Hacking CDNSP is NOT dead. They just don't want us to use it.

Status
Not open for further replies.

l915205

Well-Known Member
OP
Newcomer
Joined
Jun 28, 2018
Messages
74
Trophies
0
Age
41
XP
227
Country
Croatia
Previous thread was closed by the mod, so let's start with this warning:
Do not download and run random stuff from the internet. Like never. There are fake EdgeAuther versions floating around that steal your cert. There are no working CDNSP copy in public access yet.

Now quick recap of what previous thread was about:
We all know the sad story they tell us: Nintendo killed CDNSP with 6.0 FW, welcome back to dark ages of torrents and file-sharing shitholes. But is it really true?

<some proofs and guesses>
Thread was deleted but that wasn't end of the story. Someone sent me the copy of EdgeAuther source code grabbed right before github repository was made private. So now I am 100% sure of the following things:
  1. CDNSP is still working. You can download everything from Nintendo CDN like it was prior to 6.0 FW.
  2. Changes to make CDNSP work again are trivial. My estimate is ~50 lines of code depending of your language of choice.
  3. Some people are desperately trying to hide this information from public. Apparently to make CDN their exclusive piracy source.
EdgeAuther code is licensed under MIT allowing me to post it here. But since author (simonmkwii) wants to keep it private I only tell what needs to be done to make CDNSP work again to those interested:

0. You have to went online after 6.0 FW update at least once. Then Nintendo will add your certificate to white list. If you never went online with 6.0+ FW and try to get token for CDN access your certificate will be banned. Take this step with grain of salt because there is no way to properly verify it. But it sounds plausible. Nintendo wants to be sure you made legit FW update.
1. To access CDN you need edge token, that's the only difference between 6.0 FW and previous versions. To request it you need to authenticate your device first (not possible if your certificate is banned). Device authentication process is described here. Edge token request is single extra HTTP call. Token is valid for 24 hours. This step is done by EdgeAuther utility.
2. Now you can use this token to run CDNSP, just add X-Nintendo-DenebEdgeToken header like this.

The way EdgeAuther requests edge token is pretty straightforward. Two HTTP calls and your are golden. The only thing I don't understand is how AES key is derived to CMAC request body. There are also some hardcoded constants (Client ID, User-Agent, endpoint URL) that I suspect may be different for every FW revision. My copy is for 6.0 FW. If anyone is interested to implement working utility or patch CDNSP.py I can try to write pseudo-code for the authentication process.


UPDATE


-snip-
Don't build code without proper audit, don't run precompiled binaries from this repo ever!

Also I'm still worried that this version is for 6.0.0 firmware, some constants (Client_ID, UserAgent, SysDigest, BaseURL) may be outdated. Make sure you understand what are you doing before risking your cert.
 
Last edited by Quantumcat, , Reason: Don't link piracy tools unless they're clean

DeuX

Well-Known Member
Member
Joined
Jun 14, 2018
Messages
178
Trophies
0
Age
37
XP
545
Country
Switzerland
And what good comes from opening CDN to everyone? You have few weeks of freeleech until Nintendo increases security and then there's no CDN or scene releases to anyone and we are back to the dark ages of downloading scene releases dumped once in a new moon in shady sites.
 

XorTroll

Switching between my 2DS and my Switch
Developer
Joined
Dec 28, 2017
Messages
636
Trophies
0
Location
Nowhere
Website
github.com
XP
3,976
Country
Spain
Exactly, if everyone starts downloading all the stuff they want on CDN that will just make Nintendo kill CDNSP and all that stuff. If only one or just a few have access to the content in the CDN is way safer. Do you guys really want games from the CDN? Then shut up and listen, or we won't have CDN anymore.
 

l915205

Well-Known Member
OP
Newcomer
Joined
Jun 28, 2018
Messages
74
Trophies
0
Age
41
XP
227
Country
Croatia
And what good comes from opening CDN to everyone?
I can only speak for myself. I am primary interested in how it all works from technical view point. Also I don't like people monetizing on the piracy, but that hardly relevant.

nintendo finds a way to fix this and we won't be able to download game/update/dlc nsps in the future.
Nintendo already implemented pretty robust system. If your cert is banned you can't do anything. They just need to audit logs for illegal content access faster (imagine cert bans in 5 minutes).
But apparently they think it's not worth it right now, perhaps because of the extra load to network backend.
 

DeuX

Well-Known Member
Member
Joined
Jun 14, 2018
Messages
178
Trophies
0
Age
37
XP
545
Country
Switzerland
I can only speak for myself. I am primary interested in how it all works from technical view point. Also I don't like people monetizing on the piracy, but that hardly relevant.


Nintendo already implemented pretty robust system. If your cert is banned you can't do anything. They just need to audit logs for illegal content access faster (imagine cert bans in 5 minutes).
But apparently they think it's not worth it right now, perhaps because of the extra load to network backend.

If you're only interested in how it works then you shouldn't post a how to. Research and keep it to yourself, plus nobody is making a profit on piracy other than the assholes from a certain darksite that put paywalls in front of the downloads, if you were on our Discord you would actually see that whe discourage any kind of profit from piracy
 
Last edited by DeuX,

NoNAND

Give me back my legions!
Member
Joined
Aug 22, 2015
Messages
2,256
Trophies
1
Location
Somewhere
XP
4,760
Country
Albania
Exactly, if everyone starts downloading all the stuff they want on CDN that will just make Nintendo kill CDNSP and all that stuff. If only one or just a few have access to the content in the CDN is way safer. Do you guys really want games from the CDN? Then shut up and listen, or we won't have CDN anymore.
Finally someone who understands
 
  • Like
Reactions: andyhappypants

l915205

Well-Known Member
OP
Newcomer
Joined
Jun 28, 2018
Messages
74
Trophies
0
Age
41
XP
227
Country
Croatia
If you're only interested in how it works then you shouldn't post a how to
I shouldn't post relevant technical info on gbatemp because someone is afraid to loose their exclusive piracy source? I disregard this advice.

plus nobody is making a profit
They make advertising money, referral money, premium subscriptions money and most desired: attention.
 

DeuX

Well-Known Member
Member
Joined
Jun 14, 2018
Messages
178
Trophies
0
Age
37
XP
545
Country
Switzerland
I shouldn't post relevant technical info on gbatemp because someone is afraid to loose their exclusive piracy source? I disregard this advice.


They make advertising money, referral money, premium subscriptions money and most desired: attention.

You clearly don't see the bigger picture, you're just acting like a spoiled brat that didn't receive his gift on Christmas.
 

ghjfdtg

Well-Known Member
Member
Joined
Jul 13, 2014
Messages
824
Trophies
0
XP
1,882
Country
Unpopular opinion time: You have no right to pirate directly from their servers and you are a moron if you think they won't notice even if few access it. The 3DS CDN shows how to do it right so they already know how to fix it for good. It's just not implemented yet on the Switch CDN.
 

XorTroll

Switching between my 2DS and my Switch
Developer
Joined
Dec 28, 2017
Messages
636
Trophies
0
Location
Nowhere
Website
github.com
XP
3,976
Country
Spain
I shouldn't post relevant technical info on gbatemp because someone is afraid to loose their exclusive piracy source? I disregard this advice.


They make advertising money, referral money, premium subscriptions money and most desired: attention.
Exclusive piracy source? All the dumped or accessed titles from CDN are shared
 

blahblah

Well-Known Member
Member
Joined
May 16, 2018
Messages
1,136
Trophies
0
Age
32
XP
1,440
Country
United States
The OP is a massive fucking idiot.

The 'dark ages' of typical scene activity.

The CDN needs to be semi-protected so those doing actual releases don't have to use SD dumping tools to grab every single game. You have no real valid reason to access it, other than whininess. Stop trying to fuck up a good thing.

No one with CDN is using it to download random games they want. People are using it to pull updates and new games upon dump of the title key. Said contents are then shared, either on p2p or pred as scene releases.

The monetization you talk about is bad, but that has nothing to do with the CDN. No one throwing links behind adfly crap on a certain site has CDN access.
 
Last edited by blahblah,

FAST6191

Techromancer
Editorial Team
Joined
Nov 21, 2005
Messages
33,867
Trophies
2
Website
trastindustries.com
XP
22,601
Country
United Kingdom
I can understand wanting to keep an exploit open to dump an anticipated game ahead of time, and not burn it on junk*, but I am struggling to understand the desire to keep something as banal as this CDN lark open.

*the one with Origin the other year was known about and was actually being saved for Watch_Dogs.
 
Status
Not open for further replies.
General chit-chat
Help Users
    kenenthk @ kenenthk: Cap or slap