docs/templates/pages/sega/network/~auth.md
2023-03-28 02:03:18 +01:00

12 KiB

ALL.Net Authentication

The ALL.Net authentication service is divided into four primary categories. They are ordered in decreasing importance on this page.

This entire service is HTTP-only!

Auth API

These four endpoints handle the primary functions of the ALL.Net authentication service. Requests and responses are sent as a url-encoded query-value string.

Some endpoints make use of a mildly obfuscated version of this. When the Pragma: DFI header is present for a request or response, it indicates that the content is a base64 encoded, deflated, version of its real value. If a request was made with Pragma: DFI, the response will be too.

All responses have the Content-Type of text/plain; charset=%s, where the charset is EUC-JP if unspecified in the request body.

Requests can be made using both the GET and POST verbs, and function identically.

/sys/servlet/PowerOn

All requests to this endpoint MUST be DFI-encoded. The request is as follows:

Name Required Default Meaning
game_id Yes The four-digit game ID
ver Yes The game version
serial Yes The keychip serial number
ip Yes The tenpo router IP address (%d.%d.%d.%d)
firm_ver Yes The ALL.Net library version (a semantic version, formatted as %01d%02d%02d)
boot_ver Yes Unknown. Just pass 0000. (%02X%02X)
encode EUC-JP Request encoding. "EUC-JP", "Shift_JIS" and "UTF-8" are common, but be prepared to handle more.
format_ver 1.00 Request format version. Parsed as a float, however "1.00", "2.00" and "3" are the only values that should be observed.
hops -1
token Added in format 3, this value is echoed in the response.

Observed values for firm_ver are listed below, however other versions likely exist:

  • 0.01.00
  • 0.02.00
  • 2.00.07
  • 2.00.08
  • 2.01.02
  • 3.00.00
  • 3.00.01
  • 3.00.02
  • 3.00.03
  • 3.00.04
  • 3.00.05
  • 3.00.09
  • 5.00.00
  • 6.00.00

The server should then use the provided information to authenticate the machine as it sees fit, and will then return the information required for use of ALL.Net services. The response structure varies depending on the format version in use.

Name Required Default Version added Final version present Meaning
stat Yes Success: 1, Game failure: -1, Machine failure: -2, Location failure: -3
uri Yes empty Title server URI1. Will be empty if stat<=0
host Yes empty Title server hostname1. Will be empty if stat<=0
place_id ALL.Net location ID
name ALL.Net location name
nickname ALL.Net location nickname
region0 Yes 0 Region information.
region_name0 Yes empty
region_name1 Yes empty
region_name2 Yes empty
region_name3 Yes empty ^
country 2 ALL.Net 3-character country code
allnet_id 3
client_timezone Yes empty 3 Example +0900
utc_time Yes 3 yyyy-MM-dd'T'HH:mm:ss'Z'
res_ver Yes 3 Will always be the literal 3
token Yes 3 The token from the request
year Yes 2 Current time
month Yes 2
day Yes 2
hour Yes 2
minute Yes 2 ^
timezone Yes 2 2 Will always be the literal +09:00
res_class Yes 2 2 Will always be the literal PowerOnResponseVer2
setting Yes Machine setting. 1 indicates the machine is OK, and should always be set.
  1. The hostname (if) present in uri is used for name resolution. The value in host is passed to the title server in the Host header, and can be utilised as an extra authentication step.

/sys/servlet/Alive

There is no request for this endpoint. The response is the two bytes OK (that is, Content-Length: 2).

/sys/servlet/DownloadOrder

All requests to this endpoint MAY be DFI-encoded. The request is as follows:

Name Required Default Meaning
game_id Yes The four-digit game ID
ver Yes The game version
serial Yes The keychip serial number
ip Yes The tenpo router IP address (%d.%d.%d.%d)
encode Request encoding. "EUC-JP", "Shift_JIS" and "UTF-8" are common, but be prepared to handle more.

The response is:

Name Required Default Meaning
stat Yes Machine setting
serial 1 ,-seperated list of the serial numbers of machines in the same store with the same game and machine group IDs.
uri Yes1 null Download order URI(s)
  1. Omitted if stat is not 1.

uri can contain both an app download order url, and an option image download order url. The two are concatinated, with the option image having | prefixed. That is, if only an option image is available, this will take the obscure-looking value of |https://url.to/opt.

/sys/servlet/LoaderStateRecorder

All requests to this endpoint MUST NOT be DFI-encoded. The request is as follows:

Name Required Meaning
serial Yes The keychip serial number
dvd Yes
net Yes
work Yes
old_net Yes
deliver Yes
nb_ftd Yes Number of files to download
nb_dld Yes Number of files downloaded
last_sysa Yes Last authentication unix timestamp
sysa_st Yes Last authentication state
dld_st Yes Download state

The response is either OK if the request was formatted correctly, otherwise NG.

Report API

Used to report download status for an ongoing network-based game delivery, this category contains just a single endpoint.

/sys/servlet/Report

Title API

These legacy endpoints are used to request title-specific information. I've not seen any games use these, and they're a low priority for documentation.

/sys/servlet/GetMachineList

/sys/servlet/GetPlaceList

/sys/servlet/GetRegionList

/sys/servlet/MachineTable

/sys/servlet/PlaceRegionTable

/sys/servlet/PlaceRegionTableAll

Admin API

These endpoints are used for ALL.Net system administration and are not of interest. Their endpoints are recorded here for prosperity. Custom network authors should consider implementing their own administration functionality however best suits their architecture.

/sys/servlet/AdminRegister

/sys/servlet/AdminView