From 8f33d9c9a7c95f17c480782fee3b5e405d41a79c Mon Sep 17 00:00:00 2001
From: lonkaars <loek@pipeframe.xyz>
Date: Mon, 29 Apr 2024 18:40:03 +0200
Subject: WIP wireshark dissector

---
 docs/notes.md               | 14 ++++++++++--
 experiments/pcap/.gitignore |  2 ++
 experiments/pcap/main.c     | 53 +++++++++++++++++++++++++++++++++++++++++++++
 experiments/pcap/makefile   |  2 ++
 wireshark/nifi-dissect.lua  | 32 +++++++++++++++++++++++++++
 wireshark/wireshark         |  5 +++++
 6 files changed, 106 insertions(+), 2 deletions(-)
 create mode 100644 experiments/pcap/.gitignore
 create mode 100644 experiments/pcap/main.c
 create mode 100644 experiments/pcap/makefile
 create mode 100644 wireshark/nifi-dissect.lua
 create mode 100755 wireshark/wireshark

diff --git a/docs/notes.md b/docs/notes.md
index 5a79e76..6043bfa 100644
--- a/docs/notes.md
+++ b/docs/notes.md
@@ -72,9 +72,19 @@ sufficiently advanced local multiplayer emulation.
 - windows only
 + very advanced debugger
 
-[note]: <> (interesting links)
-
 [toolchaingenericds]: https://bitbucket.org/Coto88/toolchaingenericds/src/master/
 [nogba]: https://problemkaputt.de/gba.htm
 [melonds]: https://melonds.kuribo64.net/
 [desmume]: https://desmume.org/
+
+## MelonDS hacking
+
+source: <https://git.pipeframe.xyz/fork/melonDS>
+
+### Findings
+
+- melonDS @ Config > Wifi settings "Local multiplayer features do not use the same network protocols as online play"
+- comment @ src/Wifi.cpp:46 "multiplayer host TX sequence"
+- references to `RFTransfer_Type{2,3}` @ <https://www.problemkaputt.de/gbatek.htm#dswifirfchip>
+- nintendo ds ni-fi protocol @ <https://web.archive.org/web/20090202194241/http://masscat.afraid.org/ninds/proto_info.php>
+
diff --git a/experiments/pcap/.gitignore b/experiments/pcap/.gitignore
new file mode 100644
index 0000000..be0cff0
--- /dev/null
+++ b/experiments/pcap/.gitignore
@@ -0,0 +1,2 @@
+main
+*.pcap
diff --git a/experiments/pcap/main.c b/experiments/pcap/main.c
new file mode 100644
index 0000000..25fb0fc
--- /dev/null
+++ b/experiments/pcap/main.c
@@ -0,0 +1,53 @@
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+
+#include <pcap/pcap.h>
+
+pcap_dumper_t* dumper;
+
+ssize_t test_write(uint8_t* buf, size_t count) {
+	struct pcap_pkthdr packet;
+	packet.len = count;
+	packet.caplen = count;
+	pcap_dump((u_char*) dumper, &packet, buf);
+
+	return count;
+}
+
+ssize_t test_read(uint8_t* buf, size_t count) {
+	strncpy((char*) buf, "i read hello world!", count);
+
+	struct pcap_pkthdr packet;
+	packet.len = count;
+	packet.caplen = count;
+	pcap_dump((u_char*) dumper, &packet, buf);
+
+	return count;
+}
+
+void test() {
+	ssize_t len;
+	const char* msg = "i write hello world!";
+
+	len = test_write((uint8_t*) msg, strlen(msg));
+	printf("wrote %lu bytes: \"%s\"\n", len, msg);
+
+	char buf[80] = { 0 };
+	len = test_read((uint8_t*) buf, 16);
+	buf[len] = '\0';
+	printf("read %lu bytes: \"%s\"\n", len, buf);
+}
+
+int main() {
+	// see also: <https://www.tcpdump.org/linktypes.html>
+	pcap_t* handle = pcap_open_dead(DLT_NULL, 1 << 16);
+  dumper = pcap_dump_open(handle, "dump.pcap");
+
+	test();
+
+	pcap_dump_close(dumper);
+
+	return 0;
+}
+
diff --git a/experiments/pcap/makefile b/experiments/pcap/makefile
new file mode 100644
index 0000000..53c3aea
--- /dev/null
+++ b/experiments/pcap/makefile
@@ -0,0 +1,2 @@
+CFLAGS += -lpcap
+main: main.c
diff --git a/wireshark/nifi-dissect.lua b/wireshark/nifi-dissect.lua
new file mode 100644
index 0000000..98520e5
--- /dev/null
+++ b/wireshark/nifi-dissect.lua
@@ -0,0 +1,32 @@
+proto = Proto("NIFI", "Nintendo DS ni-fi")
+
+MAGIC = ProtoField.uint32("nifi.magic", "Magic", base.HEX)
+SENDERID = ProtoField.int32("nifi.senderid", "SenderID", base.DEC)
+TYPE = ProtoField.uint32("nifi.type", "Type", base.DEC)
+LENGTH = ProtoField.uint32("nifi.length", "Length", base.DEC)
+TIMESTAMP = ProtoField.uint64("nifi.timestamp", "Timestamp", base.DEC)
+
+proto.fields = {
+	MAGIC,
+	SENDERID,
+	TYPE,
+	LENGTH,
+	TIMESTAMP,
+}
+
+function proto.dissector(buffer, pinfo, tree)
+	-- check magic ("NIFI")
+	if buffer(0, 4):uint() ~= 0x4e494649 then return end
+
+	pinfo.cols.protocol = proto.name
+
+	local subtree = tree:add(proto, buffer(), "Ni-Fi data")
+
+	subtree:add(MAGIC, buffer(0, 4))
+	subtree:add_le(SENDERID, buffer(4, 4))
+	pinfo.cols.src = tostring(buffer(4, 4):le_int())
+	subtree:add_le(TYPE, buffer(8, 4))
+	subtree:add_le(LENGTH, buffer(12, 4))
+	subtree:add_le(TIMESTAMP, buffer(16, 8))
+end
+
diff --git a/wireshark/wireshark b/wireshark/wireshark
new file mode 100755
index 0000000..b871ea3
--- /dev/null
+++ b/wireshark/wireshark
@@ -0,0 +1,5 @@
+#!/bin/sh
+# simple wrapper to load nifi-dissect script as DLT_USER0 dissecter
+here="$(dirname "$0")"
+exec wireshark -X "lua_script:$here/nifi-dissect.lua" -o 'uat:user_dlts:"User 0 (DLT=147)","nifi","","","",""' "$@"
+
-- 
cgit v1.2.3