478
edits
Changes
Broke NZone beacon encryption, added some info.
Nintendo Zone is the successor of DS Download Station, the latest revision in the Nintendo Spot series. The predecessor of Nintendo Zone in this series is DS Station, and the first revision in this series is Nintendo Spot. Although Nintendo Zone is the latest revision in the series, most game stores still use DS Station. This series downloads DS demos from an Internet server, rather than from a local DS host. Technical info on NSpot/DS Station is available [http://code.google.com/p/wmb-asm/wiki/NintendoSpot here.] Nintendo Zone locations have additional company-specific content. Companies can use this for information about the store/location, coupons with JP McDonalds won by quizzes, prizes, mini-games, etc.
Nintendo Zone is the successor of DS Download Station, the latest revision in the Nintendo Spot series. The predecessor of Nintendo Zone in this series is DS Station, and the first revision in this series is Nintendo Spot. Although Nintendo Zone is the latest revision in the series, most game stores still use DS Station. This series downloads DS demos from an Internet server, rather than from a local DS host. Technical info on NSpot/DS Station is available [http://code.google.com/p/wmb-asm/wiki/NintendoSpot here.] Nintendo Zone locations have additional company-specific content. Companies can use this for information about the store/location, coupons with JP McDonalds won by quizzes, prizes, mini-games, etc.
Nintendo Zone is available in Japan. Nintendo World Store in New York City used to have NZone, but they don't have NZone or even DS Download Station anymore. A few McDonalds test locations in [http://translate.google.com/translate?langpair=de|en&u=http%3A%2F%2Fnintendo.de%2FNOE%2Fde_DE%2Fnews%2Fevents%2Fpilotprojekt_-_nintendo_zone_bei_mcdonalds_18254.html Germany] used to have NZone. That test service ended, the EUR NZone server seemed to be completely shutdown on Aug 27th 2010. However on July 5th the server is online again. Several USA Best Buy locations started a NZone test service in June 2009, see [http://gonintendo.com/viewstory.php?id=84077 this]. That test service ended, NZone is non-existent in USA since no test services exist in USA. NZone pictures [http://gonintendo.com/viewstory.php?id=84247 here]. EUR NZone screenshots [http://translate.google.com/translate?langpair=de|en&u=http%3A%2F%2Fwww.bisafans.de%2Flexikon%2F069.shtml here] and [http://translate.google.com/translate?langpair=de|en&u=http%3A%2F%2Fwww.filb.de%2F1376 here]. Old USA NYC screenshots [http://www.nintendo.com/bin/w3I-XYyMEgk1VUUqyo5k-P4eQc_mlXDU/mcHH5cHLGbg5AJQIa_x2nLkBLEUlFmEJ.pdf here.] Japan screenshots: [http://translate.google.com/translate?langpair=ja|en&u=http%3A%2F%2Fwww.nintendo.co.jp%2Fds%2Fnintendozone%2Fhowto_dsi.html here] and [http://translate.google.com/translate?langpair=ja|en&u=http%3A%2F%2Fwww.driveplaza.com%2Fds%2Fhowto.html here].
Nintendo Zone is available in Japan. Nintendo World Store in New York City used to have NZone, but they don't have NZone or even DS Download Station anymore. A few McDonalds test locations in [http://translate.google.com/translate?langpair=de|en&u=http%3A%2F%2Fnintendo.de%2FNOE%2Fde_DE%2Fnews%2Fevents%2Fpilotprojekt_-_nintendo_zone_bei_mcdonalds_18254.html Germany] used to have NZone. That test service ended, but the EUR server is still online. Several USA Best Buy locations started a NZone test service in June 2009, see [http://gonintendo.com/viewstory.php?id=84077 this]. That test service ended, NZone is non-existent in USA since no test services exist in USA. NZone pictures [http://gonintendo.com/viewstory.php?id=84247 here]. EUR NZone screenshots [http://translate.google.com/translate?langpair=de|en&u=http%3A%2F%2Fwww.bisafans.de%2Flexikon%2F069.shtml here] and [http://translate.google.com/translate?langpair=de|en&u=http%3A%2F%2Fwww.filb.de%2F1376 here]. Old USA NYC screenshots [http://www.nintendo.com/bin/w3I-XYyMEgk1VUUqyo5k-P4eQc_mlXDU/mcHH5cHLGbg5AJQIa_x2nLkBLEUlFmEJ.pdf here.] Japan screenshots: [http://translate.google.com/translate?langpair=ja|en&u=http%3A%2F%2Fwww.nintendo.co.jp%2Fds%2Fnintendozone%2Fhowto_dsi.html here] and [http://translate.google.com/translate?langpair=ja|en&u=http%3A%2F%2Fwww.driveplaza.com%2Fds%2Fhowto.html here].
Nintendo filed a patent describing the NSpot/DS Station AP system. This system is old, yet this was never patented until 2010. This was filed on March 9th 2010, 4 days after the exploits section on this page was added.
Nintendo filed a patent describing the NSpot/DS Station AP system. This system is old, yet this was never patented until 2010.
[[File:2010-08-08-203240.jpg|200px|thumb|right|Sysmenu displays this when NZone is detected for the first time.]]
[[File:2010-08-08-203240.jpg|200px|thumb|right|Sysmenu displays this when NZone is detected for the first time.]]
=== Beacon payload format ===
=== Beacon payload format ===
The NZone beacon payload is encrypted, the cipher and key is unknown. The cipher doesn't seem to be AES: the ciphertexts are very random, however when XOR is used on the ciphertext and cleartext that isn't very random. The cipher probably isn't a chain-block-cipher, as the XOR pad between two beacons match exactly for the bytes in the cleartext that match. The IV or key is based on the host MAC address: changing the sender MAC and BSSID caused DSi to not detect NZone. Normally beacon_type 0 is used, but when beacon_type 1 is used a different key seems to be used? This table is the format of the cleartext data, this was dumped by hooking the Arm9 IPX NZone beacon verification function. The crypto is done Arm7-side. That IPX arm7 function only verifies the NZone beacon, it's unknown what IPX function does the actual decryption.
The NZone beacon payload are encrypted with an XOR pad. It's not the trivial sequential XOR code. The XOR pad is generated from a 8-byte key: the first 4-bytes is "!SDW",(might be a reference to [http://en.wikipedia.org/wiki/Wireless_Distribution_System WDS]?) the last 4 bytes are the last 4 bytes of the beacon BSSID MAC.
The NZone beacon code is contained in TWL SDK. DSi opera web browser automatically connects to NZone APs, all official DSi software automatically connects to NZone APs. NZone has a option to install a wifi config entry for the NZone AP, for old NTR SDK games run from cards.
This table is the format of the cleartext data.
The NZone beacon code is contained in TWL SDK, arm9 side. DSi opera web browser automatically connects to NZone APs, all official DSi software automatically connects to NZone APs. NZone has a option to install a wifi config entry for the NZone AP, for old NTR SDK games run from cards.
TWL SDK probably scans for beacons, checks if beacon_type is 0 or 1, and checks if the payload length is 0x70. If those succeed, it then decrypts the whole payload and verifies the checksum. When the checksum is valid, NZone is detected.
TWL SDK probably scans for beacons, checks if beacon_type is 0 or 1, and checks if the payload length is 0x70. If those succeed, it then decrypts the whole payload and verifies the checksum. When the checksum is valid, NZone is detected.