Network Protocol/Server

From Custom Mario Kart
< Network Protocol(Redirected from Server DLS1)
Jump to navigation Jump to search

Overview

The Network Protocol Server is a server from Nintendo that various DS and Wii games access. When entering the Nintendo Wi-Fi Connection, Mario Kart Wii starts with a series of DNS queries to resolve 14 domain names, which have been stored in the table below. The different servers have different functionality, and some seems to be backup servers. It also seems that each functionality is assigned to exactly one port and will use exactly one network protocol.

Network Protocol Servers
DNS Name IP Address Port Protocol Description
gamestats.gs.nintendowifi.net
mariokartwii.gamestats.gs.nintendowifi.net 		69.10.30.240 29920 These are looked up, but never used.
gamestats2.gs.nintendowifi.net
mariokartwii.gamestats2.gs.nintendowifi.net 		69.10.30.234 TCP These are looked up, but never used.
gpcm.gs.nintendowifi.net 69.10.30.242 29900 TCP This connection is used to manage friends and to inform about one's status.
gpsp.gs.nintendowifi.net 69.10.30.241 29901 TCP This server exchanges profile IDs into nicks.
mariokartwii.available.gs.nintendowifi.net
mariokartwii.master.gs.nintendowifi.net 		69.10.30.248 27900 UDP This checks if the server is available.
mariokartwii.ms19.gs.nintendowifi.net 69.10.30.247 28910 TCP This server handles database requests for online matchmaking.
mariokartwii.natneg1.gs.nintendowifi.net 69.10.30.254 27901 UDP NATNEG is a way to bypass NAT and firewalls.
mariokartwii.natneg2.gs.nintendowifi.net 69.10.30.253 27901 UDP NATNEG is a way to bypass NAT and firewalls.
mariokartwii.natneg3.gs.nintendowifi.net 69.10.30.252 27901 UDP NATNEG is a way to bypass NAT and firewalls.
mariokartwii.sake.gs.nintendowifi.net 69.10.24.119 443 TCP/HTTP(S) This server handles Mii exchanges and ghost up- and downloads.
naswii.nintendowifi.net 192.195.204.143
69.25.139.143 		443 TCP/HTTP(S) The authority DNS server delivers randomly both IP addresses with a time to live of 30 seconds to support a kind of load balancing.
mariokartwii.race.gs.nintendowifi.net 69.10.24.125 443 TCP/HTTP(S) This server is used for Time Trial and Competition leaderboards and the actual competition distribution.


mariokartwii.available.gs.nintendowifi.net

The console checks if the server is available. 

09 00 00 00 00 6d 61 72 69 6f 6b 61 72 74 77 69 69 00
09 			is the record typ (AVAILABLE)
00 00 00 00		status ("disabled services" bit field)
6d 61 72 69 6f 6b \
61 72 74 77 69 69	gamename ("mariokartwii")
00 			end

If it is available, the bitfield is empty. 

fe fd 09 00 00 00 00
fe fd		Nintendo-Answer
09		Type (AVAILABLE)
00 00 00 00	status

When the server is down permanently, bit 1 is set. 

fe fd 09 00 00 00 01
fe fd		Nintendo-Answer
09		Type (AVAILABLE)
00 00 00 01	status

When the server is under maintenance, bit 2 is set. 

fe fd 09 00 00 00 02
fe fd		Nintendo-Answer
09		Type (AVAILABLE)
00 00 00 02	status

mariokartwii.sake.gs.nintendowifi.net

For Mii requests, the game sends the following to /SakeStorageServer/StorageServer.asmx, with a SOAPAction header http://gamespy.net/sake/GetMyRecords. 

<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" 
   xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" 
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
   xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:ns1="http://gamespy.net/sake">
<SOAP-ENV:Body>
<ns1:GetMyRecords>
<ns1:gameid>1687</ns1:gameid>
<ns1:secretKey>9r3Rmy</ns1:secretKey>
<ns1:loginTicket>xxxxxxxx_YYYYYYYYYY__</ns1:loginTicket>
<ns1:tableid>FriendInfo</ns1:tableid>
<ns1:fields><ns1:string>info</ns1:string><ns1:string>recordid</ns1:string></ns1:fields>
</ns1:GetMyRecords>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Afterwards, the requested profile ID is sent back, together with the Mii data in base64 as follows. 

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" 
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
   xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<GetMyRecordsResponse xmlns="http://gamespy.net/sake">
<GetMyRecordsResult>Success</GetMyRecordsResult>
<values><ArrayOfRecordValue>
<RecordValue><binaryDataValue><value>$mii</value></binaryDataValue></RecordValue>
<RecordValue><intValue><value>$pid</value></intValue></RecordValue>
</ArrayOfRecordValue></values>
</GetMyRecordsResponse>
</soap:Body>
</soap:Envelope>

$mii is the Mii and $pid is the profile ID.

naswii.nintendowifi.net

It is possible to force the console to use HTTP to connect to nas.nintendowifi.net instead of naswii.nintendowifi.net.[1] By adding ":81" to the URL in the main.dol, it is also possible to use another port than 80/443. While logging in, there is an SSL communication with naswii.nintendowifi.net. This is encoded in base64.

LOGIN 

action=login
gsbrcd=RMCJ2abcdef	The second part of the unique nick name. 
userid=1739273526102	The decoded first part of the unique nick name. 
ingamesn= n o   n a m e	For Wii its the Mii name, for DS its the User name
sdkver=001000		Always "1.0" for MKWii (two 3-char decimal numbers)
gamecd=RMCE		ID4 of Game
makercd=01		last two digits of ID6
unitcd=1		?
macadr=001712345678	The WLAN-MAC-Adress of the Wii
lang=01			A language code. English is 01, German is 02
devtime=140228160425	Wii date/time in Format YYMMDDhhmmss
csnum=LU123456789	Wii S/N
cfc=1234567890123456	Wii FC
region=01		Any region identifier. Maybe the same as the language code

ACCTCREATE 

action=acctcreate
sdkver=001000		Always "1.0" for MKWii (two 3-char decimal numbers)
gamecd=RMCP		ID4 of Game
makercd=01		last two digits of ID6
unitcd=1		?
macadr=001712345678	The Wiis WLAN-MAC-Adress
lang=02			A language code. English is 01, German is 02. 
devtime=140304203139	Wii date/time in Format YYMMDDhhmmss
csnum=LU123456789	Wii S/N
cfc=1234567890123456	Wii FC
region=02		Any region identifier. May be the same as the language code

RESPONSE 

challenge=687TF0EG	Any challenge
locator=gamespy.com	?
retry=0			count of retries
returncd=00		returncode. Bigger than 99, lower than 1000: Error message 20XXX.
                        Bigger than 1000: Turn off Wii
token=...		Same token as during LOGIN
datetime=20140228210452	Server date/time in format YYYYMMDDhhmmss

In DS games, the following data is also present in ACCTCREATE. 

apinfo=XX-0000000-00	XX is 00 for the first WiFi-Connection, 01 for the second,
                        02 for the third and probably 03 for the Nintendo USB Connector
devname=...		Username in UTF16-LE
passwd=...		Unknown three-digit code
bssid=000d0bf85370	WLAN-MAC from WLAN-AP
birth=071b		Two bytes Birthdate. First byte is Month (July), second Day (27th)

dls1.nintendowifi.net

This server is not used by Mario Kart Wii. An example of DLS1 usage is Pokémon's Mystery Gifts. Once authenticated via NAS, the game sends the following encoded in base64: 

sdkver=002002
userid=2022983770208
passwd=172
bssid=A1B2C3D4E5F6
apinfo=01:0000000-00
gamecd=CPUE
makercd=01
unitcd=0
macadr=345678901234
lang=01
birth=MMDD
devtime=150813185742
devname=B i l l y   H
action=SVCLOC
svc=9000

where

  • bssid is your Wi-Fi's BSSID,
  • macadr is your MAC address,
  • devname is your name in UTF-16,
  • APInfo is which access point it uses.

The server sends back the following: 

retry=0
returncd=007
token=NDS/SVCLOC/TOKEN/123.456.789.000|abcdefghijkl
servicetoken=NDS/SVCLOC/TOKEN/123.456.789.000|abcdefghijkl
statusdata=Y
svchost=dls2.pokeacer.xyz
datetime=20150813195801

where svchost is the DLS1 server to connect to.

The client then sends a request to /download: 

gamecd=CPUE
rhgamecd=CPUE
passwd=DwuCXmdJfPVLBnKA
token=NDS/SVCLOC/TOKEN/123.456.789.000|abcdefghijkl
userid=2022983770208
macadr=345678901234
action=count
apinfo=01:0000000-00

where action=count means to count how many files are on the server. However, in the case of the Pokémon example, the server must lie and pick either a random one in the folder (what public implementations do) or list the only file in the server (what Nintendo probably did).

The server then responds with how many (in this case one) files are present and then the client sends: 

gamecd=CPUE
rhgamecd=CPUE
passwd=DwuCXmdJfPVLBnKA
token=NDS/SVCLOC/TOKEN/123.456.789.000|abcdefghijkl
userid=2022983770208
macadr=345678901234
action=list
apinfo=01:0000000-00
offset=0
num=10

The response of the server is then the correct filename, some NULL characters and a number.

The game finally sends: 

gamecd=CPUE
rhgamecd=CPUE
passwd=DwuCXmdJfPVLBnKA
token=NDS/SVCLOC/TOKEN/123.456.789.000|abcdefghijkl
userid=2022983770208
macadr=345678901234
action=contents
apinfo=01:0000000-00
contents=21dppUS.myg

to which the server sends the file.

References

  1. https://forum.wii-homebrew.com/index.php/Thread/51192-dev-net-ssl
Network Protocol

Information:
Nintendo's ServersFriend CodeNickDumping Network Traffic

Record Types:
HEADERROOMSELECTUSER
RACEHEADER_1RACEHEADER_2RACEDATAITEMEVENT
NATNEGANNOUNCEQUITSTATUSPARAM-STRING

Wiimmfi Extensions:
Online StatusConnection StatusWiimmfi packetsServer SV

Software:
Wiimms mkw-ana

Retrieved from "https://wiki.tockdom.com/w/index.php?title=Network_Protocol/Server&oldid=394408#dls1.nintendowifi.net"