Poryhack

While such a thing doesn't really help those who don't have access to extra hardware, it's still a really intriguing idea. It'd be nice to have a legal alternative to the wireless distribution ROMs, especially if it included extra functionality. Loading the wondercards from the flashcard filesystem would be nice.

I've asked around and it sounds like the Wii homebrew idea is really out of the question. Not impossible, but better hackers than most have looked into it and be unable to figure it out. This DS idea is a completely different direction from what I was originally hoping for, but still a worthy one imo. I bought a compatible PCI Ralink card for pretty cheap and intend to start figuring out the protocol when it arrives. As evidenced by your friend writing DS homebrew that utilizes NiFi is doable. Once the protocol is documented we can focus on the DS app.

As cool as that is, not many people have a compatible ralink card. Do you want to make a program that people will have to buy one of these to use? Maybe you want to do it for other reasons and that's perfectly fine, but it just seems to me that there will be virtually no user base for a program like this. A DS flashcard would be a more likely purchase.

Has your friend been able to broadcast his own NiFi? To do it he would need to use a ralink card, wii, or DS. If he used a DS or a ralink card then your idea is kinda screwed. If he used a wii then I'm intrigued, especially because it doesn't look like anyone else has even looked into homebrew with nifi functionality.

Yeah, double post. It seems I didn't look closely enough at GEMS WiFi in my excitement. I think it's using standard wifi to link DS and wii homebrew, not the nintendo-proprietary tweaked version ("NiFi") that PBR and other games use to communicate with the DS. Sadly, this does no good for us. The only time wondercards are transmitted over standard wifi such as this is when you get them via WFC.

This takes me back to the point where I was telling people not to get their hopes up for anything like this. While it is still possible that one could write wii homebrew that can talk to the DS via NiFi, the proof of concept just isn't there and it doesn't look like it ever will be. It's certainly not an area of focus for the usual wii reverse engineer/developer. =(

http://code.google.com/p/wmb-asm/wiki/captures <- Page has a lot of good documentation. Especially for capturing things like Demos. WireShark is something I've used in the past, but didn't have a compatible chipset for capturing DS Demos in the past off my Wii.

I'll ask my Friend if he can capture a Wonder Card distribution with his tools. Might be a while before we get in contact.

I have a Nintendo WiFi USB Connector which is just a rebranded Buffalo WLI-U2-KG54-AI (uses the right chipset for this job). I'll see what I can do to get it working with Wireshark for a start.

EDIT: Damn. The driver only works with PCI and PCMCIA RT2500 devices, no USB. On the other hand this driver is tailored especially for the WiFi USB Connector, but it's for Linux only.

I'm not sure what your definition of strict is, but it still fits mine. I think I just see the end goal differently than you and Nigoli.

Yeah I think you do. Nigoli mentioned this stuff about perfect simulation and whatnot but it's not really the point at all, at least not to me. The point is that this is a viable way to send your own wondercards with no flashcard or AR. There is no other way besides the hypothetical one I linked to. Admittedly, this is hypothetical as well. I think both should be pursued.

You essentially said the opposite by saying that the PID and IV relationship isn't there, assuming there's no relationship between other data for each particular Pokemon and its PID or IVs. If in fact there's nothing that can be tested data-wise, there's nothing stopping someone from passing a properly-generated Pokemon off as a Wondercard Pokemon already. The difference would only be in the person's head, just like the idiotic "legitimate" vs. "legality" garbage people go insane over.

The issue at hand is not generating legal wondercard pokemon; that games can do that for us on-demand. It's getting the wondercards to the games of people that can't use a save editor or save editing action replay codes. If they want to send some obviously hacked-up wondercards it really doesn't matter to me.

I know this thread is a little old (looking for a way to backup and restore the WarioWare DIY save and found this thread - no luck so far), but I don't think they intentionally did this. The IR port is on top of the save chip, and that interferes with our current tools.

I didn't mean to imply that they did it intentionally, but that doesn't really change my point anyway.

This idea has been presented before in various forms and I've always liked it. The best thing about it is that it's the only way for people to send themselves wondercards without buying extra hardware. Assuming you have a Wii and a DS, your retail pokemon game is all you need (of course it would still work with flashcards but it's more effort than just save editing). In the past I've pretty much told people that it wasn't gonna happen but this GEMS thing changes everything; good find! It will still hypothetically be a lot of work and take some understanding that I don't have but it's good to know the groundwork has already been laid.

The last thing I said is perfectly related to the topic, and your post. I'm not sure why there's an obvious negativity being presented either. It's like you feel offended that I don't think your idea is wonderful. Regardless, your goal is to have a more perfectly simulated environment for receiving event Pokemon, is it not? Rather than dealing with all of the network-related issues involved with your method (and anything else that might be unforeseen, or that I'm just not thinking of), finding a way that works with all the tools we currently have just makes more sense.

Well, it's not strictly related. Whether you hack a PCD file into your save directly or you get it from a regular distribution, the pokemon in it will have its PID and IVs generated by the game at the time you pick it up from the green man. No need to figure out PID-IV relationships just so you can get legal WC pokemon (although SCV has figured it out). I'm not sure why Nigoli or anyone would care much about making it perfectly simulated as you say, but the perfect simulation is not really the main goal, it's a side-effect. The real treasure here, as I said, is that no extra hardware is necessary. We have the GTS method for PKM files but "the tools we currently have" just don't work for wondercards.

I will also say that there IS one other possibility that I recently brought up that would accomplish the same thing through different methods. Check it out.

Because nobody on this website makes pokesav, and the person who does doesn't care. This question has been answered so many times before I'm sure about 3 seconds of searching would've turned up the answer.

If the opponent used illegal stats, the Battle Video will not be able to be uploaded at the Global Terminal.

You don't need a .pkm of your opponent's team...

I have hardly used battle videos at all so I may be wrong, but why do you need to upload it to the GTC? If you can make the video it will be in your VS Recorder and this program can get the PKMs from the save, hacks or not.

Look, I clearly don't know the adapter versus cable terminology but I didn't think it had that much bearing on the point I was trying to get across. Your Amazon adapter doesn't come with a cable and I'm not sure if that was supposed to be implied or if I just missed it but it's clearly necessary. So now the question is why should there be two intermediaries when there can be just one? Datel's original product is unified, so they must exist.

EDIT: To clarify, this is what I was getting at all along. I didn't and still don't see anything about getting some length in between the computer and the DS.

You've completely misinterpreted my last two posts. I haven't made any comment about where this should be purchased. Here's a diagram detailing what i was actually trying to say:

I'm saying he should look for one similar to the one on the left. The Amazon one (right) would hang off the computer rather awkwardly (assuming pretty much any common USB port location) and make the DS hard to access. It's the same exact thing with some extra cord and it doesn't matter if it has the Datel name slapped on it. I'm not sure what was so hard to understand...

Poryhack, the length of the cable has no bearing on what data is transmitted, also thats an ADAPTER not a cable, if you look it has a FEMALE connector not a male.

Adapter, sorry. And I understand that. But my point was that with this adapter there is no length of cord to separate it from the USB port. Considering you have to have a have NDS>AR card>adapter>USB port you most likely don't want all that dangling by a USB port. If it has a cord you can at least maneuver the DS into a position where it's more accessible.

yeah, all you need is a standard USB-A and a Mini-B adapter and your set.

http://www.amazon.com/USB-Female-Mini-Male-Adapter/dp/B0016RNX2I/ref=sr_1_1?ie=UTF8&s=electronics&qid=1278103298&sr=1-1

^ 1 cent !!!

I'd have to recommend against this one. Look for one with some length of cord on it because it needs to be able to connect to the AR while it is in your DS and running. It would be quite awkward to have to hold the DS at some funny angle while it connects though a rather flimsy port such as USB mini.

I have the question of how it works the Slot-2 distributions, cause how can you recive it if you have a DSi ?

And it will be awesome if you can put the other pics Nigoli !! Or pics of the cartridge outside of the DS.

You can't. You have to take out your game and put it in a DS lite/phat used by the distribution coordinators. As a matter of fact even if you have one of the models that accepts GBA carts, you have to fork over your 4th gen game card.

Exactly. =D

nicholas on IRC has said he might give the first method a shot. I'd like to try myself regardless, and I've been putting off solidly learning a programming language for too long. Not that writing something stupid like this would make it "solid" but it's a step in the right direction. Hopefully somebody can step in to help with the RNG because even if I were to start now I doubt I could figure that out in the foreseeable future. =/

The first way will never work (unless you use the hosts file to spoof the domain AND manage to get the DS to transmit unencrypted).

The second way is more plausible but we still need to get past the problem of certificate.

As for the first one, I thought it was a given that we have to redirect traffic to the local machine (or maybe a remote one eventually) for ANY solution. It's not hard to do. I do have my doubts that the DS won't crash or something when it is told by the server to use no encryption though.

And for the second one, I don't think we do. Correct me if I'm wrong but we should be able to send the certificate without any modifications. Because we already know what the decrypted pre-master secret is (via RNG prediction) there is no need for the server's private key to figure it out. After that the entire connection is ours because everything stems from the pre-master secret.

My guess is that they do this: (as quoted from wikipedia)

# The client may use the certificate authority's (CA's) public key to validate the CA's digital signature of the server certificate. If the digital signature can be verified, the client accepts the server certificate as a valid certificate issued by a trusted CA.

# The client verifies that the issuing CA is on its list of trusted CAs.

Nintendo or GameFreak would thus be the 'trusted CA'.

Alright, that's what I thought.

Trying to bruteforce a key seems to be a fools errand. What we should go after isn't SSL itself but GAMEFREAK's implementation of it. I have two ideas:

This first one is more just wishful thinking than anything, because it shouldn't work, but since its a DS game we're talking about and not a web browser I'll allow myself the glimmer of hope. The DS tells the server that it supports the cipher suites RSA_WITH_RC4_128_MD5 and RSA_WITH_RC4_128_SHA, and the genuine Nintendo server selects MD5. I wonder what would happen if a fake server sent back the default/non-encrypted cipher suite NULL_WITH_NULL_NULL as its selection. Any SSL implementation worth using would terminate the connection at this point, but there's not any guarantee that one of the pokemon games would. On the incredibly low chance that that works, we could send the DS an unmodified version of the real server's certificate and it would start sending data assuming that it's secure from everyone but the real server. Of course it wouldn't be though, and we could send replies back without worrying about keys.

The second one I believe is a very real possibility, but not without someone who can do some dissembler work to lay the foundation (not me lol). We know that the pokemon games use RNGs that aren't really all that random. In fact they're so predictable people abuse them all the time to get the PIDs and IVs they want. A "secure" RNG is critical to the effective use of SSL because the pre-master secret is nothing but a random number encrypted with the server's public key. We need that number decrypted on the server side, which should only be possible with the server's private key, but since we can probably predict what the number is via a program like RNG Reporter (but set up to figure out this new RNG of course, assuming it is even a different RNG) we have the rest of the connection at our fingertips.

Thoughts anyone?

I'm not into the manga but I'm looking forward to it! Should be a real eye-opener to people that these things are doable.

I've looked at some packets from the Mystery Gift/Wonder Card and i didn't see anything to lead me to believe that it's using SSL However it could be the software i'm using which is Wireshark.

You're doing something wrong. There will be a DNS query for dls1.nintendowifi.net; this is the mystery gift server. Shortly after that will be an SSLv3 handshake and then 2+ frames of encrypted application data.

That would be pretty hard. We'd need to get a private key that matches the public key the DS has (either that or we figure out how to change the certificate in the ROM, but that would be pointless, since if you can load a hacked ROM, ...). (and no it's not possible to get a private key from a public key). Best chance we have is brute forcing the key.

http://en.wikipedia.org/wiki/Transport_Layer_Security#Security. The DS<->GTS would fall under the first few applications there.

Are you sure the public key is hardcoded into the ROM? That would prevent them from ever changing the server's certificate right?

EDIT: You can probably disregard that. I'm still trying to get educated on SSL and I assumed you were talking about the server's public key. Now I see that the certificate is signed and you must've meant the signer's (Nintendo CA's) public key. So what the DS should/probably does check is that the certificate is signed by Ninty? Just wanna make sure I've got that right.

I was wondering if I could make a request....If you guys could make pretty much fake wifi connection for the GTS, don't you think that you would be able to make something similar where the DS connects to the program through Mystery Gift Wifi, and it would send you a Wonder Card?

They're not as similar as you'd think. The games use SSL to verify that they are connecting with the real Nintendo servers for mystery gift downloads (as well as most other online functions). For whatever reason, they don't use SSL with the GTS, and faking the server is as easy as redirecting traffic and running the right software.

In order to make a fake mystery gift server we would have to get a certificate that can pass whatever checks the games perform before finalizing the connection. Certificates can be made easily enough, but I'm not sure if it's possible to make one that can actually pass the tests.

You bring up an interesting point. The easiest thing to do for them would probably be to only give one.

If they decide to make all three available they'll have to do something unusual.

I don't have one to look at closely but IIRC it might be a regular USB to Mini USB cable. You should be able to find them at any electronics store.

There was a picture on the Worlds (TCG) website of one of these. I think it was the TCGWC pikachu cart.