Hacking Pokémon X/Y Dumper and Editor

[kyogre123]

Basically it's a bit more complicated than your typical injection attack you would've likely been trained to defend against, you're creating a very very specific firewall that catches and receives a single packet, our target is the incoming trade packet, once blocked our said filter/firewall/program instantaneously copies modifies and injects our new packet so there's no duplicate.

That would be the goal of the app, no? But is it possible at least at the moment to just block the the incoming packet and send the already modified packet instead?

 

[MopSec]

That isn't really a bad idea, but I don't know any ideas to do that. I'm no coder

The problem is that it would only work when a Pokemon is given out over Mystery gift. For example if the Torchic download is over and there's no event that follows this for let's say a month, you wouldn't be able to use it as an injection method in that time

 

[DannyAwesome1104]

The problem is that it would only work when a Pokemon is given out over Mystery gift. For example if the Torchic download is over and there's no event that follows this for let's say a month, you wouldn't be able to use it as an injection method in that time

Well, I'm no coder, but I'll give this idea to see if it's actually possible. What if you were able to make your own Mystery Gift event, you could input the Pokémon there by injecting it (I guess). The only problem is to find where to inject it...

 

[Chaos]

The problem is that it would only work when a Pokemon is given out over Mystery gift. For example if the Torchic download is over and there's no event that follows this for let's say a month, you wouldn't be able to use it as an injection method in that time

Simple but you need 2 games i guess. When you get the mystery gift collect all data.. change data so it will send new pokemon.. Reset the game so its a new save.. then again mystery gift it would be as if one was never sent as its on a new save. This time you are sending the hacked changed data... once sent just trade the pokemon to your real game with real save.

 

[someonewhodied]

what is the hexinject command i use?

im trying
hexinject -i eth0 -p

what do I enter after that? just that gives me an error:

Unable to activate the interface: socket: Operation not permitted

 

[kyogre123]

Well, I'm no coder, but I'll give this idea to see if it's actually possible. What if you were able to make your own Mystery Gift event, you could input the Pokémon there by injecting it (I guess). The only problem is to find where to inject it...

Simple but you need 2 games i guess. When you get the mystery gift collect all data.. change data so it will send new pokemon.. Reset the game so its a new save.. then again mystery gift it would be as if one was never sent as its on a new save. This time you are sending the hacked changed data... once sent just trade the pokemon to your real game with real save.

Aren't Mystery Gift Pokemon sent without fixed values? I remember the game handles the Pokemon values as its IV, etc; so I can't see how the Mystery Gift data could carry a Pokemon with those values already predetermined.

 

[XXLANCEXX]

so if we get the wondertrade figured out then will theyre be an online clone for wonder trade made?

 

[Bond697]

wondercards are even more secure than last gen. i wouldn't expect too much to be done with them.

 

[someonewhodied]

soooo linux users. Teach me to use hexinject :3

 

[whyyes]

Basically it's a bit more complicated than your typical injection attack you would've likely been trained to defend against, you're creating a very very specific firewall that catches and receives a single packet, our target is the incoming trade packet, once blocked our said filter/firewall/program instantaneously copies modifies and injects our new packet so there's no duplicate.

Okay that makes sense. Sounds like frustrating work to me aha

 

[gamefan5]

So... For now, if I get this right, we can only dump the pokefiles on our PC but cannot send them back in the game?

 

[DJ91990]

I'd want them to wait till Pokemon Bank comes out and see if they can create a Poke Bank spoof so that I can store my 'mons on my PC, this way I can use Poke Transfer FOR FREE instead of having to pay $5 a year just to transfer-up my Pokemon EVERY GENERATION after 5. (PokeBank will be the method to transfer Pokemon from Generation 5 to 6 and upwards, they plan to keep the service as a permanent solution.)

 

[Bond697]

I'd want them to wait till Pokemon Bank comes out and see if they can create a Poke Bank spoof so that I can store my 'mons on my PC, this way I can use Poke Transfer FOR FREE instead of having to pay $5 a year just to transfer-up my Pokemon EVERY GENERATION after 5. (PokeBank will be the method to transfer Pokemon from Generation 5 to 6 and upwards, they plan to keep the service as a permanent solution.)

no one is going to reproduce pokebank. that would be a great way to get nintendo's lawyers all over you. we're not even sure pokecheck will manage to stay up once pokebank comes out.

 

[DJ91990]

no one is going to reproduce pokebank. that would be a great way to get nintendo's lawyers all over you. we're not even sure pokecheck will manage to stay up once pokebank comes out.

No, no, you misunderstood.
I meant for someone to hack the 3DS to Pokebank server connection to spoof it so you can save your 'mons on your PC, not create a clone app.

 

[evandixon]

[delete this]

 

[kyogre123]

I'd want them to wait till Pokemon Bank comes out and see if they can create a Poke Bank spoof so that I can store my 'mons on my PC, this way I can use Poke Transfer FOR FREE instead of having to pay $5 a year just to transfer-up my Pokemon EVERY GENERATION after 5. (PokeBank will be the method to transfer Pokemon from Generation 5 to 6 and upwards, they plan to keep the service as a permanent solution.)

One of my reasons for using this hack is avoiding the need of Pokebank as well. Seriously, why would someone pay to store 3000 Pokemon? That amount of PKX can be stored in less than 1MB, it's ridiculous.

 

[Zaneris]

It's done, it just won't accept the packet and repeatedly requests a new one because of that checksum...

Last thing to figure out and I'll have something to release.
(Yes I've implemented a recalculation of the UDP checksum)

 

[Ixvael]

I've sniffed about 7 wondertrades and only 2 returned 947 bytes. What exactly do I have to look for here? Is it between the 900-1000 bytes and does all have to have 00 00 preceding four bytes?

 

[kyogre123]

It's done, it just won't accept the packet and repeatedly requests a new one because of that checksum...

Last thing to figure out and I'll have something to release.
(Yes I've implemented a recalculation of the UDP checksum)

That's great. Are you planning to release a single application for the injection part?

I know nothing about checksums :/ So, there is a standard calculation for this but for some reason this calculation is not being compatible with the 3DS, am I right? Do you find the original checksums of the packets to be non-standard?

I've sniffed about 7 wondertrades and only 2 returned 947 bytes. What exactly do I have to look for here? Is it between the 900-1000 bytes and does all have to have 00 00 preceding four bytes?

Yes, that's right, I don't know about the size of the packets though. About the Pokemon data, copy the 232 bytes on a hex editor and save them as .bin files, the PKX editor will decrypt them properly if the data really corresponds to a PKX file.

 

[Duo8]

I know I said this before but kyogre123 misunderstood me.
Both the 3DS (wifi) and the PC (Ethernet) connect through my router/modem. My 3DS didn't go through my PC. So is packet sniffing still possible?
I also set up a display filter "eth.dst ==[3DS MAC]". Don't know if that was the right thing to do, but nothing showed up .