Icehawk78

This is a new thread that I'm starting to keep track of research into the new B/W GTS.

Infinite Recursion has released an update to IR-GTS to work with 5G. Please take all questions regarding his program to this thread: http://projectpokemon.org/forums/showthread.php?14266-IR-GTS-BW-Release&p=118574

I've done some research including stuff based off of what GrovyleGibberish found.

(Updated 3/10/11 as per magical's discovery of response hash)

The process is roughly the same as that of Platinum and HG/SS. Challenge/response is handled as follows:

SALT = 'HZEdGCzcGGLvguqUEKQN'
request: [url]http://gamestats2.gs.nintendowifi.net/syachi2ds/web/[/url][worldexchange or common]/[action]?pid=#######
response: [challenge token]
request: [url]http://gamestats2.gs.nintendowifi.net/syachi2ds/web/[/url][worldexchange or common]/[action]?pid=#######&hash=[sHA1(SALT+token)]&data=[base64 encoded request data]
response: [response]+SHA1(salt + [base 64 encoded response] + salt);

Differences:

• Salt for the request hash ('HZEdGCzcGGLvguqUEKQN' instead of 'sAdeqWo3voLeC5r16DYv')
  
• Request URL (syachi2ds/web... instead of whatever the old one was)
  
• Response hash (The game checks this, to verify that it's a real server and not a fake one.)
  

Action Items:

• Determine response salt. (Rom hackers/peoples who found the request salt? I never found the original, just worked with it after someone else figured it out for me.) (3/10/11 - magical)
  
• Map out fill list of expansion of "data" part of the request Update - currently in progress. Doesn't quite match Grovyle's mode, but is close.
  
• Map out structure of "GTS Info" with Pokemon response data (searching and traded pokemon each)
  

If you want to help:

• If you know how to do rom hacking and research without someone holding your hand, the response salt is the biggest thing stopping me from going further. Find that and we'll have a working sendpkm in a few days, basically.
  
• New: Work on mapping out GTS info either sent to/from the server. Look at the data=[stuff] portion of a request, run it through a Base64 decoder, and figure out which bytes mean what.
  
• If you're not sure how else you can help, come visit us in the IRC (irc.pokestation.net, #projectpokemon). I'm 'nicholas' in the IRC and occasionally will ask for help with testing code when I get new ideas. Please don't be stupid, and please don't answer questions if you're just guessing.
  

=====

The following other details haven't actually been verified by me personally in a transaction but are presumably accurate. As far as I can tell, this seems to be primarily asking specifically about the search requests/responses.

Regarding the new Black & White GTS...

I've managed to get the details how the games and the server are communicating

Which are the following:

Checksum is XORed with 0x2db842b2 instead of 0x4a3b2c1d

Hash is calculated from SHA1("HZEdGCzcGGLvguqUEKQN" + token) instead of "sAdeqWo3voLeC5r16DYv" + token

The request from the DS to the BW server is not encrypted (unlike the GRNG with the checksum as seed in DPPt)

Length of the request is 0x0E or 0x0F:

0x00 - 0x03: PID Trainer

0x04 - 0x07: Total length of the following statements

0x08 - 0x09: Pokémon ID

0x0A: Gender

0x0B: Min. Level

0x0C: Max. Level

0x0D: Unknown

0x0E: Total results

0x0F: Country

Host for BW is the same as DPPt: http://gamestats2.gs.nintendowifi.net/

Root directory is different: /syachi2ds/web/worldexchange/

Game ID of Black is 0x14, White is 0x15.

GTS return data is 296 bytes:

0x000 - 0x001: unknown (2 bytes)

0x002 - 0x0DD: Pokémon data (220 bytes)

0x0DE - 0x0ED: unknown (always zero?) (16 bytes)

0x0EE - 0x127: GTS specific data (58 bytes)

The only difference is:

0x20 - 0x21: Trainer ID

0x22 - 0x23: Secret ID

0x24 - 0x33: Trainer Name

For everything behind this point, add 0x02 to the DPPt server

Have fun with it!

Oh... if someone's interested, I've created a program which can search the GTS for a Pokémon like the game itself does. It's B&W compatible as well.

Grtzz!!

Grovyle91

It's possible to load up any created wondercard into one of the leaked Event Distribution roms, and essentially turn your DS into something like a Toys R Us/Gamestop Event Hotspot. But this is still only local range WiFi - sending them via the Nintendo WFC is and always will be impossible, unless they specifically make it so, for the reasons already given by Poryhack.