SpotPass: Difference between revisions
| Einstein95 (talk | contribs) mNo edit summary | DaniElectra (talk | contribs)  →Payload Content Header:  Expand documentation | ||
| (18 intermediate revisions by 3 users not shown) | |||
| Line 10: | Line 10: | ||
| *Required for initialization of [[eShop]], (for first time eShop users). Not required for using eShop after first use. | *Required for initialization of [[eShop]], (for first time eShop users). Not required for using eShop after first use. | ||
| In some cases the BOSS module will add the following URL parameter to HTTPS requests, when connected to a [[Nintendo Zone]] AP: "ap=<NZoneApNum>". | In some cases the BOSS module will add the following URL parameter to HTTPS requests, when connected to a [[Nintendo Zone]] AP: "ap=<NZoneApNum>" or when using a specific [[Cfg:GetSystemModel|system model]]: "tm=<SystemModelNumber>". The Old 3DS and Old 3DS XL don't set this value. | ||
| == policylist == | == policylist == | ||
| Every time the system connects to the wifi AP, the BOSS ("Background online storage service" = SpotPass) module itself will download the cleartext xml policylist: "https://nppl.c.app.nintendowifi.net/p01/policylist/3/<countrycode>". This policylist contains a list of SpotPass tasks for certain titles. This policylist can control whether the specified tasks are processed at all | Every time the system connects to the wifi AP, the BOSS ("Background online storage service" = SpotPass) module itself will download the cleartext xml policylist: "https://nppl.c.app.nintendowifi.net/p01/policylist/3/<countrycode>". This policylist contains a list of SpotPass tasks for certain titles. This policylist can control whether the specified tasks are processed at all. | ||
| As of the policylist updated 2017-11-08, this stops the <tt>OlvNotf</tt> task for <tt>000400300000bc00</tt>, <tt>000400300000bd00</tt>, <tt>000400300000be00</tt> for all regions and <tt>basho0</tt> for the [[Home Menu]]. Japan also has the <tt>9ER_NTD</tt> task blocked for いつの間にテレビ (<tt>0004000000034700</tt>). | As of the policylist updated 2017-11-08, this stops the <tt>OlvNotf</tt> (Miiverse notification sync) task for <tt>000400300000bc00</tt>, <tt>000400300000bd00</tt>, <tt>000400300000be00</tt> for all regions and <tt>basho0</tt> for the [[Home Menu]]. Japan also has the <tt>9ER_NTD</tt> task blocked for いつの間にテレビ (<tt>0004000000034700</tt>). | ||
| == User Agent == | |||
| The default user-agent used for SpotPass HTTPS requests (including the policylist) has the following format: | |||
| <tt><user agent codename>-<user agent version>/<printed hex u64 [[CfgS:GetLocalFriendCodeSeed|LocalFriendCodeSeed]]>-<printed hex u64 [[FRDU:GetMyFriendKey|Friend]] [[FRDU:PrincipalIdToFriendCode|Code]]>/<text [[CVer|system]] [[NVer|version]]>/<CTRSDK version of sysmodule>/<[[Cfg:GetSystemModel|system model number]]></tt> | |||
| The codename can be set to either <tt>PBOS</tt> (Production BOSS?) or <tt>DBOS</tt> (Development BOSS?) depending if the console is a [[Configuration_Memory#UNITINFO|retail]] unit. As of system version 11.17, the user agent version is hardcoded to 8.0 and the CTRSDK version is set to 62452 (0xF3F4). | |||
| No user-agent is used for plaintext HTTP requests with SpotPass. | |||
| == Titles Spotpass usage == | == Titles Spotpass usage == | ||
| Line 35: | Line 45: | ||
| == Automatic System Update Download == | == Automatic System Update Download == | ||
| See [[Automatic System Update Download]]. | See [[Automatic System Update Download]]. | ||
| == BOSS Sysmodule Savegame== | |||
| See [[BOSS Savegame]] | |||
| == Content Container == | == Content Container == | ||
| Line 61: | Line 74: | ||
| | 0xC | | 0xC | ||
| | 0x8 | | 0x8 | ||
| | u64  | | u64 serial number (?) | ||
| |- | |- | ||
| | 0x14 | | 0x14 | ||
| Line 81: | Line 94: | ||
| | 0x1C | | 0x1C | ||
| | 0xC | | 0xC | ||
| | First 12 bytes of the  | | First 12 bytes of the Initialization Vector (IV) | ||
| |} | |} | ||
| Data following the BOSS header is encrypted with AES-CTR. The first 12 bytes of the  | Data following the BOSS header is encrypted with AES-CTR. The AES key that is used is stored in [[AES_Registers#Keyslots|keyslot 0x38]]. The first 12 bytes of the IV are from offset 0x1C of the header, while the last 32-bit integer of the IV in big-endian is 0x1. The IV from the header is random per file, and an unique random IV is used each time the content is updated. The cleartext data begins with the content header. | ||
| The 64-bit number at 0xC may be a serial number which is increased every time someone requested to sign and create a boss container for a file. The 3DS sees the downloaded file as new if this number is different from the previous download (Doesn't matter if the number is bigger or smaller). | |||
| The boss system module v13314 begins at address 0x0010eb98 with the function for parsing the BOSS header. | |||
| === Content Header === | === Content Header === | ||
| Line 99: | Line 116: | ||
| | 0x10 | | 0x10 | ||
| | 0x2 | | 0x2 | ||
| |  | | Number of payload contents (Payload Content Header + Payload) | ||
| |- | |- | ||
| | 0x12 | | 0x12 | ||
| Line 110: | Line 127: | ||
| |} | |} | ||
| The first 0x10-bytes are all-zero except the first byte  | The first 0x10-bytes are all-zero except the first byte. If the 7th bit (0x80) is not set, the arrived flag will only be marked if the session for the target program ID was made with a privileged session. Otherwise, the arrived flag will always be marked. | ||
| The hash at offset 0x12 hashes the 0x12-byte data at offset 0x0 followed by a zero u16. The RSA signature is signed by Nintendo. Following this header is the actual content payload, which is written to a cleartext file under the [[extdata]] /boss directory | The 16-bit value at 0x10 tells how many payload contents follow after this the content header. For example there can be a downloaded file for a game followed by a message for the news system module. | ||
| The hash at offset 0x12 hashes the 0x12-byte data at offset 0x0 followed by a zero u16. The RSA signature is signed by Nintendo. Following this header is the actual content payload, which is written to a cleartext file under the [[extdata]] /boss directory. | |||
| === Payload Content Header === | === Payload Content Header === | ||
| Line 123: | Line 142: | ||
| | 0x0 | | 0x0 | ||
| | 0x8 | | 0x8 | ||
| |  | | Program ID | ||
| |- | |- | ||
| | 0x8 | | 0x8 | ||
| Line 144: | Line 163: | ||
| | 0x18 | | 0x18 | ||
| | 0x4 | | 0x4 | ||
| |  | | Probably some version field for the payload | ||
| |- | |- | ||
| | 0x1C | | 0x1C | ||
| Line 157: | Line 176: | ||
| This signature is signed by Nintendo with the same key-pair as the content header. | This signature is signed by Nintendo with the same key-pair as the content header. | ||
| The hash at offset 0x1C hashes the 0x1C-byte data at offset 0x0 followed by a zero u16, followed by all of the remaining cleartext data following this header(the actual content data). | The hash at offset 0x1C hashes the 0x1C-byte data at offset 0x0 followed by a zero u16, followed by all of the remaining cleartext data following this header (the actual content data). | ||
| The file name of the downloaded boss data is Ascii85 encoded with the following data: | |||
| {| class="wikitable" | |||
| ! Offset !! Length !! Description | |||
| |- | |||
| | 0x0 || 0x5 || NS Data ID | |||
| |- | |||
| | 0x5 || 0x5 || Version | |||
| |- | |||
| | 0xA || 0x5 || Content datatype | |||
| |- | |||
| | 0xF || 0x1 || New flag | |||
| |} | |||
| The downloaded boss data is written in the following format to extdata. First an extdata header in the following format: | |||
| {| class="wikitable" | |||
| |- | |||
| ! Offset | |||
| ! Length | |||
| ! Description | |||
| |- | |||
| | 0x0 | |||
| | 0x1 | |||
| | Size of header including this field. Always 0x18 | |||
| |- | |||
| | 0x1 | |||
| | 0x3 | |||
| | Padding | |||
| |- | |||
| | 0x4 | |||
| | 0x4 | |||
| | [[BOSSU:GetNsDataAdditionalInfo|Additional info]] | |||
| |- | |||
| | 0x8 | |||
| | 0x4 | |||
| | Unknown | |||
| |- | |||
| | 0xC | |||
| | 0x8 | |||
| | [[BOSSU:GetNsDataLastUpdate|Last update]] in number of seconds since the year 2000 | |||
| |- | |||
| | 0x14 | |||
| | 0x4 | |||
| | Padding | |||
| |} | |||
| Followed by the Payload Content Header without the hash and signature (first 0x1C bytes) and the actual payload. | |||
| ==Tools== | |||
| * [http://wiiucodes.ddnss.eu/tools/BossDecryptor3DS.zip BossDecryptor3DS] Decrypts an encrypted boss container | |||
| * [http://wiiucodes.ddnss.eu/tools/BossEncryptor3DS.zip BossEncryptor3DS] Builds and encrypts a file into a boss container | |||
| [[Category:Nintendo Software]] | [[Category:Nintendo Software]] | ||