Hacking Friend Got Banned Today Even Though He Did Not Connect Pre 11/18/16

[WeedZ]

i highly doubt its the date the adventure started, considering that legit 3ds users can set there date and time freely, meaning nintendo would be banning legit customers. Its most likely the version string

Not to mention they can't just root through your data and download save files to check their legitimacy. but again, how will they know your using version 0 as an installed cia?

 

[Sketchy1]

Not to mention they can't just root through your data and download save files to check their legitimacy. but again, how will they know your using version 0 as an installed cia?

dosent the 3ds check if your on the latest update of the software each time you connect? ie, when smash tell u to update it if the software is outdated?

 

[WeedZ]

BUT why would they purposley release there own mainseries? thats basicaly financial suicide. PLUS its only detectable if they went online, which many of us smarter ones havent

It was only a couple weeks prior, and if it is a popular series you would have largest possible net for hackers.

 

[Queno138]

the 022-2812 error hasn't been seen prior to the moon ban wave.

Except it has.

All the persistent miiverse hackers and repeat offenders got 002-0102 and 022-2812 at the same time a while back, and they're still banned.

002-0102 by itself doesn't mean temp, it depends on the conditions you got it.

They could just set a 15 day limit on their servers to restrict access,
or they could just set you in the blacklist without the timer expiry.

edit:
to further prove my point,
the date on the quote below dates back to Oct 31,
and 2812 is referred to as Hyperban.

Alright, so I should admit that I didn't really find a way to fully bypass a hyperban. Well, I did... but it's very temporary, and you'd have to do it every time you reboot. This will also only work for Nintendo Network ID-related services, no online stuff until some other day. It's otherwise pretty simple though, so here's how I did it, I guess.

1. Download the latest NTR CFW, and get this plugin.
2. Start up your 3DS, and launch NTR CFW.
3. Hit X+Y on the home menu, go down to 'Process explorer', and get to PID 21. Edit: PID 22 for New 3DS users
4. Use the touch screen scrollbar (or anything else) to get to 0x00117636.
   Here, you should see "X-Nintendo-Device-ID". Use the editor to change that to literally anything else, like "X-Nintendo-Dedede-ID". (X/Y is up/down when changing bytes)
5. Scroll down a bit more to find "X-Nintendo-FPD-Version", it was at 0x0011776E for me. Change that to "X-Nintendo-Device-ID; this is how you're going to actually make a difference. (Nintendo's servers don't actually care about your FPD version or Dedede ID; they track bans by the Device ID, and this is how we're changing it, since the actual device ID is nowhere to be found in the RAM.)
6. There's four ASCII zeroes right before X-Nintendo-FPD-Version; this is where it comes from. Change this to whatever you want, it really doesn't matter as long as everyone isn't using "0000" as a deviceID.
7. Do whatever until you reboot or close System Settings.

This isn't really the best method, and is only a proof-of-concept really. But hey, I had a Sunday deadline, and I had to show something. Maybe this could be made easier using an NTR plugin that does this directly, or maybe even something that could spoof the deviceID itself? Who knows?

I'm sorry if this isn't what you wanted. I'll go back into hibernation now.

 

[Sketchy1]

plus a version id of 0 indicates a cartridge of a game. BUT a hidden header indicates an eshop copy.

 

[WeedZ]

dosent the 3ds check if your on the latest update of the software each time you connect? ie, when smash tell u to update it if the software is outdated?

Version 0 doesn't require an update.

 

[GreaterDog]

May the T

The problem it not the sav, I believe was the 0 version or/and the Activity Log

formating the 3ds might help
it will remove the acitivity log which had the leaked version of the game

 

[Sketchy1]

Version 0 doesn't require an update.

BUT when we play it as a cia, the header is hidden because it uses the 3ds system header.

 

[WeedZ]

Except it has.

All the persistent miiverse hackers and repeat offenders got 002-0102 and 022-2812 at the same time a while back, and they're still banned.

002-0102 by itself doesn't mean temp, it depends on the conditions you got it.

They could just set a 15 day limit on their servers to restrict access,
or they could just set you in the blacklist without the timer expiry.

So it has been seen before. but that raises the question, how did they know he played early just from the error code? he said that's all he sent them.

--------------------- MERGED ---------------------------

BUT when we play it as a cia, the header is hidden because it uses the 3ds system header.

So?

 

[Sketchy1]

So it has been seen before. but that raises the question, how did they know he played early just from the error code? he said that's all he sent them.

--------------------- MERGED ---------------------------


So?

a cartridge game has a version of 0, and uses its own header when connecting online. A cia game had no header, and uses the systems own header when connecting and has a title version of either 16 or 32 for most games, incldicating an eshop download. A version of 0 and no header is an impossible combination and is easily seen by ninty

 

[WeedZ]

a cartridge game has a version of 0, and uses its own header when connecting online. A cia game had no header, and uses the systems own header when connecting and has a title version of either 16 or 32 for most games, incldicating an eshop download. A version of 0 and no header is an impossible combination and is easily seen by ninty

It does have a header, the 3ds's. that's why they can't tell. if they could we all would been banned almost 2 years ago. yet, only flashcard owners get banned for multi use of the same header.

 

[Sketchy1]

It does have a header, the 3ds's. that's why they can't tell. if they could we all would been banned almost 2 years ago. yet, only flashcard owners get banned for multi use of the same header.

by no header i simply mean its hidden, hence why its called a private header. nintendo cant see this header legally,, but are allowed to see whos actually using one at the time of connection

--------------------- MERGED ---------------------------

so they ban someone with a private header if its coupled with a version of 0

 

[WeedZ]

by no header i simply mean its hidden, hence why its called a private header. nintendo cant see this header legally,, but are allowed to see whos actually using one at the time of connection

That's not what that means. private headers are actually on game cartriges. installed software gets its header from the system. nothing is hidden.

--------------------- MERGED ---------------------------

"A Private Header is a piece of data from a legit physical copy of a game cart. This data is unique to a single game cart. It also exists somewhere in Nintendo's database which they use to check if how many people are using the same header online." Oct 23, 2015

 

[Sketchy1]

That's not what that means. private headers are actually on game cartriges. installed software gets its header from the system. nothing is hidden.

--------------------- MERGED ---------------------------

"A Private Header is a piece of data from a legit physical copy of a game cart. This data is unique to a single game cart. It also exists somewhere in Nintendo's database which they use to check if how many people are using the same header online." Oct 23, 2015

even if what your saying is true, nintendo can just simply check if the cart your using exists in this database. IF it dosent, they can assume your using a cia copy until they see a version of 0. A few minuets later and BAM your online access gets lumped

 

[RustInPeace]

BUT why would they purposley release there own mainseries? thats basicaly financial suicide. PLUS its only detectable if they went online, which many of us smarter ones havent

I'd replace that with "few" given the explosion of ban reports. It all started with one guy who worked at an electronics store or whatever, and one of the big threads here tracked the status of that, the 4chan member responsible for the leak, and apparently a future post by a close friend claiming the dumper is in deep shit with his employer. So with that known, I highly doubt Nintendo pulled some inside job.

 

[Sketchy1]

I'd replace that with "few" given the explosion of ban reports. It all started with one guy who worked at an electronics store or whatever, and one of the big threads here tracked the status of that, the 4chan member responsible for the leak, and apparently a future post by a close friend claiming the dumper is in deep shit with his employer. So with that known, I highly doubt Nintendo pulled some inside job.

if hes introuble for dumping it, then nintendo couldnt have been in on it, so thats one theory down

 

[WeedZ]

even if what your saying is true, nintendo can just simply check if the cart your using exists in this database. IF it dosent, they can assume your using a cia copy until they see a version of 0. A few minuets later and BAM your online access gets lumped

That's what we're discussing. the issue only arises when there is a conflict between two identical headers. there is nothing for them to reference so there is nothing to check. that's why you don't get banned for playing cia's of games that aren't on the eshop, or homebrew for that matter.

 

[Sketchy1]

so atm, our best theory is the header and version string theory. And even then, wit has its flaws. for instance, why hasnt nintendo incorporated this security before?

--------------------- MERGED ---------------------------

That's what we're discussing. the issue only arises when there is a conflict between two identical headers. there is nothing for them to reference so there is nothing to check. that's why you don't get banned for playing cia's of games that aren't on the eshop, or homebrew for that matter.

TRUE

--------------------- MERGED ---------------------------

if what @WeedZ is saying is true, there is either some new security we are not seeing, or an already present but miniscule one we are overlooking

 

[WeedZ]

so atm, our best theory is the header and version string theory. And even then, wit has its flaws. for instance, why hasnt nintendo incorporated this security before?

--------------------- MERGED ---------------------------


TRUE

Thats pretty much where were at. I don't want to say the version thing is impossible, I just think it's unlikely. the other concern is why only people that used the online features in game? I was online the whole time I played it and never got banned. but I didn't use any game features. it could be they are only montering those servers, which supports my theory this was planned all along. but of course this is all speculation.

 

[Sketchy1]

Thats pretty much where were at. I don't want to say the version thing is impossible, I just think it's unlikely. the other concern is why only people that used the online features in game? I was online the whole time I played it and never got banned. but I didn't use any game features. it could be they are only montering those servers, which supports my theory this was planned all along. but of course this is all speculation.

if thats the case, then maybe its not nintendo directly doing the bans. the pokemon company or gamefreak could simply be monitoring who went online and reported it to nintendo

--------------------- MERGED ---------------------------

OR it could even be that the 3ds dosent actually connect to nintendos servers unless the person operating it tells it to. Im pretty sure if it connected to nintendo each time, it wouldnt actually require loadin the eshop because its already connected? just leaving wireless on wont nessicarily connect to ninty servers?

--------------------- MERGED ---------------------------

thats what i came up with if your wireless was on and you didnt get banned