Skip to content

Authentication Notes

Jump to bottom
james edited this page Aug 27, 2016 · 10 revisions

Recently we made a patched version of Flipnote Studio 3D (the EU version), which can be pointed to more or less any URL that we choose.

At the time of writing we simply changed https:// to http:// in an attempt to force authentication with the usual server over plaintext. This fails, however, since it seems that Nintendo's server won't respond to non-SSL requests.

The initial request from the console does highlight some interesting things, though. Once we know more we'll be adding to this.

Flipnote Gallery World

(aka "Nintendo DSi Library" outside of Japan)

User Auth

Initial connection to the FGW server:

Header Notes
Ugm-Token Likely to be an NNID auth token(?)
Ugm-ID User's Flipnote Studio ID in HEX
Ugm-ShopID Blank, perhaps because the app wasn't released on the EU/US eShop?
Ugm-MAC Console MAC address in HEX
Ugm-Region Region ID, values here
Ugm-Language 1 = English, not sure about other values
Ugm-Country Country ID, 110 = UK, not sure about other values
Ugm-Time Console time, format YYYY/MM/DD hh:mm:ss

The rest of the header (at least, I think it's the header, I can't really tell where it ends from the dump I'm looking at) is more or less the same as this:

Content-Type: multipart/form-data; boundary=t9Sf4yfjf1RtvDu3AA
Transfer-Encoding: chunked

96
--t9Sf4yfjf1RtvDu3AA
Content-Disposition: form-data; name="miiName"
Content-Type: application/octet-stream
Content-Transfer-Encoding: binary



422
--t9Sf4yfjf1RtvDu3AA
Content-Disposition: form-data; name="miiImage"
Content-Type: application/octet-stream
Content-Transfer-Encoding: binary

GIF89a@@á!˘,@@iH∞†¡É*\»∞°√á#JúH±¢≈ã3j‹»±£«è CäI≤§…ì(S™\…≤•Àó0c úI≥¶Õõ8sÍ‹…≥ßœü@É
J¥®—£Hì*] ¥©”ßP£JùJµ™’´X≥j;

18
--t9Sf4yfjf1RtvDu3AA--

0

There's two interesting things to note about this:

  • miiName has no content whatsoever, it's blank.
  • miiImage is a completely transparent 64x64 GIF image.

We assume that these were either patched out for the EU and US releases, or they're simply placeholders because we need to fully connect to the server first. We don't know for now.

Notes

Custom HTTP headers

The app uses several custom HTTP headers, some of them haven't been seen in use yet, however they exist in the ROM:

Header Usage
Ugm-SessionID Unique session ID, probably issued by the server
Ugm-Version Flipnote Studio 3D version; latest JPN version is 1.3.1
Ugm-ShopID Unsure
Ugm-Time Console time
Ugm-ChallengeBlob Auth challenge sent from the server?
Ugm-Token Auth token response?
Ugm-Region Region ID
Ugm-Language Language ID
Ugm-Country Country ID
Ugm-ID User's Flipnote Studio ID
Ugm-MAC Console MAC address

Region ID Values

number region
0 Japan
1 America
2 Europe

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Formats

.kwz (Flipnote format)

.kwpcf (Precache format)

.lst (Playlist format)

Web client

Meta tag usage

Top Screen HTML

Bottom Screen HTML

Special Attribute Values

HTML notes

Authentication notes

Clone this wiki locally