#117309 - scknight - Sat Feb 03, 2007 7:14 pm
I was wondering if anyone had done any work at reversing the protocols for the nintendo wi-fi connection. I'm not even sure if this is an appropriate place to ask or appropriate question to ask. So far I've sniffed some packets and figured out that after the ds grabs an ip it does some setup with nintendos servers over http and https and then continues on to do udp packets for all the game stuff. Has anyone else delved into this? I've also found some code shared in all wifi internet games that looks promising for reversing in order to understand what's really going on. Any thoughts?
#117333 - HyperHacker - Sat Feb 03, 2007 10:55 pm
The SSL portion is most likely going to be a problem. Just what are you trying to do?
_________________
I'm a PSP hacker now, but I still <3 DS.
#117338 - scknight - Sat Feb 03, 2007 11:18 pm
| HyperHacker wrote: |
| The SSL portion is most likely going to be a problem. Just what are you trying to do? |
Obviosuly I can't decrypt the ssl packets but with the actual shared code I've found I should be able to find out whats actually being sent. I don't have any specific goals, reverse engineering is just an interest of mine. I think overall it would be interesting to code your own client that you could run on your pc
#118010 - scknight - Fri Feb 09, 2007 2:22 am
So I've been looking into this a bit more. I'm still trying to figure out what the wifi games are sending over ssl. What I know is that after testing the internet connection after getting the dhcp ip address all the games resolve nas.nintendowifi.net and then do some ssl https stuff. So I had this idea that I could probally figure out what the ds was requesting by setting up my own fake nas.nintendowifi.net server. So I installed apache on a machine at home and set up the ssl part. Then I installed a dns server on my local network and pointed nas.nintendowifi.net to my own web server. The ds now however never gets passed the handshake to make a request. I think it doesn't like the server cert. I wouldn't have thought the ds woul actually check the fingerprint of the cert because eventually it will expire and then games would stop working. I'm thinking the difference is the official nas.nintendowifi.net cert is issued by 'Nintendo CA' and my fake cert is just issued by my own server. Does anyone else have any ideas. I'm pretty sure if I can get the DS to like my cert I'll be able to see what it's requesting of the server and figure out the authentication stuff. Ultimately I'd like to try to figure out a way to see if your friends are online so you don't always have to sit at the wfc friend match screen in games
#118111 - HyperHacker - Sat Feb 10, 2007 5:55 am
For now, you could use Action Replay or a custom loader to patch the game in memory, removing the certificate check. That'd allow you to continue working on it now and figure out how to get unpatched games working later.
_________________
I'm a PSP hacker now, but I still <3 DS.
#118155 - Lynx - Sat Feb 10, 2007 3:26 pm
Or would at least let you know if it's a cert issue or just a handshake issue.
_________________
NDS Homebrew Roms & Reviews
#118219 - scknight - Sun Feb 11, 2007 3:54 am
It's definately a cert issue. Seems odd to me that they'd hard code a cert check since they expire but the cert is a 10 year cert so I guess we know one thing. The online ds games for sure won't be around in 10 years. But I guess that makes sense. Hopefully by then we'd be able to make our own servers and modify the games to look for them.
I think I'm gonna have to find where it's performing the cert check and disable it so I can continue. What's weird to me is that it only briefly talks to nas.nintendowifi.net over ssl and then everything else is in plaintext. Including the challenge response for logging in. So my best guess is that the ssl conversation has something to do with properly encrypting/decrypting the challenge response stuff. I'll keep you guys updated with what I find out.