Module: `nintendo.nex.kerberos`

Provides classes for Kerberos authentication. For details, click here.

class KeyDerivationOld
Implements the old key derivation method (used by 3DS and Wii U servers).

class KeyDerivationNew
Implements the new key derivation method (used by Switch servers).

class KerberosEncryption
Implements Kerberos encryption (RC4 + HMAC).

class ClientTicket
The Kerberos ticket that's visible to the client.

class ServerTicket
The internal part of the Kerberos ticket that's only visible to the server.

class Credentials
Holds information that's required to log in on a secure server.

KeyDerivationOld

def __init__(base_count: int = 65000, pid_count: int = 1024)
Creates a new key derivation instance.

def derive_key(password: bytes, pid: int) -> bytes
Derives the Kerberos key from the given password and user id.

KeyDerivationNew

def __init__(base_count: int = 1, pid_count: int = 1)
Creates a new key derivation instance.

def derive_key(password: bytes, pid: int) -> bytes
Derives the Kerberos key from the given password and user id.

KerberosEncryption

def __init__(key: bytes)
Creates a KerberosEncryption instance.

def check(data: bytes) -> bool
Checks the HMAC. Returns True if it is correct.

def decrypt(data: bytes) -> bytes
Checks the HMAC and decrypts the given data. Raises ValueError if the HMAC is incorrect.

def encrypt(data: bytes) -> bytes
Encrypts the given data and adds a HMAC.

ClientTicket

session_key: bytes = None
The session key of the ticket.
target: int = None
The target user id of the ticket.
internal: bytes = None
The internal ticket data that can only be decrypted by the target user.

def __init__()
Creates a new ClientTicket instance. The attributes must be filled in manually.

def encrypt(key: bytes, settings: Settings) -> bytes
Encodes the ticket and encrypts it with the given Kerberos key.

@classmethod
def decrypt(data: bytes, key: bytes, settings: Settings) -> ClientTicket
Decrypts data with the given Kerberos key and parses the ticket.

ServerTicket

timestamp: DateTime = None
Time at which the ticket was issued.
source: int = None
The source user id of the ticket.
session_key: bytes = None
The session key of the ticket.

def __init__()
Creates a new ServerTicket instance. The attributes must be filled in manually.

def encrypt(key: bytes, settings: Settings) -> bytes
Encodes the ticket and encrypts it with the given Kerberos key.

@classmethod
def decrypt(data: bytes, key: bytes, settings: Settings) -> ServerTicket
Decrypts data with the given Kerberos key and parses the ticket.

Credentials

ticket: ClientTicket
The ticket received from the authentication server.
pid: int
The source user id of the ticket.
cid: int
The connection id.

def __init__(ticket: ClientTicket, pid: int, cid: int)
Creates a new Credentials object from the given ticket, user id and connection id.

Module: nintendo.nex.kerberos