Sorry for the late reply. First, there is no way that N has not thought of this header stuff and far more than I can think of. I think it is helpful for more of us to be aware of how things work so we can pull together and fight fight the next AP tactics.
Anyway, I knew some of you already had some ideas about this.
My theory is much like games all from a single PC developer, all the CD keys for their games are the exact same style. Basically all the CD keys come from the same generator. And since every 3DS game will have the same style of CD key output, they cannot detect which key belongs to what game because they are all the same string length.
So Nintendo would need to record every game made, and their key as they go online for the first time. Say OK, this key went online with game "X" we now know it only belongs to this game. This is the only way I see private headers being thwarted. Otherwise, any header could in theory belong to any game on 3ds.
Totally feasible and a great response. I didn't think of that. Damn though, I don't see them making all of that effort. Especially this late in the game. They missed their chance to tie headers to game IDs and will not try to track each cartridge. Whew! can you imagine the overhead!
Nintendo does to some of what you guys are discussion to a small degree.
There were reports of people using private headers (i.e. a header stripped from a game the player personally own and used for all of their online roms), and iirc it was discovered that the header contains info about the chip manufacturer id (or something similar) and that Nintendo was capable of comparing it to the data in the exheader of the game rom itself (which also contained the same ID) and if they didn't match they would flag the account for a ban.
There was also some talk of people being banned for using exclusively single player headers for their online roms, but idr if it was ever confirmed or not.
At the end of the day, the best way to avoid a ban (and even then its not 100% safe, just that there are no reported instances of it happening) is to only play online with .cia versions of the game. Any time you play online with a .3ds rom you run a much greater risk of a ban.
Really... That's great to know. I'd not heard of this ever happening (more like what
YourHero stated about each key being generic and from the same generator). Still though, it may be a better idea (for those using native roms rather than CIAs), to use a 'multiplayer' game header. More over, an OLDER multiplayer game header, because if a system was put in place to track "multi vs single player" headers
and matching "Private header to game header/ID" then I am betting that they would have needed to update the way they generated headers. If you had an older title/header... they could only assume that you were playing one of those older title rather than the game you threw the header on.
Thanks for the awesome responses folks! Informative read for sure. As I have the Sky3ds+ and can pull headers from games, think I'll pickup an older multiplayer title to pull my private header from. Any recommendations? if not this was great fun!