Hacking WIP 'Bruteforcing' Title ID's

[Deleted-451877]

Before you ask, a console-unique cert is not needed for this. It needs the ShopN cert converted to .pem format (openssl -in path/to/pfx -nodes -passout pass: -out path/to/pem), which I have attached.

Maybe this isn't news to anyone, but you can find information about a title on shogun (base url: https://bugyo.hac.lp1.eshop.nintendo.net)
For this you need its 'id', which is a number that, in my experience, ranges from 70010000000000 to 70010000011962 (I went as far as 700100000013000 and found nothing more).

Going to https://bugyo.hac.<env>.eshop.nintendo.net/shogun/v1/titles/<id>?shop_id=4&lang=en&country=<reg> will then give you some information about the game, including it's name and, in most cases, its title id.
The only exceptions I encountered were DLC's and physical-only releases.

I have attached the 858 Title ID's my script found between 70010000000000 and 700100000013000, in the US region and lp1 environment. It's a little more than what the eShop says it contains, sorting the games newer from older (or the other way around). And it's over 300 more than what Switchbrew has.

Note that I do not recommend using it without a VPN or proxy. It's possible that Nintendo will think you're DDOS'ing them, and IP-ban you.

 

[natinusala]

What's the point tho

 

[Deleted-451877]

What's the point tho

It's what you need to download games from the CDN, if you have a console-unique cert.

 

[hippy dave]

Thanks for sharing your findings, does this happen to give any info about if/what updates are available for a given title?

 

[Deleted-451877]

Thanks for sharing your findings, does this happen to give any info about if/what updates are available for a given title?

No, but VersionList does (https://tagaya.hac.lp1.eshop.nintendo.net/tagaya/hac_versionlist), console cert needed.
Updates numbers are multiples of 0x10000 = ‭65536, their tid being that of the base game + 0x800‬.
It is possible to download old updates from the CDN.

I have attached the latest json.

 

[hippy dave]

That's great, thanks for the json! Would be cool if we could have a copy of it kept up to date somewhere (ie somewhere unofficial that doesn't require a console certificate) - I guess it wouldn't be too hard for some kind person to configure their box to check it & update when necessary.

 

[TR_mahmutpek]

What? This app downloads titles without console-unique cert?

 

[tiliarou]

Thanks a lot !
I'm running your script for UK.
Had to pip install requests prior to running it but so far so good, work as intended.

 

[Deleted-451877]

That's great, thanks for the json! Would be cool if we could have a copy of it kept up to date somewhere (ie somewhere unofficial that doesn't require a console certificate) - I guess it wouldn't be too hard for some kind person to configure their box to check it & update when necessary.

Are you in the ReSwitched server? They have a channel with a bot that keeps track of it (made by SciresM).
Source here: https://github.com/reswitched/HacVersionListBot/tree/master/HacVersionListBot/HacVersionListBot

--------------------- MERGED ---------------------------

Thanks a lot !
I'm running your script for UK.
Had to pip install requests prior to running it but so far so good, work as intended.

Possibly. I've had that library for so long I didn't remember it wasn't a default one. Very good stuff.

 

[Mat37]

View attachment 134186Gives me that and does nothing more (idk if i have entered the command correctly tho)

 

[Deleted-451877]

What? This app downloads titles without console-unique cert?

It grabs Title ID's, which is what you plug into a CDN downloader (along with a version number, which is 0 for base games).
Switchbrew has a pretty good list of them here: http://switchbrew.org/index.php?title=Title_list/Games.

--------------------- MERGED ---------------------------

View attachment 134186Gives me that and does nothing more (idk if i have entered the command correctly tho)

Let it run, it will update shortly after. As said in the title this is no more than a PoC. In fact it will even append found ID's without checking for duplicates.
And you should directly edit the config in the file. Everything is in the first few lines.

 

[TR_mahmutpek]

It grabs Title ID's, which is what you plug into a CDN downloader (along with a version number, which is 0 for base games).
Switchbrew has a pretty good list of them here: http://switchbrew.org/index.php?title=Title_list/Games.

Thx for repy but I still cant get the answer :/ I mean most CDN downloaders need console key/cert for downloading.

 

[Mat37]

It grabs Title ID's, which is what you plug into a CDN downloader (along with a version number, which is 0 for base games).
Switchbrew has a pretty good list of them here: http://switchbrew.org/index.php?title=Title_list/Games.

--------------------- MERGED ---------------------------


Let it run, it will update shortly after. As said in the title this is no more than a PoC. In fact it will even append found ID's without checking for duplicates.
And you should directly edit the config in the file. Everything is in the first few lines.

I changed the end to 70010000000100 and got this :

 

[tiliarou]

Are you in the ReSwitched server? They have a channel with a bot that keeps track of it (made by SciresM).
Source here: [can't post link with my account yet]

--------------------- MERGED ---------------------------


Possibly. I've had that library for so long I didn't remember it wasn't a default one. Very good stuff.

I barely use python and requests doesn't come installed by default on windows so that's why. I've increased the idle timer to 0.5 just in case but your value was probably fine. Will poste UK once finished.

 

[Deleted-451877]

Thx for repy but I still cant get the answer :/ I mean most CDN downloaders need console key/cert for downloading.

Yes it does. Console-unique cert extracted from your decrypted PRODINFO.bin. But when you have that the TID's are the only thing 'stopping' your from downloading whatever you'd like. In fact it's even possible to download old sysupdates.

I changed the end to 70010000000100 and got this : View attachment 134188

Just double click the script. It doesn't need any argument.
The 'config' is here:

The commented parts are the possible values.
Note that the script still does its job. The OS just fails to interpret the 'commands' right after.

I barely use python and requests doesn't come installed by default on windows so that's why. I've increased the idle timer to 0.5 just in case but your value was probably fine. Will poste UK once finished.

Great! If I'm to be honest, I noticed a decrease in speed after a while. It's possible the server throttles your connection after too much requests, but it's back on track after a while.

 

[tiliarou]

I changed the end to 70010000000100 and got this : View attachment 134188

Math, you are specifying arguments to the python script whereas you should configure this inside the py file (at least it's my understanding).
Which python version do you have and how did you install it?

 

[Mat37]

Yes it does. Console-unique cert extracted from your decrypted PRODINFO.bin. But when you have that the TID's are the only thing 'stopping' your from downloading whatever you'd like. In fact it's even possible to download old sysupdates.


Just double click the script. It doesn't need any argument.

Okay i got it ^^ i'm not used to use scripts like that lol. Afterwards can i downlaod games with this script or should i use CDNX ? (which i can't get to work)

 

[hippy dave]

Are you in the ReSwitched server? They have a channel with a bot that keeps track of it (made by SciresM).
Source here: https://github.com/reswitched/HacVersionListBot/tree/master/HacVersionListBot/HacVersionListBot

Oh cool thanks, yeah I'm on the server but don't go there much, I'll have a look.

 

[Cali-Bean]

Is this to download games?

 

[Mat37]

Is this to download games?

No just to get title IDs