RELEASE HACDN v3 - Safely download your Switch eShop purchases on your PC

Discussion in 'Switch - Exploits, Custom Firmwares & Soft Mods' started by SimonMKWii, May 16, 2018.

?
  1. Super Mario Odyssey

    27.8%
  2. The Legend Of Zelda: Breath of the Wild

    72.2%
  1. SimonMKWii
    OP

    SimonMKWii GBAtemp Advanced Fan

    Member
    9
    Nov 18, 2017
    Australia
    Melbourne, Victoria
    What the hell are you looking at?
    There's no python or C# code, lol.
     
    zeveroth likes this.
  2. GerbilSoft

    GerbilSoft GBAtemp Addict

    Member
    12
    Mar 8, 2012
    United States
    Here's why: https://github.com/simonmkwii/HACDN/blob/master/HACDN/MainInterface.vb#L89
    Code:
    Process.Start("hactool.exe", " -k keys.txt " + VER + " --section0dir=CNMT")
    CheckCMNT:
    If Exists("CNMT/Application_" + TID + ".cnmt") Then
        Dim OpenCNMT As New System.IO.BinaryReader(File.Open("CNMT/Application_" + TID + ".cnmt", FileMode.Open))
        Dim NCAID As String = ByteArrayToString(OpenCNMT.ReadBytes(194)).Substring(160, 32)
        Dim NCAURL As String = "https://atum.hac.lp1.d4c.nintendo.net/c/c/" + NCAID
        Dim GetNCA As New WebClient2
        GetNCA.ClientCertificates.Add(ClientCert)
        GetNCA.Headers.Set("User-Agent", "NintendoSDK Firmware/5.0.2-0 (platform:NX; did:" + DID + "; eid:lp1)")
        Dim Adr As New Uri(NCAURL)
        System.IO.Directory.CreateDirectory("Games/" + TID)
        AddHandler GetNCA.DownloadProgressChanged, AddressOf Client_ProgressChanged
        GetNCA.DownloadFileTaskAsync(Adr, ("Games/" + TID + "/" + NCAID + ".nca"))
        Delete(VER)
    Else
        GoTo CheckCMNT
    End If
    
    It's a busy-waiting loop waiting for hactool to extract the CNMT section. This loop will peg its CPU core/thread at 100% until hactool finishes.
     
    DarthDub likes this.
  3. SimonMKWii
    OP

    SimonMKWii GBAtemp Advanced Fan

    Member
    9
    Nov 18, 2017
    Australia
    Melbourne, Victoria
    Yeah, it wasn't exactly the smartest decision...
    I should have kept the "wait for 5 seconds" thing instead.
     
  4. Thelichekinge

    Thelichekinge Newbie

    Newcomer
    1
    May 12, 2018
    Belgium
    can I download my games that I have in cartridge?
     
  5. SimonMKWii
    OP

    SimonMKWii GBAtemp Advanced Fan

    Member
    9
    Nov 18, 2017
    Australia
    Melbourne, Victoria
    Technically you can, but it would be illegal as you only have the rights to the cartridge copy, not the digital copy.
     
  6. Thelichekinge

    Thelichekinge Newbie

    Newcomer
    1
    May 12, 2018
    Belgium
    ok thanks ^^
     
  7. Frexxos

    Frexxos GBAtemp Regular

    Member
    4
    Apr 27, 2015
    Germany
    @SimonMKWii
    just remove this sentence:
    and change it to something like that:
    I say that because I really like the effort you do to this project and all the development. But I already can smell the big Shitstorm which is coming again for this tool and thread....
    Just change it and after that everyone have to know by itself if someone should use or not use the tool.
     
    Tilde88 and JamiePashley like this.
  8. cearp

    cearp 瓜老外

    Member
    16
    May 26, 2008
    Tuvalu
    you used visual basic for fun...? :blink:
    i only use it if it's some office vba macro - and it's not fun!

    either way, nice to share something.
     
  9. Gnarmagon

    Gnarmagon Noob <3

    Member
    4
    Dec 12, 2016
    Germany
    oh even worse it's visual basic O.O

    and the Python Code I am talking about:
    [​IMG]
     
  10. SimonMKWii
    OP

    SimonMKWii GBAtemp Advanced Fan

    Member
    9
    Nov 18, 2017
    Australia
    Melbourne, Victoria
    "oh even worse it's visual basic O.O" - Okay, well how about you hurry up and make one in C, come on then! Chop-chop!
    If mine is so bad because it's done in VB, make one yourself using a different language.
     
    DarthDub, Tilde88, dgr1592 and 3 others like this.
  11. TiMeBoMb4u2

    TiMeBoMb4u2 GBAtemp Advanced Maniac

    Member
    6
    Oct 25, 2008
    United States
    Hyrule
    @SimonMKWii... What's the difference between "eticket_ssl_rpk" and "ssl_rsa_kek"?
     
  12. SimonMKWii
    OP

    SimonMKWii GBAtemp Advanced Fan

    Member
    9
    Nov 18, 2017
    Australia
    Melbourne, Victoria
    The eticket kek is used to decrypt tickets, and is generated from the RSA-OAEP usecase, while the ssl kek is used to decrypt the SSL private key used for the TLS handshake, and is generated from the RSA private usecase.
     
  13. TR_mahmutpek
    This message by TR_mahmutpek has been removed from public view by porkiewpyne, May 16, 2018, Reason: Shitpost.
    May 16, 2018
  14. TiMeBoMb4u2

    TiMeBoMb4u2 GBAtemp Advanced Maniac

    Member
    6
    Oct 25, 2008
    United States
    Hyrule
    Uh... I didn't say "eticket kek". I said "eticket_ssl_rpk".
     
  15. SimonMKWii
    OP

    SimonMKWii GBAtemp Advanced Fan

    Member
    9
    Nov 18, 2017
    Australia
    Melbourne, Victoria
    It's literally the same thing
     
  16. aslk

    aslk Member

    Newcomer
    3
    Oct 30, 2013
    Canada
    so am I expected to dig through your source and figure out how to make a keys.txt?
     
  17. SimonMKWii
    OP

    SimonMKWii GBAtemp Advanced Fan

    Member
    9
    Nov 18, 2017
    Australia
    Melbourne, Victoria
    No, it's the same keys.txt you use with hactool.
     
  18. aslk
    This message by aslk has been removed from public view by porkiewpyne, May 16, 2018.
    May 16, 2018
  19. TiMeBoMb4u2

    TiMeBoMb4u2 GBAtemp Advanced Maniac

    Member
    6
    Oct 25, 2008
    United States
    Hyrule
    So... "eticket_ssl_rpk" is the same thing as "eticket_rsa_kek"?
    Why do you use a different name for the same thing?
    That is really confusing to people.
     
  20. Falo

    Falo GBAtemp Fan

    Member
    5
    Jul 22, 2012
    Germany
    Here pure C# code of that python script, the user would only need to run the final exe (on Windows 7-10), no python dependencys...
    The only thing missing is a way to load the keys from an external file, i wrote this in 5 min...
    I could also write the whole tool in C# and make it public, but i don't want to make such a dangerous tool...

    Code:
    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Text;
    using System.Security.Cryptography;
    
    namespace GenerateSslKey
    {
        class Program
        {
            static byte[] MasterKey_00 = string2array("C2CA...");
            static byte[] ssl_kek_source = string2array("7F5B...");
            static byte[] ssl_kek_generation_source = string2array("EF2C...");
            static byte[] ssl_key_generation_source = string2array("9A38...");
    
            static void Main(string[] args)
            {
                byte[] kek_Key = new byte[16];
    
                kek_Key = GenerateAesKek(ssl_kek_source, MasterKey_00, ssl_kek_generation_source, ssl_key_generation_source);
    
                Console.WriteLine("Generated key: " + array2string(kek_Key));
                Console.WriteLine("Should be: 'B011...'");
    
                Console.WriteLine("Press any key to exit...");
                Console.ReadKey();
            }
    
    
            static byte[] GenerateAesKek(byte[] seed, byte[] MasterKey, byte[] key_x, byte[] key_y = null)
            {
                byte[] key_x_copy = new byte[16], seed_copy = new byte[16], key_y_copy = new byte[16];
    
                //decrypt key_x
                key_x.CopyTo(key_x_copy, 0);
                key_x_copy = aes_128_ecb_dec(MasterKey, key_x_copy);
    
                //decrypt seed
                seed.CopyTo(seed_copy, 0);
                seed_copy = aes_128_ecb_dec(key_x_copy, seed_copy);
    
                //decrypt key_y or use the decrypted seed
                if (key_y != null)
                {
                    key_y.CopyTo(key_y_copy, 0);
                    key_y_copy = aes_128_ecb_dec(seed_copy, key_y_copy);
                }
                else
                {
                    seed_copy.CopyTo(key_y_copy, 0);
                }
    
                return key_y_copy;
            }
    
            static byte[] aes_128_ecb_dec(byte[] key, byte[] data)
            {
                byte[] result = new byte[data.Length];
    
                try
                {
                    using (var rm = new RijndaelManaged())
                    {
                        rm.Mode = CipherMode.ECB;
                        rm.Padding = PaddingMode.None;
                        rm.KeySize = 128;
                        rm.BlockSize = 128;
                        rm.Key = key;
                        rm.IV = new byte[0x10];
    
                        using (var itc = rm.CreateDecryptor())
                        {
                            result = itc.TransformFinalBlock(data, 0, data.Length);
                        }
                    }
                    return result;
                }
                catch (CryptographicException e)
                {
                    Console.WriteLine("A Cryptographic error occurred: {0}", e.Message);
                    return null;
                }
            }
    
            static byte[] string2array(string data)
            {
                string trimmed = data.Trim();
    
                byte[] result = new byte[trimmed.Length / 2];
    
                for (int i = 0; i < (trimmed.Length / 2); i++)
                {
                    result[i] = byte.Parse(trimmed.Substring(i * 2, 2), System.Globalization.NumberStyles.HexNumber);
                }
    
                return result;
            }
    
            static string array2string(byte[] data)
            {
                string result = "";
    
                for (int i = 0; i < data.Length; i++)
                {
                    result += string.Format("{0:X2}", data[i]);
                }
    
                return result;
            }
        }
    }
    
     
    TAUSENN, cearp and Gnarmagon like this.
  21. Ooka

    Ooka Member

    Newcomer
    2
    Sep 12, 2014
    United States
    It's a shame, you worked really hard to create a product and so many people give you crap about it.

    If people don't realize there is a chance they could be banned with this tool, they shouldn't be using CFW. Same goes for literally anything else relating to CFW.

    Keep up the work man, hope you're learning a lot by building these tools as well!
     
  22. softwareengineer

    softwareengineer Advanced Member

    Newcomer
    2
    Apr 17, 2018
    United States
    Why not? It can be fine, you just forgot or didn't know to do something. No not a wait for 5 seconds.

    Anytime you block a thread while checking something in a loop and keep waiting on it, you don't need to hog the cpu. Instead sleep the thread (so it doesn't hog the cpu yet is still just or even more effective [since it's not slowing things down])
    I'm not sure what it is in vb but I just looked it up and it seems to be the same the standard windows thread sleep.
    ->https://msdn.microsoft.com/en-us/li...aspx?cs-save-lang=1&cs-lang=vb#code-snippet-1

    I think you could just:
    Code:
    Imports System.Threading
    //...
    //...
    CheckCMNT:
    Thread.Sleep(10) //put it here
    If Exists-blahblah
    //...
    Else
       Thread.Sleep(10) //Or here (before or after the check you do(If Exists), but still within the blocking loop)
       GoTo CheckCMNT
    End If
    
    Having some kind of sleep in there (even minimal like above 10msec) should solve the cpu hogging and too much usage problem. Other ones are still there though :)

    Well we would, but since you presented it we're trying to help you fix yours!

    It's just meant for downloading backups of purchased eshop games right? Basically since your console has to play them it has to be able to download them. So you just use the endpoints like a switch device would to get the file. Kinda like the idea where if a video site has to share a video, whatever drm might be in place ultimately they cant stop you writing it to disk if determined enough since they have to send you the data anyway.

    Anyway good to see you did set the User-Agent from the advice of SciresM->
    Code:
    GetNCA.Headers.Set("User-Agent", "NintendoSDK Firmware/5.0.2-0 (platform:NX; did:" + DID + "; eid:lp1)")
    It seems like it would be correct, idk ScriesM has he got it right yet? :)

    But Always remember whatever requests you are doing to whatever servers first, ALWAYS masquerade as the client or a client that it expects or you're making your requests stand out from 'normal' ones and kind of giving it away that you're custom clienting! So yea maybe wasn't a big deal at first at least in this particular case, but it's important to have that right!
     
    Last edited by softwareengineer, May 16, 2018
    SimonMKWii likes this.
Loading...