ACNH: where does the username and password come from?

[ioistired]

https://github.com/Kinnay/NintendoClients/wiki/AC:NH-Server#post-apiv1auth_token

Where does the switch store this information? It would be handy to be able to retrieve it without performing a man-in-the-middle attack.

[kinnay]

Probably somewhere in your AC:NH save file.

[ioistired]

I asked about it in reswitched. I was told it's unlikely to be there as N wouldn't do that in userspace. Indeed there is no reference to the string /api/v1/auth_token in the binary, so it's likely handled somewhere else.

[kinnay]

That's not true. The AC:NH client is implement in the game itself (in user space). The server is only used by a single game after all. It wouldn't make sense to implement it elsewhere.

It's possible that the game uses a system library to store the username and password elsewhere, but I kind of doubt that.

[ioistired]

Oh I see. I guess I missed that in my Ghidra run. I thought it was possible it was handled elsewhere because maybe the token system was the same for multiple games but I guess not. Can you tell where it's loading that from?

[ioistired]

What version of the binary do you have in that screenshot? I went to 0x7102324E44 and it's not even marked as code.

[kinnay]

It's from v6 (or v393216).

[ioistired]

Tried grepping for my password in my save file decrypted by https://github.com/3096/effective-guacamole. No dice. Maybe it's obfuscated somehow.

[kinnay]

Weird. I can't find it in my save file either. I still think it's somewhere in the save file though. I tried to figure it out from the code, but reverse engineering takes a long time because there are no debug symbols.

[kinnay]

Found it! I was looking in the wrong file. It should be in VillagerX/personal.dat. In my save file the user id is at offset 0x6B838 and the password is at 0x6B840.