Question XCI certificate for multiple Games

Discussion in 'Switch - Backup Loaders & Modchips' started by noX1609, Jul 8, 2018.

  1. noX1609
    OP

    noX1609 B9S freak ;)

    Member
    3
    Aug 30, 2016
    Germany
    Hi,

    i know that Switch cartridges does have a certificate to authenticate that it‘s a legit gamecard.
    We can already dump this certificate as i know.
    But my question is: does every gamecard of the same game does have the same certificate on it or does every card of the same game have a unique certificate?

    I ask because i came up with the question if it‘s possible to dump the certificate let‘s say from my cartridge of LA Noire and inject this into the xci file of another game (let‘s say Mariocart 8) will it be seen as ledgit on online play or not?
    Don‘t want to do it (i do own all games i want to play) but had a discussion with a friend yesterday evening and because with both habe a different guess (i said it‘s not seen as ledgit and he says it would work) i thought i ask here because here are a lot of experts about the Switch‘s system and how it works.
    Searched google before posting but couldn‘t find anything related to this question.
    Hope someone can answer this question and hopefully can explain how it works (if for example every gamecard of LA Noire has the same certificate or different ones) :)
     
    Last edited by noX1609, Jul 8, 2018
  2. Rel

    Rel GBAtemp Regular

    Member
    3
    Jun 4, 2018
    United States
    All carts have a uniqiue certitficate, some people have been using the same cert for multiple games and the cert gets banned from online play later on as well as the console in some cases. From what I have seen though using larger game certs and the same type of cert (type 1 cert on type 1 games, type 2 on type 2 games) works longer for avoiding cert bans.
    Here's a thread where someone is currently playing online with this method https://gbatemp.net/threads/xecuter...s-using-cert-from-another-game.508357/page-21
     
    Last edited by Rel, Jul 8, 2018
  3. noX1609
    OP

    noX1609 B9S freak ;)

    Member
    3
    Aug 30, 2016
    Germany
    @Rel: Thanks for your answer so it‘s correct what i said that one certificate for all games does work but has a huge ban risk because all cartridges does habe a unique certificate.
    Beside that i‘m really surprised that each card has a different certificate because then they need to use a very long key because there are a lot games and thousands of copies of each game so they need a lot of certificates because there have to be no duplicates otherwise the system wouldn‘t work.
    At least they learned someting after the 3DS because there was a single cert/ticket on digital games for every copy of a game so playing online with a correct copy was possible without getting banned in short time (exept if you played a game before it was released like Pokemon Sun&Moon or you downloded / played a lot of eshop games without buying them —> Freeshop or you used cheats/hacks in online multiplayer)
    But exept the bans for playing Sun&Moon early there were no big ban waves if i remeber
    correctly.
     
  4. Tke1

    Tke1 Member

    Newcomer
    1
    Jul 12, 2016
    Belgium
    I have dump my certificate from the game "Sine Mora EX" and played 3 days online splatoon , Mario Kart 8 and rocket league. Banned today after 3 days, Its only certificate ban (Fortnite ok and eshop too). Error : 2124-4025
     
  5. Draxzelex

    Draxzelex GBAtemp Guru

    Member
    16
    Aug 6, 2017
    United States
    New York City
    Every cartridge certificate is unique to some degree mostly because on top of online services and title ID, they can be redeemed for gold coins and only one certificate can be used at a time meaning Nintendo has a way of tracking them. We still don't fully understand everything inside the certificate, but they can ban people when there is a mismatch between the title ID of the certificate and the backup. See here for more info: https://www.reddit.com/r/SwitchHacks/comments/8rxg26/psa_strong_antipiracy_measures_implemented_by/
     
  6. Elliander

    Elliander GBAtemp Advanced Fan

    Member
    3
    Sep 16, 2011
    United States
    Illinois
    It makes sense that it's only a cert ban, because if they console banned people for using either duplicate certs or a cert in the wrong place there are potential consequences to legit players.

    For example, suppose I rented out a switch game and kept the certs on it and then played online with it. At the same time, being that it's a rental game, someone else is using the official cart. Nintendo would have no way of knowing which is the legitimate cart so if they banned the consoles that were using it they could inadvertently ban someone for using a rental game which might actually cause some problems because video game rentals are illegal in the US and it could be interpreted as an attack on video game rentals.

    similarly, if you use the cert with some other game and someone else was playing the original game, they couldn't just ban the consoles using the cert because they run the risk of banning the wrong console.

    My question would be this: what happens if you try to use two copies of the same cert on the same local play? Suppose I have two copies of the legit game, but of course I can't tell at a glance which is which and say I neglect to label them. Are there checks in place to keep them from playing together? That is to say, is there a reason to remove the certs from the file to look more like a scene release? similarly, if one of them is running a backup offline and the other is running the official cart online and they aren't playing online together, just locally playing together, is there any risk of a cert ban?

    if there is, then that would actually create a whole new vulnerability. It would mean that the certificate information is transmitted over Wi-Fi two other switch consoles which would mean that someone could build a Snipping tool to farm for certificates for online play, so I really hope that Nintendo didn't do something stupid like Implement checks in this way.
     
Loading...