User:ScotttheAnimator1979/Application Authorization (Switch/3DS)
This is a sub-page of User:ScotttheAnimator1979/Application Authorization (Switch.
Introduction
This anti-piracy specific comes originally from the Nintendo Switch and were hidden in Nintendo Switch's firmware versions up to date. On July 30th, 2018, Firmware version 11.8 of the 3DS backports the same anti-piracy measures from the Switch, but due to the differing ARM architecture versions between the 3DS and Switch, it may or may not work in the same way as the Switch.
General Stuff
Layer One - Internet Connection
The console connects to ctest.cdn.nintendo.net and checks for a special header, named "X-Organization: Nintendo". If it is, the console verifies it can connect to the internet.
Layer Two - Device Authorization
Nintendo has a special server for handing out device authorization tokens, named "dauth-lp1.ndas.srv.nintendo.net". These tokens don't blanket-authorize all system operations -- they are handed out to specific parts of the system, specified by a client ID in the token request.
- The console connects to the dauth "/challenge" endpoint, sending up a "key_generation" argument informing the server what master key revision the console is using.
- Dauth sends back as a json a random "challenge" string, and a constant "data" string.
- The console treats the "data" string, decoded as base-64, as a cryptographic key source, and uses the SPL services to transform it with TrustZone only keydata and load it into an AES keyslot.
- The console generates its authorization request data. this is done by formatting the string
challenge=%s&client_id=%016x&key_generation=%d&system_version=%s
with the challenge string, the client ID requesting a token, the master key version, and the current system version digest. - The console calculates an AES-128 CMAC using the trustzone-only key it derived over its authorization request, appends "&mac=%s" to the request data (formatting with the url-safe base 64 encoded CMAC), and fires the request off to the "/device_auth_token" endpoint.
- If all goes well, dauth returns a token for the console. (If the console is banned, It will instead receive an error message informing the player the console is not allowed to use online services).
Layer Three - Account Authorization
The console performs pretty bog-standard oauth authorization talking to "api.accounts.nintendo.com". This allows 'Nintendo' to block specific accounts, and because all requests require a client certificate, any blocked account can be immediately associated to a console.
Layer Four - Application Authorization
Nintendo has another special server, named "aauth-lp1.ndas.srv.nintendo.net". Going online in a game requires getting a token from the "/application_auth_token" endpoint.:
- The console gets a device authorization token from dauth for the aauth client ID.
- The console retrieves its certification to play the title it's trying to connect online with, and sends them to aauth.
- If all goes well, aauth returns an application authorization token.
Game Cartridges
- If playing on a game cartridge, The certification is the gamecard's unique certificate. This is signed by Nintendo using RSA-2048-PCKS#1 at the time the gamecard is written, and contains encrypted information about the gamecard (this includes what game is on the gamecard, among other, unknown details).
- In the gamecard case, the data uploaded to aauth is
application_id=%016llx&application_version=%08x&device_auth_token=%.*s&media_type=GAMECARD&cert=%.*s
, formatted with the title ID for the game being played, the version of the game being played, the token retrieved from dauth, and the gamecard's certificate (retrieved from FS via theGetGameCardDeviceCertificate
command), formatted as url-safe base64. - This code lives at .text+0x7DE1C for 5.0.0 account.
Digital Games
- The certification for a digital title is the console's ticket. The important details are that tickets contain the Title ID of the game they certify, the Device ID of the console they authorize, the Nintendo Account ID used to purchase them, and are signed by Nintendo using RSA-2048 (cannot be forged).
- In this case, the console talks to the "es" service, and sends a command to retrieve an encrypted copy of the relevant ticket along with the encryption key. This encryption is AES-128 CBC, using a key randomly generated via cryptographically-secure random number generation. The key itself is encrypted using RSA-OAEP 2048. To skip over some technical details, this is a one-way encryption which only Nintendo can reverse, so even if obtained the output of the es command the player would not be able to determine the encryption key being used (and thus couldn't decrypt the ticket).
- The data uploaded to aauth in this case is
application_id=%016llx&application_version=%08x&device_auth_token=%.*s&media_type=DIGITAL&cert=%.*s&cert_key=%.*s
, formatted with the title ID for the game being played, the version of the game being played, the token retrieved from dauth, the encrypted ticket encoded with url-safe base64, and the encrypted key encoded with url-safe base64. - This code lives at .text+0x7DE98 for 5.0.0 account.
Layer Five - Console Ban
If the console fails to find a certificate, a special NO_CERT
request is sent, which will flag the console to be banned.
3DS backport
Notes
This is meant to target freeShop users and other illegal apps that use the CDN.
General
3DS Firmware 11.8 implements some "aauth" code ported from the Switch into the nim module which is to send along two new headers. One of these headers is a base64 version of the ticket. Tickets on the 3DS are signed by a key Nintendo only has and is not reverse engineerable at all, When CFW is installed (such as Luma3DS), it is possible to disable the signature checks for these tickets on the system itself. Also, Nintendo would check the ticket if using freeShop in sleep mode. First, the restrictions was on a number of apps at the time, but now all commercial games have the restriction. When downloading from the CDN, the nim module checks to see if it is a legit ticket or not. If either checks fail, it would flag the console to be banned.
Special Thanks
Thank you SciresM!