Attention: What's described here was found out by reverse-engineering Nintendo Video on a European 3DS and might not apply to Japanese Nintendo Video service.
Nintendo Video is a service allowing owners of Japanese and European 3DSes to download and watch various videos offered by Nintendo. Nintendo Video uses SpotPass to download videos even when the Nintendo Video app itself is not running.
Internet connection
To identify your 3DS's region and country, different URLs are requested by 3DS's from different countries. A URL contains a subdomain that's specific for your region (EU/USA/JP) and a country code that's specific to your country. Here's a table containing country codes and subdomains known so far:
Country | Region subdomain |
---|---|
EUR | pubeu-p |
USA | pubus-p |
Japan | pubjp-p |
See http://www.wiibrew.org/wiki/Country_Codes for the country codes.
In all requests below, COUNTRYCODE should be replaced with your country's code and COUNTRYSUBDOMAIN should be replaced with your region's subdomain.
Surprisingly, Nintendo Video uses plain unencrypted HTTP connection to transfer videos. When "Connectivity check" button is pressed, Nintendo Video sends a following HTTP request to COUNTRYSUBDOMAIN.est.c.app.nintendowifi.net:
GET /1/COUNTRYCODE/1/CHECK HTTP/1.1
Host: COUNTRYSUBDOMAIN.est.c.app.nintendowifi.net
As you can see, no console-specific data is being sent. The server respons with either a 403 or 404 error code, where 403 means that user's region (determined by IP, I guess) doesn't match the region specified by COUNTRYCODE and 'COUNTRYSUBDOMAIN' and 404 means that everything's OK.
If everything is OK with the region check, the 3DS proceeds to download videos. It seems that support for only four videos is hardcoded into Nintendo Video app, because it makes following requests (to the same server as the CHECK query):
GET /1/COUNTRYCODE/1/ESP_MD1 HTTP/1.1
Host: COUNTRYSUBDOMAIN.est.c.app.nintendowifi.net
GET /1/COUNTRYCODE/1/ESP_MD2 HTTP/1.1
Host: COUNTRYSUBDOMAIN.est.c.app.nintendowifi.net
GET /1/COUNTRYCODE/1/ESP_MD3 HTTP/1.1
Host: COUNTRYSUBDOMAIN.est.c.app.nintendowifi.net
GET /1/COUNTRYCODE/1/ESP_MD4 HTTP/1.1
Host: COUNTRYSUBDOMAIN.est.c.app.nintendowifi.net
ESP_MDi seems to return 403 if user's region doesn't match, 404 if ith video doesn't exist and the video itself otherwise. As of 18th of July 2011, only 1st and 2nd videos are available from UK IP addresses.
These videos can easily be downloaded from any computer with IP address that matches country specified by COUNTRYCODE and COUNTRYSUBDOMAIN using wget without any special settings.
SD storage
After downloading videos, Nintendo Video stores them on the SD card. However, it's not yet known how the data is stored and it's possible that it's encrypted with a console-specific key.
File format
File format used for storing videos is not yet known either. Both videos that were available at 18th of July 2011 contained string "boss" in the first four bytes, which leads me to believe this is a "magic number" used to identify this type of file.
Offset | Length | |
---|---|---|
0x0 | 0x4 | "boss" |
0x4 | 0x4 | Always 00 01 00 01 |
0x8 | 0x4 | Filesize in bytes |
0xC | 0x4 | Always 00 00 00 00 |
0x10 | 0x4 | Unknown |
0x14 | 0x8 | Always 00 01 00 00 00 02 00 02 |
The filesize is stored in big-endian. It appears that this file format is big-endian, unlike CXI.
Server spoofing
In case you want to try messing with Nintendo Video, here's a description of what I did:
- Set up a DNS server using bind9, which returned my IP as the IP for pubeu-p.est.c.app.nintendowifi.net (bind config).
- Don't forget to replace MY_IP in config with your IP address, but don't replace the IP of conntest.nintendowifi.net service
- Set up an HTTP server using nginx and put ESP_MD1, ESP_MD2 (which I have downloaded from Nintendo's servers earlier, see above) in my /var/www/1/110/1/ folder.
- Configured my 3DS to use my DNS server as both primary and secondary DNS server.
- ???
- PROFIT!