Hacking RELEASE HACDN v3 - Safely download your Switch eShop purchases on your PC

Which is the better Switch game?


  • Total voters
    119

SimonMKWii

Professional Idiot
OP
Member
Joined
Nov 18, 2017
Messages
666
Trophies
0
Location
Melbourne, Victoria
XP
2,760
Country
Australia
What bait ?
tbh he says the truth ;)
I mean did you look into your Thread that you linked above ?
the source code has 2 undefined variables and is an unfinished mess, I mean 3 FILES !!!
there is no structure in the source code at least in the python3 code (I am not even looking in the C# Code)
and tool above crashed after several seconds and it uses 15% of my CPU for a download ? WHY ???
What the hell are you looking at?
There's no python or C# code, lol.
 
  • Like
Reactions: zeveroth

GerbilSoft

Well-Known Member
Member
Joined
Mar 8, 2012
Messages
2,395
Trophies
2
Age
34
XP
4,249
Country
United States
and tool above crashed after several seconds and it uses 15% of my CPU for a download ? WHY ???
Here's why: https://github.com/simonmkwii/HACDN/blob/master/HACDN/MainInterface.vb#L89
Code:
Process.Start("hactool.exe", " -k keys.txt " + VER + " --section0dir=CNMT")
CheckCMNT:
If Exists("CNMT/Application_" + TID + ".cnmt") Then
    Dim OpenCNMT As New System.IO.BinaryReader(File.Open("CNMT/Application_" + TID + ".cnmt", FileMode.Open))
    Dim NCAID As String = ByteArrayToString(OpenCNMT.ReadBytes(194)).Substring(160, 32)
    Dim NCAURL As String = "https://atum.hac.lp1.d4c.nintendo.net/c/c/" + NCAID
    Dim GetNCA As New WebClient2
    GetNCA.ClientCertificates.Add(ClientCert)
    GetNCA.Headers.Set("User-Agent", "NintendoSDK Firmware/5.0.2-0 (platform:NX; did:" + DID + "; eid:lp1)")
    Dim Adr As New Uri(NCAURL)
    System.IO.Directory.CreateDirectory("Games/" + TID)
    AddHandler GetNCA.DownloadProgressChanged, AddressOf Client_ProgressChanged
    GetNCA.DownloadFileTaskAsync(Adr, ("Games/" + TID + "/" + NCAID + ".nca"))
    Delete(VER)
Else
    GoTo CheckCMNT
End If
It's a busy-waiting loop waiting for hactool to extract the CNMT section. This loop will peg its CPU core/thread at 100% until hactool finishes.
 
  • Like
Reactions: DarthDub

SimonMKWii

Professional Idiot
OP
Member
Joined
Nov 18, 2017
Messages
666
Trophies
0
Location
Melbourne, Victoria
XP
2,760
Country
Australia
Here's why: https://github.com/simonmkwii/HACDN/blob/master/HACDN/MainInterface.vb#L89
Code:
Process.Start("hactool.exe", " -k keys.txt " + VER + " --section0dir=CNMT")
CheckCMNT:
If Exists("CNMT/Application_" + TID + ".cnmt") Then
    Dim OpenCNMT As New System.IO.BinaryReader(File.Open("CNMT/Application_" + TID + ".cnmt", FileMode.Open))
    Dim NCAID As String = ByteArrayToString(OpenCNMT.ReadBytes(194)).Substring(160, 32)
    Dim NCAURL As String = "https://atum.hac.lp1.d4c.nintendo.net/c/c/" + NCAID
    Dim GetNCA As New WebClient2
    GetNCA.ClientCertificates.Add(ClientCert)
    GetNCA.Headers.Set("User-Agent", "NintendoSDK Firmware/5.0.2-0 (platform:NX; did:" + DID + "; eid:lp1)")
    Dim Adr As New Uri(NCAURL)
    System.IO.Directory.CreateDirectory("Games/" + TID)
    AddHandler GetNCA.DownloadProgressChanged, AddressOf Client_ProgressChanged
    GetNCA.DownloadFileTaskAsync(Adr, ("Games/" + TID + "/" + NCAID + ".nca"))
    Delete(VER)
Else
    GoTo CheckCMNT
End If
It's a busy-waiting loop waiting for hactool to extract the CNMT section. This loop will peg its CPU core/thread at 100% until hactool finishes.
Yeah, it wasn't exactly the smartest decision...
I should have kept the "wait for 5 seconds" thing instead.
 

Frexxos

Well-Known Member
Member
Joined
Apr 27, 2015
Messages
428
Trophies
0
Age
43
XP
2,452
Country
Germany
@SimonMKWii
just remove this sentence:
  • Guaranteed at least 50% more safe than HACDN v2, but still, use at your own risk, I can't guarantee 100% safety.

and change it to something like that:
Use this at your own risk! Absolute NO guarantee for anaything. They're actually no signs of a ban / or action from nintendo. Actually there is no 100% way to say what Nintendo know or will know when you use this tool

I say that because I really like the effort you do to this project and all the development. But I already can smell the big Shitstorm which is coming again for this tool and thread....
Just change it and after that everyone have to know by itself if someone should use or not use the tool.
 

cearp

瓜老外
Developer
Joined
May 26, 2008
Messages
8,719
Trophies
2
XP
8,466
Country
Tuvalu
you used visual basic for fun...? :blink:
i only use it if it's some office vba macro - and it's not fun!

either way, nice to share something.
 

Gnarmagon

Noob <3
Member
Joined
Dec 12, 2016
Messages
647
Trophies
0
Age
22
XP
794
Country
Germany
What the hell are you looking at?
There's no python or C# code, lol.
oh even worse it's visual basic O.O

and the Python Code I am talking about:
tBZrhq8.png
 

SimonMKWii

Professional Idiot
OP
Member
Joined
Nov 18, 2017
Messages
666
Trophies
0
Location
Melbourne, Victoria
XP
2,760
Country
Australia
oh even worse it's visual basic O.O

and the Python Code I am talking about:
tBZrhq8.png
"oh even worse it's visual basic O.O" - Okay, well how about you hurry up and make one in C, come on then! Chop-chop!
If mine is so bad because it's done in VB, make one yourself using a different language.
 

SimonMKWii

Professional Idiot
OP
Member
Joined
Nov 18, 2017
Messages
666
Trophies
0
Location
Melbourne, Victoria
XP
2,760
Country
Australia
@SimonMKWii... What's the difference between "eticket_ssl_rpk" and "ssl_rsa_kek"?
The eticket kek is used to decrypt tickets, and is generated from the RSA-OAEP usecase, while the ssl kek is used to decrypt the SSL private key used for the TLS handshake, and is generated from the RSA private usecase.
 

TiMeBoMb4u2

Well-Known Member
Member
Joined
Oct 25, 2008
Messages
1,550
Trophies
0
Location
Hyrule
XP
1,198
Country
United States
The eticket kek is used to decrypt tickets, and is generated from the RSA-OAEP usecase, while the ssl kek is used to decrypt the SSL private key used for the TLS handshake, and is generated from the RSA private usecase.
Uh... I didn't say "eticket kek". I said "eticket_ssl_rpk".
 

aslk

Well-Known Member
Newcomer
Joined
Oct 30, 2013
Messages
46
Trophies
0
Age
31
XP
356
Country
Canada
so am I expected to dig through your source and figure out how to make a keys.txt?
 

Falo

Well-Known Member
Member
Joined
Jul 22, 2012
Messages
680
Trophies
2
XP
2,627
Country
Germany
"oh even worse it's visual basic O.O" - Okay, well how about you hurry up and make one in C, come on then! Chop-chop!
If mine is so bad because it's done in VB, make one yourself using a different language.

Here pure C# code of that python script, the user would only need to run the final exe (on Windows 7-10), no python dependencys...
The only thing missing is a way to load the keys from an external file, i wrote this in 5 min...
I could also write the whole tool in C# and make it public, but i don't want to make such a dangerous tool...

Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Cryptography;

namespace GenerateSslKey
{
    class Program
    {
        static byte[] MasterKey_00 = string2array("C2CA...");
        static byte[] ssl_kek_source = string2array("7F5B...");
        static byte[] ssl_kek_generation_source = string2array("EF2C...");
        static byte[] ssl_key_generation_source = string2array("9A38...");

        static void Main(string[] args)
        {
            byte[] kek_Key = new byte[16];

            kek_Key = GenerateAesKek(ssl_kek_source, MasterKey_00, ssl_kek_generation_source, ssl_key_generation_source);

            Console.WriteLine("Generated key: " + array2string(kek_Key));
            Console.WriteLine("Should be: 'B011...'");

            Console.WriteLine("Press any key to exit...");
            Console.ReadKey();
        }


        static byte[] GenerateAesKek(byte[] seed, byte[] MasterKey, byte[] key_x, byte[] key_y = null)
        {
            byte[] key_x_copy = new byte[16], seed_copy = new byte[16], key_y_copy = new byte[16];

            //decrypt key_x
            key_x.CopyTo(key_x_copy, 0);
            key_x_copy = aes_128_ecb_dec(MasterKey, key_x_copy);

            //decrypt seed
            seed.CopyTo(seed_copy, 0);
            seed_copy = aes_128_ecb_dec(key_x_copy, seed_copy);

            //decrypt key_y or use the decrypted seed
            if (key_y != null)
            {
                key_y.CopyTo(key_y_copy, 0);
                key_y_copy = aes_128_ecb_dec(seed_copy, key_y_copy);
            }
            else
            {
                seed_copy.CopyTo(key_y_copy, 0);
            }

            return key_y_copy;
        }

        static byte[] aes_128_ecb_dec(byte[] key, byte[] data)
        {
            byte[] result = new byte[data.Length];

            try
            {
                using (var rm = new RijndaelManaged())
                {
                    rm.Mode = CipherMode.ECB;
                    rm.Padding = PaddingMode.None;
                    rm.KeySize = 128;
                    rm.BlockSize = 128;
                    rm.Key = key;
                    rm.IV = new byte[0x10];

                    using (var itc = rm.CreateDecryptor())
                    {
                        result = itc.TransformFinalBlock(data, 0, data.Length);
                    }
                }
                return result;
            }
            catch (CryptographicException e)
            {
                Console.WriteLine("A Cryptographic error occurred: {0}", e.Message);
                return null;
            }
        }

        static byte[] string2array(string data)
        {
            string trimmed = data.Trim();

            byte[] result = new byte[trimmed.Length / 2];

            for (int i = 0; i < (trimmed.Length / 2); i++)
            {
                result[i] = byte.Parse(trimmed.Substring(i * 2, 2), System.Globalization.NumberStyles.HexNumber);
            }

            return result;
        }

        static string array2string(byte[] data)
        {
            string result = "";

            for (int i = 0; i < data.Length; i++)
            {
                result += string.Format("{0:X2}", data[i]);
            }

            return result;
        }
    }
}
 

Ooka

Active Member
Newcomer
Joined
Sep 12, 2014
Messages
30
Trophies
0
Age
31
XP
212
Country
United States
It's a shame, you worked really hard to create a product and so many people give you crap about it.

If people don't realize there is a chance they could be banned with this tool, they shouldn't be using CFW. Same goes for literally anything else relating to CFW.

Keep up the work man, hope you're learning a lot by building these tools as well!
 

softwareengineer

Well-Known Member
Newcomer
Joined
Apr 17, 2018
Messages
75
Trophies
0
Age
38
XP
207
Country
United States
Yeah, it wasn't exactly the smartest decision...
I should have kept the "wait for 5 seconds" thing instead.
Why not? It can be fine, you just forgot or didn't know to do something. No not a wait for 5 seconds.

Anytime you block a thread while checking something in a loop and keep waiting on it, you don't need to hog the cpu. Instead sleep the thread (so it doesn't hog the cpu yet is still just or even more effective [since it's not slowing things down])
I'm not sure what it is in vb but I just looked it up and it seems to be the same the standard windows thread sleep.
->https://msdn.microsoft.com/en-us/li...aspx?cs-save-lang=1&cs-lang=vb#code-snippet-1

I think you could just:
Code:
Imports System.Threading
//...
//...
CheckCMNT:
Thread.Sleep(10) //put it here
If Exists-blahblah
//...
Else
   Thread.Sleep(10) //Or here (before or after the check you do(If Exists), but still within the blocking loop)
   GoTo CheckCMNT
End If

Having some kind of sleep in there (even minimal like above 10msec) should solve the cpu hogging and too much usage problem. Other ones are still there though :)

Okay, well how about you hurry up and make one in C, come on then! Chop-chop!
Well we would, but since you presented it we're trying to help you fix yours!

It's just meant for downloading backups of purchased eshop games right? Basically since your console has to play them it has to be able to download them. So you just use the endpoints like a switch device would to get the file. Kinda like the idea where if a video site has to share a video, whatever drm might be in place ultimately they cant stop you writing it to disk if determined enough since they have to send you the data anyway.

Anyway good to see you did set the User-Agent from the advice of SciresM->
Code:
GetNCA.Headers.Set("User-Agent", "NintendoSDK Firmware/5.0.2-0 (platform:NX; did:" + DID + "; eid:lp1)")

It seems like it would be correct, idk ScriesM has he got it right yet? :)

But Always remember whatever requests you are doing to whatever servers first, ALWAYS masquerade as the client or a client that it expects or you're making your requests stand out from 'normal' ones and kind of giving it away that you're custom clienting! So yea maybe wasn't a big deal at first at least in this particular case, but it's important to have that right!
 
Last edited by softwareengineer,
  • Like
Reactions: SimonMKWii

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
  • Sicklyboy @ Sicklyboy:
    maaaaan that's so awesome but I also don't want to fork over a hundo for it
  • Veho @ Veho:
    The fuuuuu---
  • Veho @ Veho:
    I thought it was an actual xBox at that price.
  • Sicklyboy @ Sicklyboy:
    I wanna grab a 360 Slim and a 360 E one of these days. Missed the boat of getting them at their lowest though, once they were discontinued. Could've got them for cheap back when I was a broke 20 something working at Target, but then again, I was a broke 20 something working at Target
  • Veho @ Veho:
    Being broke is no fun.
  • K3Nv2 @ K3Nv2:
    @Sicklyboy, $150 isn't that bad for a jtag slim on ebay
  • Veho @ Veho:
    I only wish it was actually playable.
  • Veho @ Veho:
    There's a guy on the Tube of You that makes playable mechanical arcade games out of Lego. This could work on the same principle.
  • Veho @ Veho:
    Just a couple of guys taking their manatee out for some fresh air, why you have to molest them?
  • Veho @ Veho:
    Stupid Chinese shop switched their shipping company and this one is slooooooow.
  • LeoTCK @ LeoTCK:
    STOP BUYING CHINESE CRAP THEN
  • LeoTCK @ LeoTCK:
    SUPPORT LOCAL PRODUCTS, MAKE REVOLUTION
  • LeoTCK @ LeoTCK:
    THEY KEEP REMOVING LOCAL SHIt AND REPLACING WItH INFERIOR CHINESE CRAP
  • LeoTCK @ LeoTCK:
    THATS WHY MY PARTNER CANT GET A GOOTWEAR HIS SIZE ANYMORE
  • LeoTCK @ LeoTCK:
    HE HAS BIG FOOT AND BIG DUCK
  • LeoTCK @ LeoTCK:
    d*ck i mean*
  • LeoTCK @ LeoTCK:
    lol
  • Veho @ Veho:
    Mkay.
  • Veho @ Veho:
    I just ordered another package from China just to spite you.
  • SylverReZ @ SylverReZ:
    Leo could not withstand communism.
  • SylverReZ @ SylverReZ:
    Its OUR products to begin with lol.
    SylverReZ @ SylverReZ: Its OUR products to begin with lol.