Hacking Question Anyone played online with SX OS yet?

Quicksilver88

Well-Known Member
Member
Joined
Jan 26, 2013
Messages
616
Trophies
0
Age
51
XP
577
Country
United States
Exactly: Nintendo will be unable to tell who is the original owner. Is it the one who first got onilne? And what if he just rented it?
And what if a certificate generator will be made one day? The first one might be a pirate and the second one could be a retail customer and he'll see himself getting banned for no reason.

I'd love to see someone try this out and see if it works (spoilers: it will almost certainly will, although for how long, that we cannot tell)

EDIT: by "this" I mean putting the ID back instead of a blank one.

See I agree with Wazzu that you replied to. I don't think N will be banning people when a legit cart ID shows up a few times even if at the same time. They are likely going to blacklist cart IDs that show up a lot (so someone dumped it forgot to strip the cert and it gets highly sent around) and they are also going to blacklist carts with the cert 00 or FF out.

Really its the same old same old, you want online and backups....have two units. I did that with both x360 and ps3. Likely will wait on Switch to see what happens. I have very little interest in online gaming so even if it gets banned I am not sure I give a fig as long as it can do updates.
 
  • Like
Reactions: CymraegAce

sychotix

Well-Known Member
Member
Joined
Jul 26, 2011
Messages
103
Trophies
0
XP
696
Country
United States
While that may be true, with technological improvements also come encryption and cipher strength improvements. Currently 4096-bit encryption is one of the higher chains, but as compute power becomes stronger it will open up for much higher encryption availability because CPU's will be able to decrypt the data, or transfer the encrypted data at a higher efficiency.

True, but at least with the current implementation of quantum computing... they won't make for good home computers. They are good at doing one very complex task, not a bunch of small short ones. Lots of problems that still need solving, but to get back to the topic...

I hope that Nintendo ends up just banning backups but leaving the console/account alone... but we'll have to see.
 
  • Like
Reactions: Maximilious

LikeATrollFace

Well-Known Member
Newcomer
Joined
Apr 24, 2018
Messages
69
Trophies
0
Age
22
XP
160
Country
Netherlands
I heard someone say that if you're cert is banned you can still update your carts. If this is true, why don't we just use a banned cert to update backups? Not on your own switch ofcourse, maybe use a banned switch, an emulator or try to download it manually from the CDN.
 

Jaimy

Well-Known Member
Member
Joined
Dec 2, 2016
Messages
135
Trophies
0
Age
41
XP
391
Country
United States
I have made my own .xci dump of Ultra Street Fighter 2 The Final Challangers.
I checked beforehand if online is working when the cart is inserted and used, it does. If I use TX to load the .xci (without the legit cart inserted obviously) it will not let me play online. I have also tried inserting my own cert into BBB backups, which resulted in the same error. :teach:

Did you make the dump with certificate?
 

don_luca

Well-Known Member
Newcomer
Joined
Jun 19, 2015
Messages
45
Trophies
0
Age
35
XP
85
Country
Italy
I have made my own .xci dump of Ultra Street Fighter 2 The Final Challangers.
I checked beforehand if online is working when the cart is inserted and used, it does. If I use TX to load the .xci (without the legit cart inserted obviously) it will not let me play online. I have also tried inserting my own cert into BBB backups, which resulted in the same error. :teach:

Thanks for trying this out, this is most interesting.

So it looks like the issue does not reside with the certificate or the dumps, but in SX OS itself and how it communicates with the Nintendo servers.
 

Crazy-S

Pessimist
Member
Joined
Jun 18, 2007
Messages
229
Trophies
0
Location
Ask NSA, KGB, or BND
Website
dasbutterschnitzel.com
XP
1,300
Country
Germany
Thanks for trying this out, this is most interesting.

So it looks like the issue does not reside with the certificate or the dumps, but in SX OS itself and how it communicates with the Nintendo servers.
Has anyone considered, that TX has maybe implementet a "safety" feature that prevents loaded Games to communicate with Nintys Online Gaming servers?
 
  • Like
Reactions: Frexxos and Rel

don_luca

Well-Known Member
Newcomer
Joined
Jun 19, 2015
Messages
45
Trophies
0
Age
35
XP
85
Country
Italy
Has anyone considered, that TX has maybe implementet a "safety" feature that prevents loaded Games to communicate with Nintys Online Gaming servers?

It doesn't make much sense to cripple your own software to me, but, yeah, this could be a possibility.

EDIT: actually, no, because people have been updating their games using SX OS, so it would mean that they are able to block only the multiplayer servers and I'm not even sure if they are on the same machine with the game patches.

EDIT 2: another interesting point could be that the software used to make dumps isn't 100% accurate and can't make a proper 1:1 dump of the game card.
 
Last edited by don_luca,

Rel

Well-Known Member
Member
Joined
Jun 4, 2018
Messages
237
Trophies
0
XP
474
Country
United States
I have made my own .xci dump of Ultra Street Fighter 2 The Final Challangers.
I checked beforehand if online is working when the cart is inserted and used, it does. If I use TX to load the .xci (without the legit cart inserted obviously) it will not let me play online. I have also tried inserting my own cert into BBB backups, which resulted in the same error. :teach:
Interesting, so backups do not work online without the cart inserted. I wonder if this was done intentionally by TX.
 
Last edited by Rel,

sychotix

Well-Known Member
Member
Joined
Jul 26, 2011
Messages
103
Trophies
0
XP
696
Country
United States
It doesn't make much sense to cripple your own software to me, but, yeah, this could be a possibility.

EDIT: actually, no, because people have been updating their games using SX OS, so it would mean that they are able to block only the multiplayer servers and I'm not even sure if they are on the same machine with the game patches.

EDIT 2: another interesting point could be that the software used to make dumps isn't 100% accurate and can't make a proper 1:1 dump of the game card.

Or could it possibly be the already documented anti-piracy techniques that Nintendo implemented? :thinking:

https://gbatemp.net/threads/psa-str...es-implemented-by-nintendo-for-online.507826/
 

don_luca

Well-Known Member
Newcomer
Joined
Jun 19, 2015
Messages
45
Trophies
0
Age
35
XP
85
Country
Italy
Or could it possibly be the already documented anti-piracy techniques that Nintendo implemented? :thinking:

https://gbatemp.net/threads/psa-str...es-implemented-by-nintendo-for-online.507826/

Which is a very detailed guideline (which you've clearly not read/understood) on how authentication works.

Everything right now is revolving around the point 4, we have an authentic certificate and yet our authentication gets rejected (after being initially accepted!!! Which means that SX OS *is* somehow transparent to the Nintendo Servers, as we're able to download content, even game updates, from it), so there's something missing in the process to create a proper token.

By quoting the steps we have:

1. Your console gets a device authorization token from dauth for the aauth client ID.

We're able to do this as previously shown, otherwise we wouldn't be able to download content from Nintendo.

2. Your console retrieves its certification to play the title it's trying to connect online with, and sends that to aauth.

This is where the things get messy and we don't have a sufficient level of detail about what happens.

We know that:

  • If you are playing a gamecard, your certification is your gamecard's unique certificate. This is signed by Nintendo using RSA-2048-PCKS#1 at the time your gamecard is written, and contains encrypted information about your gamecard (this includes what game is on the gamecard, among other, unknown details).
  • In the gamecard case, the data uploaded to aauth is "application_id=%016llx&application_version=%08x&device_auth_token=%.*s&media_type=GAMECARD&cert=%.*s", formatted with the title ID for the game being played, the version of the game being played, the token retrieved from dauth, and the gamecard's certificate (retrieved from FS via the "GetGameCardDeviceCertificate" command), formatted as url-safe base64.
  • This code lives at .text+0x7DE1C for 5.0.0 account.

Until now, we have been speculating that the biggest problem would be the gamecard's unique certificate, but thanks to @dashkiller 's efforts, we know that there's something more, as he has a dump of his own genuine game card – and it's not working.
We have all the params we need for the aauth string, yet there's something amiss which, at this point, could be only the dauth token which is kinda strange as we're able to download game updates with it and access the eShop.

Thus, more investigation is needed, because there's clearly something missing in the chain.

EDIT: or, of course, the dumper not doing a proper 1:1 dump.
 
Last edited by don_luca,
  • Like
Reactions: dashkiller

CaptainLoozer

Well-Known Member
Member
Joined
Dec 29, 2015
Messages
212
Trophies
0
XP
556
Country
United States
Is it safe to play online with own created backups, so the created xci file is unique?

We. Don't. Know.

P.S. This is honestly the answer to every "Is is safe to ..." question out there regarding doing anything with your switch that it wasn't intended by nintendo for it to do.
 
Last edited by CaptainLoozer,

sychotix

Well-Known Member
Member
Joined
Jul 26, 2011
Messages
103
Trophies
0
XP
696
Country
United States
Which is a very detailed guideline (which you've clearly not read/understood) on how authentication works.

Everything right now is revolving around the point 4, we have an authentic certificate and yet our authentication gets rejected (after being initially accepted!!! Which means that SX OS *is* somehow transparent to the Nintendo Servers, as we're able to download content, even game updates, from it), so there's something missing in the process to create a proper token.

No, I did read and understood the majority of the post. We don't yet understand what SX OS is doing under the covers to load the game. Any one of the parameters could be off, causing Nintendo's servers to reject online access. What would be interesting is if he sniffed the traffic from his switch to determine if the parameters are behaving as expected when booting through the cart or through SX OS.

For all we know, SX OS could be booting the game as a "digital" game, and since he dumped a cart game, Nintendo rejects it.
 
  • Like
Reactions: don_luca

CaptainLoozer

Well-Known Member
Member
Joined
Dec 29, 2015
Messages
212
Trophies
0
XP
556
Country
United States
No, I did read and understood the majority of the post. We don't yet understand what SX OS is doing under the covers to load the game. Any one of the parameters could be off, causing Nintendo's servers to reject online access. What would be interesting is if he sniffed the traffic from his switch to determine if the parameters are behaving as expected when booting through the cart or through SX OS.

For all we know, SX OS could be booting the game as a "digital" game, and since he dumped a cart game, Nintendo rejects it.

Actually we do know that it's actually NOT doing that since it doesn't actually install the title. It just emulates the cartridge being inserted and redirects it to the SD files.
 
General chit-chat
Help Users
    Psionic Roshambo @ Psionic Roshambo: https://www.google.com/amp/s/kotaku.com/dark-souls-ii-x-stone-cold-steve-austin-crossover-is-ve-1...