It's not new information that the Save Data Transfer Tool (SDTT) requires an internet connection to function, but what is surprising is that it has an official EoL and what looks like a "killswitch"
TLDR: The SDTT, a local save data tool with no real need for online connectivity, makes several network requests to get multiple tokens which go unused during use of the tool, with the only apparent purpose being to act as a "killswitch" to end the tools ability to work even for those who have it downloaded post eShop closure (it is not available on the eShop anymore)
For context, I am the lead developer of a project called Pretendo Network. Our team reverse engineers the online communications for games on the WiiU and 3DS in an effort to provide open source replacement servers. So we are often monitoring our consoles traffic for things like this
A bit of backstory: Last night 2 other members of the team, @shutterbug2000 and @hauntii (no gbatemp account), were researching Pokémon and had used the SDTT and saw it downloaded a file from the BOSS server. BOSS is a service on the WiiU and 3DS that allows games to download additional content in the background (for example Splatfest data on the WiiU, and SpotPass data on the 3DS). The file downloaded was named
While looking around the app in Ghidra, I found several references to NEX/RendezVous. NEX is the software that Nintendo uses for all first party multiplayer games on the 3DS and WiiU (and some older Switch games). Nintendo did not make this software from scratch, it is based off another set of another piece of software called RendezVous which was originally developed by Canadian company Quazal and was heavily modified which is why there's references to both here (fun side fact, Quazal was later bought by Ubisoft who still uses RendezVous to this day, making all online first party 3DS and WiiU games almost compatible with Ubisofts servers too). This is VERY very odd to be seen here, seeing as SDTT is not a game nor does it have the ability to connect to other consoles at all. So we continued to look even further into things
Upon checking the network requests of the SDTT from boot, it indeed does request NEX details from the NASC server! NASC is the server the 3DS uses to request tokens for, and the locations of, servers for online games. This server is carried over from the Wii, and predates the NNID system and it's API (which is why you do not need a NNID for some online 3DS games). There are 2 types of requests a 3DS can make to NASC
1. A
2. A
The SDTT requests BOTH of these tokens. The
@shutterbug2000 then monitored the SDTT for some time and did a save transfer, to see if it ever used these tokens for anything. And they go completely unused. So we decided to see what the tool does when the systems network is in various states (disabled, disconnected, etc)
When the 3DS wireless connection switch is disabled, or you have a bad/missing network connection, then the app tells you of these conditions independently of each other as expected
This, again, is not new information. I'm sure everyone has seen these screens at least once, and Nintendo's support page clearly states an internet connection is required
However when we tried to access the tool while our consoles were connected to the Pretendo Network servers, the SDTT clearly shows that it expects to have it's service ended one day based on how it handles this error. Given that the SDTT has special handling for the EoL error code (most titles do not have this, and only display the 3DS's default error popup which is shown by the console, not the game), and that it makes those 2 seemingly unused token requests, it seems clear that the purpose of these requests is to simply be a killswitch for the tool one day
This is genuinely very surprising to us over at Pretendo, as the SDTT is, for all intents and purposes, a purely offline local experience. There doesn't seem to be any clear reason why this tool would need an EoL at all besides just Nintendo not caring about the users of their older consoles. They could, at any moment, pull the plug on what many consider an essential tool and for no other reason other than "because Nintendo doesn't want it around any longer"
TLDR: The SDTT, a local save data tool with no real need for online connectivity, makes several network requests to get multiple tokens which go unused during use of the tool, with the only apparent purpose being to act as a "killswitch" to end the tools ability to work even for those who have it downloaded post eShop closure (it is not available on the eShop anymore)
For context, I am the lead developer of a project called Pretendo Network. Our team reverse engineers the online communications for games on the WiiU and 3DS in an effort to provide open source replacement servers. So we are often monitoring our consoles traffic for things like this
A bit of backstory: Last night 2 other members of the team, @shutterbug2000 and @hauntii (no gbatemp account), were researching Pokémon and had used the SDTT and saw it downloaded a file from the BOSS server. BOSS is a service on the WiiU and 3DS that allows games to download additional content in the background (for example Splatfest data on the WiiU, and SpotPass data on the 3DS). The file downloaded was named
fairy_bl.lrc, and contains what looks to be compressed or encrypted content. We assumed this is some kind of blacklist based on the name, and this was seemingly why the tool needed to go online at all, to check this assumed blacklist. So I began disassembling SDTT to take a closer look at what the file contained. This is where things got interestingWhile looking around the app in Ghidra, I found several references to NEX/RendezVous. NEX is the software that Nintendo uses for all first party multiplayer games on the 3DS and WiiU (and some older Switch games). Nintendo did not make this software from scratch, it is based off another set of another piece of software called RendezVous which was originally developed by Canadian company Quazal and was heavily modified which is why there's references to both here (fun side fact, Quazal was later bought by Ubisoft who still uses RendezVous to this day, making all online first party 3DS and WiiU games almost compatible with Ubisofts servers too). This is VERY very odd to be seen here, seeing as SDTT is not a game nor does it have the ability to connect to other consoles at all. So we continued to look even further into things
Upon checking the network requests of the SDTT from boot, it indeed does request NEX details from the NASC server! NASC is the server the 3DS uses to request tokens for, and the locations of, servers for online games. This server is carried over from the Wii, and predates the NNID system and it's API (which is why you do not need a NNID for some online 3DS games). There are 2 types of requests a 3DS can make to NASC
1. A
LOGIN request. This request indicates that the game is trying to connect to a NEX multiplayer server. If successful, the server sends back a locator value, which is the address of the game server in the format IP:PORT base64 encoded, and a token which is your login token2. A
SVCLOC request. This request indicates that the game uses an independent 3rd party service registered with Nintendo and would like to be able to identify the currently logged in user with that service. If successful, the server sends back a token which is your service token that the games independant API can use to know who you are (For example RPG Maker FES uses this to know who uploaded what RPG)The SDTT requests BOTH of these tokens. The
locator value in this case is set to 0.0.0.0:0, which indicates that there is no actual NEX game server and the game only wanted the NEX token. The use of this depends on the game, but it can often times be used as part of a larger token exchange system or a dirty "is this console banned" check. Requesting both tokens is odd, but not unheard of. Several other games also do this for some reason@shutterbug2000 then monitored the SDTT for some time and did a save transfer, to see if it ever used these tokens for anything. And they go completely unused. So we decided to see what the tool does when the systems network is in various states (disabled, disconnected, etc)
When the 3DS wireless connection switch is disabled, or you have a bad/missing network connection, then the app tells you of these conditions independently of each other as expected
This, again, is not new information. I'm sure everyone has seen these screens at least once, and Nintendo's support page clearly states an internet connection is required
However when we tried to access the tool while our consoles were connected to the Pretendo Network servers, the SDTT clearly shows that it expects to have it's service ended one day based on how it handles this error. Given that the SDTT has special handling for the EoL error code (most titles do not have this, and only display the 3DS's default error popup which is shown by the console, not the game), and that it makes those 2 seemingly unused token requests, it seems clear that the purpose of these requests is to simply be a killswitch for the tool one day
This is genuinely very surprising to us over at Pretendo, as the SDTT is, for all intents and purposes, a purely offline local experience. There doesn't seem to be any clear reason why this tool would need an EoL at all besides just Nintendo not caring about the users of their older consoles. They could, at any moment, pull the plug on what many consider an essential tool and for no other reason other than "because Nintendo doesn't want it around any longer"
Last edited by RedDucks,
