nds-constrain't - Taking advantage of a flaw in the Nintendo DS(i) SSL library

Discussion in 'NDS - Emulation and Homebrew' started by shutterbug2000, Oct 29, 2018.

  1. shutterbug2000

    shutterbug2000 Cubic NINJHAX!

    Oct 11, 2014
    United States
    Introducing nds-constraint!
    After many years of trying to find a solution for hackless custom Nintendo Wi-Fi Connection servers, a solution has finally been found for the Nintendo DS and the Nintendo DSi system families!
    Details on how it works, instructions on how to set it up for yourself, and Kaeru Team's official Kaeru WFC server that utilizes this new method can be found below:


    For those who just want to play online, here's the DNS server info:
    Secondary: or
    contezero, Archerite, Charli and 66 others like this.
  2. ry755

    ry755 Fox

    Nov 29, 2017
    United States
    Last edited by ry755, Oct 29, 2018
    THEGUY3ds likes this.
  3. slaphappygamer

    slaphappygamer GBAPerm

    Nov 30, 2008
    United States
    Aptos, California
    So now we can play Mario kart online?
  4. THEGUY3ds

    THEGUY3ds GBAtemp Regular

    Apr 13, 2018
    In The galaxy
    Hopefully these servers will have many people using them.
    ry755, WintendoZone and PICTOCHAT like this.
  5. Josephvb10

    Josephvb10 I like Pokémon

    Aug 26, 2009
    Costa Rica
    So does this work for every game?
  6. Tarmfot

    Tarmfot Advanced Member

    Dec 12, 2015
    I just don't understandt it well but it seems a very good news. :)
    No need to patch and no wiimfi for ds then!
    Itzumi likes this.
  7. Coto

    Coto -

    Jun 4, 2010
    the SSL is just a layer on top the HTTP layer that adds a safe client - server handshake without being MITM´d.

    Since the Nintendo WFC has been reverse engineered and implemented in the server side that still required some sort of manipulation on the client side so the client implementation would just discard the SSL context.
    The way the Nintendo WFC games were written, these still required the SSL (SSLv3) layer implemented. Thus a simple server redirection wouldn't work if the games weren't tampered with.

    SSL certs are built on the key-pair principle.

    Certificate Signing Request:
    - A public key and a certificate is forged from a private key (that only the owner has). The CA (Certificate Authority) issuer builds a certificate to be later used by the client and the server in the SSL certificate chain. The idea is that the CA is the owner of the secured connection. And it seems there is a flag to toggle the CA validity to off. So you can sign your own server certs and send them to the DS. So the chain of trust (being part of the SSL implementation, bundled with the game ROM as ARM assembly) goes as intended.

    SSL handshake:
    - once the client asks for the server SSL certificate, the public key bundled with is used to decrypt the digital signature of the cert earlier forged by the private key. If the decryption is successful then the connection takes place.
    GilgameshArcher, SS4 and Tarmfot like this.
  8. TipsPROmayB

    TipsPROmayB Just a music producer roaming GBATemp

    Jan 9, 2016
    Nice, if only mkds was compatible with wpa :/
    ry755, WintendoZone and weatMod like this.
  9. banjo2

    banjo2 little man

    May 31, 2016
    United States
    gamer armchair
    Yay, now I can finally use that extra copy of Metroid Prime Hunters to mess around with online. Now to decrypt this madness into noob speak so I can do it without downloading unnecessary stuff.
  10. Funky_3000

    Funky_3000 Member

    Jul 15, 2017
    Hi, does this work if i use NDSi++ ( DS/DSi emulator for 3DS ) please ?
  11. Robz8

    Robz8 Coolest of TWL

    Oct 1, 2010
    United States
    Also, DSiMenu++ isn't an emulator. It runs DS games natively.
  12. TipsPROmayB

    TipsPROmayB Just a music producer roaming GBATemp

    Jan 9, 2016
    Found a way to play online (for people that can't make a WEP hotspot):
    If you have a newer phone, you can probably only make a WPA2 hotspot, but I found a way how to make it work.
    You need to make your network open and you need to add your DS mac address and put "Allowed devices only". You can then connect your DS without a problem to your hotspot and play any game you want online. Tried it with MKDS and played a game with someone online and it worked great!

    Hope this helps :)
    Tarmfot and SCOTT0852 like this.
  13. tech3475

    tech3475 GBAtemp Maniac

    Jun 12, 2009
    For the record, Mac address filtering isn't really recommended as a security option, although better than nothing in this case.

    You may be better off long term looking for something like an old router and isolating it on the LAN (more complicated but more secure).
  14. Lenoor

    Lenoor Member

    Dec 3, 2010
    Is there hope for Wii's multi ? I'd like to play Meownster Hunter Tri again.
    codezer0, Zense and Tarmfot like this.
  15. nl255

    nl255 GBAtemp Addict

    Apr 9, 2004
    Though to be fair Mac address filtering is only slightly worse than WEP (as at least cracking WEP can't easily be done with most smartphones due to a lack of support for the required features*).

    *Yes, I know you can use certain external usb wifi cards to work around it but that is a pain in the ass due to compatibility issues.
  16. Searinox

    Searinox Dances with Dragons

    Dec 16, 2007
    Now waiting for a new class of DSi and 3DS jailbreak exploits involving running legit DS titles on the console with a custom DNS, connecting to a hax server for online play, and feeding the console corrupt data overflowing one thing or another in order to run arbitrary code.
    Tarmfot, Fishaman P and TheNerdWIzard like this.
  17. tech3475

    tech3475 GBAtemp Maniac

    Jun 12, 2009
    I was speaking in general and then compared to open wifi.

    I think if you plan to do anything like this, it would be better to use a method which isolates the DS as much as possible from a known good device/network.
  18. TipsPROmayB

    TipsPROmayB Just a music producer roaming GBATemp

    Jan 9, 2016
    I was just saying if you don't have any other options, you could do my method. Since I don't have any other routers in my house and I'm unable to make a WEP hotspot and everyone in my country is dumb af so an open wifi hotspot is just okay for what I need
    xs4all likes this.
  19. FAST6191

    FAST6191 Techromancer

    pip Reporter
    Nov 21, 2005
    United Kingdom
    Nice writeup/work those responsible. I am not sure how much practical use it will be in the end but the option is very much appreciated. Looks like I also have some reading to do on the full SSL implementation.

    Were you not around for the times we needed custom mac addresses for various hacks (the streetpass thing being the most notable)? I have quite literally had an easier time teaching people to figure out WEP keys.

    I agree though getting an older router, doing a decent setup there and powering it on whenever you fancy is probably the better route if security is a concern.
  20. tech3475

    tech3475 GBAtemp Maniac

    Jun 12, 2009
    I'm not familiar with those hacks, never cared for spotpass.

    The reason why MAC address filtering is not recommended as a security measure is because they can be sniffed and spoofed.

    I wasn't talking WEP vs MAC but, again, in general and in the context of open wifi.