Poryhack

What save file are you having trouble with? Black/white? Upload it and I can at least see what's wrong with the save, I can't fix the tool but if there is a genuine issue I'm sure it could be figured out/

Yes, be careful to check the version closely though. Sometimes resellers will mislabel in their listings.

Oh I see. Interesting that that works, too bad it doesn't with the wondercard server.

NAS isn't the wondercard server, it's one of the ones involved in the "checkin" process. The actual wondercard server is dls1.nintendowifi.net. I've tried connecting to it without SSL before and it will refuse the connection, sadly.

How did you disable HTTPS? I thought the games were hardcoded to use SSL in these cases.

To clarify this, we figured out on IRC that Bond actually has the second version (EZ5C13) not the plus. EDIT: We're at the end of our testing session and all we've come up with is that the bug seems to be in the ezflash team's code and it seems to prevent the EZ5C10, EZ5C11, and EZ5C13 from working. So basically, anything that isn't a phat version or a plus version doesn't work. This is only tested with one person's stuff so it may be an isolated incident. EDIT2: Balrog found someone else with a EZ5C13 and your tool worked for them, so it does seem to be an isolated incident with that model. Until we can find someone else with a C10/C11 though we can't be sure there isn't a legitimate problem with them.

Even better, it sounds like homebrew devs can get the card for free (once it comes out). I'd look into this Pokedoc!

After much fiddling with openssl I've got some goodies. This is a certificate and private key pair that can potentially be used in a MITM attack: http://dl.dropbox.com/u/258536/fakecert.cer http://dl.dropbox.com/u/258536/fakepk.pem And here's the real certificate for reference: http://dl.dropbox.com/u/258536/realcert.cer No real private key for obvious reasons, which limits the uses of the certificate.

It's not defined in any script as far as I know. You have to edit the ARM. See: http://174.133.255.180/showpost.php?p=5529743&postcount=179 I wish I knew the answer to your second question but I'm afraid nobody does atm.

There are actually 3 hardware versions of the 3in1. The first is available in full size and Lite sized versions but the underlying hardware is the same. The second and third were only produced in Lite versions. The second version was supposedly due to chip supply issues while the third was an expansion of NOR capacity. See here for more info: http://gbatemp.net/t130659-how-to-tell-which-version-of-the-3in1-you-have I'll take a stab in the dark here and say that Pokedoc may be testing on the 2nd version and not the true "plus" (the 3rd version). Take a look at that link and you should be able to figure it out for sure.

If you have a means to edit her save file you'd be better off going that route. I didn't realize before that before I can make any progress on a client or server I need to see one unencrypted transaction. I have a few ideas on how to go about that but it'll be a much bigger task then I thought to write a client. EDIT: Decided to elaborate for the aid of my own memory as well as the public record. Option 1 is to cut straight to the chase and try to make a functioning server with the methods (most likely #2) described here. Obviously if we have a functioning server we can see what the DS is requesting and use that information to complete the server and additionally make a client. Option 2 is to set up a SSL man in the middle (MITM) to view the plaintext traffic. I have my doubts about this one because the obvious choice of validation on the DS end is to check that the server's certificate is signed by Nintendo CA, in which case we're pretty much SOL because while we can spoof all the fields of a certificate to their normal value we can only sign it with our own private key. If for some stupid reason they're just doing field-checking it might work. - Confirmed that this won't work. 12/21 Option 3 is a guaranteed success but requires another whole skillset to pull off. In this scenario we directly modify a client ROM through assembly hacking to neuter the encryption functions, leaving the all-important outgoing messages open to our perusal. Alternatively we could try to eavesdrop on the messages in RAM before they're encrypted but this seems like significantly more work.

I just tried this with my full GBA cart-sized 3in1, seemed to be working. I say that because I didn't actually try backing up a save; didn't feel like hunting down my retail cards. Congrats on figuring out how to backup IR cards, just wish you had sooner! =P

Not sure exactly what you mean... There has to be something handling the requests, that can be a traditional desktop program or something more server friendly like a Python/PHP/ASP/etc script.

There's already a mystery gift client program? I've never seen it, please post a link.

It would actually be a lot simpler then that. All a client does is act like a DS; it sends a request to the server and then saves the wondercard if it gets one. It's not terribly exciting but I'd like to try it nonetheless.

It is protected with SSL/TLS. Here's a couple theories I had on how it could be done: http://projectpokemon.org/forums/showthread.php?780-GTS-website-research&p=82435&viewfull=1#post82435. I was actually planning to start work on a client (doesn't require hacking like a server would) but there are no events up for download right now on any of the servers. Horrible luck considering there was one going on for B/W until two days ago. Guess I could still get the framework in place but it won't be ready until I can observe a full transaction.

It's not impossible but it is a lot more difficult then most hacks. Most hacks are just modifying something in the filesystem. Content in the filesystem is easy enough to find and easier to modify. What you're talking about is a hack of the "executable" part of the ROM, the ARM9. The only tools for that are a debugger.

Along the same lines of my reply to your PM... Considering I don't really understand ARM code (for lack of trying mostly) I have my doubts that they would serve much more purpose to me then a hex editor. At any rate, in the past it's been as simple as finding a game ID (ex CPUE for English Platinum) and modifying it to the English/whatever language equivalent. Even though I was working with arm9 code all I had to find and edit was a string which, as far as I know, always shows up in plain ASCII in the arm9.

You wouldn't. It wasn't designed for B/W and it will not work with them.

Yeah it's pretty similar with Wii Pokemon games. Anything that interfaces with the DS/GBA has to have a ROM to send over otherwise the DS wouldn't be able to do anything not predefined in its own ROM. The ones I've seen won't do anything without communication from the GC/Wii though, which makes everything difficult.

Probably worth mentioning Rudolph's backup tool for flashcard users no? Much easier if you have one.

Correct. i really don't have any idea how to get it working, so pending some breakthrough, don't expect any new updates of the patch to work.

So question is, have we figured out how to do this without relying on pokesav?

Strange. I was getting completely different data for like 5 cards which I was told were identical.

When I initially looked at wondercards it seemed like they were encrypted. Whatever happened with that? Did we figure out how to decrypt them or are we relying on pokesav?