Homebrew Question Unban concept? certs question

[blahblah]

bruteforce = trying diffrent passwords till it works
in this situation is the password the cert

Good luck brute forcing the AES-256. Let me know how it goes.

--------------------- MERGED ---------------------------

bruteforce wouldn't work, since it pretty hard to guess more than 7 different digits. i dont know how the cert is related to the hardware, but copy a cert from another device could work.

But if you log in on both devices you risk another ban.

A cert from another device will work with non-public patches for Atmosphere. Without those patches, a local cert 'origin' check fails.

Using the same cert on multiple consoles is a near-instant ban, though. So it's pointless.

 

[ExploitTnT]

bruteforce = trying diffrent passwords till it works
in this situation is the password the cert

Good Luck with that, will see u in Heaven when you got the key.

 

[Biduleman]

for this is the Bruteforce

Breaking a symmetric 256-bit key by brute force requires 2^128 times more computational power than a 128-bit key. Fifty supercomputers that could check a billion billion (10^18) AES keys per second (if such a device could ever be made) would, in theory, require about 3×10^51 years to exhaust the 256-bit key space.

I hope your computer is fast because you're gonna wait until the death of the universe to finish your bruteforce.

 

[MasterJ360]

buy another switch is all we can tell ya. If there was a solution to unban ourselves it would be on the front page of this site

 

[blawar]

Good luck brute forcing the AES-256. Let me know how it goes.

--------------------- MERGED ---------------------------



A cert from another device will work with non-public patches for Atmosphere. Without those patches, a local cert 'origin' check fails.

Using the same cert on multiple consoles is a near-instant ban, though. So it's pointless.

Its worse than brute forcing sha256, he needs to break rsa2048 I believe.

 

[blahblah]

Its worse than brute forcing sha256, he needs to break rsa2048 I believe.

Even better!

 

[hippy dave]

To be fair, bruteforcing should be achievable once quantum computing reaches its potential. I do not expect Nintendo Switch Online to still be available by that point tho.

 

[2Siralv]

Thier was a talk around that yes devs have done it its possible but wont be public for a long time it cam somehow get a diff cert and inject it into the nand is possible jst no tut on how where and what to use its private

 

[blahblah]

Thier was a talk around that yes devs have done it its possible but wont be public for a long time it cam somehow get a diff cert and inject it into the nand is possible jst no tut on how where and what to use its private

Wrong on multiple counts.

1: You can't just inject the cert. There is a local (done by Horzion, not Nintendo Online Services) certificate check. If the certificate did not originate from the console being used, you will not be able to auth with Nintendo Online. You need special patches for your CFW.

2: Using the same cert that someone else is also using online = near instant ban.

3: Injecting certs is trivial. There's even an easy to use app that does it, Incognito. But see #1.

 

[linuxares]

Even if you got a cert you somehow need to patch your switch to the accept the new one. I believe they implemented checks for this.

 

[blahblah]

Even if you got a cert you somehow need to patch your switch to the accept the new one. I believe they implemented checks for this.

Yep, but there are private patches for Atmosphere that solve this. Not that complicated to make, either.

 

[linuxares]

Yep, but there are private patches for Atmosphere that solve this. Not that complicated to make, either.

I kind of want them for a project to restore virus killed switches but if they are private, I won't ask for them.

 

[2Siralv]

Wrong on multiple counts.

1: You can't just inject the cert. There is a local (done by Horzion, not Nintendo Online Services) certificate check. If the certificate did not originate from the console being used, you will not be able to auth with Nintendo Online. You need special patches for your CFW.

2: Using the same cert that someone else is also using online = near instant ban.

3: Injecting certs is trivial. There's even an easy to use app that does it, Incognito. But see #1.

I said i dont know how its done jst know that it involves injection and its true had it confirmed by switch homebrew dev himself and no not a dev that makes a small homebrew one that made the switch cfws and exploits possible with his methods but agree to disagree no one knows what they have acheived privatly until one day someone gets mad or wants the 15min fame and release it like the hbg shop n ruin it for alot of ppl especially pushing away some great devs contributing.

 

[blahblah]

I said i dont know how its done jst know that it involves injection and its true had it confirmed by switch homebrew dev himself and no not a dev that makes a small homebrew one that made the switch cfws and exploits possible with his methods but agree to disagree no one knows what they have acheived privatly until one day someone gets mad or wants the 15min fame and release it like the hbg shop n ruin it for alot of ppl especially pushing away some great devs contributing.

Again, what you are saying is wrong.

Injecting a cert is trivial. But that alone will not get you online. The rest of your post is undecipherable gibberish.

--------------------- MERGED ---------------------------

I kind of want them for a project to restore virus killed switches but if they are private, I won't ask for them.

Not my place to distribute them. I'm sure someone will at some point, though. You'd need a lot more to get a bricked Switch to boot again, though. All that online play needs is the cert check patched out, bricks need a crapload of other things.

 

[iriez]

then say how does it works?

With RSA encrypted signing. If you truly want to understand why what you are postulating won't work then you need to learn the basics about cryptography.

You cannot create a valid certificate. The entire point of creating a certificate is that it uses encryption schemes that allow it to not be faked or spoofed.

If you had Nintendo signing key you would be able to create a new certificate. Without that signing key you cannot create a new valid certificate.

 

[AveSatanas]

did you even understand what i want to do?
I dont want to sign anything i will try do get an already signed cert

"get an already signed cert" can mean two things: getting someone else's cert with their consent, or brute force until you get a signed one.

Former is piracy, and is out of question. Latter would take trillions of years with current hardware available to consumers, however even if you get a signed cert, it may not work, read my reply to the quote below:

To be fair, bruteforcing should be achievable once quantum computing reaches its potential. I do not expect Nintendo Switch Online to still be available by that point tho.

Even if you somehow brute force a valid, signed cert, there's no guarantee that it'll be accepted by N. They might be keeping a list of valid certs and checking requesting certs against those or they might be keeping a list of banned certs (CRL etc). Latter makes a lot more sense, but this is N we're talking about-- they've rarely made choices that align with industry standards.

My point is that this is a ridiculous idea, even if you are NSA. It would literally be faster, cheaper and more-likely-to-happen to bribe someone at N to get your cert unbanned, or, like, even faster and cheaper would be to get a new switch.

 

[henryford]

Its worse than brute forcing sha256, he needs to break rsa2048 I believe.

I think the console cert is AES-256 (not sha since sha is a hashing algorithm, not an encryption one), and the game certs are rsa 2048. Regardless, AES-256 is way, way stronger than RSA 2048.

 

[Paulsar99]

Seriously you're better off start saving money now and buy a new switch then use your old one for homebrews rather than waiting for the hack that could unban you.

 

[AveSatanas]

I think the console cert is AES-256 (not sha since sha is a hashing algorithm, not an encryption one), and the game certs are rsa 2048. Regardless, AES-256 is way, way stronger than RSA 2048.

he said rsa, not sha. using an symmetric key for a cert wouldn't make any sense, and aes is symmetric, while rsa is asymmetric. For bruteforcing, RSA2048 is much, much harder to brute force than AES256, simply due to the key length (256 vs 2048 bits).

 

[SecureBoot]

No. Please stop making threads about bans. No one wishes to explain to you how the security works, but any idea that you have will not work. Just accept being banned.

There will be no 'brute force'. There will be no 'just edit a few bytes'. That's not how the security model works.

If someone wishes to know more about how something works or has an idea about something, why stop them from asking. I'm getting quite tired of people shutting others down just because they don't fully understand a concept and wish to know more.

Everyone here is a real life person and deserves to be treated as such