Jump to content

GTS: website research

Vlad

By Vlad
in RAM - NDS Research & Development

 Share

Recommended Posts

Scarface

Scarface

Posted
Posted

try clicking on start then click run. Type in "cmd" then once the command box pops up type in "ipconfig" and hit enter then next to where it says ip address put that in your dns settings on your ds

  • Replies 652
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

flyingpker

flyingpker

Posted
Posted

I have a problem, my signal is red, then green, then after a minute red again. Someone said earlier that port 53 and 80 need to be open or something. How do you do this? Where do you change port numbers, is that on your IP?

ezxen

ezxen

Posted
Posted
I have a problem, my signal is red, then green, then after a minute red again. Someone said earlier that port 53 and 80 need to be open or something. How do you do this? Where do you change port numbers, is that on your IP?

are you behind a router?

Rukia-san

Rukia-san

Posted
Posted

Hello and thank you for the amazing work.<3

I have uploaded Vlad's script on the host I'm using for my website and the only thing that I have is :

No logs has yet been... logged.

Is this normal?

Plus when I tried to connect on the GTS I have this error: 52100

What did I do wrong?

Can someone explain to me how can I connect when I put the folder on a real host?

Thank you in advance.

ILJICH

ILJICH

Posted
Posted
As said earlier in the thread from vlad on post #123 The mystery gift may use SSL which is hard to crack and act as the server.

So at this point, There will be no Wondercard Distribution Research.

Well, WC really uses SSL, and I already tried MITM-atack. No results yet(

Honestly, there are few things we can do.

Hard way: we can try to exploit a vulnerability of ssl, which allows to sign our own certificate with NOA key, so DS will trust. Yep, it IS bruteforce, but it can be completed in adequate time.

Easy way: we can try to redirect requests to non-encrypted channel. I don't think that DS will insist using SSL. If so - we can just patch rom and analyse data transferring while others will perform hard way)

Vlad

Vlad

Posted
  • Author
Posted

Rukia-san I recommend using the simple way: python for both DNS and HTTP server -much easier than that crappy site I made that I only used for debugging. You could try either LordLangdons script #43 or mine #129.

Scarface

Scarface

Posted
Posted
Rukia-san I recommend using the simple way: python for both DNS and HTTP server -much easier than that crappy site I made that I only used for debugging. You could try either LordLangdons script #43 or mine #129.

Im having some problems with your Script, when i Connect to the GTS it says:

Unable to connect to the GTS.

Returning to the reception counter.

But when i test the connection with both programs running i get a connection successful

and all my ports on my router is open and my firewalls are turned off

and when i run the program it gives me the IP address of my internet company instead of the router but i been connecting with my routers ip in the ds's dns settings because the IP address to the internet company doesnt connect for me

Vlad

Vlad

Posted
  • Author
Posted

Weird :< but I feel such pain in my chest that I contribute and keep the support alive in this thread when we have a separate one for "help me..." questions. :(

Latias4Ever

Latias4Ever

Posted
Posted
try clicking on start then click run. Type in "cmd" then once the command box pops up type in "ipconfig" and hit enter then next to where it says ip address put that in your dns settings on your ds

I tried to do that and got the error code 52200... Does my modem have anything to do with this problem?

Are you useing a router like wireless or direct modem? If its a direct modem Its mostliklygonna use your regular ip takea ,ook at this http://projectpokemon.org/forums/showthread.php?780-GTS-website-research&p=68886&viewfull=1#post68886

This works as both a wireless router and a cable modem. And I've tried doing something like that but for some reason it didn't work.

flyingpker

flyingpker

Posted
Posted
are you behind a router?

Umm my Router is Downstairs. And I am up stairs. I am behind the Router, but also Upstairs. Are you suppose to be in Front of the Router?

Scarface

Scarface

Posted
Posted
Umm my Router is Downstairs. And I am up stairs. I am behind the Router, but also Upstairs. Are you suppose to be in Front of the Router?

"ARE YOU USING A ROUTER" Is what ezxen meant

Vlad

Vlad

Posted
  • Author
Posted

To end the face-palming. What he meant flyingpker is if you are connected to the internet trough a router. If you are then it means you need to configure the ports on the routers administration page so that the traffic on ports 80 and 53 are directed to your machine -if you want a public service, so others can connect to your server when connecting from the outside of your house/i.e. their connection does not go into your router box directly, but from the outside of your house.

doeiqts

doeiqts

Posted
Posted

Vlad, is your python script threaded? Or is GTS Nuker the only threaded server?

Also, would it be possible to forward all non GTS requests through to the regular web server running on the computer?

Vlad

Vlad

Posted
  • Author
Posted

Mine ain't threaded, was my first Python script. :P GTS Nuker is the only community release that is threaded.

When we use the DNS to redirect requests, at least in my script what I did was only redirect request going to "gamestats2.gs.nintendowifi.net" to a specific IP (that was the custom webserver IP). Everything else should be left alone. Now the new host must handle two things, the GTS and the Battletower as they oddly are implemented on that server. They also share one file I believe, the setProfile.asp in the /common/ dir so it's a little messy but you could manage and redirect those requests (battletower) to the official Nintendo GTS server and only intercept the GTS communication, but that's done within the webserver, the DNS is supposed only to redirect all the traffic from the mentioned CNAME.

Wichu

Wichu

Posted
Posted

We can get the DS card to connect to a fake GTS server, but what about the other way round? I tried writing a program to connect to the real GTS, without much success. I tried connecting to the GTS server, referring to the wiki page, but it gave me a 403 error. The request I sent was:

GET /pokemondpds/worldexchange/info.asp?pid=117094747 HTTP/1.1

Host: gamestats2.gs.nintendowifi.net

User-Agent: GameSpyHTTP/1.0

Connection: close

I'm assuming the DS games have to 'log on' first to get a unique PID, right? Has this been figured out?

doeiqts

doeiqts

Posted
Posted
Mine ain't threaded, was my first Python script. :P GTS Nuker is the only community release that is threaded.

When we use the DNS to redirect requests, at least in my script what I did was only redirect request going to "gamestats2.gs.nintendowifi.net" to a specific IP (that was the custom webserver IP). Everything else should be left alone. Now the new host must handle two things, the GTS and the Battletower as they oddly are implemented on that server. They also share one file I believe, the setProfile.asp in the /common/ dir so it's a little messy but you could manage and redirect those requests (battletower) to the official Nintendo GTS server and only intercept the GTS communication, but that's done within the webserver, the DNS is supposed only to redirect all the traffic from the mentioned CNAME.

Hmm... cause I went to access my webserver (running on the same computer as the DNS server and pkmn server) and I got the Hello World message (which is what "out" is set to if there's no request in your pkmn server).

I'll have to test it more when all my stuff comes back online. I don't think I can run GTS Nuker (though I haven't tried yet) with Apache running at the same time, which is why I liked your python scripts better. I'll try and do some more research soon.

doeiqts

doeiqts

Posted
Posted
Mine ain't threaded, was my first Python script. :P GTS Nuker is the only community release that is threaded.

When we use the DNS to redirect requests, at least in my script what I did was only redirect request going to "gamestats2.gs.nintendowifi.net" to a specific IP (that was the custom webserver IP). Everything else should be left alone. Now the new host must handle two things, the GTS and the Battletower as they oddly are implemented on that server. They also share one file I believe, the setProfile.asp in the /common/ dir so it's a little messy but you could manage and redirect those requests (battletower) to the official Nintendo GTS server and only intercept the GTS communication, but that's done within the webserver, the DNS is supposed only to redirect all the traffic from the mentioned CNAME.

Hmm... cause I went to access my webserver (running on the same computer as the DNS server and pkmn server) and I got the Hello World message (which is what "out" is set to if there's no request in your pkmn server).

I'll have to test it more when all my stuff comes back online. I don't think I can run GTS Nuker (though I haven't tried yet) with Apache running at the same time, which is why I liked your python scripts better. I'll try and do some more research soon.

イーブ&#

イーブ&#

Posted
Posted

For the curious, the veekun setup is as follows:

- BIND thinks it's a master server for nintendowifi.net. It returns the veekun IP for gamestats2.gs, but the correct IPs for conntest and nat.

- In Apache, gamestats2.gs.nintendowifi.net is a ServerAlias for veekun.com. Requests to http://gamestats2.gs.nintendowifi.net/pokemondpds/common/setProfile.asp, for example, as treated the same way as though they were for http://veekun.com/pokemondpds/common/setProfile.asp.

- App side, I have these two route rules:

    map.connect('/pokemondpds/worldexchange/{page}.asp', controller='fake_gts', action='dispatch')
   map.connect('/pokemondpds/common/{page}.asp', controller='fake_gts', action='dispatch')

Anything that starts with /pokemondpds, I send off to a custom dispatch function in its own controller.

- The dispatch function takes care of challenge/response and decrypting the data, then dispatches to the right method based on the page name. Source here, although it'll be moving later.

The thing to remember is that the Nintendo server isn't doing anything special whatsoever; it's just a regular Web app, running on IIS (gross), that happens to return binary junk instead of HTML.

LordLandon

LordLandon

Posted
Posted

Binary junk with the content-type header of text/html, at that q=

my setup is simply dnsspoof substituting replies to gamestats2.gs with my IP, and mod_rewrite in lighttpd

url.rewrite =("^/pokemon.+([?].*)" => "/gts.py$1")

which rewrites all requests to /pokemon.* to, /gts.py which uses the requested_url environ variable to figure out what to do.

I've got a fully working GTS server running there atm, with searching and trading, from within my regular wobserver C=

イーブ&#

イーブ&#

Posted
Posted

veekun is already running its own DNS server, so dnsspoof wasn't really an option 8)

veekun's GTS is still just a dumb roundtrip; working on some backend stuff before I try to make it cooler. And of course I need to actually finish veekun and all.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...