Jump to content

Pipian

Member
  • Posts

    9
  • Joined

  • Last visited

Community Answers

  1. Pipian's post in Pokemon Games(and al DS and Wii games) are getting the WiFi services down was marked as the answer   
    Unfortunately, part of the authentication process (nas.nintendowifi.net, which is apparently used for ban-checking and generation of new friend codes) is encrypted using SSL. Furthermore, Pokemon Pearl (at the very least; and almost certainly others) validates that communications with this server are encrypted using a certificate signed by a certificate authority operated by NOA (in the US at least; it's probably different in other countries).
    It IS possible to edit the Pokemon Pearl ROM to validate against a different root certificate by swapping out the default public key for one of your own choosing. By substituting a public key of your choice at offsets 0x142250-0x1422CF and 0x145050-0x1450CF in the NA ROM (I don't know what .narc file those are in, or whether both are necessary or just one) and setting up an HTTPS server which uses a certificate signed by the appropriate root certificate corresponding to your chosen key (the issuer should be "C=US, ST=Washington, O=Nintendo of America Inc, OU=NOA, CN=Nintendo CA/emailAddress=ca@noa.nintendo.com" for an NA ROM), it's possible to apply a man-in-the-middle attack to help reverse-engineer the friend-code registration and authentication process. Funnily enough, it's evidently also possible to edit the URLs "https://nas.nintendowifi.net/ac" to instead read "http://nas.nintendowifi.net/ac\x00" to force an HTTP connection instead (note the extra null byte to ensure that offsets remain the same).
    The bigger problem is that there is no workaround for retail carts short of using an Action Replay codeset to deliberately overwrite the public key or https URL when they are loaded into memory (Well, okay, there's also factoring a 1024-bit RSA key to sign your own certificates as if you were NOA, but if you can do that, you've probably got more important things to be doing).
    The only faint sense of hope to hold out would be if nas.nintendowifi.net is kept up beyond the shutdown date. Unlike the Gamespy servers that provide for most NWC services for other games (and are supposedly the reason why the servers are going down in the first place), nas.nintendowifi.net is on a Nintendo-owned IP subnet and is hosted in a different data center. So are the GTS servers for that matter (as is well-known, they use an HTTP protocol rather than Gamespy).
    I wouldn't hold out hope for this though, as even GTS depends (if weakly) on Gamespy, if only for the fact that Gamespy is a crucial component of how friend-codes are generated (incidentally, the fact that generating a friend-code occurs simultaneously with the creation of a new Gamespy account for the game is probably why different DS games have different friend-codes on the same console).
    IN SHORT: It's possible to reverse engineer friend-code generation and authentication, but it's only going to be useful when used with hacked ROM files.
×
×
  • Create New...