Hacking Cartridge dump vs eshop dump

[jucaa]

Is there any difference between installing a CIA dumped from the cartridge and one dumping from a digital game?
Like, is there a chance of ban by playing a game that was dumped from the cartridge, since lots of people will be playing with the "same cartridge"?

 

[The Catboy]

As far as I can tell, they are actually the same CIA regardless of what method you use to dump them.
I don't know the technical details, but when I dumped SMT IV Apocalypse from both the eShop and Cart, they appeared to register on my system with the same information. I used those as an example because I just happened to down both forms of that game at one point and time.

 

[CMDreamer]

I'm not so sure about that. Can Nintendo really tell if a dump is from a cart game or from a digital download? Is that possible?

I'm thinking about digital signatures so it might be more feasible than I first tought.

As far as I can tell, they are actually the same CIA regardless of what method you use to dump them.
I don't know the technical details, but when I dumped SMT IV Apocalypse from both the eShop and Cart, they appeared to register on my system with the same information. I used those as an example because I just happened to down both forms of that game at one point and time.

Did you by any change compared both dumps against each other? Like with a SHA-256 hash? That would let us know if they were really the very same.

 

[The Catboy]

I'm not so sure about that. Can Nintendo really tell if a dump is from a cart game or from a digital download? Is that possible?

I'm thinking about digital signatures so it might be more feasible than I first tought.



Did you by any change compared both dumps against each other? Like with a SHA-256 hash? That would let us know if they were really the very same.

That was literally months ago. Let me try and get everything setup, although it will most likely be using a CIA from freeShop. The dumped copy I used wasn't from my system and I've since deleted it.
I asked the same question the OP asked and just happened upon a situation where I could test it. I didn't find the results very interesting, so I didn't take mind to keeping notes or anything,

 

[The Catboy]

Did you by any change compared both dumps against each other? Like with a SHA-256 hash? That would let us know if they were really the very same.

Sorry for the long delay. I ended up grabbing the game using freeShop since the original eShop dump I had was long gone. I am hoping that didn't skew the results, but you gotta do what you gotta do. Then I dumped my own physical copy

They are treated as two different versions of the game.
This is what you get when you compare them side by side

so there does appear to be some differences between them. But of course this also brings up the question if Nintendo is actually able to tell these differences apart? Or even if Nintendo can tell that one from freeShop apart from a legally bought game or from a cart?

 

[CMDreamer]

Sorry for the long delay. I ended up grabbing the game using freeShop since the original eShop dump I had was long gone. I am hoping that didn't skew the results, but you gotta do what you gotta do. Then I dumped my own physical copy
View attachment 91248
They are treated as two different versions of the game.
This is what you get when you compare them side by side
View attachment 91250 View attachment 91252
so there does appear to be some differences between them. But of course this also brings up the question if Nintendo is actually able to tell these differences apart? Or even if Nintendo can tell that one from freeShop apart from a legally bought game or from a cart?

This gets more interesting... thanks for your time and patience to do this all...
And yes, the question remain unanswered... can N tell which version are you playing when online and if so, how?

The size of both dumps differ in about ~1.6 MB and the larger one is the cart dump.

What N can do is recover console data (firmware version mainly) that's why the "recent" ban-wave got started, unless the sending of it is disabled on config options.

So then, in essence, partially answering the OP's question: Actually we can't absolutely say yes, there's a difference on installing a cart dump vs an eshop dump, because (thanks to Crystal) has been confirmed that both dumps are not exactly the same, but internally to the OS it might be that they're the "same" but are being read from different sources (hardware -cart- vs software -eshop-) and security measures are different for each one.
Which makes me think that cart games are treated in a less strict way than e-shop games... could it be like so?

 

[Ryccardo]

Can Nintendo really tell if a dump is from a cart game or from a digital download?

Yes, the former use the famous "headers" specific to the individual rom chip, while all digital titles on a specific console share their online identity

They cannot know directly the source of said digital copies (multiplayer servers are separate from eShop license servers, cross checking is technically possible but takes actual work they don't bother with), just like they can't know the difference between an original game and a Sky

 

[The Catboy]

This gets more interesting... thanks for your time and patience to do this all...
And yes, the question remain unanswered... can N tell which version are you playing when online and if so, how?

The size of both dumps differ in about ~1.6 MB and the larger one is the cart dump.

What N can do is recover console data (firmware version mainly) that's why the "recent" ban-wave got started, unless the sending of it is disabled on config options.

So then, in essence, partially answering the OP's question: Actually we can't absolutely say yes, there's a difference on installing a cart dump vs an eshop dump, because (thanks to Crystal) has been confirmed that both dumps are not exactly the same, but internally to the OS it might be that they're the "same" but are being read from different sources (hardware -cart- vs software -eshop-) and security measures are different for each one.
Which makes me think that cart games are treated in a less strict way than e-shop games... could it be like so?

So another interesting note, installing the dumped cia still registers as "000400000019A200" to my system. So basically it doesn't matter if it's from the eShop or from the cart, the game still treated as system title "000400000019A200" Meaning to the system, the game is the same no matter what method it's being used to install/launch from. This also most likely means if the game is being fed back to Nintendo, they will most likely see it as "000400000019A200" indicating that you are playing SMTIV Apocalypse. I don't think Nintendo would actually be able to go deeper into that considering how the system handles the game. Basically to the 3DS, it doesn't matter how the game is being launched. So long as the signature/headers add up, the game will be treated the same way. From what I can tell, the cart and eShop games are treated identically to the system
I might be missing some technical details as this is all based on observations.

 

[Ryccardo]

so there does appear to be some differences between them.

Of course a cia converted from a physical game is different (for one it must be decrypted to edit the exheader to change the mediatype from card/internal to SD; then the ticket will be incomplete due to not having titlekeys, 9.6+ games won't use seed encryption either)

Even "eshop dumps" have a lot of variability, the only 100% accurate one is a Funkycia2 "personal" dump, except for the part no CFW was known to support installing/running them at least a year ago, everything else has at minimum the consoleid changed to "everyone", then you have tools based on dectitlekeys which of course don't put a correct enctitlekey in the ticket, etc

Not that the cia itself really matters, it's just an installation package... but if you wanted a 100% signed ticket, there's no alternative getting it from the eShop (everything else, contents and tmd, are free to download as mostly everyone knows )

 

[The Catboy]

Of course a cia converted from a physical game is different (for one it must be decrypted to edit the exheader to change the mediatype from card/internal to SD; then the ticket will be incomplete due to not having titlekeys, 9.6+ games won't use seed encryption either)

Even "eshop dumps" have a lot of variability, the only 100% accurate one is a Funkycia2 "personal" dump, except for the part no CFW was known to support installing/running them at least a year ago, everything else has at minimum the consoleid changed to "everyone", then you have tools based on dectitlekeys which of course don't put a correct enctitlekey in the ticket, etc

Not that the cia itself really matters, it's just an installation package... but if you wanted a 100% signed ticket, there's no alternative getting it from the eShop (everything else, contents and tmd, are free to download as mostly everyone knows )

I actually added another reply.
But I would like to add that my test still answered the OP's question to if there is a difference. To which is answer seems to be, kind of. But the differences don't seem to matter, since it seems it the system handles all games the same way.

 

[CMDreamer]

I actually added another reply.
But I would like to add that my test still answered the OP's question to if there is a difference. To which is answer seems to be, kind of. But the differences don't seem to matter, since it seems it the system handles all games the same way.

Yes, after your last reply I understand that. For the system it really doesn't matter the "source" of the game (cart or eshop), as it only identifies the title by an unique number and that's it. It can be seen as on the dumps made by ROM dumpers identifying them by a number and the name of the game.

Nice excercise... thanks!!!

 

[The Catboy]

Yes, after your last reply I understand that. For the system it really doesn't matter the "source" of the game (cart or eshop), as it only identifies the title by an unique number and that's it. It can be seen as on the dumps made by ROM dumpers identifying them by a number and the name of the game.

Nice excercise... thanks!!!

There is one thing that dawned on me shortly after making this post, but you can install CIAs for games not in the eShop. Which I find rather interesting because one would think that would be problematic with Nintendo if they could tell the difference.

 

[CMDreamer]

There is one thing that dawned on me shortly after making this post, but you can install CIAs for games not in the eShop. Which I find rather interesting because one would think that would be problematic with Nintendo if they could tell the difference.

So then, can they say if the game is on a cart or installed from a CIA? Or they just know it is "present" on a console? Too many questions come to my head actually...

 

[The Catboy]

So then, can they say if the game is on a cart or installed from a CIA? Or they just know it is "present" on a console? Too many questions come to my head actually...

Considering no one has ever been banned for running a game like Kingdom Hearts DDD from CIA, I don't think Nintendo can tell the difference. I think the only feedback Nintendo would be getting is, "Crystal is playing Kingdom Hearts DDD." and that's about it. Otherwise Nintendo would have easily been able to do another ban wave or even several ban waves.
It seems Nintendo just didn't think about treating these games any differently when they are launched. So they are just treated like the same game.

 

[CMDreamer]

Considering no one has ever been banned for running a game like Kingdom Hearts DDD from CIA, I don't think Nintendo can tell the difference. I think the only feedback Nintendo would be getting is, "Crystal is playing Kingdom Hearts DDD." and that's about it. Otherwise Nintendo would have easily been able to do another ban wave or even several ban waves.
It seems Nintendo just didn't think about treating these games any differently when they are launched. So they are just treated like the same game.

Which in terms of simplicity is ok, but not in terms of having a real unique ID of each game, anyway that'll mean a lot of data to work with. Keep it simple...

 

[Ryccardo]

I might be missing some technical details as this is all based on observations.

To say "treated identically by the system", we must first identify a "system", which isn't easy as there are relationships between more or less separate things...

The media type must be changed to make a physical game run from SD (as opposed to internal storage), this obviously changes some handling but I don't think the exact differences are documented

Content files downloaded from Nintendo have "1st layer" encryption, based mainly on titlekeys (and some other factors only linked to the individual title), that's what the "shallow" option of D9 is for; physical games have hardware encrypted data flowing out of the rom, but by the time you can see the card in GM9 or as a .3ds file, this has already been stripped

Each content/partition/ncch has encryption based mainly on one (selected by the title's header) of some keys preprogrammed in the console, plus seed if enabled; in theory this could be absolutely equal between physical and digital, however physical games always have the seed disabled (although it could technically work, it would add a stupid online requirement for the first launch), all titles converted between formats are usually fully decrypted due to the above edit requirement and then left that way

The titleid doesn't need to change in the conversion process (and it would be foolish to do so, given that then it wouldn't match update titles, miiverse groups, friends list data... plus some games outright break)
The version number in the cia header isn't processed correctly by every tool, but again a cia is unplayable as-is, and once installed all that remains are version numbers inside, not like it matters when most online games have update titles to install anyway
I don't know whether the console or the servers choose which type of header should be sent, or on which point this decision is based

Oh, and physical games are launched with an all-zero titleid, though they end up running as the correct one

 

[The Catboy]

To say "treated identically by the system", we must first identify a "system", which isn't easy as there are relationships between more or less separate things...

The media type must be changed to make a physical game run from SD (as opposed to internal storage), this obviously changes some handling but I don't think the exact differences are documented

Content files downloaded from Nintendo have "1st layer" encryption, based mainly on titlekeys (and some other factors only linked to the individual title), that's what the "shallow" option of D9 is for; physical games have hardware encrypted data flowing out of the rom, but by the time you can see the card in GM9 or as a .3ds file, this has already been stripped

Each content/partition/ncch has encryption based mainly on one (selected by the title's header) of some keys preprogrammed in the console, plus seed if enabled; in theory this could be absolutely equal between physical and digital, however physical games always have the seed disabled (although it could technically work, it would add a stupid online requirement for the first launch), all titles converted between formats are usually fully decrypted due to the above edit requirement and then left that way

The titleid doesn't need to change in the conversion process (and it would be foolish to do so, given that then it wouldn't match update titles, miiverse groups, friends list data... plus some games outright break)
The version number in the cia header isn't processed correctly by every tool, but again a cia is unplayable as-is, and once installed all that remains are version numbers inside, not like it matters when most online games have update titles to install anyway
I don't know whether the console or the servers choose which type of header should be sent, or on which point this decision is based

Oh, and physical games are launched with an all-zero titleid, though they end up running as the correct one

Thank you for the technical details! Observation can only tell one so much, but of course that's why I mentioned it so someone would correct me!

Which in terms of simplicity is ok, but not in terms of having a real unique ID of each game, anyway that'll mean a lot of data to work with. Keep it simple...

Refer to the post above mine for the more technical details. My tests are purely observation based. I don't completely know all the technical details, which is why I keep a shadow of doubt over my own posts. I am willing to admit, this is getting into unfamiliar territory for me, so I am learning/speculating as I go along.

 

[CMDreamer]

Thank you Ryccardo (I was about to unnecessarily quote your last comment entirely)... that kind of technical information is very welcome in my end. As it makes me understand more when problems arise. Excellent information! Molto grazie!

 

[jucaa]

Thanks for the excellent work everyone!

 

[The Real Jdbye]

In some cases, eShop dumps and cart conversions are significantly different, like in the case of Pokemon Sun/Moon, the cartridges were recognized as v0 whereas the eShop versions were a higher version number.
Nintendo could even use that info to tell if someone converted a cartridge dump to CIA, as it would be v0 but the private header used would be the console header, and not a cart header, and the version and header are both sent to the servers. Of course, as far as we know, they haven't done that, as they just banned everyone who went online early and left everyone else alone (until recently at least)
Also, that may not matter once an update is released as then the version number would be the same for both cart and CIA (although it may still send the original version number to the servers, I'm just assuming it doesn't)

Also, eShop dumps have a ticket that ties them to the eShop (if they are dumped properly), whereas Cart->CIA conversions don't (hence the "redownload" feature won't be available on cartridge dumps), they could potentially use that to tell them apart as well. eShop dumps are also closer to 1:1, although it's unclear if there are any other differences that could be used to detect if a game is a cartridge conversion.

Based on this I can say with relative certainty that eShop dumps are safer.
However, neither method is entirely safe and it's not clear what criteria Nintendo uses to ban people, so it may not matter at all what you use.

I would say that .3DS dumps with a private header (using either Sky or Gateway, it doesn't matter) are the absolute safest, with Sky having a slight edge because it doesn't require any modifications to the system so it should be completely undetectable in theory, although anti-piracy measures can and have been deployed to detect Sky3DS usage, but these have never been used as a basis for bans. Only newer games use these measures, and as long as Sky stays up to date with firmware updates to defeat antipiracy, and you don't run any games that have AP until Sky adds support for them, then Sky would still be undetectable.