Hacking Have the DS(i) piggyback off of the Wii (Tethering)

[Gunfreak11]

Many people use WPA encryption for the benefits it brings, but as we all know, DS game cards are dated relics that accept only WEP, some even requiring WEP-Open.

The Wii, however, is a bit more modern and can accept WPA connections, while the DS games cannot. Now, knowing this, would it be possible to create a bridge of sorts for the Wii that connects to the WPA, but allows a few WEP-Open connections on its end, allowing you to play DS games online with even a WPA encryption?

IE:
DS -> WEP Open -> Wii -> WPA -> Wireless Router -> Modem -> Internet

Yes, the DSi can connect to WPA, but thats for DSi applications alone, and not DS games.

Thanks for anyone who looks into this.

 

[marice]

This would require the wii to operate on WEP, and also WPA at the same time... which is not possible..
you could however do this on a laptop/computer (if you have 2 wifi modules installed, and bridged the connection).

Hope this cleared it up..

 

[PsyBlade]

I dont exactly see the benefit of this setup.
You would end up with two wifi-networks (one wpa and one wep)
wether you run the second one on the wii, on a laptop, or on the router.
I think running it on the router is the best solution since it does not use aditional hardware.

 

[cwstjdenobs]

I dont exactly see the benefit of this setup.
You would end up with two wifi-networks (one wpa and one wep)
wether you run the second one on the wii, on a laptop, or on the router.
I think running it on the router is the best solution since it does not use aditional hardware.

Bad idea, even if you have a good MAC filter on your router all your traffic might as well be plain text. Including those sites you always get sent to by "pop ups, 'cause honestly I'm not into that. Never confused."

The laptop and 2 NIC's or Wii-Linux and another compatible nic should work.

 

[Slyakin]

I thought the DSi could already connect to the interweb through WPA?

I also thought you had an idea for hacking the DSi.

 

[cwstjdenobs]

Not with DS games. And there's like what, 2 DSi games out there

 

[PsyBlade]

I dont exactly see the benefit of this setup.
You would end up with two wifi-networks (one wpa and one wep)
wether you run the second one on the wii, on a laptop, or on the router.
I think running it on the router is the best solution since it does not use aditional hardware.

Bad idea, even if you have a good MAC filter on your router all your traffic might as well be plain text. Including those sites you always get sent to by "pop ups, 'cause honestly I'm not into that. Never confused."

The laptop and 2 NIC's or Wii-Linux and another compatible nic should work.

Its the weakest link that determins the strength of any chain.

DS Router
DS Laptop Router

Unless the Laptop has way less area coverage than the router its not going to make any diffrence from a security viewpoint.
The Cracker will simply connect over the Laptop, as the DS does.

 

[Fat D]

The threat of weak encryption is not just reduced access control, but also easier packet sniffing, and that is what [some random letters] was referring to.

 

[PsyBlade]

Why would it be harder to capture packets send between a Wii and a Laptop than ones between a Wii and a Router?

 

[mvgc3]

I think the idea is that only the DS would use the lower WEP encryption, while other network devices such as computers would be using the higher WPA encryption.

Networking has always been a poor subject of mine, though, so I'm not sure if that even makes sense.

 

[marice]

Why would it be harder to capture packets send between a Wii and a Laptop than ones between a Wii and a Router?

Like anyone would be bothered to sniff your wii traffic

 

[Fat D]

Why would it be harder to capture packets send between a Wii and a Laptop than ones between a Wii and a Router?

Because the Wii/DS data will likely not be anything worth protecting, unlike the data transferred between Laptop and Router, so unless you get a seperate AP for your DS, going through a bridge (like the laptop described here or the Wii, as the OP wants) is more secure for any sensitive data not transmitted via console.

 

[PsyBlade]

I think the idea is that only the DS would use the lower WEP encryption, while other network devices such as computers would be using the higher WPA encryption.

Networking has always been a poor subject of mine, though, so I'm not sure if that even makes sense.
That makes perfect sense and is exactly what we are talking about.

Like anyone would be bothered to sniff your wii traffic

Sniffing packets is requiered to crack the key.
This Key can then not only be used to read in on other connections but to make a new connection to to cracker too.
Then he could access eg locally shared files or the internet.
QUOTE(Fat D @ Aug 20 2010, 04:42 PM)

Because the Wii/DS data will likely not be anything worth protecting, unlike the data transferred between Laptop and Router, so unless you get a seperate AP for your DS, going through a bridge (like the laptop described here or the Wii, as the OP wants) is more secure for any sensitive data not transmitted via console.

Of course you should still connect all WPA capable devices to the WPA network.
I never said anything else.
I said it makes no difference on which device the two networks are run.

 

[Fat D]

But most APs only support one type of encryption at the same time. And we all already agreed that preventing unauthorized access to the network is pretty much impossible with a weak link (i.e. WEP) in the system, so it is just about protecting the data sent through it via other channels.

 

[tk_saturn]

If it were me id:

Drop the router to WEP, turn on MAC address filtering, setup your connections and then turn SSID broadcasting off, if you are not sharing files between devices turn wireless isolation on and most importantly turn your router off when you aren't using it.

 

[linuxares]

Honestly, who the hell want to sniff a home network? I guess you aint a secret agent or a celebirty.
If you want better protection, since you are forced to use WEP.

Wep+ Mac-address filtering and shut off SSID broadcast (as tk_saturn said). It's honestly just a false send of security anyway but still harder for a scriptkiddie to sniff your traffic.

 

[PsyBlade]

But most APs only support one type of encryption at the same time.
I did not knew that.
3 of 3 different routers I tried it with supported it.
And since they are neither new nor were expensive I assumed that pretty much standard nowadays.

QUOTE(linuxares @ Aug 21 2010, 12:43 AM) Honestly, who the hell want to sniff a home network?

Targeted attacks are not very likely right.
But untargeted mass stacks are what I am afraid of.

Things like:

Set up a laptop to automatically crack all encountered networks,
automatically copy all *.doc *.xlt *.txt from windows shares
and put them in folders named by gps location.
Walk/drive around with it in a backpack as long as you like.
Scan looted files for data useful in identity theft, credit card fraud, burglary, extortion, ...

 

[thesund0g]

You could do this on linux, though you'll need a 2nd adapter. Make the ad-hoc network between Wii DS connection WEP. Wii Router will be WPA2 and you're good.

 

[nl255]

If it were me id:

Drop the router to WEP, turn on MAC address filtering, setup your connections and then turn SSID broadcasting off, if you are not sharing files between devices turn wireless isolation on and most importantly turn your router off when you aren't using it.

You do realize that many people, myself included, can get into such a network in under 10 minutes (ok, more like 20 if I have to read up on what to do first). The only reason WEP (and MAC filtering) is worth anything at all is that it makes it hard enough that someone wanting on might as well just go down the street to somewhere with an unprotected network like a coffee shop.

 

[Antics]

nl255 is correct.
Take it from someone that is currently mastering in network security.

Mac filtering means nothing, once a wireless NIC is put into monitor mode, you can view every single mac address thats connected to the router. Once you have an associated mac, you can flood them with arp packets, pushing the client offline while you clone their mac and connect as them.

As for WEP encryption, it takes me 5-10 minutes to crack a network with WEP. Bottom line.

The best thing to truly do for a network, although it is way outside the limitations of a standard home network, is to setup a private certificate authority and domain controller, then use WPA2-Enterprise authentication.



Back to the topic at hand, no. Wireless adapters only support being in one mode at a time, ad-hoc (client-to-client) or infrastructure (AP-to-client).

As far as I can recall, the original DS didn't enjoy ad-hoc networks. I tried in the past setting up a private bridge for my DS and all the DS told me was that I apparently "had no signal."

What I would recommend, although its also probably out of your networking knowledge (no offense), is to setup a dedicated firewall box. For example, at my home I run ClearOS. Its a Linux distribution meant to run on a dedicated machine.

Branching off the ClearOS box, I have 2 segments on my network. A trusted side which has full network access (which is secured with WPA2), and an untrusted network which has a access point that's wide open. On the untrusted side however, its locked down to only ports 53, 80, and 443 for web browsing, then the ports for DS online play.