of its usage on the system so this should be theoretically undetectable. And from what I remember, there is no difference between a .CIA file downloaded offline and from the eShop.

 

[Rahkeesh]

Totally called this when they let the last public cert last so long, and we got news of this dauth business in 6.0. Gave exactly a week grace period for people to update their firmware, then boom.

 

[DocAmes1980]

That wont help as the detection is now near instant

For updates as well? He was talking about downloading solely updates. Not the base game.

 

[Ashura66]

For updates as well? He was talking about downloading solely updates. Not the base game.

Everything is stored in the same server so supposedly yeah

 

[Robert McCoy]

I'm already banned. Does this really mean anything for me? Can i still use a banned cert to download from cdnsp or nxshop?