Not necessarily, it depends on how how the system is designed. For example, the initial cert check may be the first heartbeat, and so would naturally have timeout leniency. In the meantime, Nintendo has authenticated your Nintendo account and begun the online session. The heartbeat times out and only then is the connection severed.
But we don't need to know the details. AFAIA you can't get online with an invalid cert in SX1.1. You get rejected immediately. That's the
whole point of the auth system.
I don't suggest things are done that way, so I don't know what your point is.
I never suggested Scires said that either. He said:
In the gamecard case, Nintendo can detect whether or not the user connecting has data from a Nintendo-authorized gamecard for the correct title.
I'm saying that's
unlikely that they ever intended on checking this and explained my rationale. Elaborated below, there is no point in "detecting and banning" if they could have just designed the auth system to not allow it at all.
Are you saying people have been injecting valid certs from other games using LayeredFS? I've seen no evidence of that. The link in my original comment is the first instance of that happening as far as I'm aware.
You can only play one game at a time, so the cert only appears on the network once at a time regardless of how many of your backups use an identical cert. There is no duplicate. What exactly do you expect to show up in their logs?
My point in all my previous posts stands: if "reusing" a cert is so obvious,
they would have built protection into the auth to begin with.
Let me give you a concrete example:
What they're doing:
Nintendo: "send the game's cert"
Switch: "here is the cert"
N: "OK we signed this cert, access granted"
What they COULD be doing:
Nintendo: "send the game's cert"
Switch: "here is the cert"
Nintendo: "hash the loaded game and send it"
S: "here is the hash"
N: "We signed this cert, but the hash does not match the one present in the cert"
N: "game over"
If it's so obvious, why didn't they DESIGN certs to validate the game data and do the SIMPLE check above? Because they didn't forsee a situation where a cert would exist in any game other than the one it was made with. In other words,
they weren't looking for it, and unless they read this post they are probably still not. Certainly, they will in the future but the damage is already done: something they could have prevented
completely they now have to try to "detect".