Hacking Update games: what data is transferred?

[NintyGuy]

Hello,

I am actually a quiet fellow reader but would like to clarify this topic with a self-experiment.

First of all, I don't care if I'm banned, so thats why I want to make a test:
I have been installing SX OS for exactly one week, used it offline only and always updated my backups via OFW (+ log cleaning). The last week I have always updated a game per day for testing but I still haven't been banned
Either the bans are arbitrary or no personal keys of the cards are actually transferred if nothing is plugged in.

If personal date will be send, I would be interested to know which keys are transferred. From the last one that I used or all if I have the same game several times?

Tonight I wanted to test with Little Snitch on which servers the switch would like to access when I update.

But now the question arises whether there is also a program with which I can see in text form which requests are sent exactly (thus only the commands) or is something like that always encrypted?

 

[FAST6191]

Not sure really what to say here.

Short version. The sentiment is great and always nice to see people willing to sacrifice such a thing to gain some more info, however here it would probably be a fruitless exercise and you would just get banned for nothing. If you can save it for a later time then you might be able to help out thene.

Longer version.
If I were Nintendo I would probably have done the usual eshop login (which obviously covers banning), had a command to see if this titleid has an update and download accordingly/give people the option. As it is not necessarily like the other consoles and can have saves on carts I am not sure what I would do for that (for a PS4 or something it will have something installed and you can then chuck that in the download queue, if the game is deleted then yeah). I might then expect something along the lines of online games have extra checks, offline games more optional ones. As far as the game specific keys then I might not even bother with those if I can rely on the normal eshop login to remove banned users/switches. I would use said keys if I am allowing access to online game servers but other than that it serves no great purpose.

As far as security I can not rule out them sending relevant over plaintext but I would be surprised if they do -- SSL is easy enough to handle these days. You might leave the bulk downloads as plaintext but logins and small data like last 5 games sent is a different matter.

If you really don't care about bans then you might be able to mod your firmware to store the various session keys and whatnot (I don't think they will allow forced plaintext after the wii and ds third party server thing, though they might depending upon what countries they are operating in -- I don't know what Korea has in that world and I imagine China will have something good for this sort of thing) such that you can decrypt the results of your wireshark capture session after the fact (see something like https://support.citrix.com/article/CTX135889 ). However if you could do that then you would probably not be asking the questions you are asking, and I doubt anybody is presently in the position to provide you a modded firmware to run such an experiment and report back.

Even ignoring all the above and assuming it all works swimmingly then all you would likely gain is a small bit of insight into how the firmware works. If it comes to pass that updates are troubling hacked and banned users then like all the older consoles said updates will probably be downloaded and shared by third parties -- see something like the 360 title updates https://digiex.net/forums/title-updates.59/

 

[iDarbert]

Hello,

I am actually a quiet fellow reader but would like to clarify this topic with a self-experiment.

First of all, I don't care if I'm banned, so thats why I want to make a test:
I have been installing SX OS for exactly one week, used it offline only and always updated my backups via OFW (+ log cleaning). The last week I have always updated a game per day for testing but I still haven't been banned
Either the bans are arbitrary or no personal keys of the cards are actually transferred if nothing is plugged in.

If personal date will be send, I would be interested to know which keys are transferred. From the last one that I used or all if I have the same game several times?

Tonight I wanted to test with Little Snitch on which servers the switch would like to access when I update.

But now the question arises whether there is also a program with which I can see in text form which requests are sent exactly (thus only the commands) or is something like that always encrypted?

Sniffing communication between two systems usually involves using a proxy such as Charles, in that case you would need to set up your Switch to use a proxy in the network settings and point it to the IP address of your computer while running Charles, this way you should be able to inspect traffic.
However as traffic is most likely encrypted you won't be able to see it unless you manage to swap the SSL certificates (I know I'm oversimplifying it, but iirc that's the main gist of it)

But you don't really need to, SciresM has already done a pretty through writeup (can't post a link since I'm a newbie, but it's easy to find on the SwitchHacks subreddit) on how the Switch authenticates requests and at least for now updating games doesn't involve send the cart's unique fingerprint for verification.
It might change in the future