63
edits
Changes
Jump to navigation
Jump to search
Line 10:
Line 10: − nppl.c.app.nintendowifi.net is used by SpotPass itself to download various data via HTTPS, including a cleartext xml policylist which is country-code specific. This policylist seems to contain a list of SpotPass tasks for certain titles. This policylist can control whether the specified tasks are processed at all.+ − + + − Homemenu uses two domains with HTTPS for SpotPass. SpotPass stores this content in Homemenu's NAND shared extdata.+ − − * The system notifications are downloaded from: https://a248.e.akamai.net/f/248/103046/10m/npdl.c.app.nintendowifi.net/p01/nsa/<regionID>/bashoX/<langcode>/bashoX Where langcode is the two-character language codes from [[Config Info Blocks|here]], X is 0-3, and regionID is from the below table. − * The pls.c.shop.nintendowifi.net domain is used for uploading data from the home menu NAND shared extdata, it's unknown what this is used for. This is uploaded every 24 hours. + − + − + − + − + − + − + − + − + − − The SpotPass content payload for notifications begin with a header, followed by an [[SMDH|icon]] and the UTF-16 text, and various metadata. − + − With the [[2.0.0-2]] update, system updates are automatically downloaded via the system.(SpotPass doesn't handle this, some other applet handles this) It only downloads updates, it will not install updates without the user's permission. See this: http://www.nintendo.com/consumer/systems/3ds/en_na/menu_update.jsp − − The system downloads/checks for updates every 24 hours. This is identical to the system used for manual system updates: when it's time to check for updates, it will send a system update SOAP request to the server. − When there's an update available, it will then do the usual sysupdate procedure like manual sysupdates. − All SpotPass content uses this container to encrypt the payload and sign it. The cleartext content is stored in [[extdata]]. The format of these headers is big-endian.+ Line 52:
Line 45: − + Line 88:
Line 81: − + − + Line 106:
Line 99: − + Line 117:
Line 110: − + Line 138:
Line 131: − + + Line 146:
Line 140: − + Line 153:
Line 147: + + + + − + − |- − | 0x11C − | 0x20 − | SHA-256 hash, likely hashes the whole content payload − + + +
→BOSS Header: changed CTR to IV
*Required for initialization of [[eShop]], (for first time eShop users). Not required for using eShop after first use.
*Required for initialization of [[eShop]], (for first time eShop users). Not required for using eShop after first use.
In some cases the BOSS module will add the following URL parameter to HTTPS requests, when connected to a [[Nintendo Zone]] AP: "ap=<NZoneApNum>".
== Homemenu SpotPass usage ==
== policylist ==
Every time the system connects to the wifi AP, the BOSS ("Background online storage service" = SpotPass) module itself will download the cleartext xml policylist: "https://nppl.c.app.nintendowifi.net/p01/policylist/3/<countrycode>". This policylist contains a list of SpotPass tasks for certain titles. This policylist can control whether the specified tasks are processed at all. The default user-agent used for SpotPass HTTPS requests(including this policylist) is: "PBOS-5.0/<printed hex u64 [[CfgS:GetLocalFriendCodeSeed|LocalFriendCodeSeed]]>-<hex u64 obtained via the friends service>/<text [[CVer|system]] [[NVer|version]]>/<unknown decimal value>/0". No user-agent is used for plaintext HTTP requests with SpotPass.
As of the policylist updated 2017-11-08, this stops the <tt>OlvNotf</tt> (Miiverse notification sync) task for <tt>000400300000bc00</tt>, <tt>000400300000bd00</tt>, <tt>000400300000be00</tt> for all regions and <tt>basho0</tt> for the [[Home Menu]]. Japan also has the <tt>9ER_NTD</tt> task blocked for いつの間にテレビ (<tt>0004000000034700</tt>).
== Titles Spotpass usage ==
{| class="wikitable"
{| class="wikitable"
|-
|-
! Region
! Title
! ID
! Description
|-
|-
| JPN
| [[Home Menu]]
| gWr4JXxb2mKTG3lq
| Home Menu uses SpotPass for system notifications, and for uploading data from home-menu shared extdata.
|-
|-
| NA
| [[System Settings]]
| uuI82221UKkqmtbp
| System Settings uses SpotPass for uploading data, with this URL: https://npul.c.app.nintendowifi.net/p01/recv/<RegionID>/sendcfg This RegionID is separate from the RegionIDs home-menu uses.
|-
|-
| EUR / Others
| ?
| UrXSeurnxhPrq7AS
| Unknown log data is uploaded with this URL: https://logus-p.est.c.app.nintendowifi.net/LogServer_us_live/Upload
|}
|}
== Automatic System Update Download ==
== Automatic System Update Download ==
See [[Automatic System Update Download]].
== Content Container ==
== Content Container ==
SpotPass content must use this container to encrypt the payload and sign it, for content downloads. The cleartext content is stored in [[extdata]]. The format of these headers is big-endian.
=== BOSS Header ===
=== BOSS Header ===
! Offset
! Offset
! Length
! Length
!
! Description
|-
|-
| 0x0
| 0x0
| 0x1C
| 0x1C
| 0xC
| 0xC
| First 12 bytes of the CTR
| First 12 bytes of the Initialization Vector (IV)
|}
|}
Data following the BOSS header is encrypted with AES-CTR. The first 12 bytes of the CTR are from offset 0x1C of the header, while the last word of the CTR in big-endian is 0x1. The CTR from the header is random per file, and an unique random CTR is used each time the content is updated. The cleartext data begins with the content header.
Data following the BOSS header is encrypted with AES-CTR. The AES key that is used is stored in [[AES_Registers#Keyslots|keyslot 0x38]]. The first 12 bytes of the IV are from offset 0x1C of the header, while the last 32-bit integer of the IV in big-endian is 0x1. The IV from the header is random per file, and an unique random IV is used each time the content is updated. The cleartext data begins with the content header.
=== Content Header ===
=== Content Header ===
| 0x10
| 0x10
| 0x2
| 0x2
| FileID used for the extdata filename
| Used for generating the extdata filepath.
|-
|-
| 0x12
| 0x12
|}
|}
The first 0x10-bytes are all-zero except the first byte which is 0x80. It's unknown what the first 0x10-bytes are used for.
The first 0x10-bytes are all-zero except the first byte which is usually 0x80. It's unknown what the first 0x10-bytes are used for.
The hash at offset 0x12 hashes the 0x12-byte data at offset 0x0 followed by a zero u16. The RSA signature is signed by Nintendo. Following this header is the actual content payload, which is written to a cleartext file under the [[extdata]] /boss directory. The data following the payload header is written to extdata, but it's unknown what data is written to the extdata file before the content payload.
The hash at offset 0x12 hashes the 0x12-byte data at offset 0x0 followed by a zero u16. The RSA signature is signed by Nintendo. Following this header is the actual content payload, which is written to a cleartext file under the [[extdata]] /boss directory. The data following the payload header is written to extdata, but it's unknown what data is written to the extdata file before the content payload.
| 0xC
| 0xC
| 0x4
| 0x4
| Magic Number 0x10001
| Content datatype, used for filtering with [[BOSSU:GetNsDataIdList]].
Usually 0x10001? (observed 0x20001 in eShop strings)
|-
|-
| 0x10
| 0x10
| 0x14
| 0x14
| 0x4
| 0x4
| Extdata FileID
| [[BOSS_Services|NsDataId]], used for generating the extdata filepath.
|-
|-
| 0x18
| 0x18
|-
|-
| 0x1C
| 0x1C
| 0x20
| SHA-256 hash
|-
| 0x3C
| 0x100
| 0x100
| RSA-2048 signature, which likely signs the following hash
| RSA-2048 signature over the previous SHA-256 hash
|}
|}
The application likely handles verifying the RSA signature for this payload header.
This signature is signed by Nintendo with the same key-pair as the content header.
The hash at offset 0x1C hashes the 0x1C-byte data at offset 0x0 followed by a zero u16, followed by all of the remaining cleartext data following this header(the actual content data).
[[Category:Nintendo Software]]
[[Category:Nintendo Software]]