Hacking Question XCI certificate for multiple Games

[noX1609]

Hi,

i know that Switch cartridges does have a certificate to authenticate that it‘s a legit gamecard.
We can already dump this certificate as i know.
But my question is: does every gamecard of the same game does have the same certificate on it or does every card of the same game have a unique certificate?

I ask because i came up with the question if it‘s possible to dump the certificate let‘s say from my cartridge of LA Noire and inject this into the xci file of another game (let‘s say Mariocart 8) will it be seen as ledgit on online play or not?
Don‘t want to do it (i do own all games i want to play) but had a discussion with a friend yesterday evening and because with both habe a different guess (i said it‘s not seen as ledgit and he says it would work) i thought i ask here because here are a lot of experts about the Switch‘s system and how it works.
Searched google before posting but couldn‘t find anything related to this question.
Hope someone can answer this question and hopefully can explain how it works (if for example every gamecard of LA Noire has the same certificate or different ones)

 

[Rel]

Hi,

i know that Switch cartridges does have a certificate to authenticate that it‘s a legit gamecard.
We can already dump this certificate as i know.
But my question is: does every gamecard of the same game does have the same certificate on it or does every card of the same game have a unique certificate?

I ask because i came up with the question if it‘s possible to dump the certificate let‘s say from my cartridge of LA Noire and inject this into the xci file of another game (let‘s say Mariocart 8) will it be seen as ledgit on online play or not?
Don‘t want to do it (i do own all games i want to play) but had a discussion with a friend yesterday evening and because with both habe a different guess (i said it‘s not seen as ledgit and he says it would work) i thought i ask here because here are a lot of experts about the Switch‘s system and how it works.
Searched google before posting but couldn‘t find anything related to this question.
Hope someone can answer this question and hopefully can explain how it works (if for example every gamecard of LA Noire has the same certificate or different ones)

All carts have a uniqiue certitficate, some people have been using the same cert for multiple games and the cert gets banned from online play later on as well as the console in some cases. From what I have seen though using larger game certs and the same type of cert (type 1 cert on type 1 games, type 2 on type 2 games) works longer for avoiding cert bans.
Here's a thread where someone is currently playing online with this method https://gbatemp.net/threads/xecuter...s-using-cert-from-another-game.508357/page-21

 

[noX1609]

@Rel: Thanks for your answer so it‘s correct what i said that one certificate for all games does work but has a huge ban risk because all cartridges does habe a unique certificate.
Beside that i‘m really surprised that each card has a different certificate because then they need to use a very long key because there are a lot games and thousands of copies of each game so they need a lot of certificates because there have to be no duplicates otherwise the system wouldn‘t work.
At least they learned someting after the 3DS because there was a single cert/ticket on digital games for every copy of a game so playing online with a correct copy was possible without getting banned in short time (exept if you played a game before it was released like Pokemon Sun&Moon or you downloded / played a lot of eshop games without buying them —> Freeshop or you used cheats/hacks in online multiplayer)
But exept the bans for playing Sun&Moon early there were no big ban waves if i remeber
correctly.

 

[Tke1]

I have dump my certificate from the game "Sine Mora EX" and played 3 days online splatoon , Mario Kart 8 and rocket league. Banned today after 3 days, Its only certificate ban (Fortnite ok and eshop too). Error : 2124-4025

 

[Draxzelex]

Every cartridge certificate is unique to some degree mostly because on top of online services and title ID, they can be redeemed for gold coins and only one certificate can be used at a time meaning Nintendo has a way of tracking them. We still don't fully understand everything inside the certificate, but they can ban people when there is a mismatch between the title ID of the certificate and the backup. See here for more info: https://www.reddit.com/r/SwitchHacks/comments/8rxg26/psa_strong_antipiracy_measures_implemented_by/

 

[Elliander]

I have dump my certificate from the game "Sine Mora EX" and played 3 days online splatoon , Mario Kart 8 and rocket league. Banned today after 3 days, Its only certificate ban (Fortnite ok and eshop too). Error : 2124-4025

It makes sense that it's only a cert ban, because if they console banned people for using either duplicate certs or a cert in the wrong place there are potential consequences to legit players.

For example, suppose I rented out a switch game and kept the certs on it and then played online with it. At the same time, being that it's a rental game, someone else is using the official cart. Nintendo would have no way of knowing which is the legitimate cart so if they banned the consoles that were using it they could inadvertently ban someone for using a rental game which might actually cause some problems because video game rentals are illegal in the US and it could be interpreted as an attack on video game rentals.

similarly, if you use the cert with some other game and someone else was playing the original game, they couldn't just ban the consoles using the cert because they run the risk of banning the wrong console.

My question would be this: what happens if you try to use two copies of the same cert on the same local play? Suppose I have two copies of the legit game, but of course I can't tell at a glance which is which and say I neglect to label them. Are there checks in place to keep them from playing together? That is to say, is there a reason to remove the certs from the file to look more like a scene release? similarly, if one of them is running a backup offline and the other is running the official cart online and they aren't playing online together, just locally playing together, is there any risk of a cert ban?

if there is, then that would actually create a whole new vulnerability. It would mean that the certificate information is transmitted over Wi-Fi two other switch consoles which would mean that someone could build a Snipping tool to farm for certificates for online play, so I really hope that Nintendo didn't do something stupid like Implement checks in this way.

 

[deltamind106]

It makes sense that it's only a cert ban, because if they console banned people for using either duplicate certs or a cert in the wrong place there are potential consequences to legit players.

The thing is, even just a cartridge cert ban can create consequences to legit players. If I rent a cartridge and dump it, and play online with the backup, and Nintendo bans that cartridge cert, then the next person who gets the rented cartridge isn't going to be able to play online.

This all assumes that the cert embedded in the cartridge is static data. Do we know this for sure? It would make a lot more sense if a cartridge contained a little piece of processing logic that allowed a challenge/response type protocol. (This is the way the chip embedded in your credit card works). The "cert" is not a piece of static data, but rather a piece of active logic that transforms a "challenge" (sequence of random bytes) into a unique "response" (a different sequence of bytes). Of course the "challenge" is different each time, and the actual transformation varies from cartridge to cartridge, probably by means of a unique key. With such a scheme, and when playing online, Nintendo's servers can "ask" the cartridge to transform the random challenge to a response, and if response is correct, then you are given the online access token to play online.

Cartridge dumpers could not duplicate this, and would protect the legit cartridge from being banned. Do we know for sure if the cartridge cert is just static data that is dumped? That's a poor design in my opinion, if Nintendo is banning cartridge certs, since legit rental cartridges could be banned for the next renter. (Not to mention 2nd hand used cartridges).