nds-constrain't - Taking advantage of a flaw in the Nintendo DS(i) SSL library

Discussion in 'NDS - Emulation and Homebrew' started by shutterbug2000, Oct 29, 2018.

  1. smf

    smf GBAtemp Addict

    Member
    7
    Feb 23, 2009
    The earlier exception for authentication servers, specifically rules out any kind of matchmaking

    https://arstechnica.com/gaming/2015...ght-to-revive-games-behind-abandoned-servers/

    "The LoC placed some important limitations on this new legal right, though. For one, gamers can't legally work to restore online gameplay in titles that required a defunct central server to coordinate such play. Creating third-party matchmaking tools, the LoC argued, would necessarily run afoul of the DMCA's "anti-trafficking provision," which prevents the wide distribution of tools that circumvent DRM and TPM. "

    Although I'm not sure if they assumed you would have to illegally hack the binary or console to do it, as this method doesn't require that.
     
    Last edited by smf, Nov 7, 2018
  2. Jacklack3

    Jacklack3 ( ゚ヮ゚) buddie was here

    Member
    8
    Oct 6, 2015
    Canada
    In your basement Dick Size: 5 meters.
    Is it possible to connect your DS (mainly 3DS) to a WPA2 connection?
     
  3. Searinox

    Searinox Dances with Dragons

    Member
    6
    Dec 16, 2007
    Romania
    Bucharest
    No. 3DS still uses DS settings for wifi. And DS is limited at hardware level.
     
    8BitWalugi and Jacklack3 like this.
  4. DJPlace

    DJPlace P!ssed OFF Pyscho of GBA!!

    Member
    5
    Apr 16, 2008
    United States
    i like to know that has well... only time will teall.
     
  5. fst312

    fst312 GBAtemp Advanced Fan

    Member
    4
    Nov 4, 2008
    United States
    New York
    Searching for people for Mario kart
    Friend code
    417212
    227944
    Friend code might not really be necessary if I’m the only one to search for
     
  6. sks316

    sks316 Meloetta, the Melody Pokémon!

    Member
    9
    Nov 28, 2013
    United States
    Unova
    It's worth noting that DSi-enhanced games like Pokémon Black/White and DSiWare titles work fine on a WPA/WPA2-secured access point. Other than that, great work!
     
    Makore and Robz8 like this.
  7. ThoD

    ThoD GBATemp Addict (apparently), but more like "bored"

    Member
    8
    Sep 8, 2017
    Greece
    How can you get DSi-enhanced games to work on WPA2? I still get the "security not supported" message no matter the game in DS mode...
     
  8. PokeNas

    PokeNas Member

    Newcomer
    2
    Jul 31, 2012
    United States
    So anyway to create a WEP hotspot through a computer?

    I tried Connectify but it only supports WPA
     
  9. ThoD

    ThoD GBATemp Addict (apparently), but more like "bored"

    Member
    8
    Sep 8, 2017
    Greece
    Curious about it too honestly. I'm using netsh commands in order to go online on the 3DS in general, but as far as I know that only makes a WPA2 connection...
     
  10. medoli900

    medoli900 Open the Benzenes Gates

    Member
    4
    GBAtemp Patron
    medoli900 is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Jan 7, 2013
    Lavender Town
    I'm so glad I bought one of these when we didn't have Wi-Fi at home.
    [​IMG]
     
  11. PokeNas

    PokeNas Member

    Newcomer
    2
    Jul 31, 2012
    United States
    Can't someone create a software that simulates a Nintendo Wi-Fi dongle?
     
  12. d4mation

    d4mation GBAtemp Regular

    Member
    3
    Aug 3, 2013
    United States
    I picked up one of these a while back without the software disc and the only way I could make it work was with some modified drivers and only on Windows XP.

    Have you been able to run it on anything more modern?
     
  13. medoli900

    medoli900 Open the Benzenes Gates

    Member
    4
    GBAtemp Patron
    medoli900 is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Jan 7, 2013
    Lavender Town
    I still have the disc, and it works perfectly on Windows Vista. I haven't tried on more recent OS though.
    Wi-Fi is hardware based. You can't "create" Wi-Fi out of software. You can hotspot it, but it will offer no advantages over just changing your router settings.
     
    Last edited by medoli900, Nov 8, 2018 at 2:18 PM
  14. Trash_Bandatcoot

    Trash_Bandatcoot Not a weeb watching manga on his iPad

    Member
    4
    Jul 14, 2018
    Netherlands
    Sadly, the Nintendo Wi-Fi USB Connector doesn't work, so I either have to risk my Wifi by disabling any securities or have my mom storming into my room with eyes of flames after she sees a bill of $120 because I waited too long for someone to spoof in the lobbies of MKDS.
     
    FEF1 likes this.
  15. Sheimi

    Sheimi A cute Vixen!

    Member
    7
    Oct 22, 2009
    United States
    Does this mean, I can go ahead, play online as Tracer in Metroid Prime Hunters and snipe everyone I see?
     
    banjo2 likes this.
  16. vergil2012

    vergil2012 Member

    Newcomer
    1
    Mar 24, 2018
    Germany
    Let's test it...
     
  17. sks316

    sks316 Meloetta, the Melody Pokémon!

    Member
    9
    Nov 28, 2013
    United States
    Unova
    They should work by default as long as you have the WPA2 access point set in your internet settings. If you're using TWiLightMenu++ (aka DSiMenu++), I don't think WPA2 is supported (yet).
     
  18. Searinox

    Searinox Dances with Dragons

    Member
    6
    Dec 16, 2007
    Romania
    Bucharest
    There are a lot of people with concerns about WEP security or inability to accomodate an extra AP on their existing router or objections to using WEP because it downgrades speed to 54Mbps. If you have any old routers lying around, you can connect them to your current router's ethernet ports or your desktop via internet connection sharing, and use them as dedicated devices solely for WFC(plug cable into WAN port and configure DHCP or Static IP). If you do so, your options for security can be improved. Here's what you can do with a WFC-only dedicated device:

    -open instead of shared key
    -13-character password with reasonable length and good password-choosing practices
    -MAC filter to allow only DS-capable device(s) that can actually use the AP
    -exclusive use of the WFC DNS without any secondaries like 8.8.8.8 and such
    -if possible, setting DNS override and authoritative mode on
    -allocating specific IPs to the connecting devices and disabling DHCP
    -firewall or port rules that block or send traffic nowhere from any other IPs other than the allowed ones
    -blocking port 53 on firewall rules from any address except the WFC DNS; this prevents an attacker from setting their own custom DNS to resolve hosts and browse the web regardless of the limitations of the WFC DNS
    -firewall or port rules that block access to the router's UI together with making the interface accessible only from the WAN port via remote administration; this will protect the router from attackers sniffing the wifi to decrypt login packets; if you do not enable and verify that remote management works before you block LAN UI access, you will lock yourself out of your device!
    -activate client isolation if possible
    -limit max simultaneous wifi devices to the number of devices you can use on WFC
    -set router to B-mode only, disable G, N, AC etc.; this will further deter attackers from using an AP that has very poor speeds and the DS only supports B speeds anyway
    -possibly spoof wifi MAC with a made-up value; since MACs can give away your router model/manufacturer and attackers might know of firmware vulnerabilities for the device
    -disable telnet, SSH, WPS on your device if it has these

    Any attacker that gets on will find they need to do massive amounts of work just to get on, and will need to catch an actual session to figure out a MAC they can use. Then an IP which works cause they'll have to do a static config. Then - if even possible - make a third party DNS work. And the speed will be crap. They may not even be able to get proper internet going nor can they snoop the rest of your network. That said, they may still be able to knock you offline by MAC spoofing but most likely, the attacker will just get quickly bored/annoyed and give up.
     
    Last edited by Searinox, Nov 8, 2018 at 9:24 PM
    WintendoZone likes this.
  19. WintendoZone

    WintendoZone Longhorn Lover

    Member
    3
    Oct 11, 2017
    United States
    DS browser?
     
  20. ThoD

    ThoD GBATemp Addict (apparently), but more like "bored"

    Member
    8
    Sep 8, 2017
    Greece
    It doesn't work on Black for me regardless of using a cart or nds-bootstrap though, I have to register the access point in the settings for it to work but it says it's not supported. WEP on nds-bootstrap works fine though.
     
Loading...