This article is a stub. You can help 3DBrew by expanding it.
SpotPass is a Nintendo 3DS feature that allows the 3DS to automatically download content, notifications, and software when it's in standby mode. Software downloaded with SpotPass is stored on SD card.
SpotPass Internet communications are mostly small UDP frames and HTTPS transfers, the only HTTP download is the connection test page.
With the 2.0.0-2 update, SpotPass now regularly requests content over HTTPS from nppl.c.app.nintendowifi.net and sometimes nasc.nintendowifi.net. These are probably related to the SpotPass automatic software download functionality. Going by the domain names, nppl* might be for SpotPass software downloads?(Which domain is used for what exactly isn't confirmed yet) In System Settings, you can disable SpotPass content downloading,(this is _only_ for free titles etc not auto system updates) but it states that important software will still downloaded. This is likely why SpotPass still connects to nppl* and nasc* even with that option disabled.
'nasc.nintendowifi.net' confirmed usages:
- Friends List application requires this server to be 'Online' (most likely the reason for regular requests to this server)
- Required for initialization of E-shop, (for first time e-shop users). Not required for using E-Shop after first use.
Automatic System Update Download
With the 2.0.0-2 update, system updates updates are automatically downloaded via SpotPass. It only downloads updates, it will not install updates without the user's permission. See this: http://www.nintendo.com/consumer/systems/3ds/en_na/menu_update.jsp
SpotPass downloads/checks for updates every 24 hours? This is basically identical to the system used before for manual system updates: when it's time to check for updates, SpotPass will simultaneously send a system update SOAP request to the server, and also request from nppl*.(nppl* is likely unrelated) When there's an update available, SpotPass will then download the tmd/ticket over HTTPS and content over HTTP.(like usual)
Content Container
All SpotPass content uses this container to encrypt the payload.(and possibly sign it) The cleartext payload is stored in extdata.
| Offset | Length | |
|---|---|---|
| 0x0 | 0x4 | Magic Number "boss" |
| 0x4 | 0x4 | Always 00 01 00 01 |
| 0x8 | 0x4 | Big-endian filesize |
| 0xC | 0x4 | Always 00 00 00 00 |
| 0x10 | 0x4 | Release date (UNIX timestamp) |
| 0x14 | 0x8 | Always 00 01 00 00 00 02 00 02 |
| 0x1c | 0x27a? | Unknown, going by the size of this a RSA-4096 signature might be stored here among other things? |
Data following the header is encrypted, the CTR used is likely based on metadata in the header.(like the timestamp) It appears that this file format is big-endian, unlike CXI.