Suggestion XCI Cert Manager to Share Games With Friends

Discussion in 'Switch - Emulation, Homebrew & Software Projects' started by blaze5, Aug 4, 2018.

  1. blaze5
    OP

    blaze5 Member

    Newcomer
    3
    Nov 27, 2016
    United States
    Similar to how you can share your Steam library with family or friends I thought it'd be cool to be able to do the same thing with Switch. It'd be basically the same thing as handing your physical Switch cart to a friend, but with the convenience of a backup loader with all your games on an SD without having to switch carts. This is intended for a small group of family/friends (or personal use) which you trust and will allow access to on an individual basis. The point of this is to safely allow multiple people to use XCI dumps online and avoid bans.

    The idea is to embed or integrate into a backup loader a component which manages the unique keys on an XCI image and ensure that only one person is using it online at a time. Basically each person would have an RSA public and private keypair to identify the user to share with and you can configure for each XCI who you want to share that game with (whitelist). Some games you could designate as offline only which would allow multiple people to use the same XCI at a time, but would disable Internet connections for that game on boot. I'd also like some notification system that allows you to see who is using each game and if you want to kick them off and play your game you could send a Switch notification (like a modified built-in download finished notification) to give them a few minutes to save and wrap things up. A companion PC tool could also be made, but I think it'd be better to keep everything local to the Switch. I don't want this to require any centralized servers which need to be set up or any port forwarding needed either; just easy to set up and convenient to use.

    To get something like this to work, we obviously need an open source XCI backup loader available first but this would be relatively simple to implement and some of this can be done now in the meantime. I have some programming experience, but am not familiar with the specifics of the Switch HW and what's possible right now as far as level of access to system interfaces and control so I'm not sure how much time I'll have to work on this myself. That being said I'd like to work on something like this and could start a Github repo it just might not be as fast for me to work on as other devs who already know what they are doing. I'd like to gauge interest on this and see if anyone has any insight on how viable some of these features are. I'd imagine some of the features (like leveraging the Switch notification system or disabling network connections for a game) would need higher levels of access and we might have to wait or add in ourselves for Atmosphere or other CFWs to provide those capabilities.

    Desired features:
    - Easily generate and share user RSA certificates on Switch HW (used to uniquely identify users and share XCI key data)
    - Encrypt unique XCI certs with PKI and inject at backup loader (prevent someone else from resharing your XCI certs)
    - Scrubbed XCI images are kept separately from encrypted XCI certs (if no XCI cert is present/available, game will boot in offline mode)
    - Offline booting mode to disable Internet connections for a game allowing multiple people to play an XCI image at the same time (offline/local play)
    - List of games you are sharing/shared with you (by user, group, or shared pool) that shows games in use
    - Support for multiple XCIs of the same game for online play between 2 or more people
    - (extra) SFTP integration to connect to your own external FTP server to share scrubbed XCI images
    - (extra) Leverage built-in Switch notification system to send messages to other users
    - (extra/separate homebrew integration) voice chat and messaging system without having to use a stupid app
     
    Last edited by blaze5, Aug 5, 2018
  2. huma_dawii

    huma_dawii GBAtemp Psycho!

    Member
    9
    Apr 3, 2014
    United States
    Planet Earth
    This is just asking for trouble... the risk of getting banned is EXTREMELY HIGH. xD
     
    Naked_Snake likes this.
  3. blaze5
    OP

    blaze5 Member

    Newcomer
    3
    Nov 27, 2016
    United States
    Is it though? If you are only sharing your games with a small group of friends I don't see how it'd be different from handing your friend your cartridge. I've read that people on SX Pro can play online with their own carts without any issues and this would ensure multiple people aren't using the same cart online at the same time.

    That being said we would want to take precautions to avoid bans and try to leave no trace through CFW.
     
    Last edited by blaze5, Aug 4, 2018
  4. ByteBite

    ByteBite GBAtemp Fan

    Member
    5
    Aug 20, 2013
    Seychelles
    I can only see this ending in tears.
     
    whateverg1012 likes this.
  5. blaze5
    OP

    blaze5 Member

    Newcomer
    3
    Nov 27, 2016
    United States
    I'm not saying there's no ban risk, but can anyone provide any reasons why it'd be likely? Just saying it will result in bans without any rationale just seems like speculation to me. If there are good reasons why this would result in bans I'd like to know but I'm not interested in unfounded fear without explanations.
     
  6. Kyuuketsuki

    Kyuuketsuki GBAtemp Regular

    Member
    2
    Jun 1, 2018
    United Kingdom
    Seinan Eikoku
    I'd never share my certs with anyone, purely because I know that sharing with one person then becomes multiple people and then...

    All of a sudden, one of those people have abused it and then your perfectly innocent game cert has been flagged by Nintendo.
     
    blaze5 and ByteBite like this.
  7. blaze5
    OP

    blaze5 Member

    Newcomer
    3
    Nov 27, 2016
    United States
    That's a fair point. But it would be designed in a way so the XCI would only be patched before loading and reverted back (or better yet the unique XCI certs are injected into the backup loader temporarily) so your certs can't be shared any further. Your XCI cart data would be stored encrypted and due to PKI encryption only the person you shared it with would be able to decrypt it (which would happen automatically and not be accessible by the user). The XCI certs you share with friends would be encrypted and wouldn't be easily accessible to the shared users (i.e. your friend can't share your game with other people, you would have to allow each person you want to share with individually). The idea is to share this to a small group where you allow access to each person yourself.
     
    Last edited by blaze5, Aug 4, 2018
  8. emilio546

    emilio546 Member

    Newcomer
    1
    Jan 27, 2017
    Ecuador
    In my opinion this does not sound any good, would be easier if you just give your nintendo account if its going to be with a small group of "trusted" people for you, as you say in your post, its just a ridiculous request, theres no need for it, you are the only client for it, its not even logical to do.
     
  9. blaze5
    OP

    blaze5 Member

    Newcomer
    3
    Nov 27, 2016
    United States
    @emilio546 What are you even talking about? Giving your Nintendo account to someone else to be used on multiple systems is useless if you want to share games with another person (I know my brother's account is also on my Switch). If that's not enough for you, the Nintendo Accounts on Nintendo Switch (FAQ) on Nintendo of America states, "Games that you’ve purchased through the Nintendo Switch eShop can be played on the one active Nintendo Switch console for your Nintendo Account". Saying there's no need for it is ridiculous and it's certainly a logical thing to do. As I mentioned in the OP, Steam allows you to share your library with other people and there are people who would certainly benefit from this. Ever heard of letting a friend borrow a game? I'm willing to work on this myself and integrate it with backup loaders in the future. What ideas and development are you contributing to the scene?

    Besides the good point @Kyuuketsuki brought up (which I provided a solution for and helped flesh out and communicate the idea better), everyone else is scared or calls it a bad idea without any reason or explanation. Not very helpful comments or criticism to encourage someone to dedicate their time and resources to develop something for free to benefit the rest of the scene. Again if people have legitimate reasons why this could lead to bans or isn't a good idea I'd like to hear them to figure out solutions to those issues or understand if it's not feasible. So far all of the comments (except the one I mentioned) contribute nothing and make this feel like a waste of my time.
     
  10. Darodin

    Darodin Newbie

    Newcomer
    1
    Aug 5, 2018
    Netherlands
    Can't you just dump your own cartridge and put it on a Drive so you can link It with your mates?
     
  11. blaze5
    OP

    blaze5 Member

    Newcomer
    3
    Nov 27, 2016
    United States
    @Darodin Yes you could just dump your own carts and put them on some shared drive but this will limit further sharing and ensure only the people you allow can use your XCI's certs. The only XCI files you would want to share directly are the scrubbed versions with the unique portion wiped out (to limit the scenario brought up by @Kyuuketsuki above). But you don't want your friends to use the scrubbed XCI online without a cert either as that would result in a Nintendo account ban.

    Since each XCI image has unique certs, Nintendo can detect and ban if they see multiple people using the same XCI cert online at a time. This will ensure that only one person is using an XCI cert at a time and allow you to share your games with friends safely and provide a convenient shared library. The offline mode can allow multiple users at a time for games that don't require online. It will also be bandwidth efficient since it only needs to share the unique cert of each cart (PKI encrypted). This is meant to allow multiple people to use a cartridge dump online safely to avoid bans with the precautions (limit 1 active user per XCI cert, access control, encryption, offline mode) put in place.
     
    Last edited by blaze5, Aug 5, 2018
  12. Kyuuketsuki

    Kyuuketsuki GBAtemp Regular

    Member
    2
    Jun 1, 2018
    United Kingdom
    Seinan Eikoku
    To be honest, if they can go so far as to use an XCI on their console. It shouldn't trouble them to download WAIN, rip their own cert and patch their own XCI image. But going online would call for a ban, since each cert is unique and if you're playing with three people and Nintendo see a cluster of certs that say for example "XX001X11X00A" at the same time from locations that are scattered, Nintendo will ban just about anyone who looks out of place on their servers. There is no way to avoid getting banned, unless there becomes a way of writing an entirely new and unique cert (it will never happen).
     
  13. blaze5
    OP

    blaze5 Member

    Newcomer
    3
    Nov 27, 2016
    United States
    My point there was specifically to @Darodin about why just sharing your XCI files is a bad idea. My solution will keep the XCI data and certs separate with the certs encrypted with PKI to prevent the sharing issue you mentioned before. The handling of certs won't require another user to patch an XCI image with their own cert and will be done automatically. This is meant to be simple and convenient requiring little setup and technical know-how on the user's part (plus it'd be useful personally too without sharing games with anyone else).

    This XCI manager will only allow one person to use an XCI cert online at a time. If you are sharing your cert with someone on the other side of the world then sure Nintendo could figure out that 5 minutes ago someone used the cert in Australia and now it's being used in Canada (if they even look at the data that in depth and could be circumvented with a VPN if you were really afraid of it). Chances are the people you want to share with are at least relatively close by though. I think in its current form it provides a lot of safety, but as an extra precaution, you could add in some delay so that another user would have to wait a certain amount of time to play that single game. Using the example of physical cartridges (which is basically the same as XCI) and a family with 3 systems, they can all be using the same group of cartridges and Nintendo isn't going to ban them. In an extreme example like I mentioned where someone on the other side of the world is using your cert minutes after you did sure maybe Nintendo is looking out for that, but for the majority of people this isn't going to be an issue.
     
  14. Kyuuketsuki

    Kyuuketsuki GBAtemp Regular

    Member
    2
    Jun 1, 2018
    United Kingdom
    Seinan Eikoku
    That's where the concept is flawed, because it wouldn't just be one person at one time and there would be no sure way for the user to know if the cert is in use.
     
  15. blaze5
    OP

    blaze5 Member

    Newcomer
    3
    Nov 27, 2016
    United States
    @Kyuuketsuki What do you mean by it wouldn't just be one person at a time? Are you saying the concept of only allowing one person to use an XCI cert at a time is flawed or the implementation? For a comparison, think about multiple people exchanging the same physical Switch cart and using it at different times. The same cart can't be in two or more places at the same time. This XCI manager will enforce that only one person is using the unique XCI cert at any time. Each system checks first to see if that cert is in use online before launching that's the whole point of this. With the XCI manager, you'll be able to see for every XCI image you are sharing if someone is using that XCI cert (and it will tell you which user is using it) and prevent you from launching the XCI online if another person is using it (or kick them offline to give you online access). There is certainly a way to know if the cert is in use because the system starting up a game (as a component of the XCI manager) will tell the others it is using that XCI image and the other systems will query each other to see if a game is in use before launching. If a game is already in use online, it'll boot in an offline mode which will disable Internet connectivity for that game completely. With PKI encryption, networking between XCI managers on different systems, and access control, you know exactly who is using what XCI image at a time.

    I don't think this needs to be said as it seems pretty obvious but you aren't going to use XCI dumps you find online for this and need to start with your own dumps that have valid XCI certs that no one else is using. Technically if you buy a game used, you don't know if someone else is still using that XCI cert, but that'd be a really douche move for someone to do, is still unlikely, and completely a non-issue if you bought the game new. Also keep in mind this is only for XCI dumps, not NSP since there is no way to use someone else's NSP online without getting banned.

    To clarify the offline mode, if you are wondering how another system can communicate to the others while in the offline mode, the system will still be connected to the Internet, but the game will not have any connectivity. As usual, you can also configure a DNS to block connectivity with known Nintendo servers. The offline mode would work by sandboxing the game in the backup loader or only allowing traffic through the hosts and ports used to communicate between multiple users running the XCI manager. And if you don't have aren't connected to any Wi-Fi networks, the game will just boot in offline mode (in case it reconnects at some point) and will let other users know it is playing the game in offline mode when it gets connectivity.
     
    Last edited by blaze5, Aug 7, 2018
Loading...