Homebrew Discussion PSA: IM BANNANAS by playing Online using Xecuter OS SX

[SANIC]

nothing to do with the switch

also to clarify, nintendo has the ability to detect cia if they made the effort to and they did on the switch because like what's been said about the online ID is that going on basically = a check of your titleID. even on the 3ds, the titleID had to be changed because if more than 1 person was going online using the same titleID, it would prevent you from going online.

on the switch, nintendo clearly has a database of titleID so yea, they can detect.

Are you talking about headers? All copies of games have the same title ID. CIAs don’t need headers, so Nintendo can’t detect them. Most paranoid people install games through Download Play so Nintendo doesn’t see their homebrew. As for the switch, i think that each game has its own ID, but don’t confuse it with titleID, because each version of the game has the same one.

 

[comput3rus3r]

ill retake it then as I’m talking through the video and I could make it overall a lot quicker.
If you want to record your own and post that go ahead

--------------------- MERGED ---------------------------



Here we go!

The ability to play online stays until you power of the console. It’s as if when you connect online something on the cart gets verified, which then sticks on the system.

I think your video proves they are not banning certs and instead can tell if you're using a dump vs an actual cart which contradicts what @SciresM is saying.
is it possible there's some form of nfc in the cart than the switch reads? I mean how is this even possible?

 

[V-Temp]

I think your video proves they are not banning certs and instead can tell if you're using a dump vs an actual cart which contradicts what @SciresM is saying.
is it possible there's some form of nfc in the cart than the switch reads? I mean how is this even possible?

The cart has a lot of stuff in it that we don't know anything about because we have no access to the processor or its encrypted handling (not to mention if there are any transparent things going on that we don't even know exist), and FG doesn't give us any real access to it, its a very independent little chip that does its own proprietary thing. So the cart ASIC is completely unknown to us. So until someone figures it out or defeats the cart (both probably unlikely any time soon), we may never know for sure. It doesn't really trust the Switch in any capacity, it just gives info to TZ.

Its possible there's something in there that says "this was created A" and then the server says "okay that was created", and then when the server asks again for this unknown thing, the game responds "this was created A" identically, and then immediately gets banned. The cert and console also get flagged, but the cart can be put in and it can generate a new "this was created A!" and so the server accepts.

This would be an added layer of security so long as the cart is undefeated. It also helps them not punish real cart owners. But in the case it fails, they can ban the certificate outright.

 

[comput3rus3r]

The cart has a lot of stuff in it that we don't know anything about because we have no access to the processor or its encrypted handling (not to mention if there are any transparent things going on that we don't even know exist), and FG doesn't give us any real access to it, its a very independent little chip that does its own proprietary thing. So the cart ASIC is completely unknown to us. So until someone figures it out or defeats the cart (both probably unlikely any time soon), we may never know for sure. It doesn't really trust the Switch in any capacity, it just gives info to TZ.

Its possible there's something in there that says "this was created A" and then the server says "okay that was created", and then when the server asks again for this unknown thing, the game responds "this was created A" identically, and then immediately gets banned. The cert and console also get flagged, but the cart can be put in and it can generate a new "this was created A!" and so the server accepts.

This would be an added layer of security so long as the cart is undefeated. It also helps them not punish real cart owners. But in the case it fails, they can ban the certificate outright.

I actually understood that. I'm either smart or you're really good at explaining.

 

[V-Temp]

I actually understood that. I'm either smart or you're really good at explaining.

You can see more (or little, as in how little we know about it) about the cart here: http://switchbrew.org/index.php?title=Gamecard

Lots of ???. Tells you a lot about how hard this is to really completely understand since we have no access to this processor even though we and many other have had access to the boot/RCM for months now, and what comes out is encrypted.

Its possible Nintendo designed the cartridge and the processor to never even trust the user/Switch. They have completely over-engineered it to defeat gamecarts, and that may have other consequences such as this.

 

[comput3rus3r]

You can see more (or little, as in how little we know about it) about the cart here: http://switchbrew.org/index.php?title=Gamecard

Lots of ???. Tells you a lot about how hard this is to really completely understand since we have no access to this processor even though we and many other have had access to the boot/RCM for months now.

Its possible Nintendo designed the cartridge to never even trust the user/Switch. They have completely over-engineered it to defeat gamecarts,and that may have other consequences such as this.

how do we not have access to the processor? I thought bootrom means access to the entire system.

 

[V-Temp]

how do we not have access to the processor? I thought bootrom means access to the entire system.

Its independent, it just runs when the Switch runs, and its not a standard chip with any degree of documentation or information. It doesn't accept much of anything from the system itself aside from calls for info and release of the gamedata and cert.

You'd need to RE a custom processor instruction set as it is entirely Nintendo's own proprietary thing. Given the quality of their OS work and the kernel, it is unlikely that there's much we can really exploit in this thing (and if we could, we'd have probably found it by now). nVidia had no part in its creation.

 

[comput3rus3r]

Its independent, it just runs when the Switch runs, and its not a standard chip with any degree of documentation or information. It doesn't accept much of anything from the system itself aside from calls for info and release of the gamedata and cert.

You'd need to RE a custom processor instruction set as it is entirely Nintendo's own proprietary thing.

so it's a processor that's solely for the purpose of security?

 

[V-Temp]

so it's a processor that's solely for the purpose of security?

Its solely for cart communication. The intent is to defeat flashcarts as they would always fail talking to it as they'd have none of Nintendo's signed permissions for the handshake. FG or not, you'd have to completely decipher what is effectively an unknown language and unknown grammar with no Rosetta Stone.

 

[comput3rus3r]

Its solely for cart communication. The intent is to defeat flashcarts as they would always fail talking to it as they'd have none of Nintendo's signed permissions for the handshake. FG or not, you'd have to completely decipher what is effectively an unknown language and unknown grammar with no Rosetta Stone.

Ok but I don't understand how come sx-os can emulate the carts then?

 

[V-Temp]

Ok but I don't understand how come sx-os can emulate the carts then?

They're not emulating or controlling the actual cart and cart slot. Otherwise you'd be able to plug in a flashcart not work off an SD Card.

Also on some level, there's no real homebrew need to ever defeat that processor so the vast majority of the people who the heavy lifting in the scene have no reason to ever touch it. It doesn't help them or legitimate users in any capacity.

 

[comput3rus3r]

They're not emulating or controlling the actual cart and cart slot. Otherwise you'd be able to plug in a flashcart not work off an SD Card.

Also on some level, there's no real homebrew need to ever defeat that processor so the vast majority of the people who the heavy lifting in the scene have no reason to ever touch it. It doesn't help them or legitimate users in any capacity.

so it seems like that processor is only handling the online aspects of the gamecarts. mmm still a bit confusing since you can update backups with sx-os.

 

[V-Temp]

so it seems like that processor is only handling the online aspects of the gamecarts. mmm still a bit confusing since you can update backups with sx-os.

The processor handles all cart communication, and its possible something in there is causing a fail on server-side authentication. I have no idea, I doubt any one does. And its not like SciresM or others in the scene give a shit about server-side failures that really only have a use in piracy.

Updates do not currently require the cart or any cert from it. Just your console ID. This could change and it could be a privilege completely revoked too if abused (which is likely what will happen in the very near future).

--------------------- MERGED ---------------------------

From what I gather from @TotalJustice's tests, the Switch when powered on/used and seeing a cart reads something from the cart/processor along with the header/cert (remember, there's a bunch of stuff in there we know zilch about) that is likely volatile and needs updating routinely, otherwise it fails to pass muster after a while which seems to be what has been happening as it went from "it worked!" to "it stopped working!" until the cart was re-introduced into the equation. So it has something on/in it that is being updated, something we know jackshit about behind securities we cannot currently defeat. It also means that a dump and a cart are unique from each other as the cart can continue talking to the Switch whenever queried, a dump cannot. This means, much as how digital titles are tightly guarded, so too (apparently) are carts!

If its signed and encrypted and somewhat routinely updated, then its a really good system to differentiate carts from dumps, and users with carts from users who dumped the carts and then tried to... dump the carts. And if it fails, you then ban the cert outright. But you also have someone routinely flagging their own console as a bad actor, so you ban that too.

All in all, I'm coming to understand that Nintendo has significantly upped their game on online detection. And as some of this is server side and uniquely identifiable, they have the final say even in some of the worst case scenarios. So to echo Scires, pirating on this system is dumb.

 

[x0x0]

Im wondering, it should be possible to redirect cert from gamecard to backup of other game..?

 

[ehnoah]

So if you dump your Game yourself the Cert also get banned?

 

[TotalJustice]

So if you dump your Game yourself the Cert also get banned?

No certs have been banned as of yet. So we don’t know.
However if you dump the game yourself just zero out the cert just to be sure.

 

[ehnoah]

No certs have been banned as of yet. So we don’t know.
However if you dump the game yourself just zero out the cert just to be sure.

Well I prob. just play with the Cart then, but I through some Certs was banned, at least OP stated so no?
The Games I want play Online I just buying atm, I think it is a nice trade-off. Pirate Single-Player and play Pokemon, Splatoon 2 with a Legit Copy for now.

 

[comput3rus3r]

No certs have been banned as of yet. So we don’t know.
However if you dump the game yourself just zero out the cert just to be sure.

Your video shows they're not banning certs instead they're just blocking dumps from connecting online. Since both the original cart and the dump have the same cert then there must be something else going on(unrelated to certs).

 

[V-Temp]

Your video shows they're not banning certs instead they're just blocking dumps from connecting online. Since both the original cart and the dump have the same cert then there must be something else going on(unrelated to certs).

They're banning the cert as it was generated and eventually failed authentication. They're not outright banning the static unique cert. That is likely a last resort.

They don't even really need to ban the cert. The cert stinks up console and they may as well just hit everyone in a ban wave. No valid console cert = gg.

 

[ByteBite]

Only the unique cartridge headers from dumps are getting blocked (not banned, but potentially flagged in their database). That goes for both public and private dumps.

The theory is that as soon as two or more copies of them go online simultaneously (or a blanked out one) they get flagged and both the console and account using them would get flagged as well. Then it is only a matter of time before Nintendo takes action, since they have tons of info to connect the dots.

You could very well lose your eShop access and content, but we won't truly know until Nintendo does something. This isn't the Wii U or the 3DS.