Jump to content

Recommended Posts

Posted
So the bytes change each time the same Pokemon is shown. Here's 10 show packets for my Xerneas.

wich mean it use the timestamp or a random value encrypt the data, i'm more for the timestamp. we then need to know at wich precision it is used (second? millisecond? worse?)

do you have a timestamp of when you dumped these xerneas?

  • Replies 284
  • Created
  • Last Reply

Top Posters In This Topic

Posted
Eeeeenope. I'm too lazy to sync up my DS with a clock or something. Busy packing for a trip.

ok, assuming you didn't mess with your 3ds clock recently you could look at the creation time of the file and see the difference in minutes between the 3ds and the pc and it's done. if we are lucky they use date/hours/minutes. if unlucky millisecond or worse.

(i'm not saing to do it now, but when back from the trip)

i might have a couple of idea to break the code (0,001% chance but still more than a pure 0)

Posted
Obtained Mega stones IDs, they are between Mulchs and the new berries

656 Gengarite

657 Gardevoirite

658 Ampharosite

659 Venusaurite

660 Charizardite X

661 Blastoisinite

662 Mewtwonite X

663 Mewtwonite Y

664 Blazikenite

665 Medichamite

666 Houndoominite

667 Aggronite

668 Banettite

669 Tyranitarite

670 Scizorite

671 Pinsirite

672 Aerodactylite

673 Lucarionite

674 Abomasite

675 Kangaskhanite

676 Gyaradosite

677 Absolite

678 Charizardite Y

679 Alakazite

680 Heracronite

681 Mawilite

682 Manectite

683 Garchompite

684 ????

685 ????

686 Roseli Berry

684 and 685 may be Latiosite/Latiasite (or however they're spelled).

Posted

Is anyone around willing to AFK in a trade for a while (without showing any pokes of their own). I'll sync my DS up, and dump the whole packet for the same poke every 20 seconds or so? See if that gives people anything to go on?

Posted

This may or may not help at all. I was thinking of setting up homepass to see what data is sent out and what data is received. Use that data with a wonder trade packet from 1.0 or 1.1 of X & Y, compare both and attempt to set up Instacheck that way.

Posted

OK, for anyone who might be able to figure anything out from this:

Here's a zip of 16 packets from showing the same Pokémon in standard trade.

Each were (as close to as I could manage) 20 seconds apart. Start time, and Pokémon data included in the Info.rtf file.

Hopefully there's no risk of personal information of me or the trade partner being findable in this (my apologies to them if there is).

PacketDumps..zip

PacketDumps..zip

Posted (edited)

I've run a quick comparison of the various files provided. Highlighted red part is the same for both files.

Comparing BeUndead's files. Just the first two.

BUjdhYUh.png

Comparing ReignOfComputer's Xerneas

V6qjmP7h.png

Comparing the first two pokemon in ReignOfComputer's Box collection

91yCbVXh.png

Comparing ROC Xerneas with BeUndead's pokemon

w9s9tQVh.png

Comparing sent and received wonder trade I captured off my game

lAYUuk8h.png

From this I assume first block up to offset 0C is probably the identifier of the DS, as it's the same when both file are from the same DS.

Start of 2nd line (offset 18 + 19) seems to increment with subsequent displays of the pokemon, I'd be interested to see what this looks like when the pokemon is shown in rapid succession. This was present in 1.0 - 1.1 files as well, looks like a timestamp.

Midway through 2nd line (offset 24 + 25) changes with each viewing but I can't see any pattern for these.

I'd be interested to see how this compares with the pokemon data from 1.0 - 1.1 packet captures

Edited by Bond697
Posted
I've run a quick comparison of the various files provided. Highlighted red part is the same for both files.

*snip*

The data you highlighted in red is not the data portion of the packet, it is part of the UDP packet header and not anything Game Freak added. It includes info such as source\destination MAC address (first twelve bytes).

  • 2 weeks later...
Posted
Hope this isnt off topic

Has there been any progress with getting the pkx files back into the game itself?

Nintendo has encrypted the trade communication packets so there won't be any progress for a very long time until its decrypted.

Posted
Nintendo has encrypted the trade communication packets so there won't be any progress for a very long time until its decrypted.

This encryption is the result of the 1.2 update, correct?

How difficult would it be to break?

Posted
Duh.

Yet to be known.

Is a new encryption code generated for each trade (much like the save system) or is there one universal code used again and again? I would assume the latter, unless of course the randomly generated decryption code is sent along with each trade...

Posted
Is a new encryption code generated for each trade (much like the save system) or is there one universal code used again and again? I would assume the latter, unless of course the randomly generated decryption code is sent along with each trade...

The 16byte 'checksum' is believed to be what is used to encrypt and decrypt the packet; however it is not yet known how it does it exactly.

The 'checksum' has been observed to be 'randomly generated' based off of the contents of the packet header & data, as Zaneris has mentioned. Again, it is unknown how it is generated.

Posted

The Encryption Method is fix, the hmac or salt or whatever gets negotiated everytime you establish a connection to a new server.

You can see the negotiation clearly at the beginning of the ead packets.

Posted (edited)
Duh.

Yet to be known.

I am happy to find the old-school team working on this thread/subject. You have always been an inspiration to me, and what you do actually makes the game really fun! Thank you very much!

Now that xy has been locked down with the 1.2 update, is there anything left to temper with?

I am very interested in acquiring my SID:

- I read that with data acquired in-game, one could calculate the SID. The process is described here and here.

- Considering the advance regarding the Pokémon X/Y 3DS Structure page, is it possible to devise a similar method to find a SID in XY?

- In the other hand, how about the pkx data files you already have?

- Can I dump this files and retrieve my trainer data from such file?

- Was this program/method blocked by patch 1.2 as well?

Regarding the lockdown:

As far as I know, the patch is stored in the SD card of the console, which gives you "physical access" to the code devised to block the exploit. What happens if you try to decrypt/read the patch stored in the SD? It may contain "the instructions" to encrypt the data (like some sort of plugin).

Thanks in advance for your comments!

-Hide

Edited by Hide
Posted

Information provided below is as accurate as what I *think* I know:

----

Now that xy has been locked down with the 1.2 update, is there anything left to temper with?

So far, not anything, because trade data is encrypted (read above posts)

In the other hand, how about the pkx data files you already have?

- Can I dump this files and retrieve my trainer data from such file?

Those files could not be re-inserted into the game at the first place. (no evidence seems to show that it could be done)

There are programs that will show you the stats and SID on your existing Pkx files.

(example one of such program, that has a familiar but not affiliated name: PokegenVI - Pokemon XY Editor v0.1 by Falo)

- Was this program/method blocked by patch 1.2 as well?

Yes.

The program abused the fact that the data traffic was not encrypted.

Now all WiFi trades are encrypted.

(local trades are not encrypted, however at this point there is no way to direct local trades to run through a virtual router)

Regarding the lockdown:

As far as I know, the patch is stored in the SD card of the console, which gives you "physical access" to the code devised to block the exploit. What happens if you try to decrypt/read the patch stored in the SD? It may contain "the instructions" to encrypt the data (like some sort of plugin).

The data on SD card is encrypted.

If the data on SD could be decrypted, the direction of the console itself would have already geared towards hacking and e-shop games cloning [this portion is pure speculation]

Posted (edited)

Thank you theSLAYER!

Well, right now I don't want to inject data. I just want to read valuable information such as the SID and the IVs.

Are there any viable means to retrieve or calculate gen VI SIDs?

Aside of these methods (serebii, smogon) to calculate a SID in previous generations, I also found it is possible to retrieve certain game saves here; is it working for xy? And if it works, is it possible to read the information contained in such game save to get PKX data or trainer information?

Another way to find the SID was employing the lottery ticket; basically, it took a person to retrieve 3 lottery numbers at a determined time and date (set on the DS) and input the numbers along the ID on a website. The instructions are here (it's in spanish, look for "3.3.- Sin Shinys"). The Japanese website is broken, but I found a similar one here.

Given that you have several pkx files with the SID and that the lottery is back on xy, is it possible to device a method to retrieve the SID?

Somebody from Japan found a "connection between the old SID finders" and xy to retrieve MASTERBALLS using the lottery dynamics. I know that's on a different subject, but there might be something of use to retrieve a SID. You can learn more about it here (it's in japanese). Please note that this post was made after the patch 1.2 release.

Comments appreciated~

-Hide

Edited by Hide
Posted
Somebody from Japan found a "connection between the old SID finders" and xy to retrieve MASTERBALLS using the lottery dynamics. I know that's on a different subject, but there might be something of use to retrieve a SID. You can learn more about it here (it's in japanese). Please note that this post was made after the patch 1.2 release.

Sorry, but it doesn't reveal anything special about XY. What they are describing how to RNG a game on BW2 so it has an ID that matches the one in the XY lottery for that day. Then they use Pokémon Bank to transfer a Pokémon caught on that game to their XY cart and win the lottery.

Another way to find the SID was employing the lottery ticket; basically, it took a person to retrieve 3 lottery numbers at a determined time and date (set on the DS) and input the numbers along the ID on a website.

Only doable because the RNG seed generation was known and could be manipulated by changing the time and date. Not possible on XY. Same goes for all the other methods you mentioned.

Posted
Thank you theSLAYER!

Well, right now I don't want to inject data. I just want to read valuable information such as the SID and the IVs.

Are there any viable means to retrieve or calculate gen VI SIDs?

Aside of these methods (serebii, smogon) to calculate a SID in previous generations, I also found it is possible to retrieve certain game saves here; is it working for xy? And if it works, is it possible to read the information contained in such game save to get PKX data or trainer information?

Another way to find the SID was employing the lottery ticket; basically, it took a person to retrieve 3 lottery numbers at a determined time and date (set on the DS) and input the numbers along the ID on a website. The instructions are here (it's in spanish, look for "3.3.- Sin Shinys"). The Japanese website is broken, but I found a similar one here.

Given that you have several pkx files with the SID and that the lottery is back on xy, is it possible to device a method to retrieve the SID?

Somebody from Japan found a "connection between the old SID finders" and xy to retrieve MASTERBALLS using the lottery dynamics. I know that's on a different subject, but there might be something of use to retrieve a SID. You can learn more about it here (it's in japanese). Please note that this post was made after the patch 1.2 release.

Comments appreciated~

-Hide

I'm not sure what you even think you can do with your SID but as for iv calculating, at this point the only way to check iv's is to hatch the egg and start a battle with someone, with levels locked to level 50 you can then use an iv calculator.

Posted

it seems possible to dump pkx data from local trades using libpcap (using an appropiate chipset, not for windows 'cause winpcap dont support monitor), think that injection would be very dificult that way (besides calculte checksum). Now i'm doing manualy, capturing with kismac and later viewing packets in wireshark (yeah i know cant run wireshark well on Mavericks), the hardest part is that not using an 800.11 and any standart protocols, first headers are mac adrress from origin and destination like the standard, but later the hard work is to do some reverse engeniering

Posted
it seems possible to dump pkx data from local trades using libpcap (using an appropiate chipset, not for windows 'cause winpcap dont support monitor), think that injection would be very dificult that way (besides calculte checksum). Now i'm doing manualy, capturing with kismac and later viewing packets in wireshark (yeah i know cant run wireshark well on Mavericks), the hardest part is that not using an 800.11 and any standart protocols, first headers are mac adrress from origin and destination like the standard, but later the hard work is to do some reverse engeniering

This might help you. It's research into the protocol for the original DS, but there may be similarities.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...