Hacking Question is it possible to patch the system so i can post screenshot to twitter without login to nintendo?

[aos10]

Seeing there is also a twitter posting app in homebrew request thread, I looked how the twitter API is working, in hope to create a homebrew to post tweets and pic/video to twitter, but it's not as open as I thought.
I thought anyone could send a tweet by providing his own login/password and message to post, but it's restricted to registered application with private keys only (open source homebrew and private keys doesn't mix well haha)
A solution would be to require users to request a twitter developer account to get their own private keys to allow communication with the API, it's a little heaver than I imagined.

another solution would be to keep the homebrew closed source, and work on behalf of user's provided credential, but I'm sure the private key can be retrieved by decompiling the homebrew so it's not safe for a released app (it is for online app, like webpage, servers, etc.).

maybe that's a developer restriction, and there's a end user API I missed ?

hmmm, twitter api?
is it like e request google api key from certain page to get some apps to works?
i remember something like that i used on map app for Pokemon Go on mobile.
so if everyone can request that twitter api key, the app on switch should be good, right?

 

[FAST6191]

I had a quick look at some of the command line twitter options earlier and they were a pain to set up, not to mention some had not been updated in a while (I know all the networks kind of closed the bridges they all had at one point) which was a bit ominous.

Probably far easier would be to copy the files to some hidden blog somewhere, have it auto generate for new things and cross post things that way. Any number of plugins that seem to want to do that for you.

 

[Pleng]

A solution would be to require users to request a twitter developer account to get their own private keys to allow communication with the API, it's a little heaver than I imagined.

another solution would be to keep the homebrew closed source, and work on behalf of user's provided credential, but I'm sure the private key can be retrieved by decompiling the homebrew so it's not safe for a released app (it is for online app, like webpage, servers, etc.).

Well there's two options I can think of... An open source app with a closed source blob which contains the key. Or better yet, have the app check-in to a server to obtain the key. As long as you make the keyserver address a setting within the app, then you safeguard it for future use if the dev loses interest in maintaining it.

 

[Cyan]

hmmm, twitter api?
is it like e request google api key from certain page to get some apps to works?
i remember something like that i used on map app for Pokemon Go on mobile.
so if everyone can request that twitter api key, the app on switch should be good, right?

yes, it's similar to that, except that you register as developer, not as end user. you register one application which is supposed to work on behalf of many users (like Amazon having a button "tell about it on twitter" when you buy something, amazon registered their website).
here, end users would require to register the same program multiple time (one per user), so I'm not sure if it'll work or if it's allowed. I didn't dig far enough how their API registration is working.

Well there's two options I can think of... An open source app with a closed source blob which contains the key. Or better yet, have the app check-in to a server to obtain the key. As long as you make the keyserver address a setting within the app, then you safeguard it for future use if the dev loses interest in maintaining it.

The idea of (encrypted) blob is not a bad idea I suppose. but I don't know how safe it is. if the homebrew can obtain the key in the blob to submit to the API in unencrypted form, then anyone can.

Another idea would be to host a intermediate API website, register the website as authorized apps to communicate with the API twitter, and use it by a public homebrew to post messages using user identification. (homebrew -> send data + password -> registered website API -> twitter API)
two issues :
- I don't know how it could be abused (anyone could use my website as interface, not only the homebrew). I don't know how big the impact would be to have a public website to post tweets. (bandwidth and legal reasons)
- my website would get access to user's passwords (even if SSL encrypted when communicating from homebrew to website, the website would have the information in clear, not encrypted, as required to send to the API)


I never created a tool to communicate with API before, so I might not understand it correctly. I had the idea to make that homebrew, or a sysmodule, but it become too complicated for me. Maybe someone else would be interested (there's the homebrew app bounty this month!)
I don't have twitter either, so I can't really test. maybe other social media could be envisaged ? facebook, insta, pint, etc.

 

[Chocola]

A homebrew app should in theory be possible. Since Twitter have an API right?
https://developer.twitter.com/en/docs/media/upload-media/api-reference/post-media-upload.html

This is the API for uploading a picture to twitter, so finding an opensource twitter reader could make it possible to port.

Yes, you are right, the best way to do this are create a homebrew app using the Twitter API, but you can't share directly the image like official way, you should go to homebrew menu, open app...

 

[Chocola]

yes, it's similar to that, except that you register as developer, not as end user. you register one application which is supposed to work on behalf of many users (like Amazon having a button "tell about it on twitter" when you buy something, amazon registered their website).
here, end users would require to register the same program multiple time (one per user), so I'm not sure if it'll work or if it's allowed. I didn't dig far enough how their API registration is working.


The idea of (encrypted) blob is not a bad idea I suppose. but I don't know how safe it is. if the homebrew can obtain the key in the blob to submit to the API in unencrypted form, then anyone can.

Another idea would be to host a intermediate API website, register the website as authorized apps to communicate with the API twitter, and use it by a public homebrew to post messages using user identification. (homebrew -> send data + password -> registered website API -> twitter API)
two issues :
- I don't know how it could be abused (anyone could use my website as interface, not only the homebrew). I don't know how big the impact would be to have a public website to post tweets. (bandwidth and legal reasons)
- my website would get access to user's passwords (even if SSL encrypted when communicating from homebrew to website, the website would have the information in clear, not encrypted, as required to send to the API)


I never created a tool to communicate with API before, so I might not understand it correctly. I had the idea to make that homebrew, or a sysmodule, but it become too complicated for me. Maybe someone else would be interested (there's the homebrew app bounty this month!)
I don't have twitter either, so I can't really test. maybe other social media could be envisaged ? facebook, insta, pint, etc.

There are a lot of interesting things of homebrew apps, I know how to work with REST API fine and im developer (never develop a homebrew before only a hello world on Wii, but I think that I can develop homebrew for Switch without problems), the idea to connect my Switch to Internet scare me a lot.

My games are legit (payed cartiges), I only have the CFW (currently atmosphere) for homebrew and custom some things like background, but the homebrew apps or the CFW can flag me to ban anyways.

I ask to Scires before if the creport of atmosphere are safe to start to develop online homebrew apps, but never answer me

I know that exist the 90dns, but I don't know how safe it's this system and if the mantainer are serious, I he don't update the rules to add new N domains or the DNS server fail, we are all fucked.

If someone can give me a 100% safe way to connect my Switch to Internet I can start to try some things like this

 

[Cyan]

I don't know if anything is 100% safe. We can only see the current situation based on what users did.
So far, 90DNS seems to be working fine. but to verify you have to restore a clean NAND backup before connecting online for few days to see if you are getting banned or not. then make a new NAND backup before using CFW again. it's a long work just to check if the console is banned or not.

safest is having 2 consoles, one legit one for homebrew. but not everyone can afford more than one console.
I went the "self ban" way. I disconnected myself from nintendo's network.
- go offline
- make a full clean NAND dump (you should never have used HorizonOS with any CFW or hack before. RCM is fine to make nand dump, just never boot into HOS before making the clean dump).
- now you can do CFW and homebrew, you can use 90DNS (black-listing some URLs, you are never certain all URLs are filtered) or a Proxy (while listing only Local IPs and only internet website you need like twitter or homebrew appstore)
If you ever want to go back online officially, you restore your clean NAND backup.
Attention, when you plan to return to hacking/homebrew world, you need to make a NEW full clean nand backup because nintendo can detect if you restore an older backup than the last you used to connect to their servers.

it takes time to make full backup (1h20) but it's the best you can do to prevent ban.

 

[el cut]

Hello, is there a way to connect my switch to my smartphone through ftp? this to be able to take screenshots and post on twitter
Thank you.

 

[aos10]

Hello, is there a way to connect my switch to my smartphone through ftp? this to be able to take screenshots and post on twitter
Thank you.

use any ftp client on phone, i am using that method but i got tired of this method
that's way i am asking if someone know other ways.

 

[Chocola]

I don't know if anything is 100% safe. We can only see the current situation based on what users did.
So far, 90DNS seems to be working fine. but to verify you have to restore a clean NAND backup before connecting online for few days to see if you are getting banned or not. then make a new NAND backup before using CFW again. it's a long work just to check if the console is banned or not.

safest is having 2 consoles, one legit one for homebrew. but not everyone can afford more than one console.
I went the "self ban" way. I disconnected myself from nintendo's network.
- go offline
- make a full clean NAND dump (you should never have used HorizonOS with any CFW or hack before. RCM is fine to make nand dump, just never boot into HOS before making the clean dump).
- now you can do CFW and homebrew, you can use 90DNS (black-listing some URLs, you are never certain all URLs are filtered) or a Proxy (while listing only Local IPs and only internet website you need like twitter or homebrew appstore)
If you ever want to go back online officially, you restore your clean NAND backup.
Attention, when you plan to return to hacking/homebrew world, you need to make a NEW full clean nand backup because nintendo can detect if you restore an older backup than the last you used to connect to their servers.

it takes time to make full backup (1h20) but it's the best you can do to prevent ban.

The proxy solution it's the most safest I guess, this weekend I have a lot of work, but I gona try to build the safest enviroment on Monday, thanks for the help ^^

 

[Cyan]

There's no guide for proxy and white listing for switch. If you need to follow a guide, you can look in the WiiU and 3DS guide sections about CCProxy; it shouldn't be hard to understand how to use whitelist instead of blacklist.
Of course you can use any other proxy if you want. be sure your proxy can intercept https and direct IPs.
Test your filters are working before doing cfw.

For safety I also disabled the auto-connect option in each registered network settings where I didn't add the proxy info.