MetalMario

If this is the case, I would like to express my interest in hosting the Pokécheck battle video database on my own server. Since I only finished my crawler 3 days before the close, I was only able to save 3564 Gen5 videos before the close. Since I recall you guys having in the tens of thousands of videos saved, it would be a great boon to the community to have some place to host them.

Battle video services are up. Connect to altwfc and it should just work.

But this exploit is for MITM only. Edit: And both client and server need to be vulnerable to allow for reading cleartext. Edit2: If we can modify the client then we don't even need an exploit to document the protocol. This is how custom DS wifi servers were made. So breaking TLS is moot if this is possible. (but certainly *not* moot for getting unmodified clients to connect)

As we all know from Instacheck, any MITM exploit on the official servers can and will be patched. I'd hedge my bets on the game breaking pkm injection being client-only, like breaking save file signing or however the hell Datel does it.

It seems to deal with forcing the client to use weak session keys, so it doesn't appear to be of any help in implementing custom servers. Also I don't think the DS/3DS use OpenSSL?

Not mine, but the AltWFC servers should allow direct trading and battling. They proxy my GTS anyway so there's not much point in using my DNS anymore. Edit: To clarify, accessing any custom server on a retail cartridge requires an AR code. You can find a generator here.

Memory Link over WFC went down when the Global Link went down. It's possible to implement but would require a ton of disassembly work. Since you can still do it locally, it's not much of a priority. Direct trading, battling, and access to fGTS are available through http://www.altwfc.net/

I'm working on a server to access them with. Provided you're set up with the NoSSL patch (necessary for any Wi-fi communications now), you'll be able to access battle videos in the usual way. Only videos my crawler has saved, plus newly uploaded videos, will be accessible.

If you want your Generation IV battle videos saved onto my server (for viewing after NWFC goes away), please add their codes into this form: http://foundations-gts.cloudapp.net/BattleVideo.aspx Generation V support coming maybe.

You've heard about my GTS? http://foundations-gts.cloudapp.net I've also got Generation IV battle videos cracked but Generation V ones have some kind of pseudo-SSL which is causing problems. I have a crawler for Generation IV battle videos running and I'll be adding them to my custom server once it's made. What would really help with my crawling is if anyone has a complete list of GTS country and region codes. I could build a list myself but it would take way longer than I have time for.

Pipian: There's a fairly lengthy discussion going on at gbatemp.net. We also have an IRC discussion at #altwfc on Rizon.

Short answer: Yes. After May 20th, you will need a ROM hack to access it, which kind of defeats the purpose since you can also save file edit if you have those tools. I am seriously looking at a way around but it won't be ready in time for May 20.

Anything that doesn't use your Internet connection will work. Anything that's done inside 3DS software (like Transfer) will work. Anything done on the Internet with DS software (other than DSi shop) won't. To answer your questions: 1. Yes 2. No. The NWFC shutdown is almost certainly because of the shutdown of the Gamespy network, on which they depend.

They use a different CA for 3DS as opposed to DS and Wii. DS is also unpatchable and a Wii patch seems unlikely at this point. Since their official servers are shutting down, issuing a patch blocking all online activity seems especially troll and unlikely. As long as we don't attempt to crack (or at least release publicly) their 3DS CA's private key, it shouldn't prompt them to issue a patch. In absence of any bad key generation, cracking an 1024 bit RSA would take hundreds of years with current technology. Forging individual certificates is going to be much easier than breaking a private key.

The only significance is that MD5 computes faster so would be easier to use for a brute force preimage search. Pipian will probably need to answer this. If the DS/Wii don't care very much about the subject then it might be possible to use the same (forged) certificate for both their authentication servers. I meant it as a generic term for lots of spare compute power that can be diverted from relatively useless tasks like bitcoin mining. The RSA common factors attack also requires that they did a bad job generating their key. This being Nintendo (in 2005), who knows. All this is idle speculation in absence of more facts.