Router logs during 3ds update

Discussion in '3DS - Flashcards & Custom Firmwares' started by morphius, Apr 23, 2011.

  1. morphius
    OP

    morphius The King of the Cosmos

    Member
    298
    32
    Nov 21, 2008
    United States
    I don't know if this is of any use to anyone but, I decided to check out my router logs while trying to do a system update on my 3ds (it already has the current update) here are my findings:

    DHCP Active IP Table
    Client Host Name IP Address MAC Address Expires
    Nintendo 3DS 192.168.1.104 XX:XX:XX:XX:XX:XX 23:59:59

    -----------------
    Thats shows that my 3ds is connected to my router as local address 192.168.1.104
    -----------------

    LAN IP Destination URL/IP Service/Port Number
    192.168.1.104 192.195.204.216 www
    192.168.1.104 111.168.21.69 https
    192.168.1.104 192.195.204.216 www
    192.168.1.104 69.25.139.164 https
    192.168.1.104 192.195.204.216 www
    192.168.1.104 111.168.21.69 https

    -----------------
    Now lets look at where these IPs go
    -----------------

    pointing your browser to http://192.195.204.216/ will take you to a test.html page
    pointing your browser to https://111.168.21.69/ will give you a ssl connection error
    pointing your browser to https://69.25.139.164/ will give you a ssl connection error


    -----------------
    and now the whois lookups on the IPs
    -----------------


    #
    # Query terms are ambiguous. The query is assumed to be:
    # "n 192.195.204.216"
    #
    # Use "?" to get help.
    #

    #
    # The following results may also be obtained via:
    # http://whois.arin.net/rest/nets;q=192.195....;showARIN=false
    #

    NetRange: 192.195.204.0 - 192.195.204.255
    CIDR: 192.195.204.0/24
    OriginAS:
    NetName: NOA
    NetHandle: NET-192-195-204-0-1
    Parent: NET-192-0-0-0-0
    NetType: Direct Assignment
    RegDate: 1992-08-05
    Updated: 2006-01-24
    Ref: http://whois.arin.net/rest/net/NET-192-195-204-0-1

    OrgName: Nintendo Of America inc.
    OrgId: NINTEN
    Address: 4820 150th Ave. N.E.
    City: Redmond
    StateProv: WA
    PostalCode: 98052
    Country: US
    RegDate: 1992-08-05
    Updated: 2006-01-24
    Ref: http://whois.arin.net/rest/org/NINTEN

    OrgTechHandle: BO71-ARIN
    OrgTechName: Olarte, Bill
    OrgTechPhone: +1-425-861-2208
    OrgTechEmail: billo@noa.nintendo.com
    OrgTechRef: http://whois.arin.net/rest/poc/BO71-ARIN

    RTechHandle: BM107-ARIN
    RTechName: Meyer, Brian
    RTechPhone: +1-206-386-4165
    RTechEmail: brian.meyer@spl.org
    RTechRef: http://whois.arin.net/rest/poc/BM107-ARIN

    #
    # ARIN WHOIS data and services are subject to the Terms of Use
    # available at: https://www.arin.net/whois_tou.html
    #

    -----------------

    #
    # Query terms are ambiguous. The query is assumed to be:
    # "n 111.168.21.69"
    #
    # Use "?" to get help.
    #

    #
    # The following results may also be obtained via:
    # http://whois.arin.net/rest/nets;q=111.168....;showARIN=false
    #

    NetRange: 111.0.0.0 - 111.255.255.255
    CIDR: 111.0.0.0/8
    OriginAS:
    NetName: APNIC-AP
    NetHandle: NET-111-0-0-0-1
    Parent:
    NetType: Allocated to APNIC
    Comment: This IP address range is not registered in the ARIN database.
    Comment: For details, refer to the APNIC Whois Database via
    Comment: WHOIS.APNIC.NET or http://wq.apnic.net/apnic-bin/whois.pl
    Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
    Comment: for the Asia Pacific region. APNIC does not operate networks
    Comment: using this IP address range and is not able to investigate
    Comment: spam or abuse reports relating to these addresses. For more
    Comment: help, refer to http://www.apnic.net/apnic-info/whois_sear...se-and-spamming
    RegDate: 2008-11-12
    Updated: 2010-07-30
    Ref: http://whois.arin.net/rest/net/NET-111-0-0-0-1

    OrgName: Asia Pacific Network Information Centre
    OrgId: APNIC
    Address: PO Box 2131
    City: Milton
    StateProv: QLD
    PostalCode: 4064
    Country: AU
    RegDate:
    Updated: 2004-03-01
    Ref: http://whois.arin.net/rest/org/APNIC

    ReferralServer: whois://whois.apnic.net

    OrgTechHandle: AWC12-ARIN
    OrgTechName: APNIC Whois Contact
    OrgTechPhone: +61 7 3858 3188
    OrgTechEmail: search-apnic-not-arin@apnic.net
    OrgTechRef: http://whois.arin.net/rest/poc/AWC12-ARIN

    #
    # ARIN WHOIS data and services are subject to the Terms of Use
    # available at: https://www.arin.net/whois_tou.html
    #




    Deferred to specific whois server: whois.apnic.net...


    % [whois.apnic.net node-3]
    % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

    inetnum: 111.168.0.0 - 111.169.255.255
    netname: BIGLOBE
    descr: NEC BIGLOBE Ltd.
    descr: Gate City West Tower,
    descr: 11-1, Ohsaki 1-chome, Shinagawa-ku,
    descr: Tokyo 141-0032, JAPAN
    country: JP
    admin-c: JNIC1-AP
    tech-c: JNIC1-AP
    status: ALLOCATED PORTABLE
    remarks: Email address for spam or abuse complaints ip-admin@mesh.ad.jp
    changed: hm-changed@apnic.net 20090521
    changed: ip-apnic@nic.ad.jp 20110315
    mnt-irt: IRT-JPNIC-JP
    mnt-by: MAINT-JPNIC
    mnt-lower: MAINT-JPNIC
    source: APNIC

    role: Japan Network Information Center
    address: Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda
    address: Chiyoda-ku, Tokyo 101-0047, Japan
    country: JP
    phone: +81-3-5297-2311
    fax-no: +81-3-5297-2312
    e-mail: hostmaster@nic.ad.jp
    admin-c: JI13-AP
    tech-c: JE53-AP
    nic-hdl: JNIC1-AP
    mnt-by: MAINT-JPNIC
    changed: hm-changed@apnic.net 20041222
    changed: hm-changed@apnic.net 20050324
    changed: ip-apnic@nic.ad.jp 20051027
    source: APNIC

    inetnum: 111.168.0.0 - 111.168.255.255
    netname: BIGLOBE-17
    descr: NEC BIGLOBE Ltd.
    country: JP
    admin-c: JP00020891
    tech-c: JP00020891
    remarks: This information has been partially mirrored by APNIC from
    remarks: JPNIC. To obtain more specific information, please use the
    remarks: JPNIC WHOIS Gateway at
    remarks: http://www.nic.ad.jp/en/db/whois/en-gateway.html or
    remarks: whois.nic.ad.jp for WHOIS client. (The WHOIS client
    remarks: defaults to Japanese output, use the /e switch for English
    remarks: output)
    changed: apnic-ftp@nic.ad.jp 20090612
    source: JPNIC

    -------------------

    #
    # Query terms are ambiguous. The query is assumed to be:
    # "n 69.25.139.164"
    #
    # Use "?" to get help.
    #

    #
    # The following results may also be obtained via:
    # http://whois.arin.net/rest/nets;q=69.25.13...;showARIN=false
    #

    Nintendo of America Inc. INAP-SEF-NINTENDO-39421 (NET-69-25-139-128-1) 69.25.139.128 - 69.25.139.255
    Internap Network Services Corporation PNAP-12-2002 (NET-69-25-0-0-1) 69.25.0.0 - 69.25.255.255


    #
    # ARIN WHOIS data and services are subject to the Terms of Use
    # available at: https://www.arin.net/whois_tou.html
    #
     
  2. epicCreations.or

    epicCreations.or GBAtemp Fan

    Member
    356
    15
    Mar 13, 2010
    United States
    Austin, TX
    Cool story bro. I don't think it'll help all that much. Maybe sniffing packets and a complete data log would have been better. This is just simple IPs... But, ya know, it might have useful information. I'm no hacker [​IMG]
     
  3. Annieone23

    Annieone23 GBAtemp Regular

    Member
    125
    22
    Jun 23, 2010
    United States
    USA
    like the mindset behind this, and your hearts in the right place. but honestly, any hacker who stands a chance on cracking the 3DS can and would do this themselves if they needed to. they would/could even reach out over irc and have friends etc do it to gather different regions logs as well.

    great heart and reasoning in trying to help though! we just dont need a million posts or threads detailing router logs and the such :/
     
  4. modshroom128

    modshroom128 GBAtemp Maniac

    Member
    1,005
    2
    Dec 24, 2006
    United States
    doesn't help
     
  5. morphius
    OP

    morphius The King of the Cosmos

    Member
    298
    32
    Nov 21, 2008
    United States
    With all due respect , and without starting some highschool flamewar/troll event. There is more data in this one post then on the first 10 pages of this subboard. I JUST started doing network analysis tonight. I now have the address of the severs that serve up official firmware. This is to an extent useful information as one may be able to spoof those addresses and serve themselves a modified firmware(in time).

    I just finished running a rather thorough port scan on the system as well, it turned up all closed ports.

    Yes the next step is to run a packet sniffer (wireshark maybe?) and get some more in depth information. I will post that information when I get to it. In the mean time how bout we all do something productive and pitch in.
     
  6. Annieone23

    Annieone23 GBAtemp Regular

    Member
    125
    22
    Jun 23, 2010
    United States
    USA
    and then what?
    what languages do you know? what familiarity do you have with penetration testing? and please dont just spit back the board sticky at me, unless you can seriously implement it.

    as i said before. and i said it politely and encouragingly at your eagerness to help. none, absolutely nothing, of what you have suggested has not already been tried or can be tried within minutes by a competent hacker in the 3ds scene. the 3ds will not be hacked by the hivemind brainpower of a bunch of eager tempers.

    just to play along though, say you do spoof ninty's update servers and can send out a custom 3ds firmware (God only knows how you made one by the way, but say you did). dont you think that the 3ds itself will check for verification keys? nintendo hasnt advertised this as their most secure system yet when it comes to security only to leave the front door wide open.

    you get the signing keys for 3ds firmwares and then make a post about it on gbatemp if you really want people to go apesh** with eagerness to help you.
     
  7. morphius
    OP

    morphius The King of the Cosmos

    Member
    298
    32
    Nov 21, 2008
    United States
    At least I'm doing SOMETHING. My thoughts abouts "custom firmware" would be a possibly debugged/hacked up version of the update file served right from their servers, its just a thought. Has anyone been able to grab a copy of it?
     
  8. Snailface

    Snailface My frothing demand for 3ds homebrew is increasing

    Member
    4,324
    1,981
    Sep 20, 2010
    Engine Room with Cyan, watching him learn.
    Somebody already did something like this, I think it was a staff member, but I forgot who.

    Edit: Here
     
    1 person likes this.
  9. Nollog

    Nollog GBAtemp Addict

    Member
    2,703
    472
    Oct 10, 2008
    They sniffed the packets.

    Folk what complain that nobody is posting anything useful should keep in mind that a "hacker" is human, and their scope of vision may not always be 20:20 360 degrees.
    Sometimes it is helpful to point out something they may have overlooked.
     
  10. morphius
    OP

    morphius The King of the Cosmos

    Member
    298
    32
    Nov 21, 2008
    United States
    snailface: thx for the link
     
  11. Zane

    Zane Ace Wizard

    Member
    650
    2
    Mar 22, 2008
    Sweden, Falkenberg
    That's what i keep thinking aswell, even if you're skilled and know alot about hacking these kinds of stuff, it's easy to overlook the simple things, when you're deep into the stuff already. =)
     
  12. GeekyGuy

    GeekyGuy Professional loafer

    Global Moderator
    4,746
    228
    Jun 21, 2007
    United States
    That's generally how science works, so yeah, as long as folks are offering constructive comments, criticisms and findings, it probably can't hurt. Worst that could happen is someone simply saying "tried it" and move on.
     
  13. robo989

    robo989 GBAtemp Regular

    Member
    145
    56
    Jul 13, 2010
    United States
    blah blah.

    Oh please! Don't be ridiculous. hacking is a methodical task. Someone pointed out by someone who can't code\etc has never provided any help ever in the history of human kind. Don't feed the silly people's ego. You tolerate stupid people instead of pointing out how stupid they have been and you just get more stupid people.

    No, that's not politically correct, but does that matter. Time to get real I say.
     
  14. Treflex

    Treflex GBAtemp Regular

    Member
    179
    6
    Feb 1, 2008
    United States
    New Jersey, USA
    Give the guy a break >.> Who cares if "anyone could have done it". At least this is better than another "OMG FLASCHKART BRICK 3dS YESss HOW 2 CUTSOM FERMWEAR?" thread...
     
  15. ManFranceGermany

    ManFranceGermany Atheist, Socialist and pro EU!

    Member
    624
    5
    Nov 14, 2010
    Gambia, The
    All this IPs are known.
    If u could save the Data which came from Nintendo to your 3ds and decrypt it, that would be very useful.
     
  16. Ravenius

    Ravenius Advanced Member

    Newcomer
    72
    3
    Mar 15, 2011
    Finland
    Decrypt it? Sure, I can do that!
     
  17. Nollog

    Nollog GBAtemp Addict

    Member
    2,703
    472
    Oct 10, 2008
    My 3DS decrypts it on its own!