Difference between revisions of "NIM services"
(→ntc) |
|||
Line 22: | Line 22: | ||
Presumably Network Time Sync? | Presumably Network Time Sync? | ||
+ | |||
+ | Network-time-sync uses the "<...>/time" HTTPS URL listed in the below Network section. This just returns an UTC Unix time string. | ||
=Network= | =Network= |
Revision as of 01:54, 20 September 2017
nim
Cmd | Name |
---|---|
1 | |
2 |
Cmd1
Takes a 0x10-byte input struct, from the output of cmd2.
Cmd2
Takes a type-0x6 output buffer, for an array of 0x10-byte entries. Returns an u32 for total output entries.
Doesn't return anything on a v2.1 system where sysupdate domains are blocked.
nim:shp
ntc
Presumably Network Time Sync?
Network-time-sync uses the "<...>/time" HTTPS URL listed in the below Network section. This just returns an UTC Unix time string.
Network
- https://sun.hac.%%.d4c.nintendo.net/v1/system_update_meta?device_id=%016llx
- https://aqua.hac.%%.d4c.nintendo.net/required_system_update_meta?device_id=%016llx
- https://%s.hac.%%.d4c.nintendo.net/t/%c/%016llx/%u?device_id=%016llx Returns content like the below URL. This is the content for NCA-type0. See below for %c. %016llx is titleID, %u is title-version.
- https://%s.hac.%%.d4c.nintendo.net/c/%c/%s Used for downloading content. First %s is atumn or atum. %c is one of: 'c', 'a', or 's'. %s is just the hex-string NcaId. The server also returns two HTTP headers: "X-Nintendo-Content-Hash: {entire lowercase hex-string of the content SHA256 hash}" and "X-Nintendo-Content-ID: {lowercase hex-string for NcaId}"
- https://superfly.hac.%%.d4c.nintendo.net/v1/t/%016llx/dv %016llx is titleID, only for eShop titles it appears. Returns .json title-info.
- https://superfly.hac.%%.d4c.nintendo.net/v1/a/%016llx/dv %016llx is titleID, only for eShop titles it appears. Output is similar to above URL.
- https://aauth-%.ndas.srv.nintendo.net/v1/time
- https://beach.hac.%.eshop.nintendo.net/v1/rom_cards?application_id=%016llx&rom_card_cert=%s
- https://beach.hac.%.eshop.nintendo.net/v1/rom_cards/register?application_id=%016llx&rom_card_cert=%s&expected_gold_point=%d
- https://beach.hac.%.eshop.nintendo.net/v1/my/devices/hac/link?lang=en
- https://beach.hac.%.eshop.nintendo.net/v1/my/virtual_account?lang=en
- https://tagaya.hac.%.eshop.nintendo.net/tagaya/hac_versionlist
- ...
- "https://dauth-%.ndas.srv.nintendo.net/v1/device_auth_token" CURLOPT_POSTFIELDS is set to the output from: snprintf(..., "system_version=%08x&client_id=%s", <byte-swapped first 3 bytes from System_Version_Title loaded via settings cmd>, "<hard-coded hex string>");
- https://ecs-%.hac.shop.nintendo.net/ecs/services/rest/AccountGetETickets
- https://ecs-%.hac.shop.nintendo.net/ecs/services/rest/GetAccountStatus
- https://ias-%.hac.shop.nintendo.net/ias/services/rest/Register
- https://ias-%.hac.shop.nintendo.net/ias/services/rest/GetChallenge
- https://ias-%.hac.shop.nintendo.net/ias/services/rest/Unregister
- https://ias-%.hac.shop.nintendo.net/ias/services/rest/GetRegistrationInfo
- https://ias-%.hac.shop.nintendo.net/ias/services/rest/CompleteETicketSync
- https://ias-%.hac.shop.nintendo.net/ias/services/rest/AccountTransfer
- https://ias-%.hac.shop.nintendo.net/ias/services/rest/SyncRegistration
These are not accessible without the required TLS client cert+privk, minus the time URL which can be accessed without any client cert+privk at all.
The returned content data from CDN, for both system-titles and eShop-titles, is identical to the data readable by Content_Manager_services#ReadEntryRaw.
While atumn seems to be for system-titles, and atum for eShop titles, the latter titles are accessible fine with atumn(with "/t/" for NCA-type0 at least).
'a' is used when an input u8 is not 0x3, otherwise 's' is used. This is title-type? A seperate function using the ".../c/" URL is hard-coded to use 'c'. This appears to match 's' usage attempts: the only URL that returned actual data with 's' was with titleID 0100000000000816.
As of June 30, 2017, accessing old content via the atumn "/c/" and "/t/" URLs works fine.
Going by strings in NIM, it appears SOAP isn't used anymore. ecs appears to use REST API?
User-Agent
NIM generates two User-Agent strings:
snprintf(..., "User-Agent: NintendoSDK Firmware/%s-%u (platform:%s; did:%016llx; eid:%s)", <string at sysver+0x68>, {u32 from sysver+4}, "NX", DeviceId, {NSD cmd11 output}); snprintf(..., "User-Agent: NintendoSDK Firmware/%s-%u (platform:%s; eid:%s)", <string at sysver+0x68>, {u32 from sysver+4}, "NX", DeviceId, {NSD cmd11 output});
Where the 64bit DeviceId is parsed from the 0x10-bytes at outbuf+0xC6 from set:cal GetDeviceCert(DeviceCert_certname+2, aka where the hex string for the DeviceId is).
sun
NIM sends a HTTP GET with the sun URL listed above to get the title-listing of the latest system-titles, as .json. The deviceid in the URL is the same one in the above User-Agent section. HTTP header "Accept:application/json" is sent in the request.
The response is json with a "system_update_metas" block, containing "title_id" and "title_version" entries. The actual server response only contains 1 title.
Example, from 2.0 system:
{"timestamp":REDACTED-TIMESTSAMP,"system_update_metas":[{"title_id":"0100000000000816","title_version":201327002}]}
aqua
The following response is json from accessing the above aqua URL:
{
"contents_delivery_required_title_id": "0100000000000816",
"contents_delivery_required_title_version": 0
}
A while after 3.0.0 release, the above title-version was changed to the one for v3.0("Last-Modified: Thu, 29 Jun 2017 00:00:04 GMT").