Lots of misinformation in this thread about what you can/can't do in 11.8, so I'm going to (try) to set the record straight.
The change that's being discussed is a change in the NIM module on the 3DS. NIM is the service which is responsible for downloading applications through the Nintendo CDN; it's the service which is used by the eShop to download and install games. Before 11.8, NIM only sent the titlekey to the CDN in order to verify that the download was allowed. Think of titlekeys as a sort of password for the CDN - if you had the right titlekey, you could always download the game. This is also why you could download games on a computer - there was no console specific information sent and thus the CDN didn't check what was downloading. As long as you sent the titlekey, the CDN sent the game.
Before we talk about the change, let's make sure we all understand what a ticket is. A ticket is a piece of data that's stored on your 3DS that is used by the 3DS OS to determine which games you own. The ticket consists of three main parts - the signature data, console specific data, and the titlekey. The entire ticket is signed by Nintendo, so it's impossible to replicate these tickets. If they're changed, or if someone tries to make their own ticket, the changed/new ticket will have an invalid signature. This means the ticket is what we call an invalid ticket. Before 11.8, only the 3DS console checked the signature of the ticket. This is why you need CFW to install CIAs - the ticket's signature is invalid, and the CFW patches out the signature check the 3DS would otherwise do. Up until 11.8, this solution worked fine, as there were no server side checks of the ticket.
This changed in 11.8, as NIM was updated to send two new headers whenever a download request is made to the Nintendo CDN. These two new headers are X-authentication-key and X-authentication-data. X-authentication data is the ticket installed on the console (encrypted), and X-authentication-key is the AES key used to encrypt the X-authentication-data field. The CDN then decrypts the data field and checks the signature of the ticket. Since the ticket was made by freeshop rather than by Nintendo, it fails the signature check and the CDN refuses to send the file. A brave member on the Nintendo Homebrew discord installed one of these invalid tickets and attempted to download from the eShop, which would've worked fine on 11.7, and confirmed that it broke on 11.8 and that Nintendo was now verifying tickets:
As of right now, CDN downloaders on computers and piracy apps like freeShop still work (with the exception of sleep mode downloads). This is because these downloaders don't send anything in the X-authentication-data and X-authentication-key fields. Currently, the CDN only refuses the download if the data in those fields is invalid. However, Nintendo frequently waits a week or two to impose new restrictions on the server. Once they require these two fields, all CDN downloaders will break permanently, as they are unable to supply proper X-authentication-key and X-authentication-data fields.
Nintendo can't stop CIAs that are dumped or downloaded from other sources than the CDN (yet), but 11.8 shows they do still care about piracy on the 3DS and are taking strides to stop it.
As for updates, they have their own tickets, and the eShop will happily provide valid tickets as long as the console has the title installed, so nothing in 11.8 will stop you from updating pirated applications.
That is correct - as of right now, Nintendo only validates the ticket is proper when downloading from the CDN. This might change in the future, but for now playing online with non-valid tickets is safe.Alright thank you for all the information! So if I got that right playing online should also still be fine right?
That's not as trivial as you make it sound - how do you ensure an actual transaction has occurred?it would be simple to break that app. Just dont allow a download unless an actual transaction has occurred.
No it updates while you're in the Home Menu with a popup and progress bar if you chose update now.
So logically, once all downloaders are broken the scene would have to move to a method where someone is buying the game and dumping it (then disrupting it). If memory serves me correctly this is how the scene begin with.
Yes, updates are their own title and as such have their own tickets - these tickets are handed out by the eShop if the console requests them under any circumstances. The reason it's done like this is because not all games are digital - Nintendo still has to be able to serve updates for cartridges, which don't have tickets, and thus can't be verified through the new CDN verification method.If I have a bunch of pirate titles installed, I should be able to download patches without issue. Only the ticket of the title in question is checked, so unless I want to download the title via eShop or(presumably when they lock it out) freeShop, I should be fine right? The console doesn't have to send a title's key to download a PATCH right? I mean you can just go to eShop manually and download the PATCH you want anyway. It should only be an issue if you are trying to outright download a pirate title right?
The invalid tickets generated by freeShop don't have Console ID, so theoretically they shouldn't be able to ban anyone through them. I still wouldn't take the chance, however, if you're concerned about being banned.In order to identify if a ticket is correct, a ticket must be provided containing the title ID, console ID, and Nintendo's sig on it. So if a correct ticket is received, both a valid signature AND an identifying console can be inferred. If however an invalid ticket is sent, it contains only the title ID. It is not valid, BUT also doesn't contain an identifying console, am I correct? Then Nintendo can spot a pirate request but just like a PC and a 3DS sharing an internet IP on a router, they will not be able to know if that pirate request came from a computer app or a console. Am I right? So then these requests could at most be turned down but not used to ID and ban systems?
This is correct.So logically, once all downloaders are broken the scene would have to move to a method where someone is buying the game and dumping it (then disrupting it). If memory serves me correctly this is how the scene begin with.
Thinking more about this I have two questions:
1. What about DLC? I would assume DLC is in the same boat as Updates as they have to address both physical and digtal games BUT there is these do (in most cases) require money.
2. In theroy if you had a game already downloaded on a 3DS via Freeshop and made a .cia from it (via GodMode9) and installed it on another 3DS, that would be similar to creating a .cia from any other source and should work fine?
2. I can confirm this works, i did it myself several times from my N3DSXL to my o2DS. Some games may not work because of missing seed (it will give a back screen when you boot the game or hang on 3DS logo) but you just need to import the seed from FBI while online. An alternative way is using hydroseed: https://gbatemp.net/threads/release-hydroseed-export-seeddb-bin-to-dat-files.486592/
Thanks for that explanation @astronautlevel! That makes a lot of sense.
So logically, once all downloaders are broken the scene would have to move to a method where someone is buying the game and dumping it (then disrupting it). If memory serves me correctly this is how the scene begin with.
Ah-yes, the dredded seed issue. Two thoughts about this.
What about apps like 3DSeSTUFF (the FunKeyCIA GUI/wrapper). If I understand it correctly it downloads a "seeded" CIA (again, might be my misunderstanding).
Or couldn't you download the seeddb.bin from that one site we shall not mention?
I am really confused still though. If i already have games downloaded from the pirate shop, is it fine? Or should i delete them? And what do i have to delete alongside with it? (Tickets, seeds, etc)?
Not only that, they are also obliged toward the publishers who use their eShop. Can you imagine how embarassing this must be for Nintendo in their relations with third parties?Nintendo HAS TO do something to stop piracy if they're going to keep releasing Nintendo 3DS titles, why would they bother releasing games for the 3DS when most people will just pirate them rather than pay for it. If you send me a private message I'll send you a screenshot of the app I'm talking about but I'm not going to promote it here. I have a feeling this is just the beginning Nintendo could very well start adding in more anti-piracy measures to make it closer to that of the Nintendo Switch.