[Tutorial][Advanced] Homepassing with password protected AP (i.e. Windows hostednetwork)

Discussion in '3DS - Tutorials' started by Arkansaw, Apr 30, 2015.

  1. Arkansaw
    OP

    Arkansaw GBAtemp Advanced Fan

    Member
    993
    194
    Jul 23, 2005
    Trinidad and Tobago
    WARNING: for advanced users only

    This is applicable for users who need/want to homepass with a password-protected AP on the latest firmware, for whatever reasons.

    1. Extract the system title 000400DB00010502 from emunand (via rxtools + some decryptor)
    2. Extract the hotspot.conf file from romfs - this is of the same nature as teh slotXkey file, so no copies will be shared here
    3. Look up the relevant entry on 3dsbrew to figure out what to do with the above
    4. Fill in the blank:

    Code:
    netsh wlan set hostednetwork mode=allow ssid=ConsoleNintendo3DS key=26________________________47
    No further support will be provided after this point. If you can complete step 2, you are pretty much home free and can pride yourself on being a sufficiently "advanced" user :lol:

    Special thanks:
    motezazer, cearp (for pointers)
    Apache Thunder (for inspiration)
    Roxas and others whose tools made things a lot easier, as otherwise I wouldn't have bothered
     
    Queno138, cearp, suloku and 1 other person like this.
  2. shadyninja94

    shadyninja94 Newbie

    Newcomer
    3
    3
    Nov 24, 2015
    United States
    After everything is said and done, how would someone go about implementing these security key(s) into their Homepass setup.



    Examples (sortof )

    - Window hostednetwork only ???

    - Router + (Any Listed SSID Inside 'hotspot.conf') + (Any Listed Security Key Inside 'hotspot.conf')

    - Router + (Specific Listed SSID Inside 'hotspot.conf') + (Its Corresponding Listed Security Key Inside 'hotspot.conf')




    Any help at all with this matter would be greatly appreciated. THX!
     
  3. Filo97

    Filo97 Zelda's totally my sister! Not lying!

    Member
    3,581
    1,168
    Oct 8, 2015
    Italy
    Hyrule Castle
    how do i open and fill in tthe blank hotspot.conf?

    — Posts automatically merged - Please don't double post! —

    can you at least link the 3dbrew page?
     
  4. Ryccardo

    Ryccardo WiiUaboo

    Member
    2,647
    1,187
    Feb 13, 2015
    Italy
    Imola
    ^ Funny, someone from (the downloads site) just asked me how I dumped the passwords last night...


    I used 2 Perl programs.

    One is from 3dbrew https://www.3dbrew.org/wiki/Talk:Nintendo_Zone and prints SSIDs and everything you see on yls8.mtheall.com;

    after using it, you count lines from the bottom to find the network you're interested in, then take the base64-encoded key from hotspot.conf and paste it in the 2nd line (between apostrophes) of this de-base64 program:

    use MIME::Base64;
    $encoded = 'YML3jC3xUcKXLgfBllZU9JSeKYqBzmJw2AcW-AVpJOsA';
    printf "%s", decode_base64($encoded);

    You wiill need to redirect the output to a file (b64.pl > key), then open it in a hex editor to get the encryption key in hex form.
    Not all access points/softwares support manually entering prehashed hex keys, beware!
     
  5. Filo97

    Filo97 Zelda's totally my sister! Not lying!

    Member
    3,581
    1,168
    Oct 8, 2015
    Italy
    Hyrule Castle
    I STill can't understand how to extract hotspot.conf also i do not find anything for Windows on 3dbrew
     
  6. Ryccardo

    Ryccardo WiiUaboo

    Member
    2,647
    1,187
    Feb 13, 2015
    Italy
    Imola
    The same way you would extract any other CIA: copy it to your SD into a "D9Game" folder, use the Decrypt9WIP homebrew, choosing the last option then "CIA decryption - full", when it's done copy the CIA back to the computer, rename it to a single word, and extract it with Asia81's PackHack!

    The Perl program is at the end of that page. It's multiplatform, don't be fooled by /usr/bin/perl at the start
     
  7. Filo97

    Filo97 Zelda's totally my sister! Not lying!

    Member
    3,581
    1,168
    Oct 8, 2015
    Italy
    Hyrule Castle
    I can 't find perl program. If it is the command, then, how do i convert it to Windows?
     
  8. Ryccardo

    Ryccardo WiiUaboo

    Member
    2,647
    1,187
    Feb 13, 2015
    Italy
    Imola
    It's even higlighted on that page...

    #!/usr/bin/perl
    use strict;
    use MIME::Base64 qw( decode_base64 );
    open INFILE,$ARGV[0] or die;
    my @res;
    while (<INFILE>) {
    if ($_ =~ /.*,\d,\d$/) {
    @res = split(',',$_);
    $res[3] =~ s/\./+/gs;
    $res[3] =~ s/-/\//gs;
    $res[3] =~ s/\*/=/gs;
    $res[3] = decode_base64($res[3]);
    $res[3] =~ s/(.)/sprintf("%02X",ord($1))/egs;
    $res[3] = "";
    $res[5] = "";
    printf "%s,%s,%s,%s", decode_base64(shift(@res)),decode_base64(shift(@res)),decode_base64(shift(@res)),join(',',@res);
    }else{
    print $_;
    }
    }
    close INFILE;


    copy and paste to a file, of course!

    then: perl whatever.pl hotspots.conf
     
  9. Filo97

    Filo97 Zelda's totally my sister! Not lying!

    Member
    3,581
    1,168
    Oct 8, 2015
    Italy
    Hyrule Castle
    Can't you step by step explain process? (Sorry if i keep asking but in new to homepass and can't afford an Android to mod.)
     
  10. Filo97

    Filo97 Zelda's totally my sister! Not lying!

    Member
    3,581
    1,168
    Oct 8, 2015
    Italy
    Hyrule Castle
    and maybe in a pm. (and in italian since it does seems that we are both italian.
     
  11. CreativeMan

    CreativeMan GBAtemp Regular

    Member
    134
    50
    Apr 26, 2009
    Mongolia
    For that particular example, why have you stripped the two 00 after 47 ? Haven't still tried to use WPA/WEP Nzone, but we need to stip the last 00's at the end of each keys that has them ?
     
  12. Arkansaw
    OP

    Arkansaw GBAtemp Advanced Fan

    Member
    993
    194
    Jul 23, 2005
    Trinidad and Tobago
    Last edited by Arkansaw, Feb 27, 2016
  13. John_Kirky

    John_Kirky Advanced Member

    Newcomer
    55
    33
    Jan 12, 2017
    Gambia, The
    Hi guys!

    This is giving me a very hard time...

    Decrypted the title, got the romFS, get the hotspot.conf.

    Parsed the hotspot.conf with the Perlscript: Looks exactly like the one on yellow8s website (So the decryption was successful)
    Used the small Perlscript to decode the key into a bin file. Seemed to work as well..

    But here the trouble begins:
    The bin is exactly 30Bytes long. As I understand it, it should contain the preshared/prehashed key. But that has to be 32Bytes long (256Bit, 64 digits)

    I tried my dd-wrt router (a Netgear 602 using micro build) and the windows hosted network using
    1) the 30Byte key
    2) the 30Byte key padded with 0000 at the end
    3) the 30Byte key padded with 0000 at the beginning

    Windows hosted network (using the netsh from above) tells me it chnaged the passphrase?!? even when entring the padded 64 digits...

    3ds always says it couldn't connect to the NZone.

    Any ideas where I went wrong???? BTW I am using the hotspot.conf from 11.2.35-E

    Regards,

    Kirky
     
  14. John_Kirky

    John_Kirky Advanced Member

    Newcomer
    55
    33
    Jan 12, 2017
    Gambia, The
    Never mind... figured it out myself.

    Your Perl-Script for decoding the hexkey is faulty. Only works for some keys.
    With just a slight modification I was able to get all keys.

    Regards,
    Kirky
     
    Ryccardo likes this.
  15. hirakujira

    hirakujira Member

    Newcomer
    12
    15
    Sep 15, 2016
    Taiwan
    --Deleted--
     
    Last edited by hirakujira, Feb 22, 2017
  16. John_Kirky

    John_Kirky Advanced Member

    Newcomer
    55
    33
    Jan 12, 2017
    Gambia, The
    And this is what it looks like when you are really into it :-)

    Regards,

    Kirky
     

    Attached Files:

  17. k7ra

    k7ra GBAtemp Regular

    Member
    185
    28
    Dec 11, 2016
    Where to get that program?
     
  18. John_Kirky

    John_Kirky Advanced Member

    Newcomer
    55
    33
    Jan 12, 2017
    Gambia, The
    @k7ra: Wrote it myself :-) It has got a database containing all SSID and the password, 3700 original MAC Adresses from real Nzones Worldwide. If I klick one it send telnet commands to my dd-wrt Access point and changes the SSID, Password and MAC (and shows me on google maps where the Nintendo Zone is located :-). It can also cycle the macs.
    If you use an original SSID Password and MAC you get the streetpasses from that NZone. The original Streetpasses from the people walking into that store.

    If I set it on cycle I get 100 passes every hour...

    Regards,
    Kirky
     
  19. k7ra

    k7ra GBAtemp Regular

    Member
    185
    28
    Dec 11, 2016
    Wow! Cool, any chance you share it with us? :)
    Would like to use it too, because where I living no one have 3ds or interested in it :(