ACT Services
The ACT module handles NNID accounts. This module behaves very similarly to the Wii U implementation (nn::act)
ACT User Service "act:u"
These commands are used generally by most titles, and are also present in act:a.
ACT Admin Service "act:a"
This service is used mainly by the Nintendo Network ID Settings application accessible in System Settings.
Account slots
Like the friends sysmodule, the ACT module supports multiple accounts internally, although this functionality is not exposed to the users. Unlike the Wii U which supports up to 12 accounts, the 3DS only has 8 account slots.
Some commands require require the account slot as an argument, which is 1-indexed. The value for using the current loaded account is 0xFE.
UUIDs
The ACT service generates UUIDs for accounts and for the console in general.
All UUIDs generated by the service are RFC9562 Version 1 UUIDs.
UUID Types
Regular UUIDs
These are just standard RFC9562 Version 1 UUIDs with the above node data.
Title-specific UUIDs
These UUIDs are specific to the title that requested them to be generated, specifically, using the unique ID portion of the title ID of that title.
The following technique is used internally to generate these UUIDs:
- Generate or use an existing regular UUID the with the above mentioned node data (regular_uuid)
- hash = SHA256 ( byte-swapped unique ID (thus, big endian) + 095E273A + 48-bit node data from regular_uuid )
- output_uuid = regular_uuid[0:9] + hash[10] | 0x1 + hash[11:16]
Independent Service Tokens
In addition to NEX tokens for gameserver authentication in combination with Nintendo Network, app developers have the ability to use their own independent services. For authenticating with such services through Nintendo Network, the service's client ID is used to request a token from the account server.
Independent Service Token Versions
There are two versions of independent service tokens.
V1 Independent Service Token
These are more basic, consisting of only a base64 token. These can be requested and cached using ACTU:AcquireIndependentServiceToken, retrieved either immediately after requesting them using ACTU:GetIndependentServiceToken or from an internal cache using ACTU:GetCachedIndependentServiceToken.
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x200 + 1 | base64 NULL-terminated Token |
V2 Independent Service Token
V2 indpendent service tokens include more fields like an IV, signature, and account server environment compared to V1 tokens.
They can be requested and cached using ACTU:AcquireIndependentServiceTokenV2, retrieved either immediately after requesting them using ACTU:GetIndependentServiceTokenV2 or from an internal cache using ACTU:GetCachedIndependentServiceTokenV2.
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x200 + 1 | base64 NULL-terminated Token |
| 0x201 | 0x18 + 1 | base64 NULL-terminated IV |
| 0x21A | 0x158 + 1 | base64 NULL-terminated Signature |
| 0x373 | 0x2 + 1 | ASCII Server Environment type and number |
Node Data
In general, the following 48-bit node data is used.
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x1 | Always set to 1 |
| 0x1 | 0x1 | Always set to 0 (related to parental controls?) |
| 0x2 | 0x4 | Byte-Swapped value from AM:GetDeviceId |
DataBlocks
Data blocks can be accessed from specific commands depending on the data that is requested. These follow a similar order to the Wii U ACTInfoTypes.
| BlkID | Size | Command needed | Description | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 0x1 | 0x1 | GetCommonInfo | Number of accounts | ||||||||||||||||||||||||||||||||||||||||||
| 0x2 | 0x1 | GetCommonInfo | Current account slot | ||||||||||||||||||||||||||||||||||||||||||
| 0x3 | 0x1 | GetCommonInfo | Default account slot | ||||||||||||||||||||||||||||||||||||||||||
| 0x4 | 0x8 | GetCommonInfo | Difference between server time and device time (in nanoseconds) | ||||||||||||||||||||||||||||||||||||||||||
| 0x5 | 0x4 | GetAccountInfo | PersistentId | ||||||||||||||||||||||||||||||||||||||||||
| 0x6 | 0x8 | GetCommonInfo/GetAccountInfo | CommonTransferableIdBase on GetCommonInfo / TransferableIdBase on GetAccountInfo | ||||||||||||||||||||||||||||||||||||||||||
| 0x7 | 0x60 | GetAccountInfo | MiiData | ||||||||||||||||||||||||||||||||||||||||||
| 0x8 | 0x11 | GetAccountInfo | AccountId (ASCII NULL-terminated Nintendo Network ID) | ||||||||||||||||||||||||||||||||||||||||||
| 0x9 | 0x101 | AcquireAccountInfo | Mail address | ||||||||||||||||||||||||||||||||||||||||||
| 0xA | 0x4 | GetAccountInfo | Birthdate
| ||||||||||||||||||||||||||||||||||||||||||
| 0xB | 0x3 | GetAccountInfo | ASCII NULL-terminated Country Name | ||||||||||||||||||||||||||||||||||||||||||
| 0xC | 0x4 | GetAccountInfo | PrincipalId | ||||||||||||||||||||||||||||||||||||||||||
| 0xE | 0x1 | GetAccountInfo | IsPasswordCacheEnabled | ||||||||||||||||||||||||||||||||||||||||||
| 0xF | 0x1 | GetAccountInfo | Does not return anything. | ||||||||||||||||||||||||||||||||||||||||||
| 0x11 | 0xA0 | GetAccountInfo |
| ||||||||||||||||||||||||||||||||||||||||||
| 0x12 | 0x4 | GetAccountInfo |
| ||||||||||||||||||||||||||||||||||||||||||
| 0x13 | 0x1 | GetAccountInfo | Gender | ||||||||||||||||||||||||||||||||||||||||||
| 0x14 | 0x1 | GetAccountInfo | LastAuthenticationResult | ||||||||||||||||||||||||||||||||||||||||||
| 0x15 | 0x11 | GetAccountInfo | AssignedAccountId (ASCII NULL-terminated Nintendo Network ID) | ||||||||||||||||||||||||||||||||||||||||||
| 0x16 | 0x1 | GetAccountInfo | ParentalControlSlotNo | ||||||||||||||||||||||||||||||||||||||||||
| 0x17 | 0x4 | GetAccountInfo | SimpleAddressId (CountryInfo) | ||||||||||||||||||||||||||||||||||||||||||
| 0x19 | 0x8 | GetAccountInfo | UtcOffset | ||||||||||||||||||||||||||||||||||||||||||
| 0x1A | 0x1 | GetAccountInfo | IsCommited | ||||||||||||||||||||||||||||||||||||||||||
| 0x1B | 0x16 | GetAccountInfo | 10-character UTF-16 Mii Name (10 characters + NULL termination) | ||||||||||||||||||||||||||||||||||||||||||
| 0x1C | 0x11 | GetAccountInfo | ASCII NULL-termiinated NfsPassword | ||||||||||||||||||||||||||||||||||||||||||
| 0x1D | 0x1 | GetAccountInfo | HasEciVirtualAccount (checks whether EciVirtualAccount has a value) | ||||||||||||||||||||||||||||||||||||||||||
| 0x1E | 0x41 | GetAccountInfo | TimeZoneId (ASCII Time Zone Location) | ||||||||||||||||||||||||||||||||||||||||||
| 0x1F | 0x1 | GetAccountInfo | IsMiiUpdated | ||||||||||||||||||||||||||||||||||||||||||
| 0x20 | 0x1 | GetAccountInfo | IsMailAddressValidated | ||||||||||||||||||||||||||||||||||||||||||
| 0x21 | 0x4C | GetAccountInfo | (Developer units only) Account access token
| ||||||||||||||||||||||||||||||||||||||||||
| 0x24 | 0x1 | GetAccountInfo | IsServerAccountDeleted | ||||||||||||||||||||||||||||||||||||||||||
| 0x25 | 0x101 | GetAccountInfo | MiiImageUrl (ASCII NULL-terminated URL to account mii image) | ||||||||||||||||||||||||||||||||||||||||||
| 0x26 | 0x4 | GetAccountInfo | AssignedPrincipalId | ||||||||||||||||||||||||||||||||||||||||||
| 0x27 | 0x4 | GetAccountInfo | Account Access token state, only accessible with account slot = 0xFE: (0: uninitialized, 1: expired, 2: valid) | ||||||||||||||||||||||||||||||||||||||||||
| 0x28 | 0x24 | GetAccountInfo | Account server environment
| ||||||||||||||||||||||||||||||||||||||||||
| 0x29 | 0x24 | GetCommonInfo | Server environment of default account
| ||||||||||||||||||||||||||||||||||||||||||
| 0x2A | 0x8 | GetCommonInfo | first 8 bytes of SHA256 ( AM:GetDeviceId() as 4 little endian bytes + 'A2257354' )
| ||||||||||||||||||||||||||||||||||||||||||
| 0x2B | 0x1 | GetAccountInfo | FpLocalAccountId (local account ID of friends sysmodule) | ||||||||||||||||||||||||||||||||||||||||||
| 0x2C | 0x2 | GetAccountInfo | Age (calculated using server time, not device time) | ||||||||||||||||||||||||||||||||||||||||||
| 0x2D | 0x1 | GetAccountInfo | IsEnabledReceiveAds | ||||||||||||||||||||||||||||||||||||||||||
| 0x2E | 0x1 | GetAccountInfo | IsOffDeviceAccessEnabled | ||||||||||||||||||||||||||||||||||||||||||
| 0x2F | 0x4 | GetAccountInfo | Translated SimpleAddressId (CountryInfo) |
HTTPS Requests
With each request, ACT-sysmodule specifies request-header "X-Nintendo-Device-Model". This is the only *dedicated* request-header that's contains anything Old3DS/New3DS specific. This was implemented with 9.0.0-X, and presumably 8.1.0-0_New3DS. The value is from a string initialized during ACT-sysmodule startup. The value-string is the codename string for all 5 of the model values from Cfg:GetSystemModel. When the output from GetSystemModel is >=5(switch statement default case), it runs this: "len = snprintf(outstr, outmaxsize, "3DS-%u", model);"
Trusted Root CAs
ACT module uses a RootCertChain for all HTTPS requests, the only trusted root CA is default CertID 0x3.
New3DS
Even though ACT-sysmodule uses ptm:s, it doesn't use CheckNew3DS at all.