Homebrew nds-constrain't - Taking advantage of a flaw in the Nintendo DS(i) SSL library

[smf]

Hmm. I was thinking the earlier game discussions but that would potentially be troubling.
On the other hand this is more utterly basic "authentication" and matchmaking rather than an MMO style server generating/serving real content.

The earlier exception for authentication servers, specifically rules out any kind of matchmaking

https://arstechnica.com/gaming/2015...ght-to-revive-games-behind-abandoned-servers/

"The LoC placed some important limitations on this new legal right, though. For one, gamers can't legally work to restore online gameplay in titles that required a defunct central server to coordinate such play. Creating third-party matchmaking tools, the LoC argued, would necessarily run afoul of the DMCA's "anti-trafficking provision," which prevents the wide distribution of tools that circumvent DRM and TPM. "

Although I'm not sure if they assumed you would have to illegally hack the binary or console to do it, as this method doesn't require that.

 

[Jacklack3]

Is it possible to connect your DS (mainly 3DS) to a WPA2 connection?

 

[Searinox]

Is it possible to connect your DS (mainly 3DS) to a WPA2 connection?

No. 3DS still uses DS settings for wifi. And DS is limited at hardware level.

 

[DJPlace]

Is there something similar but for Wii games?

i like to know that has well... only time will teall.

 

[fst312]

Searching for people for Mario kart
Friend code
417212
227944
Friend code might not really be necessary if I’m the only one to search for

 

[PrincessLillie]

It's worth noting that DSi-enhanced games like Pokémon Black/White and DSiWare titles work fine on a WPA/WPA2-secured access point. Other than that, great work!

 

[ThoD]

It's worth noting that DSi-enhanced games like Pokémon Black/White and DSiWare titles work fine on a WPA/WPA2-secured access point. Other than that, great work!

How can you get DSi-enhanced games to work on WPA2? I still get the "security not supported" message no matter the game in DS mode...

 

[Gamer90Kirby]

So anyway to create a WEP hotspot through a computer?

I tried Connectify but it only supports WPA

 

[ThoD]

So anyway to create a WEP hotspot through a computer?

I tried Connectify but it only supports WPA

Curious about it too honestly. I'm using netsh commands in order to go online on the 3DS in general, but as far as I know that only makes a WPA2 connection...

 

[medoli900]

I'm so glad I bought one of these when we didn't have Wi-Fi at home.

 

[Gamer90Kirby]

Can't someone create a software that simulates a Nintendo Wi-Fi dongle?

 

[d4mation]

I'm so glad I bought one of these when we didn't have Wi-Fi at home.

I picked up one of these a while back without the software disc and the only way I could make it work was with some modified drivers and only on Windows XP.

Have you been able to run it on anything more modern?

 

[medoli900]

I still have the disc, and it works perfectly on Windows Vista. I haven't tried on more recent OS though.

Can't someone create a software that simulates a Nintendo Wi-Fi dongle?

Wi-Fi is hardware based. You can't "create" Wi-Fi out of software. You can hotspot it, but it will offer no advantages over just changing your router settings.

 

[MaxiBash]

Sadly, the Nintendo Wi-Fi USB Connector doesn't work, so I either have to risk my Wifi by disabling any securities or have my mom storming into my room with eyes of flames after she sees a bill of $120 because I waited too long for someone to spoof in the lobbies of MKDS.

 

[Sheimi]

Does this mean, I can go ahead, play online as Tracer in Metroid Prime Hunters and snipe everyone I see?

 

[vergil2012]

Let's test it...

 

[PrincessLillie]

How can you get DSi-enhanced games to work on WPA2? I still get the "security not supported" message no matter the game in DS mode...

They should work by default as long as you have the WPA2 access point set in your internet settings. If you're using TWiLightMenu++ (aka DSiMenu++), I don't think WPA2 is supported (yet).

 

[Searinox]

There are a lot of people with concerns about WEP security or inability to accomodate an extra AP on their existing router or objections to using WEP because it downgrades speed to 54Mbps. If you have any old routers lying around, you can connect them to your current router's ethernet ports or your desktop via internet connection sharing, and use them as dedicated devices solely for WFC(plug cable into WAN port and configure DHCP or Static IP). If you do so, your options for security can be improved. Here's what you can do with a WFC-only dedicated device:

-open instead of shared key
-13-character password with reasonable length and good password-choosing practices
-MAC filter to allow only DS-capable device(s) that can actually use the AP
-exclusive use of the WFC DNS without any secondaries like 8.8.8.8 and such
-if possible, setting DNS override and authoritative mode on
-allocating specific IPs to the connecting devices and disabling DHCP
-firewall or port rules that block or send traffic nowhere from any other IPs other than the allowed ones
-blocking port 53 on firewall rules from any address except the WFC DNS; this prevents an attacker from setting their own custom DNS to resolve hosts and browse the web regardless of the limitations of the WFC DNS
-firewall or port rules that block access to the router's UI together with making the interface accessible only from the WAN port via remote administration; this will protect the router from attackers sniffing the wifi to decrypt login packets; if you do not enable and verify that remote management works before you block LAN UI access, you will lock yourself out of your device!
-activate client isolation if possible
-limit max simultaneous wifi devices to the number of devices you can use on WFC
-set router to B-mode only, disable G, N, AC etc.; this will further deter attackers from using an AP that has very poor speeds and the DS only supports B speeds anyway
-possibly spoof wifi MAC with a made-up value; since MACs can give away your router model/manufacturer and attackers might know of firmware vulnerabilities for the device
-disable telnet, SSH, WPS on your device if it has these

Any attacker that gets on will find they need to do massive amounts of work just to get on, and will need to catch an actual session to figure out a MAC they can use. Then an IP which works cause they'll have to do a static config. Then - if even possible - make a third party DNS work. And the speed will be crap. They may not even be able to get proper internet going nor can they snoop the rest of your network. That said, they may still be able to knock you offline by MAC spoofing but most likely, the attacker will just get quickly bored/annoyed and give up.

 

[Deleted User]

Introducing nds-constraint!​

After many years of trying to find a solution for hackless custom Nintendo Wi-Fi Connection servers, a solution has finally been found for the Nintendo DS and the Nintendo DSi system families!
Details on how it works, instructions on how to set it up for yourself, and Kaeru Team's official Kaeru WFC server that utilizes this new method can be found below:

https://github.com/KaeruTeam/nds-constraint

For those who just want to play online, here's the DNS server info:
Primary: 178.62.43.212
Secondary: 1.1.1.1 or 8.8.8.8

DS browser?

 

[ThoD]

They should work by default as long as you have the WPA2 access point set in your internet settings. If you're using TWiLightMenu++ (aka DSiMenu++), I don't think WPA2 is supported (yet).

It doesn't work on Black for me regardless of using a cart or nds-bootstrap though, I have to register the access point in the settings for it to work but it says it's not supported. WEP on nds-bootstrap works fine though.