GTS protocol: Difference between revisions
(flesh out the protocol and "commands" a bit, based on mine and LL's sniffing) |
m (headers) |
||
| Line 3: | Line 3: | ||
Communication with the GTS is done over regular HTTP with http://gamestats2.gs.nintendowifi.net/. The same protocol is used for all five Gen IV games. | Communication with the GTS is done over regular HTTP with http://gamestats2.gs.nintendowifi.net/. The same protocol is used for all five Gen IV games. | ||
=HTTP headers= | ==HTTP headers== | ||
The games don't seem to care about these at all. The GTS sends back a bunch of boilerplate response headers, but the game happily accepts a response with only a Content-Length. | The games don't seem to care about these at all. The GTS sends back a bunch of boilerplate response headers, but the game happily accepts a response with only a Content-Length. | ||
=Protocol= | ==Protocol== | ||
All requests to the server are GET requests of the form <code><var>page</var>.asp?pid=<var>pid</var>&hash=<var>hash</var>&data=<var>data</var></code>. | All requests to the server are GET requests of the form <code><var>page</var>.asp?pid=<var>pid</var>&hash=<var>hash</var>&data=<var>data</var></code>. | ||
==pid== | ===pid=== | ||
The pid is an unsigned 32-bit integer that appears to uniquely identify a game cartridge. When the pid is obtained and whether the pid has any relation to the Pal Pad friend code are unknown. | The pid is an unsigned 32-bit integer that appears to uniquely identify a game cartridge. When the pid is obtained and whether the pid has any relation to the Pal Pad friend code are unknown. | ||
| Line 17: | Line 17: | ||
For the mathematically inclined: Eevee's Platinum pid is 192615460 (0x0b7b1424) and his Pal Pad code is 0904 2026 4621. | For the mathematically inclined: Eevee's Platinum pid is 192615460 (0x0b7b1424) and his Pal Pad code is 0904 2026 4621. | ||
==Challenge/response== | ===Challenge/response=== | ||
Before each "real" request, the game sends a request of the form <code><var>page</var>.asp?pid=<var>pid</var></code> and the server responds with a 32-byte hex challenge token. The game computes <code>sha1("sAdeqWo3voLeC5r16DYv" + token)</code> and uses that as the <var>hash</var> value which it sends to the server. The <var>data</var> parameter is encrypted with an unknown algorithm. | Before each "real" request, the game sends a request of the form <code><var>page</var>.asp?pid=<var>pid</var></code> and the server responds with a 32-byte hex challenge token. The game computes <code>sha1("sAdeqWo3voLeC5r16DYv" + token)</code> and uses that as the <var>hash</var> value which it sends to the server. The <var>data</var> parameter is encrypted with an unknown algorithm. | ||
| Line 30: | Line 30: | ||
Unfortunately, this means that the exact details of the game's requests are currently not known. | Unfortunately, this means that the exact details of the game's requests are currently not known. | ||
=Conversation= | ==Conversation== | ||
The first request the game makes is to <code>/pokemondpds/worldexchange/info.asp</code>. The server responds with 0x0001. | The first request the game makes is to <code>/pokemondpds/worldexchange/info.asp</code>. The server responds with 0x0001. | ||
| Line 38: | Line 38: | ||
After the above step(s) or '''performing any of the tasks below''', the game makes a request to <code>/pokemondpds/worldexchange/result.asp</code>. If the game has had a Pokémon sent to it (via a successful trade?), the server responds with the entire encrypted [[Pokemon NDS Structure|Pokémon save struct]]. If there is a Pokémon uploaded to the GTS, it responds with 0x0004. Otherwise, it responds with 0x0005. | After the above step(s) or '''performing any of the tasks below''', the game makes a request to <code>/pokemondpds/worldexchange/result.asp</code>. If the game has had a Pokémon sent to it (via a successful trade?), the server responds with the entire encrypted [[Pokemon NDS Structure|Pokémon save struct]]. If there is a Pokémon uploaded to the GTS, it responds with 0x0004. Otherwise, it responds with 0x0005. | ||
==Receiving a Pokémon== | ===Receiving a Pokémon=== | ||
If the game receives a Pokémon from a successful trade as a response from <code>result.asp</code>, it next requests <code>/pokemondpds/worldexchange/delete.asp</code>. The server responds with 0x0001. | If the game receives a Pokémon from a successful trade as a response from <code>result.asp</code>, it next requests <code>/pokemondpds/worldexchange/delete.asp</code>. The server responds with 0x0001. | ||
===A note on sendpkm.py=== | ====A note on sendpkm.py==== | ||
After doing the above, some Platinum, Heart Gold, and Soul Silver games will report a communication error and dump the player back to the title screen. The Pokémon is still successfully received. At least one person with HG/SS has received a Pokémon from a fake server without getting the error, and Diamond/Pearl have never been reported to have the problem. It's possible that the server should respond with something other than 0x0001. | After doing the above, some Platinum, Heart Gold, and Soul Silver games will report a communication error and dump the player back to the title screen. The Pokémon is still successfully received. At least one person with HG/SS has received a Pokémon from a fake server without getting the error, and Diamond/Pearl have never been reported to have the problem. It's possible that the server should respond with something other than 0x0001. | ||
==Offering a Pokémon== | ===Offering a Pokémon=== | ||
Pokémon are offered on the GTS by requesting <code>/pokemondpds/worldexchange/post.asp</code>, followed by <code>/pokemondpds/worldexchange/post_finish.asp</code>. | Pokémon are offered on the GTS by requesting <code>/pokemondpds/worldexchange/post.asp</code>, followed by <code>/pokemondpds/worldexchange/post_finish.asp</code>. | ||
==Retrieving an offered Pokémon== | ===Retrieving an offered Pokémon=== | ||
Checking on the currently offered Pokémon is apparently done by <code>/pokemondpds/worldexchange/get.asp</code>. The response appears to be a [[Pokemon NDS Structure|Pokémon save struct]]. | Checking on the currently offered Pokémon is apparently done by <code>/pokemondpds/worldexchange/get.asp</code>. The response appears to be a [[Pokemon NDS Structure|Pokémon save struct]]. | ||
Retrieving the currently offered Pokémon is done by <code>/pokemondpds/worldexchange/return.asp</code>. The response is merely 0x0001; the actual Pokémon data is taken from the <code>get.asp</code> request. | Retrieving the currently offered Pokémon is done by <code>/pokemondpds/worldexchange/return.asp</code>. The response is merely 0x0001; the actual Pokémon data is taken from the <code>get.asp</code> request. | ||
Revision as of 03:28, 21 March 2010
The following is wild conjecture based on LordLandon's sendpkm.py.
Communication with the GTS is done over regular HTTP with http://gamestats2.gs.nintendowifi.net/. The same protocol is used for all five Gen IV games.
HTTP headers
The games don't seem to care about these at all. The GTS sends back a bunch of boilerplate response headers, but the game happily accepts a response with only a Content-Length.
Protocol
All requests to the server are GET requests of the form page.asp?pid=pid&hash=hash&data=data.
pid
The pid is an unsigned 32-bit integer that appears to uniquely identify a game cartridge. When the pid is obtained and whether the pid has any relation to the Pal Pad friend code are unknown.
For the mathematically inclined: Eevee's Platinum pid is 192615460 (0x0b7b1424) and his Pal Pad code is 0904 2026 4621.
Challenge/response
Before each "real" request, the game sends a request of the form page.asp?pid=pid and the server responds with a 32-byte hex challenge token. The game computes sha1("sAdeqWo3voLeC5r16DYv" + token) and uses that as the hash value which it sends to the server. The data parameter is encrypted with an unknown algorithm.
That is, each request looks like the following:
- Game requests
GET /pokemondpds/page.asp?pid=pid - Server responds with token
- Game requests
GET /pokemondpds/page.asp?pid=pid&hash=sha1(...)&data=data - Server responds with payload
Unfortunately, this means that the exact details of the game's requests are currently not known.
Conversation
The first request the game makes is to /pokemondpds/worldexchange/info.asp. The server responds with 0x0001.
Sometimes, the game will make a request to /pokemondpds/common/setProfile.asp. The server responds with eight NULs (0x00000000 0x00000000). When this occurs and why is unknown; it happened with Eevee's Platinum game but not LordLandon's Diamond/Pearl.
After the above step(s) or performing any of the tasks below, the game makes a request to /pokemondpds/worldexchange/result.asp. If the game has had a Pokémon sent to it (via a successful trade?), the server responds with the entire encrypted Pokémon save struct. If there is a Pokémon uploaded to the GTS, it responds with 0x0004. Otherwise, it responds with 0x0005.
Receiving a Pokémon
If the game receives a Pokémon from a successful trade as a response from result.asp, it next requests /pokemondpds/worldexchange/delete.asp. The server responds with 0x0001.
A note on sendpkm.py
After doing the above, some Platinum, Heart Gold, and Soul Silver games will report a communication error and dump the player back to the title screen. The Pokémon is still successfully received. At least one person with HG/SS has received a Pokémon from a fake server without getting the error, and Diamond/Pearl have never been reported to have the problem. It's possible that the server should respond with something other than 0x0001.
Offering a Pokémon
Pokémon are offered on the GTS by requesting /pokemondpds/worldexchange/post.asp, followed by /pokemondpds/worldexchange/post_finish.asp.
Retrieving an offered Pokémon
Checking on the currently offered Pokémon is apparently done by /pokemondpds/worldexchange/get.asp. The response appears to be a Pokémon save struct.
Retrieving the currently offered Pokémon is done by /pokemondpds/worldexchange/return.asp. The response is merely 0x0001; the actual Pokémon data is taken from the get.asp request.