Poryhack

Okay, I'm thinking of the possibility of someone managing to tackle Pokémon Bank.

Which won't be easy, since that requires reverse engineering on how the 3DS communicates with Nintendo Network (And when we discover how it does, Nintendo would most likely patch the 3DS to get around the exploit, and when that happens, we probably can't use Pokémon Bank legitimately.) There's also the chance of being permina-banned from Pokémon Bank if we get caught.

I'm gonna preface this by saying that the PP moderation team has already said they will not allow discussion of hacking the bank. Regardless of how you or I feel about that, hacking the Bank is technically infeasible right now. All communications to and from the Bank servers are protected by TLS, which means there will be no reverse-engineering without being able to modify code running on the 3DS. If you were to manage to do that you'd have no reason to use the bank; you could directly modify pokemon in memory or the save file.

To expand on theSLAYER's post, they are most likely using this. I have one myself and it works great.

never

I think I speak for everyone when I say that some elaboration on this would be helpful.

There's a persistent rumor here that you and xfr have figured out injection. I personally think this is just a result of miscommunication. From what I've seen nobody will be able to insert pokemon until some breakthroughs are made on 3DS hacking as a whole (unsigned code execution or something lesser).

it seems possible to dump pkx data from local trades using libpcap (using an appropiate chipset, not for windows 'cause winpcap dont support monitor), think that injection would be very dificult that way (besides calculte checksum). Now i'm doing manualy, capturing with kismac and later viewing packets in wireshark (yeah i know cant run wireshark well on Mavericks), the hardest part is that not using an 800.11 and any standart protocols, first headers are mac adrress from origin and destination like the standard, but later the hard work is to do some reverse engeniering

This might help you. It's research into the protocol for the original DS, but there may be similarities.

To clarify my previous post, when I said console-to-console communication what I was refering to was strictly local area communication. No servers involved and no traffic ever touches a router. Console to server to (second) console is another story entirely and will either use TLS for TCP connections or some custom encryption (1.2 patch) for UDP as has already been pointed out

I see, do you mean that you have to break console-to-console communication encryption?

TLS is used for console-to-server communication.

The first/biggest hurdle with console-to-console communication is that there is no simple way to "sniff" it. It does not use the established wifi standard and as such cant be picked up or sent out with wireshark. If/when that issue gets solved you may or may not have to worry about decrypting the sniffed packets.

Hey, i've been following the post since it started and i've been quetioning one thing: I see you guys are trying to decrypt and understand the protocols of the wonder trade. But did the GTS mechanics have changed?

Previously all communication with the GTS was unencrypted. In X and Y it is encrypted and thus not a viable means to inject pokemon.

use dsbuff to break apart the rom, decompress the overlay with blz, change what you need to change(without making the overlay bigger), recompress with blz, rebuild with dsbuff

if all you're doing is changing game ids, you aren't making the overlay any bigger.

Thanks Bond. For some reason I thought that simply decompressing then re-compressing the overlay had the possibility of changing its size but now that I type it I realize how silly it sounds.

Yeah the change in size is what causes the ROM to crash. Unfortunately I can't come up with anything of much help. The version was a september 2010 one. In a newer version that I used more recently I was able to save by closing out of the program and indicating (paradoxically) that I DIDN'T want to save the file. I go into detail about exactly what I edited in my first post. Compression/decompression is a context menu option in CrystalTile, but failing that I think there are also other (probably CLI) programs out there that will do the same thing.

I haven't touched this project in quite some time so my memory may be spotty. I don't have a patch for the ROM as a whole and cheat codes are outside my area of expertise. CrystalTile has always been finicky for me as well. I think last time I used it I was able to save even though the program behaved as it it hadn't. I'm not sure if it's the result of some mistranslation or what.

There are probably other tools for the job but none I can name off the top of my head. What you're looking for is anything that supports replacing overlays with different sized files.

Its #722 and can be created via Ram hacking...

Worth noting that RAM hacking isn't exactly feasible right now.

I didn't notice that the client was also sending its certificate. Documentation I had read didn't indicate that there was some key alongside the certificate, rather than contained within. There must be something, as there's no way simply having both certificates is all it takes... that's just too easy.

Wikipedia has a pretty good overview of how it works: http://en.wikipedia.org/wiki/Transport_Layer_Security#Client-authenticated_TLS_handshake

If you have the client cert and corresponding private key (both will be hard-coded into the ROM somewhere) then you can emulate a client. Emulating the server on the other hand would require Nintendo's private key, which you could only get through (presumably unauthorized) access to their server. Technically brute force is an option too but I see that as being even less plausible then someone hacking Nintendo.

EDIT: It might actually be possible that the client certificate and private key are unique to each 3DS and stored somewhere outside the ROM.

their checks still suck; the guy who got ranked #1 (sejun park) used a hacked team but didn't get caught.

Interesting. For the way I'm reading that though, he didn't hack anything that would have given him that much of an advantage.

Don't get me wrong, it still wasn't fair to most of the people in the tournament, but people have undoubtedly gotten away with much worse in the past. It's good to see tournament officials at least moving in the right direction.

Wow. They must have really improved their checking software. (Or they didn't and people are just that dumb, which may well be more likely.)

EDIT: Are there any English sources for this?

True. And welcome back! What's the occasion?

Shows how much I've been paying attention eh? Carry on then. Bummer that none of us got to it sooner.

In that case, custom berries would be (marginally) interesting. Maybe a fun side-project for your new save editor KazoWAR?

If we are having a hard time getting WFC events a software solution should be looked into. It would be quite doable to create a client for the WFC mystery gift servers. Ideally it would run on a server of its own and check for and download any new events of every language every hour or so.

I started work on something along those lines way back during HGSS but never finished. I'll try to find what's left of it... At the very least I'd be happy to point anyone looking for technical details in the right direction.

Where is the data stored? Save file? RAM? Does it persist after a reboot?

Any reason it can't be explained out in the open? If there's something wrong with those events in the gallery I'm sure most folk around here would like to know.

I assume you're not a programmer? What this is a building block for other programmers to make useful pokemon apps. It doesn't do you any good by itself. If you're looking for a finished product, try PokeGen.

I'm sure this was unintentional/unnoticed, but the windows azure ad in the background is quite ironic for this post. Glad you're up and running on Ubuntu though!

As one "grandfather" to another, welcome back. I haven't been a very active participant for some time but I lurk enough to keep up with most of the highlights. I'd love to chat with you should we both get the time.

You've made some great contributions; sorry to see you go. I haven't been involved with ROM hacking in the last couple of years but I think I understand how you feel.

Sabresite built berry fix zigzagoon checks into his program; legal spreads shouldn't say hacked.