How Does Nintendo Detect Console Bans?

[hollowtip]

I'm just curious how Nintendo actually detect console bans is this specifically due to the NAND or some unique keys that the console has? Also, couldn't you theoretically use an unbanned console and clone the firmware/software or keys and transfer that to the banned switch (as long as the hardware versions on each switch match)?

I know this would probably be extremely difficult to do, but would these be theoretically possible? what exactly prevents someone copying the firmware/keys/software to transfer from one Switch to another?

Again, I'm just curious.

 

[thesjaakspoiler]

I'm not an expert on encryption but this is my understanding :
Each CPU in the Switch has a unique key that cannot be updated or changed.
This key is created with a private key that only Nintendo knows and it would take you decades to try every known key.
Nintendo can check whether your CPU key has been generated based on their secret private key.
So each console has to use this unique key.

With this key, the filesystem is encrypted and it is also linked to your Nintendo account.
Also when you install a game cart or buy something form the eShop, this unique key is used to generate a certificate for that particular game.
When you start a game, this certificate is checked. When that checks out fine, the game will start.
When you transfer a game to another Switch, the key used for generating that game certificate and the cpu key do not match and the game will not start.
Since this all happens on your console, you can actually bypass those check with CFW and run the games anyway.
Note that the first CFWs didn't have this bypass so you could run homebrew but no pirated games.

When you enter the eShop, Nintendo checks all the certificates of all the games on your console and your cpu key.
The cpu key should be valid and all certificates should belong to that cpu key.
If there is a mismatch, then your Switch gets flagged and your Switch and account gets banned.
Same goes for playing online where thet specific game certificate and cpu key gets send to the Nintendo server.
This all happens on Nintendo's servers so you can't see what private key they are using to check your cpu key.
So for the eShop and all other online things, you can't do anything to bypass those checks or regenerate valid certificates to match your cpu key.

If the check was done on the console, there might have been ways to determine the private key.
There are so called side-channel attacks where power consumption changes are monitored to see what the right key is.
Devices like the ChipWisperer can be used for this.
But you need a degree in electronics and cryptography to understand this.
The Switch as a special cart reader IC which does all such things on the Switch.
That would be a good candidate for such attacks.

So in reality there is no way you can take a banned Switch and remove that ban.
The only way is to wreck is so bad that Nintendo needs to replace the motherboard and give you basically a new Switch.
But that will only work when you have warranty and you'll pay almost as much a buying a new Switch.

 

[Skv0ra]

I'm not an expert on encryption but this is my understanding :
Each CPU in the Switch has a unique key that cannot be updated or changed.
This key is created with a private key that only Nintendo knows and it would take you decades to try every known key.
Nintendo can check whether your CPU key has been generated based on their secret private key.
So each console has to use this unique key.

With this key, the filesystem is encrypted and it is also linked to your Nintendo account.
Also when you install a game cart or buy something form the eShop, this unique key is used to generate a certificate for that particular game.
When you start a game, this certificate is checked. When that checks out fine, the game will start.
When you transfer a game to another Switch, the key used for generating that game certificate and the cpu key do not match and the game will not start.
Since this all happens on your console, you can actually bypass those check with CFW and run the games anyway.
Note that the first CFWs didn't have this bypass so you could run homebrew but no pirated games.

When you enter the eShop, Nintendo checks all the certificates of all the games on your console and your cpu key.
The cpu key should be valid and all certificates should belong to that cpu key.
If there is a mismatch, then your Switch gets flagged and your Switch and account gets banned.
Same goes for playing online where thet specific game certificate and cpu key gets send to the Nintendo server.
This all happens on Nintendo's servers so you can't see what private key they are using to check your cpu key.
So for the eShop and all other online things, you can't do anything to bypass those checks or regenerate valid certificates to match your cpu key.

If the check was done on the console, there might have been ways to determine the private key.
There are so called side-channel attacks where power consumption changes are monitored to see what the right key is.
Devices like the ChipWisperer can be used for this.
But you need a degree in electronics and cryptography to understand this.
The Switch as a special cart reader IC which does all such things on the Switch.
That would be a good candidate for such attacks.

So in reality there is no way you can take a banned Switch and remove that ban.
The only way is to wreck is so bad that Nintendo needs to replace the motherboard and give you basically a new Switch.
But that will only work when you have warranty and you'll pay almost as much a buying a new Switch.

Doubt they'd even do a RMA for a system that they KNOW has been software tempered with. That CPU check and such absolutely pass the h/w serial to the servers, or I'd be VERY surprised if they didn't.