Hacking Save Nintendo WiFi - A project to save online servers for Wii (and DS) games

Toad King

Well-Known Member
OP
Member
Joined
Aug 19, 2009
Messages
374
Trophies
0
XP
546
Country
United States
UPDATE: We got a custom server up an running: Instructions on how to use it are at http://altwfc.net/. Also hop on IRC if you want to help or contribute at #altwfc on Rizon.


UPDATE 2
2014-10-12 : the new altwfc server IP is 104.131.93.87! Be sure to update your DNS settings!




http://save-nintendo-wifi.com/

I'm starting this project in response to the announcement of Nintendo Wi-Fi servers shutting down in May. Eventually this project hopes to have enough information so myself or other hackers have enough information to reverse engineer the Nintendo Wi-Fi servers and make emulated servers to live long after the May 20th cutoff date. What I plan to do is until the servers get shut down, is collect as many packet dumps from as many of these games as I can. That is where you can come in.

Right now we only have a little less than three months to gather data on all the games being shut down. Pure manpower is needed at this point, because a lot of games are going away and although initial analysis seems to indicate games use very similar protocols, there might be some differences between games we'll have to save and document.

If you have a capable router and one of the games being shut down, you can help. I have a guide on how to configure a DD-WRT or Tomato router on the project page, and it is possible to get packet logs from emulators as well. If someone can contribute a guide for that that would be really helpful to get people on.

Goals right now:
* Get packets from as many games as possible before it goes down, with focus on games we don't have any information on yet.

This thread is for discussing Wii games. The thread for DS games is here: http://gbatemp.net/threads/save-nin...e-online-servers-for-ds-and-wii-games.362717/
 

Kyohack

Well-Known Member
Newcomer
Joined
Mar 27, 2010
Messages
98
Trophies
0
Location
Las Vegas, Nevada
Website
pokecheats.net
XP
198
Country
United States
Sorry to rain on your parade, but setting up fake servers is impossible for any game that uses the Nintendo Wi-Fi Connection. As you might've noticed, the protocol starts out by sending encrypted communications to Nintendo's servers (this is used for banning consoles, etc). SSL ecnryption cannot be cracked, and there is no way for you to setup a fake server if SSL is involved. You would need the SSL private cert to do this. The private cert is different from the public cert, and as the name suggests, it is indeed private. It is kept server side, and nobody has access to it, nor ever will (except for a select few Nintendo employee(s) that administer the official servers).

Since the games won't be able to reach the Nintendo Wi-Fi Connection ban servers, they will immediately halt the active connection and refuse to go to any third party game servers (even if some of those servers are unencrypted, such as the gamestats server used for the Pokemon GTS online functionality). But this is besides the point because most third party game servers are encrypted, just like the Nintendo game servers. Even if you COULD get the connection to proceed, you'd be stuck at another encrypted server.
 

Toad King

Well-Known Member
OP
Member
Joined
Aug 19, 2009
Messages
374
Trophies
0
XP
546
Country
United States
Sorry to rain on your parade, but setting up fake servers is impossible for any game that uses the Nintendo Wi-Fi Connection. As you might've noticed, the protocol starts out by sending encrypted communications to Nintendo's ban servers. SSL ecnryption cannot be cracked, and there is no way for you to setup a fake server if SSL is involved. And if the games can't reach the Nintendo Wi-Fi Connection, they can't go to any third party game servers, even if some of those servers are unencrypted (such as the gamestats server used for the unencrypted Pokemon GTS server).
SSL can't easily be cracked, but it can be intercepted and is susceptible to MITM attacks. All it takes is the client trusting a rogue CA authority or not verifying the certificate. Since we know where CA authorities are stored on the Wii, it wouldn't be hard to sneak our own in there and use a MITM proxy to read the info.

This is all assuming the CA authority is even checked. It probably is on the Wii, but I'm not sure it is on the DS.
 

Kyohack

Well-Known Member
Newcomer
Joined
Mar 27, 2010
Messages
98
Trophies
0
Location
Las Vegas, Nevada
Website
pokecheats.net
XP
198
Country
United States
No, the games are not susceptible to rogue CAs. The public SSL certs for the Nintendo Wi-Fi Connection are hard encoded into each ROM, and will only accept connections from servers using the private SSL cert. It's not like we didn't see this coming. The private SSL cert is set to expire in 2015 anyways. If Nintendo didn't shut down the Nintendo Wi-Fi Connection now, then it would have just died on its own.

The only way to get around the SSL would be to replace the public cert that the ROMs use. Doing so would require a ROM patch, and the game would need to be run from a flash cart in order to make this possible. Yes, emulators such as Desmume do allow for some online play functionality, but this support is still in its infancy and many people have difficulties getting it to work.
 
  • Like
Reactions: Margen67

Toad King

Well-Known Member
OP
Member
Joined
Aug 19, 2009
Messages
374
Trophies
0
XP
546
Country
United States
Wii homebrew can already do patching from tools like GekkoOS and Riivolution, I don't see how hardcoded certs are an issue when we can simply replace it with our own. Sure vanilla users won't be able to use it but there is always going to be some setup that needs to be done for emulated servers.

Also, I just connected to Mario Kart Wii online with my internal date set to 2018 so games are probably coded to ignore expiration dates on certs. Which sounds right, because why would Nintendo put in a soft cutoff date?
 

Kyohack

Well-Known Member
Newcomer
Joined
Mar 27, 2010
Messages
98
Trophies
0
Location
Las Vegas, Nevada
Website
pokecheats.net
XP
198
Country
United States
Yes, since softmodding is possible with the Nintendo Wii console your proposal would have a larger potential fanbase for Wii-related game servers than for DS-related servers. And since the Wii has been so widely exploited in the past, I would reason to say that it might even be easier for you to accomplish your goal on the Wii than on the DS. Needless to say, a significant amount of protocol research would need to be performed in order to make this possible. For a very skilled individual, I suppose three months might be enough time to code support for a game or two.

Yes, it is technically possible for Nintendo to ignore the SSL expiration date for in-game functionality. I hadn't tested that myself, and just assumed that Nintendo would have coded in date checking for all games, since they should already have SSL expiration validation coded for online shop functionality, to meet PCI compliance standards for ecommerce.
 

Toad King

Well-Known Member
OP
Member
Joined
Aug 19, 2009
Messages
374
Trophies
0
XP
546
Country
United States
Right now I want to focus on grabbing as many packets from as many games as possible. While most games I've tested so far only use Nintendo servers for matchmaking and all gameplay is P2P, I still want to get all that recorded and saved before they're gone for good. Right now I'm assuming the banlist stuff is common across games (at least the two I've tried so far have a similar server they query over HTTPS at connection, which I'm guessing is that ban server you were talking about) but there still is matchmaking, friend codes, etc. for each game to handle.

If anyone wants to help with Dolphin, I have a guide up for getting captures from there now: http://save-nintendo-wifi.com/dolphin.html
 

Yepi69

Jill-sandwiched
Member
Joined
Nov 29, 2010
Messages
2,857
Trophies
0
Age
27
Location
Behind you
XP
1,710
Country
Portugal
Actual rounds are entirely P2P. Nintendo servers just handle matchmaking.
That explains why brawl sometimes its laggy, it depends on yours and your opponents connection, I fight with a portuguese friend and we barely have any lag.
 

Toad King

Well-Known Member
OP
Member
Joined
Aug 19, 2009
Messages
374
Trophies
0
XP
546
Country
United States
OK!
BTW, CAN I CAPTURE PACKETS FOR SEVERAL GAMES IN ONE RUN?
Doing them in separate captures would be the way to go. Just easier to manage that way.

Also, I hope to have a guide on dumping decrypted SSL communication later. Dolphin makes it painless but right now there's some bugs with their internet code.
 

Sliter

Well-Known Member
Member
Joined
Dec 7, 2013
Messages
3,258
Trophies
0
Location
ᕕ( ᐛ )ᕗ
XP
1,672
Country
Brazil
I'm very noob on this but like these "fake GTS" that people create for pokemon just by changing the DNS shouln'dt work? I mean, creating server and to acess it, justchange the DNS on the configuration stetings?

another ideia could be hacking the Wii system towork to this non offfical dedicated server and all.. by hacking could be only the console frend code be "global", like on 3ds? ô3o well I have nor much idea what I'm talking about XD
 

Toad King

Well-Known Member
OP
Member
Joined
Aug 19, 2009
Messages
374
Trophies
0
XP
546
Country
United States
I'm very noob on this but like these "fake GTS" that people create for pokemon just by changing the DNS shouln'dt work? I mean, creating server and to acess it, justchange the DNS on the configuration stetings?

another ideia could be hacking the Wii system towork to this non offfical dedicated server and all.. by hacking could be only the console frend code be "global", like on 3ds? ô3o well I have nor much idea what I'm talking about XD
For most of the game servers I'm seeing that should work for most games, but the issue is the Wii authenticator server, at naswii.nintendowifi.net. That is connected to over SSL so simply pointing it to a new server won't trick the Wii since it won't have a certificate signed by Nintendo's CA. However, there are ways around that with ROM hacking, including a possible workaround through an undocumented debug mode for the Wii's SSL driver. That will require hacking or patching the game though.
 
  • Like
Reactions: Margen67

HNKii

Well-Known Member
Member
Joined
Jan 28, 2014
Messages
477
Trophies
0
Location
Mario Kart Wii-DS Link Play Stadium
XP
582
Country
Switzerland
For most of the game servers I'm seeing that should work for most games, but the issue is the Wii authenticator server, at naswii.nintendowifi.net. That is connected to over SSL so simply pointing it to a new server won't trick the Wii since it won't have a certificate signed by Nintendo's CA. However, there are ways around that with ROM hacking, including a possible workaround through an undocumented debug mode for the Wii's SSL driver. That will require hacking or patching the game though.
There will be no problems since Riivolution is there to help:yaywii:
 
  • Like
Reactions: Margen67

HAARP-GE 007

Member
Newcomer
Joined
Mar 2, 2014
Messages
23
Trophies
0
Age
53
XP
41
Country
Hi There , I've just joined the site after coming across your post for potential help with data gathering for your project , the only game I really play is Goldeneye 007 on the wii which its online play will come to an end on the 20th of May , this game still has a thriving online community and active gamers, with no realistic migration proposed to the wii-u or no later releases worthy...we kind of feel left out to hang ...so ..although not very technical minded , I would like to do my best to help gather any information you could use , I play the game almost daily when not working ...if there is anything in particular a noob like myself could help with, if guided in the right direction I am sure i could manage it and would be happy to do so ...thank you for trying to save our games
 

Toad King

Well-Known Member
OP
Member
Joined
Aug 19, 2009
Messages
374
Trophies
0
XP
546
Country
United States
Hi There , I've just joined the site after coming across your post for potential help with data gathering for your project , the only game I really play is Goldeneye 007 on the wii which its online play will come to an end on the 20th of May , this game still has a thriving online community and active gamers, with no realistic migration proposed to the wii-u or no later releases worthy...we kind of feel left out to hang ...so ..although not very technical minded , I would like to do my best to help gather any information you could use , I play the game almost daily when not working ...if there is anything in particular a noob like myself could help with, if guided in the right direction I am sure i could manage it and would be happy to do so ...thank you for trying to save our games
Follow one of the guides on the site and start recording network packets from the game. Third party games like GoldenEye will take more work to reverse engineer, since they aren't using Nintendo servers outside of the verification one. Getting a couple from Dolphin so we get encrypted packets would help too.
 

Wiimm

Developer
Member
Joined
Aug 11, 2009
Messages
2,286
Trophies
0
Location
Germany
Website
wiimmfi.de
XP
1,442
Country
Germany
Info and invitation:

At the German site Wii-Homebrew.com we have started the English speaking Project:

* MKW-Server Project

The goal of the project is to enable Mario Kart Wii online gaming without Nintendos servers. I started 14 month ago to archive network traffic and to analyse the dumps. One result is an MKWii online statistic in real time. based on this and the knowledge we started this new forums yesterday.
 
General chit-chat
Help Users
  • No one is chatting at the moment.
  • Dark_Phoras @ Dark_Phoras:
    The younger generation uses mostly TikTok and YouTube, some Instagram. It seems like they don't care so much about social profiles.
    Gift
  • KenniesNewName @ KenniesNewName:
    I just keep it for worthless friends and families that don't do nothing
    Gift
  • Dark_Phoras @ Dark_Phoras:
    I have no idea what's happening with all my friends from other places
    Gift
  • KenniesNewName @ KenniesNewName:
    It's weird people in their mid 50s-20s seems to like social media more than TikTok and YouTube
    Gift
  • KenniesNewName @ KenniesNewName:
    Unless they get paid to upload videos
    Gift
  • Dark_Phoras @ Dark_Phoras:
    I used TikTok a couple of days and got tired
    Gift
  • Dark_Phoras @ Dark_Phoras:
    But it's still better than Facebook
    Gift
  • KenniesNewName @ KenniesNewName:
    One dude here swore I was trolling him on twitch and I never even used it
    Gift
  • Dark_Phoras @ Dark_Phoras:
    But that's a thing with social media; it creates an illusion of proximity, when in truth everyone is overwhelmed with all the information and all the social demands in the platforms
    Gift
  • Dark_Phoras @ Dark_Phoras:
    And a lot of people are addicted to the phone, checking social media or talking with someone. Some exercise in the gym while being glued to the phone, not even activity takes them away from it
    Gift
  • Dark_Phoras @ Dark_Phoras:
    And I was like that too, until I left social media. Now sometimes I'm grabbing my phone, opening the browser and thinking: I've seen everything I wanted to see, I don't have a reason to use the phone. And I put it down
    Gift
  • KenniesNewName @ KenniesNewName:
    I'd rather look at my phone than sit at a computer 24/7
    Gift
  • KenniesNewName @ KenniesNewName:
    Funnily when I'm out I hardly use my phone other than checking a message here and there
    Gift
  • KenniesNewName @ KenniesNewName:
    I'm mostly too busy making sure my neighbor doesn't get himself arrested
    Gift
  • Dark_Phoras @ Dark_Phoras:
    This evening two guys were speeding head first into my car in these:
    bolt-announces-a-custom-built-scooter-model-2-1024x536.jpg
    Gift
  • Dark_Phoras @ Dark_Phoras:
    I didn't make case, I made my manoeuver to park the car. But I caught them off-guard, the one ahead hit the brakes and had to jump from the scooter. For a second I thought he would go against the car. They were trying to race through a gap they perceived, thinking I was going to always drive forward
    Gift
  • Dark_Phoras @ Dark_Phoras:
    I guess they learned a valuable lesson, don't assume that real roads are a playground
    Gift
  • KenniesNewName @ KenniesNewName:
    I had a woman walk in the middle of the intersection once I was debating on flooring it
    Gift
  • Dark_Phoras @ Dark_Phoras:
    In those cases I honk
    Gift
  • KenniesNewName @ KenniesNewName:
    I need to get my uncle to install a cow horn
    Gift
  • Dark_Phoras @ Dark_Phoras:
    Those scooters go 40km/h, and the kids were riding them with no helmets
    Gift
  • Dark_Phoras @ Dark_Phoras:
    And trying to make for the gap like they're Millennium Falcon
    Gift
  • KenniesNewName @ KenniesNewName:
    Annoying can't find any type c to usb adapters in my place at least they're like $3
    Gift
  • KenniesNewName @ KenniesNewName:
    Sweet found one installing emudeck
    Gift
  • KenniesNewName @ KenniesNewName:
    Lol stupid ips is blocking rom sites time for a vpn
    Gift
    KenniesNewName @ KenniesNewName: Lol stupid ips is blocking rom sites time for a vpn