Question Unban concept? certs question

Discussion in 'Switch - Emulation, Homebrew & Software Projects' started by Sumandora, Mar 25, 2019.

  1. blahblah

    blahblah GBAtemp Maniac

    Member
    8
    May 16, 2018
    United States
    Good luck brute forcing the AES-256. Let me know how it goes.

    — Posts automatically merged - Please don't double post! —

    A cert from another device will work with non-public patches for Atmosphere. Without those patches, a local cert 'origin' check fails.

    Using the same cert on multiple consoles is a near-instant ban, though. So it's pointless.
     
    Last edited by blahblah, Mar 25, 2019
  2. ExploitTnT

    ExploitTnT Devy | YT: DevRin | dev_settings

    Member
    3
    Jul 30, 2017
    Austria
    Good Luck with that, will see u in Heaven when you got the key.
     
    Arras likes this.
  3. Biduleman

    Biduleman GBAtemp Regular

    Member
    4
    May 3, 2006
    Canada
    Québec
    I hope your computer is fast because you're gonna wait until the death of the universe to finish your bruteforce.
     
    Last edited by Biduleman, Mar 25, 2019
  4. MasterJ360

    MasterJ360 GBAtemp Maniac

    Member
    7
    Jan 10, 2016
    United States
    buy another switch is all we can tell ya. If there was a solution to unban ourselves it would be on the front page of this site
     
    ELY_M and Csmrcc like this.
  5. blawar

    blawar GBAtemp Advanced Fan

    Member
    9
    Nov 21, 2016
    United States
    Its worse than brute forcing sha256, he needs to break rsa2048 I believe.
     
    ELY_M likes this.
  6. blahblah

    blahblah GBAtemp Maniac

    Member
    8
    May 16, 2018
    United States
    Even better!
     
  7. hippy dave

    hippy dave BBMB

    Member
    14
    Apr 30, 2012
    United Kingdom
    To be fair, bruteforcing should be achievable once quantum computing reaches its potential. I do not expect Nintendo Switch Online to still be available by that point tho.
     
    ELY_M and Illuminaticy like this.
  8. 2Siralv

    2Siralv Advanced Member

    Newcomer
    3
    May 12, 2018
    Canada
    Thier was a talk around that yes devs have done it its possible but wont be public for a long time it cam somehow get a diff cert and inject it into the nand is possible jst no tut on how where and what to use its private
     
  9. blahblah

    blahblah GBAtemp Maniac

    Member
    8
    May 16, 2018
    United States
    Wrong on multiple counts.

    1: You can't just inject the cert. There is a local (done by Horzion, not Nintendo Online Services) certificate check. If the certificate did not originate from the console being used, you will not be able to auth with Nintendo Online. You need special patches for your CFW.

    2: Using the same cert that someone else is also using online = near instant ban.

    3: Injecting certs is trivial. There's even an easy to use app that does it, Incognito. But see #1.
     
  10. linuxares

    linuxares I'm not a generous god!

    Moderator
    16
    Aug 5, 2007
    Sweden
    Even if you got a cert you somehow need to patch your switch to the accept the new one. I believe they implemented checks for this.
     
  11. blahblah

    blahblah GBAtemp Maniac

    Member
    8
    May 16, 2018
    United States
    Yep, but there are private patches for Atmosphere that solve this. Not that complicated to make, either.
     
  12. linuxares

    linuxares I'm not a generous god!

    Moderator
    16
    Aug 5, 2007
    Sweden
    I kind of want them for a project to restore virus killed switches but if they are private, I won't ask for them.
     
    Jonhy likes this.
  13. 2Siralv

    2Siralv Advanced Member

    Newcomer
    3
    May 12, 2018
    Canada
    I said i dont know how its done jst know that it involves injection and its true had it confirmed by switch homebrew dev himself and no not a dev that makes a small homebrew one that made the switch cfws and exploits possible with his methods but agree to disagree no one knows what they have acheived privatly until one day someone gets mad or wants the 15min fame and release it like the hbg shop n ruin it for alot of ppl especially pushing away some great devs contributing.
     
  14. blahblah

    blahblah GBAtemp Maniac

    Member
    8
    May 16, 2018
    United States
    Again, what you are saying is wrong.

    Injecting a cert is trivial. But that alone will not get you online. The rest of your post is undecipherable gibberish.

    — Posts automatically merged - Please don't double post! —

    Not my place to distribute them. I'm sure someone will at some point, though. You'd need a lot more to get a bricked Switch to boot again, though. All that online play needs is the cert check patched out, bricks need a crapload of other things.
     
    Last edited by blahblah, Mar 25, 2019
    WiraR46 likes this.
  15. iriez

    iriez GBAtemp Fan

    Member
    7
    Oct 27, 2016
    United States
    With RSA encrypted signing. If you truly want to understand why what you are postulating won't work then you need to learn the basics about cryptography.

    You cannot create a valid certificate. The entire point of creating a certificate is that it uses encryption schemes that allow it to not be faked or spoofed.

    If you had Nintendo signing key you would be able to create a new certificate. Without that signing key you cannot create a new valid certificate.
     
    TotalJustice likes this.
  16. AveSatanas

    AveSatanas GBAtemp Regular

    Member
    6
    Aug 7, 2018
    United States
    "get an already signed cert" can mean two things: getting someone else's cert with their consent, or brute force until you get a signed one.

    Former is piracy, and is out of question. Latter would take trillions of years with current hardware available to consumers, however even if you get a signed cert, it may not work, read my reply to the quote below:

    Even if you somehow brute force a valid, signed cert, there's no guarantee that it'll be accepted by N. They might be keeping a list of valid certs and checking requesting certs against those or they might be keeping a list of banned certs (CRL etc). Latter makes a lot more sense, but this is N we're talking about-- they've rarely made choices that align with industry standards.

    My point is that this is a ridiculous idea, even if you are NSA. It would literally be faster, cheaper and more-likely-to-happen to bribe someone at N to get your cert unbanned, or, like, even faster and cheaper would be to get a new switch.
     
    hippy dave likes this.
  17. henryford

    henryford Newbie

    Newcomer
    1
    Aug 16, 2018
    Germany
    I think the console cert is AES-256 (not sha since sha is a hashing algorithm, not an encryption one), and the game certs are rsa 2048. Regardless, AES-256 is way, way stronger than RSA 2048.
     
  18. Unleanone999

    Unleanone999 GBAtemp Advanced Fan

    Member
    5
    May 15, 2018
    Togo
    Seriously you're better off start saving money now and buy a new switch then use your old one for homebrews rather than waiting for the hack that could unban you.
     
  19. AveSatanas

    AveSatanas GBAtemp Regular

    Member
    6
    Aug 7, 2018
    United States
    he said rsa, not sha. using an symmetric key for a cert wouldn't make any sense, and aes is symmetric, while rsa is asymmetric. For bruteforcing, RSA2048 is much, much harder to brute force than AES256, simply due to the key length (256 vs 2048 bits).
     
  20. Nerdtendo

    Nerdtendo Your friendly neighborhood idiot

    Member
    8
    Sep 29, 2016
    United States
    If someone wishes to know more about how something works or has an idea about something, why stop them from asking. I'm getting quite tired of people shutting others down just because they don't fully understand a concept and wish to know more.

    Everyone here is a real life person and deserves to be treated as such
     
    CodyWGamer, Connorsdad and djluis49 like this.
Loading...