Jump to content
This Topic

GTS: website research

Vlad

By Vlad
in RAM - NDS Research & Development

 Share

Recommended Posts

nATEdAWGG

nATEdAWGG

Posted
Posted
  M@T said:

You want to make a .PKM sender in VB ?

I already made one in VB.NET 9.0, you can have look at the sources (it is included in the .ZIP file named GTS_Nuker).

i was talking GUI. ive always had toubles with command line and i can guarentee that im not the only one, but im still gonna make a pkm downloader to make it much easier for some users :) and also, does your gts server actually send the pkm to the ds or is that bgged, cus if it does ill use the source and make a GUI for it and even make both work together

maybe even set it up to work with pokesav

  • Replies 652
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

M@T

M@T

Posted
Posted (edited)
  nATEdAWGG said:
i was talking GUI. ive always had toubles with command line and i can guarentee that im not the only one, but im still gonna make a pkm downloader to make it much easier for some users :) and also, does your gts server actually send the pkm to the ds or is that bgged, cus if it does ill use the source and make a GUI for it and even make both work together

maybe even set it up to work with pokesav

I began making a GUI several days ago, but I don't have enough time, I'm very busy.

Good luck then, especially for making it work with Pokésav (you can use codemonkey85's PokemonDSLib, it is really useful).

I made 2 different GTS servers.

The first one sends .PKMs to the DS, just like sendpkm.py, but a BSOD usually appears on the DS after using it (the same thing happens with every PKM senders I think).

EDIT : I just used it 3 times, and it didn't give me a BSOD, hopefully it will (finally) work properly.

EDIT² : It seems to work at 100% with Platinum, with several Pokémon, that's odd 'cuz I always had BSODs with sendpkm.py and my program is based on that Python script...

The second one acts more like a real GTS server, you can deposit and retrive Pokémon, and every .PKM deposited is saved in a folder.

You can then Pokesav your .PKM's and send them back to your game, everything without any flashcart, Action Replay nor save extractor.

  Quote
What does it mean if it tells me to set my ds DNS to 0.0.0.0?

Cause every time I try it' date=' it does that. :/[/quote']

What program are you using ?

Edited by M@T
Pup

Pup

Posted
Posted

Hey guys, I was looking over your research here in attempt to make a tool to query the GTS... I think I've stumbled on a big hole in the GTS security, or lack thereof.

Has anyone else found this and taken a vow of silence or anything, before I open my big mouth?

M@T

M@T

Posted
Posted

Lol no, there is no censorship or whatever.

There are juste some limitations, such as the SSL handshake with nas.nintendowifi.net, but I think one can bypass it by connecting with his real DS first, and then use his ID to connect from a computer, but I don't have the time to test it yet.

Pup

Pup

Posted
Posted

Oh I don't mean just the lack of security. I mean that anyone who knows how can query the GTS, get a list of PIDs then run them against return.asp or delete.asp and knock them off the GTS system. You don't even need to go through SSL.

I did some checks with my copies of Pearl and Platinum. It seems the game doesn't delete them when sending them to the GTS so it just restores them. It's still a pretty big thing that anyone who knows how can empty the GTS...

M@T

M@T

Posted
Posted
  Pup said:
Oh I don't mean just the lack of security. I mean that anyone who knows how can query the GTS, get a list of PIDs then run them against return.asp or delete.asp and knock them off the GTS system. You don't even need to go through SSL.

I know, but I was unsure of whether SSL handshake was mandatory.

The contrary should be possible too : simulate an exchange between two IDs, to annoy someone who requests a lvl 9 Mew for example (he was probably trying to clone his Pokémon). :biggrin:

In fact, you can search a Pokémon with search.asp, then call exchange.asp and finally exchange_finish.asp.

I am currently attempting to figure out how exchanging works (it seems to be similar to post.asp, with 4 extra null-bytes at the end).

I was wondering too, if the checks on whether the Pokémon you want to exchange matches the one that is requested is done on the game-side only (bad Pokémon are darkened), or if the GTS checks it too (which is certainly the case).

If the GTS doesn't check it, one could eventually trade a Magikarp instead of a requested Arceus. :tongue:

  Pup said:
I did some checks with my copies of Pearl and Platinum. It seems the game doesn't delete them when sending them to the GTS so it just restores them.

Yeah I did it too, there are several securities to prevent your Pokémon from being lost between time and space if something goes wrong.

Also, if the game knows it sent nothing in the GTS, but the server says there is something, it provokes a communication error.

One could try and call return.asp with random IDs between 1 and 2147483647, if the request is formatted properly, there sould not be any problem.

But Nintendo will certainly notice it, and close the GTS or something similar. :\

LordLandon

LordLandon

Posted
Posted

Yes, the GTS is terribly insecure..

No, the last four bytes at the end of exchange aren't "null" they're the PID of the trainer you want to do the exchange with (remember? stateless.)

Yes, you could fsck with the GTS and delete all the pokemon for the lulz - but the reason none of us have released client code (to work against the real GTS) is that we do not advocate it. At all. It's one thing to mess with your own game/server, it's another to go ruining the experience for everyone using the real GTS.

M@T

M@T

Posted
Posted
  LordLandon said:
No, the last four bytes at the end of exchange aren't "null" they're the PID of the trainer you want to do the exchange with (remember? stateless.)

OK thanks, it is not documented in the wiki yet.

madaruwode

madaruwode

Posted
Posted

Just a quick question:

Is there any fix for the connection error after receiving a pkm on HG/SS? I have written a GUI that includes DNS and GTS that is made for duplicating Pokemon: If you send a Pokemon to the Computer it starts sending it back until you upload an other Pokemon. It works perfecty on Pearl (and I guess all other "old" games) but on HG I get the connection error when the Pokemon arrived at the DS.

Edit: It also works on SoulSilver, the error only appears on my HeartGold game. Very strange...

M@T

M@T

Posted
Posted

I think it is not due to the return values of the fake GTS server, but from the game making a copy of the Pokémon it sends in the GTS.

When it recieves a Pokémon from SendPKM, it assumes it already sent something in the GTS before, and therefore, when it is traded (the Pokémon sent by SendPKM is seen as a trade by the game), the game tries to delete the backup it made of the Pokémon it believes having deposited.

But, as it sent nothing to the GTS, it provokes an error.

Also, I think that D&P don't make BSODs because they don't make backups of the Pokémon, which would explain the easy cloning glitch in these versions (the Pokémon are erased at the very end of the deposit process, so when one resets the game between the deposit and the save, there are two copies of the Pokémon, one was sent in the GTS, and the other was not erased from the save).

These are only assumptions, maybe I am completely wrong.

But strangely, it first gave me BSODs with Platinum, and now it works properly, I don't know why exactly, I think that it is due to me having deposited something in the real GTS (it began working fine after I did that).

That could explain why some people have connection errors, and others do not.

Guest

Guest

Posted
Posted

I never got any communication error on HG from using sendpkm.py

Sushi Dragonfire

Sushi Dragonfire

Posted
Posted

I've been trying to use the GTS Server program and my DS can't connect. It throws out a 52100 error, and the GTS Server is still waiting for a connection. Meanwhile, sendpkm works just fine. Any tips?

madaruwode

madaruwode

Posted
Posted

Has anybody already documented how the search function works? I just need to know where I can find the Pokedex # of the Pokemon that has been searched for.

M@T

M@T

Posted
Posted

I didn't see any documentation, but I did some research with my Platinum version (Diamond and Soul Silver gave exactly the same results).

I got these data :

 * Pattern:

* Pokémon/gender/level/country
* data=$_GET['data']
* Deciphered data


Abra/either/any/any
data=SjstJ5BCF6twVernYqWG
0x3F 0x00 0x03 0x00 0x00 0x00 0x03

Abra/male/any/any
data=SjstJSoUmwHNapX1ILSp
0x3F 0x00 0x01 0x00 0x00 0x00 0x03

Abra/female/any/any
data=SjstJG-r1dafX7xuwSwU
0x3F 0x00 0x02 0x00 0x00 0x00 0x03

Abra/either/1-10/any
data=SjstWKvePVT04b4aWtA7
0x3F 0x00 0x03 0x01 0x0A 0x00 0x03

Abra/either/11-20/any
data=SjstRM_JFTpXDxOb_jbG
0x3F 0x00 0x03 0x0B 0x14 0x00 0x03

Abra/either/91-100/any
data=Sjst5C99Vw5zfKhh02gr
0x3F 0x00 0x03 0x5B 0x64 0x00 0x03


Arceus/neither/any/any
data=Sjst9P_ud1yFJAGpouNS
0xED 0x01 0x03 0x00 0x00 0x00 0x03

Arceus/neither/any/Afghanistan
data=Sjst9yCFsRH7Gy4iRFu9ew==
0xED 0x01 0x03 0x00 0x00 0x00 0x03 0x01

Arceus/neither/any/South Africa
data=SjsutL-w8XX-Q-x1mB9hvQ==
0xED 0x01 0x03 0x00 0x00 0x00 0x03 0xC0

Arceus/neither/any/Albania
data=Sjst9mUc8-cpEVSb5dQv-g==
0xED 0x01 0x03 0x00 0x00 0x00 0x03 0x02

Arceus/neither/any/Algeria
data=Sjst8a6zDbyeBIEUhkyadQ==
0xED 0x01 0x03 0x00 0x00 0x00 0x03 0x03

Arceus/neither/any/Vietnam
data=Sjsu0c6jzjgI08MCpZFUVA==
0xED 0x01 0x03 0x00 0x00 0x00 0x03 0xE3

Arceus/neither/any/US
data=Sjsu2CtyOKTMHZWyPEdZmQ==
0xED 0x01 0x03 0x00 0x00 0x00 0x03 0xDC

Arceus/neither/any/UK
data=Sjsu2ebb_u-eJ285m8_vHA==
0xED 0x01 0x03 0x00 0x00 0x00 0x03 0xDB

Arceus/neither/any/France
data=SjsuLcJahJhXO9M8XUGpqQ==
0xED 0x01 0x03 0x00 0x00 0x00 0x03 0x47

Now, my guess :

Byte offset
0x00-0x01    Pokémon being looked for
0x02         Gender (1: male, 2: female, 3: (n)either)
0x03         Min level
0x04         Max level
0x05         Always 0 ?
0x06         Game language (always 3 for me because I play French version)
0x07         Country (optional, set only when a country is specified, to allow compatibility with D/P in which this option wasn't available)
            It seems to be in alphabetical order, based on English names of the countries.

Pup

Pup

Posted
Posted
  Quote
0x06 Game language (always 3 for me because I play French version)

It's the number of results requested. You can get a maximum of 7 results so don't try a value higher than 7 here.

I didn't know that about country though, thanks for that. =D

M@T

M@T

Posted
Posted
  Pup said:
It's the number of results requested. You can get a maximum of 7 results so don't try a value higher than 7 here.

That's odd, why is it always 3 then ?

The game should request the maximum number of results...

Are you sure of that ?

For example, what value do you have when you perform a search ?

Anyway, who feels courageous enough to make a list of all the countries ? :D

There should be 227 countries, from Afghanistan (0x01) to Vietnam (0xE3).

I don't know if it is 'rippable' directly from the ROM, it could be somewhat easier. :biggrin:

EDIT: There seems to be a problem : France is 44th in the list, but the value I got with Platinum was 0x47, i.e. 71...

It must be sorted otherwise, maybe with Jap names ?

EDIT²: Wierd...

I made the list, but there are only 130 elements in it...

  Reveal hidden contents
Pup

Pup

Posted
Posted (edited)

Yeah, it's always 3 in Pt/HG/SS and 5 in D/P (I think). I guess it's to curb bandwidth or something. It's a pain in the arse when you're trying to find a non-ridiculous trade request...

Edit: Incidentally, does anyone have a character conversion list for the nicknames/trainer names? I've worked out A-Z/a-z but the non-roman characters are a bit beyond me.

Edited by Pup
M@T

M@T

Posted
Posted
  Pup said:
Edit: Incidentally, does anyone have a character conversion list for the nicknames/trainer names? I've worked out A-Z/a-z but the non-roman characters are a bit beyond me.

Yes, I found one in PPSE's SVN repository (I added the first and the last three items according to PPRE's Table.tbl):

  Reveal hidden contents

If you want the Unicode characters directly instead of their hex number, you can download PPRE and have a look at the file Table.tbl included in the ZIP archive.

Poryhack

Poryhack

Posted
Posted

@M@T I can rip them from the game's script file, they're probably in order there too. Don't know why you'd only come up with 130, but maybe I'll be able to get all of them.

@Pup I don't think it's a bandwidth thing. I'm pretty sure certain conditions have to be met (a certain number of trades over GTS?) and once they are the game will give you more search results.

Wichu

Wichu

Posted
Posted

On Japanese games, you select a region of Japan rather than a country. These will account for some of the missing locations.

Anyway, I'm interested in connecting to the GTS with a script, but I'd rather not use this method... The reason is that I want to write a script for fangames made in RPG Maker to connect. But if I'm understanding correctly, this can only be done (so far) using an existing GTS 'account' and thus won't be able to deposit/withdraw Pokémon without messing up someone else's trade, right?

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...