Hacking WAIN Card Dumper NX

Crazy-S

Pessimist
Member
Joined
Jun 18, 2007
Messages
229
Trophies
0
Location
Ask NSA, KGB, or BND
Website
dasbutterschnitzel.com
XP
1,300
Country
Germany
So what about using a different cert for a BBB Release? Lets say If I dump a unused newly bought Gamecart (Let's say Skyrim), which will never be used outside the dumper, and I reinsert the cert of that dump into a BBB release. Would the Big N notice? This would be super impractical but still worth to test, when a wild BackupLoader appears.
 

ehnoah

Well-Known Member
Member
Joined
Oct 9, 2012
Messages
920
Trophies
0
XP
780
Country
Netherlands
Just ordered Mario/Splatoon and dumped it, hope they dont care if 2 pople playing online xD since they cant decide who is the "bad" guy :D

Sadly it is useless for me since TX not plan adding EmuNand soon =(
 
Last edited by ehnoah,

Draxzelex

Well-Known Member
Member
Joined
Aug 6, 2017
Messages
17,129
Trophies
1
Age
27
Location
New York City
XP
11,429
Country
United States
So what about using a different cert for a BBB Release? Lets say If I dump a unused newly bought Gamecart (Let's say Skyrim), which will never be used outside the dumper, and I reinsert the cert of that dump into a BBB release. Would the Big N notice? This would be super impractical but still worth to test, when a wild BackupLoader appears.
That's the part we are not so sure about. There may be additional checks in place within the cartridge if it detects a header that is foreign but until someone dips their foot in the water, we'll never know what the temperature is like.

Just ordered Mario/Splatoon and dumped it, hope they dont care if 2 pople playing online xD since they cant decide who is the "bad" guy :D

Sadly it is useless for me since TX not plan adding EmuNand soon =(
I am pretty sure Nintendo will ban both users in that case. That is why no one went online using the same header for 3DS games as that is an obvious red flag that you hacked your console
 

ehnoah

Well-Known Member
Member
Joined
Oct 9, 2012
Messages
920
Trophies
0
XP
780
Country
Netherlands
That's the part we are not so sure about. There may be additional checks in place within the cartridge if it detects a header that is foreign but until someone dips their foot in the water, we'll never know what the temperature is like.

I am pretty sure Nintendo will ban both users in that case. That is why no one went online using the same header for 3DS games as that is an obvious red flag that you hacked your console

Yeah maybe, I only played Pokemon on 3DS but I think I used CIAs. I wounder if we could technically destroy the Cert on the Cardridge? So you can sent it back as Defect.
 

Draxzelex

Well-Known Member
Member
Joined
Aug 6, 2017
Messages
17,129
Trophies
1
Age
27
Location
New York City
XP
11,429
Country
United States
Yeah maybe, I only played Pokemon on 3DS but I think I used CIAs. I wounder if we could technically destroy the Cert on the Cardridge? So you can sent it back as Defect.
Playing online via installed titles was safer because those don't have unique headers attached to them like cartridges. The same cannot be said of the Switch's installed titles as there may be a possibility that installation now requires part of your unique console certificate so we will have to wait and see. As for modifying the certificate on any cartridge, you cannot as they are read-only. They are not designed to be modified. You can only remove the certificate after it has been dumped.
 

ehnoah

Well-Known Member
Member
Joined
Oct 9, 2012
Messages
920
Trophies
0
XP
780
Country
Netherlands
Playing online via installed titles was safer because those don't have unique headers attached to them like cartridges. The same cannot be said of the Switch's installed titles as there may be a possibility that installation now requires part of your unique console certificate so we will have to wait and see. As for modifying the certificate on any cartridge, you cannot as they are read-only. They are not designed to be modified. You can only remove the certificate after it has been dumped.


Can't we Just Hex Edit it? Change some random Bytes. I mean that is why I bought and sent Back but Not Sure. Have to See how they react to two licences online comparted to 1000+

But they Not Ban consoles right? So Just make a Backup before we linked NID and flash it once Banner? :d
 

Draxzelex

Well-Known Member
Member
Joined
Aug 6, 2017
Messages
17,129
Trophies
1
Age
27
Location
New York City
XP
11,429
Country
United States
Can't we Just Hex Edit it? Change some random Bytes. I mean that is why I bought and sent Back but Not Sure. Have to See how they react to two licences online comparted to 1000+

But they Not Ban consoles right? So Just make a Backup before we linked NID and flash it once Banner? :d
If you are talking about the certificate on the cartridge, you cannot edit it no matter what. The cartridge cannot be edited because it is read-only meaning it is only meant to be run. The files on it cannot be modified within the cartridge. If you dump the cartridge, you can remove the certificate. Also, every single certificate is unique meaning no 2 licenses should ever be the same. Seeing 2 identical licenses online means that the game's data was illegally shared with someone else as there is no feasible way to do this outside of hacking.

When it comes to bans, they can ban the console, Nintendo Account, or both. Banning your Nintendo account is probably the least minor ban and because of this, it probably won't be the one they will opt for. Banning your console means they will deny all requests made by your console's unique certificate when doing anything online-related apart from game and system updates. The only way to bypass a ban right now is to inject another certificate from a donor Switch that is not banned which is the same thing as buying another Switch.
 
  • Like
Reactions: Masterwin

ehnoah

Well-Known Member
Member
Joined
Oct 9, 2012
Messages
920
Trophies
0
XP
780
Country
Netherlands
If you are talking about the certificate on the cartridge, you cannot edit it no matter what. The cartridge cannot be edited because it is read-only meaning it is only meant to be run. The files on it cannot be modified within the cartridge. If you dump the cartridge, you can remove the certificate. Also, every single certificate is unique meaning no 2 licenses should ever be the same. Seeing 2 identical licenses online means that the game's data was illegally shared with someone else as there is no feasible way to do this outside of hacking.

When it comes to bans, they can ban the console, Nintendo Account, or both. Banning your Nintendo account is probably the least minor ban and because of this, it probably won't be the one they will opt for. Banning your console means they will deny all requests made by your console's unique certificate when doing anything online-related apart from game and system updates. The only way to bypass a ban right now is to inject another certificate from a donor Switch that is not banned which is the same thing as buying another Switch.

So we require new keys then or Just get the cert from a new Switch and we are gtg? I know everyting is speculation so.
 

Draxzelex

Well-Known Member
Member
Joined
Aug 6, 2017
Messages
17,129
Trophies
1
Age
27
Location
New York City
XP
11,429
Country
United States
So we require new keys then or Just get the cert from a new Switch and we are gtg? I know everyting is speculation so.
The certificate from the Switch is probably the easiest part of this extremely difficult procedure. As these are generated when they leave the factory, we cannot simply make up our own that Nintendo will let bypass. I also highly doubt someone will offer their own Switch's certificate as that will increase the likelihood that you will both be banned if Nintendo finds out there are 2 consoles with the same certificate.

The keys here are the real nightmare as these are simply unfeasible to brute force. If we had these keys, the entirety of hacking the console gets thrown out the window as it gives us the ability to run anything we want. The only way we are getting these is if someone hijacks Nintendo's headquarters and leaks them online. And at that point, getting caught hacking becomes the least of your worries.
 

ehnoah

Well-Known Member
Member
Joined
Oct 9, 2012
Messages
920
Trophies
0
XP
780
Country
Netherlands
The certificate from the Switch is probably the easiest part of this extremely difficult procedure. As these are generated when they leave the factory, we cannot simply make up our own that Nintendo will let bypass. I also highly doubt someone will offer their own Switch's certificate as that will increase the likelihood that you will both be banned if Nintendo finds out there are 2 consoles with the same certificate.

The keys here are the real nightmare as these are simply unfeasible to brute force. If we had these keys, the entirety of hacking the console gets thrown out the window as it gives us the ability to run anything we want. The only way we are getting these is if someone hijacks Nintendo's headquarters and leaks them online. And at that point, getting caught hacking becomes the least of your worries.


More meant the consoles specific Keys. A new cert you can get easy by buy a Switch and Return it AS defect.
 

Draxzelex

Well-Known Member
Member
Joined
Aug 6, 2017
Messages
17,129
Trophies
1
Age
27
Location
New York City
XP
11,429
Country
United States
More meant the consoles specific Keys. A new cert you can get easy by buy a Switch and Return it AS defect.
You would still need Nintendo's keys to overwrite your old console certificate as those are hard coded into the Switch's NAND. And if you were to grab a unique console certificate from a Switch you are planning to return, I see 2 problems here.
1. You are betting on the fact that whomever buys that Switch will not get banned. If its not a hacker, your chances are pretty good. If it is a hacker, then you both are in the same boat.
2. If you got banned once, you will most likely be banned again so it can become a never-ending loop. Only point I see in doing this is if you were to renounce your hacking ways. Nintendo has definitely beefed up security with the Switch.
 

ehnoah

Well-Known Member
Member
Joined
Oct 9, 2012
Messages
920
Trophies
0
XP
780
Country
Netherlands
You would still need Nintendo's keys to overwrite your old console certificate as those are hard coded into the Switch's NAND. And if you were to grab a unique console certificate from a Switch you are planning to return, I see 2 problems here.
1. You are betting on the fact that whomever buys that Switch will not get banned. If its not a hacker, your chances are pretty good. If it is a hacker, then you both are in the same boat.
2. If you got banned once, you will most likely be banned again so it can become a never-ending loop. Only point I see in doing this is if you were to renounce your hacking ways. Nintendo has definitely beefed up security with the Switch.


Ah got you, i through we can Just flash the Cert Like we do with Partion right now.
 

Falo

Well-Known Member
Member
Joined
Jul 22, 2012
Messages
656
Trophies
1
XP
2,389
Country
Germany
Here the source updated with the changes from 0.0.3:
https://www.dropbox.com/s/b1dofgp2ntsnvji/Switch Gamecard dumper + WAIN v0.0.3.zip?dl=0
Note: WAIN uses 2000000000 (1,86 GB) instead of 2147483648 (2GB), my version uses 2GB, see "dumper.h"

Tested and working with Super Mario Odyssey (8GB rom).

And before someone asks, no i don't know how to add cart2 support.

Note: if you get "MountGameCard failed" then your switch is on FW 1.0.0-2.3.0, the minimum required firmware for
this tool is 3.0.0, Nintendo changed some apis or permissions in 3.0.0 and so some code is broken on older firmwares, this has nothing to do with exfat.
 

Draxzelex

Well-Known Member
Member
Joined
Aug 6, 2017
Messages
17,129
Trophies
1
Age
27
Location
New York City
XP
11,429
Country
United States
Ah got you, i through we can Just flash the Cert Like we do with Partion right now.
We still can't just flash the certificate without Nintendo's keys to sign the flash. The Switch will reject any and all unauthorized modifications made to it. All exploits that we have for most, if not all, consoles bypass these types of checks because we don't have the keys for those consoles. Again, having these keys mitigate the need for a lot of hacks hence why they are not in public circulation most of the time.
 

DocKlokMan

Plugin Dev
OP
Member
Joined
Apr 20, 2007
Messages
3,006
Trophies
1
Age
34
XP
4,319
Country
United States
Here the source updated with the changes from 0.0.3:
https://www.dropbox.com/s/b1dofgp2ntsnvji/Switch Gamecard dumper + WAIN v0.0.3.zip?dl=0
Note: WAIN uses 2000000000 (1,86 GB) instead of 2147483648 (2GB), my version uses 2GB, see "dumper.h"

Tested and working with Super Mario Odyssey (8GB rom).

And before someone asks, no i don't know how to add cart2 support.

Note: if you get "MountGameCard failed" then your switch is on FW 1.0.0-2.3.0, the minimum required firmware for
this tool is 3.0.0, Nintendo changed some apis or permissions in 3.0.0 and so some code is broken on older firmwares, this has nothing to do with exfat.
Does it have the same issue where the first part is larger than 2GB because it also includes the header info?
 

Falo

Well-Known Member
Member
Joined
Jul 22, 2012
Messages
656
Trophies
1
XP
2,389
Country
Germany
No i guess i fixed that myself when recreating the source ^^.

Code:
        //WAIN 0.0.3 fat32 support
        if(isFat32 && ftell(outFile) >= SPLIT_FILE_2GB)
        {
            splitId++;
            fclose(outFile);
            sprintf(filenamebuf, "game.xci%i", splitId);
            fopen(filenamebuf, "wb");
        }

the original code made a mistake here, it uses "if (isFat32 & ftell(outFile) >= SPLIT_FILE_2GB)", so i guess the check fails for part 1.
All parts dumped by my code are exact 2,00 GB.
 
  • Like
Reactions: peteruk
General chit-chat
Help Users
    Psionic Roshambo @ Psionic Roshambo: I need the certificate of authenticity and I am going to have to frame it, best I can do is tree...