When hackers revealed an unpatchable exploit allowing deep system access in all existing Switch consoles back in April, some industry watchers worried that this would lead to widespread piracy for copyrighted games on the system. Additional work by longtime Nintendo hacker SciresM, though, lays out the relatively robust protections Nintendo has in place to detect systems playing pirated games online and to permanently ban those consoles from Nintendo’s network.
SciresM’s lengthy Reddit post goes into a good level of technical detail on how Nintendo authorizes games and systems when connecting to the Nintendo network. The core of the protections comes from a unique encrypted client certificate stored in the “TrustZone” core of every Switch unit.
That certificate is used to identify the specific hardware being used to log in to Nintendo’s servers, meaning a banned console will stay banned from the network permanently. That’s a change from the 3DS, where users could use a fake token to get around a console-level network ban (at least until another ban came down, that is).
For Switch games themselves, Nintendo also uses encrypted certificates to verify that the game in question is legitimate when connecting online. In the case of physical game cards, that certificate is a unique, RSA-2048-signed string that’s written at the factory. That means “sharing of certificates should be fairly detectable, for Nintendo,” SciresM writes, and the system fills in a 3DS security hole that involved the reuse of legitimate game-specific header information.
For downloadable Switch games, an encrypted ticket inside the game data integrates information about the game with the console’s unique Device ID and the Nintendo Account ID used to purchase it. This method “actually perfectly prevents online piracy,” SciresM writes, by cryptographically tying downloaded copies of games to the system and account first used to purchase them. If you download an illegitimate copy of a Switch game that was purchased on a different console/account, Nintendo can detect the mismatch as soon as you log in and immediately ban the console from its network.
Nothing in this online-authorization process will prevent exploitable Switch consoles from running pirated software completely offline, of course. But the method SciresM lays out should completely prevent Switch piracy on any game a user might want to play online. System firmware could also theoretically detect pirated games being played offline, then bury a flag in the hardware to activate a network ban the next time the player logs in.
There are somesigns Nintendo is already rolling out these system- and account-level bans for users it detects using hacked consoles and/or pirated software. Since Nintendo can’t fix the Tegra-based hardware exploit already buried in tens of millions of extant Switch consoles, this is probably the company’s best way to fight back against what it sees as unauthorized modifications. As always, let the hacker beware.