Jump to content
This Topic

Pkx: The New Pokemon Format For Gen 6

Bond697

By Bond697
in PKM

 Share

Recommended Posts

Kane49

Kane49

Posted
Posted
  Codr said:
The games have a certificate as well. I won't pretend that I understand TLS fully, but I highly doubt it's the same thing. This is also assuming what you just linked is from the TLS server that X/Y use.

Its the Certificate my X uses when initiating a connection to the internet during the TLS Handshake, you can read the certificate binary data with wireshark and dump it pretty easily.

Unfortunately the important part is the servers private key which while crackable by throwing enough computation power at it is crazy hard to obtain.

  • Replies 284
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Cu3PO42

Cu3PO42

Posted
Posted

While extracting PKX files of wonder traded Pokémon once or twice I could only find the incoming packets, but not the outgoing... My wireshark filter should not exclude any significant packages, though. Even with manual scanning I could not find them. Has anyone else encountered this?

Anyway, I will try and put together a little program that inserts PKX files into the incoming traffic later, that is when I get some priority stuff done (wish I had more time for this...). I plan to use ones that I extracted earlier (with known checksums and other header values) and check if the game cares about what was named unk3 earlier in terms of the checksum, but I'd suppose it's only the PKX data itself.

@Zaneris: In case you already created something it would be a waste of time, of course. In that case: Have you tried that?

I would agree it's probably a salted MD5. If it wasn't for the 16 bytes I would have thought of a sha1 hash, as that's what Nintendo used in previous games for the GTS protocol (sha1(salt+data)). I guess the only thing we can really do is use hashcat to bruteforce it, with todays GPU power it shouldn't even take tooooo long.

The real problem I see, though, is that Nintendo can easily patch all this and I see it coming down to the good old cat-and-mouse game.

Codr

Codr

Posted
Posted
  Kane49 said:
Its the Certificate my X uses when initiating a connection to the internet during the TLS Handshake, you can read the certificate binary data with wireshark and dump it pretty easily.

Unfortunately the important part is the servers private key which while crackable by throwing enough computation power at it is crazy hard to obtain.

I didn't notice that the client was also sending its certificate. Documentation I had read didn't indicate that there was some key alongside the certificate, rather than contained within. There must be something, as there's no way simply having both certificates is all it takes... that's just too easy.

Poryhack

Poryhack

Posted
Posted
  Codr said:
I didn't notice that the client was also sending its certificate. Documentation I had read didn't indicate that there was some key alongside the certificate, rather than contained within. There must be something, as there's no way simply having both certificates is all it takes... that's just too easy.

Wikipedia has a pretty good overview of how it works: http://en.wikipedia.org/wiki/Transport_Layer_Security#Client-authenticated_TLS_handshake

If you have the client cert and corresponding private key (both will be hard-coded into the ROM somewhere) then you can emulate a client. Emulating the server on the other hand would require Nintendo's private key, which you could only get through (presumably unauthorized) access to their server. Technically brute force is an option too but I see that as being even less plausible then someone hacking Nintendo.

EDIT: It might actually be possible that the client certificate and private key are unique to each 3DS and stored somewhere outside the ROM.

Cu3PO42

Cu3PO42

Posted
Posted

I just found some more time to put into this and put together some small programs to programatically extract all wonder traded Pokémon and insert them, well that is what I planned to. I have not figured the checksum thing yet, so I just took ones I extracted earlier of which I knew the checksum. I tried both replacing only the header + actual data and replacing the whole packet. Both did not work as intended however, I still received the random pokemon from someone. I confirmed, using another MitM, that the packets were actually modified. The only reasonable explanation I have is that the data must also be transmitted in other packets which override the 'obvious' ones in case of a conflict.

Has anyone managed to inject Pokémon successfully so far?

Kane49

Kane49

Posted
Posted
  Cu3PO42 said:
I just found some more time to put into this and put together some small programs to programatically extract all wonder traded Pokémon and insert them, well that is what I planned to. I have not figured the checksum thing yet, so I just took ones I extracted earlier of which I knew the checksum. I tried both replacing only the header + actual data and replacing the whole packet. Both did not work as intended however, I still received the random pokemon from someone. I confirmed, using another MitM, that the packets were actually modified. The only reasonable explanation I have is that the data must also be transmitted in other packets which override the 'obvious' ones in case of a conflict.

Has anyone managed to inject Pokémon successfully so far?

Can (or rather will) you elaborate the mitm method you are using ? My idea was a transparent proxy for total control, i dont really like the classic packet crafting method but i have not had time to delve deeper. Maybe on the weekend :)

In cases where you modify something but the client doesn't seem to care you should start simply blocking packets to see how much you can kill before the wonder trade stops working to get a sense of how redundant the communication is.

Apparenly the game loves redundancy, the UDP Packets to establish a wonder trade are usually sent 5x or 10x times. However thats not really uncommon when using UDP ^^

Cu3PO42

Cu3PO42

Posted
Posted
  Snow said:
Isn't the gible edited?

It is, really. That means Bond697 and Xfr have not only managed to inject, but also got their heads around the checksum. Or they found something completely different, which is yet unknown to us. I wonder whether they used a hardware mod... I don't think so though as they nicknamed the Gible "Wireshark". Only time will tell...

Cu3PO42

Cu3PO42

Posted
Posted
  Kane49 said:
Can (or rather will) you elaborate the mitm method you are using ? My idea was a transparent proxy for total control, i dont really like the classic packet crafting method but i have not had time to delve deeper. Maybe on the weekend :)

In cases where you modify something but the client doesn't seem to care you should start simply blocking packets to see how much you can kill before the wonder trade stops working to get a sense of how redundant the communication is.

Apparenly the game loves redundancy, the UDP Packets to establish a wonder trade are usually sent 5x or 10x times. However thats not really uncommon when using UDP ^^

I both can and will. I'm using ARP poisoning to route all the traffic through my mashine. It just seemed easiest to me. An early, but admittedly half-hearted attempt, to do the same using a proxy failed. The 3DS refused to wonder trade, etc. I will try dropping select packages later, but currently I do unfortunately not have any time at all.

I also suggest we already start working on the checksum, just in case we get injection working soon. I just wanted to start a bruteforce attack using oclHashcat-plus, but appaerantly a salt of 232 bytes (the PKX data) is too much for it to handle. In case anyone knows a program that could bruteforce such a long 'password', I suggest we just have a list of all tried algorithms, so that we can distribute the workload.

soneek

soneek

Posted
Posted

Zaneris and I, as well as other users have been eliminating methods that don't work. We haven't been successful yet, but there are still methods that we are able to implement. Hopefully we'll get closer over the next few days.

MrAnalysis

MrAnalysis

Posted
Posted
  soneek said:
Zaneris and I, as well as other users have been eliminating methods that don't work. We haven't been successful yet, but there are still methods that we are able to implement. Hopefully we'll get closer over the next few days.

Emulating the whole friend safari would be cool if possible. example.

Log when friend is added untill pokemon are in your friend safari.

Then find the friend code bit and change it to a random code. Change pokemon you get for whatever you want. Then add that friend code you made up as a friend. If that makes sense.

Kane49

Kane49

Posted
Posted (edited)

On the checksum:

This is the exact same pokemon being sent during 3 different wondertrades -

  Reveal hidden contents
Edited by codemonkey85
Added spoiler tags for my sanity.
Cu3PO42

Cu3PO42

Posted
Posted
  Kane49 said:
On the checksum:

This is the exact same pokemon being sent during 3 different wondertrades -

  Reveal hidden contents
Keplar

Keplar

Posted
Posted
  Cu3PO42 said:
I both can and will. I'm using ARP poisoning to route all the traffic through my mashine. It just seemed easiest to me. An early, but admittedly half-hearted attempt, to do the same using a proxy failed. The 3DS refused to wonder trade, etc. I will try dropping select packages later, but currently I do unfortunately not have any time at all.

I also suggest we already start working on the checksum, just in case we get injection working soon. I just wanted to start a bruteforce attack using oclHashcat-plus, but appaerantly a salt of 232 bytes (the PKX data) is too much for it to handle. In case anyone knows a program that could bruteforce such a long 'password', I suggest we just have a list of all tried algorithms, so that we can distribute the workload.

The problem is that we aren't even sure how long the salt is, whether the salt is placed before or after the data payload (or both), or even what sections of data are being hashed. If it's anywhere near as long as the 20 character SHA1 salt used in the GTS, then it's not even worth trying to brute-force. You'd have better luck finding/hiring a hardware engineer to reproduce what neimod and smea can do, and pull it out of RAM.

This deeply confuses me. Assuming we're right that this is a hash, and assuming that this hash is absolutely required by the game and that we're not just making mistakes elsewhere in our injection process, then it should've been impossible for bond and xfr to inject an edited Pokemon using wonder trade. Unless, of course, they happen to have the same hardware setup as neimod and smea.

Kane49

Kane49

Posted
Posted
  Cu3PO42 said:
Oh lord... I was afraid that would happen... How did you manage to get the same Pokémon three times, though? Or was it just a regular trade? I have unfortunately not had a chance to test that...

The checksum obviously needs to be calculated from data available to both systems, so some seeds might be exchanged in other packets. This is gonna be a nightmare to figure out :(

I waited till the 1038 byte frame was sent and ejected my pokemon cartridge :P

Cu3PO42

Cu3PO42

Posted
Posted
  Keplar said:
The problem is that we aren't even sure how long the salt is, whether the salt is placed before or after the data payload (or both), or even what sections of data are being hashed. If it's anywhere near as long as the 20 character SHA1 salt used in the GTS, then it's not even worth trying to brute-force. You'd have better luck finding/hiring a hardware engineer to reproduce what neimod and smea can do, and pull it out of RAM.

This deeply confuses me. Assuming we're right that this is a hash, and assuming that this hash is absolutely required by the game and that we're not just making mistakes elsewhere in our injection process, then it should've been impossible for bond and xfr to inject an edited Pokemon using wonder trade. Unless, of course, they happen to have the same hardware setup as neimod and smea.

Given the 16byte checksum I figured it would be MD5 and bruteforcing like 12-16 bytes is definitely possible on modern hardware. Hail to GPGPU processing ;)

Then again we don't even know what of the actual data is hashed. And the previous use of sha1 in the GTS would also make md5 unlikely. Maybe it's just arbitrary data that we don't need to change at all... Or it really is a checksum and calculated from data in other packets which might explain why injecting doesn't work, because even if we use an extracted checksum it is not the correct one...

If they had a RAM reading/writing setup why would they have named the gible 'Wireshark'? To confuse us O.o?

  Kane49 said:
I waited till the 1038 byte frame was sent and ejected my pokemon cartridge :P

Oh well, hardware exploits :D Didn't think about them...

Do you get 1038 or 994 byte frames more often? About 9 out of 10 are 994 for me...

KarjamP

KarjamP

Posted
Posted

If it's true that it uses MD5, then according to Wikipedia, the checksum isn't very secure nowadays.

I don't think Nintendo would use a hash tag checksum that has been proven to no longer be as secure as in the past.

Then again, I don't know Nintendo's decisions, so...

Zaneris

Zaneris

Posted
Posted

I've been collecting 0 data packets to look for some that match in checksum, and found some that in fact do...

The only thing differing between the ones that are different is part of the header.

ead001000000a1af93008c0004008b3d086c8d37bfd2bc9e556f8373ddfc
ead001000000a1af93008c0004008b3d086c8d37bfd2bc9e556f8373ddfc
ead001000000a1af93008c0004008b3d086c8d37bfd2bc9e556f8373ddfc
ead001000000a1af9300ff000400a80cb50b2df825c4a1d19890bba72157
ead001000000a1af9300ff000400a80cb50b2df825c4a1d19890bba72157
ead001000000a1af9300ff000400a80cb50b2df825c4a1d19890bba72157
ead001000000a1af930093000400a9e5d4be3da3e2b0e472e027f16e45ff
ead001000000a1af930093000400a9e5d4be3da3e2b0e472e027f16e45ff
ead001000000a1af930093000400a9e5d4be3da3e2b0e472e027f16e45ff
ead001000000a1af9300020004003d87795e6cad682c430d8751f79fc0f0
ead001000000a1af9300020004003d87795e6cad682c430d8751f79fc0f0
ead001000000a1af9300020004003d87795e6cad682c430d8751f79fc0f0
ead001000000a1af930040000400b8f17af75971928c461bea59a847cbef
ead001000000a1af930040000400b8f17af75971928c461bea59a847cbef
ead001000000a1af930040000400b8f17af75971928c461bea59a847cbef
ead001000000a1af930088000400a480a844a2bab1c1d79bafa9aeefc327
ead001000000a1af930088000400a480a844a2bab1c1d79bafa9aeefc327

I logged off and on again to reset the packet ID, and that's how I got matching packets.

codemonkey85

codemonkey85

Posted
Posted

People, remember what Bond, said. Direct contributions only. This is still a work in progress, and when it is ready for people to use you will know about it.

  ReignOfComputer said:
Not sure if this will help, but I've dumped some PKX files from my game and will continue to do so: http://projectpokemon.org/forums/showthread.php?33180-Pok%E9mon-X-and-Y-PKX-Contribution

If you don't mind, a better use of your time and resources would be to document the index numbers of new moves and new abilities as you dump the data.

evandixon

evandixon

Posted
Posted
  tong124 said:
Then i can not use it right now ,Am i correct?

It's currently a very user unfriendly process, because it's still in the making. Wait until a tool is released because you may have a hard time with capturing packets of data and extracting certain bytes.

ReignOfComputer

ReignOfComputer

Posted
Posted (edited)

Ugh. Got the Move IDs, special thanks to Stormfront, Griver, Arphage, Faust, and watsbeef for helping me find Pokemon with the moves, and codemonkey85 for a nice little converter he made to help me out.

Don't have it all, done yet, have 6 moves yet to be associated with an ID but there are more than 6 unassociated IDs though o_O

Edit: 2 more moves, "Celebration (Sylveon Event) and Happy Time (doubles the amount of money won, Inkay Event)" -Veganosaure

  Reveal hidden contents

Spreadsheet link: http://sdrv.ms/17znyCW

Edit: Data added to veekun's spreadsheet.

Edited by ReignOfComputer
Updating movelist

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...