SpotPass
SpotPass is a Nintendo Wii U feature that has the same purpose as on the Nintendo 3DS. It downloads automatically content.
Content Container
SpotPass content must use this container. Unlike the Nintendo 3DS the format is much smaller and doesn't include RSA signatures probably because they figured out the whole communication is already encrypted with HTTPS. The byte order is Big Endian. The parsing of the BOSS header is done in the ELF of the fw.img in the IOS-NIM-BOSS segment and begins at around address 0xE20D62B8.
BOSS Header
| Offset | Length | Description |
|---|---|---|
| 0x0 | 0x4 | Magic Number "boss" |
| 0x4 | 0x4 | Magic Number 0x20001 |
| 0x8 | 0x2 | Must be 0x0001 |
| 0xA | 0x2 | Must be 0x0002 |
| 0xC | 0xC | First 12 bytes of the Initialization Vector (IV) |
| 0x18 | 0x8 | Padding |
Payload
The rest of the container is the payload. It is encrypted with AES-CTR. The first 12 bytes of the IV are from the header at offset 0xC. The last 4 missing bytes are always an integer in big endian of 1 (0x00, 0x00, 0x00, 0x01). The key that is used is the one in key slot 0x1F
| Offset | Length | Description |
|---|---|---|
| 0x0 | 0x20 | SHA-256 HMAC of the remaining payload |
| 0x20 | Actual/Remaining payload. The content that gets written to the file system. |
The first 32 bytes of the decrypted payload are the SHA-256 HMAC of the remaining payload. The key that is used is stored in key slot 0x20