D
dirgotronix
Guest
OP
Pardon me while I brainstorm to the public here.
I noticed we have people logging packets on the network update, which is an excellent starting point. This kind of exploration brings me back to my wardriving days. Along the same lines, has anyone looked into the wireless networking used for streetpass? Here are my hypotheses:
1. (confirmed) Streetpass is strictly ad-hoc. Streetpass does not work when connected to a wireless network, and it only works when the system is in standby (it appears to work when resuming the system until it associates with an access point). This leads me to believe that there is only one wireless adapter and it works over 802.11.
2. (confirmed) While in standby, the 3DS is both transmitting and listening over wireless for other systems to exchange data.
3. (confirmed) If the system is broadcasting randomly for streetpass, and it uses the same wireless adapter to do so, I should be able to sniff some packets from it with a passive wireless scanner.
4. Presuming I had a second 3DS in the vicinity, I should also be able to sniff the handshake and mii exchange (as well as any third-party game's data, such as street fighter or ridge racer) that occurs during streetpass.
5. Taking a cue from wifime, if I can log and replay the data exchange (whether it's encrypted or not), I should be able to trick my 3DS into thinking I've passed the same person's console numerous times.
At the very least, the following information is exchanged:
- Your Mii
- Your personal quote
- Your favorite and most recent games
(All these things may be the same data as in the QR code, I'm not sure as I haven't looked into the differences between the Wii and the 3DS QR.)
In Ridge Racer:
- Ghost race data
In Street Fighter
- Your team of five characters and their customized statistics
If I can find a few people with different 3DS's and I'm able to log the data, I should be able to make sense of the data by looking through the differences and similarities in the data exchange, presuming it's encrypted at all.
My first step will be to sniff the wireless. I'll post any interesting results here. Has anyone else got any ideas to throw into the pile?
I noticed we have people logging packets on the network update, which is an excellent starting point. This kind of exploration brings me back to my wardriving days. Along the same lines, has anyone looked into the wireless networking used for streetpass? Here are my hypotheses:
1. (confirmed) Streetpass is strictly ad-hoc. Streetpass does not work when connected to a wireless network, and it only works when the system is in standby (it appears to work when resuming the system until it associates with an access point). This leads me to believe that there is only one wireless adapter and it works over 802.11.
2. (confirmed) While in standby, the 3DS is both transmitting and listening over wireless for other systems to exchange data.
3. (confirmed) If the system is broadcasting randomly for streetpass, and it uses the same wireless adapter to do so, I should be able to sniff some packets from it with a passive wireless scanner.
4. Presuming I had a second 3DS in the vicinity, I should also be able to sniff the handshake and mii exchange (as well as any third-party game's data, such as street fighter or ridge racer) that occurs during streetpass.
5. Taking a cue from wifime, if I can log and replay the data exchange (whether it's encrypted or not), I should be able to trick my 3DS into thinking I've passed the same person's console numerous times.
At the very least, the following information is exchanged:
- Your Mii
- Your personal quote
- Your favorite and most recent games
(All these things may be the same data as in the QR code, I'm not sure as I haven't looked into the differences between the Wii and the 3DS QR.)
In Ridge Racer:
- Ghost race data
In Street Fighter
- Your team of five characters and their customized statistics
If I can find a few people with different 3DS's and I'm able to log the data, I should be able to make sense of the data by looking through the differences and similarities in the data exchange, presuming it's encrypted at all.
My first step will be to sniff the wireless. I'll post any interesting results here. Has anyone else got any ideas to throw into the pile?