Difference between revisions of "SpotPass"
Line 27: | Line 27: | ||
== Content Container == | == Content Container == | ||
− | All SpotPass content uses this container to encrypt the payload and sign it. The cleartext payload is stored in [[extdata]]. | + | All SpotPass content uses this container to encrypt the payload and sign it. The cleartext payload is stored in [[extdata]]. The format of these headers is big-endian. |
+ | === BOSS Header === | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 60: | Line 61: | ||
|} | |} | ||
− | Data following the header is encrypted with AES-CTR. The first 12 bytes of the CTR are from offset 0x1C of the header, while the last word of the CTR in big-endian is 0x1. The cleartext data begins with another | + | Data following the header is encrypted with AES-CTR. The first 12 bytes of the CTR are from offset 0x1C of the header, while the last word of the CTR in big-endian is 0x1. The cleartext data begins with another header. Following that header is the actual content. |
+ | |||
+ | === Content Header === | ||
+ | {| class="wikitable" | ||
+ | |- | ||
+ | ! Offset | ||
+ | ! Length | ||
+ | ! | ||
+ | |- | ||
+ | | 0x0 | ||
+ | | 0x10 | ||
+ | | ? | ||
+ | |- | ||
+ | | 0x10 | ||
+ | | 0x2 | ||
+ | | ? | ||
+ | |- | ||
+ | | 0x12 | ||
+ | | 0x20 | ||
+ | | SHA-256 hash | ||
+ | |- | ||
+ | | 0x32 | ||
+ | | 0x100 | ||
+ | | RSA-2048 signature over the above hash | ||
+ | |} | ||
+ | |||
+ | The hash at offset 0x12 hashes the 0x10-byte data at offset 0x0 followed by a zero u16. | ||
[[Category:Nintendo Software]] | [[Category:Nintendo Software]] |
Revision as of 03:57, 29 April 2012
SpotPass is a Nintendo 3DS feature that allows the 3DS to automatically download content, notifications, and software when it's in standby mode.(SpotPass may download/upload some content while the 3DS is in "active" mode, but *only* if the currently active app uses SpotPass) SpotPass can upload content as well. Software downloaded with SpotPass is stored on SD card.
SpotPass Internet communications are mostly small UDP frames and HTTPS transfers, the only HTTP download is the connection test page.
With the 2.0.0-2 update, SpotPass now regularly requests content over HTTPS from nppl.c.app.nintendowifi.net and sometimes nasc.nintendowifi.net. These are probably related to the SpotPass automatic software download functionality. Going by the domain names, nppl* might be for SpotPass software downloads? In System Settings, you can disable SpotPass content downloading,(this is _only_ for free titles etc not auto system updates) but it states that important software will still downloaded. This is likely why SpotPass still connects to nppl* even with that option disabled.
'nasc.nintendowifi.net' confirmed usages:
- Friends List application requires this server to be 'Online' (most likely the reason for regular requests to this server)
- Required for initialization of E-shop, (for first time e-shop users). Not required for using E-Shop after first use.
Homemenu uses two domains with HTTPS for SpotPass. SpotPass stores this content in Homemenu's NAND shared extdata.
- Via the a248.e.akamai.net cache mirror npdl.c.app.nintendowifi.net is accessed. The content(using the SpotPass content container) downloaded from this seems to be related to notifications possibly. There's 4 files download from here, each of which are downloaded if updated every 24 hours. There's separate files stored on the server for each region and language.
- The pls.c.shop.nintendowifi.net domain is used for uploading data from the NAND shared extdata. "pl" might be referring to "play log"? This is uploaded every 24 hours.
Automatic System Update Download
With the 2.0.0-2 update, system updates updates are automatically downloaded via SpotPass. It only downloads updates, it will not install updates without the user's permission. See this: http://www.nintendo.com/consumer/systems/3ds/en_na/menu_update.jsp
SpotPass downloads/checks for updates every 24 hours. This is identical to the system used for manual system updates: when it's time to check for updates, SpotPass will send a system update SOAP request to the server. When there's an update available, SpotPass will then do the usual sysupdate procedure like manual sysupdates.
Content Container
All SpotPass content uses this container to encrypt the payload and sign it. The cleartext payload is stored in extdata. The format of these headers is big-endian.
BOSS Header
Offset | Length | |
---|---|---|
0x0 | 0x4 | Magic Number "boss" |
0x4 | 0x4 | Magic Number 0x1000100 |
0x8 | 0x4 | Big-endian filesize |
0xC | 0x8 | u64 release date (UNIX timestamp) |
0x14 | 0x8 | Always 00 01 00 00 00 02 00 02 |
0x1C | 0xC | First 12 bytes of the CTR |
Data following the header is encrypted with AES-CTR. The first 12 bytes of the CTR are from offset 0x1C of the header, while the last word of the CTR in big-endian is 0x1. The cleartext data begins with another header. Following that header is the actual content.
Content Header
Offset | Length | |
---|---|---|
0x0 | 0x10 | ? |
0x10 | 0x2 | ? |
0x12 | 0x20 | SHA-256 hash |
0x32 | 0x100 | RSA-2048 signature over the above hash |
The hash at offset 0x12 hashes the 0x10-byte data at offset 0x0 followed by a zero u16.