Changes

32 bytes removed ,  05:15, 16 June 2011
m
Copy-edit and content re-organization. Need to segment the broadcast/probe section since there are other sections such as the StreetPass exchange that will be studied.
Line 3: Line 3:  
StreetPass in sleepmode can work without SD card inserted. Games' Streetpass data are temporarily stored in NAND, and when the games process the StreetPass data they move that data to extdata on SD card.
 
StreetPass in sleepmode can work without SD card inserted. Games' Streetpass data are temporarily stored in NAND, and when the games process the StreetPass data they move that data to extdata on SD card.
   −
Using Wireshark tool with a WiFi card in monitor mode allow you to see the data used to scan for other 3DS in the range. The below is a broadcast probe request from an 3DS while in standby mode, with SSID "Nintendo_3DS_continuous_scan_000". When in "active" mode, 3DS sends probe requests with arbitrary random SSID strings, like "ic[kSvm9s@*cYD>/~IEVj\(fGG;qDo8j". This frame also contains a custom Nintendo tag, the contents of this tag from different 3ds captures don't match. Probe responses contain the same Nintendo tag data as the probe requests from the same 3DS. The MAC address used in sleepmode seems to change every time there's a streetpass hit, as well as the last 8-bytes of the Nintendo tag data? The MAC address used for StreetPass is seen to change every time the user enters and exits and Settings application.
+
== StreetPass Probe Frame ==
   −
When there's a StreetPass hit, and no StreetPass data changed on either of the 3DSes, no data is transferred besides probes? Perhaps there's some ID in the Nintendo tag that gets updated every-time the 3DS' StreetPass data changes? After turning off power, then powering on and entering sleepmode, the MAC doesn't change from prior to power off but the last 8-bytes of the Nintendo tag changes. This tag has been seen to not be sequential over time. After one of the new StreetPass content is handled, (running one of the StreetPass titles etc) the 8bytes in the Nintendo tag changes?  
+
Using Wireshark tool with a WiFi card in monitor mode allow you to see the data used to scan for other 3DS in the range. The below is a broadcast probe request from an 3DS while in standby mode, with SSID "Nintendo_3DS_continuous_scan_000". When in "active" mode, 3DS sends probe requests with arbitrary random SSID strings, like "ic[kSvm9s@*cYD>/~IEVj\(fGG;qDo8j". This frame also contains a custom Nintendo tag, the contents of this tag from different 3ds captures don't match. Probe responses contain the same Nintendo tag data as the probe requests from the same 3DS. The MAC address used in sleepmode seems to change every time there's a streetpass hit, as well as the last 8-bytes of the Nintendo tag data? The MAC address + 8 byte ID for StreetPass is seen to change every time the user enters and exits and Settings application.
 
  −
Whether to do a StreetPass hit is probably determined based on if the other 3DS MAC+8byte Nintendo tag data pair was ever seen before, or how long that 3DS was in range constantly/out of range. 3DSes that are constantly in range of each other in sleepmode, usually do StreetPass every <12 hours?
  −
 
  −
When in standby mode, old DS wifi is used,(this includes SpotPass and StreetPass) but in "active" mode the regular DSi wifi bus is used.
      
   0000  00 00 1a 00 2f 48 00 00 19 7d 19 de 2a 00 00 00  ..../H...}..*...
 
   0000  00 00 1a 00 2f 48 00 00 19 7d 19 de 2a 00 00 00  ..../H...}..*...
Line 20: Line 16:  
   0070  00 f0 08 c8 34 6e 05 0f c9 c6 80 5b 6f bc 5a    ....4n.....[o.Z
 
   0070  00 f0 08 c8 34 6e 05 0f c9 c6 80 5b 6f bc 5a    ....4n.....[o.Z
   −
== Nintendo tag format ==
+
When in standby mode the old DS WiFi is used, which includes SpotPass and StreetPass, but in "active" mode the regular DSi WiFi bus is used.
 +
 
 +
=== Nintendo Tag Format ===
 +
 
 +
The Nintendo tag always begins at the 0x50 offset if observing a captured frame. The offsets mentioned in the table below start at the beginning of the Nintendo tag ID, which is variable in length.
    
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
Line 36: Line 36:  
|  Some random StreetPass ID, changes after each StreetPass hit and system power-off?
 
|  Some random StreetPass ID, changes after each StreetPass hit and system power-off?
 
|}
 
|}
 +
 +
=== StreetPass ID ===
 +
 +
When there's a StreetPass hit, and no StreetPass data changed on either of the 3DSes, no data is transferred besides probes? Perhaps there's some ID in the Nintendo tag that gets updated every-time the 3DS' StreetPass data changes? After turning off power, then powering on and entering sleepmode, the MAC doesn't change from prior to power off but the last 8-bytes of the Nintendo tag changes. This tag has been seen to not be sequential over time. After one of the new StreetPass content is handled, (running one of the StreetPass titles etc) the 8bytes in the Nintendo tag changes?
    
== StreetPass spoofing ==
 
== StreetPass spoofing ==
36

edits