478
edits
Changes
Jump to navigation
Jump to search
Line 17:
Line 17: − +
→Beacon payload format
=== Beacon payload format ===
=== Beacon payload format ===
The NZone beacon payload is encrypted, the cipher and key is unknown. This table is the format of the cleartext data, this was dumped by hooking the Arm9 IPX NZone beacon verification function. The crypto is done Arm7-side. That IPX arm7 function only verifies the NZone beacon, it's unknown what IPX function does the actual decryption.
The NZone beacon payload is encrypted, the cipher and key is unknown. The cipher doesn't seem to be AES: the ciphertexts are very random, however when XOR is used on the ciphertext and cleartext that isn't very random. The cipher probably isn't a chain-block-cipher, as the XOR pad between two beacons match exactly for the bytes in the cleartext that match. The IV or key is based on the host MAC address: changing the sender MAC and BSSID caused DSi to not detect NZone. Normally beacon_type 0 is used, but when beacon_type 1 is used a different key seems to be used? This table is the format of the cleartext data, this was dumped by hooking the Arm9 IPX NZone beacon verification function. The crypto is done Arm7-side. That IPX arm7 function only verifies the NZone beacon, it's unknown what IPX function does the actual decryption.
The NZone beacon code is contained in TWL SDK. DSi opera web browser automatically connects to NZone APs, all official DSi software automatically connects to NZone APs. NZone has a option to install a wifi config entry for the NZone AP, for old NTR SDK games run from cards.
The NZone beacon code is contained in TWL SDK. DSi opera web browser automatically connects to NZone APs, all official DSi software automatically connects to NZone APs. NZone has a option to install a wifi config entry for the NZone AP, for old NTR SDK games run from cards.
TWL SDK probably scans for beacons, checks if beacon_type is 0 or 1, and checks if the payload length is 0x70. If those succeed, it then decrypts the whole payload and verifies the checksum. When the checksum is valid, NZone is detected.
TWL SDK probably scans for beacons, checks if beacon_type is 0 or 1, and checks if the payload length is 0x70. If those succeed, it then decrypts the whole payload and verifies the checksum. When the checksum is valid, NZone is detected.