First of all; Hi!, I'm new to GBAtemp and was mostly a lurker every once in a while.
So to begin with this topic, the reason for me starting it is that I want more streetpasses. But because of the dwindling amount of 3DS users and the death of spotpass in 2018 and in turn PiPass/HomePass, this is quite difficult.
My goal with this post is to possibly reverse engineer how either:
Since the spotpass servers are all but dead, I'm first focussing on how streetpass works.
Please feel free to discuss and share information/knowledge on this topic! I am only 1 person and cannot possibly hope to figure this out on my own.
Modding is an option to get the streetpass file from the DS and share it around (streetpass 2 rise from the ashes), but this is not the main goal. The goal is to be able to use a regular, unmodified 3DS, to be able to talk to any other wireless device and streetpass that way (Basically making another device fake they are a 3DS). If this is possible, we could then hope to share streetpass data more easily, without modding, and possibly making our own "spotpass".
So let's get into it:
The first area I decided to tackle, is to figure out what the heck streetpass even uses. After a bit of digging it seemed that it is using a regular 802.11b wifi chip to do its thing.
Loading up wireshark with management mode, indeed showed some broadcasting traffic from 2 3DS's I have laying around.
However, for a while I could not figure out more than this, until I tried something else: Local play.
So as far as local play goes, it shares some similarities with streetpass with the packets that it broadcasts.
Digging a bit into local play gave me the following information:
Both 3DS's spit out a bunch of broadcasts/beacon frames, showing network SSIDs.
After this, the DS's authenticate with the host, and start sharing game data.
Local play seems to make a WEP-encrypted access point (AP) on the 2.4ghz band with a bandwidth of 20mhz. Usually these APs appear on channel 1,6 and 11. Generic broadcasts (before authentication) seem to happen on all 2.4 channels. Also, these APs seem to have a hidden SSID.
So a few things we can gather from this:
As of right now I'm trying to crack the WEP key, for a single, very long mario kart 7 session, but still need to gather more data.
The main issue is that, either the ssid, or the passkey changes for each local play session. Hence I need to record 1 very long uninterupted session.
I want to crack the WEP key, so I can then identify if the passkey is just being broadcasted or if something else is happening.
Something else I noticed:
NWCUSBAP, probably stands for: "Ninentdo Wireless Connector, USB Access Point"
Strictly speaking there is some extra characters in the SSID, but for now I'm ignoring those.
I've so far been unsuccesful to capture a streetpass share. This is mainly difficult due to the 8 hour cooldown time, The access point not being on a consistent channel (wireshark can only listen in on 1 specific channel at a time with my wifi chip), and it happening randomly. This is why for now I'm so hyper-focussed on local play.
Sorry for the long post, but if you've made it this far, thanks for sticking around!
Edit1; This post might contain wrong assumptions/information, follow the posts latest comments to keep up to date.
Edit2; View this repository for a collection of links and information: https://bitbucket.org/casperwietse/streetbasket-public/src/master/
Edit 3; any old information has been struck-trough.
So to begin with this topic, the reason for me starting it is that I want more streetpasses. But because of the dwindling amount of 3DS users and the death of spotpass in 2018 and in turn PiPass/HomePass, this is quite difficult.
My goal with this post is to possibly reverse engineer how either:
- Streetpass works locally
- or how Spotpass servers used to work.
Since the spotpass servers are all but dead, I'm first focussing on how streetpass works.
Please feel free to discuss and share information/knowledge on this topic! I am only 1 person and cannot possibly hope to figure this out on my own.
Modding is an option to get the streetpass file from the DS and share it around (streetpass 2 rise from the ashes), but this is not the main goal. The goal is to be able to use a regular, unmodified 3DS, to be able to talk to any other wireless device and streetpass that way (Basically making another device fake they are a 3DS). If this is possible, we could then hope to share streetpass data more easily, without modding, and possibly making our own "spotpass".
The first area I decided to tackle, is to figure out what the heck streetpass even uses. After a bit of digging it seemed that it is using a regular 802.11b wifi chip to do its thing.
Loading up wireshark with management mode, indeed showed some broadcasting traffic from 2 3DS's I have laying around.
However, for a while I could not figure out more than this, until I tried something else: Local play.
So as far as local play goes, it shares some similarities with streetpass with the packets that it broadcasts.
Digging a bit into local play gave me the following information:
Both 3DS's spit out a bunch of broadcasts/beacon frames, showing network SSIDs.
After this, the DS's authenticate with the host, and start sharing game data.
Local play seems to make a WEP-encrypted access point (AP) on the 2.4ghz band with a bandwidth of 20mhz. Usually these APs appear on channel 1,6 and 11. Generic broadcasts (before authentication) seem to happen on all 2.4 channels. Also, these APs seem to have a hidden SSID.
So a few things we can gather from this:
- The host DS is making an AP
- Somehow it communicates to other DS's, its SSID and passkey
- After which clients are able to connect and play together.
As of right now I'm trying to crack the WEP key, for a single, very long mario kart 7 session, but still need to gather more data.
The main issue is that, either the ssid, or the passkey changes for each local play session. Hence I need to record 1 very long uninterupted session.
I want to crack the WEP key, so I can then identify if the passkey is just being broadcasted or if something else is happening.
Something else I noticed:
- Streetpass seems to continuously send out the same SSID: "NWCUSBAP.username"
NWCUSBAP, probably stands for: "Ninentdo Wireless Connector, USB Access Point"
Strictly speaking there is some extra characters in the SSID, but for now I'm ignoring those.
Sorry for the long post, but if you've made it this far, thanks for sticking around!
Edit1; This post might contain wrong assumptions/information, follow the posts latest comments to keep up to date.
Edit2; View this repository for a collection of links and information: https://bitbucket.org/casperwietse/streetbasket-public/src/master/
Edit 3; any old information has been struck-trough.
Last edited by Berghopper,