Hacking Nintendo Switch Banning Hub & Warning

[Draxzelex]

Let's say you:
1) Install a pirated .NSP which has a "Device ID" mismatch in it's "App Ticket"
2) Uninstall the .NSP
3) Connect to the internet afterwards

Would your console send Nintendo logs of previously installed tickets?

There are a lot of things for Nintendo to detect in this scenario such as the installation of an .NSP, forging a ticket, using homebrew in the first place, etc. Only thing you can do is restore a clean NAND made before hacking. The suggestion has been added to the OP. Nothing else is considered safe outside of staying offline.

Skipped them due to the fact that i haven't ever touched LayeredFS

There is nothing wrong with that however I don't want to assume you did something, or the lack there of, because it was indicated. If you had just answered no the first question (which just asks if LayeredFS was used at all), then you don't need to answer the other 2. This goes to everyone as some questions are redundant such as the SX OS set as well as the .NSP ones.

 

[fOmey]

I analyzed the latest sheet, very interesting.. unfortunately some of these entries didn't have all the fields filled out, but the ones that did do provide some interesting insight:

BANNED TOTAL: 106
NOT BANNED TOTAL: 154
NO AUTORCM & BANNED: 54
AUTORCM & BANNED: 28
EMPTY RCM COL & BANNED: 33

I was surprised to see only 28 users were using AUTORCM & were banned. I'm thinking if the users that provided all this data left the autorcm field empty its safe to assume they were not using it.. meaning potentially 87 out of the 106 users that have been banned were not using autorcm.

I better say this now: THIS DOES NOT MEAN AUTORCM IS CONSIDERED SAFE TO USE!

I just found these results interesting so I thought I would share...

 

[Kioku]

I analyzed the latest sheet, very interesting.. unfortunately some of these entries didn't have all the fields filled out, but the ones that did do provide some interesting insight:

BANNED TOTAL: 106
NOT BANNED TOTAL: 154
NO AUTORCM & BANNED: 54
AUTORCM & BANNED: 28
EMPTY RCM COL & BANNED: 33

I was surprised to see only 28 users were using AUTORCM & were banned. I'm thinking if the users that provided all this data left the autorcm field empty its safe to assume they were not using it.. meaning potentially 87 out of the 106 users that have been banned were not using autorcm.

I better say this now: THIS DOES NOT MEAN AUTORCM IS CONSIDERED SAFE TO USE!

I just found these results interesting so I thought I would share...

Well, duh. Nobody who knows anything ever hinted at either/or.

 

[fOmey]

Well, duh. Nobody who knows anything ever hinted at either/or.

Yes.... that's the entire point of the spreadsheet.

 

[Draxzelex]

I analyzed the latest sheet, very interesting.. unfortunately some of these entries didn't have all the fields filled out, but the ones that did do provide some interesting insight:

BANNED TOTAL: 106
NOT BANNED TOTAL: 154
NO AUTORCM & BANNED: 54
AUTORCM & BANNED: 28
EMPTY RCM COL & BANNED: 33

I was surprised to see only 28 users were using AUTORCM & were banned. I'm thinking if the users that provided all this data left the autorcm field empty its safe to assume they were not using it.. meaning potentially 87 out of the 106 users that have been banned were not using autorcm.

I better say this now: THIS DOES NOT MEAN AUTORCM IS CONSIDERED SAFE TO USE!

I just found these results interesting so I thought I would share...

A lot of rows are empty because the questionnaire has expanded quite a lot since its conception and when bans were first being rolled out, people were really vague on what they did to get banned. I also didn't include any vague non-banned reports because it makes far too many unsafe assumptions.

 

[TheZander]

Has anyone who is cdn banned know if you still get Nintendo news?

 

[fOmey]

A lot of rows are empty because the questionnaire has expanded quite a lot since its conception and when bans were first being rolled out, people were really vague on what they did to get banned. I also didn't include any vague non-banned reports because it makes far too many unsafe assumptions.

Right, is there any reason why you don't include what firmware version the user is running at the time of the ban?

 

[Draxzelex]

Right, is there any reason why you don't include what firmware version the user is running at the time of the ban?

You can't get banned without being on the latest firmware which is and has been 5.1. I'll have to decide what to do when Nintendo decides to implement a new system firmware but generally, the risk goes up as the firmware increases. Meaning if someone was banned for doing something on 5.1, the risk for being banned for doing the same actions would be the same, if not greater, on higher firmwares. I also include the last date that person recorded themselves for not being banned which I will admit is a hassle if you want to check what firmware they were not banned on.

 

[fOmey]

You can't get banned without being on the latest firmware which is and has been 5.1. I'll have to decide what to do when Nintendo decides to implement a new system firmware but generally, the risk goes up as the firmware increases. Meaning if someone was banned for doing something on 5.1, the risk for being banned for doing the same actions would be the same, if not greater, on higher firmwares. I also include the last date that person recorded themselves for not being banned which I will admit is a hassle if you want to check what firmware they were not banned on.

That makes sense.. however it would of been nice to have a firmware numbers to use in some formulas.

Not sure if your interested in using my crude formulas in the sheet, gives a nice overview of all the reports tho.. very inconclusive results, I was hoping to see something specific among banned users.

 

[Draxzelex]

That makes sense.. however it would of been nice to have a firmware numbers to use in some formulas.

Not sure if your interested in using my crude formulas in the sheet, gives a nice overview of all the reports tho.. very inconclusive results, I was hoping to see something specific among banned users.

I think you are misunderstanding something here. Any actions you perform regardless of your firmware doesn't make a difference, at least for now, because you must be on the latest firmware to get banned. The latest firmware has not changed since this data began being collected so I will acknowledge I have been lazy on this front. However, if you are asking users to report their actions on what firmwares, they may not remember it in such detail.

Also, the number crunching looks interesting. What would be even better if someone were to perform a couple of statistical tests to see if any of the differences are significant.

 

[TheCyberQuake]

That makes sense.. however it would of been nice to have a firmware numbers to use in some formulas.

Not sure if your interested in using my crude formulas in the sheet, gives a nice overview of all the reports tho.. very inconclusive results, I was hoping to see something specific among banned users.

The issue is you can't know you are banned unless you are on latest firmware

 

[BloodRose]

The issue is you can't know you are banned unless you are on latest firmware

You could if you were cdn banned.

 

[DanBro]

Just an update from me, still not banned. But the warning is disheartening.
Especially since I would rather buy a ps4 than a second switch.

 

[XaneTenshi]

Ban? No
If Yes, provide proof (video preferred)
SX OS used? No
Did you connect to the Internet with SX OS and/or to activate the license? No
Did you play any .XCI files online with a certificate/header? No
Do you have a certificate/header ban (look for error code 2124-4025)? No
Lowest SX Version used when Online/Offline (NOT Switch System Firmware)? No
Non-TX Layered FS Used? No
Did you connect to the Internet with a non-TX LayeredFS Inject? No
Played online w/ Non-TX Layered FS Injects? No
Used DevMenu? No
Installed any .NSP? No
Did you connect to the Internet w/ any .NSP installed? No
Did you play any .NSP installed online? No
Did you perform any CDN/Freeshop downloading with your own Switch's certificate? No
Backups updated? No
Homebrew/non-TX CFW Used? Yes (Switch Appstore and Mystery of Solarus DX)
Connect to Internet w/ homebrew/non-TX CFW? Yes, but see additional comments
Connect to eShop while using CFW/homebrew? No
AutoRCM? Yes, Hekate
Did you update your firmware w/o burning fuses? Yes
Did you install the exFAT update offline? No
receive-lp1.dg.srv.nintendo.net blocked and/or "Don't Share Usage Information" ticked under "Other Settings"? Yes
What firmware(s) were you on when you cleared error logs prior to going online? Yes: 3.0.0
Disabled "Send Error Information" in System Settings? Yes
Wi-Fi settings deleted? No
Airplane mode? Sometimes
Auto-Update Software Enabled in System Settings? No
Can you use the eShop on the Switch? Yes
Can you login to Nintendo's website using your linked Nintendo Account? Yes
Do you get error code 2137-7403 trying to update your system firmware? Haven't tried updated officially but likely the answer is No
Console/Account Region(s) EU
Trimmed .XCI? No
Additional Comments:
I used the browser exploit on FW 3.0 and connected to the Switch apptore. This was done using specific dns settings which likely prevented any communications with Nintendo.

 

[CaptainKRN]

It's been quite a while since my original post and I believe it's been long enough to come to a conclusion.

Since this post was made I have been using SX OS 1.3 and recently 1.4 to load XCI and with 1.4 install NSP files on my device and run them in airplane mode.

I have been updating every single one of them thru Nintendo by going online, pressing + and updating software.

I have never used devmenu, never used layeredfs, basically only using the tools available by SX OS.

Today I attempted to access the eshop and everything was fine.

This will be the last time I post regarding this as it seems a closed case. Not sure if anyone else tried this with me, the steps I took and all my variables are included in my original post so feel free to recreate it if anyone wants to fact check.

Experiment is complete, updating XCI and NSP backups does not lead to a ban.

TL;DR Using SX OS offline and going online to update backups has not led to a ban.

For the sake of science I will be the Guinea pig to determine if updating backups will result in a console ban. Since I haven't found anyone else who has done it, I figured I might as well be the one.

Some data before we start:
OS: 5.0.1 before SX, 5.1.0 after (I will explain)
SX OS 1.2
Region EU
Nintendo account with transactions well over 200€*
Legit physical games owned: 6
Digital games downloaded from eshop: 7

Steps taken:
Switch used normally for 3 months.
Monday June 25th SX OS purchased and installed on console. Device has been in flight mode with WiFi connection data deleted just in case.
Backups downloaded and ran for 2 days in flight mode.
June 27th I purchased a 128gb card which was formated exFat. Could not find a way to format FAT32 so I rebooted my device with an empty SD card and performed a system update to 5.1.0 in order to use it. No logs were cleaned, I just booted into OFW by turning it off and on. While I was connected to my WiFi for the first time since SX OS being installed I checked if I could access the e-shop and I could, no issues.

After update I turned console off again, put required files back in SD card and ran SX OS, with backups once again in flight mode with WiFi settings deleted.

Today June 28th I removed the SD card with SX OS from my system and rebooted to OFW, again no logs cleaned. While in OFW with WiFi on I unlinked my Nintendo account from my user profile and proceeded to update a bunch of my pirated backups.

I will return with an update on whether or not I am banned. Currently I'm still good.

I will create a new dummy Nintendo account as I plan on getting a new switch probably later down the line and I'd like to not lose my purchases if I end up banned.

As you can see I have only used SX OS 1.2, only offline, going once online to update my system firmware and then again to update the games. I have not played with any backups online, I have not even played splatoon online which I legitimately own, I have been offline the entire time.

I believe this the most detailed and concise experiment regarding backups being updated and I hope by the end we will have concrete proof regarding the matter.

*Notes: Some people have said that there is a chance accounts with a healthy transaction history might be getting special treatment vs someone who has never bought anything, so I figured that might be a variable worth noting

 

[fOmey]

I think you are misunderstanding something here. Any actions you perform regardless of your firmware doesn't make a difference, at least for now, because you must be on the latest firmware to get banned. The latest firmware has not changed since this data began being collected so I will acknowledge I have been lazy on this front. However, if you are asking users to report their actions on what firmwares, they may not remember it in such detail.

Also, the number crunching looks interesting. What would be even better if someone were to perform a couple of statistical tests to see if any of the differences are significant.

No.. I'm not saying that.. but if your merging reports from multiple firmware releases into the excel database you need to keep track of what firmware they were reported on.

Statistical tests? That's exactly what the percentages indicate..

Anyway best of luck.

The issue is you can't know you are banned unless you are on latest firmware

That's a great point... who knows 3/4 of these reports were made could have been made for bans months old.

 

[Draxzelex]

A user contacted Nintendo and was confirmed the reason why they were banned. Such information has been added to the OP as well as where that information originated from so please read up on that. To those too lazy to check, that person was banned for having no error logs after having sent error logs previously which Nintendo claims was a big red flag. Now in a red box in the first post, I will repeat myself: exercise great caution when you are clearing error logs.

 

[mariogamer]

I still don't understand the log thing? By clear log, was it a blank one? Or it not being sent.

 

[straKK]

A user contacted Nintendo and was confirmed the reason why they were banned. Such information has been added to the OP as well as where that information originated from so please read up on that. To those too lazy to check, that person was banned for having no error logs after having sent error logs previously which Nintendo claims was a big red flag. Now in a red box in the first post, I will repeat myself: exercise great caution when you are clearing error logs.

wow, that seems like quite a leap on nintendo's part. I wonder if they're omitting some hard evidence they had on the user.

Maybe this means that blocking telemetry isn't enough, and that a ban-safe CFW would need to generate fake, "normal" error logs to escape detection. Alternatively, I wonder if people who buy a Switch and immediately CFW it with a telemetry-suppressing CFW (like atmosphere 0.7) will escape this ban, since they might never send any error logs.

 

[Draxzelex]

I still don't understand the log thing? By clear log, was it a blank one? Or it not being sent.

The user in question as well as the rest of us send a lot of data to Nintendo. One of these things are error logs. You know, those error codes you see from time to time? If you've never encountered an error code, then your error log is probably empty. However, if you connect online, these error logs are sent to Nintendo. What happened to this particular user is that when he connected online, his Switch had no error logs despite having sent error logs previously meaning he hacked the console to clear them which resulted in a ban.