Hello guys, this is my first post here! I just got a MIG Switch card out of curiosity and I was tinkering with it. For those who don't know, it's used by placing XCI dumps as well as other game specific bin files in the sd card of the MIG Switch, and are obtained from the original cartridge by using an app like nxdumptool. Two of these bin files are mandatory to get the game to boot: Initial Data.bin and Certificate.bin. They stay the same for every cartridge of a specific game. Now, if you want to use an XCI dump from a shady website it's impossible to get it to work without those files. By using the Certificate.bin from another game it has no problem, but this does not count for the Initial Data.bin. So I looked for a way to obtain this Initial Data from an XCI file and read a bit of the XCI file documentation from switchbrew dot org. Here's what I understood so far: The Switch checks if the cartridge is valid by doing a challenge–response authentication on the Initial Data. The Package ID is contained both on the XCI and the Initial Data, on positions 0x110 and 0x0 respectively. The Initial Data hash is on the XCI at position 0x160. It is calculated by doing a SHA-256 hash on the full Initial Data content. So I was wondering, is there a way to to construct a functional Initial Data file starting from an XCI dump? I also tried a reverse approach by editing the Package ID in the Initial Data from another game, generating the Initial Data hash and putting it in the XCI file but is not enough to get the Switch believe it's a real game. Sorry if this may seem stupid but let me know what you think.

mig switch not working/updating??

stickybit · 2024-03-28T19:59:51+00:00

just got my mig switch and followed instructions to the T to update it and all im getting is a red light and then a message saying cart not recognised, all im trying to do is update it to the latest firmware, it says it should flash blue when...

Extracting the Network Service Account

Duplodocus

Member

Newcomer

Level 1

Jul 5, 2020

Hello,

I'm trying to reverse engineer a game's connection to its web servers. The game uses the eShop to manage subscriptions, and it seems that the game authenticates with the game webserver using a device token, since I'm able to use the game's online features (and pay for a subscription) without having to create an account (even though an account can be linked afterwards). My goal now is to get this token from my switch.

When looking at the game binary, I found uses of the the SDK methods "nn:account:EnsureNetworkServiceAccountAvailable" and "nn:account:GetNetworkServiceAccountId". I believe the latter method sets a buffer with a token linked to the device (and probably signed by Nintendo at some point, so that the web services can verify it). I'd like to call these methods from a homebrew program, which will hopefully help me authenticating properly. Still, I'm not sure how to do that, here are a few methods I'm thinking about:

Linking the homebrew binary to the SDK binary - is that possible with the current devtools?
Reverse engineering those methods from the SDK and implementing them in my homebrew. Yet, I'm pretty sure that at some point it will call the switch system services. Can I do that from a homebrew? Is it unsafe with regards to device bans?
I haven't yet examined my device PRODINFO, could the device token be in there?

I was able to get an eShop token (from the eShop website) recognized by the game's web auth services, but it fails when trying to check my subscription. Hence my interest for the device token, which I believe is what the game actually sends to the servers. Since the eShop website's tokens are JWTs, I think the device token must be a JWT, albeit with different claims. In particular, I found that the subscription request sends a UUID that seems to never change for a given console. This device-unique UUID is probably in the device token.

Is the Nintendo SDK documented somewhere? That'd definitely be helpful, but I could not find that on SwitchBrew.

Any help/hint/guidance is welcome :-)

ROM Hack Extracting the Network Service Account

Member

Similar threads

Popular threads in this forum