Pokemon Wi-Fi Anti-Cheat (Battle-Analyzer Jammer)

Discussion in '3DS - Flashcards & Custom Firmwares' started by KazoWAR, Dec 4, 2013.

  1. KazoWAR
    OP

    KazoWAR GBAtemp Advanced Maniac

    Member
    1,791
    673
    Aug 12, 2008
    United States
    Winter Haven
    Pokémon X/Y v1.2 is out, and it blocks Battle-Analyzer.
     
    DiabloStorm, isaac52, SignZ and 9 others like this.
  2. basher11

    basher11 GBAtemp's Official Vocaloid Lover

    Member
    4,385
    128
    Jun 29, 2009
    United States
    Good job KazoWAR. :wub:
     
  3. DJPlace

    DJPlace P!ssed OFF Pyscho of GBA!!

    Member
    4,559
    369
    Apr 16, 2008
    United States
    i saw a topic about this... and this counters this thing the person released right?
     
  4. ChaosFire

    ChaosFire Newbie

    Newcomer
    4
    1
    May 12, 2009
    United States
    If you feel like it a version that lets you choose what information you send over would be great. Totally troll the cheater with wrong moves and stuff.

    Also great job!
     
  5. fierce waffle

    fierce waffle GBAtemp Regular

    Member
    108
    136
    Sep 15, 2012
    United States
    Great job, sir.
     
  6. Pong20302000

    Pong20302000 making notes on everything

    Member
    8,076
    1,931
    Sep 8, 2009
    One's inner self
    lol Nintendo might put you on the Not As Bad as we thought list :P
     
  7. lambstone

    lambstone No. Nyet. 不. Non. Nein.

    Banned
    615
    167
    Aug 14, 2011
    Yeah, but this will in turn lead to "Anti-anti Cheat" and so on and so forth. Only way is for a fix to come from Nintendo.
     
  8. cearp

    cearp the ticket master

    Member
    7,405
    4,658
    May 26, 2008
    Tuvalu

    are nintendo going to do this?
     
  9. Langin

    Langin GBAtemp's kpop addict

    Member
    4,653
    778
    Jul 29, 2008
    Netherlands
    The Hague
    Kazowar you are a hero! I might pic up the game again now. I hope Nintendo blocks it themselves later on. ^_^ Please no insta-check or shit anymore.
     
  10. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23,192
    8,942
    Nov 21, 2005
    Always enjoy hack, counter hack*, especially if more than one of the parties working to different ends is not an official source. I would love to discuss the counters to this but I guess for obvious reasons it would not get anywhere. "if you keep it running it will not work for the next battle" says to me it might actually be one of the harder ways to counter though.


    *I know I already linked it in the last thread but I really like the film too
     
  11. KazoWAR
    OP

    KazoWAR GBAtemp Advanced Maniac

    Member
    1,791
    673
    Aug 12, 2008
    United States
    Winter Haven
    i love that clip
     
  12. Coto

    Coto GBAtemp Addict

    Member
    2,343
    397
    Jun 4, 2010
    Chile
    how does this exactly do its job? sends garbled (unencrypted data), while keeping all encrypted data healthy?
     
  13. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23,192
    8,942
    Nov 21, 2005
    As I understand it gamefreak failed basic network security and sent everything unencrypted, unobfuscated and in the same manner every time, this includes the selection of pokemon for a battle (I guess for caching/preloading the moves reasons as well as maybe some failed attempt at move validation at a higher level, however I am told similar things happened for earlier games with cheats so it might have been a bit of code reuse. Either way gamefreak screwed up at a truly amateur level for this). The only protection they have is tamper detection which means we can not inject arbitrary data and why there is no injection option at present.
    First we say simple trade detection programs. This has since been advanced quite a bit if the current trade checking programs are anything to go by.
    The battle analyser then also noted that team selection in battles was transmitted in plaintext and made a decoder. As this is trivial it is also one of the reasons why we have not bothered to slow or stem the spread of the program, I would not have as nice a GUI and decode options but I reckon at some level I could probably have a simple filter string written for wireshark over a lunch break.

    From here you really want to know two things
    Signal jamming
    The OSI model of networking.

    Signal jamming is done in one of three ways
    You stop the signal. Putting something in a Faraday cage is the main example of this, a bit hard to do in software though.
    You jam the frequency. I am told some people did DDOS opponents off the internet and thus win by default as it were (dropped connections counted as losses). In normal radio signals this requires a lot of power.
    You fiddle at protocol level. You pretend to be another base station, you send data that looks valid at first pass and other such things. This is harder to do as you have to know the protocol but takes considerably less power. This is what we are playing at here.

    The OSI model then.
    Network communications happen on many levels, it is not complex but more than I have the inclination to go through right now. http://www.washington.edu/lst/help/computing_fundamentals/networking/osi should cover it though. Depending upon the setup your network scanner snatches the packets quite low down where the packets pokemon decides to use are validated at a higher level (it could be the Presentation layer but I would not be surprised to see something at the Application layer as well). As wifi communications and internet communications are inherently unreliable though it expects to see some measure of broken packets and packets coming out of order and all sorts of things like that.
    My guess is then as we do not have the source the analyser snatches things at a low level, filters out what it needs with some basic filters and then decodes the packets to get the info.
    To counter the analyser my guess is some valid data is snatched and used as base for the upcoming battle. As the analyser is working at a much lower level and does not or can not validate it as the game would it is fooled and displays wrong data.
    There are various ways the analyser could be brought back for a while pending Nintendo's getting their act together.
    Nintendo encrypting player to player packets. This could be interesting actually. For a normal PC program I would have a recompiled version up within the hour but if they have to make it a patch and have it work on top of the existing setup (what we have seen of the 3ds says it is not as bad as the DS would have been but it is not a full computer or even like the last round of home consoles), with the gateway working as it does though the question will soon probably have to turn to cheats and memory reading or at least a higher level of validation.

    "start it up before connecting to the other person and stop it after the battle is over. if you keep it running it will not work for the next battle."
    This provides some insight as to what might be happening and why I guess it was a packet snatched rather than a prebaked stream or something generated randomly on the fly. It might also be that KazoWAR saw the obvious counters to it and acted accordingly (if it uses the same seed values or handshake values then it makes further filtering trivial) or it could be a simple issue with broadcasting at the right time but I doubt that.
     
  14. KazoWAR
    OP

    KazoWAR GBAtemp Advanced Maniac

    Member
    1,791
    673
    Aug 12, 2008
    United States
    Winter Haven

    what it does is sends packets tat contains the data battle-analyzer is looking for. once it gets an ip/mac of the opponent it goes in to a spamming loop, and needs to be stopped/started to start looking for a ip/mac again. it enough for now, but probably easily countered as well.
     
  15. Coto

    Coto GBAtemp Addict

    Member
    2,343
    397
    Jun 4, 2010
    Chile
    thanks guys