478
edits
Changes
Jump to navigation
Jump to search
Line 1:
Line 1: − + − + + + + Line 17:
Line 20: − + − + − + + Line 69:
Line 73: − + Line 81:
Line 85: − + + +
no edit summary
Nintendo Zone is the successor of DS Download Station, the latest revision in the Nintendo Spot series. The predecessor of Nintendo Zone in this series is DS Station, and the first revision in this series is Nintendo Spot. Although Nintendo Zone is the latest revision in the series, most game stores still use DS Station. This series downloads DS demos from an Internet server, rather than from a local DS host. Technical info on NSpot/DS Station is available [http://code.google.com/p/wmb-asm/wiki/NintendoSpot here.] Nintendo Zone locations have additional company-specific content. Companies can use this for information about the store/location, coupons with JP McDonalds won by quizzes, prizes, mini-games, etc.
Nintendo Zone is the successor of DS Download Station, the latest revision in the Nintendo Spot series. The predecessor of Nintendo Zone in this series is DS Station, and the first revision in this series is Nintendo Spot. Although Nintendo Zone is the latest revision in the series, most game stores still use DS Station, however JP stores are starting to switch to NZone. This series downloads DS demos from an Internet server, rather than from a local DS host. Technical info on NSpot/DS Station is available [http://code.google.com/p/wmb-asm/wiki/NintendoSpot here.] Nintendo Zone locations have additional company-specific content. Companies can use this for information about the store/location, coupons with JP McDonalds won by quizzes, prizes, mini-games, etc.
Nintendo Zone is available in Japan. Nintendo World Store in New York City used to have NZone, but they don't have NZone or even DS Download Station anymore. A few McDonalds test locations in [http://translate.google.com/translate?langpair=de|en&u=http%3A%2F%2Fnintendo.de%2FNOE%2Fde_DE%2Fnews%2Fevents%2Fpilotprojekt_-_nintendo_zone_bei_mcdonalds_18254.html Germany] used to have NZone. That test service ended, the EUR NZone server seemed to be completely shutdown on Aug 27th 2010. However on July 5th the server is online again. Several USA Best Buy locations started a NZone test service in June 2009, see [http://gonintendo.com/viewstory.php?id=84077 this]. That test service ended, NZone is non-existent in USA since no test services exist in USA. NZone pictures [http://gonintendo.com/viewstory.php?id=84247 here]. EUR NZone screenshots [http://translate.google.com/translate?langpair=de|en&u=http%3A%2F%2Fwww.bisafans.de%2Flexikon%2F069.shtml here] and [http://translate.google.com/translate?langpair=de|en&u=http%3A%2F%2Fwww.filb.de%2F1376 here]. Old USA NYC screenshots [http://www.nintendo.com/bin/w3I-XYyMEgk1VUUqyo5k-P4eQc_mlXDU/mcHH5cHLGbg5AJQIa_x2nLkBLEUlFmEJ.pdf here.] Japan screenshots: [http://translate.google.com/translate?langpair=ja|en&u=http%3A%2F%2Fwww.nintendo.co.jp%2Fds%2Fnintendozone%2Fhowto_dsi.html here] and [http://translate.google.com/translate?langpair=ja|en&u=http%3A%2F%2Fwww.driveplaza.com%2Fds%2Fhowto.html here].
Nintendo Zone is available in Japan. Nintendo World Store in New York City used to have NZone, but they don't have NZone or even DS Download Station anymore. A few McDonalds test locations in [http://translate.google.com/translate?langpair=de|en&u=http%3A%2F%2Fnintendo.de%2FNOE%2Fde_DE%2Fnews%2Fevents%2Fpilotprojekt_-_nintendo_zone_bei_mcdonalds_18254.html Germany] used to have NZone. That test service ended, but the EUR server is still online. Several USA Best Buy locations started a NZone test service in June 2009, see [http://gonintendo.com/viewstory.php?id=84077 this]. That test service ended, NZone is non-existent in USA since no test services exist in USA. NZone pictures [http://gonintendo.com/viewstory.php?id=84247 here]. EUR NZone screenshots [http://translate.google.com/translate?langpair=de|en&u=http%3A%2F%2Fwww.bisafans.de%2Flexikon%2F069.shtml here] and [http://translate.google.com/translate?langpair=de|en&u=http%3A%2F%2Fwww.filb.de%2F1376 here]. Old USA NYC screenshots [http://www.nintendo.com/bin/w3I-XYyMEgk1VUUqyo5k-P4eQc_mlXDU/mcHH5cHLGbg5AJQIa_x2nLkBLEUlFmEJ.pdf here.] Japan screenshots: [http://translate.google.com/translate?langpair=ja|en&u=http%3A%2F%2Fwww.nintendo.co.jp%2Fds%2Fnintendozone%2Fhowto_dsi.html here] and [http://translate.google.com/translate?langpair=ja|en&u=http%3A%2F%2Fwww.driveplaza.com%2Fds%2Fhowto.html here].
Nintendo filed a patent describing the NSpot/DS Station AP system. This system is old, yet this was never patented until 2010.
NZone and DS Station usually have the same demos as Wii Nintendo Channel. However, sometimes certain retailers with NZone have exclusive content(NZone location exclusive) and demos(all NZone locations) not available anywhere else. Eventually these exclusive demos are released on NinCh.
[[File:2010-08-08-203240.jpg|200px|thumb|right|Sysmenu displays this when NZone is detected for the first time.]]
[[File:2010-08-08-203240.jpg|200px|thumb|right|Sysmenu displays this when NZone is detected for the first time.]]
=== Beacon payload format ===
=== Beacon payload format ===
The NZone beacon payload is encrypted, the cipher and key is unknown. This table is the format of the cleartext data, this was dumped by hooking the Arm9 IPX NZone beacon verification function. The crypto is done Arm7-side. That IPX arm7 function only verifies the NZone beacon, it's unknown what IPX function does the actual decryption.
The NZone beacon payload is encrypted with an XOR pad. It's not the trivial sequential XOR code. The XOR pad is generated from a 8-byte key: the first 4-bytes is "!SDW",(might be a reference to [http://en.wikipedia.org/wiki/Wireless_Distribution_System WDS]?) the last 4 bytes are the last 4 bytes of the beacon BSSID MAC. Nintendo Spot uses the same special beacon encryption, the cleartext differs from NZone slightly for the unknown fields.
The NZone beacon code is contained in TWL SDK. DSi opera web browser automatically connects to NZone APs, all official DSi software automatically connects to NZone APs. NZone has a option to install a wifi config entry for the NZone AP, for old NTR SDK games run from cards.
This table is the format of the cleartext data.
TWL SDK probably scans for beacons, checks if beacon_type is 0 or 1, and checks if the payload length is 0x70. If those succeed, it then decrypts the whole payload and verifies the checksum. When the checksum is valid, NZone is detected.
The NZone beacon code is contained in TWL SDK, arm9 side. DSi opera web browser automatically connects to NZone APs, all official DSi software automatically connects to NZone APs. NZone has a option to install a wifi config entry for the NZone AP, for old NTR SDK games run from cards.
TWL SDK scans for beacons with the Nintendo tag(0xDD) with payload size 0x70. When those are found, it decrypts them and verifies the checksum, when that's valid NZone is detected.
{| class="wikitable" border="1"
{| class="wikitable" border="1"
| 0x6e
| 0x6e
| 2
| 2
| CRC16 over whole payload.
| CRC16 over the whole payload excluding checksum offset, initval is 0.
|}
|}
Nintendo Zone v3.0 has the URL buffer overflow bug from NetFront 3.3 and DS Station, but htmlhaxx is [[#Security|impossible]] to use with NZone due to SSL. The NetFront version user agent was removed from the NZone bin, so it's unknown what NetFront version NZone uses.
Nintendo Zone v3.0 has the URL buffer overflow bug from NetFront 3.3 and DS Station, but htmlhaxx is [[#Security|impossible]] to use with NZone due to SSL. The NetFront version user agent was removed from the NZone bin, so it's unknown what NetFront version NZone uses.
A DS Station exploit has been written by [[User:Yellows8|Yellows8]]. The exploit is only available on Google Code wmb-asm SVN. SVN web interface is available [http://code.google.com/p/wmb-asm/source/browse/#svn/trunk/ds/nzonehtmlhaxx here], SVN URL available [http://wmb-asm.googlecode.com/svn/trunk/ds/nzonehtmlhaxx here.] To use the exploit at home with DS Station, you need a Linux/hostapd compatible box and a NIC supported by hostapd. You also need a HTTPS forwarder/proxy, like httpsforwarder available in SVN. This exploit can only be used with html that is transferred over http.
A DS Station exploit was written by [[User:Yellows8|Yellows8]]. The exploit is only available on Google Code wmb-asm SVN. SVN web interface is available [http://code.google.com/p/wmb-asm/source/browse/#svn/trunk/ds/nzonehtmlhaxx here], SVN URL available [http://wmb-asm.googlecode.com/svn/trunk/ds/nzonehtmlhaxx here.] To use the exploit at home with DS Station, you need a Linux/hostapd compatible box and a NIC supported by hostapd. You also need a HTTPS forwarder/proxy, like httpsforwarder available in SVN. This exploit can only be used with html that is transferred over http.
This DS Station exploit works perfectly on DSi with WMB ds-mode. The default embedded .nds in the exploit loads hbmenu from flash card, loading from flash card works perfectly on DSi in WMB ds-mode from DS Station nzonehtmlhaxx.
You need the DS Station bin to use this exploit, but the bin will not be publicly redistributed due to copyright etc.
[[File:2010-08-22-161844.jpg|200px|thumb|right|Test NZone haxx, crashed NZone. The EUR server bug exploited here was fixed a couple hours after beginning html injection attacks.]]
[[File:2010-08-22-161844.jpg|200px|thumb|right|Test NZone haxx, crashed NZone. The EUR server bug exploited here was fixed a couple hours after beginning html injection attacks.]]