Hacking Discussion [PSA] SX OS Banwave is here!!!

V

V-Temp

Well-Known Member
Member
Level 8
Joined
Jul 20, 2017
Messages
1,227
Trophies
0
Age
34
XP
1,342
Country
United States
aekotra said:
No, I'm not making suggestions on what they should have done. I'm saying the fact that they didn't build it that way likely means that they have no way of validating game data at all right now, nor are they looking for it.
Click to expand...

I wouldn't assume any of this. You could, briefly, go online without even having a valid cert (SX1.0 without a working cert). Then it suddenly stopped working and required an update or a cart.

Something changed. The carts absolutely are identified uniquely because they are linked to specific gold coins and predefined. Either they're leaving up an easy to watch net or they haven't created an automated rejection process after getting a cert.

If they can ban a cart cert (which they have for Scires) they know what the cert is from.

--------------------- MERGED ---------------------------

It's possible the only thing it checks at the moment is dupes, and for a while wasn't even checking validity until it was activated. This would explain current beahvior.

But the moment they parse old data for authentication grants between games and see a repeating code over multiple games, that'd be an obvious and trivial ban.
 
A

aekotra

Active Member
Newcomer
Level 2
Joined
Oct 26, 2014
Messages
33
Trophies
0
Age
38
XP
141
Country
Canada
V-Temp said:
I wouldn't assume any of this. You could, briefly, go online without even having a valid cert (SX1.0 without a working cert). Then it suddenly stopped working and required an update or a cart.
Click to expand...

This was because SX1.0 didn't emulate the cert heartbeat check. This was an auth failure by eventual timeout, not "invalid cert".

V-Temp said:
Something changed. The carts absolutely are identified uniquely because they are linked to specific gold coins and predefined. Either they're leaving up an easy to watch net or they haven't created an automated rejection process after getting a cert.

If they can ban a cart cert (which they have for Scires) they know what the cert is from.
Click to expand...

Carts are identified uniquely because they are immutable: I can't replace its hardcoded cert, so the game data is guaranteed by this fact. This is not true for backups.
 
V

V-Temp

Well-Known Member
Member
Level 8
Joined
Jul 20, 2017
Messages
1,227
Trophies
0
Age
34
XP
1,342
Country
United States
aekotra said:
This was because SX1.0 didn't emulate the cert heartbeat check. This was an auth failure by eventual timeout, not "invalid cert".

Carts are identified uniquely because they are immutable: I can't replace its hardcoded cert, so the game data is guaranteed by this fact. This is not true for backups.
Click to expand...

My point was that no cert still passed auth briefly, regardless of what reason there was for it eventually failing.

Redeeming gold coins based on data passed rather than the cert makes little sense, regardless of the nature of a cart. The cart passes ID and the game passes it's own TitleID, and this gives auth if both are valid. Scires' never said this would fail auth if they mismatched, as that would have been an assumption. His warning was about it leading to a ban, similarly this was a warning about LayeredFS sending the wrong cert for a game. It wasn't about failing auth, it was about being obvious to cop a ban.

LayeredFS was going online with the wrong cert before Scires wrote his post. So he knew that the wrong cert to game could get past auth.

And again, reusing a cert is obvious all the same on their end. It would be the same a duplicate. They'd need only parse their access logs to find such an obvious abuse.
 
Last edited by V-Temp,
A

aekotra

Active Member
Newcomer
Level 2
Joined
Oct 26, 2014
Messages
33
Trophies
0
Age
38
XP
141
Country
Canada
V-Temp said:
My point was that no cert still passed auth briefly, regardless of what reason there was for it eventually failing.
Click to expand...

Not necessarily, it depends on how how the system is designed. For example, the initial cert check may be the first heartbeat, and so would naturally have timeout leniency. In the meantime, Nintendo has authenticated your Nintendo account and begun the online session. The heartbeat times out and only then is the connection severed.

But we don't need to know the details. AFAIA you can't get online with an invalid cert in SX1.1. You get rejected immediately. That's the whole point of the auth system.


V-Temp said:
Redeeming gold coins based on data passed rather than the cert makes little sense, regardless of the nature of a cart.
Click to expand...

I don't suggest things are done that way, so I don't know what your point is.

V-Temp said:
Scires' never said this would fail auth if they mismatched, as that would have been an assumption.
Click to expand...

I never suggested Scires said that either. He said:
In the gamecard case, Nintendo can detect whether or not the user connecting has data from a Nintendo-authorized gamecard for the correct title.

I'm saying that's unlikely that they ever intended on checking this and explained my rationale. Elaborated below, there is no point in "detecting and banning" if they could have just designed the auth system to not allow it at all.

V-Temp said:
LayeredFS was going online with the wrong cert before Scires wrote his post. So he knew that the wrong cert to game could get past auth.
Click to expand...

Are you saying people have been injecting valid certs from other games using LayeredFS? I've seen no evidence of that. The link in my original comment is the first instance of that happening as far as I'm aware.


V-Temp said:
And again, reusing a cert is obvious all the same on their end. It would be the same a duplicate. They'd need only parse their access logs to find such an obvious abuse.
Click to expand...

You can only play one game at a time, so the cert only appears on the network once at a time regardless of how many of your backups use an identical cert. There is no duplicate. What exactly do you expect to show up in their logs?


My point in all my previous posts stands: if "reusing" a cert is so obvious, they would have built protection into the auth to begin with.

Let me give you a concrete example:

What they're doing:
Nintendo: "send the game's cert"
Switch: "here is the cert"
N: "OK we signed this cert, access granted"

What they COULD be doing:
Nintendo: "send the game's cert"
Switch: "here is the cert"
Nintendo: "hash the loaded game and send it"
S: "here is the hash"
N: "We signed this cert, but the hash does not match the one present in the cert"
N: "game over"

If it's so obvious, why didn't they DESIGN certs to validate the game data and do the SIMPLE check above? Because they didn't forsee a situation where a cert would exist in any game other than the one it was made with. In other words, they weren't looking for it, and unless they read this post they are probably still not. Certainly, they will in the future but the damage is already done: something they could have prevented completely they now have to try to "detect".
 
Last edited by aekotra,
  • Like
Reactions: MYFW
E

einfachGaer

Active Member
Newcomer
Level 3
Joined
Feb 1, 2018
Messages
25
Trophies
0
Age
29
XP
369
Country
Germany
aekotra said:
Not necessarily, it depends on how how the system is designed. For example, the initial cert check may be the first heartbeat, and so would naturally have timeout leniency. In the meantime, Nintendo has authenticated your Nintendo account and begun the online session. The heartbeat times out and only then is the connection severed.

But we don't need to know the details. AFAIA you can't get online with an invalid cert in SX1.1. You get rejected immediately. That's the whole point of the auth system.




I don't suggest things are done that way, so I don't know what your point is.



I never suggested Scires said that either. He said:
In the gamecard case, Nintendo can detect whether or not the user connecting has data from a Nintendo-authorized gamecard for the correct title.

I'm saying that's unlikely that they ever intended on checking this and explained my rationale. Elaborated below, there is no point in "detecting and banning" if they could have just designed the auth system to not allow it at all.



Are you saying people have been injecting valid certs from other games using LayeredFS? I've seen no evidence of that. The link in my original comment is the first instance of that happening as far as I'm aware.




You can only play one game at a time, so the cert only appears on the network once at a time regardless of how many of your backups use an identical cert. There is no duplicate. What exactly do you expect to show up in their logs?


My point in all my previous posts stands: if "reusing" a cert is so obvious, they would have built protection into the auth to begin with.

Let me give you a concrete example:

What they're doing:
Nintendo: "send the game's cert"
Switch: "here is the cert"
N: "OK we signed this cert, access granted"

What they COULD be doing:
Nintendo: "send the game's cert"
Switch: "here is the cert"
Nintendo: "hash the loaded game and send it"
S: "here is the hash"
N: "We signed this cert, but the hash does not match the one present in the cert"
N: "game over"

If it's so obvious, why didn't they DESIGN certs to validate the game data and do the SIMPLE check above? Because they didn't forsee a situation where a cert would exist in any game other than the one it was made with. In other words, they weren't looking for it, and unless they read this post they are probably still not. Certainly, they will in the future but the damage is already done: something they could have prevented completely they now have to try to "detect".
Click to expand...
What if there is one guy working for N, who is reading along and is able to give information to the specific team inside N to actually implement such a cert check?
We fuk'd!
 
A

andre1891

Well-Known Member
Member
Level 5
Joined
Sep 12, 2015
Messages
119
Trophies
0
Age
33
XP
580
Country
Gambia, The
aekotra said:
Not necessarily, it depends on how how the system is designed. For example, the initial cert check may be the first heartbeat, and so would naturally have timeout leniency. In the meantime, Nintendo has authenticated your Nintendo account and begun the online session. The heartbeat times out and only then is the connection severed.

But we don't need to know the details. AFAIA you can't get online with an invalid cert in SX1.1. You get rejected immediately. That's the whole point of the auth system.




I don't suggest things are done that way, so I don't know what your point is.



I never suggested Scires said that either. He said:
In the gamecard case, Nintendo can detect whether or not the user connecting has data from a Nintendo-authorized gamecard for the correct title.

I'm saying that's unlikely that they ever intended on checking this and explained my rationale. Elaborated below, there is no point in "detecting and banning" if they could have just designed the auth system to not allow it at all.



Are you saying people have been injecting valid certs from other games using LayeredFS? I've seen no evidence of that. The link in my original comment is the first instance of that happening as far as I'm aware.




You can only play one game at a time, so the cert only appears on the network once at a time regardless of how many of your backups use an identical cert. There is no duplicate. What exactly do you expect to show up in their logs?


My point in all my previous posts stands: if "reusing" a cert is so obvious, they would have built protection into the auth to begin with.

Let me give you a concrete example:

What they're doing:
Nintendo: "send the game's cert"
Switch: "here is the cert"
N: "OK we signed this cert, access granted"

What they COULD be doing:
Nintendo: "send the game's cert"
Switch: "here is the cert"
Nintendo: "hash the loaded game and send it"
S: "here is the hash"
N: "We signed this cert, but the hash does not match the one present in the cert"
N: "game over"

If it's so obvious, why didn't they DESIGN certs to validate the game data and do the SIMPLE check above? Because they didn't forsee a situation where a cert would exist in any game other than the one it was made with. In other words, they weren't looking for it, and unless they read this post they are probably still not. Certainly, they will in the future but the damage is already done: something they could have prevented completely they now have to try to "detect".
Click to expand...
As im understanding you Right. You can usw the same legit Header multiple Times. Injected it into different Backups and still play Online with it on OFW? (But you cant play the Games with the Same Cert at the same Time)
And Nintendo wont Detect that?
 
Last edited by andre1891,
nikeymikey

nikeymikey

This is now a Spiderman thread.........
Member
Level 11
Joined
Nov 19, 2008
Messages
1,510
Trophies
1
XP
2,447
Country
United Kingdom
@Draxzelex Here’s my answers.
  • Banned: N
  • If banned, provide proof (video preferred)
  • Used any CDN Downloader: N
  • Unchecked "Send Errors" in Menu: Y
  • Cleared Error Logs prior to going Online with nx-dreport: Y
  • SX OS used offline: Y
  • SX OS used online: N
  • Played with SX Backups online: N
  • Layered FS Used offline: N
  • Layered FS Used online: N
  • Played with Layered FS Injects online: N
  • Homebrew Offline: Y
  • Connect internet with homebrew: N
  • Connect to eShop during CFW: N
  • Played with Layered FS Injects with OwnCert.: N
  • Does the Eshop work: Y
  • Backups updated: Y OFW
  • WiFi settings deleted: N
  • Airplane mode: Y
  • AutoRCM: N
  • SX OS Version used when Online: 1.1 never online
  • Auto Game Update/Downloads deactivated: N
Will update if a ban occurs.
 
  • Like
Reactions: Draxzelex
Hernie

Hernie

Well-Known Member
Member
Level 6
Joined
May 11, 2018
Messages
121
Trophies
0
Age
46
XP
848
Country
United States
I haven't seen anyone post about this, but does anyone know if the "recently played" info gets sent to Ninty? If you look under your profile, the games show up there. Not sure if the game cart id's are info that's stored there as well or if there's anyway to clear that.
 
V

Viri

Well-Known Member
Member
Level 17
Joined
Sep 13, 2009
Messages
4,223
Trophies
2
XP
6,811
Country
United States
Ping Long says no refunds, but he beat his child laborers for allowing this to happen. Also threaten to lower their pay checks from 5 cents a day to 4 cents a day.
 
Altina

Altina

Well-Known Member
Newcomer
Level 9
Joined
May 30, 2018
Messages
72
Trophies
0
XP
1,633
Country
United States
Hernie said:
I haven't seen anyone post about this, but does anyone know if the "recently played" info gets sent to Ninty? If you look under your profile, the games show up there. Not sure if the game cart id's are info that's stored there as well or if there's anyway to clear that.
Click to expand...

Yup, play activity info is sent to Nintendo’s server, so your friends can see it too when they check your profile.
 
Hernie

Hernie

Well-Known Member
Member
Level 6
Joined
May 11, 2018
Messages
121
Trophies
0
Age
46
XP
848
Country
United States
Altina said:
Yup, play activity info is sent to Nintendo’s server, so your friends can see it too when they check your profile.
Click to expand...
I'm surprised that no one has come up with a way to clear that, or even make it not save those at all.
 
D

DeletedMember411838

Guest
Hernie said:
I haven't seen anyone post about this, but does anyone know if the "recently played" info gets sent to Ninty? If you look under your profile, the games show up there. Not sure if the game cart id's are info that's stored there as well or if there's anyway to clear that.
Click to expand...

I told people this a long long time ago.

Not only that, but check your email, when you first launch game it sends you an email telling you "how do you like XXX games, and come claim your coins"

I have gotten emails like that for every game that I bought new, used games I haven't. So they are doing a coin validity check when you first launch the game.

GG bans going to be everywhere.

They emails I got all went to pormotions folder btw in Gmail, which makes them easy to miss. My wife was the first to launch another of our games, and hers went to her spam folder so check their too.

Of course that may be because we never turned send data to Nintendo off, guess I will try that for the next new game.

Also it takes awhile after you buy the game, a week or 2 later you get the email.
 
Last edited by ,
D

DeletedMember411838

Guest
Frexxos said:
Thats not good. Piracy and ban people okay I get it. But only for save editing and backupping... snap thats not fair...
Click to expand...

Umm nope, They 100% need to ban all save editors.

People like the one you quoted, I feel sorry for, but that is the only way to stop the scumbags that cheat on online multiplayer games, I have seen plenty of save editing bullshit on Splatoon thanks. I know everyone doesnt do that, but whats that saying about 1 bad apple?
 
  • Like
Reactions: valrond

Site & Scene News

Go to forum More news

Popular threads in this forum

Homebrew Tutorial  Building Pagascape from source to running Self Hosted mode on Windows and MSYS

mig switch not working/updating??

Hacking Homebrew Tutorial  Portable PegaScape (Win32)

Hacking Misc  Getting the MIG Switch to load an XCI dump without its original Initial Data

Fusee.bin with the new Pre-release of Atmoshere 1.7.0

DBI language error

Emulation Homebrew Tutorial  Building SM64 for Nintendo Switch from sm64ex-alo Repository

Homebrew Tutorial  Setup a DevKitPro environment on Windows.

General chit-chat
Help Users
  • Psionic Roshambo @ Psionic Roshambo:
    Find the studio rips, like a few GBs per song lol
  • Xdqwerty @ Xdqwerty:
    @Psionic Roshambo, game boys per song?
  • Psionic Roshambo @ Psionic Roshambo:
    I used to have a few of those with Direct Sound on XP and Audigy Platinum sound card with high end speakers was a glorious time for audio
  • Psionic Roshambo @ Psionic Roshambo:
    Lol no Gigabytes per song
  • K3Nv2 @ K3Nv2:
    Some websites have full studio rips of production kind of hard to find for obvious reasons
     +1
  • Psionic Roshambo @ Psionic Roshambo:
    Not sure current audio codec based sound built in to motherboards can handle the bit depth those used
  • Xdqwerty @ Xdqwerty:
    @Psionic Roshambo, I just use mp3 files of the best quality i can find
     +1
  • K3Nv2 @ K3Nv2:
    I say fuck it and open Spotify 80% of your musics already on it probably
     +1
  • Xdqwerty @ Xdqwerty:
    or just put in on yt
  • Psionic Roshambo @ Psionic Roshambo:
    Xdqwerty for most people hearing anything better than 256Kbps MP3 they cannot tell the difference
  • Xdqwerty @ Xdqwerty:
    play the songs video
  • K3Nv2 @ K3Nv2:
    Audiophiles mjs second allegation
  • Psionic Roshambo @ Psionic Roshambo:
    Lol
  • Psionic Roshambo @ Psionic Roshambo:
    Pedo Audio what ever MJ was into he lost a glove
  • K3Nv2 @ K3Nv2:
    Mjs glove fit
  • Psionic Roshambo @ Psionic Roshambo:
    Billies Jeans did not
  • K3Nv2 @ K3Nv2:
    Mj you are the father
  • K3Nv2 @ K3Nv2:
    Wifi 7 routers are already out
  • The Real Jdbye @ The Real Jdbye:
    and i'm still here on wifi 5
  • The Real Jdbye @ The Real Jdbye:
    all my stuff is wired anyway
  • The Real Jdbye @ The Real Jdbye:
    what annoys me is my server has 2.5g but i have nothing else that does
  • K3Nv2 @ K3Nv2:
    No real point in 7 unless you have 5gb which no real point in it
  • Xdqwerty @ Xdqwerty:
    wdym with wifi number
  • K3Nv2 @ K3Nv2:
    It's just a radio frequency
  • Xdqwerty @ Xdqwerty:
    ok
    Xdqwerty @ Xdqwerty: ok