People playing pirated games on their Nintendo Switch are at risk of a console ban
It should go without saying, but if you intend to play online, you should not do it on a hacked console (any console, this is not Switch specific). Let alone playing pirated games online. This should be obvious, but it seems some people are still willing to take a chance.
Switch hacker SciresM has taken to reddit in order to explain how Nintendo have implemented strict authentication checks, and how they could use those to ban consoles or accounts.
Long story short, permission checks are performed server-side by Nintendo, cannot be bypassed, and give Nintendo enough to identify the console and the account associated with it. When you try to play a game online, Nintendo receive enough information about the console and the account that they could ban one or the other if they feel like it.
The hacker emphasizes that detection mechanisms exist both for digital games as well as gamecards. Although the protections are a bit different fort those two use cases, Sciresm explains the security is strong in both cases:
These are extremely strong anti-piracy measures — Nintendo did a great job, here.
In the gamecard case, Nintendo can detect whether or not the user connecting has data from a Nintendo-authorized gamecard for the correct title. This solves the 3ds-era issue of gamecard header data being shared between games. Additionally, there’s a fair amount of other, unknown (encrypted) data in a certificate being uploaded — and certificates are also linked to Nintendo Accounts when gold points are redeemed. Sharing of certificates should be fairly detectable, for Nintendo.
In the digital game case, Nintendo actually perfectly prevents online piracy here. Tickets cannot be forged, and Nintendo can verify that the device ID in the ticket matches the device ID for the client cert connecting (banning on a mismatch), as well as that the account ID for the ticket matches the Nintendo Account authorizing to log in. Users who pirate games definitionally cannot have well-signed tickets for their consoles, and thus cannot connect online without getting an immediate ban — this is exactly how I would have implemented authorization for digital games, if I were them.
Sometimes, the ban might be because of “suspicious” activity on Nintendo’s servers, not related to piracy. This is probably what happened to a handful of Switch hackers earlier this year.
This goes without saying, but people who intend to hack their console should not use it to access online services provided by the manufacturer. Doing this puts you in breach of the Terms and Conditions from the manufacturer, and they will take action to protect their network. This is even truer for people who intend to do this with pirated games. That one in particular should be obvious.
Source: SciresM on reddit