Homebrew HomePass recreation/streetpass reverse engineering?

[redunka]

I suppose we could also try contact MrNbaYoh for further details on his research, however I wouldn't be surprised if he signed a non-disclosure agreement with Nintendo.

Well, since MrNbaYoh himself wants to make a StreetPass emulation tool, it probably won't be a bad idea to contact him anyway.

Anyone willing to help me revive the streetpass feature? https://t.co/2prLeA9BJe

— nba::yoh (@MrNbaYoh) December 31, 2019

Best luck with your project!

 

[Deleted User]

Yeah, PM me on twitter or anything if you wanna talk about streetpass.

 

[Berghopper]

Yeah, PM me on twitter or anything if you wanna talk about streetpass.

Tweeted you

I also have discord, we could voice-chat maybe at some point?

 

[dicamarques]

Hello!
I'm one of the people who started Homepass here on the forum.
This was back when I had a more limited knowledge in security, programming and networking.
I've finished my degree in computer engineering and I would gladly try to help making this work.

I have only one problem, I have only one 3DS currently. So I can't do any packet sniffing by myself

 

[Cralex]

The people on the Pretendo discord server announced some sort of possible return of the street pass relay just a minute ago.

 

[naddel81]

I Just wanted to get two Things confirmed


1. SpillpassPi is dead for good?

2. Can a 3DS really be bricked via streetpass? If yes, is a fw Update crucial?

 

[dicamarques]

The people on the Pretendo discord server announced some sort of possible return of the street pass relay just a minute ago.

No Nzone needed, seems great!

 

[lone_wolf323]

No Nzone needed, seems great!

I mean. its awesome. but there is nothing stopping someone from changing where their location is. So unless the actual program is released that doesnt mean a thing to me.

 

[Kwyjor]

SpillpassPi is dead for good?

I'm not sure what that is exactly, but anything that relied on Nintendo's old Spotpass infrastructure has been dead ever since Nintendo took down the server many months ago.

Can a 3DS really be bricked via streetpass? If yes, is a fw Update crucial?

Technically it hasn't happened yet, but the video on the previous page demonstrates that it's possible to trigger the b9s installer over StreetPass - so yes, bricking is definitely possible.

Regardless, there is really no reason not to upgrade to the latest firmware (11.13) if you haven't already.

 

[Cralex]

I Just wanted to get two Things confirmed


1. SpillpassPi is dead for good?

2. Can a 3DS really be bricked via streetpass? If yes, is a fw Update crucial?

SpillpassPi, in its current form, is dead. It relied on fooling your system into thinking it was connecting to a Nintendo Zone, which would tell it to connect to a server at Nintendo and exchange streetpass data with anyone that had connected to the same Nintendo Zone that you’re spoofing at the moment. This stopped working because Nintendo shut off the server on their end that handled the streetpass data.

It’s not certain what form Pretendo’s implementation might take or if you’d need any extra hardware to make it work. Just gotta wait and see. I know there was some discussion on Pretendo’s server of only letting people exchange streetpass data with friends, to help mitigate the security risk.

 

[Mikitok]

This is finished work?

 

[AmzRigh]

I joined just to voice my interest in and support for this! I dug out my 3DS last week and started Bravely Default; shortly thereafter, I learned about the existence (and subsequent demise) of HomePass. And then I found this! So yeah, I'll be paying attention to see what develops here.

 

[Kwyjor]

To be clear, it is already possible to manually exchange StreetPass data on a 3DS with CFW. But it's a rather cumbersome process that involves using GM9 to access files on the NAND.
https://www.reddit.com/r/3dshacks/comments/a7qh8n/streetpass_2_rise_from_the_ashes/

 

[Berghopper]

Sorry all, for the way-overdue reply, I have been busy with life among other things.
As it stands right now, you can exchange streetpasses via CFW by sharing files with friends and modded your 3DS.
As for streetpasses over the internet and making that seemless - MrNbaYoh is working on it - as stated on his twitter.

As talked about in the security-talks, the encryption and protocol of how streetpasses are shared is known.
There's several issue's going forwards from this however:

• To be able to decrypt information, you'd need multiple decryption keys, which are either stored on the 3DS bootrom or within firmware binaries.
• This means that either way you spin it, especially from a legal stance (since nintendo's shared encryption keys among 3DS's is copyright), you'd be stuck not being able to share these keys.
• This does not however mean that sharing how these could potentially be acquired is illegal, but actively acquiring these keys, and using them could also potentially be legally problematic. (Then again, so are a lot of hacks/mods on consoles).
• Even besides all this, you'd in any case, need to mod your own device to acquire these binaries and/or keys.
• Before being able to understand the streetpass protocol fully, it requires a lot of background knowledge. This includes mainly knowledge about programming in C++, the nl80211 library, and a solid and deep understanding of TCP. Especially TCP is quite difficult to understand in its entirety.

Taking all this in account, and with the knowledge that MrNbaYoh is actively working on this himself already, I don't think I'll be going further into this topic myself.
This does not mean my enthousiasm has died down for something like this, but rather, that I don't think I can help in a useful manner myself.

Anybody who does have extensive technical knowledge about the described areas, feel free to discuss further and pick up the project as it is right now.
Also, huge thanks for MrNbaYoh for answering many of my (sometimes dumb and sleep-deprived) questions.

-Berghopper

 

[Kwyjor]

you'd need multiple decryption keys, which are either stored on the 3DS bootrom

You know dumping boot9.bin is a completely trivial process with GM9, right?

 

[Berghopper]

You know dumping boot9.bin is a completely trivial process with GM9, right?

While this specifically may be true, it still involves modding and might not be trivial for non-technical users. My in hindsight naive ideal, was that this would be possible without modding. Strictly speaking that is still possible, but becomes a whole lot more annoying taking into account all the points above.

Either way, there is no good Streetpass protocol interfacing library right now, which is the main issue. Without a good standardized way of sending and receiving and being able to parse the protocol, this project is essentially dead in the water.
However, as mentioned, MrNbaYoh is working on streetpass, and the protocol is known.
Right now, I think we mostly need development time in these specific areas.

 

[droople]

While this specifically may be true, it still involves modding and might not be trivial for non-technical users. My in hindsight naive ideal, was that this would be possible without modding. Strictly speaking that is still possible, but becomes a whole lot more annoying taking into account all the points above.

Either way, there is no good Streetpass protocol interfacing library right now, which is the main issue. Without a good standardized way of sending and receiving and being able to parse the protocol, this project is essentially dead in the water.
However, as mentioned, MrNbaYoh is working on streetpass, and the protocol is known.
Right now, I think we mostly need development time in these specific areas.

Hi, just wondering any progress on MrNbaYoh‘s work?

 

[Mikitok]

anny progress?

 

[MrScopi]

Has anyone ever publicly posted a Wireshark capture of a Streetpass between two 3DSs? If they have, I haven't seen it. I'd rather not buy a second 3ds just to see what's going on!

 

[Kwyjor]

Has anyone ever publicly posted a Wireshark capture of a Streetpass between two 3DSs? If they have, I haven't seen it. I'd rather not buy a second 3ds just to see what's going on!

Did you read the rest of the thread and watch that 36C3 video? There are no mysteries anymore about what is going on; the problem is merely a matter of implementation.