Lots of misinformation in this thread about what you can/can't do in 11.8, so I'm going to (try) to set the record straight.
The change that's being discussed is a change in the NIM module on the 3DS. NIM is the service which is responsible for downloading applications through the Nintendo CDN; it's the service which is used by the eShop to download and install games. Before 11.8, NIM only sent the titlekey to the CDN in order to verify that the download was allowed. Think of titlekeys as a sort of password for the CDN - if you had the right titlekey, you could always download the game. This is also why you could download games on a computer - there was no console specific information sent and thus the CDN didn't check what was downloading. As long as you sent the titlekey, the CDN sent the game.
Before we talk about the change, let's make sure we all understand what a ticket is. A ticket is a piece of data that's stored on your 3DS that is used by the 3DS OS to determine which games you own. The ticket consists of three main parts - the signature data, console specific data, and the titlekey. The entire ticket is signed by Nintendo, so it's impossible to replicate these tickets. If they're changed, or if someone tries to make their own ticket, the changed/new ticket will have an invalid signature. This means the ticket is what we call an invalid ticket. Before 11.8, only the 3DS console checked the signature of the ticket. This is why you need CFW to install CIAs - the ticket's signature is invalid, and the CFW patches out the signature check the 3DS would otherwise do. Up until 11.8, this solution worked fine, as there were no server side checks of the ticket.
This changed in 11.8, as NIM was updated to send two new headers whenever a download request is made to the Nintendo CDN. These two new headers are X-authentication-key and X-authentication-data. X-authentication data is the ticket installed on the console (encrypted), and X-authentication-key is the AES key used to encrypt the X-authentication-data field. The CDN then decrypts the data field and checks the signature of the ticket. Since the ticket was made by freeshop rather than by Nintendo, it fails the signature check and the CDN refuses to send the file. A brave member on the Nintendo Homebrew discord installed one of these invalid tickets and attempted to download from the eShop, which would've worked fine on 11.7, and confirmed that it broke on 11.8 and that Nintendo was now verifying tickets:
As of right now, CDN downloaders on computers and piracy apps like freeShop still work (with the exception of sleep mode downloads). This is because these downloaders don't send anything in the X-authentication-data and X-authentication-key fields. Currently, the CDN only refuses the download if the data in those fields is invalid. However, Nintendo frequently waits a week or two to impose new restrictions on the server. Once they require these two fields, all CDN downloaders will break permanently, as they are unable to supply proper X-authentication-key and X-authentication-data fields.
Nintendo can't stop CIAs that are dumped or downloaded from other sources than the CDN (yet), but 11.8 shows they do still care about piracy on the 3DS and are taking strides to stop it.
As for updates, they have their own tickets, and the eShop will happily provide valid tickets as long as the console has the title installed, so nothing in 11.8 will stop you from updating pirated applications.
Alright thank you for all the information! So if I got that right playing online should also still be fine right?
That is correct - as of right now, Nintendo only validates the ticket is proper when downloading from the CDN. This might change in the future, but for now playing online with non-valid tickets is safe.
That's not as trivial as you make it sound - how do you ensure an actual transaction has occurred?
Nintendo thought they were doing that already by verifying the tickets client-side, but after the 3DS got hacked the client side couldn't be trusted. Their changes in 11.8 do exactly what you said by verifying the ticket on the server side as well as the client side.
home menu popup... that still ends up using nintendo's eshop, you have to put your password for the eshop too so im pretty sure even if you use the popup menu on the 3ds to update it uses eshop.
Help me make sense of this.
QUESTION #1:
If I have a bunch of pirate titles installed, I should be able to download patches without issue. Only the ticket of the title in question is checked, so unless I want to download the title via eShop or(presumably when they lock it out) freeShop, I should be fine right? The console doesn't have to send a title's key to download a PATCH right? I mean you can just go to eShop manually and download the PATCH you want anyway. It should only be an issue if you are trying to outright download a pirate title right?
I capitalized PATCH because I want to distinguish from an application PATCH - which is extra data that has its own title and ticket data - and an outright UPDATED VERSION of an application - such as say, a new YouTube app, in which case the entire original application is replaced with an updated version. That's where a ticket would come in, right? Of course YouTube is free, I'm only providing a quick example.
Please correct me if I'm wrong.
QUESTION #2:
In order to identify if a ticket is correct, a ticket must be provided containing the title ID, console ID, and Nintendo's sig on it. So if a correct ticket is received, both a valid signature AND an identifying console can be inferred. If however an invalid ticket is sent, it contains only the title ID. It is not valid, BUT also doesn't contain an identifying console, am I correct? Then Nintendo can spot a pirate request but just like a PC and a 3DS sharing an internet IP on a router, they will not be able to know if that pirate request came from a computer app or a console. Am I right? So then these requests could at most be turned down but not used to ID and ban systems?
QUESTION #1:
If I have a bunch of pirate titles installed, I should be able to download patches without issue. Only the ticket of the title in question is checked, so unless I want to download the title via eShop or(presumably when they lock it out) freeShop, I should be fine right? The console doesn't have to send a title's key to download a PATCH right? I mean you can just go to eShop manually and download the PATCH you want anyway. It should only be an issue if you are trying to outright download a pirate title right?
I capitalized PATCH because I want to distinguish from an application PATCH - which is extra data that has its own title and ticket data - and an outright UPDATED VERSION of an application - such as say, a new YouTube app, in which case the entire original application is replaced with an updated version. That's where a ticket would come in, right? Of course YouTube is free, I'm only providing a quick example.
Please correct me if I'm wrong.
QUESTION #2:
In order to identify if a ticket is correct, a ticket must be provided containing the title ID, console ID, and Nintendo's sig on it. So if a correct ticket is received, both a valid signature AND an identifying console can be inferred. If however an invalid ticket is sent, it contains only the title ID. It is not valid, BUT also doesn't contain an identifying console, am I correct? Then Nintendo can spot a pirate request but just like a PC and a 3DS sharing an internet IP on a router, they will not be able to know if that pirate request came from a computer app or a console. Am I right? So then these requests could at most be turned down but not used to ID and ban systems?
Thanks for that explanation @astronautlevel! That makes a lot of sense.
So logically, once all downloaders are broken the scene would have to move to a method where someone is buying the game and dumping it (then disrupting it). If memory serves me correctly this is how the scene begin with.
So logically, once all downloaders are broken the scene would have to move to a method where someone is buying the game and dumping it (then disrupting it). If memory serves me correctly this is how the scene begin with.
Yes, updates are their own title and as such have their own tickets - these tickets are handed out by the eShop if the console requests them under any circumstances. The reason it's done like this is because not all games are digital - Nintendo still has to be able to serve updates for cartridges, which don't have tickets, and thus can't be verified through the new CDN verification method.
The invalid tickets generated by freeShop don't have Console ID, so theoretically they shouldn't be able to ban anyone through them. I still wouldn't take the chance, however, if you're concerned about being banned.
This is correct.
Thinking more about this I have two questions:
1. What about DLC? I would assume DLC is in the same boat as Updates as they have to address both physical and digtal games BUT there is these do (in most cases) require money.
2. In theroy if you had a game already downloaded on a 3DS via Freeshop and made a .cia from it (via GodMode9) and installed it on another 3DS, that would be similar to creating a .cia from any other source and should work fine?
1. What about DLC? I would assume DLC is in the same boat as Updates as they have to address both physical and digtal games BUT there is these do (in most cases) require money.
2. In theroy if you had a game already downloaded on a 3DS via Freeshop and made a .cia from it (via GodMode9) and installed it on another 3DS, that would be similar to creating a .cia from any other source and should work fine?
1. Not sure, maybe we'll still be able to download free stuff (patches, free DLCs, demos) from Freeshop or maybe it'll break the app completely. To be honest i recommend you to make backup of hard to find stuff right now if you can. Villain3DS is a good choice too.
2. I can confirm this works, i did it myself several times from my N3DSXL to my o2DS. Some games may not work because of missing seed (it will give a back screen when you boot the game or hang on 3DS logo) but you just need to import the seed from FBI while online. An alternative way is using hydroseed: https://gbatemp.net/threads/release-hydroseed-export-seeddb-bin-to-dat-files.486592/
Last edited by Mysuke,
Ah-yes, the dredded seed issue. Two thoughts about this.
What about apps like 3DSeSTUFF (the FunKeyCIA GUI/wrapper). If I understand it correctly it downloads a "seeded" CIA (again, might be my misunderstanding).
Or couldn't you download the seeddb.bin from that one site we shall not mention?
Correct, however there are alot of games that are not archived anywhere else because since installing directly via freeshop is so easy to use nobody has ever bothered to download a cia version using ciangel or one of the pc based tools much less upload it anywhere.
I am really confused still though. If i already have games downloaded from the pirate shop, is it fine? Or should i delete them? And what do i have to delete alongside with it? (Tickets, seeds, etc)?
I can't speak for 3DSeSTUFF but i personally used hydroseed some time ago and it worked fine (i did it just for science in case importing seed online doesn't work someday, like the servers going down).
It seems FBI can't use the seeddb.bin you're mentioning, it needs to be in a .dat file for each game separately. Hydroseed basically converts the seeddb.bin from that keys site to .dat files.
You don't even need to download seeddb.bin manually because hydroseed does that automatically if you configured it correctly. You pretty much get the seeds for all games available on that keys site.
After running Hydroseed successfully it'll create a "fbi" folder, just put that folder in your sd card root and you're good. Next time you install a CIA that requires a seed or use the "import seed" from FBI it should be good.
Yes, already downloaded games are safe. Though I would either make a cia of them with gm9 or redownload them with villian3ds so that once they stop working you can still reinstall them if necessary (like if you have to replace your 3ds).
what about the cia files you make that require injecting the seed or whatever. Will that continue to work in the future?
Not only that, they are also obliged toward the publishers who use their eShop. Can you imagine how embarassing this must be for Nintendo in their relations with third parties?
"So this game I released on your eShop of which you take 100% of the sales until I reach 1.000 units, how much did it sell so far?"
"We registered 48.000 downloads, sold 390 copies only though, so no money for you!"
-
Xdqwerty
what are you looking at?
-
-
-
-
-
-
-
-
-
-
@
AncientBoi:
And a part of my immediate family passed also. Sending my good suit to the cleaners for the funeral Saturday -
-
-
-
-
-
@
Xdqwerty:
@SylverReZ, may I ask you something? What are your favorite animes? (Aside of serial code lain)
-
-
@
Xdqwerty:
Mines are all the dragon ball animes. Im also enjoying Fullmetal alchemist and my hero academia+1
-
-
-
-
-
-
-
