Don’t pirate Nintendo Switch games. That’s the message that prominent hacker SciresM has looked to deliver in an extensive Reddit post where he provided an overview about how application authorisation works on the portable home console.
That explanation breaks down what happens when you attempt to connect online in a game, a process that multiple tokens and authorises the Nintendo Account that you are signed into.
It works slightly differently depending on whether you are using a Game Card or playing something that has been downloaded digitally, but the most important discovery is that Nintendo has “extremely strong anti-piracy measures” that are robust enough to detect and thwart those that attempt to play pirated games.
“These are extremely strong anti-piracy measures – Nintendo did a great job, here,” SciresM writes, in concluding their research.
“In the Game Card case, Nintendo can detect whether or not the user connecting has data from a Nintendo-authorized Game Card for the correct title. This solves the 3DS-era issue of Game Card header data being shared between games. Additionally, there’s a fair amount of other, unknown (encrypted) data in a certificate being uploaded — and certificates are also linked to Nintendo Accounts when gold points are redeemed. Sharing of certificates should be fairly detectable, for Nintendo.
“In the digital game case, Nintendo actually perfectly prevents online piracy here. Tickets cannot be forged, and Nintendo can verify that the device ID in the ticket matches the device ID for the client cert connecting (banning on a mismatch), as well as that the account ID for the ticket matches the Nintendo Account authorizing to log in. Users who pirate games definitionally cannot have well-signed tickets for their consoles, and thus cannot connect online without getting an immediate ban – this is exactly how I would have implemented authorization for digital games, if I were them.”