Jump to content

Wondercard Distribution


Recommended Posts

  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

It is protected with SSL/TLS. Here's a couple theories I had on how it could be done: http://projectpokemon.org/forums/showthread.php?780-GTS-website-research&p=82435&viewfull=1#post82435.

I was actually planning to start work on a client (doesn't require hacking like a server would) but there are no events up for download right now on any of the servers. Horrible luck considering there was one going on for B/W until two days ago. Guess I could still get the framework in place but it won't be ready until I can observe a full transaction.

Link to comment
Share on other sites

I was talking about a program that acts like it was the Wi-Fi server distributing the wondercards or a distribution ROM to send them directly to the DS, but a program like that would be really good for getting pure, unmodified .pcd and .pgt files to add to the Event Collection thread. Again, I would love to try it out during development so it works in other countries, not just the U.S.

Link to comment
Share on other sites

As we said, making a distribution server would be very difficult.

Poryhack is talking about making a client, which would be easier because you can extract the games' certificates from the ROMs.

But of course, it wouldn't be able to send WonderCards; only receive them.

Link to comment
Share on other sites

Was there a link posted in Guested's post and then taken off for some reason?

I think we're all confuzzled now.

It would be great to have something like this to download things like the Enigma Stone and pokewalker paths and so on. I had a friend of mine lose her Pokemon Silver and I think that'd be the only solution that would be acceptable to her, to get the stuff back that she lost.

Link to comment
Share on other sites

If you have a means to edit her save file you'd be better off going that route.

I didn't realize before that before I can make any progress on a client or server I need to see one unencrypted transaction. I have a few ideas on how to go about that but it'll be a much bigger task then I thought to write a client.

EDIT: Decided to elaborate for the aid of my own memory as well as the public record.

Option 1 is to cut straight to the chase and try to make a functioning server with the methods (most likely #2) described here. Obviously if we have a functioning server we can see what the DS is requesting and use that information to complete the server and additionally make a client.

Option 2 is to set up a SSL man in the middle (MITM) to view the plaintext traffic. I have my doubts about this one because the obvious choice of validation on the DS end is to check that the server's certificate is signed by Nintendo CA, in which case we're pretty much SOL because while we can spoof all the fields of a certificate to their normal value we can only sign it with our own private key. If for some stupid reason they're just doing field-checking it might work. - Confirmed that this won't work. 12/21

Option 3 is a guaranteed success but requires another whole skillset to pull off. In this scenario we directly modify a client ROM through assembly hacking to neuter the encryption functions, leaving the all-important outgoing messages open to our perusal. Alternatively we could try to eavesdrop on the messages in RAM before they're encrypted but this seems like significantly more work.

Edited by Poryhack
Link to comment
Share on other sites

After much fiddling with openssl I've got some goodies.

This is a certificate and private key pair that can potentially be used in a MITM attack:

http://dl.dropbox.com/u/258536/fakecert.cer

http://dl.dropbox.com/u/258536/fakepk.pem

And here's the real certificate for reference:

http://dl.dropbox.com/u/258536/realcert.cer

No real private key for obvious reasons, which limits the uses of the certificate.

Link to comment
Share on other sites

Asking for a wondercard, no wondercard found.

Request1:

POST /ac HTTP/1.0
Content-type: application/x-www-form-urlencoded
Host: nas.nintendowifi.net
User-Agent: Nitro WiFi SDK/2.2
HTTP_X_GAMECD: CPUE
Connection: close
Content-Length: 270
action=bG9naW4*&gsbrcd=&sdkver=MDAyMDAy&userid=MDk1Njc3MTk3NjUxNg**&passwd=NTcx&bssid=MDAxNGJmZDk1NjBj&apinfo=MDE6MDAwMDAwMC0wMA**&gamecd=Q1BVRQ**&makercd=MDE*&unitcd=MA**&macadr=MDAxYjdhNWU4YWRh&lang=MDE*&birth=MDkxZA**&devtime=MTAxMjE0MDExNTE2&devname=VgBlAHQAbABlAA**

Reply1:

HTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 235
Date: Tue, 14 Dec 2010 00:15:31 GMT
Connection: close
Server: GameCube
challenge=Wk9OOVcwTEY*&locator=Z2FtZXNweS5jb20*&retry=MA**&returncd=MDAx&token=TkRTZXZ2L0ZjOGoreWdma3NXcndCeWJZMEhieDQ1RlQzdmRZUFZVZ2QvRWllUElxU0FoT2x0cWtFVjZhMW84djEzRityemoxTG5KSEhNRlJGaHhhVWV1ZkE9PQ**&datetime=MjAxMDEyMTQwMDE1MzE*

Request 1.2:

POST /ac HTTP/1.0
Content-type: application/x-www-form-urlencoded
Host: nas.nintendowifi.net
User-Agent: Nitro WiFi SDK/2.2
HTTP_X_GAMECD: CPUE
Connection: close
Content-Length: 275
sdkver=MDAyMDAy&userid=MDk1Njc3MTk3NjUxNg**&passwd=NTcx&bssid=MDAxNGJmZDk1NjBj&apinfo=MDE6MDAwMDAwMC0wMA**&gamecd=Q1BVRQ**&makercd=MDE*&unitcd=MA**&macadr=MDAxYjdhNWU4YWRh&lang=MDE*&birth=MDkxZA**&devtime=MTAxMjE0MDExNTE3&devname=VgBlAHQAbABlAA**&action=U1ZDTE9D&svc=OTAwMA**

Reply 1.2:

HTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 243
Date: Tue, 14 Dec 2010 00:16:09 GMT
Connection: close
Server: GameCube
retry=MA**&returncd=MDA3&servicetoken=bU5tRmFjYXY3M2hGMnpyVDd4UkdyRDFrcjVoTDFtQWd5a2VoTWsrTWpGUlh0Z045NFd3bklRSE82VTVOV01lNnFST3VwU2c2Q2tuN0NmTzBSYWwxVVE9PQ**&statusdata=WQ**&svchost=ZGxzMS5uaW50ZW5kb3dpZmkubmV0&datetime=MjAxMDEyMTQwMDE2MDk*

Link to comment
Share on other sites

the url is sent to the client as

svchost=ZGxzMS5uaW50ZW5kb3dpZmkubmV0

decoding the base64 encrypted string gives you

dls1.nintendowifi.net

it would be possible to hex edit it to use http but, as you said

I've tried connecting to it without SSL before and it will refuse the connection, sadly.

the server itself does not use http.

one possible solution would be to make a dns and a fake https server working like a proxy that redirects any data to the actual server as its logging actions.

Edit: At 0x0014e4c4 -0x0014e4d6 it says

https://%s/download

which is the url it requests.

also, some lines below i found the string

BE, GlobalSign nv-sa, Root CA, GlobalSign Root CA

followed by

da 0e e6 99 8d ce a3 e3 4f 8a 7e fb f1 8b 83 25 6b ea 48 1f f1 2a b0 b9 95 11 04 bd f0 63 d1 e2 67 66 cf 1c dd cf 1b 48 2b ee 8d 89 8e 9a af 29 80 65 ab e9 c7 2d 12 cb ab 1c 4c 70 07 a1 3d 0a 30 cd 15 8d 4f f8 dd d4 8c 50 15 1c ef 50 ee c4 2e f7 fc e9 52 f2 91 7d e0 6d d5 35 30 8e 5e 43 73 f2 41 e9 d5 6a e3 b2 89 3a 56 39 38 6f 06 3c 88 69 5b 2a 4d c5 a7 54 b8 6c 89 cc 9b f9 3c ca e5 fd 89 f5 12 3c 92 78 96 d6 dc 74 6e 93 44 61 d1 8d c7 46 b2 75 0e 86 e8 19 8a d5 6d 6c d5 78 16 95 a2 e9 c8 0a 38 eb f2 24 13 4f 73 54 93 13 85 3a 1b bc 1e 34 b5 8b 05 8c b9 77 8b b1 db 1f 20 91 ab 09 53 6e 90 ce 7b 37 74 b9 70 47 91 22 51 63 16 79 ae b1 ae 41 26 08 c8 19 2b d1 46 aa 48 d6 64 2a d7 83 34 ff 2c 2a c1 6c 19 43 4a 07 85 e7 d3 7c f6 21 68 ef ea f2 52 9f 7f 93 90 cf 01 00 01 00 d4 67 21 02 00 01 00 00 0c 68 21 02 03

which might be the private key

just below:

IE, Baltimore, CyberTrust, Baltimore CyberTrust Root

a3 04 bb 22 ab 98 3d 57 e8 26 72 9a b5 79 d4 29 e2 e1 e8 95 80 b1 b0 e3 5b 8e 2b 29 9a 64 df a1 5d ed b0 09 05 6d db 28 2e ce 62 a2 62 fe b4 88 da 12 eb 38 eb 21 9d c0 41 2b 01 52 7b 88 77 d3 1c 8f c7 ba b9 88 b5 6a 09 e7 73 e8 11 40 a7 d1 cc ca 62 8d 2d e5 8f 0b a6 50 d2 a8 50 c3 28 ea f5 ab 25 87 8a 9a 96 1c a9 67 b8 3f 0c d5 f7 f9 52 13 2f c2 1b d5 70 70 f0 8f c0 12 ca 06 cb 9a e1 d9 ca 33 7a 77 d6 f8 ec b9 f1 68 44 42 48 13 d2 c0 c2 a4 ae 5e 60 fe b6 a6 05 fc b4 dd 07 59 02 d4 59 18 98 63 f5 a5 63 e0 90 0c 7d 5d b2 06 7a f3 85 ea eb d4 03 ae 5e 84 3e 5f ff 15 ed 69 bc f9 39 36 72 75 cf 77 52 4d f3 c9 90 2c b9 3d e5 c9 23 53 3f 1f 24 98 21 5c 07 99 29 bd c6 3a ec e7 6e 86 3a 6b 97 74 63 33 bd 68 18 31 f0 78 8d 76 bf fc 9e 8e 5d 2a 86 a7 4d 90 dc 27 1a 39 01 00 01 00 24 69 21 02 80 00 00 00 74 69 21 02 03

and:

US, GTE Corporation, GTE CyberTrust Solutions, Inc., GTE CyberTrust Global Root

95 0f a0 b6 f0 50 9c e8 7a c7 88 cd dd 17 0e 2e b0 94 d0 1b 3d 0e f6 94 c0 8a 94 c7 06 c8 90 97 c8 b8 64 1a 7a 7e 6c 3c 53 e1 37 28 73 60 7f b2 97 53 07 9f 53 f9 6d 58 94 d2 af 8d 6d 88 67 80 e6 ed b2 95 cf 72 31 ca a5 1c 72 ba 5c 02 e7 64 42 e7 f9 a9 2c d6 3a 0d ac 8d 42 aa 24 01 39 e6 9c 3f 01 85 57 0d 58 87 45 f8 d3 85 aa 93 69 26 85 70 48 80 3f 12 15 c7 79 b4 1f 05 2f 3b 62 99 01 00 01 00 0c 6a 21 02 80 00 00 00 38 6a 21 02 03

next:

US, GTE Corporation, GTE CyberTrust Root

b8 e6 4f ba db 98 7c 71 7c af 44 b7 d3 0f 46 d9 64 e5 93 c1 42 8e c7 ba 49 8d 35 2d 7a e7 8b bd e5 05 31 59 c6 b1 2f 0a 0c fb 9f a7 3f a2 09 66 84 56 1e 37 29 1b 87 e9 7e 0c ca 9a 9f a5 7f f5 15 94 a3 d5 a2 46 82 d8 68 4c d1 37 15 06 68 af bd f8 b0 b3 f0 29 f5 95 5a 09 16 61 77 0a 22 25 d4 4f 45 aa c7 bd e5 96 df f9 d4 a8 8e 42 cc 24 c0 1e 91 27 4a b5 6d 06 80 63 39 c4 a2 5e 38 03 01 00 01 00 d0 6a 21 02 80 00 00 00 20 6b 21 02 03

US:

US, Washington, Nintendo of America Inc, NOA, Nintendo CA, ca@noa.nintendo.com

b3 cd 79 97 77 5d 8a af 86 a8 e8 d7 73 1c 77 df 10 90 1f 81 f8 41 9e 21 55 df bc fc 63 fb 19 43 f1 f6 c4 72 42 49 bd ad 44 68 4e f3 da 1d e6 4d d8 f9 59 88 dc ae 3e 9b 38 09 ca 7f ff dc 24 a2 44 78 78 49 93 d4 84 40 10 b8 ec 3e db 2d 93 c8 11 c8 fd 78 2d 61 ad 31 ae 86 26 b0 fd 5a 3f a1 3d bf e2 4b 49 ec ce 66 98 58 26 12 c0 fb f4 77 65 1b ea fb cb 7f e0 8c cb 02 a3 4e 5e 8c ea 9b 01 00 01 00 38 6c 21 02 80 00 00 00 b8 6b 21 02 03

last:

 Western Cape, Cape Town, Thawte Consulting cc, Certification Services Division, Thawte Server CA, server-certs@thawte.com

d3 a4 50 6e c8 ff 56 6b e6 cf 5d b6 ea 0c 68 75 47 a2 aa c2 da 84 25 fc a8 f4 47 51 da 85 b5 20 74 94 86 1e 0f 75 c9 e9 08 61 f5 06 6d 30 6e 15 19 02 e9 52 c0 62 db 4d 99 9e e2 6a 0c 44 38 cd fe be e3 64 09 70 c5 fe b1 6b 29 b6 2f 49 c8 3b d4 27 04 25 10 97 2f e7 90 6d c0 28 42 99 d7 4c 43 de c3 f5 21 6d 54 9f 5d c3 58 e1 c0 e4 d9 5b b0 b8 dc b4 7b df 36 3a c2 b5 66 22 12 d6 87 0d 01 00 01 00 70 6e 21 02 80 00 00 00 f0 6d 21 02 03

im not sure if the certificate continues after the three nulls, so i didnt remove them

Edited by Vetle
Link to comment
Share on other sites

Now we're getting somewhere!

one possible solution would be to make a dns and a fake https server working like a proxy that redirects any data to the actual server as its logging actions.

As you can see from my earlier post I was considering an SSL MITM and at the same time kind of doubting it would work. You finding the request URL in plaintext changes things though. If GAMEFREAK's code doesn't break upon modifying that URL to use plain HTTP we could set up a proxy server to log whatever comes from the DS, SSL-ify it, and relay it to the real server then do the same thing in reverse for what the server sends back. Once we know the protocol we could use some of the same techniques to set up a fake server. The catch is that it would require ROM hacking; I may try to focus on methods that wouldn't require ROM hacking first.

Edit: At 0x0014e4c4 -0x0014e4d6 it says

https://%s/download

which is the url it requests.

Awesome find. I've searched all over for this but I never thought to look for just a partial URL. This'll be very useful; we could probably have a working client without anything more then this.

also, some lines below i found the string

BE, GlobalSign nv-sa, Root CA, GlobalSign Root CA

followed by

da 0e e6 99 8d ce a3 e3 4f 8a 7e fb f1 8b 83 25 6b ea 48 1f f1 2a b0 b9 95 11 04 bd f0 63 d1 e2 67 66 cf 1c dd cf 1b 48 2b ee 8d 89 8e 9a af 29 80 65 ab e9 c7 2d 12 cb ab 1c 4c 70 07 a1 3d 0a 30 cd 15 8d 4f f8 dd d4 8c 50 15 1c ef 50 ee c4 2e f7 fc e9 52 f2 91 7d e0 6d d5 35 30 8e 5e 43 73 f2 41 e9 d5 6a e3 b2 89 3a 56 39 38 6f 06 3c 88 69 5b 2a 4d c5 a7 54 b8 6c 89 cc 9b f9 3c ca e5 fd 89 f5 12 3c 92 78 96 d6 dc 74 6e 93 44 61 d1 8d c7 46 b2 75 0e 86 e8 19 8a d5 6d 6c d5 78 16 95 a2 e9 c8 0a 38 eb f2 24 13 4f 73 54 93 13 85 3a 1b bc 1e 34 b5 8b 05 8c b9 77 8b b1 db 1f 20 91 ab 09 53 6e 90 ce 7b 37 74 b9 70 47 91 22 51 63 16 79 ae b1 ae 41 26 08 c8 19 2b d1 46 aa 48 d6 64 2a d7 83 34 ff 2c 2a c1 6c 19 43 4a 07 85 e7 d3 7c f6 21 68 ef ea f2 52 9f 7f 93 90 cf 01 00 01 00 d4 67 21 02 00 01 00 00 0c 68 21 02 03

which might be the private key

...

I've seen these before and they are definitely SSL/certificate related. They're not the private key though; I'm not sure how much you know about RSA but the private key never needs to leave the server for the whole SSL scheme to work, having it on the DS would be pointless and even more insecure than GF normally is.

However, I am noticing good things that I failed to see before. The dls1 server's certificate correlates with "US, Washington, Nintendo of America Inc, NOA, Nintendo CA, ca@noa.nintendo.com" (those are several of the fields on the certificate). Each of the bytestrings you copied looks to be a public key (it's the correct length for a 1024bit key) and some metadata. The metadata actually precedes the "name" part.

Like this:

01 00 01 00 E0 CA 20 02 80 00 00 00 30 CB 20 02 03 00 00 00 C8 CA 20 02 // metadata

55 53 2C 20 57 61 73 68 69 6E 67 74 6F 6E 2C 20 4E 69 6E 74 65 6E 64 6F // "US, Washington, Nintendo of America Inc, NOA, Nintendo CA, ca@noa.nintendo.com"
20 6F 66 20 41 6D 65 72 69 63 61 20 49 6E 63 2C 20 4E 4F 41 2C 20 4E 69 
6E 74 65 6E 64 6F 20 43 41 2C 20 63 61 40 6E 6F 61 2E 6E 69 6E 74 65 6E
64 6F 2E 63 6F 6D 00 00

B3 CD 79 97 77 5D 8A AF 86 A8 E8 D7 73 1C 77 DF 10 90 1F 81 F8 41 9E 21 // 1024 bit RSA public key of Nintendo CA
55 DF BC FC 63 FB 19 43 F1 F6 C4 72 42 49 BD AD 44 68 4E F3 DA 1D E6 4D 
D8 F9 59 88 DC AE 3E 9B 38 09 CA 7F FF DC 24 A2 44 78 78 49 93 D4 84 40 
10 B8 EC 3E DB 2D 93 C8 11 C8 FD 78 2D 61 AD 31 AE 86 26 B0 FD 5A 3F A1 
3D BF E2 4B 49 EC CE 66 98 58 26 12 C0 FB F4 77 65 1B EA FB CB 7F E0 8C 
CB 02 A3 4E 5E 8C EA 9B

I've gotta check if the key in encrypted at all to prevent tampering...

Edited by Poryhack
Link to comment
Share on other sites

Good news. The CA public keys aren't encrypted.

Because Nintendo CA doesn't publish their public key I had no way to verify that it wasn't encrypted, but I think it's a safe bet because the public keys listed for the other CAs are not encrypted. I specifically checked the key under Thawte Consulting against the root certificate found here (Thawte is a subsidiary of Verisign) and it's a match.

What this means is that at the very least we can snoop on transactions with the genuine dls1 server and subsequently create and run fake server(s) that will work with an edited ROM as well as write a desktop client program that will work with any server. I still prefer a solution which wouldn't require an edited ROM (thus allowing retail card users to take advantage of it) which is why I'm going to try forcing the DS into a nonencrypted ciphersuite first. Beyond that the only way I can think of that would be viable for retail cards is to use RNG prediction which is not something I particularly want to try ...even if it worked out the process would have to be repeated for every connection to the server which would just be a nightmare.

Link to comment
Share on other sites

  • 3 weeks later...

Aren't there homebrews for flash carts that let you rip saves from commercial games? I've been searching through the forums trying to find what use event downloads on the main page are. I still haven't found out what I'm supposed to do with an even after I've downloaded it--there should really be some instructions for those somewhere (or some easy to find instructions). But I'm assuming it's some kind of save editing that's needed. If that's so, couldn't a save from a commercial game be ripped, edited, then restored to get the event(s)?

Link to comment
Share on other sites

Aren't there homebrews for flash carts that let you rip saves from commercial games? I've been searching through the forums trying to find what use event downloads on the main page are. I still haven't found out what I'm supposed to do with an even after I've downloaded it--there should really be some instructions for those somewhere (or some easy to find instructions). But I'm assuming it's some kind of save editing that's needed. If that's so, couldn't a save from a commercial game be ripped, edited, then restored to get the event(s)?

The goal of this project is to get wondercards onto retail game cards without 3rd party hardware and/or create a desktop client program to download wondercards from the official server.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...