Hacking Save Nintendo WiFi - A project to save online servers for Wii (and DS) games

[Kplmondo]

I will try get you some packet data for Super Smash Bros. Brawl, I have a wii with the game and a computer strong enough to run dolphin and brawl online

Hope you can do some magic

 

[leseratte]

Then it's better to use this Dolphin version: http://save-nintendo-wifi.com/dolphin.html
It can dump the decrypted SSL data which might be very important.

 

[RHOPKINS13]

This might sound a little far-fetched but perhaps instead of doing all this reverse-engineering maybe a online petition for Nintendo to keep those services up and running would work? Or even hand the responsibility of running these servers off to some other company?

 

[HAARP-GE 007]

Follow one of the guides on the site and start recording network packets from the game. Third party games like GoldenEye will take more work to reverse engineer, since they aren't using Nintendo servers outside of the verification one. Getting a couple from Dolphin so we get encrypted packets would help too.

I'll get to it later this week ..as I said I have never done anything like this before so please bare with me while i try to figure things out ..I am guessing so far The Dolphine capture is just for an online pc emulator ??...and the router capture is the one that will capture things from the Wii ?....if you could just please confirm if I am correct or incorrect I'll do m y best ...GE 007 is something the gaming community i belong to is passionate about and i want to at least try to do my bit

 

[Toad King]

I'll get to it later this week ..as I said I have never done anything like this before so please bare with me while i try to figure things out ..I am guessing so far The Dolphine capture is just for an online pc emulator ??...and the router capture is the one that will capture things from the Wii ?....if you could just please confirm if I am correct or incorrect I'll do m y best ...GE 007 is something the gaming community i belong to is passionate about and i want to at least try to do my bit

Yes. The Android and CFW Router guides involve capturing packets from an actual Wii. The Dolphin guide captures packets from an emulator.

 

[HNKii]

Info and invitation:

At the German site Wii-Homebrew.com we have started the English speaking Project:

* MKW-Server Project

The goal of the project is to enable Mario Kart Wii online gaming without Nintendos servers. I started 14 month ago to archive network traffic and to analyse the dumps. One result is an MKWii online statistic in real time. based on this and the knowledge we started this new forums yesterday.

Are there any help you might need? I have MKWii games of multiple regions(Jap, USA, EUR, KOR), and I think I can help

 

[Wiimm]

Are there any help you might need? I have MKWii games of multiple regions(Jap, USA, EUR, KOR), and I think I can help

Good to know, that you have the Korean MKW.

 

[HNKii]

Good to know, that you have the Korean MKW.

Only the ISO though. Not the legit disk. Plus the MKWii channel never worked.Nor on dolphin nor on my ntsc Wii

 

[YoshiInAVoid]

So you're planning on recreating the Mario Kart DS server, and modifiying the Mario Kart DS ROM (or even just using an Action Replay code) to modify the IP address that the DS connects to to point to your server?

I might be able to help with some DS servers (especially Mario Kart since I love that game) if you need it; I created my own Win2DS style homebrew and server the other day (wanted to get it to compile on latest libNDS and devkitARM, and to be small enough to flash as the firmware for one of my DSes) so I know a fair bit about networking.

 

[Toad King]

So you're planning on recreating the Mario Kart DS server, and modifiying the Mario Kart DS ROM (or even just using an Action Replay code) to modify the IP address that the DS connects to to point to your server?

I might be able to help with some DS servers (especially Mario Kart since I love that game) if you need it; I created my own Win2DS style homebrew and server the other day (wanted to get it to compile on latest libNDS and devkitARM, and to be small enough to flash as the firmware for one of my DSes) so I know a fair bit about networking.

That is the plan. If we find an exploit in the SSL code in the games we won't even need a ROMhack, but I think that's expecting too much at this point.

 

[HNKii]

The main problems about Servers is the friend code system.
I don't know if someone has covered the brawl's fighting parts yet, but I'll most probably focus on packets for FC generating(by connecting online and deleting save data over and over again)
The FC system is critical. If the FC could not be generated then the online mode is screwed.(I can't connect to WFC without a FC on dolphin but there's no problem with a FC.)
The rule of generating the FC could be in the game and the servers. Since it doesn't need a confirmation if you typed a random FC but will show up the incorrect error instantly , even offline. I wonder if the Friend Code calculation system has been hacked.

 

[Toad King]

The friend code system probably uses one of the digits as a checksum, not unlike a credit card or ISBNs, which is probably how it instantly returns errors for some numbers.

There are people working on a hack for easy logging of SSL data on an actual console, which will probably make figuring out the friendcode generation process easier.

 

[Wiimm]

Mario Kart Wii:
For the friend code, a integer with 64 bits is used. The highest 25 bits (bits 39-63) are always 0. Bits 32-98 are a checksum and bits 0-31 the real friend code. So the max possible number is in Hex 7F.FFFF.FFFF. In decimal it is 549755813887, displayed as 5497-5581-3887. For online identification only the lowest 32 bits are used. In database queries, its decimal presentation is used.

Example:
Your FC is 1234-5678-9012 = 1c.be99.1a14/hex
Using the lowest 32 bits: be99.1a14/hex = 3197704724

 

[leseratte]

But all the checksum stuff is done local - the server transmits your new FC without any checksum, and the wii adds the checksum to display the FC. Also, while logging in the FC is transmitted w/o checksum.

 

[HNKii]

Mario Kart Wii:
For the friend code, a integer with 64 bits is used. The highest 25 bits (bits 39-63) are always 0. Bits 32-98 are a checksum and bits 0-31 the real friend code. So the max possible number is in Hex 7F.FFFF.FFFF. In decimal it is 549755813887, displayed as 5497-5581-3887. For online identification only the lowest 32 bits are used. In database queries, its decimal presentation is used.

Example:
Your FC is 1234-5678-9012 = 1c.be99.1a14/hex
Using the lowest 32 bits: be99.1a14/hex = 3197704724

So the creation of the FC is not done by the server?

 

[leseratte]

Thats correct. The full FC isn't transmitted - only the user id (FC w/o checksum), and the wii calculates the checksum on its own.

 

[HAARP-GE 007]

Yes. The Android and CFW Router guides involve capturing packets from an actual Wii. The Dolphin guide captures packets from an emulator.

Ok thank you . I found today my router doesnt support CFW ..so I have ordered one that does to be with me in a couple of days than I will start ...I just have a few more questions that I need to ask
1: when recording the data ...is it best to do in single or a couple of games at a time ...disconnect ..then reconnect ...or is it ok to record continuously in a session of online play ..ie: i sometimes play for 2-3 hours a time at least daily ?

2: Does the data recording have to be done just using Wii and genuine Goldeneye 007 game disc ...or is it ok to do this when loading from USB Loader ?

3: how many Data recording session would you ideally like ? once set up this week ..I am happy to do as much as you need to help

Ive also mentioned it to someone much more knowledgeable than myself who uses puTTy etc already and he is happy to Data collect also for you project

 

[HtheB]

Can someone please put this to the frontpage news? I hope people will participate and help to save Nintendo Wifi

 

[leseratte]

1. I think it's better to reconnect sometimes, because the connecting itself is important. The games itself are probably nearly only p2p connections (and a few ALIVE packets to the server).
2. That shouldn't matter.
3. As much as you can collect. Nobody knows how much data is really needed to develop an own server, but if you haven't enough data until 20 May it will be too late.

 

[HAARP-GE 007]

1. I think it's better to reconnect sometimes, because the connecting itself is important. The games itself are probably nearly only p2p connections (and a few ALIVE packets to the server).
2. That shouldn't matter.
3. As much as you can collect. Nobody knows how much data is really needed to develop an own server, but if you haven't enough data until 20 May it will be too late.

thank you ...i'll be on it as soon as my new router arrives