Homebrew nds-constrain't - Taking advantage of a flaw in the Nintendo DS(i) SSL library

shutterbug2000

Cubic NINJHAX!
OP
Member
Joined
Oct 11, 2014
Messages
1,088
Trophies
0
Age
26
XP
4,224
Country
United States
Introducing nds-constraint!
After many years of trying to find a solution for hackless custom Nintendo Wi-Fi Connection servers, a solution has finally been found for the Nintendo DS and the Nintendo DSi system families!
Details on how it works, instructions on how to set it up for yourself, and Kaeru Team's official Kaeru WFC server that utilizes this new method can be found below:

https://github.com/KaeruTeam/nds-constraint

For those who just want to play online, here's the DNS server info:
Primary: 178.62.43.212
Secondary: 1.1.1.1 or 8.8.8.8
 

Coto

-
Member
Joined
Jun 4, 2010
Messages
2,768
Trophies
0
XP
1,831
Country
Chile
I just don't understandt it well but it seems a very good news. :)
No need to patch and no wiimfi for ds then!

the SSL is just a layer on top the HTTP layer that adds a safe client - server handshake without being MITM´d.

Since the Nintendo WFC has been reverse engineered and implemented in the server side that still required some sort of manipulation on the client side so the client implementation would just discard the SSL context.
The way the Nintendo WFC games were written, these still required the SSL (SSLv3) layer implemented. Thus a simple server redirection wouldn't work if the games weren't tampered with.

SSL certs are built on the key-pair principle.

Certificate Signing Request:
- A public key and a certificate is forged from a private key (that only the owner has). The CA (Certificate Authority) issuer builds a certificate to be later used by the client and the server in the SSL certificate chain. The idea is that the CA is the owner of the secured connection. And it seems there is a flag to toggle the CA validity to off. So you can sign your own server certs and send them to the DS. So the chain of trust (being part of the SSL implementation, bundled with the game ROM as ARM assembly) goes as intended.

SSL handshake:
- once the client asks for the server SSL certificate, the public key bundled with is used to decrypt the digital signature of the cert earlier forged by the private key. If the decryption is successful then the connection takes place.
 

banjo2

gamer
Member
Joined
May 31, 2016
Messages
2,218
Trophies
1
Location
society
Website
youtube.com
XP
3,985
Country
United States
Yay, now I can finally use that extra copy of Metroid Prime Hunters to mess around with online. Now to decrypt this madness into noob speak so I can do it without downloading unnecessary stuff.
 

TipsPROmayB

Just a music producer roaming GBATemp
Member
Joined
Jan 9, 2016
Messages
222
Trophies
0
XP
564
Country
Croatia
Found a way to play online (for people that can't make a WEP hotspot):
If you have a newer phone, you can probably only make a WPA2 hotspot, but I found a way how to make it work.
You need to make your network open and you need to add your DS mac address and put "Allowed devices only". You can then connect your DS without a problem to your hotspot and play any game you want online. Tried it with MKDS and played a game with someone online and it worked great!

Hope this helps :)
 

tech3475

Well-Known Member
Member
Joined
Jun 12, 2009
Messages
2,530
Trophies
1
XP
3,278
Country
Found a way to play online (for people that can't make a WEP hotspot):
If you have a newer phone, you can probably only make a WPA2 hotspot, but I found a way how to make it work.
You need to make your network open and you need to add your DS mac address and put "Allowed devices only". You can then connect your DS without a problem to your hotspot and play any game you want online. Tried it with MKDS and played a game with someone online and it worked great!

Hope this helps :)

For the record, Mac address filtering isn't really recommended as a security option, although better than nothing in this case.

You may be better off long term looking for something like an old router and isolating it on the LAN (more complicated but more secure).
 

nl255

Well-Known Member
Member
Joined
Apr 9, 2004
Messages
2,965
Trophies
0
XP
2,244
Country
For the record, Mac address filtering isn't really recommended as a security option, although better than nothing in this case.

You may be better off long term looking for something like an old router and isolating it on the LAN (more complicated but more secure).

Though to be fair Mac address filtering is only slightly worse than WEP (as at least cracking WEP can't easily be done with most smartphones due to a lack of support for the required features*).


*Yes, I know you can use certain external usb wifi cards to work around it but that is a pain in the ass due to compatibility issues.
 

Searinox

Dances with Dragons
Member
Joined
Dec 16, 2007
Messages
2,050
Trophies
0
Age
34
Location
Bucharest
XP
1,843
Country
Romania
Now waiting for a new class of DSi and 3DS jailbreak exploits involving running legit DS titles on the console with a custom DNS, connecting to a hax server for online play, and feeding the console corrupt data overflowing one thing or another in order to run arbitrary code.
 

tech3475

Well-Known Member
Member
Joined
Jun 12, 2009
Messages
2,530
Trophies
1
XP
3,278
Country
Though to be fair Mac address filtering is only slightly worse than WEP (as at least cracking WEP can't easily be done with most smartphones due to a lack of support for the required features*).

*Yes, I know you can use certain external usb wifi cards to work around it but that is a pain in the ass due to compatibility issues.

I was speaking in general and then compared to open wifi.

I think if you plan to do anything like this, it would be better to use a method which isolates the DS as much as possible from a known good device/network.
 

TipsPROmayB

Just a music producer roaming GBATemp
Member
Joined
Jan 9, 2016
Messages
222
Trophies
0
XP
564
Country
Croatia
I was speaking in general and then compared to open wifi.

I think if you plan to do anything like this, it would be better to use a method which isolates the DS as much as possible from a known good device/network.
I was just saying if you don't have any other options, you could do my method. Since I don't have any other routers in my house and I'm unable to make a WEP hotspot and everyone in my country is dumb af so an open wifi hotspot is just okay for what I need
 
  • Like
Reactions: xs4all

FAST6191

Techromancer
Editorial Team
Joined
Nov 21, 2005
Messages
33,889
Trophies
2
Website
trastindustries.com
XP
22,641
Country
United Kingdom
Nice writeup/work those responsible. I am not sure how much practical use it will be in the end but the option is very much appreciated. Looks like I also have some reading to do on the full SSL implementation.

For the record, Mac address filtering isn't really recommended as a security option, although better than nothing in this case.

You may be better off long term looking for something like an old router and isolating it on the LAN (more complicated but more secure).

Were you not around for the times we needed custom mac addresses for various hacks (the streetpass thing being the most notable)? I have quite literally had an easier time teaching people to figure out WEP keys.

I agree though getting an older router, doing a decent setup there and powering it on whenever you fancy is probably the better route if security is a concern.
 

tech3475

Well-Known Member
Member
Joined
Jun 12, 2009
Messages
2,530
Trophies
1
XP
3,278
Country
Were you not around for the times we needed custom mac addresses for various hacks (the streetpass thing being the most notable)? I have quite literally had an easier time teaching people to figure out WEP keys.

I agree though getting an older router, doing a decent setup there and powering it on whenever you fancy is probably the better route if security is a concern.

I'm not familiar with those hacks, never cared for spotpass.

The reason why MAC address filtering is not recommended as a security measure is because they can be sniffed and spoofed.

I wasn't talking WEP vs MAC but, again, in general and in the context of open wifi.
 
General chit-chat
Help Users
  • No one is chatting at the moment.
    Psionic Roshambo @ Psionic Roshambo: https://imgur.com/gallery/THrBdLQ