Hacking RELEASE ShogunTool - Get game information from Title IDs!

Gnarmagon

Noob <3
Member
Joined
Dec 12, 2016
Messages
647
Trophies
0
Age
22
XP
794
Country
Germany
Would you mind being a little more specific? I've got a token, but POSTing the raw thing gets me a "Access denied" error.
I've noticed the first two parts (at least) of the token are b64 encoded and mention the dcert-lp1.ndas.srv.nintendo.net/keys url, as well as the RS256 algorithm (along with what I guess is the public exponent). Is there any signature verification going on that needs to be done beforehand?

EDIT: Well I got it working literally seconds after posting this. Thanks for the help anyways.
did you write some python code to generate the dauth token/how did you obtain the token ?
 

JupiterJesus

Active Member
Newcomer
Joined
Jul 14, 2018
Messages
44
Trophies
0
Age
39
XP
279
Country
United States
did you write some python code to generate the dauth token/how did you obtain the token ?
Also interested. I wanted to add eshop metadata downloading to my CDN downloader/nsp library app, but by the time I got around to writing the code *poof* every request rejected and I don't know enough about the underlying tech to figure out myself what to do about it.

I hope this doesn't mean I have to log in to nintendo.com, get the auth token that they give me, then go back and send them that token in my app to prove I've logged in. I have no clue how I'd automate that, and I for damn sure don't want to use my personal account in the app.

Blah, it would probably be easier at this point to visit their publicly available eshop page and parse the html :/
 

Gnarmagon

Noob <3
Member
Joined
Dec 12, 2016
Messages
647
Trophies
0
Age
22
XP
794
Country
Germany
Also interested. I wanted to add eshop metadata downloading to my CDN downloader/nsp library app, but by the time I got around to writing the code *poof* every request rejected and I don't know enough about the underlying tech to figure out myself what to do about it.

I hope this doesn't mean I have to log in to nintendo.com, get the auth token that they give me, then go back and send them that token in my app to prove I've logged in. I have no clue how I'd automate that, and I for damn sure don't want to use my personal account in the app.

Blah, it would probably be easier at this point to visit their publicly available eshop page and parse the html :/
I currently found this repo by @SimonMKWii https://github.com/simonmkwii/DAuther and it solves the crypto challenge in C#....
currently my problem is that I don't get how exactly the crypto challenge is solved (there is for some reason no padding, and this would be impossible with the 2nd encryption because AES-ECB requires padding....)

see here for a reference from SciresM:
  • Your console treats the "data" string, decoded as base-64, as a cryptographic key source, and uses the SPL services to transform it with TrustZone only keydata and load it into an AES keyslot.

  • Your console generates its authorization request data -- this is done by formatting the string "challenge=%s&client_id=%016x&key_generation=%d&system_version=%s" with the challenge string, the client ID requesting a token, the master key version, and the current system version digest.

I will keep this thread update if I can solve the crypto challenge and generate the bearer token via python3

@SimonMKWii I have some questions regarding your code, could you please DM me (regarding license of dauther and how you did figure all that stuff out O.O or if you adapted another source code (would be nice because I have no fucking clue how C# works....))
 
Last edited by Gnarmagon,

Rikikoo

Member
Newcomer
Joined
Aug 1, 2018
Messages
21
Trophies
0
Age
26
XP
246
Country
France
did you write some python code to generate the dauth token/how did you obtain the token ?
Also interested. I wanted to add eshop metadata downloading to my CDN downloader/nsp library app, but by the time I got around to writing the code *poof* every request rejected and I don't know enough about the underlying tech to figure out myself what to do about it.

I hope this doesn't mean I have to log in to nintendo.com, get the auth token that they give me, then go back and send them that token in my app to prove I've logged in. I have no clue how I'd automate that, and I for damn sure don't want to use my personal account in the app.

Blah, it would probably be easier at this point to visit their publicly available eshop page and parse the html :/
Yes, but it's basically a (simplified) reimplementation of @SimonMKWii DAuther. I recommend you look at its source.
Note that I never cleaned it up, so it's quite messy.
[EDIT] Also I've scraped Shogun using it but I'm not sure I'm allowed to post the results here, so I won't.
 
Last edited by Rikikoo,
  • Like
Reactions: Gnarmagon

JupiterJesus

Active Member
Newcomer
Joined
Jul 14, 2018
Messages
44
Trophies
0
Age
39
XP
279
Country
United States
Yes, but it's basically a (simplified) reimplementation of @SimonMKWii DAuther. I recommend you look at its source.
Note that I never cleaned it up, so it's quite messy.
[EDIT] Also I've scraped Shogun using it but I'm not sure I'm allowed to post the results here, so I won't.

Thank you, and I'm keeping this tab open so I can remember later to read through the code and figure this out.

Funny, I originally wanted to grab the title's size from the eshop (I assumed that info was there as the eshop does show you how much space is needed on your device to download the game). I ended up just creating a function that goes through the motions of downloading a title, but instead of downloading anything it only grabs headers for their content-lengths, then adds everything together for a very close size estimate. It works great, is very fast and is one of my favorite features that my app has over CDNSP.

In fact, the reason I decided to make my own app was that I keep butting up against comcast's 1TB data cap and I wanted to know what the game's size was BEFORE I downloaded it. I also have a data-cap friendly feature that downloads your queue from smallest game to largest until it reaches a max game size OR a max total amount of data. So on Aug 30 I'm going to check my data usage, then download as many bytes worth of games as I can without passing the cap ;)
 

Rikikoo

Member
Newcomer
Joined
Aug 1, 2018
Messages
21
Trophies
0
Age
26
XP
246
Country
France
Thank you, and I'm keeping this tab open so I can remember later to read through the code and figure this out.

Funny, I originally wanted to grab the title's size from the eshop (I assumed that info was there as the eshop does show you how much space is needed on your device to download the game). I ended up just creating a function that goes through the motions of downloading a title, but instead of downloading anything it only grabs headers for their content-lengths, then adds everything together for a very close size estimate. It works great, is very fast and is one of my favorite features that my app has over CDNSP.

In fact, the reason I decided to make my own app was that I keep butting up against comcast's 1TB data cap and I wanted to know what the game's size was BEFORE I downloaded it. I also have a data-cap friendly feature that downloads your queue from smallest game to largest until it reaches a max game size OR a max total amount of data. So on Aug 30 I'm going to check my data usage, then download as many bytes worth of games as I can without passing the cap ;)
Alternatively, the CNMT contains the sizes of the files it links to.
 

JupiterJesus

Active Member
Newcomer
Joined
Jul 14, 2018
Messages
44
Trophies
0
Age
39
XP
279
Country
United States
Yep, you're right. My first implementation was a copy/paste of the DownloadTitle method with the download-y parts deleted so it was done fast, but I have a rewrite that uses the CNMT content entry sizes is on my TODO list.
 

JupiterJesus

Active Member
Newcomer
Joined
Jul 14, 2018
Messages
44
Trophies
0
Age
39
XP
279
Country
United States
For anyone still watching this thread, I managed to get eshop data. I had to:

Implement getting the Dauth token (see DAuther link earlier).

Use my own personal cert for eshop access, because the public CDN cert is eshop banned. I know this because while it can download from the CDN just fine, it is rejected by the shogun server with a ban message. What was that people said about all bans being CDN bans now? I dunno. Even weirder, the personal cert I'm using is on a switch that has no linked nintendo account, but I have homebrew on and go online all the time with illegitimate NSPs, DevMenu, practically everthing that should get you banned. Nintendo even sends me free updates for my NSPs when I go online (or did, until 6.0 dropped and I didn't update).

Connect to the shogun server using the shopN cert (I had to log in with my console cert) and the dauth token specified using the header
"X-DeviceAuthorization", "Bearer XXXXXXXXXXXXXXXXXXXXXXXXXX".
Then using the nsuid (or the nsuid I already have from importing Game_info.json) to access the game's info.

I got kind of a sad face when I found out that the data returned there is incomplete. It is mostly screenshots and a bit of basic data. Well, anything you see on the eshop page I guess. The "total_rom_size" is useful, though I already had been calculating the size through the CNMT and/or calculating contentlength headers so I may not even use it. I already have the name and publisher from the nsp's internal control data. I already have the image from the control data as well.

Other than that, the only useful stuff is "description" and maybe "genre". There's some content rating stuff too

I'd be curious to know where to find the following:

BoxArt (url on the media.nintendo.com server). The images listed in the eshop are only accessible via eshop login since they're on the shogun server, while media.nintendo.com is publicly accessible.

Developer - the control NCA and the eshop data only have publisher.

Region - I currently get region from the nut db file, and I need region to access the shogun endpoint. Is there a way to find the region of a title by ID? Obv I can't get it from shogun if it asks for the region and language.

Price? Not exactly important, but I expected to see it in the eshop data and I didn't.
 

JupiterJesus

Active Member
Newcomer
Joined
Jul 14, 2018
Messages
44
Trophies
0
Age
39
XP
279
Country
United States
Oh, if it wasn't obvious from my last post, it is unlikely that shogun tool will come back since it requires a totally unbanned cert to even operate. That seems dumb as hell - you can access all this info by reading the public eshop web page and parsing the HTML, why hide it behind a login? I've written my app to not even bother trying to access the eshop data unless the user has a valid cert pointed to by a LoginCert setting, and otherwise just doesn't use it. I mean, shogun COULD be rewritten to work, he would just have to require that you provide your own unbanned certificate (the "public" one isn't good enough).
 

JupiterJesus

Active Member
Newcomer
Joined
Jul 14, 2018
Messages
44
Trophies
0
Age
39
XP
279
Country
United States
Aaaaaand within a day of using my cert for accessing the eshop api it was banned. This was after openly using NSPs and homebrew online for weeks and no ban, just one day of accessing an innocuous api containing public data was a bridge too far I guess.

I rewrote my app to just load the eshop web page and parse the HTML. Most of the same data is there (it is generated using the API data), and what isn't there isn't terribly important. Oh well. Link in sig.

Shogun could be rewritten to do the same, if the author had the motivation. It only took me a couple of hours, using the dcsoup library.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • Veho @ Veho:
    The fuuuuu---
  • Veho @ Veho:
    I thought it was an actual xBox at that price.
  • Sicklyboy @ Sicklyboy:
    I wanna grab a 360 Slim and a 360 E one of these days. Missed the boat of getting them at their lowest though, once they were discontinued. Could've got them for cheap back when I was a broke 20 something working at Target, but then again, I was a broke 20 something working at Target
  • Veho @ Veho:
    Being broke is no fun.
  • K3Nv2 @ K3Nv2:
    @Sicklyboy, $150 isn't that bad for a jtag slim on ebay
  • Veho @ Veho:
    I only wish it was actually playable.
  • Veho @ Veho:
    There's a guy on the Tube of You that makes playable mechanical arcade games out of Lego. This could work on the same principle.
  • Veho @ Veho:
    Just a couple of guys taking their manatee out for some fresh air, why you have to molest them?
  • Veho @ Veho:
    Stupid Chinese shop switched their shipping company and this one is slooooooow.
  • LeoTCK @ LeoTCK:
    STOP BUYING CHINESE CRAP THEN
  • LeoTCK @ LeoTCK:
    SUPPORT LOCAL PRODUCTS, MAKE REVOLUTION
  • LeoTCK @ LeoTCK:
    THEY KEEP REMOVING LOCAL SHIt AND REPLACING WItH INFERIOR CHINESE CRAP
  • LeoTCK @ LeoTCK:
    THATS WHY MY PARTNER CANT GET A GOOTWEAR HIS SIZE ANYMORE
  • LeoTCK @ LeoTCK:
    HE HAS BIG FOOT AND BIG DUCK
  • LeoTCK @ LeoTCK:
    d*ck i mean*
  • LeoTCK @ LeoTCK:
    lol
  • Veho @ Veho:
    Mkay.
  • Veho @ Veho:
    I just ordered another package from China just to spite you.
  • SylverReZ @ SylverReZ:
    Communism lol
  • SylverReZ @ SylverReZ:
    OUR products
  • The Real Jdbye @ The Real Jdbye:
    @LeoTCK actually good quality products are dying out because they can't compete with dropshipped chinese crap
    +1
    The Real Jdbye @ The Real Jdbye: @LeoTCK actually good quality products are dying out because they can't compete with dropshipped... +1