StreetPass Spoofing
A streetpass "AP" was spoofed on a laptop with hostapd by setting the SSID to "Nintendo_3DS_continuous_scan_000", with the extra Nintendo tag from another 3DS' probe request. The SSID and AP can't be easily spoofed with hostapd for streetpass when 3DS is "active", for the random "ic[kSvm9s@*cYD>/~IEVj\(fGG;qDo8j" strings. The 3DS didn't seem to authenticate or associate with the "AP". Streetpass "AP" comms use WPA2 encryption. Eventually the 3DS stops communicating with the fake "AP" since the AP doesn't understand the sent data,(especially since it's encrypted) and sends a 802.11 "Action" frame, with category ID 0x7f and Nintendo's vendor ID: 00 1f 32.(However the 3DS keeps communicating with the above process repeatedly) Communication with two 3DSes are the same as above except there's encrypted data sent to/from both consoles, unlike the fake "AP".
So what if you were to forward the data to something like hamatchi with someone else connected to you doing the same? Then, the two 3ds consoles would be sending streetpasses to each other with hamatchi as like the middle man, not changing any data.
Would it work?