ILJICH

Well, WC really uses SSL, and I already tried MITM-atack. No results yet( Honestly, there are few things we can do. Hard way: we can try to exploit a vulnerability of ssl, which allows to sign our own certificate with NOA key, so DS will trust. Yep, it IS bruteforce, but it can be completed in adequate time. Easy way: we can try to redirect requests to non-encrypted channel. I don't think that DS will insist using SSL. If so - we can just patch rom and analyse data transferring while others will perform hard way)

It seems that 0x34 byte in additional GTS data is determining skin during searching. But it works only with specific values: 05 - bug catcher 0B - ace trainer 1F - some tought guy (dont know exactly) 32 - ruins explorer 33 - karate guy 3E - dont know exactly too 46 - this one too In dec: 5,10,31,50,51,62,70. And I cant see any rule here yet. Other values in range 00-83 gives default skin. (I hadnt tested others yet) Also, other 3 trailing bytes seems to have no role here.