For as long as games consoles have existed, security to prevent people from playing pirated games has been under attack.
In the early days, the existence of a hardware cartridge was initially enough to prevent clones, but with ever more determined hackers on the job, few protections have survived the tests of time.
More recently, however, the mighty Xbox One and PlayStation 4 have proven exponentially more difficult to crack. Locked down hardware and continuously updated firmware pose unprecedented challenges to today’s hackers, with few making the progress they did in years gone by. Last December, however, some exciting news appeared on the horizon.
Hacking veterans Team-Xecutor revealed that they’d developed a kernel hack for the Nintendo Switch. That led to further revelations in January that they’d developed a hardware solution that exploits a fundamental flaw in the Switch system, one that Nintendo would be unable to stop.
“This solution will work on ANY Nintendo Switch console regardless of the currently installed firmware, and will be completely future proof,” the team explained.
With the prospect of “unstoppable” mass piracy just around the corner, a new buzz appeared around the Switch platform. Whenever consoles get cracked their popularity tends to increase, but for those thinking of jumping aboard the platform for a new swashbuckling adventure, there are some interesting caveats to consider.
In a detailed posting to Reddit titled ‘How Application Authorization works on the Nintendo Switch’, hacker SciresM single-handedly pours enormous buckets of cold water on the prospect of rampant Switch piracy – at least in the way that some consumers are envisioning it.
“After doing some research earlier today into how the Switch gains authorization to play a given game online, I learned that Nintendo has implemented some very strong anti-piracy measures in this regard — they can actually perfectly detect whether a digital copy of a game has been legitimately purchased,” SciresM explains.
Although highly technical in practice, the manner in which this verification takes place can be explained in simple terms.
When people attempt to go online with a game, their Switch first checks whether it can connect to the Internet by checking ctest.cdn.nintendo.net. Once that is established in the positive, the console checks whether it can get a device authorization token from Nintendo which allows it to go online.
If Nintendo issues a token the console can sign in, once it has authorized the Nintendo account being signed into. The console can then obtain an application authorization token for the specific title being played and the fun can begin. However, if Nintendo doesn’t like what it sees (such as pirate activity), it can prevent a console from going online, a disaster for those hoping to play with friends.
The way Nintendo detects such activity is explained in SciresM’s technical overview but the basis of its protection centers on a unique encrypted client certificate found in the TrustZone, “an isolated security-focused CPU core” which is burned into every Switch console at the factory.
“Note that unlike the 3DS, this means that Nintendo can tell what console makes a given request. This means Nintendo can block misbehaving user’s certificates, leaving them permanently unable to use any of Nintendo’s network,” SciresM notes.
Because all requests to Nintendo require a client certificate, Nintendo can associate blocked accounts with a console. But the Japanese gaming company has another trick up its sleeve.
“Your console obtains an application authorization token for the specific [game] title being played. This is the really interesting component — and it’s where Nintendo’s strongest security measure lies,” SciresM reveals.
“In the gamecard case, Nintendo can detect whether or not the user connecting has data from a Nintendo-authorized gamecard for the correct title. This solves the 3DS-era issue of gamecard header data being shared between games. Sharing of certificates should be fairly detectable, for Nintendo.”
When it comes to digital games, Nintendo has an even stronger hand. An encrypted ticket inside the title holds essential information such as the console’s unique device ID and the Nintendo account used to purchase it and log in. When combined, Nintendo has all the details it needs to determine if the user is playing by the book.
“Users who pirate games definitionally cannot have well-signed tickets for their consoles, and thus cannot connect online without getting an immediate ban — this is exactly how I would have implemented authorization for digital games, if I were them,” SciresM concludes.
The bottom line here is that people pirating games on Switch will have their consoles banned, a massive deal-breaker for many. While there will be some who will be satisfied with offline play, being banished to the single-player wilderness is effectively a punishment in today’s connected world and is unlikely to regain the popularity it once enjoyed.