Wiimms mkw-ana (tool)

The tools mkw-ana is a new project by Wiimm to analyze the network protocol of Mario Kart Wii.

Intention

In November 2012, Wiimm decided to analyze the network protocol of Mario Kart Wii. The main goal was to discover online cheaters. Another goal is to set up his own server if any time Nintendo will shut down its servers.

So the main feature is to dump the packets of a tcpdump (done by tcpdump or wireshark) in a user-friendly format. After first experiments, it becomes also a live racing statistic tool.

The Tool

Built-in Help

Let's start with the built-in help as an overview about the tool:

Usage: mkw-ana [option]... [dumpfile]...

Commands:

  HELP                  Print this help and exit.
  DEVELOP               Special development tests.
  TEST                  Test options.

  D1|DUMP2 [file]...    Dump all or filtered packets (method 'UDP').
  D2|DUMP2 [file]...    Dump all or filtered packets (method 'record').
  D3|DUMP3 [file]...    New variant of DUMP2.
  DX|DUMPX [file]...    Experimental dump of all or filtered packets.
  D|DUMP [file]...      Use the best dumping method by analyzing the options.

  F|FLOWRATES [file]... Print flowrates. Use --brief for final stat only.
  C|CLIENTS [file]...   List all clients.
  U|USERS [file]...     List all users.
  R|RECORDS [file]...   Print all record names.
  S|STAGES [file]...    Print all stages.
  L|LOG [file]...       Print all stages including tables.
  T|TOTALS [file]...    Print all totals as text dump.

  RACE [file]...        Live dump of the race to the screen.

Options:

  -h --help           : Print this help and exit.
  -w --width          : Define terminal width.
  -O --old            : Enable old features and disable --new.
  -N --new            : Enable new features and disable --old.

     --sleep float    : Sleep seconds after race finished.
     --skip  float    : Skip first seconds if each tcpdump.
                        Negative values are relative to the end (not stdin).
     --term  float    : terminate each dump at timestamp (seconds).
                        Negative values are relative to the end (not stdin).
     --combine        : Combine dumps to one for --skip and --term.
  -W --write file     : Write filtered packets as PCAP to the file.
     --home addr      : Define an IP (or name) as home client.

  -p --no-proxy       : Ignore proxy records.
  -r --receive        : Select received packages.
  -s --send           : Select send packages.
  -L --length ranges  : Select only UDP packages with data len.
  -I --index ranges   : Print only bytes of range list.
  -S --stage list     : Select stage types, print only matched records.
  -t --type list      : Select record types, print packet if one record match.
  -T --TYPE list      : Select record types, print only matched records.

  -b --brief          : Suppress header info.
  -l --long           : Extended header info.
     --rel            : Print timestamps as relative seconds.
  -1 --one-line       : Dump one line per record.
                        If set twice, bind race records to one record.
  -a --ascii          : Append ASCII character dump.
  -x --hex-only       : Suppress AI and dump only hex values.
  -f --follow         : Follow last input file like 'tail -f'

     --log  file      : Log into the file. If first char is a '+', append data.
     --md   file      : Create a MakeDoc script with results after each race.
     --mdx  file      : Same as --md, but replace %E, %R, %N and %T in 'file'
                        by 'event id', 'race id', 'total race' and 'event type'.
     --php  file      : Create a php script with results after each race.
     --phpx file      : Same as --php, but replace %E, %R, %N and %T in 'file'
                        by 'event id', 'race id', 'total race' and 'event type'.
     --mii dir        : Command USERS: Extract Miis to existing directory 'dir'.

General Description

???

Dumping Data

Options

Download

I plan to create a distribution of my tool. It will be available for Linux and as Cygwin version in some weeks.

Capture the network data

First you must capture the network traffic of the Wii. Therefore you must redirect it to a PC running a capture software. There are 3 general ways to to this:

• If you have a manageable switch, enable port mirroring and send all Wii traffic to a PC.
• User your PC as router.
• Use old Hubs (not switches). A hub will mirror all traffic of all ports to all others; it's just a repeater and will slow down your network.

Use a software like tcpdump or wireshark to capture the data. Best is to save the captured data directly to a file or to send it to other commands like mkw-ana for a live analysis.

It's also possible to save the data to a file and to make a live analysis at the same time. Use the following command pipe:

tcpdump -w- -U -i eth1 host wii | tee save.dump | mkw-ana ...

If using wireshark, save the dump to a file and use the following command for a live analysis:

mkw-ana --follow DUMPFILE ...

Live Statistics

mkw-ana can scan the network traffic in real time and can produce makedoc or php data files. Together with ssh and an cgi script, a live statistic is created. Live means that the tables are updates 2-5 seconds after the race have finished.

How it works

The whole job is done by 3 processes:

1. First, you must capture the network traffic like described above. Then use one of the commands:

   ... | mkw-ana log --md  DATAFILE
   ... | mkw-ana log --php DATAFILE
   mkw-ana --follow DUMPFILE log --md  DATAFILE
   mkw-ana --follow DUMPFILE log --php DATAFILE
   

2. Each time, a new DATAFILE is written, it must be transferred to the web server. A script using shh, sftp scp or ftp within an endless loop will do this job automatically.
3. Last not least, a CGI or PHP script running at the web server must read the data files to serve a html-page to the visitors.

To see, what live means, visit the live statistics on Wednesday or Thursday between 19:10 and 20:30 CET (Central European Time).

Links

• MKWii Network Protocol
• Discussion at mariokartwii.com