Router logs during 3ds update

Discussion in '3DS - Flashcards & Custom Firmwares' started by morphius, Apr 23, 2011.

Apr 23, 2011
  1. morphius
    OP

    Member morphius The King of the Cosmos

    Joined:
    Nov 21, 2008
    Messages:
    298
    Country:
    United States
    I don't know if this is of any use to anyone but, I decided to check out my router logs while trying to do a system update on my 3ds (it already has the current update) here are my findings:

    DHCP Active IP Table
    Client Host Name IP Address MAC Address Expires
    Nintendo 3DS 192.168.1.104 XX:XX:XX:XX:XX:XX 23:59:59

    -----------------
    Thats shows that my 3ds is connected to my router as local address 192.168.1.104
    -----------------

    LAN IP Destination URL/IP Service/Port Number
    192.168.1.104 192.195.204.216 www
    192.168.1.104 111.168.21.69 https
    192.168.1.104 192.195.204.216 www
    192.168.1.104 69.25.139.164 https
    192.168.1.104 192.195.204.216 www
    192.168.1.104 111.168.21.69 https

    -----------------
    Now lets look at where these IPs go
    -----------------

    pointing your browser to http://192.195.204.216/ will take you to a test.html page
    pointing your browser to https://111.168.21.69/ will give you a ssl connection error
    pointing your browser to https://69.25.139.164/ will give you a ssl connection error


    -----------------
    and now the whois lookups on the IPs
    -----------------


    #
    # Query terms are ambiguous. The query is assumed to be:
    # "n 192.195.204.216"
    #
    # Use "?" to get help.
    #

    #
    # The following results may also be obtained via:
    # http://whois.arin.net/rest/nets;q=192.195....;showARIN=false
    #

    NetRange: 192.195.204.0 - 192.195.204.255
    CIDR: 192.195.204.0/24
    OriginAS:
    NetName: NOA
    NetHandle: NET-192-195-204-0-1
    Parent: NET-192-0-0-0-0
    NetType: Direct Assignment
    RegDate: 1992-08-05
    Updated: 2006-01-24
    Ref: http://whois.arin.net/rest/net/NET-192-195-204-0-1

    OrgName: Nintendo Of America inc.
    OrgId: NINTEN
    Address: 4820 150th Ave. N.E.
    City: Redmond
    StateProv: WA
    PostalCode: 98052
    Country: US
    RegDate: 1992-08-05
    Updated: 2006-01-24
    Ref: http://whois.arin.net/rest/org/NINTEN

    OrgTechHandle: BO71-ARIN
    OrgTechName: Olarte, Bill
    OrgTechPhone: +1-425-861-2208
    OrgTechEmail: billo@noa.nintendo.com
    OrgTechRef: http://whois.arin.net/rest/poc/BO71-ARIN

    RTechHandle: BM107-ARIN
    RTechName: Meyer, Brian
    RTechPhone: +1-206-386-4165
    RTechEmail: brian.meyer@spl.org
    RTechRef: http://whois.arin.net/rest/poc/BM107-ARIN

    #
    # ARIN WHOIS data and services are subject to the Terms of Use
    # available at: https://www.arin.net/whois_tou.html
    #

    -----------------

    #
    # Query terms are ambiguous. The query is assumed to be:
    # "n 111.168.21.69"
    #
    # Use "?" to get help.
    #

    #
    # The following results may also be obtained via:
    # http://whois.arin.net/rest/nets;q=111.168....;showARIN=false
    #

    NetRange: 111.0.0.0 - 111.255.255.255
    CIDR: 111.0.0.0/8
    OriginAS:
    NetName: APNIC-AP
    NetHandle: NET-111-0-0-0-1
    Parent:
    NetType: Allocated to APNIC
    Comment: This IP address range is not registered in the ARIN database.
    Comment: For details, refer to the APNIC Whois Database via
    Comment: WHOIS.APNIC.NET or http://wq.apnic.net/apnic-bin/whois.pl
    Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
    Comment: for the Asia Pacific region. APNIC does not operate networks
    Comment: using this IP address range and is not able to investigate
    Comment: spam or abuse reports relating to these addresses. For more
    Comment: help, refer to http://www.apnic.net/apnic-info/whois_sear...se-and-spamming
    RegDate: 2008-11-12
    Updated: 2010-07-30
    Ref: http://whois.arin.net/rest/net/NET-111-0-0-0-1

    OrgName: Asia Pacific Network Information Centre
    OrgId: APNIC
    Address: PO Box 2131
    City: Milton
    StateProv: QLD
    PostalCode: 4064
    Country: AU
    RegDate:
    Updated: 2004-03-01
    Ref: http://whois.arin.net/rest/org/APNIC

    ReferralServer: whois://whois.apnic.net

    OrgTechHandle: AWC12-ARIN
    OrgTechName: APNIC Whois Contact
    OrgTechPhone: +61 7 3858 3188
    OrgTechEmail: search-apnic-not-arin@apnic.net
    OrgTechRef: http://whois.arin.net/rest/poc/AWC12-ARIN

    #
    # ARIN WHOIS data and services are subject to the Terms of Use
    # available at: https://www.arin.net/whois_tou.html
    #




    Deferred to specific whois server: whois.apnic.net...


    % [whois.apnic.net node-3]
    % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

    inetnum: 111.168.0.0 - 111.169.255.255
    netname: BIGLOBE
    descr: NEC BIGLOBE Ltd.
    descr: Gate City West Tower,
    descr: 11-1, Ohsaki 1-chome, Shinagawa-ku,
    descr: Tokyo 141-0032, JAPAN
    country: JP
    admin-c: JNIC1-AP
    tech-c: JNIC1-AP
    status: ALLOCATED PORTABLE
    remarks: Email address for spam or abuse complaints ip-admin@mesh.ad.jp
    changed: hm-changed@apnic.net 20090521
    changed: ip-apnic@nic.ad.jp 20110315
    mnt-irt: IRT-JPNIC-JP
    mnt-by: MAINT-JPNIC
    mnt-lower: MAINT-JPNIC
    source: APNIC

    role: Japan Network Information Center
    address: Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda
    address: Chiyoda-ku, Tokyo 101-0047, Japan
    country: JP
    phone: +81-3-5297-2311
    fax-no: +81-3-5297-2312
    e-mail: hostmaster@nic.ad.jp
    admin-c: JI13-AP
    tech-c: JE53-AP
    nic-hdl: JNIC1-AP
    mnt-by: MAINT-JPNIC
    changed: hm-changed@apnic.net 20041222
    changed: hm-changed@apnic.net 20050324
    changed: ip-apnic@nic.ad.jp 20051027
    source: APNIC

    inetnum: 111.168.0.0 - 111.168.255.255
    netname: BIGLOBE-17
    descr: NEC BIGLOBE Ltd.
    country: JP
    admin-c: JP00020891
    tech-c: JP00020891
    remarks: This information has been partially mirrored by APNIC from
    remarks: JPNIC. To obtain more specific information, please use the
    remarks: JPNIC WHOIS Gateway at
    remarks: http://www.nic.ad.jp/en/db/whois/en-gateway.html or
    remarks: whois.nic.ad.jp for WHOIS client. (The WHOIS client
    remarks: defaults to Japanese output, use the /e switch for English
    remarks: output)
    changed: apnic-ftp@nic.ad.jp 20090612
    source: JPNIC

    -------------------

    #
    # Query terms are ambiguous. The query is assumed to be:
    # "n 69.25.139.164"
    #
    # Use "?" to get help.
    #

    #
    # The following results may also be obtained via:
    # http://whois.arin.net/rest/nets;q=69.25.13...;showARIN=false
    #

    Nintendo of America Inc. INAP-SEF-NINTENDO-39421 (NET-69-25-139-128-1) 69.25.139.128 - 69.25.139.255
    Internap Network Services Corporation PNAP-12-2002 (NET-69-25-0-0-1) 69.25.0.0 - 69.25.255.255


    #
    # ARIN WHOIS data and services are subject to the Terms of Use
    # available at: https://www.arin.net/whois_tou.html
    #
     
  2. epicCreations.or

    Member epicCreations.or GBAtemp Fan

    Joined:
    Mar 13, 2010
    Messages:
    356
    Location:
    Austin, TX
    Country:
    United States
    Cool story bro. I don't think it'll help all that much. Maybe sniffing packets and a complete data log would have been better. This is just simple IPs... But, ya know, it might have useful information. I'm no hacker [​IMG]
     
  3. Annieone23

    Member Annieone23 GBAtemp Regular

    Joined:
    Jun 23, 2010
    Messages:
    125
    Location:
    USA
    Country:
    United States
    like the mindset behind this, and your hearts in the right place. but honestly, any hacker who stands a chance on cracking the 3DS can and would do this themselves if they needed to. they would/could even reach out over irc and have friends etc do it to gather different regions logs as well.

    great heart and reasoning in trying to help though! we just dont need a million posts or threads detailing router logs and the such :/
     
  4. modshroom128

    Member modshroom128 GBAtemp Maniac

    Joined:
    Dec 24, 2006
    Messages:
    1,002
    Country:
    United States
    doesn't help
     
  5. morphius
    OP

    Member morphius The King of the Cosmos

    Joined:
    Nov 21, 2008
    Messages:
    298
    Country:
    United States
    With all due respect , and without starting some highschool flamewar/troll event. There is more data in this one post then on the first 10 pages of this subboard. I JUST started doing network analysis tonight. I now have the address of the severs that serve up official firmware. This is to an extent useful information as one may be able to spoof those addresses and serve themselves a modified firmware(in time).

    I just finished running a rather thorough port scan on the system as well, it turned up all closed ports.

    Yes the next step is to run a packet sniffer (wireshark maybe?) and get some more in depth information. I will post that information when I get to it. In the mean time how bout we all do something productive and pitch in.
     
  6. Annieone23

    Member Annieone23 GBAtemp Regular

    Joined:
    Jun 23, 2010
    Messages:
    125
    Location:
    USA
    Country:
    United States
    and then what?
    what languages do you know? what familiarity do you have with penetration testing? and please dont just spit back the board sticky at me, unless you can seriously implement it.

    as i said before. and i said it politely and encouragingly at your eagerness to help. none, absolutely nothing, of what you have suggested has not already been tried or can be tried within minutes by a competent hacker in the 3ds scene. the 3ds will not be hacked by the hivemind brainpower of a bunch of eager tempers.

    just to play along though, say you do spoof ninty's update servers and can send out a custom 3ds firmware (God only knows how you made one by the way, but say you did). dont you think that the 3ds itself will check for verification keys? nintendo hasnt advertised this as their most secure system yet when it comes to security only to leave the front door wide open.

    you get the signing keys for 3ds firmwares and then make a post about it on gbatemp if you really want people to go apesh** with eagerness to help you.
     
  7. morphius
    OP

    Member morphius The King of the Cosmos

    Joined:
    Nov 21, 2008
    Messages:
    298
    Country:
    United States
    At least I'm doing SOMETHING. My thoughts abouts "custom firmware" would be a possibly debugged/hacked up version of the update file served right from their servers, its just a thought. Has anyone been able to grab a copy of it?
     
  8. Snailface

    Member Snailface My frothing demand for 3ds homebrew is increasing

    Joined:
    Sep 20, 2010
    Messages:
    4,324
    Location:
    Engine Room with Cyan, watching him learn.
    Country:
    Antarctica
    Somebody already did something like this, I think it was a staff member, but I forgot who.

    Edit: Here
     
    1 person likes this.
  9. Nollog

    Member Nollog GBAtemp Addict

    Joined:
    Oct 10, 2008
    Messages:
    2,691
    Country:
    Ireland
    They sniffed the packets.

    Folk what complain that nobody is posting anything useful should keep in mind that a "hacker" is human, and their scope of vision may not always be 20:20 360 degrees.
    Sometimes it is helpful to point out something they may have overlooked.
     
  10. morphius
    OP

    Member morphius The King of the Cosmos

    Joined:
    Nov 21, 2008
    Messages:
    298
    Country:
    United States
    snailface: thx for the link
     
  11. Zane

    Member Zane Ace Wizard

    Joined:
    Mar 22, 2008
    Messages:
    650
    Location:
    Sweden, Falkenberg
    Country:
    Sweden
    That's what i keep thinking aswell, even if you're skilled and know alot about hacking these kinds of stuff, it's easy to overlook the simple things, when you're deep into the stuff already. =)
     
  12. GeekyGuy

    Global Moderator GeekyGuy Professional loafer

    Joined:
    Jun 21, 2007
    Messages:
    4,739
    Country:
    United States
    That's generally how science works, so yeah, as long as folks are offering constructive comments, criticisms and findings, it probably can't hurt. Worst that could happen is someone simply saying "tried it" and move on.
     
  13. robo989

    Member robo989 GBAtemp Regular

    Joined:
    Jul 13, 2010
    Messages:
    144
    Country:
    United States
    blah blah.

    Oh please! Don't be ridiculous. hacking is a methodical task. Someone pointed out by someone who can't code\etc has never provided any help ever in the history of human kind. Don't feed the silly people's ego. You tolerate stupid people instead of pointing out how stupid they have been and you just get more stupid people.

    No, that's not politically correct, but does that matter. Time to get real I say.
     
  14. Treflex

    Member Treflex GBAtemp Regular

    Joined:
    Feb 1, 2008
    Messages:
    179
    Location:
    New Jersey, USA
    Country:
    United States
    Give the guy a break >.> Who cares if "anyone could have done it". At least this is better than another "OMG FLASCHKART BRICK 3dS YESss HOW 2 CUTSOM FERMWEAR?" thread...
     
  15. ManFranceGermany

    Member ManFranceGermany Atheist, Socialist and pro EU!

    Joined:
    Nov 14, 2010
    Messages:
    624
    Country:
    Germany
    All this IPs are known.
    If u could save the Data which came from Nintendo to your 3ds and decrypt it, that would be very useful.
     
  16. Ravenius

    Newcomer Ravenius Advanced Member

    Joined:
    Mar 15, 2011
    Messages:
    72
    Country:
    Finland
    Decrypt it? Sure, I can do that!
     
  17. Nollog

    Member Nollog GBAtemp Addict

    Joined:
    Oct 10, 2008
    Messages:
    2,691
    Country:
    Ireland
    My 3DS decrypts it on its own!
     

Share This Page