diff options
| author | lonkaars <loek@pipeframe.xyz> | 2024-04-30 16:32:18 +0200 |
|---|---|---|
| committer | lonkaars <loek@pipeframe.xyz> | 2024-04-30 16:32:18 +0200 |
| commit | cc28773b03a5ac1c2a8529c9d170f30b9b778d07 (patch) | |
| tree | 8f90c6a08940d4921f8cf3f06d0fdc08d3e2170e | |
| parent | 8f33d9c9a7c95f17c480782fee3b5e405d41a79c (diff) | |
more fiddling (found plain text!)
| -rw-r--r-- | assets/melon_1714483602.pcap | bin | 0 -> 636492 bytes | |||
| -rw-r--r-- | assets/ws-no-encrypt.png | bin | 0 -> 167536 bytes | |||
| -rw-r--r-- | docs/notes.md | 6 | ||||
| -rw-r--r-- | wireshark/nifi-dissect.lua | 32 | ||||
| -rw-r--r-- | wireshark/nifi.lua | 40 | ||||
| -rwxr-xr-x | wireshark/wireshark | 4 |
6 files changed, 48 insertions, 34 deletions
diff --git a/assets/melon_1714483602.pcap b/assets/melon_1714483602.pcap Binary files differnew file mode 100644 index 0000000..5fa4d29 --- /dev/null +++ b/assets/melon_1714483602.pcap diff --git a/assets/ws-no-encrypt.png b/assets/ws-no-encrypt.png Binary files differnew file mode 100644 index 0000000..fb0c0d8 --- /dev/null +++ b/assets/ws-no-encrypt.png diff --git a/docs/notes.md b/docs/notes.md index 6043bfa..21eef78 100644 --- a/docs/notes.md +++ b/docs/notes.md @@ -87,4 +87,10 @@ source: <https://git.pipeframe.xyz/fork/melonDS> - comment @ src/Wifi.cpp:46 "multiplayer host TX sequence" - references to `RFTransfer_Type{2,3}` @ <https://www.problemkaputt.de/gbatek.htm#dswifirfchip> - nintendo ds ni-fi protocol @ <https://web.archive.org/web/20090202194241/http://masscat.afraid.org/ninds/proto_info.php> +- melonDS emulates actual 802.11b frames +- the protocol does not appear to be encrypted: +  + the string `lork` is visible as plain text in the hexdump (offset 0x0056), which appears to + be some kind of 16-bit encoding of the username set on the emulator used to + capture these packets diff --git a/wireshark/nifi-dissect.lua b/wireshark/nifi-dissect.lua deleted file mode 100644 index 98520e5..0000000 --- a/wireshark/nifi-dissect.lua +++ /dev/null @@ -1,32 +0,0 @@ -proto = Proto("NIFI", "Nintendo DS ni-fi") - -MAGIC = ProtoField.uint32("nifi.magic", "Magic", base.HEX) -SENDERID = ProtoField.int32("nifi.senderid", "SenderID", base.DEC) -TYPE = ProtoField.uint32("nifi.type", "Type", base.DEC) -LENGTH = ProtoField.uint32("nifi.length", "Length", base.DEC) -TIMESTAMP = ProtoField.uint64("nifi.timestamp", "Timestamp", base.DEC) - -proto.fields = { - MAGIC, - SENDERID, - TYPE, - LENGTH, - TIMESTAMP, -} - -function proto.dissector(buffer, pinfo, tree) - -- check magic ("NIFI") - if buffer(0, 4):uint() ~= 0x4e494649 then return end - - pinfo.cols.protocol = proto.name - - local subtree = tree:add(proto, buffer(), "Ni-Fi data") - - subtree:add(MAGIC, buffer(0, 4)) - subtree:add_le(SENDERID, buffer(4, 4)) - pinfo.cols.src = tostring(buffer(4, 4):le_int()) - subtree:add_le(TYPE, buffer(8, 4)) - subtree:add_le(LENGTH, buffer(12, 4)) - subtree:add_le(TIMESTAMP, buffer(16, 8)) -end - diff --git a/wireshark/nifi.lua b/wireshark/nifi.lua new file mode 100644 index 0000000..d81ff31 --- /dev/null +++ b/wireshark/nifi.lua @@ -0,0 +1,40 @@ +-- NOTE: my system is little-endian, so the .pcap files and this decoder expect +-- little endian + +local nifi = Proto("nifi", "Nintendo DS ni-fi") +nifi.fields.magic = ProtoField.uint32("nifi.magic", "Magic", base.HEX) +nifi.fields.senderid = ProtoField.int32("nifi.senderid", "SenderID", base.DEC) +nifi.fields.type = ProtoField.new("Type", "nifi.type", ftypes.UINT32) +nifi.fields.type_enum = ProtoField.uint16("nifi.type.enum", "Numeric message type enum", base.DEC, { + [0] = "Regular", + [1] = "CMD", + [2] = "Reply", + [3] = "ACK", +}) +nifi.fields.type_aid = ProtoField.uint16("nifi.type.aid", "Message type \"aid\" value") +nifi.fields.length = ProtoField.uint32("nifi.length", "Length", base.DEC) +nifi.fields.timestamp = ProtoField.uint64("nifi.timestamp", "Timestamp", base.DEC) + +local nifi_senderid_field = Field.new("nifi.senderid") +local nifi_type_enum_field = Field.new("nifi.type.enum") + +function nifi.dissector(buffer, pinfo, tree) + -- check magic ("NIFI") + if buffer(0, 4):uint() ~= 0x4e494649 then return end + local nifi_tree = tree:add(nifi, buffer(), "Ni-Fi data") + nifi_tree:add(nifi.fields.magic, buffer(0, 4)) + + nifi_tree:add_le(nifi.fields.senderid, buffer(4, 4)) + + local nifi_type_tree = nifi_tree:add_le(nifi.fields.type, buffer(8, 4)) + nifi_type_tree:add_le(nifi.fields.type_enum, buffer(8, 2)) + nifi_type_tree:add_le(nifi.fields.type_aid, buffer(10, 2)) + + nifi_tree:add_le(nifi.fields.length, buffer(12, 4)) + nifi_tree:add_le(nifi.fields.timestamp, buffer(16, 8)) + + pinfo.cols.protocol = nifi.name + pinfo.cols.src = nifi_senderid_field().display + pinfo.cols.info = "type:" .. nifi_type_enum_field().display +end + diff --git a/wireshark/wireshark b/wireshark/wireshark index b871ea3..42c37a5 100755 --- a/wireshark/wireshark +++ b/wireshark/wireshark @@ -1,5 +1,5 @@ #!/bin/sh -# simple wrapper to load nifi-dissect script as DLT_USER0 dissecter +# simple wrapper to load nifi.lua script as DLT_USER0 dissecter here="$(dirname "$0")" -exec wireshark -X "lua_script:$here/nifi-dissect.lua" -o 'uat:user_dlts:"User 0 (DLT=147)","nifi","","","",""' "$@" +exec wireshark -X "lua_script:$here/nifi.lua" -o 'uat:user_dlts:"User 0 (DLT=147)","nifi","","","",""' "$@" |
