Fenor Posted December 13, 2013 Posted December 13, 2013 So the bytes change each time the same Pokemon is shown. Here's 10 show packets for my Xerneas. wich mean it use the timestamp or a random value encrypt the data, i'm more for the timestamp. we then need to know at wich precision it is used (second? millisecond? worse?) do you have a timestamp of when you dumped these xerneas?
ReignOfComputer Posted December 13, 2013 Posted December 13, 2013 Eeeeenope. I'm too lazy to sync up my DS with a clock or something. Busy packing for a trip.
Fenor Posted December 13, 2013 Posted December 13, 2013 Eeeeenope. I'm too lazy to sync up my DS with a clock or something. Busy packing for a trip. ok, assuming you didn't mess with your 3ds clock recently you could look at the creation time of the file and see the difference in minutes between the 3ds and the pc and it's done. if we are lucky they use date/hours/minutes. if unlucky millisecond or worse. (i'm not saing to do it now, but when back from the trip) i might have a couple of idea to break the code (0,001% chance but still more than a pure 0)
evandixon Posted December 14, 2013 Posted December 14, 2013 Some posts that started kinda on-topic were getting a little off-topic. So they've been moved to their own thread. http://projectpokemon.org/forums/showthread.php?34104-Emulating-Wifi-(Subdiscussion-of-Pkx-The-New-Pokemon-Format-For-Gen-6)
Tomxc Posted December 14, 2013 Posted December 14, 2013 Obtained Mega stones IDs, they are between Mulchs and the new berries 656 Gengarite 657 Gardevoirite 658 Ampharosite 659 Venusaurite 660 Charizardite X 661 Blastoisinite 662 Mewtwonite X 663 Mewtwonite Y 664 Blazikenite 665 Medichamite 666 Houndoominite 667 Aggronite 668 Banettite 669 Tyranitarite 670 Scizorite 671 Pinsirite 672 Aerodactylite 673 Lucarionite 674 Abomasite 675 Kangaskhanite 676 Gyaradosite 677 Absolite 678 Charizardite Y 679 Alakazite 680 Heracronite 681 Mawilite 682 Manectite 683 Garchompite 684 ???? 685 ???? 686 Roseli Berry 684 and 685 may be Latiosite/Latiasite (or however they're spelled).
MrChaos Posted December 14, 2013 Posted December 14, 2013 Project should not be dead patch 1.2 fix's data interception. Oh well fun while it lasted. At least we can still clone pokemon
evandixon Posted December 15, 2013 Posted December 15, 2013 Just a reminder to everyone, this is a development thread. Anything that's not a contribution will be deleted. We're not trying to be mean, we're trying to keep things on topic.
BeUndead Posted December 15, 2013 Posted December 15, 2013 Is anyone around willing to AFK in a trade for a while (without showing any pokes of their own). I'll sync my DS up, and dump the whole packet for the same poke every 20 seconds or so? See if that gives people anything to go on?
Tailsko Posted December 16, 2013 Posted December 16, 2013 This may or may not help at all. I was thinking of setting up homepass to see what data is sent out and what data is received. Use that data with a wonder trade packet from 1.0 or 1.1 of X & Y, compare both and attempt to set up Instacheck that way.
BeUndead Posted December 16, 2013 Posted December 16, 2013 OK, for anyone who might be able to figure anything out from this: Here's a zip of 16 packets from showing the same Pokémon in standard trade. Each were (as close to as I could manage) 20 seconds apart. Start time, and Pokémon data included in the Info.rtf file. Hopefully there's no risk of personal information of me or the trade partner being findable in this (my apologies to them if there is). PacketDumps..zip
vagonhawk Posted December 16, 2013 Posted December 16, 2013 (edited) I've run a quick comparison of the various files provided. Highlighted red part is the same for both files. Comparing BeUndead's files. Just the first two. Comparing ReignOfComputer's Xerneas Comparing the first two pokemon in ReignOfComputer's Box collection Comparing ROC Xerneas with BeUndead's pokemon Comparing sent and received wonder trade I captured off my game From this I assume first block up to offset 0C is probably the identifier of the DS, as it's the same when both file are from the same DS. Start of 2nd line (offset 18 + 19) seems to increment with subsequent displays of the pokemon, I'd be interested to see what this looks like when the pokemon is shown in rapid succession. This was present in 1.0 - 1.1 files as well, looks like a timestamp. Midway through 2nd line (offset 24 + 25) changes with each viewing but I can't see any pattern for these. I'd be interested to see how this compares with the pokemon data from 1.0 - 1.1 packet captures Edited December 16, 2013 by Bond697
OmegaDonut Posted December 16, 2013 Posted December 16, 2013 I've run a quick comparison of the various files provided. Highlighted red part is the same for both files.*snip* The data you highlighted in red is not the data portion of the packet, it is part of the UDP packet header and not anything Game Freak added. It includes info such as source\destination MAC address (first twelve bytes).
scarfaceguns Posted December 26, 2013 Posted December 26, 2013 Hope this isnt off topic Has there been any progress with getting the pkx files back into the game itself? Nintendo has encrypted the trade communication packets so there won't be any progress for a very long time until its decrypted.
CharlemagneXVI Posted December 26, 2013 Posted December 26, 2013 Nintendo has encrypted the trade communication packets so there won't be any progress for a very long time until its decrypted. This encryption is the result of the 1.2 update, correct? How difficult would it be to break?
Kaphotics Posted December 26, 2013 Posted December 26, 2013 This encryption is the result of the 1.2 update, correct?How difficult would it be to break? Duh. Yet to be known.
CharlemagneXVI Posted December 29, 2013 Posted December 29, 2013 Duh.Yet to be known. Is a new encryption code generated for each trade (much like the save system) or is there one universal code used again and again? I would assume the latter, unless of course the randomly generated decryption code is sent along with each trade...
Kaphotics Posted December 30, 2013 Posted December 30, 2013 Is a new encryption code generated for each trade (much like the save system) or is there one universal code used again and again? I would assume the latter, unless of course the randomly generated decryption code is sent along with each trade... The 16byte 'checksum' is believed to be what is used to encrypt and decrypt the packet; however it is not yet known how it does it exactly. The 'checksum' has been observed to be 'randomly generated' based off of the contents of the packet header & data, as Zaneris has mentioned. Again, it is unknown how it is generated.
Kane49 Posted December 31, 2013 Posted December 31, 2013 The Encryption Method is fix, the hmac or salt or whatever gets negotiated everytime you establish a connection to a new server. You can see the negotiation clearly at the beginning of the ead packets.
Hide Posted January 6, 2014 Posted January 6, 2014 (edited) Duh.Yet to be known. I am happy to find the old-school team working on this thread/subject. You have always been an inspiration to me, and what you do actually makes the game really fun! Thank you very much! Now that xy has been locked down with the 1.2 update, is there anything left to temper with? I am very interested in acquiring my SID: - I read that with data acquired in-game, one could calculate the SID. The process is described here and here. - Considering the advance regarding the Pokémon X/Y 3DS Structure page, is it possible to devise a similar method to find a SID in XY? - In the other hand, how about the pkx data files you already have? - Can I dump this files and retrieve my trainer data from such file? - Was this program/method blocked by patch 1.2 as well? Regarding the lockdown: As far as I know, the patch is stored in the SD card of the console, which gives you "physical access" to the code devised to block the exploit. What happens if you try to decrypt/read the patch stored in the SD? It may contain "the instructions" to encrypt the data (like some sort of plugin). Thanks in advance for your comments! -Hide Edited January 6, 2014 by Hide
theSLAYER Posted January 6, 2014 Posted January 6, 2014 Information provided below is as accurate as what I *think* I know: ---- Now that xy has been locked down with the 1.2 update, is there anything left to temper with? So far, not anything, because trade data is encrypted (read above posts) In the other hand, how about the pkx data files you already have? - Can I dump this files and retrieve my trainer data from such file? Those files could not be re-inserted into the game at the first place. (no evidence seems to show that it could be done) There are programs that will show you the stats and SID on your existing Pkx files. (example one of such program, that has a familiar but not affiliated name: PokegenVI - Pokemon XY Editor v0.1 by Falo) - Was this program/method blocked by patch 1.2 as well? Yes. The program abused the fact that the data traffic was not encrypted. Now all WiFi trades are encrypted. (local trades are not encrypted, however at this point there is no way to direct local trades to run through a virtual router) Regarding the lockdown:As far as I know, the patch is stored in the SD card of the console, which gives you "physical access" to the code devised to block the exploit. What happens if you try to decrypt/read the patch stored in the SD? It may contain "the instructions" to encrypt the data (like some sort of plugin). The data on SD card is encrypted. If the data on SD could be decrypted, the direction of the console itself would have already geared towards hacking and e-shop games cloning [this portion is pure speculation]
Hide Posted January 6, 2014 Posted January 6, 2014 (edited) Thank you theSLAYER! Well, right now I don't want to inject data. I just want to read valuable information such as the SID and the IVs. Are there any viable means to retrieve or calculate gen VI SIDs? Aside of these methods (serebii, smogon) to calculate a SID in previous generations, I also found it is possible to retrieve certain game saves here; is it working for xy? And if it works, is it possible to read the information contained in such game save to get PKX data or trainer information? Another way to find the SID was employing the lottery ticket; basically, it took a person to retrieve 3 lottery numbers at a determined time and date (set on the DS) and input the numbers along the ID on a website. The instructions are here (it's in spanish, look for "3.3.- Sin Shinys"). The Japanese website is broken, but I found a similar one here. Given that you have several pkx files with the SID and that the lottery is back on xy, is it possible to device a method to retrieve the SID? Somebody from Japan found a "connection between the old SID finders" and xy to retrieve MASTERBALLS using the lottery dynamics. I know that's on a different subject, but there might be something of use to retrieve a SID. You can learn more about it here (it's in japanese). Please note that this post was made after the patch 1.2 release. Comments appreciated~ -Hide Edited January 6, 2014 by Hide
OmegaDonut Posted January 6, 2014 Posted January 6, 2014 Somebody from Japan found a "connection between the old SID finders" and xy to retrieve MASTERBALLS using the lottery dynamics. I know that's on a different subject, but there might be something of use to retrieve a SID. You can learn more about it here (it's in japanese). Please note that this post was made after the patch 1.2 release. Sorry, but it doesn't reveal anything special about XY. What they are describing how to RNG a game on BW2 so it has an ID that matches the one in the XY lottery for that day. Then they use Pokémon Bank to transfer a Pokémon caught on that game to their XY cart and win the lottery. Another way to find the SID was employing the lottery ticket; basically, it took a person to retrieve 3 lottery numbers at a determined time and date (set on the DS) and input the numbers along the ID on a website. Only doable because the RNG seed generation was known and could be manipulated by changing the time and date. Not possible on XY. Same goes for all the other methods you mentioned.
scarfaceguns Posted January 6, 2014 Posted January 6, 2014 Thank you theSLAYER!Well, right now I don't want to inject data. I just want to read valuable information such as the SID and the IVs. Are there any viable means to retrieve or calculate gen VI SIDs? Aside of these methods (serebii, smogon) to calculate a SID in previous generations, I also found it is possible to retrieve certain game saves here; is it working for xy? And if it works, is it possible to read the information contained in such game save to get PKX data or trainer information? Another way to find the SID was employing the lottery ticket; basically, it took a person to retrieve 3 lottery numbers at a determined time and date (set on the DS) and input the numbers along the ID on a website. The instructions are here (it's in spanish, look for "3.3.- Sin Shinys"). The Japanese website is broken, but I found a similar one here. Given that you have several pkx files with the SID and that the lottery is back on xy, is it possible to device a method to retrieve the SID? Somebody from Japan found a "connection between the old SID finders" and xy to retrieve MASTERBALLS using the lottery dynamics. I know that's on a different subject, but there might be something of use to retrieve a SID. You can learn more about it here (it's in japanese). Please note that this post was made after the patch 1.2 release. Comments appreciated~ -Hide I'm not sure what you even think you can do with your SID but as for iv calculating, at this point the only way to check iv's is to hatch the egg and start a battle with someone, with levels locked to level 50 you can then use an iv calculator.
master_pl Posted January 9, 2014 Posted January 9, 2014 it seems possible to dump pkx data from local trades using libpcap (using an appropiate chipset, not for windows 'cause winpcap dont support monitor), think that injection would be very dificult that way (besides calculte checksum). Now i'm doing manualy, capturing with kismac and later viewing packets in wireshark (yeah i know cant run wireshark well on Mavericks), the hardest part is that not using an 800.11 and any standart protocols, first headers are mac adrress from origin and destination like the standard, but later the hard work is to do some reverse engeniering
Poryhack Posted January 9, 2014 Posted January 9, 2014 it seems possible to dump pkx data from local trades using libpcap (using an appropiate chipset, not for windows 'cause winpcap dont support monitor), think that injection would be very dificult that way (besides calculte checksum). Now i'm doing manualy, capturing with kismac and later viewing packets in wireshark (yeah i know cant run wireshark well on Mavericks), the hardest part is that not using an 800.11 and any standart protocols, first headers are mac adrress from origin and destination like the standard, but later the hard work is to do some reverse engeniering This might help you. It's research into the protocol for the original DS, but there may be similarities.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now