GTS protocol: Difference between revisions

From ProjectPokemon Wiki
Jump to navigation Jump to search
No edit summary
Line 19: Line 19:
===Challenge/response===
===Challenge/response===


Before each "real" request, the game sends a request of the form <code><var>page</var>.asp?pid=<var>pid</var></code> and the server responds with a 32-byte hex challenge token. The game computes <code>sha1("sAdeqWo3voLeC5r16DYv" + token)</code> and uses that as the <var>hash</var> value which it sends to the server. The <var>data</var> parameter is encrypted with an unknown algorithm.
Before each "real" request, the game sends a request of the form <code><var>page</var>.asp?pid=<var>pid</var></code> and the server responds with a 32-byte challenge token. The game computes <code>sha1("sAdeqWo3voLeC5r16DYv" + token)</code> and uses that as the <var>hash</var> value which it sends to the server. The <var>data</var> parameter is encrypted with an unknown algorithm.


That is, each request looks like the following:
That is, each request looks like the following:
Line 36: Line 36:
Platinum, Heart Gold, and Soul Silver will then make a request to <code>/pokemondpds/common/setProfile.asp</code>.  The server responds with eight NULs (0x00000000 0x00000000).
Platinum, Heart Gold, and Soul Silver will then make a request to <code>/pokemondpds/common/setProfile.asp</code>.  The server responds with eight NULs (0x00000000 0x00000000).


After the above step(s) or '''performing any of the tasks below''', the game makes a request to <code>/pokemondpds/worldexchange/result.asp</code>.  If the game has had a Pokémon sent to it (via a successful trade?), the server responds with the entire encrypted [[Pokemon NDS Structure|Pokémon save struct]].  If there is a Pokémon uploaded to the GTS, it responds with 0x0004.  Otherwise, it responds with 0x0005.
After the above step(s) or '''performing any of the tasks below''' other than searching, the game makes a request to <code>/pokemondpds/worldexchange/result.asp</code>.  If the game has had a Pokémon sent to it (via a successful trade?), the server responds with the entire encrypted [[Pokemon NDS Structure|Pokémon save struct]].  If there is a Pokémon deposited in the GTS, it responds with 0x0004.  Otherwise, it responds with 0x0005.


===Receiving a Pokémon===
===Receiving a Pokémon===
Line 46: Line 46:
After doing the above, some Platinum, Heart Gold, and Soul Silver games will report a communication error and dump the player back to the title screen.  The Pokémon is still successfully received.  At least one person with HG/SS has received a Pokémon from a fake server without getting the error, and Diamond/Pearl have never been reported to have the problem.  It's possible that the server should respond with something other than 0x0001.
After doing the above, some Platinum, Heart Gold, and Soul Silver games will report a communication error and dump the player back to the title screen.  The Pokémon is still successfully received.  At least one person with HG/SS has received a Pokémon from a fake server without getting the error, and Diamond/Pearl have never been reported to have the problem.  It's possible that the server should respond with something other than 0x0001.


===Offering a Pokémon===
===Depositing a Pokémon===


Pokémon are offered on the GTS by requesting <code>/pokemondpds/worldexchange/post.asp</code>, followed by <code>/pokemondpds/worldexchange/post_finish.asp</code>.
Pokémon are offered on the GTS by requesting <code>/pokemondpds/worldexchange/post.asp</code>.  The sent data is 300 bytes long, and includes the Pokémon struct.


===Retrieving an offered Pokémon===
The game then saves. After the save is complete, it issues a request to <code>/pokemondpds/worldexchange/post_finish.asp</code>.


Checking on the currently offered Pokémon is apparently done by <code>/pokemondpds/worldexchange/get.asp</code>.  The response appears to be a [[Pokemon NDS Structure|Pokémon save struct]].
===Retrieving the deposited Pokémon===


Retrieving the currently offered Pokémon is done by <code>/pokemondpds/worldexchange/return.asp</code>.  The response is merely 0x0001; the actual Pokémon data is taken from the <code>get.asp</code> request.
Checking on the deposited Pokémon is apparently done by <code>/pokemondpds/worldexchange/get.asp</code>.  The response appears to be a [[Pokemon NDS Structure|Pokémon save struct]].
 
Retrieving the deposited Pokémon is done by <code>/pokemondpds/worldexchange/return.asp</code>.  The response is merely 0x0001; the actual Pokémon data is taken from the <code>get.asp</code> request.


===Searching===
===Searching===

Revision as of 11:54, 21 March 2010

The following is wild conjecture based on LordLandon's sendpkm.py.

Communication with the GTS is done over regular HTTP with http://gamestats2.gs.nintendowifi.net/. The same protocol is used for all five Gen IV games.

HTTP headers

The games don't seem to care about these at all. The GTS sends back a bunch of boilerplate response headers, but the game happily accepts a response with only a Content-Length.

Protocol

All requests to the server are GET requests of the form page.asp?pid=pid&hash=hash&data=data.

pid

The pid is an unsigned 32-bit integer that appears to uniquely identify a game cartridge. When the pid is obtained and whether the pid has any relation to the Pal Pad friend code are unknown.

For the mathematically inclined: Eevee's Platinum pid is 192615460 (0x0b7b1424) and his Pal Pad code is 0904 2026 4621.

Challenge/response

Before each "real" request, the game sends a request of the form page.asp?pid=pid and the server responds with a 32-byte challenge token. The game computes sha1("sAdeqWo3voLeC5r16DYv" + token) and uses that as the hash value which it sends to the server. The data parameter is encrypted with an unknown algorithm.

That is, each request looks like the following:

  1. Game requests GET /pokemondpds/page.asp?pid=pid
  2. Server responds with token
  3. Game requests GET /pokemondpds/page.asp?pid=pid&hash=sha1(...)&data=data
  4. Server responds with payload

Unfortunately, this means that the exact details of the game's requests are currently not known.

Conversation

The first request the game makes is to /pokemondpds/worldexchange/info.asp. The server responds with 0x0001.

Platinum, Heart Gold, and Soul Silver will then make a request to /pokemondpds/common/setProfile.asp. The server responds with eight NULs (0x00000000 0x00000000).

After the above step(s) or performing any of the tasks below other than searching, the game makes a request to /pokemondpds/worldexchange/result.asp. If the game has had a Pokémon sent to it (via a successful trade?), the server responds with the entire encrypted Pokémon save struct. If there is a Pokémon deposited in the GTS, it responds with 0x0004. Otherwise, it responds with 0x0005.

Receiving a Pokémon

If the game receives a Pokémon from a successful trade as a response from result.asp, it next requests /pokemondpds/worldexchange/delete.asp. The server responds with 0x0001.

A note on sendpkm.py

After doing the above, some Platinum, Heart Gold, and Soul Silver games will report a communication error and dump the player back to the title screen. The Pokémon is still successfully received. At least one person with HG/SS has received a Pokémon from a fake server without getting the error, and Diamond/Pearl have never been reported to have the problem. It's possible that the server should respond with something other than 0x0001.

Depositing a Pokémon

Pokémon are offered on the GTS by requesting /pokemondpds/worldexchange/post.asp. The sent data is 300 bytes long, and includes the Pokémon struct.

The game then saves. After the save is complete, it issues a request to /pokemondpds/worldexchange/post_finish.asp.

Retrieving the deposited Pokémon

Checking on the deposited Pokémon is apparently done by /pokemondpds/worldexchange/get.asp. The response appears to be a Pokémon save struct.

Retrieving the deposited Pokémon is done by /pokemondpds/worldexchange/return.asp. The response is merely 0x0001; the actual Pokémon data is taken from the get.asp request.

Searching

Searching is done through /pokemondpds/worldexchange/search.asp. The sent data is 15 bytes long.

The server responds with a full 292-byte Pokémon struct for each result. If there are n results, the response will be 292 * n bytes long.

Pokémon struct

The Pokémon data for the GTS is 292 bytes—56 bytes larger than a party Pokémon struct. The extra 56 bytes are GTS-specific data, such as the player's name & country, and what Pokémon they are requesting.

They are as follows:

0x00-0x01 Current Pokémon
0x02      Gender          1=male; 2=female; 3=either/neither
0x03      Level
0x04-0x05 Requested Pokémon
0x06      Gender
0x07      Min level
0x08      Max level
0x09      always 0?
0x10      sometimes 1, sometimes 0
0x0B      always 0?
0x0C-0x0D Year deposited
0x0E      Month dep'd
0x0F      Day dep'd
0x10      Hour dep'd
0x11      Minute dep'd
0x12      Second depd'd
0x13      always 0?
0x14-0x1a Another timestamp. Time traded away?
0x1b      always 0?
0x1c-0x1f pid - also 0x4c in the sav
0x20-0x2F OT Name
0x30-0x31 OT ID
0x32      Country
0x33      City
0x34-0x37 Unknown