Zaneris Posted October 29, 2013 Posted October 29, 2013 (edited) Here are the Wonder Trade packets if anyone else is interested. Sent: 0000 84 4b f5 b1 61 cb 40 f4 07 6b 5f 90 08 00 45 00 .K..a.@..k_...E. 0010 03 cf 6a b0 00 00 40 11 12 70 c0 a8 89 b8 05 43 ..j...@..p.....C 0020 aa 5a e9 cc ee d7 03 bb 4f 24 ea d0 01 03 92 03 .Z......O$...... 0030 11 11 e2 08 0d 00 0d 00 45 96 5d 91 29 cd 78 38 ........E.].).x8 0040 18 1b 49 44 ee 98 55 89 02 01 00 56 ff 7e 03 02 ..ID..U....V.~.. 0050 00 00 00 01 02 00 00 04 01 00 00 01 02 00 00 01 ................ 0060 00 00 00 76 03 00 00 ce 74 ba ea 00 00 85 e8 14 ...v....t....... 0070 66 f9 60 cd 3e d8 88 18 7d e2 ba ee a1 7a 7d af f.`.>...}....z}. 0080 f7 61 1c 2d 71 66 e3 11 da 58 02 e8 e3 8c 73 14 .a.-qf...X....s. 0090 90 0d ef 18 76 5f c9 84 2a 1f 4c a5 f2 5f 04 be ....v_..*.L.._.. 00a0 10 bd 96 72 07 4c bf b7 99 5f eb 99 9b ed 91 c9 ...r.L..._...... 00b0 5e d8 03 89 70 06 f1 b9 5a cc c1 d1 ec f6 24 7e ^...p...Z.....$~ 00c0 64 53 27 0a eb 4d c5 b8 99 1a e2 66 a0 a5 71 0c dS'..M.....f..q. 00d0 46 4b a2 1a d2 bc 82 6c ea 0c 98 f7 0a 7a 18 6b FK.....l.....z.k 00e0 97 84 59 44 74 32 04 36 64 c3 e0 d0 67 27 13 c4 ..YDt2.6d...g'.. 00f0 60 e3 83 46 0f 52 7d 4c 77 6a 4b c4 a4 62 7c f7 `..F.R}LwjK... 0100 f0 f2 4a ad 28 04 4f d6 91 0b e0 be a0 63 2c 16 ..J.(.O......c,. 0110 80 5f fb 5f 34 f2 eb 30 6a 75 d8 49 ba 09 65 e8 ._._4..0ju.I..e. 0120 a1 7d c5 12 8b 0c cd ae 1a e2 e6 cd ad 32 90 67 .}...........2.g 0130 88 a6 0d d2 b0 04 76 91 09 31 12 99 c4 85 08 42 ......v..1.....B 0140 16 23 4d 7f eb d3 89 13 a6 7a 1a d6 6c 49 f0 00 .#M......z..lI.. 0150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0160 00 00 00 00 00 00 00 00 00 00 00 bb e2 af 5c 19 ..............\. 0170 00 00 01 8d 15 b3 8a 38 18 ed 3a c4 0e 60 b6 72 .......8..:..`.r 0180 da 87 f7 c4 0e 60 b6 72 da 87 f7 f0 a0 1c 6c 00 .....`.r......l. 0190 00 02 12 30 20 23 ca 01 02 00 00 48 4a 19 05 52 ...0 #.....HJ..R 01a0 c8 b1 02 31 00 00 00 00 00 00 00 00 00 00 00 00 ...1............ 01b0 00 00 00 5a 00 61 00 6e 00 00 00 00 00 00 00 00 ...Z.a.n........ 01c0 00 00 00 00 00 00 00 00 00 00 00 00 00 4c 00 69 .............L.i 01d0 00 19 20 6c 00 20 00 5a 00 00 00 00 00 00 00 00 .. l. .Z........ 01e0 00 00 00 00 00 00 00 4e 00 69 00 63 00 65 00 20 .......N.i.c.e. 01f0 00 74 00 6f 00 20 00 6d 00 65 00 65 00 74 00 20 .t.o. .m.e.e.t. 0200 00 79 00 61 00 21 00 00 00 4c 00 65 00 74 00 19 .y.a.!...L.e.t.. 0210 20 73 00 20 00 62 00 61 00 74 00 74 00 6c 00 65 s. .b.a.t.t.l.e 0220 00 21 00 00 00 00 00 00 00 00 00 4c 00 65 00 74 .!.........L.e.t 0230 00 19 20 73 00 20 00 74 00 72 00 61 00 64 00 65 .. s. .t.r.a.d.e 0240 00 21 00 00 00 00 00 00 00 00 00 00 00 57 00 61 .!...........W.a 0250 00 74 00 63 00 68 00 20 00 6d 00 79 00 20 00 56 .t.c.h. .m.y. .V 0260 00 69 00 64 00 65 00 6f 00 21 00 00 00 00 00 55 .i.d.e.o.!.....U 0270 00 73 00 65 00 20 00 61 00 6e 00 20 00 4f 00 2d .s.e. .a.n. .O.- 0280 00 50 00 6f 00 77 00 65 00 72 00 21 00 00 00 00 .P.o.w.e.r.!.... 0290 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 02a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 02b0 00 00 00 04 00 01 00 00 00 00 00 00 00 00 00 00 ................ 02c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 02d0 00 00 00 29 35 13 00 00 00 00 00 99 ff 5e c3 d0 ...)5........^.. 02e0 7c 12 09 87 4f d0 e4 e5 18 77 b1 6f 8d a2 65 7c |...O....w.o..e| 02f0 76 74 8e 4f 05 d0 22 c9 0e 35 32 6d 62 0c 4f c9 vt.O.."..52mb.O. 0300 1d ee f4 fa d6 a5 bc 91 83 3c 2a c9 3f 32 e2 a1 .........<*.?2.. 0310 9a bb 85 fb 97 d8 13 40 8e 82 bd 39 11 d5 a3 9c .......@...9.... 0320 59 21 86 31 63 86 c8 4c a2 00 17 c6 38 a3 00 4f Y!.1c..L....8..O 0330 f9 2e df e3 d8 b5 2b cc df ec 5d 21 df 2e d4 62 ......+...]!...b 0340 a1 46 0b 62 89 0f 53 40 9a 15 f1 f2 1a 2e af 42 .F.b..S@.......B 0350 9e c0 38 6f b2 05 d0 92 77 20 ba 90 55 a9 da ac ..8o....w ..U... 0360 e3 b3 46 31 7b c1 b4 63 96 b5 0d b9 f0 30 d9 91 ..F1{..c.....0.. 0370 90 b3 c7 b5 ab 55 df 42 8a fb da f9 e4 86 52 ae .....U.B......R. 0380 fc 19 6d 5c 87 27 aa 3f 9a dd dd 66 33 06 69 fa ..m\.'.?...f3.i. 0390 c8 82 ed a2 90 77 33 40 42 37 b3 72 a5 1b 91 8e .....w3@B7.r.... 03a0 31 26 7c 8d 7e 5d 6a 83 15 73 69 41 f9 40 cb a2 1&|.~]j..siA.@.. 03b0 8f 7e 48 72 42 24 8c 83 02 d4 af 33 69 13 9f 4f .~HrB$.....3i..O 03c0 56 9f 3a 0c f8 ed 3c 4b 50 76 48 34 21 ed 85 81 V.:...<KPvH4!... 03d0 71 cb 13 e6 5b 35 46 fc ac d4 9e 1a 03 q...[5F...... Response: 0000 40 f4 07 6b 5f 90 84 4b f5 b1 61 cb 08 00 45 00 @..k_..K..a...E. 0010 03 cf 70 7a 00 00 39 11 13 a6 05 43 aa 5a c0 a8 ..pz..9....C.Z.. 0020 89 b8 ee d7 e9 cc 03 bb c1 46 ea d0 01 03 92 03 .........F...... 0030 11 11 e2 08 8c 00 0e 00 ca 34 7a 0c 07 b5 c1 2b .........4z....+ 0040 71 ad 58 ab 3a ba f6 ef 02 01 00 0e 03 7e 03 05 q.X.:........~.. 0050 00 00 00 01 02 00 00 04 01 00 00 01 02 00 00 01 ................ 0060 00 00 00 76 03 00 00 81 4e 27 5c 00 00 a6 02 d1 ...v....N'\..... 0070 ae 79 ca 54 bb 57 19 d5 5b 91 aa e2 97 ac 9a 28 .y.T.W..[......( 0080 b7 7c 3a aa dd b7 38 1b 78 15 8a df 8e f3 98 02 .|:...8.x....... 0090 48 c8 5d bc ff 16 02 e0 95 3f 72 5f 35 30 a3 73 H.]......?r_50.s 00a0 93 66 bc 6b c0 1f de 36 ba ad 34 0f 91 48 c5 08 .f.k...6..4..H.. 00b0 29 d7 ad 43 07 83 c0 0f 38 11 45 51 c3 56 8d da )..C....8.EQ.V.. 00c0 66 46 bf 97 fa 66 0e c5 08 b1 67 8a 54 2a 9e a1 fF...f....g.T*.. 00d0 53 b3 43 fe 93 e1 d8 93 b4 e5 af a3 90 c5 11 6e S.C............n 00e0 8f 18 ba bd 44 ec e7 6f cb 9d ce 89 f3 df ab 2d ....D..o.......- 00f0 d3 a8 85 b4 aa c4 92 dd eb 18 b0 cf a5 aa dc 1a ................ 0100 03 fb ee 0c 54 a2 6e c4 5e ef 6e e7 08 20 91 4d ....T.n.^.n.. .M 0110 cd 43 87 d0 a7 04 eb dc 3c 3d 87 6c 53 2a dc 58 .C......<=.lS*.X 0120 db 9b ba 5b 69 42 e0 96 27 62 74 36 3e 13 5f e3 ...[iB..'bt6>._. 0130 91 2b d9 79 6c 9a 25 c0 9e c5 9f 83 cb ef 93 ec .+.yl.%......... 0140 88 13 55 3e e3 14 18 ce 9d 77 0a 96 df 5d dd 00 ..U>.....w...].. 0150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0160 00 00 00 00 00 00 00 00 00 00 00 8b 97 12 8c 18 ................ 0170 00 01 01 08 68 b1 ba e1 f7 83 1a f4 38 46 2b 2b ....h.......8F++ 0180 67 05 f2 f4 38 46 2b 2b 67 05 f2 80 64 1f 6c 00 g...8F++g...d.l. 0190 00 02 6e a0 24 eb ff 02 02 00 00 c8 3c 09 05 d1 ..n.$.......<... 01a0 09 32 03 31 00 00 00 00 00 00 00 18 00 00 00 00 .2.1............ 01b0 00 00 00 41 00 7a 00 65 00 65 00 6d 00 00 00 00 ...A.z.e.e.m.... 01c0 00 00 00 00 00 00 00 00 00 00 00 00 00 41 00 2d .............A.- 01d0 00 4d 00 65 00 69 00 73 00 74 00 65 00 72 00 00 .M.e.i.s.t.e.r.. 01e0 00 00 00 00 00 00 00 2e 00 2e 00 2e 00 00 00 00 ................ 01f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0200 00 00 00 00 00 00 00 00 00 2e 00 2e 00 2e 00 00 ................ 0210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0220 00 00 00 00 00 00 00 00 00 00 00 49 00 20 00 52 ...........I. .R 0230 00 61 00 72 00 65 00 2c 00 20 00 43 00 61 00 74 .a.r.e.,. .C.a.t 0240 00 63 00 68 00 20 00 4d 00 65 00 00 00 49 00 20 .c.h. .M.e...I. 0250 00 52 00 61 00 72 00 65 00 2c 00 20 00 56 00 00 .R.a.r.e.,. .V.. 0260 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4c ...............L 0270 00 65 00 74 00 19 20 73 00 20 00 62 00 61 00 74 .e.t.. s. .b.a.t 0280 00 74 00 6c 00 65 00 21 00 00 00 00 00 00 00 00 .t.l.e.!........ 0290 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 02a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 02b0 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 ................ 02c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 02d0 00 00 00 18 a6 1c 00 00 00 00 00 bb 1c 27 4b 40 .............'K@ 02e0 8e 74 07 20 86 6c 68 bf c8 8b a1 36 92 c4 7d 5c .t. .lh....6..}\ 02f0 10 72 87 b6 66 6c c1 eb 54 05 d5 0c 0c 81 4c 5a .r..fl..T.....LZ 0300 34 83 b8 d8 80 a6 22 fe 48 3c bf f9 6d aa d5 b2 4.....".H<..m... 0310 22 ac 3c dc cc eb ed 5d 15 0b 5b 3e 03 47 5b ff ".<....]..[>.G[. 0320 ee 5d 8c 5b da e5 5d 7f d4 01 55 df c9 8c 09 40 .].[..]...U....@ 0330 b6 92 89 b6 30 42 96 05 57 0e ce 1d 36 4e bd da ....0B..W...6N.. 0340 90 b4 22 67 e1 41 21 0d f4 cb ca e4 83 cb a3 47 .."g.A!........G 0350 c6 54 0f 1b 91 dc e7 2f 56 de f0 88 c9 eb 9f 41 .T...../V......A 0360 0a fa a4 73 f4 59 11 d8 a6 34 25 1d d3 94 94 12 ...s.Y...4%..... 0370 a0 21 a8 60 70 44 6f 8c 2b d1 f4 df 22 de 9c 64 .!.`pDo.+..."..d 0380 e4 6c f0 b4 fc aa 72 58 fa 23 7b 66 2d e1 c1 b1 .l....rX.#{f-... 0390 6e 1e 42 2d a6 86 d2 b8 d2 7a 02 77 df 5d cc 67 n.B-.....z.w.].g 03a0 50 8d 9f 4d f6 22 12 3d d1 f9 c5 5d d9 76 fb bc P..M.".=...].v.. 03b0 2b b5 05 d2 64 ce 32 c1 0f 70 a3 23 ed a9 cf 8c +...d.2..p.#.... 03c0 32 ce 1d 60 3b 22 63 46 28 e3 7f fb 5e ac c5 24 2..`;"cF(...^..$ 03d0 35 81 26 94 08 50 16 71 6d 19 ff 09 05 5.&..P.qm.... Edited November 3, 2013 by codemonkey85 Spoiler tags for my sanity.
codemonkey85 Posted October 29, 2013 Posted October 29, 2013 Any chance you could upload the straight binary data? I've been curious about these but haven't gotten properly setup to get them. EDIT: In case it's any use to anyone here: as of now the backend functionality for the PKX editor I've been working on is done. All that's left to do now is rearrange the UI and add labels so things actually make sense. I modeled my program after the structure reported by Mat and Xfr, and verified myself that encryption and shuffling work, so anyone who's been able to extract / inject PKX files should find this helpful. The source is on my GitHub (https://github.com/codemonkey85/PKMDS-G5/tree/master/PKX%20Editor). I'll post a binary (for Windows only) later. It will require the .Net Framework for the time being.
Bond697 Posted October 29, 2013 Author Posted October 29, 2013 you can see the pokemon in both of those just from a glance. looks like a lot of the same stuff as when trading. different order, though.
Zaneris Posted October 29, 2013 Posted October 29, 2013 you can see the pokemon in both of those just from a glance. looks like a lot of the same stuff as when trading. different order, though. Aha! Yeah, I've managed to extract the pokemon from the packet and decrypt them. The pokemon itself is the 232 bytes from offset 0x3d -> 0x124 (within the data portion of the packet). Last step is to try and stick my own pokemon in the receiving end of the wonder trade and see how it goes. Loved your nickname for the gible by the way
codemonkey85 Posted October 29, 2013 Posted October 29, 2013 Here is a link to the PKX Editor I have created: https://www.dropbox.com/s/bmklyrwq4lwsv7q/PKX%20Editor.exe
greatfire Posted October 29, 2013 Posted October 29, 2013 Because the download is an *.exe file the browser warns you and blocks it by default. You must allow it to be saved manually. Also Windows will probably block it too.
Mr. ZARDE Posted October 29, 2013 Posted October 29, 2013 And where should i download this? Mozzilla? Opera? Anything that doesn't block PKX Editor?
winglerw28 Posted October 29, 2013 Posted October 29, 2013 And where should i download this? Mozzilla? Opera? Anything that doesn't block PKX Editor? Just click the arrow next to the download on the toolbar in chrome. There is a menu item to keep the file. If you have Windows 7 or 8, the SmartScreen filter will also require clicking on the "Run Anyway" option.
scarfaceguns Posted October 29, 2013 Posted October 29, 2013 And where should i download this? Mozzilla? Opera? Anything that doesn't block PKX Editor? well i cant see how this editor will be useful for us JUST yet but... i can see from your screenshot, theres a dropdown arrow on the file click it and and click on "keep"
Mr. ZARDE Posted October 29, 2013 Posted October 29, 2013 Yes! It Worked!!!!! Just wondering will i be possible to extract my own pokémon from my Y? I know it won't cause it wasn't decrypted yet. Just asking.
CharlemagneXVI Posted October 29, 2013 Posted October 29, 2013 Wow, this is really something! Can't wait for a way to move Pokemon to and from the games.
xyzman Posted October 30, 2013 Posted October 30, 2013 Here is a link to the PKX Editor I have created: https://www.dropbox.com/s/bmklyrwq4lwsv7q/PKX%20Editor.exe What .NET framework version is required? I don't have access to Windows machine, and WINE + .NET was always a gamble...
xyzman Posted October 30, 2013 Posted October 30, 2013 Aha! Yeah, I've managed to extract the pokemon from the packet and decrypt them.The pokemon itself is the 232 bytes from offset 0x3d -> 0x124 (within the data portion of the packet). So wait... They send Wonder Trade data unencrypted? I love Nintendo very very much.
Mr. ZARDE Posted October 30, 2013 Posted October 30, 2013 Just a doubt, How could i understand the numbers of both items, abilities and attacks? It seems a bit confusing. I am just talking about the PKX Editor, of course!
codemonkey85 Posted October 30, 2013 Posted October 30, 2013 What .NET framework version is required? I don't have access to Windows machine, and WINE + .NET was always a gamble... Pretty sure it's 4.0. The backend library is vanilla C++ so I could compile a version for Linux / Mac if people need it. Just a doubt, How could i understand the numbers of both items, abilities and attacks? It seems a bit confusing. I am just talking about the PKX Editor, of course! This is just a bare-bones editor for those experimenting with the new format. If you want something polished... wait a while.
Codr Posted October 30, 2013 Posted October 30, 2013 So wait... They send Wonder Trade data unencrypted? I love Nintendo very very much. You'll be regretting saying that if you look into it any further.
scarfaceguns Posted October 30, 2013 Posted October 30, 2013 You'll be regretting saying that if you look into it any further. does this mean its impossible for an exploit through wonder trade?
xyzman Posted October 30, 2013 Posted October 30, 2013 You'll be regretting saying that if you look into it any further. I already regret saying this.
Zaneris Posted October 30, 2013 Posted October 30, 2013 I already regret saying this. Thats alright, I haven't even been able to test messing with the packet yet because for some reason I can see the exchange take place within wireshark, but then it doesn't ever seem to pass through windivert... My conclusion is that the 3DS packets while just being regular UDP somehow don't pass through WPF (unlikely), or it's due to my setup and using a virtual adapter to broadcast (more likely). Gonna dig up an old router today and see if I have more success.
evandixon Posted October 30, 2013 Posted October 30, 2013 Here is a link to the PKX Editor I have created: https://www.dropbox.com/s/bmklyrwq4lwsv7q/PKX%20Editor.exe http://gbatemp.net/threads/pkx-editor-by-codemonkey85.356901/ You're on GBAtemp now. Just thought you'd find that was interesting. (Like me, when Sky Editor appeared on some French forum.)
Keplar Posted October 30, 2013 Posted October 30, 2013 So you're having trouble using a virtual adapter to broadcast? I was actually considering switching over to that, in favor of a pure software solution that didn't require an extra router. At the moment, I'm searching for a program that I can easily tweak to swap out sections of packets. It would be nice if this involved HTTP traffic or if there was a simple DNS address I could spoof... It sure would make things a lot easier. UDP modification is relatively new to me.
Zaneris Posted October 30, 2013 Posted October 30, 2013 So you're having trouble using a virtual adapter to broadcast? I was actually considering switching over to that, in favor of a pure software solution that didn't require an extra router.At the moment, I'm searching for a program that I can easily tweak to swap out sections of packets. It would be nice if this involved HTTP traffic or if there was a simple DNS address I could spoof... It sure would make things a lot easier. UDP modification is relatively new to me. No, not an issue with broadcasting, it just seems like virtual adapter traffic isn't passing through the WPF, or it's missing from the API. If it's possible to do what I'm trying to do, I'll have a working example by the end of tonight, if not.. Hopefully one of these skilled gentlemen come up with something releaseable
codemonkey85 Posted October 30, 2013 Posted October 30, 2013 http://gbatemp.net/threads/pkx-editor-by-codemonkey85.356901/You're on GBAtemp now. Just thought you'd find that was interesting. (Like me, when Sky Editor appeared on some French forum.) Yikes. Thanks for the head's up. If it's possible to do what I'm trying to do, I'll have a working example by the end of tonight, if not.. Hopefully one of these skilled gentlemen come up with something releaseable Good luck man. I think we're all pretty excited to start getting some real data (well I know I am).
Jnoy Posted October 30, 2013 Posted October 30, 2013 Thats alright, I haven't even been able to test messing with the packet yet because for some reason I can see the exchange take place within wireshark, but then it doesn't ever seem to pass through windivert... My conclusion is that the 3DS packets while just being regular UDP somehow don't pass through WPF (unlikely), or it's due to my setup and using a virtual adapter to broadcast (more likely). Gonna dig up an old router today and see if I have more success. I tested it last night and I saw the exchange happen in Wireshark, two 989 byte long UDP packets formatted in the same manner as quoted here on page 4. I used a wifi-dongle in a Soft-AP setup + Wireshark to get the data. I could provide the binary packet data for sent and received packets. I was able to isolate and decrypt the Pokémon data with the tools provided in this thread. Also an interesting side-note: The game is directly communicating with the user's 3ds it is wondertrading with, no server in between or anything, at least for the process of trading. (I checked IP locations vs ingame locations of trade partners) Proof: https://www.dropbox.com/s/aaqq31er9eu969w/pkxedit.png Edit: Nvm, I misread your post. I thought you could not see the exchange, but then I noticed you were the one posting the first packets and are now another step ahead. Good luck with injecting.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now