Hacker News new | comments | ask | show | jobs | submit login
Inside Nintendo’s “perfect” method for detecting online Switch piracy (arstechnica.com)
58 points by vanburen 8 months ago | hide | past | web | favorite | 56 comments

More technical analysis: https://www.reddit.com/r/SwitchHacks/comments/8rxg26/psa_str...

(this is the post the Ars Technica post is referring to)

I haven't owned a console in decades, so bear with me: is it currently possible to buy a game and lend it to a friend? I used to borrow my friend's cartridges as a kid. Is that now piracy?

What about second-hand rentals, is that also immoral now?

Lending cartridges and discs works fine (on all modern consoles) and is not piracy. (Edit: Microsoft proposed changing this with the Xbox one by requiring discs to be activated online, but backed down before ever implementing the plan)

The only piracy Nintendo is worried about is cartridge duplication or downloads that don’t involve paying the retail price in the eshop.

Are you sure about that? The one and only time I've interacted with an xbox one, we picked up a physical game, put it in, and then downloaded the game to the xbox. Afaict, there was nothing on the disk itself except perhaps an identifier and a key; the download was substantial. Probably the stupidest interaction I've had with computers yet.

And if thats still the case, I can't imagine downloading the game to multiple xbox's valid behavior. But I also dont remember if the disk was required to be inserted to actually play (which would make the interaction even more obscene).

I think as long as two systems aren't playing the same copy at the same time, they wouldn't do any banning. So lending and rentals should still be acceptable.

The gaming industry has waged war against reselling games for years. They've been partially successful: most PC games these days come as a Steam code. Any kind of Steam content is DRM protected and cannot be resold. You're also not allowed to play two of the games you own on two computers at once (Steam will immediately log you out). There's family sharing but again your family isn't allowed to play any of your games while you're playing.

On consoles the more expensive physical media is still transferable (BR discs and Switch cardridges). Any kind of digital downloads or DLC addons aren't shareable and you're not allowed to sell them or transfer them.

As others said, physical stuff is still sharable; since only one can use it at a time.

However with app-store (no physical disc) stuff, that can't be shared. Basically the same as on PC when using Steam - you get single account lock-in because it is all software only.

(Steam has implemented limited sharing, but it isn't all that great).

On both Xbox one and ps4 you and a friend can set each other's console as your 'home' console. You can then play their digital purchases as well as your own, but with the caveats:

- you must be signed in online to play your own purchases

- other accounts on the console you own lose access to games purchased by your account

You don't need to reveal your passwordor share accounts, just sign in on the console once and set it as 'home'.

Back on the xbox 360, there was a more involved process to do the same thing. A digital purchase really granted two licenses: one tied to your account and one tied to the specific 360 that downloaded it. My sister and I took advantage of that to share season passes for various Call of Duty games.

Useful trick, although I first discovered it when visiting family, buying a game on my account and then wondering why I couldn't play it offline back on my own console.

I'm a bit confused here. I have two Switch consoles, one for myself and one for my daughter. Say I buy the cartridge for the new Smash Bros game. We take turns between my console and her console using the cartridge (not at the same time, for obvious reasons).

Because her unique console and my unique console are sharing a cart (with same cert, I imagine), is that going to lead to us being banned? I honestly haven't done online yet (BotW mostly, some Bomberman local multiplayer), so I don't know if this is an obvious "no" or not, but I do plan to play Smash Bros.

This is perfectly OK. Since you're using a physical cartridge, it's not possible for that cert to be accessing the online system at the same time.

>If you download an illegitimate copy of a Switch game that was purchased on a different console/account, Nintendo can detect the mismatch as soon as you log in and immediately ban the console from its network.

What is stopping hackers from purchasing one game legitimately and just spoof the data after?

> What is stopping hackers from purchasing one game legitimately and just spoof the data after?

If you mean "spoof" in the sense of duplicating the certificate/ticket: Because two consoles would try to use the same cart certificate/ticket.

If you mean "spoof" in the sense of making a fake certificate/ticket: The certificate/ticket are signed by Nintendo, so they can verify on the server side if it's fake or not.

If you mean spoof the console data: As far as I know, you require an NNID to go online, which the console is tied to. So the pirates would have to share login data and chain all the carts/tickets to that one console and login combination. That's probably going to be practically infeasible. Even if it wasn't, Nintendo could probably notice an odd amount of sign-ins coming from a single console, yet also all over the world.

Didn't read the reddit post, but usually the way these things work is there are two cert checks. One for the console and one for the game. The game cert is signed (or there is a signature somewhere) by both the console cert and Nintendo's game-cert CA (not to be confused with Nintendo's console-cert CA which may have the same root but are unlikely the same) in that order. Both are checked server side.

You can't spoof the data, it's generated unique to each game then signed by Nintendo in a way that isn't reversible to anyone else.

Yeah, i have read the reddit post now [1].

If i understood correctly, Nintendo only allows access to online features of the game specified in that particular certificate.

[1] - https://www.reddit.com/r/SwitchHacks/comments/8rxg26/psa_str...

This does mean that you can buy a game, hack it using a modded console, and play online.

This doesn't prevent cheating in online games, just piracy.

> signed by Nintendo in a way that isn't reversible to anyone else.

Well, now you're just challenging people.

How will they handle online banned units when they start getting resold on Craigslist to people who don't know to check it's online access status?

The same way Microsoft and Sony have always done, I'd imagine. Or Apple for that matter.. It's not like there isn't plenty of precedent for this.

That answer being "hard luck, once it's locked it's locked".

I assume the same way it’s handled when you buy any other broken product. Buyer beware.

Would you buy a console without turning it on?

Would you buy a console without turning it on, popping in an online-ready game, and attempting to go online?

Nintendo should start adding some bright, easily visible message to the system UI that indicates the device is permanently restricted so that buyers doing a cursory check would see it. It should be as obvious as a theft-bricked iPhone.

I believe they have a financial incentive to not do this. If buying a second-hand switch is perceived as risky, then sales of new switches will be encouraged. Of course this would cause a switch to depreciate even more when you buy it since it would suppress the market price of a used switch. But I'd wager most people aren't considering how much they could get from selling their switch when they're considering buying one.

Alright I'm claiming ignorance here; I didn't know you had to play an online game to know. Figured it would tell you as soon as it came up assuming you were near wifi (which even then is a big assumption.) My mistake, hadn't thought it through.

I never connected my Switch to the network. Is there some functionality I'm missing?

the E-shop and system updates mostly. If you don't care about either of those it's not a big deal to not have your switch networked.

sidenote: I love how the switch deals with system updates, from a user perspective they take less than 3 seconds.

Nintendo? The same company that let's you download games directly from there store (without buying them) so you can play them on an emulator?

Nintendo. The same company shipping scene rom dump inside Wii Super Mario Bros.

Where is this?

Sounds like the EU will have to invite Nintendo to go fuck themselves for disabling resellable devices. The other thing they do that's pretty nasty is requiring their permission to buy a developer kit instead of something like wifi or a USB cable.

They're not disabling anything. They're banning consoles from online services after attempts to connect to those online services with a pirated game. The device itself is perfectly usable for single-player gaming. This is exactly like Sony and Microsoft have already done for years. If the EU goes after Nintendo here, why haven't they already gone after Sony and Microsoft for the same thing?

Do Microsoft and Sony ban the person or the actual console device? Nintendo are going for the account and the device for what amounts to unsanctioned-by-them use of software:

     "permanently ban those consoles from Nintendo's network."

     "a banned console will stay banned from the network"

I can say at least that the Xbox 360's standard ban for pirated games that failed verification checks was a console level ban, as in, you can take your hard drive and plug it into a new console and you're gaming again. There were also several times account bans were applied as well, like when Forza 3 dropped several weeks early and people tried playing online.

The devices aren't being disabled, they're just having their access to Nintendo's online services restricted. This practice isn't anything new, and has been around as long as internet-enabled consoles have.

From the article:

     "permanently ban those consoles from Nintendo's network."

     "a banned console will stay banned from the network permanently"
It's a device-level ban so it will be applied to any subsequent owners.

If the device has pirated material, isn't the assumption that it's hacked?

How can a resold device be trusted, no matter the owner?

We don't throw out (or ban from online) computers, telephones or tablets when they get a piece of malware installed instead we remove the malware or reset the devices.

Yep. Normal resale is fine and won’t trigger a ban, trying o circumvent the anti-piracy/cheating stuff will.

Just like the other consoles on the market.

So don’t buy those consoles second hand. Again, exactly the same as PS and Xbox.

If Microsoft and Sony do it too it just means all three companies are willfully infringing consumers' rights to buy and sell stuff second hand.

They are not infringing on consumers rights to buy and sell the consoles, but the seller who knows that the console has been banned from online services is perpetrating a fraud upon the buyer. You can buy and sell consoles all day long, but transfer of ownership does not change the status of the console any more than selling a broken console (that is outside any hardware warrantee) obligates a manufacturer to make it work again.

It's more like the company is punishing the current and arbitrarily the future owners of a perfectly functional device because they have some project going to prevent copyright infringement within their company, and way above that is consumer protection laws that are just woefully slow to be applied forcefully.

It took many years but Steam changed their old refund policy after a judge in Australia noted how criminal the old one was where they gave themselves permission to steal indiscriminately from consumers seeking refunds and used their imaginary authority to steal from an estimated 20,000 Australians. They actually stole from people all over the world but seem to have gotten away with it everywhere else.

I think their idea is to punish the current owner; but if that is allowed, there also must be some kind of protection for the secondhand market.

If there was some form of serial #check system (like a car's VIN) for the consoles, then it would be harder to re-sell disabled consoles; still wouldn't prevent people from trying to re-sell them, but it would make it more firmly a case of fraud on the sellers' part if they lied about the serial#.

Why can't they just ban by account? Anyone circumventing bans is going to be committing identity fraud or other crimes so shouldn't they be passing it to law enforcement if they want to pursue it.

Switch hardware will likely be resold for decades so it's obviously going to be onerous for consumers that the devices may be invisibly crippled just because they want less copyright infringement.

They don't even need to ban accounts permanently, it's pretty disproportionate when you think in years and decades of a device's life.

If it's like Sony or Microsoft consoles all you need to make a new account is a different email.

You wouldn't have your save games but if you're setup to run unlicensed copies of games maybe you can also transfer those?

>Sounds like the EU will have to invite Nintendo to go fuck themselves for disabling resellable devices.

Don't virtually all phones have similar functionality?

Do you mean the registry to prevent reselling stolen phones?

I can't drive my car as soon as I run a red light. The punishment seems harsh.

I feel like a closer analogy would be "I can't drive my car as soon as I install flame-thrower exhaust".

What would cause a user in normal operation of a switch to be permanently banned form the Nintendo network?

Isn't the most direct analogy: a stolen car refuses to start? But I would still download a car if I could.

side note: What does flamethrower mean in this case? Some potentially totally legitimate car modifications (e.g., two-step launch control) have the side effect of dumping unburnt fuel into the exhaust, creating a "flamethrower" effect. Not sure if two-step violates noise or "flamethrower" laws first though ;).

> Isn't the most direct analogy: a stolen car refuses to start? But I would still download a car if I could.

Perhaps, and if you buy a stolen item, and the police find it, they will return it to the original owner. You get nothing, you just lost the money you spent.

A "normal" user who has a child who has received a "pirated game" as a gift at school?

The Switch is already hacked meaning that you can have cheaters online, none of what Nintendo is doing prevents that so it's a huge fail ( where Sony and MS are secured )

Since its Nintendo, how easy will it be to break their system?

I can only imagine after beating Zelda and this years Smash people will have plenty of time to make their 450 dollar system(after necessary hardware) interesting.

Im teasing, but after a decade of awful Nintendo systems and letdowns, I'm not above trashing this company.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact