GTS protocol: Difference between revisions
(clarify setProfile) |
(→Searching: New section) |
||
Line 55: | Line 55: | ||
Retrieving the currently offered Pokémon is done by <code>/pokemondpds/worldexchange/return.asp</code>. The response is merely 0x0001; the actual Pokémon data is taken from the <code>get.asp</code> request. | Retrieving the currently offered Pokémon is done by <code>/pokemondpds/worldexchange/return.asp</code>. The response is merely 0x0001; the actual Pokémon data is taken from the <code>get.asp</code> request. | ||
===Searching=== | |||
Searching is done through <code>/pokemondpds/worldexchange/search.asp</code>. The payload is 15 bytes long. | |||
The server responds with a full 292-byte Pokémon struct for each result. If there are <var>n</var> results, the response will be 292 * <var>n</var> bytes long. |
Revision as of 03:59, 21 March 2010
The following is wild conjecture based on LordLandon's sendpkm.py.
Communication with the GTS is done over regular HTTP with http://gamestats2.gs.nintendowifi.net/. The same protocol is used for all five Gen IV games.
HTTP headers
The games don't seem to care about these at all. The GTS sends back a bunch of boilerplate response headers, but the game happily accepts a response with only a Content-Length.
Protocol
All requests to the server are GET requests of the form page.asp?pid=pid&hash=hash&data=data
.
pid
The pid is an unsigned 32-bit integer that appears to uniquely identify a game cartridge. When the pid is obtained and whether the pid has any relation to the Pal Pad friend code are unknown.
For the mathematically inclined: Eevee's Platinum pid is 192615460 (0x0b7b1424) and his Pal Pad code is 0904 2026 4621.
Challenge/response
Before each "real" request, the game sends a request of the form page.asp?pid=pid
and the server responds with a 32-byte hex challenge token. The game computes sha1("sAdeqWo3voLeC5r16DYv" + token)
and uses that as the hash value which it sends to the server. The data parameter is encrypted with an unknown algorithm.
That is, each request looks like the following:
- Game requests
GET /pokemondpds/page.asp?pid=pid
- Server responds with token
- Game requests
GET /pokemondpds/page.asp?pid=pid&hash=sha1(...)&data=data
- Server responds with payload
Unfortunately, this means that the exact details of the game's requests are currently not known.
Conversation
The first request the game makes is to /pokemondpds/worldexchange/info.asp
. The server responds with 0x0001.
Platinum, Heart Gold, and Soul Silver will then make a request to /pokemondpds/common/setProfile.asp
. The server responds with eight NULs (0x00000000 0x00000000).
After the above step(s) or performing any of the tasks below, the game makes a request to /pokemondpds/worldexchange/result.asp
. If the game has had a Pokémon sent to it (via a successful trade?), the server responds with the entire encrypted Pokémon save struct. If there is a Pokémon uploaded to the GTS, it responds with 0x0004. Otherwise, it responds with 0x0005.
Receiving a Pokémon
If the game receives a Pokémon from a successful trade as a response from result.asp
, it next requests /pokemondpds/worldexchange/delete.asp
. The server responds with 0x0001.
A note on sendpkm.py
After doing the above, some Platinum, Heart Gold, and Soul Silver games will report a communication error and dump the player back to the title screen. The Pokémon is still successfully received. At least one person with HG/SS has received a Pokémon from a fake server without getting the error, and Diamond/Pearl have never been reported to have the problem. It's possible that the server should respond with something other than 0x0001.
Offering a Pokémon
Pokémon are offered on the GTS by requesting /pokemondpds/worldexchange/post.asp
, followed by /pokemondpds/worldexchange/post_finish.asp
.
Retrieving an offered Pokémon
Checking on the currently offered Pokémon is apparently done by /pokemondpds/worldexchange/get.asp
. The response appears to be a Pokémon save struct.
Retrieving the currently offered Pokémon is done by /pokemondpds/worldexchange/return.asp
. The response is merely 0x0001; the actual Pokémon data is taken from the get.asp
request.
Searching
Searching is done through /pokemondpds/worldexchange/search.asp
. The payload is 15 bytes long.
The server responds with a full 292-byte Pokémon struct for each result. If there are n results, the response will be 292 * n bytes long.