Hacking Discussion Why FreeShop is still possible on the Switch, and what should have been done to prevent it.
- Thread starter SimonMKWii
- Start date
- Views 25,979
- Replies 84
- Likes 24
A dependency of the script is the source of the issue. Let's leave it at that. By removing that dependency, the script works.
Last edited by kevin_1351,
Coincidence? I don't think so.
Nintendo likes to visit GBAtemp
Nintendo likes to visit GBAtemp
Nintendo took a swing and now CDNSP down.. for now.. at least until we swing back.
"Request rejected by server! Check your cert."
Let the cat and mouse games begin!
Last edited by morrison22,
The cert isn't blocked tho. The error message is wrong. Wait a few hours and you'll see what pops up..
This is a cool writeup, nice work. As for the remainder, this seems like the best outcome for piracy on a console- that being no online being available.
Put on your tin foil hats, boys... What if Nintendo designed this specifically to make playing games online impossible, but didn't go out of their way to make the actual piracy itself difficult? More studies are released every day that point to piracy ending up having a net positive effect on sales, and Nintendo sure wasn't trying to curb sales. So many people on this thread are saying "this is trivial to fix, this would have been fixed if I was in charge, this isn't difficult to deal with... etc." So what if... It was left out deliberately? The online authentication is all but bulletproof, but this... I don't know, they're not stupid.
EDIT: feel free to call me a stupid kid mcstupid pants for this, it's just worth mentioning
Put on your tin foil hats, boys... What if Nintendo designed this specifically to make playing games online impossible, but didn't go out of their way to make the actual piracy itself difficult? More studies are released every day that point to piracy ending up having a net positive effect on sales, and Nintendo sure wasn't trying to curb sales. So many people on this thread are saying "this is trivial to fix, this would have been fixed if I was in charge, this isn't difficult to deal with... etc." So what if... It was left out deliberately? The online authentication is all but bulletproof, but this... I don't know, they're not stupid.
EDIT: feel free to call me a stupid kid mcstupid pants for this, it's just worth mentioning
I can see in a few months, a magnificent freeshop-esque creation. Just you wait and see. Good days to be alive for gamers.
They only patched shogun.get, the least problematic bit, but not shogun.getwithidtoken or shogun.post...
So, at this point, the following issues need to be fixed:
- Atum should check your account for ownership of a certain title before returning the content, period.
- Since they already log all requests, right now they collect stuff for a period of time, filter out the requests, then do a mass ban based on the dodgy ones.
- I personally believe, from a security standpoint, you should be banned immediately on detection, as the difference in response time would be negligible considering modern internet speeds, so latency wouldn't be a huge issue.
- It shouldn't be that difficult to implement verification procedures via communication between the atum and bugyo servers.
- GetWithIdToken still doesn't require the X-DeviceAuthorization bearer auth token, only the Nintendo Account id token is needed, therefore still allowing arbitrary title downloads.
- The /download endpoint of owned_titles still doesn't perform any checks to see whether the title is owned or not.
They needed to act cuz of online multiplayer cheaters and p0rn posters. Also a paid online service is a good idea, additional barrier to cheaters.
I think a better barrier is a 300 dollar brick. I could care less about my account, that's 20 a year. I care more about my 300 Switch being blocked from online activities.
It is too bold to call a banned console a "brick". It is just you need that online features and you also cant softmod your console in any way. I think it would be a good option to play pirated games, HB, etc and play legit online games on one console, but the only option for now is to have two consoles, and that is stupid. It is better to spend this 250$ on legit games, or dont waste 250$ and just pirate all offline.
If a hackers sole purpose is to go online and hack, then a console with no ability to go online is effectively a brick for that user. The term used in the way I did is indeed gray, but the general results in which a brick is used is still correct. A console a gamer uses to game that can no longer run games is a brick; a console a hacker uses to hack online that can no longer go online is a brick.
I agree, but do you know those hackers? 99% a stupid kid with an idea like why not? He watched his friend cheated Mario Kart to the top, so he can also. And there are tons of this kind of hackers. So Nintendo started react pretty fast.
Similar threads
-
- Article
