#118836 - kalibar - Sat Feb 17, 2007 7:43 am
I'll admit that I'm a bit paranoid about wireless security; the whole "you can crack WEP in two minutes" thing convinced me to bump my router up to WPA and to buy a cheap Nintendo USB WiFi Connector second-hand to continue getting my Tetris DS online fix. I'm not really sure where else to ask this, so I'm coming to you guys -- how bulletproof is the DS USB dongle to an attacker? I realize it's got some quirky DS-friendly interface, and I don't see it at all when I scan for networks with my XP SP2 laptop but I assume that someone who knows what they're doing would be able to see that shit just fine.
If the dongle were compromised, what is vulnerable? Just the traffic sent from my DS, my entire computer, my network, what? I guess I'd just like to know what I'm risking by using it.
Thanks so much!
_________________
Enamel Navy DS Lite || FlashMe v7 || SLOT-1: R4DS (Kernel: v1.06) w/ A-Data 1GB microSD || SLOT-2: G6 Lite 4Gb/512MB (Manager: v4.6D, Loader: v4.6C)
#118841 - OOPMan - Sat Feb 17, 2007 9:52 am
I don't think anyone is quite so paranoid as you, because I don't recall ever seeing a thread before on this topic :-)
Doesn't the WiFi dongle require that the host PC allow's requesting devices access?
As for not seeing it on wireless networks, hmmmm. I reckon it's possible that for dongle traffic the DS uses a custom header and so forth for the wireless packets that doesn't confirm to the standard 802.11b layout...
Or something...
I don't know, maybe someone else has more useful info on this?
_________________
"My boot, your face..." - Attributed to OOPMan, Emperor of Eroticon VI
You can find my NDS homebrew projects here...
#118845 - kalibar - Sat Feb 17, 2007 11:18 am
Yeah, it does come with a little cute and bubbly-ass Nintendo branded utility that lets you to allow devices to connect. Chances are that it wouldn't be any sort of target for an attacker since there's a good shot that other easy WEP targets are sitting around ripe for the picking.
Then again, I'm still curious just how much is actually at stake -- since it uses your PC's internet connection, would breaking into the dongle allow an attacker to see everything on the PC it's attached to?
I'm a bit surprised this hasn't been explored before. Am I the only one who picked up a dongle just so I could bump my router up to WPA?
Furthermore, does anyone know what channel the dongle broadcasts on? I've got mine positioned fairly near my router, and I'd hate to create anymore interference than is absolutely necessary.
_________________
Enamel Navy DS Lite || FlashMe v7 || SLOT-1: R4DS (Kernel: v1.06) w/ A-Data 1GB microSD || SLOT-2: G6 Lite 4Gb/512MB (Manager: v4.6D, Loader: v4.6C)
#118859 - Dan2552 - Sat Feb 17, 2007 4:39 pm
| kalibar wrote: |
Then again, I'm still curious just how much is actually at stake -- since it uses your PC's internet connection, would breaking into the dongle allow an attacker to see everything on the PC it's attached to?
|
Not unless you've setup your Windows to share all your drives
#118883 - Ryan FB - Sat Feb 17, 2007 8:14 pm
| OOPMan wrote: |
As for not seeing it on wireless networks, hmmmm. I reckon it's possible that for dongle traffic the DS uses a custom header and so forth for the wireless packets that doesn't confirm to the standard 802.11b layout...
|
Nope, you can definitely sniff the traffic using standard hardware and software (it just doesn't broadcast SSID, though the SSID is identifiable because it follows the format NWCUSBAP[bunchofnumbers]). From the cursory look I took at it a while back, I remember it as being standard WEP as well. I would guess that the "authentication" process where you authorize a DS for it just sets up a MAC filter. Since it also broadcasts your DS name (like "Ryan") in plain-text after you auth with it, it may use that for some additional authentication.
#118891 - Dood77 - Sat Feb 17, 2007 9:48 pm
in which case MAC-spoofing would be possible?
#118929 - caitsith2 - Sun Feb 18, 2007 8:59 am
That NWCUSBAP[bunchofnumbers] is actually "NWCUSBAP %05d%05d%05d%05d". The 4 numbers are 15 bit numbers, ranging from 0 to 0x7FFF, and are generated psuedorandomly from the system time.
There must be some non standard protocol that nintendo uses to query for the existence of the AP, then gets the current SSID transmitted to it. It may even be possible that only the SSID has to be transmitted, then the DS generates the correct WEP key from that ID.
Your own ds nickname does not matter when it comes to playing online, just the mac address does, so mac spoofing should be possible.