NIM services

Revision as of 22:50, 14 March 2018 by SciresM (talk | contribs) (nim:shp)

nim

This is "nn::nim::detail::INetworkInstallManager".

Cmd Name
1
2

Cmd1

Takes a 0x10-byte input struct, from the output of cmd2.

Cmd2

Takes a type-0x6 output buffer, for an array of 0x10-byte entries. Returns an u32 for total output entries.

Doesn't return anything on a v2.1 system where sysupdate domains are blocked.

nim:shp

This is "nn::nim::detail::IShopServiceManager".

Cmd Name
0 RequestDeviceAuthenticationToken
1 RequestCachedDeviceAuthenticationToken
400 GetAccountByVirtualAccount
300 RequestUnlinkDevice
301 RequestUnlinkDeviceIntegrated
302 RequestLinkDevice
303 HasDeviceLink
304 RequestUnlinkDeviceAll
305 RequestCreateVirtualAccount
306 RequestDeviceLinkStatus
200 RequestRegisterNotificationToken
100 RequestRegisterDeviceAccount
101 RequestUnregisterDeviceAccount
102 RequestDeviceAccountStatus
103 GetDeviceAccountInfo
104 RequestDeviceRegistrationInfo
105 RequestTransferDeviceAccount
106 RequestSyncRegistration
107 IsOwnDeviceId
500 RequestSyncTicket
501 RequestDownloadTicket
502 RequestDownloadTicketForPrepurchasedContents


ntc

This is "nn::ntc::detail::service::IStaticService".

Presumably Network Time Sync?

Network-time-sync uses the "<...>/time" HTTPS URL listed in the below Network section. This just returns an UTC Unix time string.

Network

  • https://sun.hac.%%.d4c.nintendo.net/v1/system_update_meta?device_id=%016llx
  • https://aqua.hac.%%.d4c.nintendo.net/required_system_update_meta?device_id=%016llx
  • https://%s.hac.%%.d4c.nintendo.net/t/%c/%016llx/%u?device_id=%016llx Returns content like the below URL. This is the content for NCA-type0. See below for %c. %016llx is titleID, %u is title-version.
  • https://%s.hac.%%.d4c.nintendo.net/c/%c/%s Used for downloading content. First %s is atumn or atum. %c is one of: 'c', 'a', or 's'. %s is just the hex-string NcaId. The server also returns two HTTP headers: "X-Nintendo-Content-Hash: {entire lowercase hex-string of the content SHA256 hash}" and "X-Nintendo-Content-ID: {lowercase hex-string for NcaId}"
  • https://superfly.hac.%%.d4c.nintendo.net/v1/t/%016llx/dv %016llx is titleID, only for eShop titles it appears. Returns .json title-info.
  • https://superfly.hac.%%.d4c.nintendo.net/v1/a/%016llx/dv %016llx is titleID, only for eShop titles it appears. Output is similar to above URL.
  • https://aauth-%.ndas.srv.nintendo.net/v1/time
  • https://beach.hac.%.eshop.nintendo.net/v1/rom_cards?application_id=%016llx&rom_card_cert=%s
  • https://beach.hac.%.eshop.nintendo.net/v1/rom_cards/register?application_id=%016llx&rom_card_cert=%s&expected_gold_point=%d
  • https://beach.hac.%.eshop.nintendo.net/v1/my/devices/hac/link?lang=en
  • https://beach.hac.%.eshop.nintendo.net/v1/my/virtual_account?lang=en
  • https://tagaya.hac.%.eshop.nintendo.net/tagaya/hac_versionlist
  • ...
  • "https://dauth-%.ndas.srv.nintendo.net/v1/device_auth_token" CURLOPT_POSTFIELDS is set to the output from: snprintf(..., "system_version=%08x&client_id=%s", <byte-swapped first 3 bytes from System_Version_Title loaded via settings cmd>, "<hard-coded hex string>");
  • https://ecs-%.hac.shop.nintendo.net/ecs/services/rest/AccountGetETickets
  • https://ecs-%.hac.shop.nintendo.net/ecs/services/rest/GetAccountStatus
  • https://ias-%.hac.shop.nintendo.net/ias/services/rest/Register
  • https://ias-%.hac.shop.nintendo.net/ias/services/rest/GetChallenge
  • https://ias-%.hac.shop.nintendo.net/ias/services/rest/Unregister
  • https://ias-%.hac.shop.nintendo.net/ias/services/rest/GetRegistrationInfo
  • https://ias-%.hac.shop.nintendo.net/ias/services/rest/CompleteETicketSync
  • https://ias-%.hac.shop.nintendo.net/ias/services/rest/AccountTransfer
  • https://ias-%.hac.shop.nintendo.net/ias/services/rest/SyncRegistration
  • [5.0.0]+ https://pearljam.hac.%.eshop.nintendo.net/sugar
  • [5.0.0]+ https://pearljam.hac.%.eshop.nintendo.net/civil

These are not accessible without the required TLS client cert+privk, minus the time URL which can be accessed without any client cert+privk at all.

The returned content data from CDN, for both system-titles and eShop-titles, is identical to the data readable by Content_Manager_services#ReadEntryRaw.

While atumn seems to be for system-titles, and atum for eShop titles, the latter titles are accessible fine with atumn(with "/t/" for NCA-type0 at least).

'a' is used when an input u8 is not 0x3, otherwise 's' is used. This is title-type? A seperate function using the ".../c/" URL is hard-coded to use 'c'. This appears to match 's' usage attempts: the only URL that returned actual data with 's' was with titleID 0100000000000816.

As of June 30, 2017, accessing old content via the atumn "/c/" and "/t/" URLs works fine.

Going by strings in NIM, it appears SOAP isn't used anymore. ecs appears to use REST API?

User-Agent

NIM generates two User-Agent strings:

 snprintf(..., "User-Agent: NintendoSDK Firmware/%s-%u (platform:%s; did:%016llx; eid:%s)", <string at sysver+0x68>, {u32 from sysver+4}, "NX", DeviceId, {NSD cmd11 output});
 snprintf(..., "User-Agent: NintendoSDK Firmware/%s-%u (platform:%s; eid:%s)", <string at sysver+0x68>, {u32 from sysver+4}, "NX", DeviceId, {NSD cmd11 output});

Where the 64bit DeviceId is parsed from the 0x10-bytes at outbuf+0xC6 from set:cal GetDeviceCert(DeviceCert_certname+2, aka where the hex string for the DeviceId is).

sun

NIM sends a HTTP GET with the sun URL listed above to get the title-listing of the latest system-titles, as .json. The deviceid in the URL is the same one in the above User-Agent section. HTTP header "Accept:application/json" is sent in the request.

The response is json with a "system_update_metas" block, containing "title_id" and "title_version" entries. The actual server response only contains 1 title.

Example, from 2.0 system:

{"timestamp":REDACTED-TIMESTSAMP,"system_update_metas":[{"title_id":"0100000000000816","title_version":201327002}]}

aqua

The following response is json from accessing the above aqua URL:

{ "contents_delivery_required_title_id": "0100000000000816", "contents_delivery_required_title_version": 0 }

A while after 3.0.0 release, the above title-version was changed to the one for v3.0("Last-Modified: Thu, 29 Jun 2017 00:00:04 GMT").